From: Yu-Chien Peter Lin <peter.lin@sifive.com>
To: opensbi@lists.infradead.org
Cc: zong.li@sifive.com, greentime.hu@sifive.com,
alvinga@andestech.com, Yu-Chien Peter Lin <peter.lin@sifive.com>
Subject: [PATCH 8/8] lib: sbi_domain_context: preserve firmware PMP entries during domain context switch
Date: Thu, 14 Aug 2025 19:05:22 +0800 [thread overview]
Message-ID: <20250814110522.18809-9-peter.lin@sifive.com> (raw)
In-Reply-To: <20250814110522.18809-1-peter.lin@sifive.com>
When SmePMP is enabled, clearing firmware PMP entries during a domain
context switch can temporarily revoke access to OpenSBI’s own code and
data, leading to faults.
Keep firmware PMP entries enabled across switches so firmware regions
remain accessible and executable.
Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
---
lib/sbi/sbi_domain_context.c | 43 ++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/lib/sbi/sbi_domain_context.c b/lib/sbi/sbi_domain_context.c
index 1812c7c9..4ee50ac3 100644
--- a/lib/sbi/sbi_domain_context.c
+++ b/lib/sbi/sbi_domain_context.c
@@ -85,6 +85,45 @@ static void hart_context_set(struct sbi_domain *dom, u32 hartindex,
hart_context_get(sbi_domain_thishart_ptr(), \
current_hartindex())
+/**
+ * Determine whether a PMP entry protects firmware memory regions
+ *
+ * @param n PMP entry index
+ * @param dom current domain
+ */
+static bool pmp_is_fw_region(unsigned int n, struct sbi_domain *dom)
+{
+ struct sbi_scratch *scratch = sbi_scratch_thishart_ptr();
+ unsigned int pmp_count = sbi_hart_pmp_count(scratch);
+ struct sbi_domain_memregion *reg;
+ unsigned long addr, log2len;
+ unsigned long prot, fw_flag;
+ int rc;
+
+ if (!dom || (n >= pmp_count))
+ return false;
+
+ /* Decode the pmpcfg and pmpaddr */
+ rc = pmp_get(n, &prot, &addr, &log2len);
+ if (rc)
+ return false;
+
+ sbi_domain_for_each_memregion(dom, reg) {
+ if ((reg->flags & SBI_DOMAIN_MEMREGION_FW) == 0)
+ continue;
+
+ /* Found a firmware region, assume it is always NAPOT mode */
+ fw_flag = sbi_domain_get_smepmp_flags(reg) | PMP_A_NAPOT;
+ if ((reg->base == addr) &&
+ (reg->order == log2len) &&
+ (fw_flag == prot)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
/**
* Switches the HART context from the current domain to the target domain.
* This includes changing domain assignments and reconfiguring PMP, as well
@@ -121,6 +160,10 @@ static void switch_to_next_domain_context(struct hart_context *ctx,
(i == SBI_SMEPMP_RESV_ENTRY)) {
continue;
}
+
+ if (pmp_is_fw_region(i, current_dom))
+ continue;
+
sbi_platform_pmp_disable(sbi_platform_thishart_ptr(), i);
pmp_disable(i);
}
--
2.39.3
--
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi
next prev parent reply other threads:[~2025-08-14 13:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 11:05 [PATCH 0/8] SmePMP bugfixes and improvement Yu-Chien Peter Lin
2025-08-14 11:05 ` [PATCH 1/8] lib: sbi_hart: move sbi_hart_get_smepmp_flags() to sbi_domain Yu-Chien Peter Lin
2025-08-14 11:05 ` [PATCH 2/8] lib: sbi_domain: allow specifying inaccessible region Yu-Chien Peter Lin
2025-08-14 11:05 ` [PATCH 3/8] lib: sbi_domain: print unsupported SmePMP permissions Yu-Chien Peter Lin
2025-08-14 11:05 ` [PATCH 4/8] lib: sbi_hart: add error message for insufficient PMP entries Yu-Chien Peter Lin
2025-08-14 11:05 ` [PATCH 5/8] lib: sbi_domain_context: skip the reserved entry during domain context switch Yu-Chien Peter Lin
2025-08-15 5:54 ` Alvin Che-Chia Chang(張哲嘉)
2025-08-14 11:05 ` [PATCH 6/8] lib: sbi_domain: add SBI_DOMAIN_MEMREGION_FW memregion flag Yu-Chien Peter Lin
2025-08-14 15:39 ` Alvin Che-Chia Chang(張哲嘉)
2025-08-21 8:32 ` Xiang W
2025-08-14 11:05 ` [PATCH 7/8] lib: sbi_domain: ensure consistent firmware PMP entries Yu-Chien Peter Lin
2025-08-14 11:05 ` Yu-Chien Peter Lin [this message]
2025-10-06 5:21 ` [PATCH 0/8] SmePMP bugfixes and improvement Anup Patel
2025-10-08 1:30 ` Peter Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250814110522.18809-9-peter.lin@sifive.com \
--to=peter.lin@sifive.com \
--cc=alvinga@andestech.com \
--cc=greentime.hu@sifive.com \
--cc=opensbi@lists.infradead.org \
--cc=zong.li@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox