KVM/arm64 has forever used a 40bit default IPA space, partially due to its 32bit heritage (where the only choice is 40bit). However, there are implementations in the wild that have a *cough* much smaller *cough* IPA space, which leads to a misprogramming of VTCR_EL2, and a guest that is stuck on its first memory access if userspace dares to ask for the default IPA setting (which most VMMs do). Instead, cap the default IPA size to what the host can actually do, and spit out a one-off message on the console. The boot warning is turned into a more meaningfull message, and the new behaviour is also documented. Although this is a userspace ABI change, it doesn't really change much for userspace: - the guest couldn't run before this change, while it now has a chance to if the memory range fits the reduced IPA space - a memory slot that was accepted because it did fit the default IPA space but didn't fit the HW constraints is now properly rejected The other thing that's left doing is to convince userspace to actually use the IPA space setting instead of relying on the antiquated default. Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx> --- Documentation/virt/kvm/api.rst | 13 +++++++------ arch/arm64/kvm/reset.c | 12 ++++++++---- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index aed52b0fc16e..80c710035f31 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -158,12 +158,13 @@ flag KVM_VM_MIPS_VZ. On arm64, the physical address size for a VM (IPA Size limit) is limited -to 40bits by default. The limit can be configured if the host supports the -extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use +to 40bits by default, though capped to the host's limit. The VM's own +limit can be configured if the host supports the extension +KVM_CAP_ARM_VM_IPA_SIZE. When supported, use KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine type -identifier, where IPA_Bits is the maximum width of any physical -address used by the VM. The IPA_Bits is encoded in bits[7-0] of the -machine type identifier. +identifier, where IPA_Bits is the maximum width of any physical address +used by the VM. The IPA_Bits is encoded in bits[7-0] of the machine type +identifier. e.g, to configure a guest to use 48bit physical address size:: @@ -172,7 +173,7 @@ e.g, to configure a guest to use 48bit physical address size:: The requested size (IPA_Bits) must be: == ========================================================= - 0 Implies default size, 40bits (for backward compatibility) + 0 Implies default size, 40bits or less (for backward compatibility) N Implies N bits, where N is a positive integer such that, 32 <= N <= Host_IPA_Limit == ========================================================= diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c index 47f3f035f3ea..1f22b36a0eff 100644 --- a/arch/arm64/kvm/reset.c +++ b/arch/arm64/kvm/reset.c @@ -324,10 +324,9 @@ int kvm_set_ipa_limit(void) } kvm_ipa_limit = id_aa64mmfr0_parange_to_phys_shift(parange); - WARN(kvm_ipa_limit < KVM_PHYS_SHIFT, - "KVM IPA Size Limit (%d bits) is smaller than default size\n", - kvm_ipa_limit); - kvm_info("IPA Size Limit: %d bits\n", kvm_ipa_limit); + kvm_info("IPA Size Limit: %d bits%s\n", kvm_ipa_limit, + ((kvm_ipa_limit < KVM_PHYS_SHIFT) ? + " (Reduced IPA size, limited VM compatibility)" : "")); return 0; } @@ -356,6 +355,11 @@ int kvm_arm_setup_stage2(struct kvm *kvm, unsigned long type) return -EINVAL; } else { phys_shift = KVM_PHYS_SHIFT; + if (phys_shift > kvm_ipa_limit) { + pr_warn_once("Userspace using unsupported default IPA limit, capping to %d bits\n", + kvm_ipa_limit); + phys_shift = kvm_ipa_limit; + } } mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); -- 2.30.0