ANDROID: KVM: arm64: Fix accounting when VM creation fails

When VM creation fails part-way through __pkvm_create_hyp_vm(), we end
up destroying the partial state by calling pkvm_destroy_hyp_vm()
before the memory accounting metadata has been updated. Consequently,
we underflow the 'protected_hyp_mem' counter and run into the following
warning:

 18446744073709518848B of donations to the nVHE hyp are missing

Rework the accounting updates so that the per-VM structures are
accounted immediately after initialising the VM, with the vCPU memory
being accounted one-by-one as they are initialised.

Bug: 373813803
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: If4ae9816df009ca2a74aff5964676465c25fe6dc

arch/arm64/kvm/pkvm.c

@@ -262,6 +262,8 @@ static int __pkvm_create_hyp_vm(struct kvm *host_kvm)
 	host_kvm->arch.pkvm.handle = handle;
 
 	total_sz = hyp_vm_sz + last_ran_sz + pgd_sz;
+	atomic64_set(&host_kvm->stat.protected_hyp_mem, total_sz);
+	kvm_account_pgtable_pages(pgd, pgd_sz >> PAGE_SHIFT);
 
 	/* Donate memory for the vcpus at hyp and initialize it. */
 	hyp_vcpu_sz = PAGE_ALIGN(PKVM_HYP_VCPU_SIZE);
@@ -280,18 +282,15 @@ static int __pkvm_create_hyp_vm(struct kvm *host_kvm)
 			goto destroy_vm;
 		}
 
-		total_sz += hyp_vcpu_sz;
-
 		ret = kvm_call_hyp_nvhe(__pkvm_init_vcpu, handle, host_vcpu,
 					hyp_vcpu);
 		if (ret) {
 			free_pages_exact(hyp_vcpu, hyp_vcpu_sz);
 			goto destroy_vm;
 		}
-	}
 
-	atomic64_set(&host_kvm->stat.protected_hyp_mem, total_sz);
-	kvm_account_pgtable_pages(pgd, pgd_sz >> PAGE_SHIFT);
+		atomic64_add(hyp_vcpu_sz, &host_kvm->stat.protected_hyp_mem);
+	}
 
 	return 0;