From 678ff6c4cb6a5d2e7e808e9026443a910ddb0975 Mon Sep 17 00:00:00 2001
From: David Brazdil <dbrazdil@google.com>
Date: Thu, 24 Feb 2022 14:46:16 +0000
Subject: [PATCH] ANDROID: KVM: arm64: Fix host MMIO DABT handler IPA

The data abort fault IPA obtained from HFAR_EL2 has the bottom 12 bits
zeroed out. This broke the host MMIO DABT handler because the offsets
of accessed MMIO registers were rounded down to the nearest page.

Include FAR_EL2 in the address to fix the issue.

Bug: 220194478
Change-Id: I6473e2dfbe189c58c15c0e5647d695d07f88c5e0
Signed-off-by: David Brazdil <dbrazdil@google.com>
(cherry picked from commit 346987baf5d756ddfabebd7fa44b9bf8103f2ea0)
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index c6f40dfc63ef..b1a02b996526 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -726,6 +726,7 @@ void handle_host_mem_abort(struct kvm_cpu_context *host_ctxt)
 	BUG_ON(!__get_fault_info(esr, &fault));
 
 	addr = (fault.hpfar_el2 & HPFAR_MASK) << 8;
+	addr |= fault.far_el2 & FAR_MASK;
 
 	/* See if any subsystem can handle this abort. */
 	if (is_dabt(esr) && !addr_is_memory(addr))