From fbb5fe811d453c11dbcacf8cfe2fa7e445834475 Mon Sep 17 00:00:00 2001
From: Deepak Gupta <debug@rivosinc.com>
Date: Mon, 24 Nov 2025 14:03:39 -0800
Subject: [PATCH] lib: sbi: expected trap must always clear MPRV

Expected trap must always clear MPRV. Currently it doesn't. There is a
security issue here where if firmware was doing ld/st with MPRV=1 and
since there would be a expected trap, opensbi will continue to run as
MPRV=1. Security impact is DoS where opensbi will just keep trapping.

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20251124220339.3695940-1-debug@rivosinc.com
Signed-off-by: Anup Patel <anup@brainfault.org>
---
 lib/sbi/sbi_expected_trap.S | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/sbi/sbi_expected_trap.S b/lib/sbi/sbi_expected_trap.S
index 99dede5f..f85a0082 100644
--- a/lib/sbi/sbi_expected_trap.S
+++ b/lib/sbi/sbi_expected_trap.S
@@ -23,6 +23,8 @@
 	.global __sbi_expected_trap
 __sbi_expected_trap:
 	/* Without H-extension so, MTVAL2 and MTINST CSRs and GVA not available */
+	li	a4, MSTATUS_MPRV
+	csrc	CSR_MSTATUS, a4
 	csrr	a4, CSR_MCAUSE
 	REG_S	a4, SBI_TRAP_INFO_OFFSET(cause)(a3)
 	csrr	a4, CSR_MTVAL
@@ -39,6 +41,8 @@ __sbi_expected_trap:
 	.global __sbi_expected_trap_hext
 __sbi_expected_trap_hext:
 	/* With H-extension so, MTVAL2 and MTINST CSRs and GVA available */
+	li	a4, MSTATUS_MPRV
+	csrc	CSR_MSTATUS, a4
 	csrr	a4, CSR_MCAUSE
 	REG_S	a4, SBI_TRAP_INFO_OFFSET(cause)(a3)
 	csrr	a4, CSR_MTVAL