Skip to content

GitLab

Switch branch/tag
Find file BlameHistoryPermalink
  • Jeenu Viswambharan's avatar
    BL31: Program Priority Mask for SMC handling · 3d732e23
    Jeenu Viswambharan authored 
    
On GICv3 systems, as a side effect of adding provision to handle EL3
interrupts (unconditionally routing FIQs to EL3), pending Non-secure
interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
[1]. This will inadvertently disrupt the semantics of Fast SMC
(previously called Atomic SMC) calls.

To retain semantics of Fast SMCs, the GIC PMR must be programmed to
prevent Non-secure interrupts from preempting Secure execution. To that
effect, two new functions in the Exception Handling Framework subscribe
to events introduced in an earlier commit:

  - Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
    the PMR is programmed to the highest Non-secure interrupt priority.

  - Upon 'cm_entering_normal_world', the previously stashed Non-secure
    PMR is restored.

The above sequence however prevents Yielding SMCs from being preempted
by Non-secure interrupts as intended. To facilitate this, the public API
exc_allow_ns_preemption() is introduced that programs the PMR to the
original Non-secure PMR value. Another API
exc_is_ns_preemption_allowed() is also introduced to check if
exc_allow_ns_preemption() had been called previously.

API documentation to follow.

[1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
    IRQs during Secure execution are signalled as IRQs, which aren't
    routed to EL3.

Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
    3d732e23
ehf.h 2.57 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 
/*
 * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#ifndef __EHF_H__
#define __EHF_H__

#ifndef __ASSEMBLY__

#include <stdint.h>
#include <utils_def.h>

/* Valid priorities set bit 0 of the priority handler. */
#define _EHF_PRI_VALID	(((uintptr_t) 1) << 0)

/* Marker for no handler registered for a valid priority */
#define _EHF_NO_HANDLER	(0 | _EHF_PRI_VALID)

/* Extract the specified number of top bits from 7 lower bits of priority */
#define EHF_PRI_TO_IDX(pri, plat_bits) \
	((pri & 0x7f) >> (7 - plat_bits))

/* Install exception priority descriptor at a suitable index */
#define EHF_PRI_DESC(plat_bits, priority) \
	[EHF_PRI_TO_IDX(priority, plat_bits)] = { \
		.ehf_handler = _EHF_NO_HANDLER, \
	}

/* Macro for platforms to regiter its exception priorities */
#define EHF_REGISTER_PRIORITIES(priorities, num, bits) \
	const ehf_priorities_t exception_data = { \
		.num_priorities = num, \
		.ehf_priorities = priorities, \
		.pri_bits = bits, \
	}

/*
 * Priority stack, managed as a bitmap.
 *
 * Currently only supports 32 priority levels, allowing platforms to use up to 5
 * top bits of priority. But the type can be changed to uint64_t should need
 * arise to support 64 priority levels, allowing platforms to use up to 6 top
 * bits of priority.
 */
typedef uint32_t ehf_pri_bits_t;

/*
 * Per-PE exception data. The data for each PE is kept as a per-CPU data field.
 * See cpu_data.h.
 */
typedef struct {
	ehf_pri_bits_t active_pri_bits;

	/* Priority mask value before any priority levels were active */
	uint8_t init_pri_mask;

	/* Non-secure priority mask value stashed during Secure execution */
	uint8_t ns_pri_mask;
} __aligned(sizeof(uint64_t)) pe_exc_data_t;

typedef int (*ehf_handler_t)(uint32_t intr_raw, uint32_t flags, void *handle,
		void *cookie);

typedef struct ehf_pri_desc {
	/*
	 * 4-byte-aligned exception handler. Bit 0 indicates the corresponding
	 * priority level is valid. This is effectively of ehf_handler_t type,
	 * but left as uintptr_t in order to make pointer arithmetic convenient.
	 */
	uintptr_t ehf_handler;
} ehf_pri_desc_t;

typedef struct ehf_priorities {
	ehf_pri_desc_t *ehf_priorities;
	unsigned int num_priorities;
	int pri_bits;
} ehf_priorities_t;

void ehf_init(void);
void ehf_activate_priority(unsigned int priority);
void ehf_deactivate_priority(unsigned int priority);
void ehf_register_priority_handler(unsigned int pri, ehf_handler_t handler);
void ehf_allow_ns_preemption(void);
unsigned int ehf_is_ns_preemption_allowed(void);

#endif /* __ASSEMBLY__ */

#endif /* __EHF_H__ */