Add basic infrastructure to support the FWFT extension in KVM.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
---
arch/riscv/include/asm/kvm_host.h | 4 +
arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 29 +++
arch/riscv/include/uapi/asm/kvm.h | 1 +
arch/riscv/kvm/Makefile | 1 +
arch/riscv/kvm/vcpu_sbi.c | 4 +
arch/riscv/kvm/vcpu_sbi_fwft.c | 216 +++++++++++++++++++++
7 files changed, 256 insertions(+)
create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
index 4fa02e082142..c3f880763b9a 100644
--- a/arch/riscv/include/asm/kvm_host.h
+++ b/arch/riscv/include/asm/kvm_host.h
@@ -19,6 +19,7 @@
#include <asm/kvm_vcpu_fp.h>
#include <asm/kvm_vcpu_insn.h>
#include <asm/kvm_vcpu_sbi.h>
+#include <asm/kvm_vcpu_sbi_fwft.h>
#include <asm/kvm_vcpu_timer.h>
#include <asm/kvm_vcpu_pmu.h>
@@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
/* Performance monitoring context */
struct kvm_pmu pmu_context;
+ /* Firmware feature SBI extension context */
+ struct kvm_sbi_fwft fwft_context;
+
/* 'static' configurations which are set only once */
struct kvm_vcpu_config cfg;
diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h
index cb68b3a57c8f..ffd03fed0c06 100644
--- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
+++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
@@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_hsm;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
+extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
new file mode 100644
index 000000000000..9ba841355758
--- /dev/null
+++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2025 Rivos Inc.
+ *
+ * Authors:
+ * Clément Léger <cleger@rivosinc.com>
+ */
+
+#ifndef __KVM_VCPU_RISCV_FWFT_H
+#define __KVM_VCPU_RISCV_FWFT_H
+
+#include <asm/sbi.h>
+
+struct kvm_sbi_fwft_feature;
+
+struct kvm_sbi_fwft_config {
+ const struct kvm_sbi_fwft_feature *feature;
+ bool supported;
+ unsigned long flags;
+};
+
+/* FWFT data structure per vcpu */
+struct kvm_sbi_fwft {
+ struct kvm_sbi_fwft_config *configs;
+};
+
+#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
+
+#endif /* !__KVM_VCPU_RISCV_FWFT_H */
diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h
index 5f59fd226cc5..5ba77a3d9f6e 100644
--- a/arch/riscv/include/uapi/asm/kvm.h
+++ b/arch/riscv/include/uapi/asm/kvm.h
@@ -204,6 +204,7 @@ enum KVM_RISCV_SBI_EXT_ID {
KVM_RISCV_SBI_EXT_DBCN,
KVM_RISCV_SBI_EXT_STA,
KVM_RISCV_SBI_EXT_SUSP,
+ KVM_RISCV_SBI_EXT_FWFT,
KVM_RISCV_SBI_EXT_MAX,
};
diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
index 4e0bba91d284..06e2d52a9b88 100644
--- a/arch/riscv/kvm/Makefile
+++ b/arch/riscv/kvm/Makefile
@@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
kvm-y += vcpu_sbi.o
kvm-y += vcpu_sbi_base.o
+kvm-y += vcpu_sbi_fwft.o
kvm-y += vcpu_sbi_hsm.o
kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
kvm-y += vcpu_sbi_replace.o
diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
index 50be079b5528..0748810c0252 100644
--- a/arch/riscv/kvm/vcpu_sbi.c
+++ b/arch/riscv/kvm/vcpu_sbi.c
@@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = {
.ext_idx = KVM_RISCV_SBI_EXT_STA,
.ext_ptr = &vcpu_sbi_ext_sta,
},
+ {
+ .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
+ .ext_ptr = &vcpu_sbi_ext_fwft,
+ },
{
.ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
.ext_ptr = &vcpu_sbi_ext_experimental,
diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c
new file mode 100644
index 000000000000..b0f66c7bf010
--- /dev/null
+++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
@@ -0,0 +1,216 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2025 Rivos Inc.
+ *
+ * Authors:
+ * Clément Léger <cleger@rivosinc.com>
+ */
+
+#include <linux/errno.h>
+#include <linux/err.h>
+#include <linux/kvm_host.h>
+#include <asm/cpufeature.h>
+#include <asm/sbi.h>
+#include <asm/kvm_vcpu_sbi.h>
+#include <asm/kvm_vcpu_sbi_fwft.h>
+
+struct kvm_sbi_fwft_feature {
+ /**
+ * @id: Feature ID
+ */
+ enum sbi_fwft_feature_t id;
+
+ /**
+ * @supported: Check if the feature is supported on the vcpu
+ *
+ * This callback is optional, if not provided the feature is assumed to
+ * be supported
+ */
+ bool (*supported)(struct kvm_vcpu *vcpu);
+
+ /**
+ * @set: Set the feature value
+ *
+ * Return SBI_SUCCESS on success or an SBI error (SBI_ERR_*)
+ *
+ * This callback is mandatory
+ */
+ long (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long value);
+
+ /**
+ * @get: Get the feature current value
+ *
+ * Return SBI_SUCCESS on success or an SBI error (SBI_ERR_*)
+ *
+ * This callback is mandatory
+ */
+ long (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long *value);
+};
+
+static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
+ SBI_FWFT_MISALIGNED_EXC_DELEG,
+ SBI_FWFT_LANDING_PAD,
+ SBI_FWFT_SHADOW_STACK,
+ SBI_FWFT_DOUBLE_TRAP,
+ SBI_FWFT_PTE_AD_HW_UPDATING,
+ SBI_FWFT_POINTER_MASKING_PMLEN,
+};
+
+static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
+ if (kvm_fwft_defined_features[i] == feature)
+ return true;
+ }
+
+ return false;
+}
+
+static const struct kvm_sbi_fwft_feature features[] = {
+};
+
+static struct kvm_sbi_fwft_config *
+kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum sbi_fwft_feature_t feature)
+{
+ int i;
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ for (i = 0; i < ARRAY_SIZE(features); i++) {
+ if (fwft->configs[i].feature->id == feature)
+ return &fwft->configs[i];
+ }
+
+ return NULL;
+}
+
+static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, u32 feature,
+ struct kvm_sbi_fwft_config **conf)
+{
+ struct kvm_sbi_fwft_config *tconf;
+
+ tconf = kvm_sbi_fwft_get_config(vcpu, feature);
+ if (!tconf) {
+ if (kvm_fwft_is_defined_feature(feature))
+ return SBI_ERR_NOT_SUPPORTED;
+
+ return SBI_ERR_DENIED;
+ }
+
+ if (!tconf->supported)
+ return SBI_ERR_NOT_SUPPORTED;
+
+ *conf = tconf;
+
+ return SBI_SUCCESS;
+}
+
+static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, u32 feature,
+ unsigned long value, unsigned long flags)
+{
+ int ret;
+ struct kvm_sbi_fwft_config *conf;
+
+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
+ if (ret)
+ return ret;
+
+ if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
+ return SBI_ERR_INVALID_PARAM;
+
+ if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
+ return SBI_ERR_DENIED_LOCKED;
+
+ conf->flags = flags;
+
+ return conf->feature->set(vcpu, conf, value);
+}
+
+static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long feature,
+ unsigned long *value)
+{
+ int ret;
+ struct kvm_sbi_fwft_config *conf;
+
+ ret = kvm_fwft_get_feature(vcpu, feature, &conf);
+ if (ret)
+ return ret;
+
+ return conf->feature->get(vcpu, conf, value);
+}
+
+static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct kvm_run *run,
+ struct kvm_vcpu_sbi_return *retdata)
+{
+ int ret;
+ struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
+ unsigned long funcid = cp->a6;
+
+ switch (funcid) {
+ case SBI_EXT_FWFT_SET:
+ ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
+ break;
+ case SBI_EXT_FWFT_GET:
+ ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
+ break;
+ default:
+ ret = SBI_ERR_NOT_SUPPORTED;
+ break;
+ }
+
+ retdata->err_val = ret;
+
+ return 0;
+}
+
+static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
+{
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+ const struct kvm_sbi_fwft_feature *feature;
+ struct kvm_sbi_fwft_config *conf;
+ int i;
+
+ fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct kvm_sbi_fwft_config),
+ GFP_KERNEL);
+ if (!fwft->configs)
+ return -ENOMEM;
+
+ for (i = 0; i < ARRAY_SIZE(features); i++) {
+ feature = &features[i];
+ conf = &fwft->configs[i];
+ if (feature->supported)
+ conf->supported = feature->supported(vcpu);
+ else
+ conf->supported = true;
+
+ conf->feature = feature;
+ }
+
+ return 0;
+}
+
+static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
+{
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ kfree(fwft->configs);
+}
+
+static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
+{
+ int i;
+ struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
+
+ for (i = 0; i < ARRAY_SIZE(features); i++)
+ fwft->configs[i].flags = 0;
+}
+
+const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
+ .extid_start = SBI_EXT_FWFT,
+ .extid_end = SBI_EXT_FWFT,
+ .handler = kvm_sbi_ext_fwft_handler,
+ .init = kvm_sbi_ext_fwft_init,
+ .deinit = kvm_sbi_ext_fwft_deinit,
+ .reset = kvm_sbi_ext_fwft_reset,
+};
--
2.49.0
On Fri, May 23, 2025 at 3:52 PM Clément Léger <cleger@rivosinc.com> wrote:
>
> Add basic infrastructure to support the FWFT extension in KVM.
>
> Signed-off-by: Clément Léger <cleger@rivosinc.com>
> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
> Reviewed-by: Atish Patra <atishp@rivosinc.com>
Queued this patch for Linux-6.17
Thanks,
Anup
> ---
> arch/riscv/include/asm/kvm_host.h | 4 +
> arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
> arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 29 +++
> arch/riscv/include/uapi/asm/kvm.h | 1 +
> arch/riscv/kvm/Makefile | 1 +
> arch/riscv/kvm/vcpu_sbi.c | 4 +
> arch/riscv/kvm/vcpu_sbi_fwft.c | 216 +++++++++++++++++++++
> 7 files changed, 256 insertions(+)
> create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
> create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c
>
> diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
> index 4fa02e082142..c3f880763b9a 100644
> --- a/arch/riscv/include/asm/kvm_host.h
> +++ b/arch/riscv/include/asm/kvm_host.h
> @@ -19,6 +19,7 @@
> #include <asm/kvm_vcpu_fp.h>
> #include <asm/kvm_vcpu_insn.h>
> #include <asm/kvm_vcpu_sbi.h>
> +#include <asm/kvm_vcpu_sbi_fwft.h>
> #include <asm/kvm_vcpu_timer.h>
> #include <asm/kvm_vcpu_pmu.h>
>
> @@ -281,6 +282,9 @@ struct kvm_vcpu_arch {
> /* Performance monitoring context */
> struct kvm_pmu pmu_context;
>
> + /* Firmware feature SBI extension context */
> + struct kvm_sbi_fwft fwft_context;
> +
> /* 'static' configurations which are set only once */
> struct kvm_vcpu_config cfg;
>
> diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h
> index cb68b3a57c8f..ffd03fed0c06 100644
> --- a/arch/riscv/include/asm/kvm_vcpu_sbi.h
> +++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h
> @@ -98,6 +98,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_hsm;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_susp;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta;
> +extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental;
> extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor;
>
> diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
> new file mode 100644
> index 000000000000..9ba841355758
> --- /dev/null
> +++ b/arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h
> @@ -0,0 +1,29 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Copyright (c) 2025 Rivos Inc.
> + *
> + * Authors:
> + * Clément Léger <cleger@rivosinc.com>
> + */
> +
> +#ifndef __KVM_VCPU_RISCV_FWFT_H
> +#define __KVM_VCPU_RISCV_FWFT_H
> +
> +#include <asm/sbi.h>
> +
> +struct kvm_sbi_fwft_feature;
> +
> +struct kvm_sbi_fwft_config {
> + const struct kvm_sbi_fwft_feature *feature;
> + bool supported;
> + unsigned long flags;
> +};
> +
> +/* FWFT data structure per vcpu */
> +struct kvm_sbi_fwft {
> + struct kvm_sbi_fwft_config *configs;
> +};
> +
> +#define vcpu_to_fwft(vcpu) (&(vcpu)->arch.fwft_context)
> +
> +#endif /* !__KVM_VCPU_RISCV_FWFT_H */
> diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h
> index 5f59fd226cc5..5ba77a3d9f6e 100644
> --- a/arch/riscv/include/uapi/asm/kvm.h
> +++ b/arch/riscv/include/uapi/asm/kvm.h
> @@ -204,6 +204,7 @@ enum KVM_RISCV_SBI_EXT_ID {
> KVM_RISCV_SBI_EXT_DBCN,
> KVM_RISCV_SBI_EXT_STA,
> KVM_RISCV_SBI_EXT_SUSP,
> + KVM_RISCV_SBI_EXT_FWFT,
> KVM_RISCV_SBI_EXT_MAX,
> };
>
> diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile
> index 4e0bba91d284..06e2d52a9b88 100644
> --- a/arch/riscv/kvm/Makefile
> +++ b/arch/riscv/kvm/Makefile
> @@ -26,6 +26,7 @@ kvm-y += vcpu_onereg.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o
> kvm-y += vcpu_sbi.o
> kvm-y += vcpu_sbi_base.o
> +kvm-y += vcpu_sbi_fwft.o
> kvm-y += vcpu_sbi_hsm.o
> kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_sbi_pmu.o
> kvm-y += vcpu_sbi_replace.o
> diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
> index 50be079b5528..0748810c0252 100644
> --- a/arch/riscv/kvm/vcpu_sbi.c
> +++ b/arch/riscv/kvm/vcpu_sbi.c
> @@ -78,6 +78,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = {
> .ext_idx = KVM_RISCV_SBI_EXT_STA,
> .ext_ptr = &vcpu_sbi_ext_sta,
> },
> + {
> + .ext_idx = KVM_RISCV_SBI_EXT_FWFT,
> + .ext_ptr = &vcpu_sbi_ext_fwft,
> + },
> {
> .ext_idx = KVM_RISCV_SBI_EXT_EXPERIMENTAL,
> .ext_ptr = &vcpu_sbi_ext_experimental,
> diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c
> new file mode 100644
> index 000000000000..b0f66c7bf010
> --- /dev/null
> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
> @@ -0,0 +1,216 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2025 Rivos Inc.
> + *
> + * Authors:
> + * Clément Léger <cleger@rivosinc.com>
> + */
> +
> +#include <linux/errno.h>
> +#include <linux/err.h>
> +#include <linux/kvm_host.h>
> +#include <asm/cpufeature.h>
> +#include <asm/sbi.h>
> +#include <asm/kvm_vcpu_sbi.h>
> +#include <asm/kvm_vcpu_sbi_fwft.h>
> +
> +struct kvm_sbi_fwft_feature {
> + /**
> + * @id: Feature ID
> + */
> + enum sbi_fwft_feature_t id;
> +
> + /**
> + * @supported: Check if the feature is supported on the vcpu
> + *
> + * This callback is optional, if not provided the feature is assumed to
> + * be supported
> + */
> + bool (*supported)(struct kvm_vcpu *vcpu);
> +
> + /**
> + * @set: Set the feature value
> + *
> + * Return SBI_SUCCESS on success or an SBI error (SBI_ERR_*)
> + *
> + * This callback is mandatory
> + */
> + long (*set)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long value);
> +
> + /**
> + * @get: Get the feature current value
> + *
> + * Return SBI_SUCCESS on success or an SBI error (SBI_ERR_*)
> + *
> + * This callback is mandatory
> + */
> + long (*get)(struct kvm_vcpu *vcpu, struct kvm_sbi_fwft_config *conf, unsigned long *value);
> +};
> +
> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
> + SBI_FWFT_MISALIGNED_EXC_DELEG,
> + SBI_FWFT_LANDING_PAD,
> + SBI_FWFT_SHADOW_STACK,
> + SBI_FWFT_DOUBLE_TRAP,
> + SBI_FWFT_PTE_AD_HW_UPDATING,
> + SBI_FWFT_POINTER_MASKING_PMLEN,
> +};
> +
> +static bool kvm_fwft_is_defined_feature(enum sbi_fwft_feature_t feature)
> +{
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(kvm_fwft_defined_features); i++) {
> + if (kvm_fwft_defined_features[i] == feature)
> + return true;
> + }
> +
> + return false;
> +}
> +
> +static const struct kvm_sbi_fwft_feature features[] = {
> +};
> +
> +static struct kvm_sbi_fwft_config *
> +kvm_sbi_fwft_get_config(struct kvm_vcpu *vcpu, enum sbi_fwft_feature_t feature)
> +{
> + int i;
> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
> +
> + for (i = 0; i < ARRAY_SIZE(features); i++) {
> + if (fwft->configs[i].feature->id == feature)
> + return &fwft->configs[i];
> + }
> +
> + return NULL;
> +}
> +
> +static int kvm_fwft_get_feature(struct kvm_vcpu *vcpu, u32 feature,
> + struct kvm_sbi_fwft_config **conf)
> +{
> + struct kvm_sbi_fwft_config *tconf;
> +
> + tconf = kvm_sbi_fwft_get_config(vcpu, feature);
> + if (!tconf) {
> + if (kvm_fwft_is_defined_feature(feature))
> + return SBI_ERR_NOT_SUPPORTED;
> +
> + return SBI_ERR_DENIED;
> + }
> +
> + if (!tconf->supported)
> + return SBI_ERR_NOT_SUPPORTED;
> +
> + *conf = tconf;
> +
> + return SBI_SUCCESS;
> +}
> +
> +static int kvm_sbi_fwft_set(struct kvm_vcpu *vcpu, u32 feature,
> + unsigned long value, unsigned long flags)
> +{
> + int ret;
> + struct kvm_sbi_fwft_config *conf;
> +
> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
> + if (ret)
> + return ret;
> +
> + if ((flags & ~SBI_FWFT_SET_FLAG_LOCK) != 0)
> + return SBI_ERR_INVALID_PARAM;
> +
> + if (conf->flags & SBI_FWFT_SET_FLAG_LOCK)
> + return SBI_ERR_DENIED_LOCKED;
> +
> + conf->flags = flags;
> +
> + return conf->feature->set(vcpu, conf, value);
> +}
> +
> +static int kvm_sbi_fwft_get(struct kvm_vcpu *vcpu, unsigned long feature,
> + unsigned long *value)
> +{
> + int ret;
> + struct kvm_sbi_fwft_config *conf;
> +
> + ret = kvm_fwft_get_feature(vcpu, feature, &conf);
> + if (ret)
> + return ret;
> +
> + return conf->feature->get(vcpu, conf, value);
> +}
> +
> +static int kvm_sbi_ext_fwft_handler(struct kvm_vcpu *vcpu, struct kvm_run *run,
> + struct kvm_vcpu_sbi_return *retdata)
> +{
> + int ret;
> + struct kvm_cpu_context *cp = &vcpu->arch.guest_context;
> + unsigned long funcid = cp->a6;
> +
> + switch (funcid) {
> + case SBI_EXT_FWFT_SET:
> + ret = kvm_sbi_fwft_set(vcpu, cp->a0, cp->a1, cp->a2);
> + break;
> + case SBI_EXT_FWFT_GET:
> + ret = kvm_sbi_fwft_get(vcpu, cp->a0, &retdata->out_val);
> + break;
> + default:
> + ret = SBI_ERR_NOT_SUPPORTED;
> + break;
> + }
> +
> + retdata->err_val = ret;
> +
> + return 0;
> +}
> +
> +static int kvm_sbi_ext_fwft_init(struct kvm_vcpu *vcpu)
> +{
> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
> + const struct kvm_sbi_fwft_feature *feature;
> + struct kvm_sbi_fwft_config *conf;
> + int i;
> +
> + fwft->configs = kcalloc(ARRAY_SIZE(features), sizeof(struct kvm_sbi_fwft_config),
> + GFP_KERNEL);
> + if (!fwft->configs)
> + return -ENOMEM;
> +
> + for (i = 0; i < ARRAY_SIZE(features); i++) {
> + feature = &features[i];
> + conf = &fwft->configs[i];
> + if (feature->supported)
> + conf->supported = feature->supported(vcpu);
> + else
> + conf->supported = true;
> +
> + conf->feature = feature;
> + }
> +
> + return 0;
> +}
> +
> +static void kvm_sbi_ext_fwft_deinit(struct kvm_vcpu *vcpu)
> +{
> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
> +
> + kfree(fwft->configs);
> +}
> +
> +static void kvm_sbi_ext_fwft_reset(struct kvm_vcpu *vcpu)
> +{
> + int i;
> + struct kvm_sbi_fwft *fwft = vcpu_to_fwft(vcpu);
> +
> + for (i = 0; i < ARRAY_SIZE(features); i++)
> + fwft->configs[i].flags = 0;
> +}
> +
> +const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_fwft = {
> + .extid_start = SBI_EXT_FWFT,
> + .extid_end = SBI_EXT_FWFT,
> + .handler = kvm_sbi_ext_fwft_handler,
> + .init = kvm_sbi_ext_fwft_init,
> + .deinit = kvm_sbi_ext_fwft_deinit,
> + .reset = kvm_sbi_ext_fwft_reset,
> +};
> --
> 2.49.0
>
2025-05-23T12:19:30+02:00, Clément Léger <cleger@rivosinc.com>:
> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
> + SBI_FWFT_MISALIGNED_EXC_DELEG,
> + SBI_FWFT_LANDING_PAD,
> + SBI_FWFT_SHADOW_STACK,
> + SBI_FWFT_DOUBLE_TRAP,
> + SBI_FWFT_PTE_AD_HW_UPDATING,
> + SBI_FWFT_POINTER_MASKING_PMLEN,
> +};
How will userspace control which subset of these features is allowed in
the guest?
(We can reuse the KVM SBI extension interface if we don't want to add a
FWFT specific ONE_REG.)
Thanks.
On 23/05/2025 15:05, Radim Krčmář wrote:
> 2025-05-23T12:19:30+02:00, Clément Léger <cleger@rivosinc.com>:
>> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>> + SBI_FWFT_MISALIGNED_EXC_DELEG,
>> + SBI_FWFT_LANDING_PAD,
>> + SBI_FWFT_SHADOW_STACK,
>> + SBI_FWFT_DOUBLE_TRAP,
>> + SBI_FWFT_PTE_AD_HW_UPDATING,
>> + SBI_FWFT_POINTER_MASKING_PMLEN,
>> +};
>
> How will userspace control which subset of these features is allowed in
> the guest?
>
> (We can reuse the KVM SBI extension interface if we don't want to add a
> FWFT specific ONE_REG.)
Hi Radim,
I didn't looked at that part. But most likely using the kvm one reg
interface seems ok like what is done for STA ? We could have per feature
override with one reg per feature.
Is this something blocking though ? We'd like to merge FWFT once SBI 3.0
is ratified so that would be nice not delaying it too much. I'll take a
look at it to see if it isn't too long to implement.
Thanks,
Clément
>
> Thanks.
2025-05-23T17:29:49+02:00, Clément Léger <cleger@rivosinc.com>:
> On 23/05/2025 15:05, Radim Krčmář wrote:
>> 2025-05-23T12:19:30+02:00, Clément Léger <cleger@rivosinc.com>:
>>> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>>> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>>> + SBI_FWFT_MISALIGNED_EXC_DELEG,
>>> + SBI_FWFT_LANDING_PAD,
>>> + SBI_FWFT_SHADOW_STACK,
>>> + SBI_FWFT_DOUBLE_TRAP,
>>> + SBI_FWFT_PTE_AD_HW_UPDATING,
>>> + SBI_FWFT_POINTER_MASKING_PMLEN,
>>> +};
>>
>> How will userspace control which subset of these features is allowed in
>> the guest?
>>
>> (We can reuse the KVM SBI extension interface if we don't want to add a
>> FWFT specific ONE_REG.)
>
> Hi Radim,
>
> I didn't looked at that part. But most likely using the kvm one reg
> interface seems ok like what is done for STA ? We could have per feature
> override with one reg per feature.
Sounds fine.
> Is this something blocking though ? We'd like to merge FWFT once SBI 3.0
> is ratified so that would be nice not delaying it too much. I'll take a
> look at it to see if it isn't too long to implement.
Not blocking, but I would at least default FWFT to disabled, because
current userspace cannot handle [14/14]. (Well... save/restore was
probably broken even before, but let's try to not make it worse. :])
Thanks.
On 5/23/25 9:27 AM, Radim KrÄmáŠwrote:
> 2025-05-23T17:29:49+02:00, Clément Léger <cleger@rivosinc.com>:
>> On 23/05/2025 15:05, Radim Krčmář wrote:
>>> 2025-05-23T12:19:30+02:00, Clément Léger <cleger@rivosinc.com>:
>>>> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>>>> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>>>> + SBI_FWFT_MISALIGNED_EXC_DELEG,
>>>> + SBI_FWFT_LANDING_PAD,
>>>> + SBI_FWFT_SHADOW_STACK,
>>>> + SBI_FWFT_DOUBLE_TRAP,
>>>> + SBI_FWFT_PTE_AD_HW_UPDATING,
>>>> + SBI_FWFT_POINTER_MASKING_PMLEN,
>>>> +};
>>>
>>> How will userspace control which subset of these features is allowed in
>>> the guest?
>>>
>>> (We can reuse the KVM SBI extension interface if we don't want to add a
>>> FWFT specific ONE_REG.)
>>
>> Hi Radim,
>>
>> I didn't looked at that part. But most likely using the kvm one reg
>> interface seems ok like what is done for STA ? We could have per feature
>> override with one reg per feature.
>
> Sounds fine.
>
Yeah. We can have a follow up series for SBI FWFT state that allows user
space to toggle each state individually.
>> Is this something blocking though ? We'd like to merge FWFT once SBI 3.0
>> is ratified so that would be nice not delaying it too much. I'll take a
>> look at it to see if it isn't too long to implement.
>
> Not blocking, but I would at least default FWFT to disabled, because
> current userspace cannot handle [14/14]. (Well... save/restore was
> probably broken even before, but let's try to not make it worse. :])
>
User space can not enable or disable misaligned access delegation as
there is no interface for now rightly pointed by you. I guess supporting
that would be quicker than fixing the broader guest save/restore
anyways. Isn't it ?
We can have the patches ready for the next MW for FWFT one reg interface.
> Thanks.
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
2025-05-23T11:02:11-07:00, Atish Patra <atish.patra@linux.dev>: > On 5/23/25 9:27 AM, Radim KrÄmáŠwrote: >> 2025-05-23T17:29:49+02:00, Clément Léger <cleger@rivosinc.com>: >>> Is this something blocking though ? We'd like to merge FWFT once SBI 3.0 >>> is ratified so that would be nice not delaying it too much. I'll take a >>> look at it to see if it isn't too long to implement. >> >> Not blocking, but I would at least default FWFT to disabled, because >> current userspace cannot handle [14/14]. (Well... save/restore was >> probably broken even before, but let's try to not make it worse. :]) >> > > User space can not enable or disable misaligned access delegation as > there is no interface for now rightly pointed by you. I mean setting default_disabled=true and just disabling FWFT for the guest unless userspace explicitly enables the incomplete extension. We would blame the user for wanting mutually exclusive features. > I guess supporting > that would be quicker than fixing the broader guest save/restore > anyways. Isn't it ? Yes. The save/restore for FWFT is simple (if we disregard the discussions), but definitely more than a single line.
On 23/05/2025 20:02, Atish Patra wrote:
> On 5/23/25 9:27 AM, Radim KrÄmáŠwrote:
>> 2025-05-23T17:29:49+02:00, Clément Léger <cleger@rivosinc.com>:
>>> On 23/05/2025 15:05, Radim Krčmář wrote:
>>>> 2025-05-23T12:19:30+02:00, Clément Léger <cleger@rivosinc.com>:
>>>>> +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c
>>>>> +static const enum sbi_fwft_feature_t kvm_fwft_defined_features[] = {
>>>>> + SBI_FWFT_MISALIGNED_EXC_DELEG,
>>>>> + SBI_FWFT_LANDING_PAD,
>>>>> + SBI_FWFT_SHADOW_STACK,
>>>>> + SBI_FWFT_DOUBLE_TRAP,
>>>>> + SBI_FWFT_PTE_AD_HW_UPDATING,
>>>>> + SBI_FWFT_POINTER_MASKING_PMLEN,
>>>>> +};
>>>>
>>>> How will userspace control which subset of these features is allowed in
>>>> the guest?
>>>>
>>>> (We can reuse the KVM SBI extension interface if we don't want to add a
>>>> FWFT specific ONE_REG.)
>>>
>>> Hi Radim,
>>>
>>> I didn't looked at that part. But most likely using the kvm one reg
>>> interface seems ok like what is done for STA ? We could have per feature
>>> override with one reg per feature.
>>
>> Sounds fine.
>>
>
> Yeah. We can have a follow up series for SBI FWFT state that allows user
> space to toggle each state individually.
>
>>> Is this something blocking though ? We'd like to merge FWFT once SBI 3.0
>>> is ratified so that would be nice not delaying it too much. I'll take a
>>> look at it to see if it isn't too long to implement.
>>
>> Not blocking, but I would at least default FWFT to disabled, because
>> current userspace cannot handle [14/14]. (Well... save/restore was
>> probably broken even before, but let's try to not make it worse. :])
>>
>
> User space can not enable or disable misaligned access delegation as
> there is no interface for now rightly pointed by you. I guess supporting
> that would be quicker than fixing the broader guest save/restore
> anyways. Isn't it ?
>
> We can have the patches ready for the next MW for FWFT one reg interface.
Yeah sure I'll work on that in the meantime.
>
>> Thanks.
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>
© 2016 - 2025 Red Hat, Inc.