Commit b6ed4fa9 authored by Fuad Tabba's avatar Fuad Tabba Committed by Marc Zyngier
Browse files

KVM: arm64: Introduce and use predicates that check for protected VMs 



In order to determine whether or not a VM or vcpu are protected,
introduce helpers to query this state. While at it, use the vcpu
helper to check vcpus protected state instead of the kvm one.

Co-authored-by: default avatarMarc Zyngier <maz@kernel.org>
Signed-off-by: default avatarFuad Tabba <tabba@google.com>
Acked-by: default avatarOliver Upton <oliver.upton@linux.dev>
Link: https://lore.kernel.org/r/20240423150538.2103045-19-tabba@google.com


Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
parent d81a91af

arch/arm64/include/asm/kvm_host.h

+4 −4
Original line number Diff line number Diff line
@@ -211,6 +211,7 @@ typedef unsigned int pkvm_handle_t; 
struct kvm_protected_vm {

	pkvm_handle_t handle;

	struct kvm_hyp_memcache teardown_mc;

	bool enabled;

};



struct kvm_mpidr_data {
@@ -1295,10 +1296,9 @@ struct kvm *kvm_arch_alloc_vm(void); 


#define __KVM_HAVE_ARCH_FLUSH_REMOTE_TLBS_RANGE



static inline bool kvm_vm_is_protected(struct kvm *kvm)

{

	return false;

}

#define kvm_vm_is_protected(kvm)	(is_protected_kvm_enabled() && (kvm)->arch.pkvm.enabled)



#define vcpu_is_protected(vcpu)		kvm_vm_is_protected((vcpu)->kvm)



int kvm_arm_vcpu_finalize(struct kvm_vcpu *vcpu, int feature);

bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu);

arch/arm64/kvm/hyp/include/nvhe/pkvm.h

+5 −0
Original line number Diff line number Diff line
@@ -53,6 +53,11 @@ pkvm_hyp_vcpu_to_hyp_vm(struct pkvm_hyp_vcpu *hyp_vcpu) 
	return container_of(hyp_vcpu->vcpu.kvm, struct pkvm_hyp_vm, kvm);

}



static inline bool pkvm_hyp_vcpu_is_protected(struct pkvm_hyp_vcpu *hyp_vcpu)

{

	return vcpu_is_protected(&hyp_vcpu->vcpu);

}



void pkvm_hyp_vm_table_init(void *tbl);

void pkvm_host_fpsimd_state_init(void);

arch/arm64/kvm/hyp/nvhe/switch.c

+2 −4
Original line number Diff line number Diff line
@@ -209,7 +209,7 @@ static const exit_handler_fn pvm_exit_handlers[] = { 


static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm_vcpu *vcpu)

{

	if (unlikely(kvm_vm_is_protected(kern_hyp_va(vcpu->kvm))))

	if (unlikely(vcpu_is_protected(vcpu)))

		return pvm_exit_handlers;



	return hyp_exit_handlers;
@@ -228,9 +228,7 @@ static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm_vcpu *vcpu) 
 */

static void early_exit_filter(struct kvm_vcpu *vcpu, u64 *exit_code)

{

	struct kvm *kvm = kern_hyp_va(vcpu->kvm);



	if (kvm_vm_is_protected(kvm) && vcpu_mode_is_32bit(vcpu)) {

	if (unlikely(vcpu_is_protected(vcpu) && vcpu_mode_is_32bit(vcpu))) {

		/*

		 * As we have caught the guest red-handed, decide that it isn't

		 * fit for purpose anymore by making the vcpu invalid. The VMM