[PATCH] lib: utils: fdt_domain: add support for root domain region inheritance

Anup Patel anup at brainfault.org
Sat May 9 23:04:49 PDT 2026 

On Fri, Mar 27, 2026 at 10:04 AM Yu-Chien Peter Lin
<peter.lin at sifive.com> wrote:
>
> Add the "root-regions" property in domain device-tree nodes to
> allow domains to inherit all regions from the root domain. This
> simplifies configuration for domains that need access to most
> root domain regions with only minor exclusions or additions.

Overall, this is a good approach but I suggest renaming this property
to "root-regions-inheritance" which takes the following possible values:

1) "all" : Inherit all regions from the root domain
2) "su-only": Inherit regions accessible to S-mode or U-mode from the
root domain
3) "none": Inherit no regions from the root domain

>From the above, if "root-regions-inheritance" is not set then it is
assumed to be "su-only".

Regards,
Anup

>
> Signed-off-by: Yu-Chien Peter Lin <peter.lin at sifive.com>
> ---
>  docs/domain_support.md     |  4 ++++
>  lib/utils/fdt/fdt_domain.c | 46 +++++++++++++++++++++++---------------
>  2 files changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/docs/domain_support.md b/docs/domain_support.md
> index 93186c4a..a88f1cfb 100644
> --- a/docs/domain_support.md
> +++ b/docs/domain_support.md
> @@ -159,6 +159,10 @@ The DT properties of a domain instance DT node are as follows:
>  * **possible-harts** (Optional) - The list of CPU DT node phandles for the
>    the domain instance. This list represents the possible HARTs of the
>    domain instance.
> +* **root-regions** (Optional) - A boolean flag indicating whether this domain
> +  inherits ALL memory regions from the root domain. If this property is present,
> +  the domain will include with all root domain regions and then overlay with
> +  regions specified in the **regions** property for additional restrictions.
>  * **regions** (Optional) - The list of domain memory region DT node phandle
>    and access permissions for the domain instance. Each list entry is a pair
>    of DT node phandle and access permissions. The access permissions are
> diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c
> index b2fa8633..45407c22 100644
> --- a/lib/utils/fdt/fdt_domain.c
> +++ b/lib/utils/fdt/fdt_domain.c
> @@ -373,25 +373,35 @@ static int __fdt_parse_domain(const void *fdt, int domain_offset, void *opaque)
>         if (err)
>                 goto fail_free_all;
>
> -       /*
> -        * Copy over root domain memregions which don't allow
> -        * read, write and execute from lower privilege modes.
> -        *
> -        * These root domain memregions without read, write,
> -        * and execute permissions include:
> -        * 1) firmware region protecting the firmware memory
> -        * 2) mmio regions protecting M-mode only mmio devices
> -        */
> -       sbi_domain_for_each_memregion(&root, reg) {
> -               if ((reg->flags & SBI_DOMAIN_MEMREGION_SU_READABLE) ||
> -                   (reg->flags & SBI_DOMAIN_MEMREGION_SU_WRITABLE) ||
> -                   (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE))
> -                       continue;
> -               if (preg.max_regions <= preg.region_count) {
> -                       err = SBI_EINVAL;
> -                       goto fail_free_all;
> +       if (fdt_get_property(fdt, domain_offset, "root-regions", NULL)) {
> +               sbi_domain_for_each_memregion(&root, reg) {
> +                       if (preg.max_regions <= preg.region_count) {
> +                               err = SBI_EINVAL;
> +                               goto fail_free_all;
> +                       }
> +                       memcpy(&dom->regions[preg.region_count++], reg, sizeof(*reg));
> +               }
> +       } else {
> +               /*
> +                * Copy over root domain memregions which don't allow
> +                * read, write and execute from lower privilege modes.
> +                *
> +                * These root domain memregions without read, write,
> +                * and execute permissions include:
> +                * 1) firmware region protecting the firmware memory
> +                * 2) mmio regions protecting M-mode only mmio devices
> +                */
> +               sbi_domain_for_each_memregion(&root, reg) {
> +                       if ((reg->flags & SBI_DOMAIN_MEMREGION_SU_READABLE) ||
> +                           (reg->flags & SBI_DOMAIN_MEMREGION_SU_WRITABLE) ||
> +                           (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE))
> +                               continue;
> +                       if (preg.max_regions <= preg.region_count) {
> +                               err = SBI_EINVAL;
> +                               goto fail_free_all;
> +                       }
> +                       memcpy(&dom->regions[preg.region_count++], reg, sizeof(*reg));
>                 }
> -               memcpy(&dom->regions[preg.region_count++], reg, sizeof(*reg));
>         }
>         dom->fw_region_inited = root.fw_region_inited;
>
> --
> 2.48.0
>
>
> --
> opensbi mailing list
> opensbi at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

More information about the opensbi mailing list