KVM: arm64: nv: Check S2 limits based on implemented PA size

check_base_s2_limits() checks the validity of SL0 and inputsize against
ia_size (inputsize again!) but the pseudocode from DDI0487 G.a
AArch64.TranslationTableWalk() says that we should check against the
implemented PA size.

We would otherwise fail to walk S2 with a valid configuration. E.g.,
granule size = 4KB, inputsize = 40 bits, initial lookup level = 0 (no
concatenation) on a system with 48 bits PA range supported is allowed by
architecture.

Fix it by obtaining PA size by kvm_get_pa_bits(). Note that
kvm_get_pa_bits() returns the fixed limit now and should eventually reflect
the per VM PARange (one day!). Given that the configured PARange should not
be greater that kvm_ipa_limit, it at least fixes the problem described
above.

While at it, inject a level 0 translation fault to guest if
check_base_s2_limits() fails, as per the pseudocode.

Fixes: 61e30b9eef7f ("KVM: arm64: nv: Implement nested Stage-2 page table walk logic")
Signed-off-by: Zenghui Yu (Huawei) <zenghui.yu@linux.dev>
Link: https://patch.msgid.link/20260225173515.20490-2-zenghui.yu@linux.dev
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
index 12c9f6e8dfdab81c541e8f5542234d2ef197fb33..9da28814b64603695ce1c5b1c91fac4c52c95981 100644 (file)
--- a/arch/arm64/kvm/nested.c
+++ b/arch/arm64/kvm/nested.c
@@ -152,31 +152,31 @@ static int get_ia_size(struct s2_walk_info *wi)
        return 64 - wi->t0sz;
 }
 
-static int check_base_s2_limits(struct s2_walk_info *wi,
+static int check_base_s2_limits(struct kvm_vcpu *vcpu, struct s2_walk_info *wi,
                                int level, int input_size, int stride)
 {
-       int start_size, ia_size;
+       int start_size, pa_max;
 
-       ia_size = get_ia_size(wi);
+       pa_max = kvm_get_pa_bits(vcpu->kvm);
 
        /* Check translation limits */
        switch (BIT(wi->pgshift)) {
        case SZ_64K:
-               if (level == 0 || (level == 1 && ia_size <= 42))
+               if (level == 0 || (level == 1 && pa_max <= 42))
                        return -EFAULT;
                break;
        case SZ_16K:
-               if (level == 0 || (level == 1 && ia_size <= 40))
+               if (level == 0 || (level == 1 && pa_max <= 40))
                        return -EFAULT;
                break;
        case SZ_4K:
-               if (level < 0 || (level == 0 && ia_size <= 42))
+               if (level < 0 || (level == 0 && pa_max <= 42))
                        return -EFAULT;
                break;
        }
 
        /* Check input size limits */
-       if (input_size > ia_size)
+       if (input_size > pa_max)
                return -EFAULT;
 
        /* Check number of entries in starting level table */
@@ -269,9 +269,11 @@ static int walk_nested_s2_pgd(struct kvm_vcpu *vcpu, phys_addr_t ipa,
        if (input_size > 48 || input_size < 25)
                return -EFAULT;
 
-       ret = check_base_s2_limits(wi, level, input_size, stride);
-       if (WARN_ON(ret))
+       ret = check_base_s2_limits(vcpu, wi, level, input_size, stride);
+       if (WARN_ON(ret)) {
+               out->esr = compute_fsc(0, ESR_ELx_FSC_FAULT);
                return ret;
+       }
 
        base_lower_bound = 3 + input_size - ((3 - level) * stride +
                           wi->pgshift);