[PATCH] KVM: arm64: Cap default IPA size to the host's own size
Marc Zyngier
maz at kernel.org
Mon Mar 8 17:46:43 GMT 2021
KVM/arm64 has forever used a 40bit default IPA space, partially
due to its 32bit heritage (where the only choice is 40bit).
However, there are implementations in the wild that have a *cough*
much smaller *cough* IPA space, which leads to a misprogramming of
VTCR_EL2, and a guest that is stuck on its first memory access
if userspace dares to ask for the default IPA setting (which most
VMMs do).
Instead, cap the default IPA size to what the host can actually
do, and spit out a one-off message on the console. The boot warning
is turned into a more meaningfull message, and the new behaviour
is also documented.
Although this is a userspace ABI change, it doesn't really change
much for userspace:
- the guest couldn't run before this change, while it now has
a chance to if the memory range fits the reduced IPA space
- a memory slot that was accepted because it did fit the default
IPA space but didn't fit the HW constraints is now properly
rejected
The other thing that's left doing is to convince userspace to
actually use the IPA space setting instead of relying on the
antiquated default.
Signed-off-by: Marc Zyngier <maz at kernel.org>
---
Documentation/virt/kvm/api.rst | 13 +++++++------
arch/arm64/kvm/reset.c | 12 ++++++++----
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index aed52b0fc16e..80c710035f31 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -158,12 +158,13 @@ flag KVM_VM_MIPS_VZ.
On arm64, the physical address size for a VM (IPA Size limit) is limited
-to 40bits by default. The limit can be configured if the host supports the
-extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use
+to 40bits by default, though capped to the host's limit. The VM's own
+limit can be configured if the host supports the extension
+KVM_CAP_ARM_VM_IPA_SIZE. When supported, use
KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine type
-identifier, where IPA_Bits is the maximum width of any physical
-address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
-machine type identifier.
+identifier, where IPA_Bits is the maximum width of any physical address
+used by the VM. The IPA_Bits is encoded in bits[7-0] of the machine type
+identifier.
e.g, to configure a guest to use 48bit physical address size::
@@ -172,7 +173,7 @@ e.g, to configure a guest to use 48bit physical address size::
The requested size (IPA_Bits) must be:
== =========================================================
- 0 Implies default size, 40bits (for backward compatibility)
+ 0 Implies default size, 40bits or less (for backward compatibility)
N Implies N bits, where N is a positive integer such that,
32 <= N <= Host_IPA_Limit
== =========================================================
diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
index 47f3f035f3ea..1f22b36a0eff 100644
--- a/arch/arm64/kvm/reset.c
+++ b/arch/arm64/kvm/reset.c
@@ -324,10 +324,9 @@ int kvm_set_ipa_limit(void)
}
kvm_ipa_limit = id_aa64mmfr0_parange_to_phys_shift(parange);
- WARN(kvm_ipa_limit < KVM_PHYS_SHIFT,
- "KVM IPA Size Limit (%d bits) is smaller than default size\n",
- kvm_ipa_limit);
- kvm_info("IPA Size Limit: %d bits\n", kvm_ipa_limit);
+ kvm_info("IPA Size Limit: %d bits%s\n", kvm_ipa_limit,
+ ((kvm_ipa_limit < KVM_PHYS_SHIFT) ?
+ " (Reduced IPA size, limited VM compatibility)" : ""));
return 0;
}
@@ -356,6 +355,11 @@ int kvm_arm_setup_stage2(struct kvm *kvm, unsigned long type)
return -EINVAL;
} else {
phys_shift = KVM_PHYS_SHIFT;
+ if (phys_shift > kvm_ipa_limit) {
+ pr_warn_once("Userspace using unsupported default IPA limit, capping to %d bits\n",
+ kvm_ipa_limit);
+ phys_shift = kvm_ipa_limit;
+ }
}
mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1);
--
2.30.0
More information about the linux-arm-kernel
mailing list