[PATCH 0/7] Add WorldGuard hwiso support

[Raymond Mao <raymondmaoca@gmail.com>]

From: Raymond Mao <raymond.mao@riscstar.com>

This series adds WorldGuard implementation for OpenSBI on top of the
generic hardware isolation (HWISO) hooks.

The goal is to let OpenSBI:
- program platform WorldGuard checker state at boot
- parse per-domain WorldGuard metadata from the device tree
- reprogram hart WorldGuard runtime state during domain transitions

The current implementation targets the WorldGuard model of
`sifive,wgchecker2` checker plus per-hart and per-domain WorldGuard
metadata from DT.

The series is organized as follows:
1. add the WorldGuard CSR definitions and hart extension flags needed
   to detect support for MLWID, MWIDDELEG, and SLWID
2. document the HWISO / WorldGuard device-tree metadata used by the
   current implementation
3. add a QEMU virt DT overlay that describes domain WID/WID list
   assignment and checker permission policy for the current test flow
4. add generic-platform WorldGuard runtime support together with
   `wgchecker2` checker parsing and boot-time MMIO programming
5. add generic HWISO SBIUNIT coverage
6. add QEMU virt WorldGuard mechanism-specific SBIUNIT checks for
   boot-time checker programming and runtime CSR state
7. add a QEMU virt failure-mode SBIUNIT test that intentionally
   triggers a denied WorldGuard access and verifies the expected trap

Notes:
- The implementation has been verified with QEMU virt that supports
  `wg=on`[1].
- This series depends on previous patches ([2] and [3]) for
  introducing HWISO framework.

[1] https://github.com/cwshu/qemu/tree/riscv-wg-dts
[2] [PATCH 1/2] sbi: add hardware isolation abstraction framework 
    https://lore.kernel.org/opensbi/20260504173948.1663823-1-raymondmaoca@gmail.com/
[3] [PATCH 2/2] sbi: route domain lifecycle transitions through hwiso hooks
    https://lore.kernel.org/opensbi/20260504173948.1663823-2-raymondmaoca@gmail.com/

Raymond Mao (7):
  hart: add WorldGuard CSR IDs and hart extension flags
  docs: document hwiso WorldGuard DT bindings
  [NOT-FOR-UPSTREAM] platform: virt: add QEMU WorldGuard hwiso overlay
  platform: generic: add WorldGuard hwiso support with wgchecker2
  test: add generic hwiso SBI unit coverage
  platform: virt: add QEMU virt WorldGuard hwiso tests
  platform: virt: add WorldGuard HWISO failure-mode SBIUNIT test

 docs/domain_support.md                        | 159 +++++
 include/sbi/riscv_encoding.h                  |   3 +
 include/sbi/sbi_hart.h                        |   4 +
 include/sbi/sbi_hwiso_test.h                  |  35 ++
 lib/sbi/objects.mk                            |   3 +
 lib/sbi/sbi_hart.c                            |   2 +
 lib/sbi/sbi_hwiso_test.c                      | 173 ++++++
 lib/sbi/sbi_hwiso_testlib.c                   | 119 ++++
 platform/generic/include/wgchecker2.h         |  55 ++
 platform/generic/include/worldguard.h         |  45 ++
 platform/generic/objects.mk                   |   4 +
 platform/generic/platform.c                   |  11 +
 .../generic/virt/qemu-virt-hwiso-overlay.dts  | 121 ++++
 .../generic/virt/qemu_virt_wgchecker_test.c   | 356 +++++++++++
 platform/generic/virt/qemu_virt_worldguard.c  |  42 ++
 platform/generic/wgchecker2.c                 | 585 ++++++++++++++++++
 platform/generic/worldguard.c                 | 522 ++++++++++++++++
 17 files changed, 2239 insertions(+)
 create mode 100644 include/sbi/sbi_hwiso_test.h
 create mode 100644 lib/sbi/sbi_hwiso_test.c
 create mode 100644 lib/sbi/sbi_hwiso_testlib.c
 create mode 100644 platform/generic/include/wgchecker2.h
 create mode 100644 platform/generic/include/worldguard.h
 create mode 100644 platform/generic/virt/qemu-virt-hwiso-overlay.dts
 create mode 100644 platform/generic/virt/qemu_virt_wgchecker_test.c
 create mode 100644 platform/generic/virt/qemu_virt_worldguard.c
 create mode 100644 platform/generic/wgchecker2.c
 create mode 100644 platform/generic/worldguard.c

-- 
2.25.1

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi