[PATCH 0/7] Add WorldGuard hwiso support
Raymond Mao
raymondmaoca at gmail.com
Tue May 19 13:33:24 PDT 2026
From: Raymond Mao <raymond.mao at riscstar.com>
This series adds WorldGuard implementation for OpenSBI on top of the
generic hardware isolation (HWISO) hooks.
The goal is to let OpenSBI:
- program platform WorldGuard checker state at boot
- parse per-domain WorldGuard metadata from the device tree
- reprogram hart WorldGuard runtime state during domain transitions
The current implementation targets the WorldGuard model of
`sifive,wgchecker2` checker plus per-hart and per-domain WorldGuard
metadata from DT.
The series is organized as follows:
1. add the WorldGuard CSR definitions and hart extension flags needed
to detect support for MLWID, MWIDDELEG, and SLWID
2. document the HWISO / WorldGuard device-tree metadata used by the
current implementation
3. add a QEMU virt DT overlay that describes domain WID/WID list
assignment and checker permission policy for the current test flow
4. add generic-platform WorldGuard runtime support together with
`wgchecker2` checker parsing and boot-time MMIO programming
5. add generic HWISO SBIUNIT coverage
6. add QEMU virt WorldGuard mechanism-specific SBIUNIT checks for
boot-time checker programming and runtime CSR state
7. add a QEMU virt failure-mode SBIUNIT test that intentionally
triggers a denied WorldGuard access and verifies the expected trap
Notes:
- The implementation has been verified with QEMU virt that supports
`wg=on`[1].
- This series depends on previous patches ([2] and [3]) for
introducing HWISO framework.
[1] https://github.com/cwshu/qemu/tree/riscv-wg-dts
[2] [PATCH 1/2] sbi: add hardware isolation abstraction framework
https://lore.kernel.org/opensbi/20260504173948.1663823-1-raymondmaoca@gmail.com/
[3] [PATCH 2/2] sbi: route domain lifecycle transitions through hwiso hooks
https://lore.kernel.org/opensbi/20260504173948.1663823-2-raymondmaoca@gmail.com/
Raymond Mao (7):
hart: add WorldGuard CSR IDs and hart extension flags
docs: document hwiso WorldGuard DT bindings
[NOT-FOR-UPSTREAM] platform: virt: add QEMU WorldGuard hwiso overlay
platform: generic: add WorldGuard hwiso support with wgchecker2
test: add generic hwiso SBI unit coverage
platform: virt: add QEMU virt WorldGuard hwiso tests
platform: virt: add WorldGuard HWISO failure-mode SBIUNIT test
docs/domain_support.md | 159 +++++
include/sbi/riscv_encoding.h | 3 +
include/sbi/sbi_hart.h | 4 +
include/sbi/sbi_hwiso_test.h | 35 ++
lib/sbi/objects.mk | 3 +
lib/sbi/sbi_hart.c | 2 +
lib/sbi/sbi_hwiso_test.c | 173 ++++++
lib/sbi/sbi_hwiso_testlib.c | 119 ++++
platform/generic/include/wgchecker2.h | 55 ++
platform/generic/include/worldguard.h | 45 ++
platform/generic/objects.mk | 4 +
platform/generic/platform.c | 11 +
.../generic/virt/qemu-virt-hwiso-overlay.dts | 121 ++++
.../generic/virt/qemu_virt_wgchecker_test.c | 356 +++++++++++
platform/generic/virt/qemu_virt_worldguard.c | 42 ++
platform/generic/wgchecker2.c | 585 ++++++++++++++++++
platform/generic/worldguard.c | 522 ++++++++++++++++
17 files changed, 2239 insertions(+)
create mode 100644 include/sbi/sbi_hwiso_test.h
create mode 100644 lib/sbi/sbi_hwiso_test.c
create mode 100644 lib/sbi/sbi_hwiso_testlib.c
create mode 100644 platform/generic/include/wgchecker2.h
create mode 100644 platform/generic/include/worldguard.h
create mode 100644 platform/generic/virt/qemu-virt-hwiso-overlay.dts
create mode 100644 platform/generic/virt/qemu_virt_wgchecker_test.c
create mode 100644 platform/generic/virt/qemu_virt_worldguard.c
create mode 100644 platform/generic/wgchecker2.c
create mode 100644 platform/generic/worldguard.c
--
2.25.1
More information about the opensbi
mailing list