arm64 defconfig kernel (4.14.275) no longer boots after FEAT_LPA implementation in TCG

Host environment

  • Operating system: Arch Linux
  • OS/kernel version: Linux thelio-3990X 5.18.0-rc1-llvm #1 SMP PREEMPT_DYNAMIC Mon Apr 4 08:31:11 MST 2022 x86_64 GNU/Linux
  • Architecture: x86_64
  • QEMU flavor: qemu-system-aarch64
  • QEMU version: QEMU emulator version 6.2.92 (v7.0.0-rc2-62-gf53faa70bb)
  • QEMU command line: 
    qemu-system-aarch64 -kernel Image.gz -initrd rootfs.cpio -append "console=ttyAMA0 earlycon" -machine virt -cpu max,lpa2=off -display none -serial mon:stdio

Emulated/Virtualized environment

  • Operating system: Linux (simple rootfs from Buildroot)
  • OS/kernel version: Linux version 4.14.275 (nathan@dev-arch.thelio-3990X) (gcc version 11.2.0 (GCC)) #1 SMP PREEMPT Tue Apr 5 13:25:25 MST 2022
  • Architecture: arm64

Description of problem

I am not really sure if this is a bug or merely a scenario where this is not expected to work. After 7a928f43, the attached Image.gz (ARCH=arm64 defconfig, based on the latest linux-4.14.y) just hangs with no output when using -cpu max (or -cpu max,lpa2=off due to 69b2265d). At 0af312b6, -cpu max works just fine, as shown by the bisect log below.

$ git bisect log
# bad: [99eb313ddbbcf73c1adcdadceba1423b691c6d05] ui/cocoa: Use the standard about panel
# good: [44f28df24767cf9dca1ddc9b23157737c4cbb645] Update version for v6.2.0 release
git bisect start '99eb313ddbbcf73c1adcdadceba1423b691c6d05' 'v6.2.0'
# good: [2fc1b44dd0e7ea9ad5920352fd04179e4d6836d9] target/riscv: rvv-1.0: Allow Zve32f extension to be turned on
git bisect good 2fc1b44dd0e7ea9ad5920352fd04179e4d6836d9
# good: [e64e27d5cb103b7764f1a05b6eda7e7fedd517c5] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread
git bisect good e64e27d5cb103b7764f1a05b6eda7e7fedd517c5
# good: [747ffe28cad7129e1d326d943228fdcbe109530d] pnv/xive2: Add support XIVE2 P9-compat mode (or Gen1)
git bisect good 747ffe28cad7129e1d326d943228fdcbe109530d
# bad: [4377683df969e715e3cb2dbd258e44f9ff51f788] edid: Fix clock of Detailed Timing Descriptor
git bisect bad 4377683df969e715e3cb2dbd258e44f9ff51f788
# good: [755e8d7cb6ce2ba62d282ffbb367de391fe0cc3d] migration: Move static var in ram_block_from_stream() into global
git bisect good 755e8d7cb6ce2ba62d282ffbb367de391fe0cc3d
# bad: [6629bf78aac7e53f83fd0bcbdbe322e2302dfd1f] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20220302' into staging
git bisect bad 6629bf78aac7e53f83fd0bcbdbe322e2302dfd1f
# good: [0af312b6edd231e1c8d0dec12494a80bc39ac761] target/arm: Implement FEAT_LVA
git bisect good 0af312b6edd231e1c8d0dec12494a80bc39ac761
# bad: [dc8bc9d6574aa563ed2fcc0ff495e77a2a2a8faa] target/arm: Report KVM's actual PSCI version to guest in dtb
git bisect bad dc8bc9d6574aa563ed2fcc0ff495e77a2a2a8faa
# bad: [d976de218c534735e307fc4a6c03e3ae764fd419] target/arm: Fix TLBIRange.base for 16k and 64k pages
git bisect bad d976de218c534735e307fc4a6c03e3ae764fd419
# bad: [13e481c9335582fc7eed12e24e8d4d7068b24ff8] target/arm: Extend arm_fi_to_lfsc to level -1
git bisect bad 13e481c9335582fc7eed12e24e8d4d7068b24ff8
# bad: [7a928f43d8724bdf0777d7fc67a5ad973a0bf4bf] target/arm: Implement FEAT_LPA
git bisect bad 7a928f43d8724bdf0777d7fc67a5ad973a0bf4bf
# first bad commit: [7a928f43d8724bdf0777d7fc67a5ad973a0bf4bf] target/arm: Implement FEAT_LPA

A 4.19.237 kernel boots right up with -cpu max/-cpu max,lpa2=off. Is this expected behavior given the age of the kernel or is there something else going on here? If this is expected, should we be using something like -cpu cortex-a72 for these older kernels?

Steps to reproduce

Run the above command with the attached Image.gz and rootfs.cpio.

Additional information

Image.gz rootfs.cpio

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information