KVM: arm64: Move checking protected vcpu features to a separate function

At the moment, checks for supported vcpu features for protected
VMs are build-time bugs. In the following patch, they will become
runtime checks based on the vcpu's features registers. Therefore,
consolidate them into one function that would return an error if
it encounters an unsupported feature.

Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20241216105057.579031-4-tabba@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
index 3af5fca64f675fc310b0677a9e11de8941dc514d..6a39f68563ae91e2a5e3b242c74f8f7cdcd4d1e3 100644 (file)
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -178,20 +178,11 @@ static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu)
 }
 
 /*
- * Initialize trap register values in protected mode.
+ * Check that cpu features that are neither trapped nor supported are not
+ * enabled for protected VMs.
  */
-static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu)
+static int pkvm_check_pvm_cpu_features(struct kvm_vcpu *vcpu)
 {
-       struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu;
-
-       vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu);
-       vcpu->arch.mdcr_el2 = 0;
-
-       pkvm_vcpu_reset_hcr(vcpu);
-
-       if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu)))
-               return;
-
        /*
         * PAuth is allowed if supported by the system and the vcpu.
         * Properly checking for PAuth requires checking various fields in
@@ -218,9 +209,34 @@ static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu)
        BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD),
                                PVM_ID_AA64PFR0_ALLOW));
 
+       return 0;
+}
+
+/*
+ * Initialize trap register values in protected mode.
+ */
+static int pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu)
+{
+       struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu;
+       int ret;
+
+       vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu);
+       vcpu->arch.mdcr_el2 = 0;
+
+       pkvm_vcpu_reset_hcr(vcpu);
+
+       if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu)))
+               return 0;
+
+       ret = pkvm_check_pvm_cpu_features(vcpu);
+       if (ret)
+               return ret;
+
        pvm_init_traps_hcr(vcpu);
        pvm_init_traps_cptr(vcpu);
        pvm_init_traps_mdcr(vcpu);
+
+       return 0;
 }
 
 /*
@@ -417,9 +433,12 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu,
        hyp_vcpu->vcpu.arch.cflags = READ_ONCE(host_vcpu->arch.cflags);
        hyp_vcpu->vcpu.arch.mp_state.mp_state = KVM_MP_STATE_STOPPED;
 
+       ret = pkvm_vcpu_init_traps(hyp_vcpu);
+       if (ret)
+               goto done;
+
        pkvm_vcpu_init_sve(hyp_vcpu, host_vcpu);
        pkvm_vcpu_init_ptrauth(hyp_vcpu);
-       pkvm_vcpu_init_traps(hyp_vcpu);
 done:
        if (ret)
                unpin_host_vcpu(host_vcpu);