executor, sys/linux, pkg: enable syz_kvm_setup_cpu for riscv64

This patch implements syz_kvm_setup_cpu for riscv64 architecture.

The pseudo-syscall accepts VM fd, vCPU fd, host memory, and guest code
as parameters. Additional parameters (ntext, flags, opts, nopt) are
included for interface consistency with other architectures but are
currently unused on riscv64.

Implementation:
- Set up guest memory via KVM_SET_USER_MEMORY_REGION
- Copy guest code to guest memory
- Initialize guest registers to enable code execution in S-mode
- Return 0 on success, -1 on failure

Testing:
A test file syz_kvm_setup_cpu_riscv64 is included in sys/linux/test/
to verify basic functionality.

Known limitations:
- ifuzz is not yet compatible with riscv64. Temporary workaround: set
  text[riscv64] to TextTarget and return nil in createTargetIfuzzConfig
  for riscv64 to ensure generateText and mutateText work correctly.

This patch also adds support for KVM_GET_ONE_REG ioctl.

3 files changed, 57 insertions, 0 deletions

diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt
index 73e5edccc..aa13f723a 100644
--- a/sys/linux/dev_kvm.txt
+++ b/sys/linux/dev_kvm.txt
@@ -350,8 +350,17 @@ kvm_one_reg [
 	arm64_sve	kvm_one_reg_arm64_range[0x6080000000150000:0x6080000000150620]
 	arm64_sve_vls	kvm_one_reg_arm64_range[0x606000000015ffff]
 	other		kvm_one_reg_other
+# For riscv64
+	riscv64_config	kvm_one_reg_riscv64[kvm_regs_riscv64_config]
+	riscv64_core	kvm_one_reg_riscv64[kvm_regs_riscv64_core]
+	riscv64_csr	kvm_one_reg_riscv64[kvm_regs_riscv64_csr]
 ]
 
+type kvm_one_reg_riscv64[FTYPE] {
+	id	flags[FTYPE, int64]
+	addr	ptr64[inout, int64]
+}
+
 type kvm_one_reg_arm64[FTYPE] {
 	id	flags[FTYPE, int64]
 	addr	ptr64[inout, int64]
@@ -623,3 +632,8 @@ kvm_regs_arm64_sys = 0x6030000000138002, 0x6030000000138010, 0x6030000000138012,
 # Extra registers that KVM_GET_REG_LIST prints on QEMU
 kvm_regs_arm64_extra = 0x603000000013c01b, 0x603000000013c01f, 0x603000000013c022, 0x603000000013c023, 0x603000000013c025, 0x603000000013c026, 0x603000000013c027, 0x603000000013c02a, 0x603000000013c02b, 0x603000000013c02e, 0x603000000013c02f, 0x603000000013c033, 0x603000000013c034, 0x603000000013c035, 0x603000000013c036, 0x603000000013c037, 0x603000000013c03b, 0x603000000013c03c, 0x603000000013c03d, 0x603000000013c03e, 0x603000000013c03f, 0x603000000013c103, 0x603000000013c512, 0x603000000013c513
 # End of register descriptions generated by tools/arm64/registers.go
+
+# For riscv64, https://elixir.bootlin.com/linux/v6.19-rc4/source/Documentation/virt/kvm/api.rst#L2765
+kvm_regs_riscv64_config = 0x8030000000100000
+kvm_regs_riscv64_core = 0x8030000000200000, 0x8030000000200001, 0x8030000000200002, 0x8030000000200003, 0x8030000000200004, 0x8030000000200005, 0x8030000000200006, 0x8030000000200007, 0x8030000000200008, 0x8030000000200009, 0x803000000020000a, 0x803000000020000b, 0x803000000020000c, 0x803000000020000d, 0x803000000020000e, 0x803000000020000f, 0x8030000000200010, 0x8030000000200011, 0x8030000000200012, 0x8030000000200013, 0x8030000000200014, 0x8030000000200015, 0x8030000000200016, 0x8030000000200017, 0x8030000000200018, 0x8030000000200019, 0x803000000020001a, 0x803000000020001b, 0x803000000020001c, 0x803000000020001d, 0x803000000020001e, 0x803000000020001f, 0x8030000000200020
+kvm_regs_riscv64_csr = 0x8030000000300000, 0x8030000000300001, 0x8030000000300002, 0x8030000000300003, 0x8030000000300004, 0x8030000000300005, 0x8030000000300006, 0x8030000000300007, 0x8030000000300008
diff --git a/sys/linux/dev_kvm_riscv64.txt b/sys/linux/dev_kvm_riscv64.txt
index 1079853a7..c6ecde793 100644
--- a/sys/linux/dev_kvm_riscv64.txt
+++ b/sys/linux/dev_kvm_riscv64.txt
@@ -12,3 +12,22 @@ ioctl$KVM_SET_GUEST_DEBUG_riscv64(fd fd_kvmcpu, cmd const[KVM_SET_GUEST_DEBUG],
 kvm_guest_debug_arch_riscv64 {
 	reg	array[int64, 8]
 }
+
+syz_kvm_setup_cpu$riscv64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[in, array[kvm_text_riscv64, 1]], ntext len[text], flags const[0], opts ptr[in, array[kvm_setup_opt_riscv64, 1]], nopt len[opts])
+
+kvm_setup_opt_riscv64 [
+# unions need at least 2 fields, but we have only 1 now, but we want to have it as union for future extention
+	featur1	kvm_setup_opt_riscv64_feature
+	featur2	kvm_setup_opt_riscv64_feature
+]
+
+kvm_setup_opt_riscv64_feature {
+	typ	const[1, int64]
+	val	int64
+}
+
+kvm_text_riscv64 {
+	typ	const[0, intptr]
+	text	ptr[in, text[riscv64]]
+	size	len[text, intptr]
+}
diff --git a/sys/linux/test/syz_kvm_setup_cpu_riscv64 b/sys/linux/test/syz_kvm_setup_cpu_riscv64
new file mode 100644
index 000000000..3e7c222f1
--- /dev/null
+++ b/sys/linux/test/syz_kvm_setup_cpu_riscv64
@@ -0,0 +1,24 @@
+#
+# requires: arch=riscv64
+#
+
+r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
+r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0)
+r2 = ioctl$KVM_CREATE_VCPU(r1, AUTO, 0x0)
+
+#
+# Set the register
+#   0x04200513,   li a0, 0x42      (addi a0, zero, 0x42)
+#   0x06300593,   li a1, 0x63      (addi a1, zero, 0x63)
+# Load the MMIO address to t1 (without affecting a0, a1)
+#   0x40000337,   lui t1, 0x40000 (load 20 bits high to t1)
+# Read from the MMIO address (this triggers KVM_EXIT_MMIO)
+#   0x00032683,   lw a3, 0(t1) (read from address 0x40000000 to a3)
+#
+syz_kvm_setup_cpu$riscv64(r1, r2, &(0x7f0000fe8000/0x180000)=nil,&(0x7f0000000000)=[{0x0, &(0x7f0000001000)="13052004930530063703004083260300", 0xf}], 0x1, 0x0, 0x0, 0x0)
+
+ioctl$KVM_RUN(r2, AUTO, 0x0)
+
+ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_core={0x803000000200000a, &AUTO})
+ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_config={0x8030000001000000, &AUTO})
+ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_csr={0x8030000003000000, &AUTO})
\ No newline at end of file