riscv: pmp: Ensure trailing PMP entries are cleared #97238
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In `z_riscv_pmp_stackguard_enable`, the call to `write_pmp_entries` has been updated to set the `clear_trailing_entries` argument to `true`. This change ensures that any PMP entries beyond the ones being actively configured are disabled. This is particularly critical for systems transitioning between different execution stages, such as jumping from Read-Only (RO) firmware to Read-Write (RW) firmware, where each stage may define its own set of PMP entries. Without clearing, stale configurations from the RO stage could persist after transitioning to the RW stage. While the presence of a catch-all PMP entry might render this change somewhat cosmetic in terms of security, explicitly clearing unused trailing entries ensures a cleaner PMP state. This not only helps prevent subtle functional bugs due to unexpected lingering permissions but also significantly improves clarity during visual debugging of the PMP register settings. Signed-off-by: Firas Sammoura <[email protected]>
zephyrbot
added
size: XS
zephyrbot
requested review from
VynDragon,
edersondisouza,
fkokosinski,
katsuster,
kgugala,
masz-nordic,
mgielda,
npitre,
tgorochowik and
ycsin
|
|
Not sure if this is the right approach, since this will add an unnecessary overhead on every context switch for the vast majority of platforms. If we have a special need to clear PMP entries from a previous stage, can we implement a conditionally executed routine (configured with Kconfig) to clear said PMP entries? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
z_riscv_pmp_stackguard_enable, the call towrite_pmp_entrieshas been updated to set theclear_trailing_entriesargument totrue.This change ensures that any PMP entries beyond the ones being actively configured are disabled. This is particularly critical for systems transitioning between different execution stages, such as jumping from Read-Only (RO) firmware to Read-Write (RW) firmware, where each stage may define its own set of PMP entries.
Without clearing, stale configurations from the RO stage could persist after transitioning to the RW stage. While the presence of a catch-all PMP entry might render this change somewhat cosmetic in terms of security, explicitly clearing unused trailing entries ensures a cleaner PMP state. This not only helps prevent subtle functional bugs due to unexpected lingering permissions but also significantly improves clarity during visual debugging of the PMP register settings.