KVM: arm64: selftests: Disable unused TTBR1_EL1 translations

KVM selftests map all guest code and data into the lower virtual address
range (0x0000...) managed by TTBR0_EL1. The upper range (0xFFFF...)
managed by TTBR1_EL1 is unused and uninitialized.

If a guest accesses the upper range, the MMU attempts a translation
table walk using uninitialized registers, leading to unpredictable
behavior.

Set `TCR_EL1.EPD1` to disable translation table walks for TTBR1_EL1,
ensuring that any access to the upper range generates an immediate
Translation Fault. Additionally, set `TCR_EL1.TBI1` (Top Byte Ignore) to
ensure that tagged pointers in the upper range also deterministically
trigger a Translation Fault via EPD1.

Define `TCR_EPD1_MASK`, `TCR_EPD1_SHIFT`, and `TCR_TBI1` in
`processor.h` to support this configuration. These are based on their
definitions in `arch/arm64/include/asm/pgtable-hwdef.h`.

Suggested-by: Will Deacon <will@kernel.org>
Reviewed-by: Itaru Kitayama <itaru.kitayama@fujitsu.com>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20260109082218.3236580-2-tabba@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/tools/testing/selftests/kvm/include/arm64/processor.h b/tools/testing/selftests/kvm/include/arm64/processor.h
index ff928716574df9d7593f32816a354d4c579b4ef7..ac97a1c436fc490e36faba08215c7998811a1327 100644 (file)
--- a/tools/testing/selftests/kvm/include/arm64/processor.h
+++ b/tools/testing/selftests/kvm/include/arm64/processor.h
@@ -90,6 +90,9 @@
 #define TCR_TG0_64K            (UL(1) << TCR_TG0_SHIFT)
 #define TCR_TG0_16K            (UL(2) << TCR_TG0_SHIFT)
 
+#define TCR_EPD1_SHIFT         23
+#define TCR_EPD1_MASK          (UL(1) << TCR_EPD1_SHIFT)
+
 #define TCR_IPS_SHIFT          32
 #define TCR_IPS_MASK           (UL(7) << TCR_IPS_SHIFT)
 #define TCR_IPS_52_BITS        (UL(6) << TCR_IPS_SHIFT)
@@ -97,6 +100,7 @@
 #define TCR_IPS_40_BITS        (UL(2) << TCR_IPS_SHIFT)
 #define TCR_IPS_36_BITS        (UL(1) << TCR_IPS_SHIFT)
 
+#define TCR_TBI1               (UL(1) << 38)
 #define TCR_HA                 (UL(1) << 39)
 #define TCR_DS                 (UL(1) << 59)
 

diff --git a/tools/testing/selftests/kvm/lib/arm64/processor.c b/tools/testing/selftests/kvm/lib/arm64/processor.c
index d46e4b13b92ceffd278c54fc94ac169f40abe2f8..5b379da8cb902b707262b9c51a4ecf0cd409be7f 100644 (file)
--- a/tools/testing/selftests/kvm/lib/arm64/processor.c
+++ b/tools/testing/selftests/kvm/lib/arm64/processor.c
@@ -384,6 +384,8 @@ void aarch64_vcpu_setup(struct kvm_vcpu *vcpu, struct kvm_vcpu_init *init)
 
        tcr_el1 |= TCR_IRGN0_WBWA | TCR_ORGN0_WBWA | TCR_SH0_INNER;
        tcr_el1 |= TCR_T0SZ(vm->va_bits);
+       tcr_el1 |= TCR_TBI1;
+       tcr_el1 |= TCR_EPD1_MASK;
        if (use_lpa2_pte_format(vm))
                tcr_el1 |= TCR_DS;