[PATCH v2 6/8] lib: sbi_domain: ensure consistent firmware PMP entries

Anup Patel anup at brainfault.org
Sun Nov 2 03:04:20 PST 2025 

On Wed, Oct 8, 2025 at 2:15 PM Yu-Chien Peter Lin <peter.lin at sifive.com> wrote:
>
> During domain context switches, all PMP entries are reconfigured
> which can clear firmware access permissions, causing M-mode access
> faults under SmePMP.
>
> Sort domain regions to place firmware regions first, ensuring
> consistent firmware PMP entries so they won't be revoked during
> domain context switches.
>
> Signed-off-by: Yu-Chien Peter Lin <peter.lin at sifive.com>

Reviewed-by: Anup Patel <anup at brainfault.org>

Thanks,
Anup

> ---
>  include/sbi/sbi_domain.h |  3 +++
>  lib/sbi/sbi_domain.c     | 14 ++++++++++++++
>  2 files changed, 17 insertions(+)
>
> diff --git a/include/sbi/sbi_domain.h b/include/sbi/sbi_domain.h
> index 9193feb0..1196d609 100644
> --- a/include/sbi/sbi_domain.h
> +++ b/include/sbi/sbi_domain.h
> @@ -121,6 +121,9 @@ struct sbi_domain_memregion {
>                 ((__flags & SBI_DOMAIN_MEMREGION_SU_ACCESS_MASK)  &&    \
>                  !(__flags & SBI_DOMAIN_MEMREGION_M_ACCESS_MASK))
>
> +#define SBI_DOMAIN_MEMREGION_IS_FIRMWARE(__flags)                      \
> +               ((__flags & SBI_DOMAIN_MEMREGION_FW) ? true : false)    \
> +
>  /** Bit to control if permissions are enforced on all modes */
>  #define SBI_DOMAIN_MEMREGION_ENF_PERMISSIONS   (1UL << 6)
>
> diff --git a/lib/sbi/sbi_domain.c b/lib/sbi/sbi_domain.c
> index 968fe61b..657de10d 100644
> --- a/lib/sbi/sbi_domain.c
> +++ b/lib/sbi/sbi_domain.c
> @@ -294,6 +294,20 @@ static bool is_region_compatible(const struct sbi_domain_memregion *regA,
>  static bool is_region_before(const struct sbi_domain_memregion *regA,
>                              const struct sbi_domain_memregion *regB)
>  {
> +       /*
> +        * Enforce firmware region ordering for memory access
> +        * under SmePMP.
> +        * Place firmware regions first to ensure consistent
> +        * PMP entries during domain context switches.
> +        */
> +       if (SBI_DOMAIN_MEMREGION_IS_FIRMWARE(regA->flags) &&
> +          !SBI_DOMAIN_MEMREGION_IS_FIRMWARE(regB->flags))
> +               return true;
> +       if (!SBI_DOMAIN_MEMREGION_IS_FIRMWARE(regA->flags) &&
> +           SBI_DOMAIN_MEMREGION_IS_FIRMWARE(regB->flags))
> +               return false;
> +
> +

Redundant newline here otherwise it looks good to me.

Reviewed-by: Anup Patel <anup at brainfault.org>

Thanks,
Anup

More information about the opensbi mailing list