KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()

	 * at EL2.

	 */

	if (this_cpu_has_cap(ARM64_SSBS) &&

	    arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) {

	    arm64_get_spectre_v4_state() == SPECTRE_VULNERABLE) {

		kvm_call_hyp_nvhe(__kvm_enable_ssbs);

	}

}

			}

			break;

		case ARM_SMCCC_ARCH_WORKAROUND_2:

			switch (arm64_get_ssbd_state()) {

			case ARM64_SSBD_FORCE_DISABLE:

			case ARM64_SSBD_UNKNOWN:

			switch (arm64_get_spectre_v4_state()) {

			case SPECTRE_VULNERABLE:

				break;

			case SPECTRE_MITIGATED:

				/*

				 * SSBS everywhere: Indicate no firmware

				 * support, as the SSBS support will be

				 * indicated to the guest and the default is

				 * safe.

				 *

				 * Otherwise, expose a permanent mitigation

				 * to the guest, and hide SSBS so that the

				 * guest stays protected.

				 */

				if (cpus_have_final_cap(ARM64_SSBS))

					break;

			case ARM64_SSBD_KERNEL:

			case ARM64_SSBD_FORCE_ENABLE:

			case ARM64_SSBD_MITIGATED:

				fallthrough;

			case SPECTRE_UNAFFECTED:

				val = SMCCC_RET_NOT_REQUIRED;

				break;

			}

		}

		return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;

	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

		switch (arm64_get_ssbd_state()) {

		case ARM64_SSBD_FORCE_ENABLE:

		case ARM64_SSBD_MITIGATED:

		case ARM64_SSBD_KERNEL:

		switch (arm64_get_spectre_v4_state()) {

		case SPECTRE_MITIGATED:

			/*

			 * As for the hypercall discovery, we pretend we

			 * don't have any FW mitigation if SSBS is there at

			 * all times.

			 */

			if (cpus_have_final_cap(ARM64_SSBS))

				return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;

			fallthrough;

		case SPECTRE_UNAFFECTED:

			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;

		case ARM64_SSBD_UNKNOWN:

		case ARM64_SSBD_FORCE_DISABLE:

		default:

		case SPECTRE_VULNERABLE:

			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;

		}

	}