KVM: arm64: Add PKVM_DISABLE_STAGE2_ON_PANIC

	  If unsure, say N.

if KVM

config PTDUMP_STAGE2_DEBUGFS

	bool "Present the stage-2 pagetables to debugfs"

	depends on DEBUG_KERNEL

	depends on DEBUG_FS

	depends on ARCH_HAS_PTDUMP

	select PTDUMP

	default n

	help

	  Say Y here if you want to show the stage-2 kernel pagetables

	  layout in a debugfs file. This information is only useful for kernel developers

	  who are working in architecture specific areas of the kernel.

	  It is probably not a good idea to enable this feature in a production

	  kernel.

	  If in doubt, say N.

config NVHE_EL2_DEBUG

	bool "Debug mode for non-VHE EL2 object"

	depends on KVM

	default n

	help

	  Say Y here to enable the debug mode for the non-VHE KVM EL2 object.

	  Failure reports will BUG() in the hypervisor. This is intended for

	  If unsure, say N.

config PROTECTED_NVHE_STACKTRACE

	bool "Protected KVM hypervisor stacktraces"

	depends on NVHE_EL2_DEBUG

if NVHE_EL2_DEBUG

config PKVM_DISABLE_STAGE2_ON_PANIC

	bool "Disable the host stage-2 on panic"

	default n

	help

	  Relax the host stage-2 on hypervisor panic to allow the kernel to

	  unwind and symbolize the hypervisor stacktrace. This however tampers

	  the system security. This is intended for local EL2 hypervisor

	  development.

	  If unsure, say N.

config PKVM_STACKTRACE

	bool "Protected KVM hypervisor stacktraces"

	depends on PKVM_DISABLE_STAGE2_ON_PANIC

	default y

	help

	  Say Y here to enable pKVM hypervisor stacktraces on hyp_panic()

	  If unsure, or not using protected nVHE (pKVM), say N.

config PTDUMP_STAGE2_DEBUGFS

	bool "Present the stage-2 pagetables to debugfs"

	depends on KVM

	depends on DEBUG_KERNEL

	depends on DEBUG_FS

	depends on ARCH_HAS_PTDUMP

	select PTDUMP

	default n

	help

	  Say Y here if you want to show the stage-2 kernel pagetables

	  layout in a debugfs file. This information is only useful for kernel developers

	  who are working in architecture specific areas of the kernel.

	  It is probably not a good idea to enable this feature in a production

	  kernel.

	  If in doubt, say N.

endif # NVHE_EL2_DEBUG

endif # KVM

endif # VIRTUALIZATION

		/* All hyp bugs, including warnings, are treated as fatal. */

		if (!is_protected_kvm_enabled() ||

		    IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {

		    IS_ENABLED(CONFIG_PKVM_DISABLE_STAGE2_ON_PANIC)) {

			struct bug_entry *bug = find_bug(elr_in_kimg);

			if (bug)

	mov	x29, x0

#ifdef CONFIG_NVHE_EL2_DEBUG

#ifdef PKVM_DISABLE_STAGE2_ON_PANIC

	/* Ensure host stage-2 is disabled */

	mrs	x0, hcr_el2

	bic	x0, x0, #HCR_VM

	stacktrace_info->pc = pc;

}

#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE

#ifdef CONFIG_PKVM_STACKTRACE

#include <asm/stacktrace/nvhe.h>

DEFINE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)], pkvm_stacktrace);

	unwind(&state, pkvm_save_backtrace_entry, &idx);

}

#else /* !CONFIG_PROTECTED_NVHE_STACKTRACE */

#else /* !CONFIG_PKVM_STACKTRACE */

static void pkvm_save_backtrace(unsigned long fp, unsigned long pc)

{

}

#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */

#endif /* CONFIG_PKVM_STACKTRACE */

/*

 * kvm_nvhe_prepare_backtrace - prepare to dump the nVHE backtrace

	kvm_nvhe_dump_backtrace_end();

}

#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE

#ifdef CONFIG_PKVM_STACKTRACE

DECLARE_KVM_NVHE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)],

			 pkvm_stacktrace);

		kvm_nvhe_dump_backtrace_entry((void *)hyp_offset, stacktrace[i]);

	kvm_nvhe_dump_backtrace_end();

}

#else	/* !CONFIG_PROTECTED_NVHE_STACKTRACE */

#else	/* !CONFIG_PKVM_STACKTRACE */

static void pkvm_dump_backtrace(unsigned long hyp_offset)

{

	kvm_err("Cannot dump pKVM nVHE stacktrace: !CONFIG_PROTECTED_NVHE_STACKTRACE\n");

	kvm_err("Cannot dump pKVM nVHE stacktrace: !CONFIG_PKVM_STACKTRACE\n");

}

#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */

#endif /* CONFIG_PKVM_STACKTRACE */

/*

 * kvm_nvhe_dump_backtrace - Dump KVM nVHE hypervisor backtrace.