ANDROID: KVM: arm64: Add PKVM_STRICT_CHECKS

Move the strict checks from the global NVHE_EL2_DEBUG option to a newly
introduced CONFIG_PKVM_STRICT_CHECKS.

Bug: 357781595
Change-Id: Ib06f917acdaeb6b0a8c9ee5fcd457680659d691b
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

arch/arm64/kvm/Kconfig

@@ -54,6 +54,14 @@ config NVHE_EL2_DEBUG
 
 	  If unsure, say N.
 
+config PKVM_STRICT_CHECKS
+	bool "Additional checks in the Protected KVM hypervisor"
+	depends on NVHE_EL2_DEBUG
+	help
+	  Say Y here to add more checks into the Protected KVM hypervisor.
+          Those checks have a slight performance cost and will BUG() on a
+          failure. This is intended for EL2 hypervisor development.
+
 config PKVM_SELFTESTS
 	bool "Protected KVM hypervisor selftests"
 	help

arch/arm64/kvm/hyp/include/nvhe/mm.h

@@ -41,9 +41,9 @@ int __pkvm_map_module_page(u64 pfn, void *va, enum kvm_pgtable_prot prot, bool i
 void __pkvm_unmap_module_page(u64 pfn, void *va);
 void *__pkvm_alloc_module_va(u64 nr_pages);
 int pkvm_remap_range(void *va, int nr_pages, bool nc);
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_STRICT_CHECKS
 void assert_in_mod_range(unsigned long addr);
 #else
 static inline void assert_in_mod_range(unsigned long addr) { }
-#endif /* CONFIG_NVHE_EL2_DEBUG */
+#endif /* CONFIG_PKVM_STRICT_CHECKS */
 #endif /* __KVM_HYP_MM_H */

arch/arm64/kvm/hyp/include/nvhe/rwlock.h

@@ -117,7 +117,7 @@ static inline void hyp_read_unlock(hyp_rwlock_t *lock)
 	: "memory");
 }
 
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_STRICT_CHECKS
 static inline void hyp_assert_write_lock_held(hyp_rwlock_t *lock)
 {
 	BUG_ON(!(READ_ONCE(lock->__val) & BIT(__HYP_RWLOCK_WRITER_BIT)));

arch/arm64/kvm/hyp/include/nvhe/spinlock.h

@@ -105,7 +105,7 @@ static inline bool hyp_spin_is_locked(hyp_spinlock_t *lock)
 	return lockval.owner != lockval.next;
 }
 
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_STRICT_CHECKS
 static inline void hyp_assert_lock_held(hyp_spinlock_t *lock)
 {
 	/*

arch/arm64/kvm/hyp/nvhe/mem_protect.c

@@ -1265,7 +1265,7 @@ int __pkvm_host_share_hyp(u64 pfn)
 	ret = __host_check_page_state_range(phys, size, PKVM_PAGE_OWNED);
 	if (ret)
 		goto unlock;
-	if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
+	if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) {
 		ret = __hyp_check_page_state_range((u64)virt, size, PKVM_NOPAGE);
 		if (ret)
 			goto unlock;
@@ -1586,7 +1586,7 @@ int __pkvm_host_donate_hyp_locked(u64 pfn, u64 nr_pages, enum kvm_pgtable_prot p
 	ret = __host_check_page_state_range(phys, size, PKVM_PAGE_OWNED);
 	if (ret)
 		goto unlock;
-	if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
+	if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) {
 		ret = __hyp_check_page_state_range((u64)virt, size, PKVM_NOPAGE);
 		if (ret)
 			goto unlock;
@@ -1623,7 +1623,7 @@ int __pkvm_hyp_donate_host(u64 pfn, u64 nr_pages)
 	ret = __hyp_check_page_state_range(virt, size, PKVM_PAGE_OWNED);
 	if (ret)
 		goto unlock;
-	if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
+	if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) {
 		ret = __host_check_page_state_range(phys, size, PKVM_NOPAGE);
 		if (ret)
 			goto unlock;

arch/arm64/kvm/hyp/nvhe/mm.c

@@ -111,7 +111,7 @@ int __pkvm_create_private_mapping(phys_addr_t phys, size_t size,
 	return err;
 }
 
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_STRICT_CHECKS
 static unsigned long mod_range_start = ULONG_MAX;
 static unsigned long mod_range_end;
 static DEFINE_HYP_SPINLOCK(mod_range_lock);

arch/arm64/kvm/hyp/pgtable.c

@@ -1112,7 +1112,7 @@ static void debug_check_table_before_coalescing(
 	struct stage2_map_data *data,
 	kvm_pte_t *ptep, u64 pa)
 {
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_STRICT_CHECKS
 	u64 granule = kvm_granule_size(ctx->level + 1);
 	int i;