Commit 5bb0aed5 authored Apr 24, 2026 by Quentin Perret Committed by Marc Zyngier Apr 24, 2026

KVM: arm64: Fix initialisation order in __pkvm_init_finalise()



fix_host_ownership() walks the hypervisor's stage-1 page-table to
adjust the host's stage-2 accordingly. Any such adjustment that
requires cache maintenance operations depends on the per-CPU hyp
fixmap being present. However, fix_host_ownership() is currently
called before fix_hyp_pgtable_refcnt() and hyp_create_fixmap(), so
the fixmap does not yet exist when it runs.

This is benign today because the host stage-2 starts empty and no
CMOs are needed, but it becomes a latent crash as soon as
fix_host_ownership() is extended to operate on a non-empty
page-table.

Reorder the calls so that fix_hyp_pgtable_refcnt() and
hyp_create_fixmap() complete before fix_host_ownership() is invoked.

Fixes: 0d16d12e ("KVM: arm64: Fix-up hyp stage-1 refcounts for all pages mapped at EL2")
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20260424084908.370776-7-tabba@google.com


Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org

parent 73b9c1e5

arch/arm64/kvm/hyp/nvhe/setup.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -312,15 +312,15 @@ void __noreturn __pkvm_init_finalise(void)
		};
		pkvm_pgtable.mm_ops = &pkvm_pgtable_mm_ops;

		ret = fix_host_ownership();
		ret = fix_hyp_pgtable_refcnt();
		if (ret)
		goto out;

		ret = fix_hyp_pgtable_refcnt();
		ret = hyp_create_fixmap();
		if (ret)
		goto out;

		ret = hyp_create_fixmap();
		ret = fix_host_ownership();
		if (ret)
		goto out;