Hi

 

There seem to be scheduling bug we have found in SPM.

This bug is related to handling of interrupts that arrives during SVC call and assert signed for partition.

 

Steps to reproduce:

 

1. Call psa_wait() from partition (e.g. mailbox partition)
2. During execution of SVC handler generate Interrupt that asserts signal of that partition (e.g. mailbox partition signal ) (adding long delay in SVC handler or adding breakpoint in SVC handler helps to easier reproduce this )
3. Following sequence happens:
   1. Mailbox IRQ has lower priority than SVC thus SVC is not preempted.
   2. SVC sees that mailbox partition is blocked (as it is waiting for signal and no signals are pending)
   3. SVC triggers pendSV

                                                               i.      Mailbox IRQ and pendSV are both pending

4. Mailbox IRQ has higher priority than pendSV thus Mailbox IRQ is executed
5. Mailbox IRQ calls  spm_handle_interrupt

                                                               i.      Signal is asserted thus spm_handle_interrupt in thrd_next calls query_state_cb which returns THRD_STATE_RET_VAL_AVAIL and thus tfm_arch_set_context_ret_code is called

                                                             ii.      tfm_arch_set_context_ret_code sets return code using OLD value of partition PSP (as it was never updated, as it is updated in PendSV)

6. Mailbox IRQ return, pendsv is started and it runs mailbox partition

                                                               i.      Mailbox partition has 0 as signal because return value was written to wrong location is stack

 

Patch I have attached to the mail solves this problem for us BUT it seems more like a workaround than a proper fix(

 

Anyways it would be nice to have this problem review by SPM experts and have proper fix (maybe we have other places with same problem…)

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com