Add basic infrastructure to support the FWFT extension in KVM.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
---
arch/riscv/include/asm/kvm_host.h | 4 +
arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 37 ++++
arch/riscv/include/uapi/asm/kvm.h | 1 +
arch/riscv/kvm/Makefile | 1 +
arch/riscv/kvm/vcpu_sbi.c | 4 +
arch/riscv/kvm/vcpu_sbi_fwft.c | 187 +++++++++++++++++++++
7 files changed, 235 insertions(+)
create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
index bb93d2995ea2..c0db61ba691a 100644
--- a/arch/riscv/include/asm/kvm_host.h
+++ b/arch/riscv/include/asm/kvm_host.h
@@ -19,6 +19,7 @@
#include <asm/kvm_vcpu_fp.h>
#include <asm/kvm_vcpu_insn.h>
#include <asm/kvm_vcpu_sbi.h>
+#include <asm/kvm_vcpu_sbi_fwft.h>
#include <asm/kvm_vcpu_timer.h>
#include <asm/kvm_vcpu_pmu.h>
@@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
/* Performance monitoring context */
struct kvm_pmu pmu_context;
+ /* Firmware feature SBI extension context */
+ struct kvm_sbi_fwft fwft_context;
+
/* 'static' configurations which are set only once */
struct kvm_vcpu_config cfg;
diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h
index cb68b3a57c8f..ffd03fed0c06 100644
--- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
+++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
@@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_hsm;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
+extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
new file mode 100644
index 000000000000..5782517f6e08
--- /dev/null
+++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
@@ -0,0 +1,37 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2025 Rivos Inc.
+ *
+ * Authors:
+ * Clément Léger <cleger@rivosinc.com>
+ */
+
+#ifndef __KVM_VCPU_RISCV_FWFT_H
+#define __KVM_VCPU_RISCV_FWFT_H
+
+#include <asm/sbi.h>
+
+struct kvm_sbi_fwft_config;
+struct kvm_vcpu;
+
+struct kvm_sbi_fwft_feature {
+ enum sbi_fwft_feature_t id;
+ bool (*supported)(struct kvm_vcpu *vcpu);
+ int (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long value);
+ int (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long *value);
+};
+
+struct kvm_sbi_fwft_config {
+ const struct kvm_sbi_fwft_feature *feature;
+ bool supported;
+ unsigned long flags;
+};
+
+/* FWFT data structure per vcpu */
+struct kvm_sbi_fwft {
+ struct kvm_sbi_fwft_config *configs;
+};
+
+#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
+
+#endif /* !__KVM_VCPU_RISCV_FWFT_H */
diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h
index f06bc5efcd79..fa6eee1caf41 100644
--- a/arch/riscv/include/uapi/asm/kvm.h
+++ b/arch/riscv/include/uapi/asm/kvm.h
@@ -202,6 +202,7 @@ enum KVM_RISCV_SBI_EXT_ID {
KVM_RISCV_SBI_EXT_DBCN,
KVM_RISCV_SBI_EXT_STA,
KVM_RISCV_SBI_EXT_SUSP,
+ KVM_RISCV_SBI_EXT_FWFT,
KVM_RISCV_SBI_EXT_MAX,
};
diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
index 4e0bba91d284..06e2d52a9b88 100644
--- a/arch/riscv/kvm/Makefile
+++ b/arch/riscv/kvm/Makefile
@@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
kvm-y += vcpu_sbi.o
kvm-y += vcpu_sbi_base.o
+kvm-y += vcpu_sbi_fwft.o
kvm-y += vcpu_sbi_hsm.o
kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
kvm-y += vcpu_sbi_replace.o
diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
index f81f06f82650..3b37deaed4e7 100644
--- a/arch/riscv/kvm/vcpu_sbi.c
+++ b/arch/riscv/kvm/vcpu_sbi.c
@@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = {
.ext_idx = KVM_RISCV_SBI_EXT_STA,
.ext_ptr = &vcpu_sbi_ext_sta,
},
+ {
+ .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
+ .ext_ptr = &vcpu_sbi_ext_fwft,
+ },
{
.ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
.ext_ptr = &vcpu_sbi_ext_experimental,
diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c
new file mode 100644
index 000000000000..fe608bf16558
--- /dev/null
+++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
@@ -0,0 +1,187 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2025 Rivos Inc.
+ *
+ * Authors:
+ * Clément Léger <cleger@rivosinc.com>
+ */
+
+#include <linux/errno.h>
+#include <linux/err.h>
+#include <linux/kvm_host.h>
+#include <asm/cpufeature.h>
+#include <asm/sbi.h>
+#include <asm/kvm_vcpu_sbi.h>
+#include <asm/kvm_vcpu_sbi_fwft.h>
+
+static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
+ SBI_FWFT_MISALIGNED_EXC_DELEG,
+ SBI_FWFT_LANDING_PAD,
+ SBI_FWFT_SHADOW_STACK,
+ SBI_FWFT_DOUBLE_TRAP,
+ SBI_FWFT_PTE_AD_HW_UPDATING,
+ SBI_FWFT_POINTER_MASKING_PMLEN,
+};
+
+static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
+ if (kvm_fwft_defined_features[i] == feature)
+ return true;
+ }
+
+ return false;
+}
+
+static const struct kvm_sbi_fwft_feature features[] = {
+};
+
+static struct kvm_sbi_fwft_config *
+kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum sbi_fwft_feature_t feature)
+{
+ int i = 0;
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ for (i = 0; i < ARRAY_SIZE(features); i++) {
+ if (fwft->configs[i].feature->id == feature)
+ return &fwft->configs[i];
+ }
+
+ return NULL;
+}
+
+static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, unsigned long feature,
+ struct kvm_sbi_fwft_config **conf)
+{
+ struct kvm_sbi_fwft_config *tconf;
+
+ /* Feature are defined as 32 bits identifiers */
+ if (feature & ~(BIT_ULL(32) - 1))
+ return SBI_ERR_INVALID_PARAM;
+
+ tconf = kvm_sbi_fwft_get_config(vcpu, feature);
+ if (!tconf) {
+ if (kvm_fwft_is_defined_feature(feature))
+ return SBI_ERR_NOT_SUPPORTED;
+
+ return SBI_ERR_DENIED;
+ }
+
+ if (!tconf->supported)
+ return SBI_ERR_NOT_SUPPORTED;
+
+ *conf = tconf;
+
+ return SBI_SUCCESS;
+}
+
+static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, unsigned long feature,
+ unsigned long value, unsigned long flags)
+{
+ int ret;
+ struct kvm_sbi_fwft_config *conf;
+
+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
+ if (ret)
+ return ret;
+
+ if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
+ return SBI_ERR_INVALID_PARAM;
+
+ if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
+ return SBI_ERR_DENIED_LOCKED;
+
+ conf->flags = flags;
+
+ return conf->feature->set(vcpu, conf, value);
+}
+
+static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long feature,
+ unsigned long *value)
+{
+ int ret;
+ struct kvm_sbi_fwft_config *conf;
+
+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
+ if (ret)
+ return ret;
+
+ return conf->feature->get(vcpu, conf, value);
+}
+
+static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct kvm_run *run,
+ struct kvm_vcpu_sbi_return *retdata)
+{
+ int ret = 0;
+ struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
+ unsigned long funcid = cp->a6;
+
+ switch (funcid) {
+ case SBI_EXT_FWFT_SET:
+ ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
+ break;
+ case SBI_EXT_FWFT_GET:
+ ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
+ break;
+ default:
+ ret = SBI_ERR_NOT_SUPPORTED;
+ break;
+ }
+
+ retdata->err_val = ret;
+
+ return 0;
+}
+
+static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
+{
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+ const struct kvm_sbi_fwft_feature *feature;
+ struct kvm_sbi_fwft_config *conf;
+ int i;
+
+ fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct kvm_sbi_fwft_config),
+ GFP_KERNEL);
+ if (!fwft->configs)
+ return -ENOMEM;
+
+ for (i = 0; i < ARRAY_SIZE(features); i++) {
+ feature = &features[i];
+ conf = &fwft->configs[i];
+ if (feature->supported)
+ conf->supported = feature->supported(vcpu);
+ else
+ conf->supported = true;
+
+ conf->feature = feature;
+ }
+
+ return 0;
+}
+
+static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
+{
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ kfree(fwft->configs);
+}
+
+static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
+{
+ int i = 0;
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ for (i = 0; i < ARRAY_SIZE(features); i++)
+ fwft->configs[i].flags = 0;
+}
+
+const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
+ .extid_start = SBI_EXT_FWFT,
+ .extid_end = SBI_EXT_FWFT,
+ .handler = kvm_sbi_ext_fwft_handler,
+ .init = kvm_sbi_ext_fwft_init,
+ .deinit = kvm_sbi_ext_fwft_deinit,
+ .reset = kvm_sbi_ext_fwft_reset,
+};
--
2.47.2
On Mon, Feb 10, 2025 at 10:35:47PM +0100, Clément Léger wrote:
>Add basic infrastructure to support the FWFT extension in KVM.
>
>Signed-off-by: Clément Léger <cleger@rivosinc.com>
>---
> arch/riscv/include/asm/kvm_host.h | 4 +
> arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
> arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 37 ++++
> arch/riscv/include/uapi/asm/kvm.h | 1 +
> arch/riscv/kvm/Makefile | 1 +
> arch/riscv/kvm/vcpu_sbi.c | 4 +
> arch/riscv/kvm/vcpu_sbi_fwft.c | 187 +++++++++++++++++++++
> 7 files changed, 235 insertions(+)
> create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
> create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
>
>diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
>index bb93d2995ea2..c0db61ba691a 100644
>--- a/arch/riscv/include/asm/kvm_host.h
>+++ b/arch/riscv/include/asm/kvm_host.h
>@@ -19,6 +19,7 @@
> #include <asm/kvm_vcpu_fp.h>
> #include <asm/kvm_vcpu_insn.h>
> #include <asm/kvm_vcpu_sbi.h>
>+#include <asm/kvm_vcpu_sbi_fwft.h>
> #include <asm/kvm_vcpu_timer.h>
> #include <asm/kvm_vcpu_pmu.h>
>
>@@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
> /* Performance monitoring context */
> struct kvm_pmu pmu_context;
>
>+ /* Firmware feature SBI extension context */
>+ struct kvm_sbi_fwft fwft_context;
>+
> /* 'static' configurations which are set only once */
> struct kvm_vcpu_config cfg;
>
>diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h
>index cb68b3a57c8f..ffd03fed0c06 100644
>--- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
>+++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
>@@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_hsm;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
>+extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
>
>diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>new file mode 100644
>index 000000000000..5782517f6e08
>--- /dev/null
>+++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>@@ -0,0 +1,37 @@
>+/* SPDX-License-Identifier: GPL-2.0-only */
>+/*
>+ * Copyright (c) 2025 Rivos Inc.
>+ *
>+ * Authors:
>+ * Clément Léger <cleger@rivosinc.com>
>+ */
>+
>+#ifndef __KVM_VCPU_RISCV_FWFT_H
>+#define __KVM_VCPU_RISCV_FWFT_H
>+
>+#include <asm/sbi.h>
>+
>+struct kvm_sbi_fwft_config;
>+struct kvm_vcpu;
>+
Can we add some comments here for future fwft providers along below lines?
Reason being, patch defaults to `conf->supported = true` if `supported` fn
pointer in `kvm_sbi_fwft_feature` was NULL. Although `kvm_sbi_fwft_set/get`
does get/set fn pointers (it would happen even if `supported` fn pointer
was NULL).
>+struct kvm_sbi_fwft_feature {
>+ enum sbi_fwft_feature_t id;
/* If function not provided, KVM will default assume to be true */
>+ bool (*supported)(struct kvm_vcpu *vcpu);
/* Must always provide function pointers for get/set */
>+ int (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long value);
>+ int (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long *value);
>+};
>+
>+struct kvm_sbi_fwft_config {
>+ const struct kvm_sbi_fwft_feature *feature;
>+ bool supported;
>+ unsigned long flags;
>+};
>+
>+/* FWFT data structure per vcpu */
>+struct kvm_sbi_fwft {
>+ struct kvm_sbi_fwft_config *configs;
>+};
>+
>+#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
>+
>+#endif /* !__KVM_VCPU_RISCV_FWFT_H */
>diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h
>index f06bc5efcd79..fa6eee1caf41 100644
>--- a/arch/riscv/include/uapi/asm/kvm.h
>+++ b/arch/riscv/include/uapi/asm/kvm.h
>@@ -202,6 +202,7 @@ enum KVM_RISCV_SBI_EXT_ID {
> KVM_RISCV_SBI_EXT_DBCN,
> KVM_RISCV_SBI_EXT_STA,
> KVM_RISCV_SBI_EXT_SUSP,
>+ KVM_RISCV_SBI_EXT_FWFT,
> KVM_RISCV_SBI_EXT_MAX,
> };
>
>diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
>index 4e0bba91d284..06e2d52a9b88 100644
>--- a/arch/riscv/kvm/Makefile
>+++ b/arch/riscv/kvm/Makefile
>@@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
> kvm-y += vcpu_sbi.o
> kvm-y += vcpu_sbi_base.o
>+kvm-y += vcpu_sbi_fwft.o
> kvm-y += vcpu_sbi_hsm.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
> kvm-y += vcpu_sbi_replace.o
>diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
>index f81f06f82650..3b37deaed4e7 100644
>--- a/arch/riscv/kvm/vcpu_sbi.c
>+++ b/arch/riscv/kvm/vcpu_sbi.c
>@@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = {
> .ext_idx = KVM_RISCV_SBI_EXT_STA,
> .ext_ptr = &vcpu_sbi_ext_sta,
> },
>+ {
>+ .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
>+ .ext_ptr = &vcpu_sbi_ext_fwft,
>+ },
> {
> .ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
> .ext_ptr = &vcpu_sbi_ext_experimental,
>diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c
>new file mode 100644
>index 000000000000..fe608bf16558
>--- /dev/null
>+++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>@@ -0,0 +1,187 @@
>+// SPDX-License-Identifier: GPL-2.0
>+/*
>+ * Copyright (c) 2025 Rivos Inc.
>+ *
>+ * Authors:
>+ * Clément Léger <cleger@rivosinc.com>
>+ */
>+
>+#include <linux/errno.h>
>+#include <linux/err.h>
>+#include <linux/kvm_host.h>
>+#include <asm/cpufeature.h>
>+#include <asm/sbi.h>
>+#include <asm/kvm_vcpu_sbi.h>
>+#include <asm/kvm_vcpu_sbi_fwft.h>
>+
>+static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>+ SBI_FWFT_MISALIGNED_EXC_DELEG,
>+ SBI_FWFT_LANDING_PAD,
>+ SBI_FWFT_SHADOW_STACK,
>+ SBI_FWFT_DOUBLE_TRAP,
>+ SBI_FWFT_PTE_AD_HW_UPDATING,
>+ SBI_FWFT_POINTER_MASKING_PMLEN,
>+};
>+
>+static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
>+{
>+ int i;
>+
>+ for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
>+ if (kvm_fwft_defined_features[i] == feature)
>+ return true;
>+ }
>+
>+ return false;
>+}
>+
>+static const struct kvm_sbi_fwft_feature features[] = {
>+};
>+
>+static struct kvm_sbi_fwft_config *
>+kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum sbi_fwft_feature_t feature)
>+{
>+ int i = 0;
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++) {
>+ if (fwft->configs[i].feature->id == feature)
>+ return &fwft->configs[i];
>+ }
>+
>+ return NULL;
>+}
>+
>+static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, unsigned long feature,
>+ struct kvm_sbi_fwft_config **conf)
>+{
>+ struct kvm_sbi_fwft_config *tconf;
>+
>+ /* Feature are defined as 32 bits identifiers */
>+ if (feature & ~(BIT_ULL(32) - 1))
>+ return SBI_ERR_INVALID_PARAM;
>+
>+ tconf = kvm_sbi_fwft_get_config(vcpu, feature);
>+ if (!tconf) {
>+ if (kvm_fwft_is_defined_feature(feature))
>+ return SBI_ERR_NOT_SUPPORTED;
>+
>+ return SBI_ERR_DENIED;
>+ }
>+
>+ if (!tconf->supported)
>+ return SBI_ERR_NOT_SUPPORTED;
>+
>+ *conf = tconf;
>+
>+ return SBI_SUCCESS;
>+}
>+
>+static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, unsigned long feature,
>+ unsigned long value, unsigned long flags)
>+{
>+ int ret;
>+ struct kvm_sbi_fwft_config *conf;
>+
>+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>+ if (ret)
>+ return ret;
>+
>+ if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
>+ return SBI_ERR_INVALID_PARAM;
>+
>+ if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
>+ return SBI_ERR_DENIED_LOCKED;
>+
>+ conf->flags = flags;
>+
>+ return conf->feature->set(vcpu, conf, value);
>+}
>+
>+static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long feature,
>+ unsigned long *value)
>+{
>+ int ret;
>+ struct kvm_sbi_fwft_config *conf;
>+
>+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>+ if (ret)
>+ return ret;
>+
>+ return conf->feature->get(vcpu, conf, value);
>+}
>+
>+static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct kvm_run *run,
>+ struct kvm_vcpu_sbi_return *retdata)
>+{
>+ int ret = 0;
>+ struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
>+ unsigned long funcid = cp->a6;
>+
>+ switch (funcid) {
>+ case SBI_EXT_FWFT_SET:
>+ ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
>+ break;
>+ case SBI_EXT_FWFT_GET:
>+ ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
>+ break;
>+ default:
>+ ret = SBI_ERR_NOT_SUPPORTED;
>+ break;
>+ }
>+
>+ retdata->err_val = ret;
>+
>+ return 0;
>+}
>+
>+static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
>+{
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+ const struct kvm_sbi_fwft_feature *feature;
>+ struct kvm_sbi_fwft_config *conf;
>+ int i;
>+
>+ fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct kvm_sbi_fwft_config),
>+ GFP_KERNEL);
>+ if (!fwft->configs)
>+ return -ENOMEM;
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++) {
>+ feature = &features[i];
>+ conf = &fwft->configs[i];
>+ if (feature->supported)
>+ conf->supported = feature->supported(vcpu);
>+ else
>+ conf->supported = true;
>+
>+ conf->feature = feature;
>+ }
>+
>+ return 0;
>+}
>+
>+static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
>+{
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ kfree(fwft->configs);
>+}
>+
>+static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
>+{
>+ int i = 0;
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++)
>+ fwft->configs[i].flags = 0;
>+}
>+
>+const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
>+ .extid_start = SBI_EXT_FWFT,
>+ .extid_end = SBI_EXT_FWFT,
>+ .handler = kvm_sbi_ext_fwft_handler,
>+ .init = kvm_sbi_ext_fwft_init,
>+ .deinit = kvm_sbi_ext_fwft_deinit,
>+ .reset = kvm_sbi_ext_fwft_reset,
>+};
>--
>2.47.2
>
>
On 11/02/2025 06:57, Deepak Gupta wrote:
> On Mon, Feb 10, 2025 at 10:35:47PM +0100, Clément Léger wrote:
>> Add basic infrastructure to support the FWFT extension in KVM.
>>
>> Signed-off-by: Clément Léger <cleger@rivosinc.com>
>> ---
>> arch/riscv/include/asm/kvm_host.h | 4 +
>> arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
>> arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 37 ++++
>> arch/riscv/include/uapi/asm/kvm.h | 1 +
>> arch/riscv/kvm/Makefile | 1 +
>> arch/riscv/kvm/vcpu_sbi.c | 4 +
>> arch/riscv/kvm/vcpu_sbi_fwft.c | 187 +++++++++++++++++++++
>> 7 files changed, 235 insertions(+)
>> create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>> create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
>>
>> diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/
>> asm/kvm_host.h
>> index bb93d2995ea2..c0db61ba691a 100644
>> --- a/arch/riscv/include/asm/kvm_host.h
>> +++ b/arch/riscv/include/asm/kvm_host.h
>> @@ -19,6 +19,7 @@
>> #include <asm/kvm_vcpu_fp.h>
>> #include <asm/kvm_vcpu_insn.h>
>> #include <asm/kvm_vcpu_sbi.h>
>> +#include <asm/kvm_vcpu_sbi_fwft.h>
>> #include <asm/kvm_vcpu_timer.h>
>> #include <asm/kvm_vcpu_pmu.h>
>>
>> @@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
>> /* Performance monitoring context */
>> struct kvm_pmu pmu_context;
>>
>> + /* Firmware feature SBI extension context */
>> + struct kvm_sbi_fwft fwft_context;
>> +
>> /* 'static' configurations which are set only once */
>> struct kvm_vcpu_config cfg;
>>
>> diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/
>> include/asm/kvm_vcpu_sbi.h
>> index cb68b3a57c8f..ffd03fed0c06 100644
>> --- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
>> +++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
>> @@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension
>> vcpu_sbi_ext_hsm;
>> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
>> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
>> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
>> +extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
>> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
>> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
>>
>> diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/
>> include/asm/kvm_vcpu_sbi_fwft.h
>> new file mode 100644
>> index 000000000000..5782517f6e08
>> --- /dev/null
>> +++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>> @@ -0,0 +1,37 @@
>> +/* SPDX-License-Identifier: GPL-2.0-only */
>> +/*
>> + * Copyright (c) 2025 Rivos Inc.
>> + *
>> + * Authors:
>> + * Clément Léger <cleger@rivosinc.com>
>> + */
>> +
>> +#ifndef __KVM_VCPU_RISCV_FWFT_H
>> +#define __KVM_VCPU_RISCV_FWFT_H
>> +
>> +#include <asm/sbi.h>
>> +
>> +struct kvm_sbi_fwft_config;
>> +struct kvm_vcpu;
>> +
>
>
> Can we add some comments here for future fwft providers along below lines?
>
> Reason being, patch defaults to `conf->supported = true` if `supported` fn
> pointer in `kvm_sbi_fwft_feature` was NULL. Although `kvm_sbi_fwft_set/get`
> does get/set fn pointers (it would happen even if `supported` fn pointer
> was NULL).
Yes sure, I'll add some kernel doc comments.
Thanks,
Clément
>
>> +struct kvm_sbi_fwft_feature {
>> + enum sbi_fwft_feature_t id;
> /* If function not provided, KVM will default assume to be true */
>> + bool (*supported)(struct kvm_vcpu *vcpu);
> /* Must always provide function pointers for get/set */
>> + int (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config
>> *conf, unsigned long value);
>> + int (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config
>> *conf, unsigned long *value);
>
>
>> +};
>> +
>> +struct kvm_sbi_fwft_config {
>> + const struct kvm_sbi_fwft_feature *feature;
>> + bool supported;
>> + unsigned long flags;
>> +};
>> +
>> +/* FWFT data structure per vcpu */
>> +struct kvm_sbi_fwft {
>> + struct kvm_sbi_fwft_config *configs;
>> +};
>> +
>> +#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
>> +
>> +#endif /* !__KVM_VCPU_RISCV_FWFT_H */
>> diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/
>> uapi/asm/kvm.h
>> index f06bc5efcd79..fa6eee1caf41 100644
>> --- a/arch/riscv/include/uapi/asm/kvm.h
>> +++ b/arch/riscv/include/uapi/asm/kvm.h
>> @@ -202,6 +202,7 @@ enum KVM_RISCV_SBI_EXT_ID {
>> KVM_RISCV_SBI_EXT_DBCN,
>> KVM_RISCV_SBI_EXT_STA,
>> KVM_RISCV_SBI_EXT_SUSP,
>> + KVM_RISCV_SBI_EXT_FWFT,
>> KVM_RISCV_SBI_EXT_MAX,
>> };
>>
>> diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
>> index 4e0bba91d284..06e2d52a9b88 100644
>> --- a/arch/riscv/kvm/Makefile
>> +++ b/arch/riscv/kvm/Makefile
>> @@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
>> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
>> kvm-y += vcpu_sbi.o
>> kvm-y += vcpu_sbi_base.o
>> +kvm-y += vcpu_sbi_fwft.o
>> kvm-y += vcpu_sbi_hsm.o
>> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
>> kvm-y += vcpu_sbi_replace.o
>> diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
>> index f81f06f82650..3b37deaed4e7 100644
>> --- a/arch/riscv/kvm/vcpu_sbi.c
>> +++ b/arch/riscv/kvm/vcpu_sbi.c
>> @@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry
>> sbi_ext[] = {
>> .ext_idx = KVM_RISCV_SBI_EXT_STA,
>> .ext_ptr = &vcpu_sbi_ext_sta,
>> },
>> + {
>> + .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
>> + .ext_ptr = &vcpu_sbi_ext_fwft,
>> + },
>> {
>> .ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
>> .ext_ptr = &vcpu_sbi_ext_experimental,
>> diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/
>> vcpu_sbi_fwft.c
>> new file mode 100644
>> index 000000000000..fe608bf16558
>> --- /dev/null
>> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>> @@ -0,0 +1,187 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright (c) 2025 Rivos Inc.
>> + *
>> + * Authors:
>> + * Clément Léger <cleger@rivosinc.com>
>> + */
>> +
>> +#include <linux/errno.h>
>> +#include <linux/err.h>
>> +#include <linux/kvm_host.h>
>> +#include <asm/cpufeature.h>
>> +#include <asm/sbi.h>
>> +#include <asm/kvm_vcpu_sbi.h>
>> +#include <asm/kvm_vcpu_sbi_fwft.h>
>> +
>> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>> + SBI_FWFT_MISALIGNED_EXC_DELEG,
>> + SBI_FWFT_LANDING_PAD,
>> + SBI_FWFT_SHADOW_STACK,
>> + SBI_FWFT_DOUBLE_TRAP,
>> + SBI_FWFT_PTE_AD_HW_UPDATING,
>> + SBI_FWFT_POINTER_MASKING_PMLEN,
>> +};
>> +
>> +static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
>> +{
>> + int i;
>> +
>> + for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
>> + if (kvm_fwft_defined_features[i] == feature)
>> + return true;
>> + }
>> +
>> + return false;
>> +}
>> +
>> +static const struct kvm_sbi_fwft_feature features[] = {
>> +};
>> +
>> +static struct kvm_sbi_fwft_config *
>> +kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum
>> sbi_fwft_feature_t feature)
>> +{
>> + int i = 0;
>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>> +
>> + for (i = 0; i < ARRAY_SIZE(features); i++) {
>> + if (fwft->configs[i].feature->id == feature)
>> + return &fwft->configs[i];
>> + }
>> +
>> + return NULL;
>> +}
>> +
>> +static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, unsigned long
>> feature,
>> + struct kvm_sbi_fwft_config **conf)
>> +{
>> + struct kvm_sbi_fwft_config *tconf;
>> +
>> + /* Feature are defined as 32 bits identifiers */
>> + if (feature & ~(BIT_ULL(32) - 1))
>> + return SBI_ERR_INVALID_PARAM;
>> +
>> + tconf = kvm_sbi_fwft_get_config(vcpu, feature);
>> + if (!tconf) {
>> + if (kvm_fwft_is_defined_feature(feature))
>> + return SBI_ERR_NOT_SUPPORTED;
>> +
>> + return SBI_ERR_DENIED;
>> + }
>> +
>> + if (!tconf->supported)
>> + return SBI_ERR_NOT_SUPPORTED;
>> +
>> + *conf = tconf;
>> +
>> + return SBI_SUCCESS;
>> +}
>> +
>> +static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, unsigned long
>> feature,
>> + unsigned long value, unsigned long flags)
>> +{
>> + int ret;
>> + struct kvm_sbi_fwft_config *conf;
>> +
>> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>> + if (ret)
>> + return ret;
>> +
>> + if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
>> + return SBI_ERR_INVALID_PARAM;
>> +
>> + if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
>> + return SBI_ERR_DENIED_LOCKED;
>> +
>> + conf->flags = flags;
>> +
>> + return conf->feature->set(vcpu, conf, value);
>> +}
>> +
>> +static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long
>> feature,
>> + unsigned long *value)
>> +{
>> + int ret;
>> + struct kvm_sbi_fwft_config *conf;
>> +
>> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>> + if (ret)
>> + return ret;
>> +
>> + return conf->feature->get(vcpu, conf, value);
>> +}
>> +
>> +static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct
>> kvm_run *run,
>> + struct kvm_vcpu_sbi_return *retdata)
>> +{
>> + int ret = 0;
>> + struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
>> + unsigned long funcid = cp->a6;
>> +
>> + switch (funcid) {
>> + case SBI_EXT_FWFT_SET:
>> + ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
>> + break;
>> + case SBI_EXT_FWFT_GET:
>> + ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
>> + break;
>> + default:
>> + ret = SBI_ERR_NOT_SUPPORTED;
>> + break;
>> + }
>> +
>> + retdata->err_val = ret;
>> +
>> + return 0;
>> +}
>> +
>> +static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
>> +{
>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>> + const struct kvm_sbi_fwft_feature *feature;
>> + struct kvm_sbi_fwft_config *conf;
>> + int i;
>> +
>> + fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct
>> kvm_sbi_fwft_config),
>> + GFP_KERNEL);
>> + if (!fwft->configs)
>> + return -ENOMEM;
>> +
>> + for (i = 0; i < ARRAY_SIZE(features); i++) {
>> + feature = &features[i];
>> + conf = &fwft->configs[i];
>> + if (feature->supported)
>> + conf->supported = feature->supported(vcpu);
>> + else
>> + conf->supported = true;
>> +
>> + conf->feature = feature;
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
>> +{
>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>> +
>> + kfree(fwft->configs);
>> +}
>> +
>> +static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
>> +{
>> + int i = 0;
>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>> +
>> + for (i = 0; i < ARRAY_SIZE(features); i++)
>> + fwft->configs[i].flags = 0;
>> +}
>> +
>> +const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
>> + .extid_start = SBI_EXT_FWFT,
>> + .extid_end = SBI_EXT_FWFT,
>> + .handler = kvm_sbi_ext_fwft_handler,
>> + .init = kvm_sbi_ext_fwft_init,
>> + .deinit = kvm_sbi_ext_fwft_deinit,
>> + .reset = kvm_sbi_ext_fwft_reset,
>> +};
>> --
>> 2.47.2
>>
>>
On Mon, Feb 10, 2025 at 10:35:47PM +0100, Clément Léger wrote:
>Add basic infrastructure to support the FWFT extension in KVM.
>
>Signed-off-by: Clément Léger <cleger@rivosinc.com>
>---
> arch/riscv/include/asm/kvm_host.h | 4 +
> arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
> arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 37 ++++
> arch/riscv/include/uapi/asm/kvm.h | 1 +
> arch/riscv/kvm/Makefile | 1 +
> arch/riscv/kvm/vcpu_sbi.c | 4 +
> arch/riscv/kvm/vcpu_sbi_fwft.c | 187 +++++++++++++++++++++
> 7 files changed, 235 insertions(+)
> create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
> create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
>
>diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
>index bb93d2995ea2..c0db61ba691a 100644
>--- a/arch/riscv/include/asm/kvm_host.h
>+++ b/arch/riscv/include/asm/kvm_host.h
>@@ -19,6 +19,7 @@
> #include <asm/kvm_vcpu_fp.h>
> #include <asm/kvm_vcpu_insn.h>
> #include <asm/kvm_vcpu_sbi.h>
>+#include <asm/kvm_vcpu_sbi_fwft.h>
> #include <asm/kvm_vcpu_timer.h>
> #include <asm/kvm_vcpu_pmu.h>
>
>@@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
> /* Performance monitoring context */
> struct kvm_pmu pmu_context;
>
>+ /* Firmware feature SBI extension context */
>+ struct kvm_sbi_fwft fwft_context;
>+
> /* 'static' configurations which are set only once */
> struct kvm_vcpu_config cfg;
>
>diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h
>index cb68b3a57c8f..ffd03fed0c06 100644
>--- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
>+++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
>@@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_hsm;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
>+extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
>
>diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>new file mode 100644
>index 000000000000..5782517f6e08
>--- /dev/null
>+++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
>@@ -0,0 +1,37 @@
>+/* SPDX-License-Identifier: GPL-2.0-only */
>+/*
>+ * Copyright (c) 2025 Rivos Inc.
>+ *
>+ * Authors:
>+ * Clément Léger <cleger@rivosinc.com>
>+ */
>+
>+#ifndef __KVM_VCPU_RISCV_FWFT_H
>+#define __KVM_VCPU_RISCV_FWFT_H
>+
>+#include <asm/sbi.h>
>+
>+struct kvm_sbi_fwft_config;
>+struct kvm_vcpu;
>+
>+struct kvm_sbi_fwft_feature {
>+ enum sbi_fwft_feature_t id;
>+ bool (*supported)(struct kvm_vcpu *vcpu);
>+ int (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long value);
>+ int (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long *value);
>+};
>+
>+struct kvm_sbi_fwft_config {
>+ const struct kvm_sbi_fwft_feature *feature;
>+ bool supported;
>+ unsigned long flags;
>+};
>+
>+/* FWFT data structure per vcpu */
>+struct kvm_sbi_fwft {
>+ struct kvm_sbi_fwft_config *configs;
>+};
>+
>+#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
>+
>+#endif /* !__KVM_VCPU_RISCV_FWFT_H */
>diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h
>index f06bc5efcd79..fa6eee1caf41 100644
>--- a/arch/riscv/include/uapi/asm/kvm.h
>+++ b/arch/riscv/include/uapi/asm/kvm.h
>@@ -202,6 +202,7 @@ enum KVM_RISCV_SBI_EXT_ID {
> KVM_RISCV_SBI_EXT_DBCN,
> KVM_RISCV_SBI_EXT_STA,
> KVM_RISCV_SBI_EXT_SUSP,
>+ KVM_RISCV_SBI_EXT_FWFT,
> KVM_RISCV_SBI_EXT_MAX,
> };
>
>diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
>index 4e0bba91d284..06e2d52a9b88 100644
>--- a/arch/riscv/kvm/Makefile
>+++ b/arch/riscv/kvm/Makefile
>@@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
> kvm-y += vcpu_sbi.o
> kvm-y += vcpu_sbi_base.o
>+kvm-y += vcpu_sbi_fwft.o
> kvm-y += vcpu_sbi_hsm.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
> kvm-y += vcpu_sbi_replace.o
>diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
>index f81f06f82650..3b37deaed4e7 100644
>--- a/arch/riscv/kvm/vcpu_sbi.c
>+++ b/arch/riscv/kvm/vcpu_sbi.c
>@@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = {
> .ext_idx = KVM_RISCV_SBI_EXT_STA,
> .ext_ptr = &vcpu_sbi_ext_sta,
> },
>+ {
>+ .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
>+ .ext_ptr = &vcpu_sbi_ext_fwft,
>+ },
> {
> .ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
> .ext_ptr = &vcpu_sbi_ext_experimental,
>diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c
>new file mode 100644
>index 000000000000..fe608bf16558
>--- /dev/null
>+++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>@@ -0,0 +1,187 @@
>+// SPDX-License-Identifier: GPL-2.0
>+/*
>+ * Copyright (c) 2025 Rivos Inc.
>+ *
>+ * Authors:
>+ * Clément Léger <cleger@rivosinc.com>
>+ */
>+
>+#include <linux/errno.h>
>+#include <linux/err.h>
>+#include <linux/kvm_host.h>
>+#include <asm/cpufeature.h>
>+#include <asm/sbi.h>
>+#include <asm/kvm_vcpu_sbi.h>
>+#include <asm/kvm_vcpu_sbi_fwft.h>
>+
>+static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>+ SBI_FWFT_MISALIGNED_EXC_DELEG,
>+ SBI_FWFT_LANDING_PAD,
>+ SBI_FWFT_SHADOW_STACK,
>+ SBI_FWFT_DOUBLE_TRAP,
>+ SBI_FWFT_PTE_AD_HW_UPDATING,
>+ SBI_FWFT_POINTER_MASKING_PMLEN,
>+};
>+
>+static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
>+{
>+ int i;
>+
>+ for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
>+ if (kvm_fwft_defined_features[i] == feature)
>+ return true;
>+ }
>+
>+ return false;
>+}
>+
>+static const struct kvm_sbi_fwft_feature features[] = {
>+};
>+
>+static struct kvm_sbi_fwft_config *
>+kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum sbi_fwft_feature_t feature)
>+{
>+ int i = 0;
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++) {
>+ if (fwft->configs[i].feature->id == feature)
>+ return &fwft->configs[i];
>+ }
>+
>+ return NULL;
>+}
>+
>+static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, unsigned long feature,
>+ struct kvm_sbi_fwft_config **conf)
>+{
>+ struct kvm_sbi_fwft_config *tconf;
>+
>+ /* Feature are defined as 32 bits identifiers */
>+ if (feature & ~(BIT_ULL(32) - 1))
>+ return SBI_ERR_INVALID_PARAM;
>+
>+ tconf = kvm_sbi_fwft_get_config(vcpu, feature);
>+ if (!tconf) {
>+ if (kvm_fwft_is_defined_feature(feature))
>+ return SBI_ERR_NOT_SUPPORTED;
>+
>+ return SBI_ERR_DENIED;
>+ }
>+
>+ if (!tconf->supported)
>+ return SBI_ERR_NOT_SUPPORTED;
>+
>+ *conf = tconf;
>+
>+ return SBI_SUCCESS;
>+}
>+
>+static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, unsigned long feature,
>+ unsigned long value, unsigned long flags)
>+{
>+ int ret;
>+ struct kvm_sbi_fwft_config *conf;
>+
>+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>+ if (ret)
>+ return ret;
>+
>+ if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
>+ return SBI_ERR_INVALID_PARAM;
>+
>+ if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
>+ return SBI_ERR_DENIED_LOCKED;
>+
>+ conf->flags = flags;
>+
>+ return conf->feature->set(vcpu, conf, value);
>+}
>+
>+static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long feature,
>+ unsigned long *value)
>+{
>+ int ret;
>+ struct kvm_sbi_fwft_config *conf;
>+
>+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>+ if (ret)
>+ return ret;
>+
>+ return conf->feature->get(vcpu, conf, value);
>+}
>+
>+static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct kvm_run *run,
>+ struct kvm_vcpu_sbi_return *retdata)
>+{
>+ int ret = 0;
>+ struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
>+ unsigned long funcid = cp->a6;
>+
>+ switch (funcid) {
>+ case SBI_EXT_FWFT_SET:
>+ ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
>+ break;
>+ case SBI_EXT_FWFT_GET:
>+ ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
>+ break;
>+ default:
>+ ret = SBI_ERR_NOT_SUPPORTED;
>+ break;
>+ }
>+
>+ retdata->err_val = ret;
>+
>+ return 0;
>+}
>+
>+static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
>+{
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+ const struct kvm_sbi_fwft_feature *feature;
>+ struct kvm_sbi_fwft_config *conf;
>+ int i;
>+
>+ fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct kvm_sbi_fwft_config),
>+ GFP_KERNEL);
nit:
I understand that in next patch you grow the static array`features`. But in this patch
`ARRAY_SIZE(features)` evaluates to 0, thus kcalloc will be returning a pointer
to some slab block (IIRC, kcalloc will not return NULL if size eventually evals to 0)
This probably won't result in some bad stuff. But still there is a pointer in
fwft->configs which is pointing to some random stuff if `features` turns out to be
empty.
Let me know if I got that right or missing something.
>+ if (!fwft->configs)
>+ return -ENOMEM;
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++) {
>+ feature = &features[i];
>+ conf = &fwft->configs[i];
>+ if (feature->supported)
>+ conf->supported = feature->supported(vcpu);
>+ else
>+ conf->supported = true;
>+
>+ conf->feature = feature;
>+ }
>+
>+ return 0;
>+}
>+
>+static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
>+{
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ kfree(fwft->configs);
>+}
>+
>+static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
>+{
>+ int i = 0;
>+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>+
>+ for (i = 0; i < ARRAY_SIZE(features); i++)
>+ fwft->configs[i].flags = 0;
>+}
>+
>+const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
>+ .extid_start = SBI_EXT_FWFT,
>+ .extid_end = SBI_EXT_FWFT,
>+ .handler = kvm_sbi_ext_fwft_handler,
>+ .init = kvm_sbi_ext_fwft_init,
>+ .deinit = kvm_sbi_ext_fwft_deinit,
>+ .reset = kvm_sbi_ext_fwft_reset,
>+};
>--
>2.47.2
>
>
On 11/02/2025 06:43, Deepak Gupta wrote:
>> +static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long
>> feature,
>> + unsigned long *value)
>> +{
>> + int ret;
>> + struct kvm_sbi_fwft_config *conf;
>> +
>> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>> + if (ret)
>> + return ret;
>> +
>> + return conf->feature->get(vcpu, conf, value);
>> +}
>> +
>> +static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct
>> kvm_run *run,
>> + struct kvm_vcpu_sbi_return *retdata)
>> +{
>> + int ret = 0;
>> + struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
>> + unsigned long funcid = cp->a6;
>> +
>> + switch (funcid) {
>> + case SBI_EXT_FWFT_SET:
>> + ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
>> + break;
>> + case SBI_EXT_FWFT_GET:
>> + ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
>> + break;
>> + default:
>> + ret = SBI_ERR_NOT_SUPPORTED;
>> + break;
>> + }
>> +
>> + retdata->err_val = ret;
>> +
>> + return 0;
>> +}
>> +
>> +static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
>> +{
>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>> + const struct kvm_sbi_fwft_feature *feature;
>> + struct kvm_sbi_fwft_config *conf;
>> + int i;
>> +
>> + fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct
>> kvm_sbi_fwft_config),
>> + GFP_KERNEL);
> nit:
>
> I understand that in next patch you grow the static array`features`. But
> in this patch
> `ARRAY_SIZE(features)` evaluates to 0, thus kcalloc will be returning a
> pointer
> to some slab block (IIRC, kcalloc will not return NULL if size
> eventually evals to 0)
>
> This probably won't result in some bad stuff. But still there is a
> pointer in
> fwft->configs which is pointing to some random stuff if `features` turns
> out to be
> empty.
>
> Let me know if I got that right or missing something.
So I actually searched into the kmalloc code to see what hapopens with a
zero size allocation and it actually return ZERO_SIZE_PTR:
/*
* ZERO_SIZE_PTR will be returned for zero sized kmalloc requests.
*
* Dereferencing ZERO_SIZE_PTR will lead to a distinct access fault.
*
* ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL
can.
* Both make kfree a no-op.
*/
Which seems like it's not really random and will fault if accessed. I
think that's enough for that commit (which will be bisectable if needed
then).
Clément
On Tue, Feb 11, 2025 at 11:31:28AM +0100, Clément Léger wrote:
>
>
>On 11/02/2025 06:43, Deepak Gupta wrote:
>>> +static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long
>>> feature,
>>> + unsigned long *value)
>>> +{
>>> + int ret;
>>> + struct kvm_sbi_fwft_config *conf;
>>> +
>>> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
>>> + if (ret)
>>> + return ret;
>>> +
>>> + return conf->feature->get(vcpu, conf, value);
>>> +}
>>> +
>>> +static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct
>>> kvm_run *run,
>>> + struct kvm_vcpu_sbi_return *retdata)
>>> +{
>>> + int ret = 0;
>>> + struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
>>> + unsigned long funcid = cp->a6;
>>> +
>>> + switch (funcid) {
>>> + case SBI_EXT_FWFT_SET:
>>> + ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
>>> + break;
>>> + case SBI_EXT_FWFT_GET:
>>> + ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
>>> + break;
>>> + default:
>>> + ret = SBI_ERR_NOT_SUPPORTED;
>>> + break;
>>> + }
>>> +
>>> + retdata->err_val = ret;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
>>> +{
>>> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
>>> + const struct kvm_sbi_fwft_feature *feature;
>>> + struct kvm_sbi_fwft_config *conf;
>>> + int i;
>>> +
>>> + fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct
>>> kvm_sbi_fwft_config),
>>> + GFP_KERNEL);
>> nit:
>>
>> I understand that in next patch you grow the static array`features`. But
>> in this patch
>> `ARRAY_SIZE(features)` evaluates to 0, thus kcalloc will be returning a
>> pointer
>> to some slab block (IIRC, kcalloc will not return NULL if size
>> eventually evals to 0)
>>
>> This probably won't result in some bad stuff. But still there is a
>> pointer in
>> fwft->configs which is pointing to some random stuff if `features` turns
>> out to be
>> empty.
>>
>> Let me know if I got that right or missing something.
>
>So I actually searched into the kmalloc code to see what hapopens with a
>zero size allocation and it actually return ZERO_SIZE_PTR:
>
>/*
> * ZERO_SIZE_PTR will be returned for zero sized kmalloc requests.
> *
> * Dereferencing ZERO_SIZE_PTR will lead to a distinct access fault.
> *
> * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL
>can.
> * Both make kfree a no-op.
> */
>
>Which seems like it's not really random and will fault if accessed. I
>think that's enough for that commit (which will be bisectable if needed
>then).
>
Awesome. Thanks for looking into it.
>Clément
© 2016 - 2026 Red Hat, Inc.