From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D0E30C43458 for ; Wed, 1 Jul 2026 02:08:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=yPVIoRdoDy2Yti/hxlz/P3dy2x5DUCR6qtuEAh6dk5k=; b=pLDjG5yxyTU4Sd QYoAnAaqjIFZ65ZposM1UujATRefdPjc62lZzAyeYtjaAYd61+EjFMIJYbp0GRPgG9E88D/5CF3+s eXQqEULaQJE0Qdoqp5rk7azvFBNEziW7wW4iOY8ich/u1xemtyI9xLgkr8tSN7kUAq7PM/WBSPq5g N1sGOXSOvSniGUflFAu0OoPUF50XV5k1X8F5aAU5ubG21vzGPv7JlFf6Y0/GR9hNTrhSvO07Lq+jU ejb+5oaA5iDuknfHYU+8yksQIqzRumdCYLQpfUYb/4OnY5FbyGB/Ir95sHkJXMSCrKap+hqkoWJSz 4008qxwsmQD5jN7Xqcqg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wekNU-00000000V2P-04AS; Wed, 01 Jul 2026 02:08:40 +0000 Received: from mail-pl1-x62a.google.com ([2607:f8b0:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.99.1 #2 (Red Hat Linux)) id 1wekNO-00000000Uuk-15oo for linux-riscv@lists.infradead.org; Wed, 01 Jul 2026 02:08:36 +0000 Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-2c9dbd00f1dso773445ad.3 for ; Tue, 30 Jun 2026 19:08:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782871713; x=1783476513; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xNDnGLVvnD4tmjeYRO+s6FPAGzn4En+qXlh/M6ZOC2c=; b=aQZJjMlMiwymvn93h1mjkPNWPSNwjkhy6SOezrZkUpUbKgvqiho6xuUghfN53ehafZ OUHTfPHHMVV1qtIzx3Thzt2NuMtf1GaEnJVULvwLnckZogWBufCkIhMjIvX2DfsA4Mgv T35D20bKQ8U8otn/hWpdayDCZwvLoueTy5lWMdbfZyFhA6ziglCAO1lke/qd2iWPAh8K uFOC58BDR+8cbNx/z3GC6FbUKjbHWixwW8nFSe6YZGFAeCa+h8KUyhH6CkhmL73C3YIg YEE2wjCiTIj2ZNKGrn87FxO4P/FmA8iZTm12kiQ/PhIzLzhzbYhqkt78S/OVam/xFHri 4gLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782871713; x=1783476513; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xNDnGLVvnD4tmjeYRO+s6FPAGzn4En+qXlh/M6ZOC2c=; b=TdlEFBq4mQO4NH41kQCrtUbF3LYEWt1GZTNBJXRENW/82YHAHP2aXT6gjAvAWSJx6z vLE7tKoOxMw1LJxob19gLN7F+p/guyl2VXaQ2nW+vblQuhzg7y1TI/cmrFk182WF4+M5 6iY9pfiHpzrY1vDKO90fLXEnQaeHN9G95oAUMrXd5ZYOvRW9+NujFs0Y2vFQmxg9u05k rZ4z7NEWciTocStOepK95iW7OIobF6fB0LKaecKkVk+1G8ZU38dwWClF8q2OatY9qNhU pFbyZs4fFrtgfytYTN/wfXS+uZEJDF83h1SEDqSR8mfirZKX6D9awmZwb4uvhnAwbyYt XKrA== X-Gm-Message-State: AOJu0YyRTr66mrXVxFWs9G479SwI//8tuCIxMwvzVWbIyYGuQaBYGenE ql8xpNqU07TZqKEynSmdLII7HYbwlV/wxfIkx/uGlx585Lvm9cDS5yFt X-Gm-Gg: AfdE7cnIWpkXKAbOq8AbRt5a4wSZ7GdU23N78RTQdRNmzDA3MuGHv6Q05Jksxc5D7L6 Bx8HNzyxX3t3gBMnlu0Tjq4jGijxwNUiRAwQXnVG21EfdNQ7xl2nIjIAnepQoX9gLA6MycyesHo wBYDHk1EF7K6crNVMrXRUi+YVqS7DwK84bU7iRu7SJDE2oRUypzb74aUC55oic2dRDIWG9tc7HC Bey4xsrWcUIn2qgkLyaNOt40Q2vIvEtQbN16NDhC1e7IBB60PkLeaRKzIUJA4fHo5U56G+WtEoW wQTb1VoesvDc1tYKuB79hLrLikOwh5RaCaYCo/Dtv4XxXwXVGpqQKpX4UCmbk6Smv+XoVCI1qCl FjxDHa3eSz/ppo/hd2LH7lMEo1qWN/XGAUc6OzG/kVbAa35RETW/MpFzilIEcFV1CMBJdplKTbJ gj4Hh9gRM7/UCtZXeOomcABw== X-Received: by 2002:a17:902:e806:b0:2c9:ff29:3f91 with SMTP id d9443c01a7336-2ca5a55b720mr28253325ad.6.1782871713354; Tue, 30 Jun 2026 19:08:33 -0700 (PDT) Received: from localhost ([2001:19f0:8000:3e6e:5400:6ff:fe38:3d01]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ca382a3863sm22650065ad.57.2026.06.30.19.08.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 19:08:33 -0700 (PDT) From: Inochi Amaoto To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Paolo Bonzini , Shuah Khan , Thomas Huth , Sergey Matyukevich , Inochi Amaoto , Andy Chiu , Deepak Gupta Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, kvm-riscv@lists.infradead.org, linux-kselftest@vger.kernel.org, Yixun Lan , Longbin Li , Quan Zhou Subject: [PATCH v4 7/8] RISC-V: KVM: Add support for control-flow integrity FWFT features Date: Wed, 1 Jul 2026 10:07:44 +0800 Message-ID: <20260701020746.170157-8-inochiama@gmail.com> X-Mailer: git-send-email 2.55.0 In-Reply-To: <20260701020746.170157-1-inochiama@gmail.com> References: <20260701020746.170157-1-inochiama@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260630_190834_388334_82A8A7D1 X-CRM114-Status: GOOD ( 16.44 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Control-flow integrity is controlled through a WARL field in henvcfg. Expose the feature only if the Zicfilp/Zicfiss is supported for VS-mode. Allow the VMM to block access to the feature by disabling the ISA extension in the guest. Assisted-by: YuanSheng:claude-4.7-opus Co-developed-by: Quan Zhou Signed-off-by: Quan Zhou Signed-off-by: Inochi Amaoto --- arch/riscv/include/uapi/asm/kvm.h | 2 + arch/riscv/kvm/vcpu_sbi_fwft.c | 107 ++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h index fd4c81697617..20d9959ca44f 100644 --- a/arch/riscv/include/uapi/asm/kvm.h +++ b/arch/riscv/include/uapi/asm/kvm.h @@ -248,6 +248,8 @@ struct kvm_riscv_sbi_fwft { struct kvm_riscv_sbi_fwft_feature misaligned_deleg; struct kvm_riscv_sbi_fwft_feature pointer_masking; struct kvm_riscv_sbi_fwft_feature pte_ad_hw_updating; + struct kvm_riscv_sbi_fwft_feature landing_pad; + struct kvm_riscv_sbi_fwft_feature shadow_stack; }; /* If you need to interpret the index values, here is the key: */ diff --git a/arch/riscv/kvm/vcpu_sbi_fwft.c b/arch/riscv/kvm/vcpu_sbi_fwft.c index 7192c229a19e..cb9b9721ec88 100644 --- a/arch/riscv/kvm/vcpu_sbi_fwft.c +++ b/arch/riscv/kvm/vcpu_sbi_fwft.c @@ -176,6 +176,95 @@ static long kvm_sbi_fwft_get_misaligned_delegation(struct kvm_vcpu *vcpu, return SBI_SUCCESS; } +static long kvm_sbi_fwft_set_cfi(struct kvm_vcpu *vcpu, + struct kvm_sbi_fwft_config *conf, + bool one_reg_access, unsigned long value, + u64 flag) +{ + struct kvm_vcpu_config *cfg = &vcpu->arch.cfg; + + if (value == 0) + cfg->henvcfg &= ~flag; + else if (value == 1) + cfg->henvcfg |= flag; + else + return SBI_ERR_INVALID_PARAM; + + if (cfg->henvcfg & (ENVCFG_LPE | ENVCFG_SSE)) + cfg->hedeleg |= EXC_SOFTWARE_CHECK; + else + cfg->hedeleg &= ~EXC_SOFTWARE_CHECK; + + if (!one_reg_access) { + csr_write(CSR_HEDELEG, cfg->hedeleg); + /* + * Both Bit LPE and SSE are in the lower part, so it is safe + * to only write the henvcfg + */ + csr_write(CSR_HENVCFG, vcpu->arch.cfg.henvcfg); + } + + return SBI_SUCCESS; +} + +static bool kvm_sbi_fwft_landing_pad_supported(struct kvm_vcpu *vcpu) +{ + return riscv_isa_extension_available(vcpu->arch.isa, ZICFILP); +} + +static void kvm_sbi_fwft_reset_landing_pad(struct kvm_vcpu *vcpu) +{ + struct kvm_vcpu_config *cfg = &vcpu->arch.cfg; + + kvm_sbi_fwft_env_flag_reset_helper(vcpu, ENVCFG_LPE); + if ((cfg->henvcfg & (ENVCFG_LPE | ENVCFG_SSE)) == 0) + cfg->hedeleg &= ~EXC_SOFTWARE_CHECK; +} + +static long kvm_sbi_fwft_set_landing_pad(struct kvm_vcpu *vcpu, + struct kvm_sbi_fwft_config *conf, + bool one_reg_access, unsigned long value) +{ + return kvm_sbi_fwft_set_cfi(vcpu, conf, one_reg_access, value, ENVCFG_LPE); +} + +static long kvm_sbi_fwft_get_landing_pad(struct kvm_vcpu *vcpu, + struct kvm_sbi_fwft_config *conf, + bool one_reg_access, unsigned long *value) +{ + return kvm_sbi_fwft_env_flag_get_helper(vcpu, conf, one_reg_access, + value, ENVCFG_LPE); +} + +static bool kvm_sbi_fwft_shadow_stack_supported(struct kvm_vcpu *vcpu) +{ + return riscv_isa_extension_available(vcpu->arch.isa, ZICFISS); +} + +static void kvm_sbi_fwft_reset_shadow_stack(struct kvm_vcpu *vcpu) +{ + struct kvm_vcpu_config *cfg = &vcpu->arch.cfg; + + kvm_sbi_fwft_env_flag_reset_helper(vcpu, ENVCFG_SSE); + if ((cfg->henvcfg & (ENVCFG_LPE | ENVCFG_SSE)) == 0) + cfg->hedeleg &= ~EXC_SOFTWARE_CHECK; +} + +static long kvm_sbi_fwft_set_shadow_stack(struct kvm_vcpu *vcpu, + struct kvm_sbi_fwft_config *conf, + bool one_reg_access, unsigned long value) +{ + return kvm_sbi_fwft_set_cfi(vcpu, conf, one_reg_access, value, ENVCFG_SSE); +} + +static long kvm_sbi_fwft_get_shadow_stack(struct kvm_vcpu *vcpu, + struct kvm_sbi_fwft_config *conf, + bool one_reg_access, unsigned long *value) +{ + return kvm_sbi_fwft_env_flag_get_helper(vcpu, conf, one_reg_access, + value, ENVCFG_SSE); +} + static bool kvm_sbi_fwft_pte_ad_hw_updating_supported(struct kvm_vcpu *vcpu) { return riscv_isa_extension_available(vcpu->arch.isa, SVADU) && @@ -312,6 +401,24 @@ static const struct kvm_sbi_fwft_feature features[] = { .set = kvm_sbi_fwft_set_misaligned_delegation, .get = kvm_sbi_fwft_get_misaligned_delegation, }, + { + .id = SBI_FWFT_LANDING_PAD, + .first_reg_num = offsetof(struct kvm_riscv_sbi_fwft, landing_pad.enable) / + sizeof(unsigned long), + .supported = kvm_sbi_fwft_landing_pad_supported, + .reset = kvm_sbi_fwft_reset_landing_pad, + .set = kvm_sbi_fwft_set_landing_pad, + .get = kvm_sbi_fwft_get_landing_pad, + }, + { + .id = SBI_FWFT_SHADOW_STACK, + .first_reg_num = offsetof(struct kvm_riscv_sbi_fwft, shadow_stack.enable) / + sizeof(unsigned long), + .supported = kvm_sbi_fwft_shadow_stack_supported, + .reset = kvm_sbi_fwft_reset_shadow_stack, + .set = kvm_sbi_fwft_set_shadow_stack, + .get = kvm_sbi_fwft_get_shadow_stack, + }, { .id = SBI_FWFT_PTE_AD_HW_UPDATING, .first_reg_num = offsetof(struct kvm_riscv_sbi_fwft, pte_ad_hw_updating.enable) / -- 2.55.0 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv