[PATCH] lib: sbi: Apply budget restriction when polling Zkr CSR state transition

Anup Patel anup at brainfault.org
Fri Jun 12 05:55:23 PDT 2026 

On Wed, May 20, 2026 at 4:20 AM Evgeny Voevodin
<evvoevod at tenstorrent.com> wrote:
>
> Zkr architecture doesn't define a time limit on state transitions
> which results in hanging on unresponsive or event-driven platforms.
> To prevent this, we need to limit polling iterations and fall back
> in case the budget is over, and stack guard keeps its initial value.
> The budget is configurable with CONFIG_SBI_INIT_ZKR_POLL_BUDGET,
> defaulting to 1000 iterations.
> Successful reads do not consume a try.
>
> Signed-off-by: Evgeny Voevodin <evvoevod at tenstorrent.com>
> ---
>  lib/sbi/Kconfig    | 12 ++++++++++++
>  lib/sbi/sbi_init.c | 12 +++++++++---
>  2 files changed, 21 insertions(+), 3 deletions(-)
>
> diff --git a/lib/sbi/Kconfig b/lib/sbi/Kconfig
> index c6cc04bc..a11f788c 100644
> --- a/lib/sbi/Kconfig
> +++ b/lib/sbi/Kconfig
> @@ -6,6 +6,18 @@ config CONSOLE_EARLY_BUFFER_SIZE
>         int "Early console buffer size (bytes)"
>         default 256
>
> +config SBI_INIT_ZKR_POLL_BUDGET

The SBI_INIT_ prefix is not needed otherwise looks good to me.
I will take care of it at the time of merging this patch.

> +       int "Zkr seed polling budget (iterations)"
> +       default 1000
> +       help
> +         Maximum number of iterations to poll CSR_SEED when initializing
> +         the stack guard variable. The Zkr specification doesn't define
> +         a time limit on transitioning to ES16 between polls, which
> +         makes it impossible to tell whether entropy is being
> +         accumulated slowly or the entropy source is not functioning.
> +         This also limits the wait time on systems with an event-driven
> +         entropy source. A successful read doesn't consume a try.
> +
>  config SBI_ECALL_TIME
>         bool "Timer extension"
>         default y
> diff --git a/lib/sbi/sbi_init.c b/lib/sbi/sbi_init.c
> index b248e73f..7a0c4f74 100644
> --- a/lib/sbi/sbi_init.c
> +++ b/lib/sbi/sbi_init.c
> @@ -280,20 +280,26 @@ static void __noreturn init_coldboot(struct sbi_scratch *scratch, u32 hartid)
>         if (sbi_hart_has_extension(scratch, SBI_HART_EXT_ZKR)) {
>                 unsigned long guard_val = 0;
>                 int chunks = sizeof(unsigned long) / sizeof(uint16_t);
> -               bool res = true;
> +               unsigned int tries = CONFIG_SBI_INIT_ZKR_POLL_BUDGET;
> +               bool res = false;
>
> -               while (chunks) {
> +               while (chunks && tries) {
>                         unsigned long seed = csr_swap(CSR_SEED, 0);
>                         unsigned long opst = seed & SEED_OPTS_MASK;
> +                       res = false;
>
>                         if (opst == SEED_OPTS_DEAD) {
> -                               res = false;
>                                 break;
>                         }
>                         if (opst == SEED_OPTS_ES16) {
>                                 guard_val = (guard_val << 16) | (seed & SEED_ENTROPY_MASK);
>                                 chunks--;
> +                               res = true;
> +                               /* Successful read doesn't consume a try */
> +                               tries++;
>                         }
> +
> +                       tries--;
>                         continue;
>                 }
>                 if (res)
> --
> 2.43.0
>
>
> --
> opensbi mailing list
> opensbi at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

Reviewed-by: Anup Patel <anup at brainfault.org>

Applied this patch to the riscv/opensbi repo.

Thanks,
Anup

More information about the opensbi mailing list