• Marc Zyngier's avatar
    KVM: arm64: Move VTCR_EL2 into struct s2_mmu · fe49fd94
    Marc Zyngier authored
    We currently have a global VTCR_EL2 value for each guest, even
    if the guest uses NV. This implies that the guest's own S2 must
    fit in the host's. This is odd, for multiple reasons:
    
    - the PARange values and the number of IPA bits don't necessarily
      match: you can have 33 bits of IPA space, and yet you can only
      describe 32 or 36 bits of PARange
    
    - When userspace set the IPA space, it creates a contract with the
      kernel saying "this is the IPA space I'm prepared to handle".
      At no point does it constraint the guest's own IPA space as
      long as the guest doesn't try to use a [I]PA outside of the
      IPA space set by userspace
    
    - We don't even try to hide the value of ID_AA64MMFR0_EL1.PARange.
    
    And then there is the consequence of the above: if a guest tries
    to create a S2 that has for input address something that is larger
    than the IPA space defined by the host, we inject a fatal exception.
    
    This is no good. For all intent and purposes, a guest should be
    able to have the S2 it really wants, as long as the *output* address
    of that S2 isn't outside of the IPA space.
    
    For that, we need to have a per-s2_mmu VTCR_EL2 setting, which
    allows us to represent the full PARange. Move the vctr field into
    the s2_mmu structure, which has no impact whatsoever, except for NV.
    
    Note that once we are able to override ID_AA64MMFR0_EL1.PARange
    from userspace, we'll also be able to restrict the size of the
    shadow S2 that NV uses.
    Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
    Link: https://lore.kernel.org/r/20231012205108.3937270-1-maz@kernel.orgSigned-off-by: default avatarOliver Upton <oliver.upton@linux.dev>
    fe49fd94
kvm_mmu.h 9.46 KB