From: Konstantin Semichastnov <k.semichastnov@syntacore.com>
To: Jim Shu <jim.shu@sifive.com>, <qemu-devel@nongnu.org>,
<qemu-riscv@nongnu.org>
Cc: "Daniel Henrique Barboza" <dbarboza@ventanamicro.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Alistair Francis" <alistair.francis@wdc.com>,
"Weiwei Li" <liwei1518@gmail.com>,
"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Zhao Liu" <zhao1.liu@intel.com>, "Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Michael Rolnik" <mrolnik@gmail.com>,
"Helge Deller" <deller@gmx.de>, "Song Gao" <gaosong@loongson.cn>,
"Laurent Vivier" <laurent@vivier.eu>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Jiaxun Yang" <jiaxun.yang@flygoat.com>,
"Aleksandar Rikalo" <arikalo@gmail.com>,
"Stafford Horne" <shorne@gmail.com>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Chinmay Rath" <rathc@linux.ibm.com>,
"Yoshinori Sato" <yoshinori.sato@nifty.com>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Thomas Huth" <thuth@redhat.com>,
"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
"Artyom Tarasenko" <atar4qemu@gmail.com>,
"Bastian Koppelmann" <kbastian@mail.uni-paderborn.de>,
"Max Filippov" <jcmvbkbc@gmail.com>,
"open list:PowerPC TCG CPUs" <qemu-ppc@nongnu.org>,
"open list:S390 TCG CPUs" <qemu-s390x@nongnu.org>
Subject: Re: [PATCH v3 05/18] hw/misc: riscv_worldguard: Add RISC-V WorldGuard global config
Date: Sun, 23 Nov 2025 20:49:15 +0300 [thread overview]
Message-ID: <ac068751-fd03-4eec-91ff-20cc30019e17@syntacore.com> (raw)
In-Reply-To: <20251021155548.584543-6-jim.shu@sifive.com>
On 10/21/25 18:55, Jim Shu wrote:
> Add a device for RISCV WG global config, which contains the number of
> worlds, reset value, and trusted WID ... etc.
>
> This global config is used by both CPU WG extension and wgChecker devices.
>
> Signed-off-by: Jim Shu <jim.shu@sifive.com>
> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
> ---
> hw/misc/Kconfig | 3 +
> hw/misc/meson.build | 1 +
> hw/misc/riscv_worldguard.c | 182 +++++++++++++++++++++++++++++
> include/hw/misc/riscv_worldguard.h | 56 +++++++++
> 4 files changed, 242 insertions(+)
> create mode 100644 hw/misc/riscv_worldguard.c
> create mode 100644 include/hw/misc/riscv_worldguard.h
>
> diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
> index 4e35657468..bee8824868 100644
> --- a/hw/misc/Kconfig
> +++ b/hw/misc/Kconfig
> @@ -235,4 +235,7 @@ config IOSB
> config XLNX_VERSAL_TRNG
> bool
>
> +config RISCV_WORLDGUARD
> + bool
> +
> source macio/Kconfig
> diff --git a/hw/misc/meson.build b/hw/misc/meson.build
> index b1d8d8e5d2..200ccc96c0 100644
> --- a/hw/misc/meson.build
> +++ b/hw/misc/meson.build
> @@ -34,6 +34,7 @@ system_ss.add(when: 'CONFIG_SIFIVE_E_PRCI', if_true: files('sifive_e_prci.c'))
> system_ss.add(when: 'CONFIG_SIFIVE_E_AON', if_true: files('sifive_e_aon.c'))
> system_ss.add(when: 'CONFIG_SIFIVE_U_OTP', if_true: files('sifive_u_otp.c'))
> system_ss.add(when: 'CONFIG_SIFIVE_U_PRCI', if_true: files('sifive_u_prci.c'))
> +specific_ss.add(when: 'CONFIG_RISCV_WORLDGUARD', if_true: files('riscv_worldguard.c'))
>
> subdir('macio')
>
> diff --git a/hw/misc/riscv_worldguard.c b/hw/misc/riscv_worldguard.c
> new file mode 100644
> index 0000000000..588c16ae9a
> --- /dev/null
> +++ b/hw/misc/riscv_worldguard.c
> @@ -0,0 +1,182 @@
> +/*
> + * RISC-V WorldGuard Device
> + *
> + * Copyright (c) 2022 SiFive, Inc.
> + *
> + * This provides WorldGuard global config.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along with
> + * this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "qemu/log.h"
> +#include "exec/hwaddr.h"
> +#include "hw/registerfields.h"
> +#include "hw/sysbus.h"
> +#include "hw/hw.h"
> +#include "hw/qdev-properties.h"
> +#include "hw/misc/riscv_worldguard.h"
> +#include "hw/core/cpu.h"
> +#include "target/riscv/cpu.h"
> +#include "trace.h"
> +
> +/*
> + * WorldGuard global config:
> + * List the global setting of WG, like num-of-worlds. It is unique in the machine.
> + * All CPUs with WG extension and wgChecker devices will use it.
> + */
> +struct RISCVWorldGuardState *worldguard_config;
> +
> +static Property riscv_worldguard_properties[] = {
Hi, I believe that this array should also be declared as "const", as
otherwise it will not compile due to the call of
device_class_set_props() on line 245. This is because
device_class_set_props() expects a property array to be constant, as it
checks for the last element to be non-null at compile time.
> + DEFINE_PROP_UINT32("nworlds", RISCVWorldGuardState, nworlds, 0),
> +
> + /* Only Trusted WID could access wgCheckers if it is enabled. */
> + DEFINE_PROP_UINT32("trustedwid", RISCVWorldGuardState, trustedwid, NO_TRUSTEDWID),
> +
> + /*
> + * WG reset value is bypass mode in HW. All WG permission checkings are
> + * pass by default, so SW could correctly run on the machine w/o any WG
> + * programming.
> + */
> + DEFINE_PROP_BOOL("hw-bypass", RISCVWorldGuardState, hw_bypass, false),
> +
> + /*
> + * TrustZone compatible mode:
> + * This mode is only supported in 2 worlds system. It converts WorldGuard
> + * WID to TZ NS signal on the bus so WG could be cooperated with
> + * TZ components. In QEMU, it converts WID to 'MemTxAttrs.secure' bit used
> + * by TZ.
> + */
> + DEFINE_PROP_BOOL("tz-compat", RISCVWorldGuardState, tz_compat, false),
> +};
> +
> +/* WID to MemTxAttrs converter */
> +void wid_to_mem_attrs(MemTxAttrs *attrs, uint32_t wid)
> +{
> + g_assert(wid < worldguard_config->nworlds);
> +
> + attrs->unspecified = 0;
> + if (worldguard_config->tz_compat) {
> + attrs->secure = wid;
> + } else {
> + attrs->world_id = wid;
> + }
> +}
> +
> +/* MemTxAttrs to WID converter */
> +uint32_t mem_attrs_to_wid(MemTxAttrs attrs)
> +{
> + if (attrs.unspecified) {
> + if (worldguard_config->trustedwid != NO_TRUSTEDWID) {
> + return worldguard_config->trustedwid;
> + } else {
> + return worldguard_config->nworlds - 1;
> + }
> + }
> +
> + if (worldguard_config->tz_compat) {
> + return attrs.secure;
> + } else {
> + return attrs.world_id;
> + }
> +}
> +
> +bool could_access_wgblocks(MemTxAttrs attrs, const char *wgblock)
> +{
> + uint32_t wid = mem_attrs_to_wid(attrs);
> + uint32_t trustedwid = worldguard_config->trustedwid;
> +
> + if ((trustedwid == NO_TRUSTEDWID) || (wid == trustedwid)) {
> + return true;
> + } else {
> + /*
> + * Only Trusted WID could access WG blocks if having it.
> + * Access them from other WIDs will get failed.
> + */
> + qemu_log_mask(LOG_GUEST_ERROR,
> + "%s: Invalid access to %s from non-trusted WID %d\n",
> + __func__, wgblock, wid);
> +
> + return false;
> + }
> +}
> +
> +static void riscv_worldguard_realize(DeviceState *dev, Error **errp)
> +{
> + RISCVWorldGuardState *s = RISCV_WORLDGUARD(dev);
> +
> + if (worldguard_config != NULL) {
> + error_setg(errp, "Couldn't realize multiple global WorldGuard configs.");
> + return;
> + }
> +
> + if ((s->nworlds) & (s->nworlds - 1)) {
> + error_setg(errp, "Current implementation only support power-of-2 NWorld.");
> + return;
> + }
> +
> + if ((s->trustedwid != NO_TRUSTEDWID) && (s->trustedwid >= s->nworlds)) {
> + error_setg(errp, "Trusted WID must be less than the number of world.");
> + return;
> + }
> +
> + if ((s->nworlds != 2) && (s->tz_compat)) {
> + error_setg(errp, "Only 2 worlds system could use TrustZone compatible mode.");
> + return;
> + }
> +
> + /* Register WG global config */
> + worldguard_config = s;
> +
> + /* Initialize global data for wgChecker */
> + wgc_slot_perm_mask = MAKE_64BIT_MASK(0, 2 * worldguard_config->nworlds);
> +}
> +
> +static void riscv_worldguard_class_init(ObjectClass *klass, const void *data)
> +{
> + DeviceClass *dc = DEVICE_CLASS(klass);
> +
> + device_class_set_props(dc, riscv_worldguard_properties);
> + dc->user_creatable = true;
> + dc->realize = riscv_worldguard_realize;
> +}
> +
> +static const TypeInfo riscv_worldguard_info = {
> + .name = TYPE_RISCV_WORLDGUARD,
> + .parent = TYPE_DEVICE,
> + .instance_size = sizeof(RISCVWorldGuardState),
> + .class_init = riscv_worldguard_class_init,
> +};
> +
> +/*
> + * Create WorldGuard global config
> + */
> +DeviceState *riscv_worldguard_create(uint32_t nworlds, uint32_t trustedwid,
> + bool hw_bypass, bool tz_compat)
> +{
> + DeviceState *dev = qdev_new(TYPE_RISCV_WORLDGUARD);
> + qdev_prop_set_uint32(dev, "nworlds", nworlds);
> + qdev_prop_set_uint32(dev, "trustedwid", trustedwid);
> + qdev_prop_set_bit(dev, "hw-bypass", hw_bypass);
> + qdev_prop_set_bit(dev, "tz-compat", tz_compat);
> + qdev_realize(DEVICE(dev), NULL, &error_fatal);
> + return dev;
> +}
> +
> +static void riscv_worldguard_register_types(void)
> +{
> + type_register_static(&riscv_worldguard_info);
> +}
> +
> +type_init(riscv_worldguard_register_types)
> diff --git a/include/hw/misc/riscv_worldguard.h b/include/hw/misc/riscv_worldguard.h
> new file mode 100644
> index 0000000000..bb276e59b8
> --- /dev/null
> +++ b/include/hw/misc/riscv_worldguard.h
> @@ -0,0 +1,56 @@
> +/*
> + * RISC-V WorldGuard Devices
> + *
> + * Copyright (c) 2022 RISCV, Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along with
> + * this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef HW_RISCV_WORLDGUARD_H
> +#define HW_RISCV_WORLDGUARD_H
> +
> +#include "qom/object.h"
> +#include "hw/sysbus.h"
> +#include "exec/hwaddr.h"
> +
> +#define TYPE_RISCV_WORLDGUARD "riscv.worldguard"
> +
> +#define NO_TRUSTEDWID UINT32_MAX
> +
> +typedef struct RISCVWorldGuardState RISCVWorldGuardState;
> +DECLARE_INSTANCE_CHECKER(RISCVWorldGuardState, RISCV_WORLDGUARD,
> + TYPE_RISCV_WORLDGUARD)
> +
> +struct RISCVWorldGuardState {
> + /*< private >*/
> + DeviceState parent_obj;
> +
> + /*< public >*/
> +
> + /* Property */
> + uint32_t nworlds;
> + uint32_t trustedwid;
> + bool hw_bypass;
> + bool tz_compat;
> +};
> +
> +extern struct RISCVWorldGuardState *worldguard_config;
> +
> +DeviceState *riscv_worldguard_create(uint32_t nworlds, uint32_t trustedwid,
> + bool hw_bypass, bool tz_compat);
> +
> +void wid_to_mem_attrs(MemTxAttrs *attrs, uint32_t wid);
> +uint32_t mem_attrs_to_wid(MemTxAttrs attrs);
> +bool could_access_wgblocks(MemTxAttrs attrs, const char *wgblock);
> +
> +#endif
next prev parent reply other threads:[~2025-11-23 17:50 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 15:55 [PATCH v3 00/18] Implements RISC-V WorldGuard extension v0.4 Jim Shu
2025-10-21 15:55 ` [PATCH v3 01/18] accel/tcg: Store section pointer in CPUTLBEntryFull Jim Shu
2025-11-03 12:13 ` Daniel Henrique Barboza
2025-10-21 15:55 ` [PATCH v3 02/18] system/physmem: Remove the assertion of page-aligned section number Jim Shu
2025-11-03 12:20 ` Daniel Henrique Barboza
2025-10-21 15:55 ` [PATCH v3 03/18] accel/tcg: memory access from CPU will pass access_type to IOMMU Jim Shu
2025-10-21 15:55 ` [PATCH v3 04/18] exec: Add RISC-V WorldGuard WID to MemTxAttrs Jim Shu
2025-10-21 15:55 ` [PATCH v3 05/18] hw/misc: riscv_worldguard: Add RISC-V WorldGuard global config Jim Shu
2025-11-23 17:49 ` Konstantin Semichastnov [this message]
2025-10-21 15:55 ` [PATCH v3 06/18] target/riscv: Add CPU options of WorldGuard CPU extension Jim Shu
2025-10-21 15:55 ` [PATCH v3 07/18] target/riscv: Add hard-coded CPU state of WG extension Jim Shu
2025-10-21 16:13 ` [PATCH v3 08/18] target/riscv: Add defines for WorldGuard CSRs Jim Shu
2025-10-21 16:13 ` [PATCH v3 09/18] target/riscv: Allow global WG config to set WG CPU callbacks Jim Shu
2025-10-21 16:13 ` [PATCH v3 10/18] target/riscv: Implement WorldGuard CSRs Jim Shu
2025-10-21 16:13 ` [PATCH v3 11/18] target/riscv: Add WID to MemTxAttrs of CPU memory transactions Jim Shu
2025-10-21 16:13 ` [PATCH v3 12/18] target/riscv: Expose CPU options of WorldGuard Jim Shu
2025-10-21 16:13 ` [PATCH v3 13/18] hw/misc: riscv_worldguard: Add API to enable WG extension of CPU Jim Shu
2025-10-21 16:13 ` [PATCH v3 14/18] hw/misc: riscv_wgchecker: Implement RISC-V WorldGuard Checker Jim Shu
2025-11-23 17:52 ` Konstantin Semichastnov
2025-10-21 16:21 ` [PATCH v3 15/18] hw/misc: riscv_wgchecker: Implement wgchecker slot registers Jim Shu
2025-10-21 16:21 ` [PATCH v3 16/18] hw/misc: riscv_wgchecker: Implement correct block-access behavior Jim Shu
2025-10-21 16:21 ` [PATCH v3 17/18] hw/misc: riscv_wgchecker: Check the slot settings in translate Jim Shu
2025-10-21 16:21 ` [PATCH v3 18/18] hw/riscv: virt: Add WorldGuard support Jim Shu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac068751-fd03-4eec-91ff-20cc30019e17@syntacore.com \
--to=k.semichastnov@syntacore.com \
--cc=alistair.francis@wdc.com \
--cc=arikalo@gmail.com \
--cc=atar4qemu@gmail.com \
--cc=aurelien@aurel32.net \
--cc=david@redhat.com \
--cc=dbarboza@ventanamicro.com \
--cc=deller@gmx.de \
--cc=edgar.iglesias@gmail.com \
--cc=eduardo@habkost.net \
--cc=gaosong@loongson.cn \
--cc=iii@linux.ibm.com \
--cc=jcmvbkbc@gmail.com \
--cc=jiaxun.yang@flygoat.com \
--cc=jim.shu@sifive.com \
--cc=kbastian@mail.uni-paderborn.de \
--cc=laurent@vivier.eu \
--cc=liwei1518@gmail.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=mrolnik@gmail.com \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rathc@linux.ibm.com \
--cc=richard.henderson@linaro.org \
--cc=shorne@gmail.com \
--cc=thuth@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=yoshinori.sato@nifty.com \
--cc=zhao1.liu@intel.com \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).