ANDROID: KVM: arm64: NVHE_EL2_DEBUG to PKVM_DEBUG menuconfig

Now all pKVM debug features have been separated into config options, create a top menu PKVM_DEBUG that enables all the safe features when turned on. Bug: 357781595 Change-Id: I375d5e3d5bb2a78664bf94a599e8e7651f010784 Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
2025-02-21 15:16:19 +00:00
parent 58ca789e21
commit 3b1d8cc5a2
1 changed files with 76 additions and 74 deletions
--- a/arch/arm64/kvm/Kconfig
+++ b/arch/arm64/kvm/Kconfig
@@ -43,71 +43,10 @@ menuconfig KVM

 	  If unsure, say N.

-config NVHE_EL2_DEBUG
-	bool "Debug mode for non-VHE EL2 object"
-	depends on KVM
-	select PKVM_SELFTESTS
-	help
-	  Say Y here to enable the debug mode for the non-VHE KVM EL2 object.
-	  Failure reports will BUG() in the hypervisor. This is intended for
-	  local EL2 hypervisor development.
-
-	  If unsure, say N.
-
-config PKVM_STRICT_CHECKS
-	bool "Additional checks in the Protected KVM hypervisor"
-	depends on NVHE_EL2_DEBUG
-	help
-	  Say Y here to add more checks into the Protected KVM hypervisor.
-          Those checks have a slight performance cost and will BUG() on a
-          failure. This is intended for EL2 hypervisor development.
-
-config PKVM_SELFTESTS
-	bool "Protected KVM hypervisor selftests"
-	help
-	  Say Y here to enable Protected KVM (pKVM) hypervisor selftests
-	  during boot. Failure reports will panic the hypervisor. This is
-	  intended for EL2 hypervisor development.
-
-	  If unsure, say N.
-
-config PKVM_DUMP_TRACE_ON_PANIC
-	bool "Dump Protected KVM hypervisor trace buffer on panic"
-	help
-	   Say Y here to dump the content of the pKVM hypervisor on either
-           hypervisor or host panic. In the case of a hyp panic, only the tail
-           page is dumped. It only has an effect if the command line option
-           hyp_trace_printk is set.
-
-config PKVM_STACKTRACE
-	bool "Protected KVM hypervisor stacktraces"
-	depends on NVHE_EL2_DEBUG
-	default n
-	help
-	  Say Y here to enable pKVM hypervisor stacktraces on hyp_panic()
-
-	  If using protected nVHE mode, but cannot afford the associated
-	  memory cost (less than 0.75 page per CPU) of pKVM stacktraces,
-	  say N.
-
-	  If unsure, or not using protected nVHE (pKVM), say N.
-
-config PKVM_DISABLE_STAGE2_ON_PANIC
-	bool "Disable the host stage-2 on panic"
-	default n
-	depends on NVHE_EL2_DEBUG
-	help
-	  If panic occurs while the host lock is held and if, plagued by bad
-	  luck the panic path triggers a host stage-2 memory abort, a lockup
-	  would happen. The only way out is to disable the stage-2 page-table.
-	  This however tamper the system security. This option should therefore
-	  solely be enabled to debug specific issues.
-
-	  Just say N.
+if KVM

 config PTDUMP_STAGE2_DEBUGFS
 	bool "Present the stage-2 pagetables to debugfs"
-	depends on KVM
 	depends on DEBUG_KERNEL
 	depends on DEBUG_FS
 	depends on GENERIC_PTDUMP
@@ -122,18 +61,6 @@ config PTDUMP_STAGE2_DEBUGFS

 	  If in doubt, say N.

-config PKVM_FTRACE
-	bool "Protected KVM hypervisor function tracing"
-	depends on KVM
-	depends on TRACING
-	default n
-	help
-	  Say Y here to enable func and func_ret hypervisor tracing events.
-	  Those events are raised whenever the hypervisor branch to a
-	  function.
-
-	  If unsure, Say N.
-
 config PKVM_MODULE_PATH
 	string "Path to pKVM modules"
 	default ""
@@ -141,4 +68,79 @@ config PKVM_MODULE_PATH
 	  Directory where the pKVM modules are found. If empty, the modules
 	  will be searched into the default path /lib/modules/<uname>.

+menuconfig PKVM_DEBUG
+	bool "Debug mode for Protected KVM hypervisor"
+	help
+	  Say Y here to enable the debug mode for the Protected KVM (pKVM)
+	  hypervisor. Failure reports will BUG() in the hypervisor. This is
+	  intended for local EL2 hypervisor development.
+
+	  If unsure, say N.
+
+if PKVM_DEBUG
+
+config PKVM_STRICT_CHECKS
+	bool "Additional checks in the Protected KVM hypervisor"
+	default y
+	help
+	  Say Y here to add more checks into the Protected KVM hypervisor.
+          Those checks have a slight performance cost and will BUG() on a
+          failure. This is intended for EL2 hypervisor development.
+
+config PKVM_SELFTESTS
+	bool "Protected KVM hypervisor selftests"
+	default y
+	help
+	  Say Y here to enable Protected KVM (pKVM) hypervisor selftests
+	  during boot. Failure reports will panic the hypervisor. This is
+	  intended for EL2 hypervisor development.
+
+	  If unsure, say N.
+
+config PKVM_DUMP_TRACE_ON_PANIC
+	bool "Dump Protected KVM hypervisor trace buffer on panic"
+	default y
+	help
+	   Say Y here to dump the content of the pKVM hypervisor on either
+           hypervisor or host panic. In the case of a hyp panic, only the tail
+           page is dumped. It only has an effect if the command line option
+           hyp_trace_printk is set.
+
+config PKVM_FTRACE
+	bool "Protected KVM hypervisor function tracing"
+	depends on FTRACE
+	default y
+	help
+	  Say Y here to enable func and func_ret hypervisor tracing events.
+	  Those events are raised whenever the hypervisor branch to a
+	  function.
+
+	  If unsure, Say N.
+
+config PKVM_STACKTRACE
+	bool "Protected KVM hypervisor stacktraces"
+	default y
+	help
+	  Say Y here to enable pKVM hypervisor stacktraces on hyp_panic()
+
+	  If using protected nVHE mode, but cannot afford the associated
+	  memory cost (less than 0.75 page per CPU) of pKVM stacktraces,
+	  say N.
+
+	  If unsure, or not using protected nVHE (pKVM), say N.
+
+config PKVM_DISABLE_STAGE2_ON_PANIC
+	bool "Disable the host stage-2 on panic"
+	default n
+	help
+	  If panic occurs while the host lock is held and if, plagued by bad
+	  luck the panic path triggers a host stage-2 memory abort, a lockup
+	  would happen. The only way out is to disable the stage-2 page-table.
+	  This however tamper the system security. This option should therefore
+	  solely be enabled to debug specific issues.
+
+	  Just say N.
+
+endif # PKVM_DEBUG
+endif # KVM
 endif # VIRTUALIZATION