[PATCH 0/2] lib: sbi: sse: fix interrupted context corruption

[Anup Patel]

On Thu, Apr 30, 2026 at 3:53 PM Zhanpeng Zhang
<zhangzhanpeng.jasper at bytedance.com> wrote:
>
> SSE `inject` builds a synthetic S-mode context to enter the registered
> S-mode handler. After the handler calls `complete`, OpenSBI resumes the
> context that was interrupted by the SSE event. That makes the SSE
> entry/completion path different from a normal interrupt path: the state
> visible while the handler is running is not necessarily the state that
> should be restored when the handler completes.

If the handler wants to resume somewhere else then it can directly
update various GPRs, sstatus, hstatus, and event attributes. The
SBI implementation is not required to hidden state.

>
> The current code reconstructs part of the interrupted state from the
> handler-visible trap state and from the ABI-visible interrupted flags.
> That exposes two bugs:
>
>   - KVM Context Corruption
>
>     If SSE interrupts KVM guest execution, OpenSBI must restore the
>     virtualization state that was active before it entered the S-mode
>     handler context. Restoring only hstatus SPV/SPVP is insufficient on
>     a virtualization-enabled system because hstatus carries more H-mode
>     state. Likewise, MPV must come from the state captured before
>     OpenSBI rewrites the trap state for handler entry. Reconstructing
>     these values from handler-visible state can corrupt the KVM resume
>     context.

The SBI SEE spec intentionally exposes previous virt state via
hstatus.SPV and restores it from the same bit. This allows supervisor
software to resume in non-virt state after taking SEE in host from
virt state.

>     This follows the earlier discussion [1].
>
>   - SSE Handler's SSTATUS Leakage
>
>     SSE can interrupt kernel execution at any point and run a complex
>     handler. PMU-SSE is a real-world example: with PMU-SSE
>     enabled, `perf top` repeatedly enters the SSE handler and completion
>     paths at a high frequency. Any synthetic handler SIE/SPIE/SPP state
>     that leaks into the SSE-interrupted context is quickly exposed. With
>     the previous version, this could resume with mismatched privilege and
>     interrupt state and lead to an "environment call from U-mode" panic.
>
> Fix this by adding OpenSBI's private resume-state to `sbi_sse_event`.
> This state must persist from `inject` to `complete`, but it must not be
> stored in the SSE attributes: the attributes are ABI-visible and can be
> updated by the S-mode handler. Patch 1 saves and restores hstatus and
> the interrupted virtualization state. Patch 2 saves and restores the
> interrupted S-mode SIE/SPIE/SPP bits as a unit.

NACK. The OpenSBI implementation is saving/restoring minimal
possible state as defined the SBI SSE spec. It is supervisor software's
responsiblity to update the supervisor state (including HS-mode) if
it wants to resume from somewhere else.

>
> PATCH 1 is the OpenSBI side of the KVM context corruption fix. The
> related Linux side should preserve the kernel stvec in do_sse() to help
> protect the virtualization context. I will send the relevant Linux
> patchset updates in the near future.
>
> [1] https://lore.kernel.org/r/9290f53d-3545-4299-9781-c1c558f71158@rivosinc.com
>
> Zhanpeng Zhang (2):
>   lib: sbi: sse: fix KVM context corruption
>   lib: sbi: sse: fix SSE handler sstatus leakage
>
>  lib/sbi/sbi_sse.c | 80 ++++++++++++++++++++++++++++++++-----------------------
>  1 file changed, 47 insertions(+), 33 deletions(-)
>

This series is trying to fix the issue at wrong place so NACK from myside.
Please carefully read the SBI SSE spec.

Regards,
Anup