From 8e3032f921ae62bebbb2bf4c573864313357ee76 Mon Sep 17 00:00:00 2001 From: Jeenu Viswambharan Date: Mon, 22 Jan 2018 12:04:13 +0000 Subject: [PATCH 1/2] SDEI: Pop dispatch context only after error checking Currently, when the client attempts to do SDEI_EVENT_COMPLETE or SDEI_EVENT_COMPLETE_AND_RESUME, the dispatcher pops off the outstanding dispatch context for sanity check. There are however other checks following this, which could potentially return failure. If that happens, by popping the context, the dispatcher has inadvertently discarded a valid context. This patch fixes this bug by inspecting (not actually popping) the outstanding context. The context is popped only after all error checks are completed. Change-Id: Ie199f6442f871a8177a8247a0c646543bad76d21 Signed-off-by: Jeenu Viswambharan --- services/std_svc/sdei/sdei_intr_mgmt.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/services/std_svc/sdei/sdei_intr_mgmt.c b/services/std_svc/sdei/sdei_intr_mgmt.c index 42bf46d0f..2717ea43b 100644 --- a/services/std_svc/sdei/sdei_intr_mgmt.c +++ b/services/std_svc/sdei/sdei_intr_mgmt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -556,7 +556,7 @@ int sdei_event_complete(int resume, uint64_t pc) unsigned int client_el = sdei_client_el(); /* Return error if called without an active event */ - disp_ctx = pop_dispatch(); + disp_ctx = get_outstanding_dispatch(); if (!disp_ctx) return SDEI_EDENY; @@ -566,15 +566,8 @@ int sdei_event_complete(int resume, uint64_t pc) map = disp_ctx->map; assert(map); - se = get_event_entry(map); - SDEI_LOG("EOI:%lx, %d spsr:%lx elr:%lx\n", read_mpidr_el1(), - map->ev_num, read_spsr_el3(), read_elr_el3()); - - if (is_event_shared(map)) - sdei_map_lock(map); - act = resume ? DO_COMPLETE_RESUME : DO_COMPLETE; if (!can_sdei_state_trans(se, act)) { if (is_event_shared(map)) @@ -582,6 +575,15 @@ int sdei_event_complete(int resume, uint64_t pc) return SDEI_EDENY; } + /* Having done sanity checks, pop dispatch */ + pop_dispatch(); + + SDEI_LOG("EOI:%lx, %d spsr:%lx elr:%lx\n", read_mpidr_el1(), + map->ev_num, read_spsr_el3(), read_elr_el3()); + + if (is_event_shared(map)) + sdei_map_lock(map); + /* * Restore Non-secure to how it was originally interrupted. Once done, * it's up-to-date with the saved copy. From f2928f5baeb0b3f895bb84a99e54bc52a97908bf Mon Sep 17 00:00:00 2001 From: Jeenu Viswambharan Date: Tue, 16 Jan 2018 09:29:30 +0000 Subject: [PATCH 2/2] SDEI: Add prioritisation clarification To make exception handling amongst Secure components, require that SDEI exception priorities must be assigned the lowest among Secure priorities. Clarify documentation to this effect. Change-Id: I92524b7b7e9b3fa06a10c86372bc3c4dd18c00ad Signed-off-by: Jeenu Viswambharan --- docs/porting-guide.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index de05e0338..ec613c846 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -2041,9 +2041,9 @@ This macro must be defined to the EL3 exception priority level associated with Critical SDEI events on the platform. This must have a lower value (therefore of higher priority) than ``PLAT_SDEI_NORMAL_PRI``. -It's recommended that SDEI exception priorities in general are assigned the -lowest among Secure priorities. Among the SDEI exceptions, Critical SDEI -priority must be higher than Normal SDEI priority. +**Note**: SDEI exception priorities must be the lowest among Secure priorities. +Among the SDEI exceptions, Critical SDEI priority must be higher than Normal +SDEI priority. Functions .........