diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig index 1378f2dc4601..48cfe9a89723 100644 --- a/arch/arm64/kvm/Kconfig +++ b/arch/arm64/kvm/Kconfig @@ -54,6 +54,14 @@ config NVHE_EL2_DEBUG If unsure, say N. +config PKVM_STRICT_CHECKS + bool "Additional checks in the Protected KVM hypervisor" + depends on NVHE_EL2_DEBUG + help + Say Y here to add more checks into the Protected KVM hypervisor. + Those checks have a slight performance cost and will BUG() on a + failure. This is intended for EL2 hypervisor development. + config PKVM_SELFTESTS bool "Protected KVM hypervisor selftests" help diff --git a/arch/arm64/kvm/hyp/include/nvhe/mm.h b/arch/arm64/kvm/hyp/include/nvhe/mm.h index 9e22fce84977..c729ca1fed05 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/mm.h +++ b/arch/arm64/kvm/hyp/include/nvhe/mm.h @@ -41,9 +41,9 @@ int __pkvm_map_module_page(u64 pfn, void *va, enum kvm_pgtable_prot prot, bool i void __pkvm_unmap_module_page(u64 pfn, void *va); void *__pkvm_alloc_module_va(u64 nr_pages); int pkvm_remap_range(void *va, int nr_pages, bool nc); -#ifdef CONFIG_NVHE_EL2_DEBUG +#ifdef CONFIG_PKVM_STRICT_CHECKS void assert_in_mod_range(unsigned long addr); #else static inline void assert_in_mod_range(unsigned long addr) { } -#endif /* CONFIG_NVHE_EL2_DEBUG */ +#endif /* CONFIG_PKVM_STRICT_CHECKS */ #endif /* __KVM_HYP_MM_H */ diff --git a/arch/arm64/kvm/hyp/include/nvhe/rwlock.h b/arch/arm64/kvm/hyp/include/nvhe/rwlock.h index 365084497e59..797665cbab15 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/rwlock.h +++ b/arch/arm64/kvm/hyp/include/nvhe/rwlock.h @@ -117,7 +117,7 @@ static inline void hyp_read_unlock(hyp_rwlock_t *lock) : "memory"); } -#ifdef CONFIG_NVHE_EL2_DEBUG +#ifdef CONFIG_PKVM_STRICT_CHECKS static inline void hyp_assert_write_lock_held(hyp_rwlock_t *lock) { BUG_ON(!(READ_ONCE(lock->__val) & BIT(__HYP_RWLOCK_WRITER_BIT))); diff --git a/arch/arm64/kvm/hyp/include/nvhe/spinlock.h b/arch/arm64/kvm/hyp/include/nvhe/spinlock.h index 7c7ea8c55405..a3003dc9ab17 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/spinlock.h +++ b/arch/arm64/kvm/hyp/include/nvhe/spinlock.h @@ -105,7 +105,7 @@ static inline bool hyp_spin_is_locked(hyp_spinlock_t *lock) return lockval.owner != lockval.next; } -#ifdef CONFIG_NVHE_EL2_DEBUG +#ifdef CONFIG_PKVM_STRICT_CHECKS static inline void hyp_assert_lock_held(hyp_spinlock_t *lock) { /* diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index 56834f8ccd30..27db066c4628 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -1265,7 +1265,7 @@ int __pkvm_host_share_hyp(u64 pfn) ret = __host_check_page_state_range(phys, size, PKVM_PAGE_OWNED); if (ret) goto unlock; - if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) { + if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) { ret = __hyp_check_page_state_range((u64)virt, size, PKVM_NOPAGE); if (ret) goto unlock; @@ -1586,7 +1586,7 @@ int __pkvm_host_donate_hyp_locked(u64 pfn, u64 nr_pages, enum kvm_pgtable_prot p ret = __host_check_page_state_range(phys, size, PKVM_PAGE_OWNED); if (ret) goto unlock; - if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) { + if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) { ret = __hyp_check_page_state_range((u64)virt, size, PKVM_NOPAGE); if (ret) goto unlock; @@ -1623,7 +1623,7 @@ int __pkvm_hyp_donate_host(u64 pfn, u64 nr_pages) ret = __hyp_check_page_state_range(virt, size, PKVM_PAGE_OWNED); if (ret) goto unlock; - if (IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) { + if (IS_ENABLED(CONFIG_PKVM_STRICT_CHECKS)) { ret = __host_check_page_state_range(phys, size, PKVM_NOPAGE); if (ret) goto unlock; diff --git a/arch/arm64/kvm/hyp/nvhe/mm.c b/arch/arm64/kvm/hyp/nvhe/mm.c index 81d3c676185d..b41112fea09a 100644 --- a/arch/arm64/kvm/hyp/nvhe/mm.c +++ b/arch/arm64/kvm/hyp/nvhe/mm.c @@ -111,7 +111,7 @@ int __pkvm_create_private_mapping(phys_addr_t phys, size_t size, return err; } -#ifdef CONFIG_NVHE_EL2_DEBUG +#ifdef CONFIG_PKVM_STRICT_CHECKS static unsigned long mod_range_start = ULONG_MAX; static unsigned long mod_range_end; static DEFINE_HYP_SPINLOCK(mod_range_lock); diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c index be3417d0d9d4..31fa4cb29553 100644 --- a/arch/arm64/kvm/hyp/pgtable.c +++ b/arch/arm64/kvm/hyp/pgtable.c @@ -1112,7 +1112,7 @@ static void debug_check_table_before_coalescing( struct stage2_map_data *data, kvm_pte_t *ptep, u64 pa) { -#ifdef CONFIG_NVHE_EL2_DEBUG +#ifdef CONFIG_PKVM_STRICT_CHECKS u64 granule = kvm_granule_size(ctx->level + 1); int i;