[PATCH v1 13/13] KVM: arm64: Check vcpu features at pVM creation

[Fuad Tabba]

Check that a protected VM is not setting any of the unsupported
features when it's created.

Signed-off-by: Fuad Tabba <tabba at google.com>
---
 arch/arm64/kvm/pkvm.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c
index cf624350fb27..5e58d604faec 100644
--- a/arch/arm64/kvm/pkvm.c
+++ b/arch/arm64/kvm/pkvm.c
@@ -88,10 +88,41 @@ static void pkvm_teardown_firmware_slot(struct kvm *kvm)
 	kvm->arch.pkvm.firmware_slot = NULL;
 }
 
+/*
+ * Check that no unsupported features are enabled for the protected VM's vcpus.
+ *
+ * Return 0 if all features enabled for all vcpus are supported, or -EINVAL if
+ * one or more vcpus has one or more unsupported features.
+ */
+static int pkvm_check_features(struct kvm *kvm)
+{
+	int i;
+	const struct kvm_vcpu *vcpu;
+
+	kvm_for_each_vcpu(i, vcpu, kvm) {
+		/*
+		 * No support for:
+		 * - AArch32 state for protected VMs
+		 * - Performance Monitoring
+		 * - Scalable Vectors
+		 */
+		if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features) ||
+		    test_bit(KVM_ARM_VCPU_PMU_V3, vcpu->arch.features) ||
+		    test_bit(KVM_ARM_VCPU_SVE, vcpu->arch.features))
+			return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int pkvm_enable(struct kvm *kvm, u64 slotid)
 {
 	int ret;
 
+	ret = pkvm_check_features(kvm);
+	if (ret)
+		return ret;
+
 	ret = pkvm_init_firmware_slot(kvm, slotid);
 	if (ret)
 		return ret;
-- 
2.32.0.rc1.229.g3e70b5a671-goog