From 486bbd0ccb4bad54346ac00b0dfd8126f885dd33 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Thu, 7 Jul 2022 15:51:36 +0100 Subject: [PATCH] Revert "ANDROID: KVM: arm64: Restrict protected VM capabilities" This reverts commit 7d81b2a5e6364cc51031564ce7549a7ab020a08d. Bug: 233587962 Signed-off-by: Will Deacon Change-Id: I68bbe79a094fed39010176745722f9b253305692 --- arch/arm64/include/asm/kvm_pkvm.h | 27 ------------ arch/arm64/kvm/arm.c | 70 +------------------------------ 2 files changed, 1 insertion(+), 96 deletions(-) diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h index efb54331fd6f..7d18610e6ddb 100644 --- a/arch/arm64/include/asm/kvm_pkvm.h +++ b/arch/arm64/include/asm/kvm_pkvm.h @@ -199,33 +199,6 @@ ARM64_FEATURE_MASK(ID_AA64ISAR1_I8MM) \ ) -/* - * Returns the maximum number of breakpoints supported for protected VMs. - */ -static inline int pkvm_get_max_brps(void) -{ - int num = FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_BRPS), - PVM_ID_AA64DFR0_ALLOW); - - /* - * If breakpoints are supported, the maximum number is 1 + the field. - * Otherwise, return 0, which is not compliant with the architecture, - * but is reserved and is used here to indicate no debug support. - */ - return num ? num + 1 : 0; -} - -/* - * Returns the maximum number of watchpoints supported for protected VMs. - */ -static inline int pkvm_get_max_wrps(void) -{ - int num = FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_WRPS), - PVM_ID_AA64DFR0_ALLOW); - - return num ? num + 1 : 0; -} - extern struct memblock_region kvm_nvhe_sym(hyp_memory)[]; extern unsigned int kvm_nvhe_sym(hyp_memblock_nr); diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 98db32ba0bdf..b858ef02ced1 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -37,7 +37,6 @@ #include #include #include -#include #include #include @@ -202,10 +201,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm) kvm_unshare_hyp(kvm, kvm + 1); } -static int kvm_check_extension(struct kvm *kvm, long ext) +int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) { int r; - switch (ext) { case KVM_CAP_IRQCHIP: r = vgic_present; @@ -303,72 +301,6 @@ static int kvm_check_extension(struct kvm *kvm, long ext) return r; } -/* - * Checks whether the exctension specified in ext is supported for protected - * vms. The capabilities supported by kvm in general are passed in kvm_cap. - */ -static int pkvm_check_extension(struct kvm *kvm, long ext, int kvm_cap) -{ - int r; - - switch (ext) { - case KVM_CAP_IRQCHIP: - case KVM_CAP_ARM_PSCI: - case KVM_CAP_ARM_PSCI_0_2: - case KVM_CAP_NR_VCPUS: - case KVM_CAP_MAX_VCPUS: - case KVM_CAP_MAX_VCPU_ID: - case KVM_CAP_MSI_DEVID: - case KVM_CAP_ARM_VM_IPA_SIZE: - case KVM_CAP_EXIT_HYPERCALL: - r = kvm_cap; - break; - case KVM_CAP_GUEST_DEBUG_HW_BPS: - r = min(kvm_cap, pkvm_get_max_brps()); - break; - case KVM_CAP_GUEST_DEBUG_HW_WPS: - r = min(kvm_cap, pkvm_get_max_wrps()); - break; - case KVM_CAP_ARM_PMU_V3: - r = kvm_cap && FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_PMUVER), - PVM_ID_AA64DFR0_ALLOW); - break; - case KVM_CAP_ARM_SVE: - r = kvm_cap && FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_SVE), - PVM_ID_AA64PFR0_RESTRICT_UNSIGNED); - break; - case KVM_CAP_ARM_PTRAUTH_ADDRESS: - r = kvm_cap && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_API), - PVM_ID_AA64ISAR1_ALLOW) && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_APA), - PVM_ID_AA64ISAR1_ALLOW); - break; - case KVM_CAP_ARM_PTRAUTH_GENERIC: - r = kvm_cap && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_GPI), - PVM_ID_AA64ISAR1_ALLOW) && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_GPA), - PVM_ID_AA64ISAR1_ALLOW); - break; - default: - r = 0; - break; - } - - return r; -} - -int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) -{ - int r = kvm_check_extension(kvm, ext); - - if (unlikely(kvm && kvm_vm_is_protected(kvm))) - r = pkvm_check_extension(kvm, ext, r); - - return r; -} - long kvm_arch_dev_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) {