Page MenuHomePhabricator

NSC call broken on NSPE interrupt disabled
Open, Needs TriagePublic

Description

The issue happens in TF-M 1.4, not in TF-M 1.3.

From 1.3 to 1.4, the following commit is the point:
91d9f7403cb476539b74cc06de82483977daf3a0
SPM: Correct the PendSV priority value

In the commit, PendSV priority is raised from (0x80 - 1) to 0x80.

On Mbed/TF-M M2354, the following flow will fail:

  1. In TF-M, AIRCR.PRIS set, NSPE priority is 0x80~0xFF.
  2. In Mbed, interrupt disabled (PRIMASK_NS.PM set), NSPE priority is raised to 0x80.
  3. Mbed calls into TF-M via NSC.
  4. In TF-M, on exit from Secure SVC, Secure PendSV (TF-M scheduler) is expected to run, but incorrectly masked by NSPE priority 0x80.

So Secure PendSV priority should adjust back to (0x80 - 1) from just 0x80.

Event Timeline

ccli8 created this task.Sep 17 2021, 1:44 AM

I think you're right.
The Secure PendSV is masked by NSPE, although it has the same priority value 0x80.
It has to have a lower value to preempt the NSPE, having an equal priority value does not work.

Revert patch is created:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11565

Hi,

Thanks for your check. Would you also backport the patch to TF-M 1.4?

Hi,

The 1.4.x branch is only intended for security fixes.
https://developer.trustedfirmware.org/w/collaboration/tf_m_security_patch_release/

So this fix will not be backported. Sorry for the inconvenience.