From 7671008fcfc826dbc3166ff1bdbb9cd7fbc7f68b Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Mon, 20 Nov 2023 12:22:08 +0000 Subject: [PATCH] fix(ehf): restrict secure world FIQ routing model to SPM_MM Exception handling framework (EHF) changes the semantics of interrupts, sync and async external aborts. As far as interrupts are concerned it changes the routing model of foreign interrupts (FIQs) by changing SCR_EL3.FIQ to 1 for both non-secure and secure except when SPMD is used along with Hafnium/SPM at S-EL2 [1]. For NS world it means : G1S and G0 interrupts are routed to EL3 For Secure world it means : G1NS and G0 are routed to EL3 There is no upstream use case utilizing EHF and re-routing EL3 interrupts to the Secure world except when SPM_MM is present. Modify the FIQ routing model during EHF init just for known use cases, Always for NS world and for secure world only if SPM_MM is present. [1]:https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16047 Signed-off-by: Manish Pandey Change-Id: Ic292bbe8dd02d560aece5802d79569d868d8500f --- bl31/ehf.c | 9 +++------ include/bl31/interrupt_mgmt.h | 4 ++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/bl31/ehf.c b/bl31/ehf.c index 6f3d9412e..5b78ebb13 100644 --- a/bl31/ehf.c +++ b/bl31/ehf.c @@ -478,13 +478,10 @@ void __init ehf_init(void) /* Route EL3 interrupts when in Non-secure. */ set_interrupt_rm_flag(flags, NON_SECURE); - /* - * Route EL3 interrupts when in secure, only when SPMC is not present - * in S-EL2. - */ -#if !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) + /* Route EL3 interrupts only when SPM_MM present in secure. */ +#if SPM_MM set_interrupt_rm_flag(flags, SECURE); -#endif /* !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) */ +#endif /* Register handler for EL3 interrupts */ ret = register_interrupt_type_handler(INTR_TYPE_EL3, diff --git a/include/bl31/interrupt_mgmt.h b/include/bl31/interrupt_mgmt.h index 21af112a0..8b9dfb646 100644 --- a/include/bl31/interrupt_mgmt.h +++ b/include/bl31/interrupt_mgmt.h @@ -107,10 +107,10 @@ static inline int32_t validate_ns_interrupt_rm(uint32_t x) static inline int32_t validate_el3_interrupt_rm(uint32_t x) { -#if EL3_EXCEPTION_HANDLING && !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) +#if EL3_EXCEPTION_HANDLING && SPM_MM /* * With EL3 exception handling, EL3 interrupts are always routed to EL3 - * from both Secure and Non-secure, when the SPMC does not live in S-EL2. + * from Non-secure and from secure only if SPM_MM is present. * Therefore INTR_EL3_VALID_RM1 is the only valid routing model. */ if (x == INTR_EL3_VALID_RM1)