KVM: arm64: Hoist MTE validation check out of MMU lock path

Simplify the non-cacheable attributes assignment by using a ternary
operator. Additionally, hoist the MTE validation check (mte_allowed) out
of kvm_s2_fault_map() and into kvm_s2_fault_compute_prot(). This allows
us to fail faster and avoid acquiring the KVM MMU lock unnecessarily
when the VMM introduces a disallowed VMA for an MTE-enabled guest.

Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 74c512839e81c5c7c9bd2c9ed91bfc4ffc116961..871143a2b2f702c5ff2016170674dfc28913f019 100644 (file)
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1870,18 +1870,21 @@ static int kvm_s2_fault_compute_prot(struct kvm_s2_fault *fault)
        if (fault->exec_fault)
                fault->prot |= KVM_PGTABLE_PROT_X;
 
-       if (fault->s2_force_noncacheable) {
-               if (fault->vm_flags & VM_ALLOW_ANY_UNCACHED)
-                       fault->prot |= KVM_PGTABLE_PROT_NORMAL_NC;
-               else
-                       fault->prot |= KVM_PGTABLE_PROT_DEVICE;
-       } else if (cpus_have_final_cap(ARM64_HAS_CACHE_DIC)) {
+       if (fault->s2_force_noncacheable)
+               fault->prot |= (fault->vm_flags & VM_ALLOW_ANY_UNCACHED) ?
+                              KVM_PGTABLE_PROT_NORMAL_NC : KVM_PGTABLE_PROT_DEVICE;
+       else if (cpus_have_final_cap(ARM64_HAS_CACHE_DIC))
                fault->prot |= KVM_PGTABLE_PROT_X;
-       }
 
        if (fault->nested)
                adjust_nested_exec_perms(kvm, fault->nested, &fault->prot);
 
+       if (!fault->fault_is_perm && !fault->s2_force_noncacheable && kvm_has_mte(kvm)) {
+               /* Check the VMM hasn't introduced a new disallowed VMA */
+               if (!fault->mte_allowed)
+                       return -EFAULT;
+       }
+
        return 0;
 }
 
@@ -1918,15 +1921,8 @@ static int kvm_s2_fault_map(struct kvm_s2_fault *fault, void *memcache)
                }
        }
 
-       if (!fault->fault_is_perm && !fault->s2_force_noncacheable && kvm_has_mte(kvm)) {
-               /* Check the VMM hasn't introduced a new disallowed VMA */
-               if (fault->mte_allowed) {
-                       sanitise_mte_tags(kvm, fault->pfn, fault->vma_pagesize);
-               } else {
-                       ret = -EFAULT;
-                       goto out_unlock;
-               }
-       }
+       if (!fault->fault_is_perm && !fault->s2_force_noncacheable && kvm_has_mte(kvm))
+               sanitise_mte_tags(kvm, fault->pfn, fault->vma_pagesize);
 
        /*
         * Under the premise of getting a FSC_PERM fault, we just need to relax