From 3e8a2f0f1a0ae737a51673b367a36f5055bad694 Mon Sep 17 00:00:00 2001
From: Mostafa Saleh <smostafa@google.com>
Date: Tue, 14 Feb 2023 13:01:09 +0000
Subject: [PATCH] ANDROID: KVM: arm64: Add function to report misconfigurations
 to pKVM.

Add function pkvm_handle_system_misconfiguration that is used to
report misconfigurations to pKVM that can undermine its security,
so pKVM can't take the proper action.
This patch only add one event NO_DMA_ISOLATION to indicate that DMA
is not isolated and access the hypervisor.
The patch adds type pkvm_system_misconfiguration to identify the event
instead of having a void function with only one action as in the
future different events can have different responses.

Bug: 268607700
Change-Id: I9f0d2aeee25bd6bed622d327d6cbb36119c54c58
Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
 arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 12 ++++++++++++
 arch/arm64/kvm/hyp/nvhe/pkvm.c         | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h
index c373844cea79..5c0c9a0e1097 100644
--- a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h
+++ b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h
@@ -12,6 +12,13 @@
 #include <nvhe/gfp.h>
 #include <nvhe/spinlock.h>
 
+/*
+ * Misconfiguration events that can undermine pKVM security.
+ */
+enum pkvm_system_misconfiguration {
+	NO_DMA_ISOLATION,
+};
+
 /*
  * Holds the relevant data for maintaining the vcpu state completely at hyp.
  */
@@ -146,4 +153,9 @@ int pkvm_load_pvmfw_pages(struct pkvm_hyp_vm *vm, u64 ipa, phys_addr_t phys,
 			  u64 size);
 void pkvm_poison_pvmfw_pages(void);
 
+/*
+ * Notify pKVM about events that can undermine pKVM security.
+ */
+void pkvm_handle_system_misconfiguration(enum pkvm_system_misconfiguration event);
+
 #endif /* __ARM64_KVM_NVHE_PKVM_H__ */
diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
index f160bc4306a5..4c649db27ddf 100644
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -1524,3 +1524,14 @@ bool kvm_hyp_handle_hvc64(struct kvm_vcpu *vcpu, u64 *exit_code)
 
 	return false;
 }
+
+/*
+ * Notify pKVM about events that can undermine pKVM security.
+ */
+void pkvm_handle_system_misconfiguration(enum pkvm_system_misconfiguration event)
+{
+	if (event == NO_DMA_ISOLATION)
+		pkvm_poison_pvmfw_pages();
+	else
+		BUG();
+}