arm64: kvm: Fix IDMAP overlap with HYP VA

Booting 5.4 on LX2160A reveals that KVM is non-functional:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP intersecting with HYP VA, unable to continue
kvm [1]: error initializing Hyp mode: -22

Debugging shows:

kvm [1]: IDMAP page: 81a26000
kvm [1]: HYP VA range: 0:22ffffffff

as RAM is located at:

80000000-fbdfffff : System RAM
2080000000-237fffffff : System RAM

Comparing this with the same kernel on Armada 8040 shows:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 2a26000
kvm [1]: HYP VA range: 4800000000:493fffffff
...
kvm [1]: Hyp mode initialized successfully

which indicates that hyp_va_msb is set, and is always set to the
opposite value of the idmap page to avoid the overlap. This does not
happen with the LX2160A.

Further debugging shows vabits_actual = 39, kva_msb = 38 on LX2160A and
kva_msb = 33 on Armada 8040. Looking at the bit layout of the HYP VA,
there is still one bit available for hyp_va_msb. Set this bit
appropriately. This allows KVM to be functional on the LX2160A, but
without any HYP VA randomisation:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 81a24000
kvm [1]: HYP VA range: 4000000000:62ffffffff
...
kvm [1]: Hyp mode initialized successfully

Fixes: ed57cac83e05 ("arm64: KVM: Introduce EL2 VA randomisation")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
[maz: small additional cleanups, preserved case where the tag
 is legitimately 0 and we can just use the mask, Fixes tag]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/E1ilAiY-0000MA-RG@rmk-PC.armlinux.org.uk

diff --git a/arch/arm64/kvm/va_layout.c b/arch/arm64/kvm/va_layout.c
index dab1fea4752aaf3837649d03e16a3cfaf1f91e8e..a4f48c1ac28c09d4d91d188a90fa86dec4675457 100644 (file)
--- a/arch/arm64/kvm/va_layout.c
+++ b/arch/arm64/kvm/va_layout.c
@@ -13,52 +13,46 @@
 #include <asm/kvm_mmu.h>
 
 /*
- * The LSB of the random hyp VA tag or 0 if no randomization is used.
+ * The LSB of the HYP VA tag
  */
 static u8 tag_lsb;
 /*
- * The random hyp VA tag value with the region bit if hyp randomization is used
+ * The HYP VA tag value with the region bit
  */
 static u64 tag_val;
 static u64 va_mask;
 
+/*
+ * We want to generate a hyp VA with the following format (with V ==
+ * vabits_actual):
+ *
+ *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0
+ *  ---------------------------------------------------------
+ * | 0000000 | hyp_va_msb |   random tag   |  kern linear VA |
+ *           |--------- tag_val -----------|----- va_mask ---|
+ *
+ * which does not conflict with the idmap regions.
+ */
 __init void kvm_compute_layout(void)
 {
        phys_addr_t idmap_addr = __pa_symbol(__hyp_idmap_text_start);
        u64 hyp_va_msb;
-       int kva_msb;
 
        /* Where is my RAM region? */
        hyp_va_msb  = idmap_addr & BIT(vabits_actual - 1);
        hyp_va_msb ^= BIT(vabits_actual - 1);
 
-       kva_msb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^
+       tag_lsb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^
                        (u64)(high_memory - 1));
 
-       if (kva_msb == (vabits_actual - 1)) {
-               /*
-                * No space in the address, let's compute the mask so
-                * that it covers (vabits_actual - 1) bits, and the region
-                * bit. The tag stays set to zero.
-                */
-               va_mask  = BIT(vabits_actual - 1) - 1;
-               va_mask |= hyp_va_msb;
-       } else {
-               /*
-                * We do have some free bits to insert a random tag.
-                * Hyp VAs are now created from kernel linear map VAs
-                * using the following formula (with V == vabits_actual):
-                *
-                *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0
-                *  ---------------------------------------------------------
-                * | 0000000 | hyp_va_msb |    random tag  |  kern linear VA |
-                */
-               tag_lsb = kva_msb;
-               va_mask = GENMASK_ULL(tag_lsb - 1, 0);
-               tag_val = get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);
-               tag_val |= hyp_va_msb;
-               tag_val >>= tag_lsb;
+       va_mask = GENMASK_ULL(tag_lsb - 1, 0);
+       tag_val = hyp_va_msb;
+
+       if (tag_lsb != (vabits_actual - 1)) {
+               /* We have some free bits to insert a random tag. */
+               tag_val |= get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);
        }
+       tag_val >>= tag_lsb;
 }
 
 static u32 compute_instruction(int n, u32 rd, u32 rn)
@@ -117,11 +111,11 @@ void __init kvm_update_va_mask(struct alt_instr *alt,
                 * VHE doesn't need any address translation, let's NOP
                 * everything.
                 *
-                * Alternatively, if we don't have any spare bits in
-                * the address, NOP everything after masking that
-                * kernel VA.
+                * Alternatively, if the tag is zero (because the layout
+                * dictates it and we don't have any spare bits in the
+                * address), NOP everything after masking the kernel VA.
                 */
-               if (has_vhe() || (!tag_lsb && i > 0)) {
+               if (has_vhe() || (!tag_val && i > 0)) {
                        updptr[i] = cpu_to_le32(aarch64_insn_gen_nop());
                        continue;
                }