Revert "ANDROID: KVM: arm64: Introduce KVM_CAP_ARM_PROTECTED_VM to set/query PVM firmware"

This reverts commit eb41d18574.

Bug: 233587962
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ia9ff51b435d87e1c4cb3457ff3ccb35822c4bcae

arch/arm64/include/asm/kvm_pkvm.h

@@ -17,7 +17,6 @@
 #define HYP_MEMBLOCK_REGIONS 128
 #define PVMFW_INVALID_LOAD_ADDR	(-1)
 
-int kvm_arm_vm_ioctl_pkvm(struct kvm *kvm, struct kvm_enable_cap *cap);
 int kvm_init_pvm(struct kvm *kvm, unsigned long type);
 int create_el2_shadow(struct kvm *kvm);
 

arch/arm64/include/uapi/asm/kvm.h

@@ -418,15 +418,6 @@ struct kvm_arm_copy_mte_tags {
 #define KVM_PSCI_RET_INVAL		PSCI_RET_INVALID_PARAMS
 #define KVM_PSCI_RET_DENIED		PSCI_RET_DENIED
 
-/* Protected KVM */
-#define KVM_CAP_ARM_PROTECTED_VM_FLAGS_SET_FW_IPA	0
-#define KVM_CAP_ARM_PROTECTED_VM_FLAGS_INFO		1
-
-struct kvm_protected_vm_info {
-	__u64 firmware_size;
-	__u64 __reserved[7];
-};
-
 #endif
 
 #endif /* __ARM_KVM_H__ */

arch/arm64/kvm/arm.c

@@ -88,16 +88,9 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 {
 	int r;
 
-	/* Capabilities with flags */
-	switch (cap->cap) {
-	case KVM_CAP_ARM_PROTECTED_VM:
-		return kvm_arm_vm_ioctl_pkvm(kvm, cap);
-	default:
-		if (cap->flags)
-			return -EINVAL;
-	}
+	if (cap->flags)
+		return -EINVAL;
 
-	/* Capabilities without flags */
 	switch (cap->cap) {
 	case KVM_CAP_ARM_NISV_TO_USER:
 		r = 0;
@@ -114,6 +107,9 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 		mutex_unlock(&kvm->lock);
 		break;
 	case KVM_CAP_EXIT_HYPERCALL:
+		if (cap->flags)
+			return -EINVAL;
+
 		if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK)
 			return -EINVAL;
 
@@ -394,9 +390,6 @@ static int pkvm_check_extension(struct kvm *kvm, long ext, int kvm_cap)
 		    FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_GPA),
 			      PVM_ID_AA64ISAR1_ALLOW);
 		break;
-	case KVM_CAP_ARM_PROTECTED_VM:
-		r = 1;
-		break;
 	default:
 		r = 0;
 		break;

arch/arm64/kvm/hyp/nvhe/pkvm.c

@@ -356,7 +356,7 @@ static int init_shadow_structs(struct kvm *kvm, struct kvm_shadow_vm *vm, int nr
 
 	vm->host_kvm = kvm;
 	vm->created_vcpus = 0;
-	vm->arch.pkvm.pvmfw_load_addr = kvm->arch.pkvm.pvmfw_load_addr;
+	vm->arch.pkvm.pvmfw_load_addr = PVMFW_INVALID_LOAD_ADDR;
 
 	for (i = 0; i < nr_vcpus; i++) {
 		struct kvm_vcpu *host_vcpu = kern_hyp_va(kvm->vcpus[i]);

arch/arm64/kvm/pkvm.c

@@ -245,54 +245,6 @@ static int __init pkvm_firmware_rmem_clear(void)
 }
 device_initcall_sync(pkvm_firmware_rmem_clear);
 
-static int pkvm_vm_ioctl_set_fw_ipa(struct kvm *kvm, u64 ipa)
-{
-	int ret = 0;
-
-	if (!pkvm_firmware_mem)
-		return -EINVAL;
-
-	mutex_lock(&kvm->arch.pkvm.shadow_lock);
-	if (kvm->arch.pkvm.shadow_handle) {
-		ret = -EBUSY;
-		goto out_unlock;
-	}
-
-	kvm->arch.pkvm.pvmfw_load_addr = ipa;
-out_unlock:
-	mutex_unlock(&kvm->arch.pkvm.shadow_lock);
-	return ret;
-}
-
-static int pkvm_vm_ioctl_info(struct kvm *kvm,
-			      struct kvm_protected_vm_info __user *info)
-{
-	struct kvm_protected_vm_info kinfo = {
-		.firmware_size = pkvm_firmware_mem ?
-				 pkvm_firmware_mem->size :
-				 0,
-	};
-
-	return copy_to_user(info, &kinfo, sizeof(kinfo)) ? -EFAULT : 0;
-}
-
-int kvm_arm_vm_ioctl_pkvm(struct kvm *kvm, struct kvm_enable_cap *cap)
-{
-	if (cap->args[1] || cap->args[2] || cap->args[3])
-		return -EINVAL;
-
-	switch (cap->flags) {
-	case KVM_CAP_ARM_PROTECTED_VM_FLAGS_SET_FW_IPA:
-		return pkvm_vm_ioctl_set_fw_ipa(kvm, cap->args[0]);
-	case KVM_CAP_ARM_PROTECTED_VM_FLAGS_INFO:
-		return pkvm_vm_ioctl_info(kvm, (void __force __user *)cap->args[0]);
-	default:
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 int kvm_init_pvm(struct kvm *kvm, unsigned long type)
 {
 	mutex_init(&kvm->arch.pkvm.shadow_lock);