arch: riscv: Add riscv_pmp_clear_all() to reset PMP entries

Introduce the new function `riscv_pmp_clear_all()` to reset the Physical
Memory Protection (PMP) configuration.

This function iterates through all configured PMP slots. For each entry,
it writes 0x0 to the entry's 8-bit configuration register. This action
attempts to clear all fields, including the Address Matching Mode (A) bits
(setting the region type to OFF), the permission bits (R, W, X), and
the Lock (L) bit.

According to the RISC-V specification, any writes to the configuration
or address registers of a locked PMP entry are ignored. Thus, locked
entries will remain unchanged, while all non-locked entries will be
effectively disabled and their permissions cleared.

The function ensures it operates in Machine mode with MSTATUS.MPRV = 0
and MSTATUS.MPP = M-mode before modifying any PMP Control and Status
Registers (CSRs).

This provides a mechanism to clear all non-locked PMP regions,
returning them to a default disabled state. The function declaration is
exposed in the `include/zephyr/arch/riscv/pmp.h` header file, making it
available for inclusion and use by external modules.

It is recommended for firmware to call this function before transitioning
from a Read-Only (RO) stage to a Read-Write (RW) stage. This ensures
that any PMP settings established during the RO phase, which might no
longer be appropriate, are cleared, providing a clean and secure base
PMP configuration for the RW firmware.

Signed-off-by: Firas Sammoura <[email protected]>

Author: fsammoura1980

arch/riscv/core/pmp.c

@@ -345,6 +345,52 @@ static unsigned long global_pmp_last_addr;
 /* End of global PMP entry range */
 static unsigned int global_pmp_end_index;
 
+void riscv_pmp_clear_all(void)
+{
+	/*
+	 * Ensure we are in M-mode and that memory accesses use M-mode privileges
+	 * (MPRV=0). We also set MPP to M-mode to establish a predictable prior privilege level.
+	 */
+	csr_clear(mstatus, MSTATUS_MPRV);
+	csr_set(mstatus, MSTATUS_MPP);
+
+	unsigned long pmp_cfg[CONFIG_PMP_SLOTS / PMPCFG_STRIDE];
+
+#ifdef CONFIG_64BIT
+	pmp_cfg[0] = csr_read(pmpcfg0);
+#if CONFIG_PMP_SLOTS > 8
+	pmp_cfg[1] = csr_read(pmpcfg2);
+#endif
+#else
+	pmp_cfg[0] = csr_read(pmpcfg0);
+	pmp_cfg[1] = csr_read(pmpcfg1);
+#if CONFIG_PMP_SLOTS > 8
+	pmp_cfg[2] = csr_read(pmpcfg2);
+	pmp_cfg[3] = csr_read(pmpcfg3);
+#endif
+#endif
+
+	uint8_t *pmp_n_cfg = (uint8_t *)pmp_cfg;
+
+	for (int index = 0; index < CONFIG_PMP_SLOTS; ++index) {
+		pmp_n_cfg[index] = 0x0;
+	}
+
+#ifdef CONFIG_64BIT
+	csr_write(pmpcfg0, pmp_cfg[0]);
+#if CONFIG_PMP_SLOTS > 8
+	csr_write(pmpcfg2, pmp_cfg[1]);
+#endif
+#else
+	csr_write(pmpcfg0, pmp_cfg[0]);
+	csr_write(pmpcfg1, pmp_cfg[1]);
+#if CONFIG_PMP_SLOTS > 8
+	csr_write(pmpcfg2, pmp_cfg[2]);
+	csr_write(pmpcfg3, pmp_cfg[3]);
+#endif
+#endif
+}
+
 /**
  * @Brief Initialize the PMP with global entries on each CPU
  */

include/zephyr/arch/riscv/pmp.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2025 Alphabet
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef ZEPHYR_INCLUDE_RISCV_PMP_H_
+#define ZEPHYR_INCLUDE_RISCV_PMP_H_
+
+ #include <zephyr/arch/riscv/arch.h>
+
+#ifdef CONFIG_RISCV_PMP
+
+/**
+ * @brief Resets all unlocked PMP entries to OFF mode (Null Region).
+ *
+ * This function is used to securely clear the PMP configuration. It first
+ * ensures the execution context is M-mode by setting MSTATUS_MPRV=0 and
+ * MSTATUS_MPP=M-mode. It then reads all pmpcfgX CSRs, iterates through
+ * the configuration bytes, and clears the Address Matching Mode bits (PMP_A)
+ * for any entry that is not locked (PMP_L is clear), effectively disabling the region.
+ */
+void riscv_pmp_clear_all(void);
+
+#endif
+
+#endif /* ZEPHYR_INCLUDE_RISCV_PMP_H_ */