Page MenuHomePhabricator

NSC call broken on NSPE interrupt disabled
Closed, ResolvedPublic


The issue happens in TF-M 1.4, not in TF-M 1.3.

From 1.3 to 1.4, the following commit is the point:
SPM: Correct the PendSV priority value

In the commit, PendSV priority is raised from (0x80 - 1) to 0x80.

On Mbed/TF-M M2354, the following flow will fail:

  1. In TF-M, AIRCR.PRIS set, NSPE priority is 0x80~0xFF.
  2. In Mbed, interrupt disabled (PRIMASK_NS.PM set), NSPE priority is raised to 0x80.
  3. Mbed calls into TF-M via NSC.
  4. In TF-M, on exit from Secure SVC, Secure PendSV (TF-M scheduler) is expected to run, but incorrectly masked by NSPE priority 0x80.

So Secure PendSV priority should adjust back to (0x80 - 1) from just 0x80.

Event Timeline

ccli8 created this task.Sep 17 2021, 1:44 AM

I think you're right.
The Secure PendSV is masked by NSPE, although it has the same priority value 0x80.
It has to have a lower value to preempt the NSPE, having an equal priority value does not work.

Revert patch is created:


Thanks for your check. Would you also backport the patch to TF-M 1.4?


The 1.4.x branch is only intended for security fixes.

So this fix will not be backported. Sorry for the inconvenience.

kevin-peng-hao closed this task as Resolved.Nov 23 2021, 6:54 AM

The fix has been merged. Close the issue.