mbox series

[RFC,v4,0/3] riscv: add Svukte extension

Message ID 20241213-dev-maxh-svukte-v4-v4-0-92762c67f743@sifive.com (mailing list archive)
Headers show
Series riscv: add Svukte extension | expand

Message

Max Hsu Dec. 13, 2024, 11:33 a.m. UTC
RISC-V privileged spec will be added with Svukte extension [1] 

Svukte introduce senvcfg.UKTE and hstatus.HUKTE bitfield.
which makes user-mode access to supervisor memory raise page faults
in constant time, mitigating attacks that attempt to discover the 
supervisor software's address-space layout.

In the Linux kernel, since the hstatus.HU bit is not enabled,
the following patches only enable the use of senvcfg.UKTE.

For Guest environments, because a Guest OS (not limited to Linux)
may hold mappings from GVA to GPA, the Guest OS should decide
whether to enable the protection provided by the Svukte extension.

Since the Guest OS may utilize the Svukte extension simply by setting
the senvcfg.UKTE without any trap to host. In the view of VMM, the
Svukte extension should be always presented. Therefore adding an
extra entry in kvm_riscv_vcpu_isa_disable_allowed().

If the Guest environment wants to change senvcfg.UKTE, KVM already
provides the senvcfg CSR swap support via 
kvm_riscv_vcpu_swap_in_(host|guest)_state.
Thus, there is no concern about the Guest OS affecting the Host OS. 

The following patches add 
- dt-binding of Svukte ISA string
- CSR bit definition, ISA detection, senvcfg.UKTE enablement in kernel
- KVM ISA support for Svukte extension

Changes in v4:
- rebase on riscv/for-next
- add kvm_riscv_vcpu_isa_disable_allowed() entry addressed by Anup
  and Andrew from v2/v3 patches.
  - update the cover letter for the detailed reason
- update the commit message on dt-binding for the Svukte ISA string
- Link to v3: https://lore.kernel.org/all/20241120-dev-maxh-svukte-v3-v3-0-1e533d41ae15@sifive.com/

Changes in v3: 
- rebase on riscv/for-next
- fixed typo in the dt-binding for the Svukte ISA string
- updated the commit message for KVM support for the Svukte extension
- Link to v2: https://lore.kernel.org/all/20240927-dev-maxh-svukte-rebase-2-v2-0-9afe57c33aee@sifive.com/

Changes in v2: 
- rebase on riscv/for-next (riscv-for-linus-6.12-mw1)
- modify the description of dt-binding on Svukte ISA string
- Link to v1: https://lore.kernel.org/all/20240920-dev-maxh-svukte-rebase-v1-0-7864a88a62bd@sifive.com/

Link: https://github.com/riscv/riscv-isa-manual/pull/1564 [1] 

Signed-off-by: Max Hsu <max.hsu@sifive.com>

---
Max Hsu (3):
      dt-bindings: riscv: Add Svukte entry
      riscv: Add Svukte extension support
      riscv: KVM: Add Svukte extension support for Guest/VM

 Documentation/devicetree/bindings/riscv/extensions.yaml | 9 +++++++++
 arch/riscv/include/asm/csr.h                            | 2 ++
 arch/riscv/include/asm/hwcap.h                          | 1 +
 arch/riscv/include/uapi/asm/kvm.h                       | 1 +
 arch/riscv/kernel/cpufeature.c                          | 5 +++++
 arch/riscv/kvm/vcpu_onereg.c                            | 2 ++
 6 files changed, 20 insertions(+)
---
base-commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4
change-id: 20241213-dev-maxh-svukte-v4-34101ec945e9

Best regards,

Comments

Anup Patel Dec. 19, 2024, 7:03 a.m. UTC | #1
On Fri, Dec 13, 2024 at 5:03 PM Max Hsu <max.hsu@sifive.com> wrote:
>
> RISC-V privileged spec will be added with Svukte extension [1]
>
> Svukte introduce senvcfg.UKTE and hstatus.HUKTE bitfield.
> which makes user-mode access to supervisor memory raise page faults
> in constant time, mitigating attacks that attempt to discover the
> supervisor software's address-space layout.
>
> In the Linux kernel, since the hstatus.HU bit is not enabled,
> the following patches only enable the use of senvcfg.UKTE.
>
> For Guest environments, because a Guest OS (not limited to Linux)
> may hold mappings from GVA to GPA, the Guest OS should decide
> whether to enable the protection provided by the Svukte extension.
>
> Since the Guest OS may utilize the Svukte extension simply by setting
> the senvcfg.UKTE without any trap to host. In the view of VMM, the
> Svukte extension should be always presented. Therefore adding an
> extra entry in kvm_riscv_vcpu_isa_disable_allowed().
>
> If the Guest environment wants to change senvcfg.UKTE, KVM already
> provides the senvcfg CSR swap support via
> kvm_riscv_vcpu_swap_in_(host|guest)_state.
> Thus, there is no concern about the Guest OS affecting the Host OS.
>
> The following patches add
> - dt-binding of Svukte ISA string
> - CSR bit definition, ISA detection, senvcfg.UKTE enablement in kernel
> - KVM ISA support for Svukte extension
>
> Changes in v4:
> - rebase on riscv/for-next
> - add kvm_riscv_vcpu_isa_disable_allowed() entry addressed by Anup
>   and Andrew from v2/v3 patches.
>   - update the cover letter for the detailed reason
> - update the commit message on dt-binding for the Svukte ISA string
> - Link to v3: https://lore.kernel.org/all/20241120-dev-maxh-svukte-v3-v3-0-1e533d41ae15@sifive.com/
>
> Changes in v3:
> - rebase on riscv/for-next
> - fixed typo in the dt-binding for the Svukte ISA string
> - updated the commit message for KVM support for the Svukte extension
> - Link to v2: https://lore.kernel.org/all/20240927-dev-maxh-svukte-rebase-2-v2-0-9afe57c33aee@sifive.com/
>
> Changes in v2:
> - rebase on riscv/for-next (riscv-for-linus-6.12-mw1)
> - modify the description of dt-binding on Svukte ISA string
> - Link to v1: https://lore.kernel.org/all/20240920-dev-maxh-svukte-rebase-v1-0-7864a88a62bd@sifive.com/
>
> Link: https://github.com/riscv/riscv-isa-manual/pull/1564 [1]
>
> Signed-off-by: Max Hsu <max.hsu@sifive.com>
>
> ---
> Max Hsu (3):
>       dt-bindings: riscv: Add Svukte entry
>       riscv: Add Svukte extension support
>       riscv: KVM: Add Svukte extension support for Guest/VM

Overall, this series looks good to me.

Reviewed-by: Anup Patel <anup@brainfault.org>

As-per Linux RISC-V patch acceptance policy, we will have to
wait until the spec is frozen.

Regards,
Anup

>
>  Documentation/devicetree/bindings/riscv/extensions.yaml | 9 +++++++++
>  arch/riscv/include/asm/csr.h                            | 2 ++
>  arch/riscv/include/asm/hwcap.h                          | 1 +
>  arch/riscv/include/uapi/asm/kvm.h                       | 1 +
>  arch/riscv/kernel/cpufeature.c                          | 5 +++++
>  arch/riscv/kvm/vcpu_onereg.c                            | 2 ++
>  6 files changed, 20 insertions(+)
> ---
> base-commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4
> change-id: 20241213-dev-maxh-svukte-v4-34101ec945e9
>
> Best regards,
> --
> Max Hsu <max.hsu@sifive.com>
>