[PATCH 5/8] lib: sbi_domain_context: skip the reserved entry during domain context switch

Thu Aug 14 22:54:16 PDT 2025

Hi Peter,

> -----Original Message-----
> From: Yu-Chien Peter Lin <peter.lin at sifive.com>
> Sent: Thursday, August 14, 2025 7:05 PM
> To: opensbi at lists.infradead.org
> Cc: zong.li at sifive.com; greentime.hu at sifive.com; Alvin Che-Chia Chang(張哲
> 嘉) <alvinga at andestech.com>; Yu-Chien Peter Lin <peter.lin at sifive.com>
> Subject: [PATCH 5/8] lib: sbi_domain_context: skip the reserved entry during
> domain context switch
>
> [EXTERNAL MAIL]
>
> The reserved entry is activated to create shared region between M-mode and
> S-mode, it should remain unchanged during domain context switch.
>
> Signed-off-by: Yu-Chien Peter Lin <peter.lin at sifive.com>
> ---
>  lib/sbi/sbi_domain_context.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/lib/sbi/sbi_domain_context.c b/lib/sbi/sbi_domain_context.c index
> fb04d81d..1812c7c9 100644
> --- a/lib/sbi/sbi_domain_context.c
> +++ b/lib/sbi/sbi_domain_context.c
> @@ -116,6 +116,11 @@ static void switch_to_next_domain_context(struct
> hart_context *ctx,
>
>         /* Reconfigure PMP settings for the new domain */
>         for (int i = 0; i < pmp_count; i++) {
> +               /* Skip the reserved entry when SmePMP is enabled */
> +               if (sbi_hart_has_extension(scratch,
> SBI_HART_EXT_SMEPMP) &&
> +                   (i == SBI_SMEPMP_RESV_ENTRY)) {
> +                       continue;
> +               }

Is this reserved entry mapped(activated) during domain context switch ?
If my understanding is correct, the mapped reserved entry creates shared region between M-mode and "current supervisor domain".
Now we are performing domain context switch to "next supervisor domain which does not have permission to access that shared region".
In my opinion, this reserved entry should be disabled for security reason.

Maybe OpenSBI should "context-switch" the reserved entry?
If the reserved entry is mapped during the domain A, and system switches to domain B without unmapping the reserved entry.
Does this mean that OpenSBI cannot call sbi_hart_map_saddr() to map shared-region with domain B? Because the function will return SBI_ENOSPC in this case.

Best regards,
Alvin

>                 sbi_platform_pmp_disable(sbi_platform_thishart_ptr(), i);
>                 pmp_disable(i);
>         }
> --
> 2.39.3

CONFIDENTIALITY NOTICE:

This e-mail (and its attachments) may contain confidential and legally privileged information or information protected from disclosure. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein is strictly prohibited. In this case, please immediately notify the sender by return e-mail, delete the message (and any accompanying documents) and destroy all printed hard copies. Thank you for your cooperation.