Commit 4c2264ec authored by Zenghui Yu (Huawei)'s avatar Zenghui Yu (Huawei) Committed by Marc Zyngier
Browse files

KVM: arm64: nv: Check S2 limits based on implemented PA size 



check_base_s2_limits() checks the validity of SL0 and inputsize against
ia_size (inputsize again!) but the pseudocode from DDI0487 G.a
AArch64.TranslationTableWalk() says that we should check against the
implemented PA size.

We would otherwise fail to walk S2 with a valid configuration. E.g.,
granule size = 4KB, inputsize = 40 bits, initial lookup level = 0 (no
concatenation) on a system with 48 bits PA range supported is allowed by
architecture.

Fix it by obtaining PA size by kvm_get_pa_bits(). Note that
kvm_get_pa_bits() returns the fixed limit now and should eventually reflect
the per VM PARange (one day!). Given that the configured PARange should not
be greater that kvm_ipa_limit, it at least fixes the problem described
above.

While at it, inject a level 0 translation fault to guest if
check_base_s2_limits() fails, as per the pseudocode.

Fixes: 61e30b9e ("KVM: arm64: nv: Implement nested Stage-2 page table walk logic")
Signed-off-by: default avatarZenghui Yu (Huawei) <zenghui.yu@linux.dev>
Link: https://patch.msgid.link/20260225173515.20490-2-zenghui.yu@linux.dev


Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
parent 8531d5a8

arch/arm64/kvm/nested.c

+11 −9
Original line number Diff line number Diff line
@@ -152,31 +152,31 @@ static int get_ia_size(struct s2_walk_info *wi) 
	return 64 - wi->t0sz;

}



static int check_base_s2_limits(struct s2_walk_info *wi,

static int check_base_s2_limits(struct kvm_vcpu *vcpu, struct s2_walk_info *wi,

				int level, int input_size, int stride)

{

	int start_size, ia_size;

	int start_size, pa_max;



	ia_size = get_ia_size(wi);

	pa_max = kvm_get_pa_bits(vcpu->kvm);



	/* Check translation limits */

	switch (BIT(wi->pgshift)) {

	case SZ_64K:

		if (level == 0 || (level == 1 && ia_size <= 42))

		if (level == 0 || (level == 1 && pa_max <= 42))

			return -EFAULT;

		break;

	case SZ_16K:

		if (level == 0 || (level == 1 && ia_size <= 40))

		if (level == 0 || (level == 1 && pa_max <= 40))

			return -EFAULT;

		break;

	case SZ_4K:

		if (level < 0 || (level == 0 && ia_size <= 42))

		if (level < 0 || (level == 0 && pa_max <= 42))

			return -EFAULT;

		break;

	}



	/* Check input size limits */

	if (input_size > ia_size)

	if (input_size > pa_max)

		return -EFAULT;



	/* Check number of entries in starting level table */
@@ -269,9 +269,11 @@ static int walk_nested_s2_pgd(struct kvm_vcpu *vcpu, phys_addr_t ipa, 
	if (input_size > 48 || input_size < 25)

		return -EFAULT;



	ret = check_base_s2_limits(wi, level, input_size, stride);

	if (WARN_ON(ret))

	ret = check_base_s2_limits(vcpu, wi, level, input_size, stride);

	if (WARN_ON(ret)) {

		out->esr = compute_fsc(0, ESR_ELx_FSC_FAULT);

		return ret;

	}



	base_lower_bound = 3 + input_size - ((3 - level) * stride +

			   wi->pgshift);