[PATCH 0/8] Reset more security-related CSRs

[PATCH 0/8] Reset more security-related CSRs

[Radim Krčmář]

Hello,

there is a possible security hole in the initial state of many CSRs that
control isolation between privilege levels.

[1,2/8] are making the rest easier to implement.
The vulnerabilities get fixed in [3,4,8/8].
[5/8] fixes a loosely-related opensbi bug.

Radim Krčmář (8):
  lib: sbi: add 64 bit csr macros
  lib: sbi: use 64 bit csr macros
  lib: sbi_hart: reset hstatus
  lib: sbi_hart: reset sstateen and hstateen
  lib: sbi_hart: fix sstateen emulation
  lib: sbi_hart: reset mstateen0
  lib: sbi_hart: add Ssstateen extension
  lib: sbi_hart: properly reset Ssstateen

 include/sbi/riscv_asm.h | 21 +++++++++++++++++++
 include/sbi/sbi_hart.h  |  4 +++-
 lib/sbi/sbi_hart.c      | 46 +++++++++++++++++++++++++++--------------
 lib/sbi/sbi_timer.c     |  7 +------
 4 files changed, 55 insertions(+), 23 deletions(-)

-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 1/8] lib: sbi: add 64 bit csr macros

[Radim Krčmář]

Most CSRs are XLEN bits wide, but some are 64 bit, so rv32 needs two
accesses, plaguing the code with ifdefs.

Add new helpers that split 64 bit operation into two operations on rv32.

The helpers don't use "csr + 0x10", but append "H" at the end of the csr
name to get a compile-time error when accessing a non 64 bit register.
This has the downside that you have to use the name when accessing them.
e.g. csr_read64(0x1234) or csr_read64(CSR_SATP) won't compile and the
error messages you get for these bugs are not straightforward.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 include/sbi/riscv_asm.h | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/include/sbi/riscv_asm.h b/include/sbi/riscv_asm.h
index 4605db20bd7a..d19281ac1961 100644
--- a/include/sbi/riscv_asm.h
+++ b/include/sbi/riscv_asm.h
@@ -156,6 +156,27 @@
 				     : "memory");                  \
 	})
 
+
+#if __riscv_xlen == 64
+#define __csrrw64(op, csr, csrh, val) (true ? op(csr, val) : (uint64_t)csrh)
+#define __csrr64( op, csr, csrh)      (true ? op(csr)      : (uint64_t)csrh)
+#define __csrw64( op, csr, csrh, val) (true ? op(csr, val) : (uint64_t)csrh)
+#elif __riscv_xlen == 32
+#define __csrrw64(op, csr, csrh, val) (  op(csr, val) | (uint64_t)op(csrh, val >> 32) << 32)
+#define __csrr64( op, csr, csrh)      (  op(csr)      | (uint64_t)op(csrh)            << 32)
+#define __csrw64( op, csr, csrh, val) ({ op(csr, val);            op(csrh, val >> 32);    })
+#endif
+
+#define csr_swap64(        csr, val) __csrrw64(csr_swap,         csr, csr ## H, val)
+#define csr_read64(        csr)      __csrr64 (csr_read,         csr, csr ## H)
+#define csr_read_relaxed64(csr)      __csrr64 (csr_read_relaxed, csr, csr ## H)
+#define csr_write64(       csr, val) __csrw64 (csr_write,        csr, csr ## H, val)
+#define csr_read_set64(    csr, val) __csrrw64(csr_read_set,     csr, csr ## H, val)
+#define csr_set64(         csr, val) __csrw64 (csr_set,          csr, csr ## H, val)
+#define csr_clear64(       csr, val) __csrw64 (csr_clear,        csr, csr ## H, val)
+#define csr_read_clear64(  csr, val) __csrrw64(csr_read_clear,   csr, csr ## H, val)
+#define csr_clear64(       csr, val) __csrw64 (csr_clear,        csr, csr ## H, val)
+
 unsigned long csr_read_num(int csr_num);
 
 void csr_write_num(int csr_num, unsigned long val);
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 1/8] lib: sbi: add 64 bit csr macros

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> Most CSRs are XLEN bits wide, but some are 64 bit, so rv32 needs two
> accesses, plaguing the code with ifdefs.
>
> Add new helpers that split 64 bit operation into two operations on rv32.
>
> The helpers don't use "csr + 0x10", but append "H" at the end of the csr
> name to get a compile-time error when accessing a non 64 bit register.
> This has the downside that you have to use the name when accessing them.
> e.g. csr_read64(0x1234) or csr_read64(CSR_SATP) won't compile and the
> error messages you get for these bugs are not straightforward.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
> ---
>  include/sbi/riscv_asm.h | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/include/sbi/riscv_asm.h b/include/sbi/riscv_asm.h
> index 4605db20bd7a..d19281ac1961 100644
> --- a/include/sbi/riscv_asm.h
> +++ b/include/sbi/riscv_asm.h
> @@ -156,6 +156,27 @@
>                                      : "memory");                  \
>         })
>
> +

Redundant newline.

> +#if __riscv_xlen == 64
> +#define __csrrw64(op, csr, csrh, val) (true ? op(csr, val) : (uint64_t)csrh)
> +#define __csrr64( op, csr, csrh)      (true ? op(csr)      : (uint64_t)csrh)
> +#define __csrw64( op, csr, csrh, val) (true ? op(csr, val) : (uint64_t)csrh)
> +#elif __riscv_xlen == 32
> +#define __csrrw64(op, csr, csrh, val) (  op(csr, val) | (uint64_t)op(csrh, val >> 32) << 32)
> +#define __csrr64( op, csr, csrh)      (  op(csr)      | (uint64_t)op(csrh)            << 32)
> +#define __csrw64( op, csr, csrh, val) ({ op(csr, val);            op(csrh, val >> 32);    })
> +#endif
> +
> +#define csr_swap64(        csr, val) __csrrw64(csr_swap,         csr, csr ## H, val)
> +#define csr_read64(        csr)      __csrr64 (csr_read,         csr, csr ## H)
> +#define csr_read_relaxed64(csr)      __csrr64 (csr_read_relaxed, csr, csr ## H)
> +#define csr_write64(       csr, val) __csrw64 (csr_write,        csr, csr ## H, val)
> +#define csr_read_set64(    csr, val) __csrrw64(csr_read_set,     csr, csr ## H, val)
> +#define csr_set64(         csr, val) __csrw64 (csr_set,          csr, csr ## H, val)
> +#define csr_clear64(       csr, val) __csrw64 (csr_clear,        csr, csr ## H, val)
> +#define csr_read_clear64(  csr, val) __csrrw64(csr_read_clear,   csr, csr ## H, val)
> +#define csr_clear64(       csr, val) __csrw64 (csr_clear,        csr, csr ## H, val)
> +
>  unsigned long csr_read_num(int csr_num);
>
>  void csr_write_num(int csr_num, unsigned long val);
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

Otherwise, LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 1/8] lib: sbi: add 64 bit csr macros

[Radim Krčmář]

2025-04-28T17:58:31+05:30, Anup Patel <anup@brainfault.org>:
> On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>>
>> Most CSRs are XLEN bits wide, but some are 64 bit, so rv32 needs two
>> accesses, plaguing the code with ifdefs.
>>
>> Add new helpers that split 64 bit operation into two operations on rv32.
>>
>> The helpers don't use "csr + 0x10", but append "H" at the end of the csr
>> name to get a compile-time error when accessing a non 64 bit register.
>> This has the downside that you have to use the name when accessing them.
>> e.g. csr_read64(0x1234) or csr_read64(CSR_SATP) won't compile and the
>> error messages you get for these bugs are not straightforward.
>>
>> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
>> ---
>> diff --git a/include/sbi/riscv_asm.h b/include/sbi/riscv_asm.h
>> @@ -156,6 +156,27 @@
>>                                      : "memory");                  \
>>         })
>>
>> +
>
> Redundant newline.

Oops, it will be gone in v2, thanks.

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 2/8] lib: sbi: use 64 bit csr macros

[Radim Krčmář]

Switch the most obvious cases to new macros.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c  | 20 ++++----------------
 lib/sbi/sbi_timer.c |  7 +------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index c343805c57cb..2d9ee60fd36c 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -86,10 +86,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
 	}
 
 	if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
-		mstateen_val = csr_read(CSR_MSTATEEN0);
-#if __riscv_xlen == 32
-		mstateen_val |= ((uint64_t)csr_read(CSR_MSTATEEN0H)) << 32;
-#endif
+		mstateen_val = csr_read64(CSR_MSTATEEN0);
 		mstateen_val |= SMSTATEEN_STATEN;
 		mstateen_val |= SMSTATEEN0_CONTEXT;
 		mstateen_val |= SMSTATEEN0_HSENVCFG;
@@ -110,17 +107,11 @@ static void mstatus_init(struct sbi_scratch *scratch)
 		else
 			mstateen_val &= ~SMSTATEEN0_CTR;
 
-		csr_write(CSR_MSTATEEN0, mstateen_val);
-#if __riscv_xlen == 32
-		csr_write(CSR_MSTATEEN0H, mstateen_val >> 32);
-#endif
+		csr_write64(CSR_MSTATEEN0, mstateen_val);
 	}
 
 	if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
-		menvcfg_val = csr_read(CSR_MENVCFG);
-#if __riscv_xlen == 32
-		menvcfg_val |= ((uint64_t)csr_read(CSR_MENVCFGH)) << 32;
-#endif
+		menvcfg_val = csr_read64(CSR_MENVCFG);
 
 		/* Disable double trap by default */
 		menvcfg_val &= ~ENVCFG_DTE;
@@ -156,10 +147,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
 		if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SVADE))
 			menvcfg_val &= ~ENVCFG_ADUE;
 
-		csr_write(CSR_MENVCFG, menvcfg_val);
-#if __riscv_xlen == 32
-		csr_write(CSR_MENVCFGH, menvcfg_val >> 32);
-#endif
+		csr_write64(CSR_MENVCFG, menvcfg_val);
 
 		/* Enable S-mode access to seed CSR */
 		if (sbi_hart_has_extension(scratch, SBI_HART_EXT_ZKR)) {
diff --git a/lib/sbi/sbi_timer.c b/lib/sbi/sbi_timer.c
index 86e0db5ab399..998a9a67c2f0 100644
--- a/lib/sbi/sbi_timer.c
+++ b/lib/sbi/sbi_timer.c
@@ -139,12 +139,7 @@ void sbi_timer_event_start(u64 next_event)
 	 * the older software to leverage sstc extension on newer hardware.
 	 */
 	if (sbi_hart_has_extension(sbi_scratch_thishart_ptr(), SBI_HART_EXT_SSTC)) {
-#if __riscv_xlen == 32
-		csr_write(CSR_STIMECMP, next_event & 0xFFFFFFFF);
-		csr_write(CSR_STIMECMPH, next_event >> 32);
-#else
-		csr_write(CSR_STIMECMP, next_event);
-#endif
+		csr_write64(CSR_STIMECMP, next_event);
 	} else if (timer_dev && timer_dev->timer_event_start) {
 		timer_dev->timer_event_start(next_event);
 		csr_clear(CSR_MIP, MIP_STIP);
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 2/8] lib: sbi: use 64 bit csr macros

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> Switch the most obvious cases to new macros.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>

LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

> ---
>  lib/sbi/sbi_hart.c  | 20 ++++----------------
>  lib/sbi/sbi_timer.c |  7 +------
>  2 files changed, 5 insertions(+), 22 deletions(-)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index c343805c57cb..2d9ee60fd36c 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -86,10 +86,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
>         }
>
>         if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
> -               mstateen_val = csr_read(CSR_MSTATEEN0);
> -#if __riscv_xlen == 32
> -               mstateen_val |= ((uint64_t)csr_read(CSR_MSTATEEN0H)) << 32;
> -#endif
> +               mstateen_val = csr_read64(CSR_MSTATEEN0);
>                 mstateen_val |= SMSTATEEN_STATEN;
>                 mstateen_val |= SMSTATEEN0_CONTEXT;
>                 mstateen_val |= SMSTATEEN0_HSENVCFG;
> @@ -110,17 +107,11 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                 else
>                         mstateen_val &= ~SMSTATEEN0_CTR;
>
> -               csr_write(CSR_MSTATEEN0, mstateen_val);
> -#if __riscv_xlen == 32
> -               csr_write(CSR_MSTATEEN0H, mstateen_val >> 32);
> -#endif
> +               csr_write64(CSR_MSTATEEN0, mstateen_val);
>         }
>
>         if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
> -               menvcfg_val = csr_read(CSR_MENVCFG);
> -#if __riscv_xlen == 32
> -               menvcfg_val |= ((uint64_t)csr_read(CSR_MENVCFGH)) << 32;
> -#endif
> +               menvcfg_val = csr_read64(CSR_MENVCFG);
>
>                 /* Disable double trap by default */
>                 menvcfg_val &= ~ENVCFG_DTE;
> @@ -156,10 +147,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                 if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SVADE))
>                         menvcfg_val &= ~ENVCFG_ADUE;
>
> -               csr_write(CSR_MENVCFG, menvcfg_val);
> -#if __riscv_xlen == 32
> -               csr_write(CSR_MENVCFGH, menvcfg_val >> 32);
> -#endif
> +               csr_write64(CSR_MENVCFG, menvcfg_val);
>
>                 /* Enable S-mode access to seed CSR */
>                 if (sbi_hart_has_extension(scratch, SBI_HART_EXT_ZKR)) {
> diff --git a/lib/sbi/sbi_timer.c b/lib/sbi/sbi_timer.c
> index 86e0db5ab399..998a9a67c2f0 100644
> --- a/lib/sbi/sbi_timer.c
> +++ b/lib/sbi/sbi_timer.c
> @@ -139,12 +139,7 @@ void sbi_timer_event_start(u64 next_event)
>          * the older software to leverage sstc extension on newer hardware.
>          */
>         if (sbi_hart_has_extension(sbi_scratch_thishart_ptr(), SBI_HART_EXT_SSTC)) {
> -#if __riscv_xlen == 32
> -               csr_write(CSR_STIMECMP, next_event & 0xFFFFFFFF);
> -               csr_write(CSR_STIMECMPH, next_event >> 32);
> -#else
> -               csr_write(CSR_STIMECMP, next_event);
> -#endif
> +               csr_write64(CSR_STIMECMP, next_event);
>         } else if (timer_dev && timer_dev->timer_event_start) {
>                 timer_dev->timer_event_start(next_event);
>                 csr_clear(CSR_MIP, MIP_STIP);
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 3/8] lib: sbi_hart: reset hstatus

[Radim Krčmář]

hstatus.HU must be cleared, because U-mode could otherwise use the
HLS/HSV instructions.  This would allow U-mode to read physical memory
directly if vgatp and vsatp was 0.

The remaining fields don't seem like a security vulnerability now, but
clearing the whole CSR is not an issue, so do that be safe.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index 2d9ee60fd36c..b66b89f6bc51 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -85,6 +85,9 @@ static void mstatus_init(struct sbi_scratch *scratch)
 #endif
 	}
 
+	if (misa_extension('H'))
+		csr_write(CSR_HSTATUS, 0);
+
 	if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
 		mstateen_val = csr_read64(CSR_MSTATEEN0);
 		mstateen_val |= SMSTATEEN_STATEN;
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 3/8] lib: sbi_hart: reset hstatus

[Anup Patel]

On Tue, Apr 15, 2025 at 7:00 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> hstatus.HU must be cleared, because U-mode could otherwise use the
> HLS/HSV instructions.  This would allow U-mode to read physical memory
> directly if vgatp and vsatp was 0.
>
> The remaining fields don't seem like a security vulnerability now, but
> clearing the whole CSR is not an issue, so do that be safe.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>

LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

> ---
>  lib/sbi/sbi_hart.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index 2d9ee60fd36c..b66b89f6bc51 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -85,6 +85,9 @@ static void mstatus_init(struct sbi_scratch *scratch)
>  #endif
>         }
>
> +       if (misa_extension('H'))
> +               csr_write(CSR_HSTATUS, 0);
> +
>         if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
>                 mstateen_val = csr_read64(CSR_MSTATEEN0);
>                 mstateen_val |= SMSTATEEN_STATEN;
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 4/8] lib: sbi_hart: reset sstateen and hstateen

[Radim Krčmář]

Not resetting sstateen is a potential security hole, because U might be
able to access state that S does not properly context-switch.
Similar for hstateen with VS and HS.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index b66b89f6bc51..c280c0b3e85e 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -111,6 +111,12 @@ static void mstatus_init(struct sbi_scratch *scratch)
 			mstateen_val &= ~SMSTATEEN0_CTR;
 
 		csr_write64(CSR_MSTATEEN0, mstateen_val);
+
+		if (misa_extension('S'))
+			csr_write(CSR_SSTATEEN0, 0);
+
+		if (misa_extension('H'))
+			csr_write64(CSR_HSTATEEN0, (uint64_t)0);
 	}
 
 	if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 4/8] lib: sbi_hart: reset sstateen and hstateen

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> Not resetting sstateen is a potential security hole, because U might be
> able to access state that S does not properly context-switch.
> Similar for hstateen with VS and HS.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>

LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

> ---
>  lib/sbi/sbi_hart.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index b66b89f6bc51..c280c0b3e85e 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -111,6 +111,12 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                         mstateen_val &= ~SMSTATEEN0_CTR;
>
>                 csr_write64(CSR_MSTATEEN0, mstateen_val);
> +
> +               if (misa_extension('S'))
> +                       csr_write(CSR_SSTATEEN0, 0);
> +
> +               if (misa_extension('H'))
> +                       csr_write64(CSR_HSTATEEN0, (uint64_t)0);
>         }
>
>         if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 5/8] lib: sbi_hart: fix sstateen emulation

[Radim Krčmář]

The Sstateen extension defines 4 sstateen registers, but SBI currently
configures the execution environment to throw illegal instruction
exception when accessing sstateen1-3.

SBI should implement all sstateen registers, so delegate the
implementation to hardware by setting the SE bit.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index c280c0b3e85e..b209f1cab27d 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -111,6 +111,9 @@ static void mstatus_init(struct sbi_scratch *scratch)
 			mstateen_val &= ~SMSTATEEN0_CTR;
 
 		csr_write64(CSR_MSTATEEN0, mstateen_val);
+		csr_write64(CSR_MSTATEEN1, SMSTATEEN_STATEN);
+		csr_write64(CSR_MSTATEEN2, SMSTATEEN_STATEN);
+		csr_write64(CSR_MSTATEEN3, SMSTATEEN_STATEN);
 
 		if (misa_extension('S'))
 			csr_write(CSR_SSTATEEN0, 0);
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 5/8] lib: sbi_hart: fix sstateen emulation

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> The Sstateen extension defines 4 sstateen registers, but SBI currently
> configures the execution environment to throw illegal instruction
> exception when accessing sstateen1-3.
>
> SBI should implement all sstateen registers, so delegate the
> implementation to hardware by setting the SE bit.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>

LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

> ---
>  lib/sbi/sbi_hart.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index c280c0b3e85e..b209f1cab27d 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -111,6 +111,9 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                         mstateen_val &= ~SMSTATEEN0_CTR;
>
>                 csr_write64(CSR_MSTATEEN0, mstateen_val);
> +               csr_write64(CSR_MSTATEEN1, SMSTATEEN_STATEN);
> +               csr_write64(CSR_MSTATEEN2, SMSTATEEN_STATEN);
> +               csr_write64(CSR_MSTATEEN3, SMSTATEEN_STATEN);
>
>                 if (misa_extension('S'))
>                         csr_write(CSR_SSTATEEN0, 0);
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 6/8] lib: sbi_hart: reset mstateen0

[Radim Krčmář]

The current logic clears some bits based on SBI known extensions.
Be safe and do not leave enabled anything that SBI doesn't control.

This is not a breaking change, because the register must be initialized
to 0 by the ISA on reset, but it is better to not depend on it when we
don't need to.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index b209f1cab27d..569f8008b523 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -89,7 +89,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
 		csr_write(CSR_HSTATUS, 0);
 
 	if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
-		mstateen_val = csr_read64(CSR_MSTATEEN0);
+		mstateen_val = 0;
 		mstateen_val |= SMSTATEEN_STATEN;
 		mstateen_val |= SMSTATEEN0_CONTEXT;
 		mstateen_val |= SMSTATEEN0_HSENVCFG;
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 6/8] lib: sbi_hart: reset mstateen0

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> The current logic clears some bits based on SBI known extensions.
> Be safe and do not leave enabled anything that SBI doesn't control.
>
> This is not a breaking change, because the register must be initialized
> to 0 by the ISA on reset, but it is better to not depend on it when we
> don't need to.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>

LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

> ---
>  lib/sbi/sbi_hart.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index b209f1cab27d..569f8008b523 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -89,7 +89,7 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                 csr_write(CSR_HSTATUS, 0);
>
>         if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN)) {
> -               mstateen_val = csr_read64(CSR_MSTATEEN0);
> +               mstateen_val = 0;
>                 mstateen_val |= SMSTATEEN_STATEN;
>                 mstateen_val |= SMSTATEEN0_CONTEXT;
>                 mstateen_val |= SMSTATEEN0_HSENVCFG;
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 7/8] lib: sbi_hart: add Ssstateen extension

[Radim Krčmář]

We already detect Smstateen, but Ssstateen exists as well and it doesn't
have the M-state CSRs.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 include/sbi/sbi_hart.h | 4 +++-
 lib/sbi/sbi_hart.c     | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/include/sbi/sbi_hart.h b/include/sbi/sbi_hart.h
index c3a7feb753d9..10d0cf447ba6 100644
--- a/include/sbi/sbi_hart.h
+++ b/include/sbi/sbi_hart.h
@@ -31,7 +31,7 @@ enum sbi_hart_extensions {
 	SBI_HART_EXT_SMAIA = 0,
 	/** HART has Smepmp */
 	SBI_HART_EXT_SMEPMP,
-	/** HART has Smstateen CSR **/
+	/** HART has mstateen*, sstateen*, and hstateen* CSRs **/
 	SBI_HART_EXT_SMSTATEEN,
 	/** Hart has Sscofpmt extension */
 	SBI_HART_EXT_SSCOFPMF,
@@ -79,6 +79,8 @@ enum sbi_hart_extensions {
 	SBI_HART_EXT_SMCTR,
 	/** HART has CTR S-mode CSRs */
 	SBI_HART_EXT_SSCTR,
+	/** HART has sstateen* and hstateen* CSRs **/
+	SBI_HART_EXT_SSSTATEEN,
 
 	/** Maximum index of Hart extension */
 	SBI_HART_EXT_MAX,
diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index 569f8008b523..bc0a73d1298d 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -695,6 +695,7 @@ const struct sbi_hart_ext_data sbi_hart_ext[] = {
 	__SBI_HART_EXT_DATA(ssdbltrp, SBI_HART_EXT_SSDBLTRP),
 	__SBI_HART_EXT_DATA(smctr, SBI_HART_EXT_SMCTR),
 	__SBI_HART_EXT_DATA(ssctr, SBI_HART_EXT_SSCTR),
+	__SBI_HART_EXT_DATA(ssstateen, SBI_HART_EXT_SSSTATEEN),
 };
 
 _Static_assert(SBI_HART_EXT_MAX == array_size(sbi_hart_ext),
@@ -936,6 +937,9 @@ __pmp_skip:
 	/* Detect if hart supports mstateen CSRs */
 	__check_ext_csr(SBI_HART_PRIV_VER_1_12,
 			CSR_MSTATEEN0, SBI_HART_EXT_SMSTATEEN);
+	/* Detect if hart supports sstateen CSRs */
+	__check_ext_csr(SBI_HART_PRIV_VER_1_12,
+			CSR_SSTATEEN0, SBI_HART_EXT_SSSTATEEN);
 	/* Detect if hart supports smcntrpmf */
 	__check_ext_csr(SBI_HART_PRIV_VER_1_12,
 			CSR_MCYCLECFG, SBI_HART_EXT_SMCNTRPMF);
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 7/8] lib: sbi_hart: add Ssstateen extension

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> We already detect Smstateen, but Ssstateen exists as well and it doesn't
> have the M-state CSRs.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
> ---
>  include/sbi/sbi_hart.h | 4 +++-
>  lib/sbi/sbi_hart.c     | 4 ++++
>  2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/include/sbi/sbi_hart.h b/include/sbi/sbi_hart.h
> index c3a7feb753d9..10d0cf447ba6 100644
> --- a/include/sbi/sbi_hart.h
> +++ b/include/sbi/sbi_hart.h
> @@ -31,7 +31,7 @@ enum sbi_hart_extensions {
>         SBI_HART_EXT_SMAIA = 0,
>         /** HART has Smepmp */
>         SBI_HART_EXT_SMEPMP,
> -       /** HART has Smstateen CSR **/
> +       /** HART has mstateen*, sstateen*, and hstateen* CSRs **/

Let's not define what Smstateen means here.

Smstateen implies only mstateen CSRs whereas
Sstateeen implies [h|s]stateen CSRs.

>         SBI_HART_EXT_SMSTATEEN,
>         /** Hart has Sscofpmt extension */
>         SBI_HART_EXT_SSCOFPMF,
> @@ -79,6 +79,8 @@ enum sbi_hart_extensions {
>         SBI_HART_EXT_SMCTR,
>         /** HART has CTR S-mode CSRs */
>         SBI_HART_EXT_SSCTR,
> +       /** HART has sstateen* and hstateen* CSRs **/

Same as above. Lets just say "HART has Sstateen extension".

> +       SBI_HART_EXT_SSSTATEEN,
>
>         /** Maximum index of Hart extension */
>         SBI_HART_EXT_MAX,
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index 569f8008b523..bc0a73d1298d 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -695,6 +695,7 @@ const struct sbi_hart_ext_data sbi_hart_ext[] = {
>         __SBI_HART_EXT_DATA(ssdbltrp, SBI_HART_EXT_SSDBLTRP),
>         __SBI_HART_EXT_DATA(smctr, SBI_HART_EXT_SMCTR),
>         __SBI_HART_EXT_DATA(ssctr, SBI_HART_EXT_SSCTR),
> +       __SBI_HART_EXT_DATA(ssstateen, SBI_HART_EXT_SSSTATEEN),
>  };
>
>  _Static_assert(SBI_HART_EXT_MAX == array_size(sbi_hart_ext),
> @@ -936,6 +937,9 @@ __pmp_skip:
>         /* Detect if hart supports mstateen CSRs */
>         __check_ext_csr(SBI_HART_PRIV_VER_1_12,
>                         CSR_MSTATEEN0, SBI_HART_EXT_SMSTATEEN);
> +       /* Detect if hart supports sstateen CSRs */
> +       __check_ext_csr(SBI_HART_PRIV_VER_1_12,
> +                       CSR_SSTATEEN0, SBI_HART_EXT_SSSTATEEN);
>         /* Detect if hart supports smcntrpmf */
>         __check_ext_csr(SBI_HART_PRIV_VER_1_12,
>                         CSR_MCYCLECFG, SBI_HART_EXT_SMCNTRPMF);
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

Otherwise, LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 7/8] lib: sbi_hart: add Ssstateen extension

[Radim Krčmář]

2025-04-28T18:08:12+05:30, Anup Patel <anup@brainfault.org>:
> On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>>
>> We already detect Smstateen, but Ssstateen exists as well and it doesn't
>> have the M-state CSRs.
>>
>> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
>> ---
>> diff --git a/include/sbi/sbi_hart.h b/include/sbi/sbi_hart.h
>> @@ -31,7 +31,7 @@ enum sbi_hart_extensions {
>>         SBI_HART_EXT_SMAIA = 0,
>>         /** HART has Smepmp */
>>         SBI_HART_EXT_SMEPMP,
>> -       /** HART has Smstateen CSR **/
>> +       /** HART has mstateen*, sstateen*, and hstateen* CSRs **/
>
> Let's not define what Smstateen means here.
>
> Smstateen implies only mstateen CSRs whereas
> Sstateeen implies [h|s]stateen CSRs.

The spec actually says that Smstateen is all of the CSRs and Sstateeen
misses mstateen*, but yeah, it's not that important...

Can I remove the comments instead?

SBI_HART_EXT_SMSTATEEN is obviously Smstateen, so I don't see the point
of the comment.

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 7/8] lib: sbi_hart: add Ssstateen extension

[Anup Patel]

On Mon, Apr 28, 2025 at 7:25 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> 2025-04-28T18:08:12+05:30, Anup Patel <anup@brainfault.org>:
> > On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
> >>
> >> We already detect Smstateen, but Ssstateen exists as well and it doesn't
> >> have the M-state CSRs.
> >>
> >> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
> >> ---
> >> diff --git a/include/sbi/sbi_hart.h b/include/sbi/sbi_hart.h
> >> @@ -31,7 +31,7 @@ enum sbi_hart_extensions {
> >>         SBI_HART_EXT_SMAIA = 0,
> >>         /** HART has Smepmp */
> >>         SBI_HART_EXT_SMEPMP,
> >> -       /** HART has Smstateen CSR **/
> >> +       /** HART has mstateen*, sstateen*, and hstateen* CSRs **/
> >
> > Let's not define what Smstateen means here.
> >
> > Smstateen implies only mstateen CSRs whereas
> > Sstateeen implies [h|s]stateen CSRs.
>
> The spec actually says that Smstateen is all of the CSRs and Sstateeen
> misses mstateen*, but yeah, it's not that important...
>
> Can I remove the comments instead?

I suggest keeping the comment as-is to be consistent
with other enum values.

>
> SBI_HART_EXT_SMSTATEEN is obviously Smstateen, so I don't see the point
> of the comment.
>

Since Smstateen cover Ssstateen as well, I suggest
SBI_HART_EXT_SMSTATEEN should imply
SBI_HART_EXT_SSSTATEEN

Regards,
Anup

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

[PATCH 8/8] lib: sbi_hart: properly reset Ssstateen

[Radim Krčmář]

sstateen* and hstateen* CSRs must be zeroed by M-mode if the mstateen*
registers are missing, to avoid security issues.

Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
 lib/sbi/sbi_hart.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index bc0a73d1298d..0f61e9cd1c98 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -114,12 +114,22 @@ static void mstatus_init(struct sbi_scratch *scratch)
 		csr_write64(CSR_MSTATEEN1, SMSTATEEN_STATEN);
 		csr_write64(CSR_MSTATEEN2, SMSTATEEN_STATEN);
 		csr_write64(CSR_MSTATEEN3, SMSTATEEN_STATEN);
+	}
 
-		if (misa_extension('S'))
+	if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN) ||
+	    sbi_hart_has_extension(scratch, SBI_HART_EXT_SSSTATEEN)) {
+		if (misa_extension('S')) {
 			csr_write(CSR_SSTATEEN0, 0);
-
-		if (misa_extension('H'))
+			csr_write(CSR_SSTATEEN1, 0);
+			csr_write(CSR_SSTATEEN2, 0);
+			csr_write(CSR_SSTATEEN3, 0);
+		}
+		if (misa_extension('H')) {
 			csr_write64(CSR_HSTATEEN0, (uint64_t)0);
+			csr_write64(CSR_HSTATEEN1, (uint64_t)0);
+			csr_write64(CSR_HSTATEEN2, (uint64_t)0);
+			csr_write64(CSR_HSTATEEN3, (uint64_t)0);
+		}
 	}
 
 	if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
-- 
2.48.1


-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 8/8] lib: sbi_hart: properly reset Ssstateen

[Anup Patel]

On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> sstateen* and hstateen* CSRs must be zeroed by M-mode if the mstateen*
> registers are missing, to avoid security issues.
>
> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
> ---
>  lib/sbi/sbi_hart.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index bc0a73d1298d..0f61e9cd1c98 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -114,12 +114,22 @@ static void mstatus_init(struct sbi_scratch *scratch)
>                 csr_write64(CSR_MSTATEEN1, SMSTATEEN_STATEN);
>                 csr_write64(CSR_MSTATEEN2, SMSTATEEN_STATEN);
>                 csr_write64(CSR_MSTATEEN3, SMSTATEEN_STATEN);
> +       }
>
> -               if (misa_extension('S'))
> +       if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN) ||
> +           sbi_hart_has_extension(scratch, SBI_HART_EXT_SSSTATEEN)) {

This should only check SSSTATEEEN.

> +               if (misa_extension('S')) {
>                         csr_write(CSR_SSTATEEN0, 0);
> -
> -               if (misa_extension('H'))
> +                       csr_write(CSR_SSTATEEN1, 0);
> +                       csr_write(CSR_SSTATEEN2, 0);
> +                       csr_write(CSR_SSTATEEN3, 0);
> +               }
> +               if (misa_extension('H')) {
>                         csr_write64(CSR_HSTATEEN0, (uint64_t)0);
> +                       csr_write64(CSR_HSTATEEN1, (uint64_t)0);
> +                       csr_write64(CSR_HSTATEEN2, (uint64_t)0);
> +                       csr_write64(CSR_HSTATEEN3, (uint64_t)0);
> +               }
>         }
>
>         if (sbi_hart_priv_version(scratch) >= SBI_HART_PRIV_VER_1_12) {
> --
> 2.48.1
>
>
> --
> opensbi mailing list
> opensbi@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

Otherwise, LGTM.

Reviewed-by: Anup Patel <anup@brainfault.org>

Regards,
Anup

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 8/8] lib: sbi_hart: properly reset Ssstateen

[Radim Krčmář]

2025-04-28T18:09:47+05:30, Anup Patel <anup@brainfault.org>:
> On Tue, Apr 15, 2025 at 8:13 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>>
>> sstateen* and hstateen* CSRs must be zeroed by M-mode if the mstateen*
>> registers are missing, to avoid security issues.
>>
>> Signed-off-by: Radim Krčmář <rkrcmar@ventanamicro.com>
>> ---
>> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
>> @@ -114,12 +114,22 @@ static void mstatus_init(struct sbi_scratch *scratch)
>>                 csr_write64(CSR_MSTATEEN1, SMSTATEEN_STATEN);
>>                 csr_write64(CSR_MSTATEEN2, SMSTATEEN_STATEN);
>>                 csr_write64(CSR_MSTATEEN3, SMSTATEEN_STATEN);
>> +       }
>>
>> -               if (misa_extension('S'))
>> +       if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMSTATEEN) ||
>> +           sbi_hart_has_extension(scratch, SBI_HART_EXT_SSSTATEEN)) {
>
> This should only check SSSTATEEEN.

Right, Smstateen implies Ssstateen, thanks.

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi

Re: [PATCH 0/8] Reset more security-related CSRs

[Anup Patel]

On Tue, Apr 15, 2025 at 7:00 PM Radim Krčmář <rkrcmar@ventanamicro.com> wrote:
>
> Hello,
>
> there is a possible security hole in the initial state of many CSRs that
> control isolation between privilege levels.
>
> [1,2/8] are making the rest easier to implement.
> The vulnerabilities get fixed in [3,4,8/8].
> [5/8] fixes a loosely-related opensbi bug.
>
> Radim Krčmář (8):
>   lib: sbi: add 64 bit csr macros
>   lib: sbi: use 64 bit csr macros
>   lib: sbi_hart: reset hstatus
>   lib: sbi_hart: reset sstateen and hstateen
>   lib: sbi_hart: fix sstateen emulation
>   lib: sbi_hart: reset mstateen0
>   lib: sbi_hart: add Ssstateen extension
>   lib: sbi_hart: properly reset Ssstateen

Good set of improvements. Thanks for catching these issues.

Regards,
Anup

-- 
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi