ANDROID: KVM: arm64: Add PKVM_DISABLE_STAGE2_ON_PANIC

Now pKVM prefaults the entire host stage-2, it is very unlikely to
encounter a fault on the panic path and the need for disabling the host
stage-2 on panic for debug purpose isn't that obvious anymore. Let's
make it a separate config option. This will allow to enable other debug
options which do not jeopardize the system security.

Bug: 357781595
Change-Id: I945e95c0e5073f51e3c4716532eaf19999146187
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

arch/arm64/kvm/Kconfig

@@ -92,6 +92,19 @@ config PROTECTED_NVHE_STACKTRACE
 
 	  If unsure, or not using protected nVHE (pKVM), say N.
 
+config PKVM_DISABLE_STAGE2_ON_PANIC
+	bool "Disable the host stage-2 on panic"
+	default n
+	depends on NVHE_EL2_DEBUG
+	help
+	  If panic occurs while the host lock is held and if, plagued by bad
+	  luck the panic path triggers a host stage-2 memory abort, a lockup
+	  would happen. The only way out is to disable the stage-2 page-table.
+	  This however tamper the system security. This option should therefore
+	  solely be enabled to debug specific issues.
+
+	  Just say N.
+
 config PTDUMP_STAGE2_DEBUGFS
 	bool "Present the stage-2 pagetables to debugfs"
 	depends on KVM

arch/arm64/kvm/hyp/nvhe/host.S

@@ -120,7 +120,7 @@ SYM_FUNC_START(__hyp_do_panic)
 
 	mov	x29, x0
 
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef CONFIG_PKVM_DISABLE_STAGE2_ON_PANIC
 	/* Ensure host stage-2 is disabled */
 	mrs	x0, hcr_el2
 	bic	x0, x0, #HCR_VM