Selectively delegating some supervisor domain external interrupts #34
Comments
That is not necessary. The supervisor domain should can mask its own external interrupt globally using
When a supervisor domain that has a supervisor domain interrupt controller directly assigned to it, the RDSM updates the |
I've raised similar question in previous issue: #5 (comment) In short, I think what @AndybnACT wants is "FIQ in RISC-V".
I think it is unnecessary to make the whole MSDEIE visible for S-mode supervisor domain, unless you want to control interrupt delegation per domain. if (sip.SSDEIP == 1 /* any SD interrupt pending */ && sip.SEIP == 0 /* current SD interrupt pending */) {
/* Yield control to other supervisor domains */
}FIQ can be enabled/disabled by Hi @ved-rivos, What do you think for this ? |
|
Hi @gagachang,
I didn't propose this. S-mode should not see and control MSDEIE. It is a violation of domain security. Interrupt delegation should be controlled by RDSM. The idea I proposed is to give RDSM a way to relate closely coupled domains (Linux + OPTEE). e.g. to decide interrupts for selected domains can be sent as a notification to an active domain. And this kind of notification is maskable within the active domain. RDSM has to inject such notification to the active domain without this. If this happens when the active domain does not intend to receive interrupts of the related domain (e.g. mask off FIQs when running OPTEE), then the active domain has to tell RDSM to delay such notification. Such mechanism may not be trivial to implement in the software. |
|
Hi @AndybnACT I see. Something wrong in my last comment. It depends on the implementation of "FIQ". While the inactive SD's interrupt trapped to RDSM, RDSM can "pend" that virtual interrupt for active SD, and mret back to active SD. It seems you propose |
I don't think this alone fits in the security model of SMMTT. Delegating the entire SDEI to a domain gives it the ultimate privilege to see or ignore all interrupts on the platform. So that's the reason why I listed the second proposed change. Let m-mode have a fine grain control of "interrupts from which domain is delegated". Only interrupts from a domain, where
Yes, this is a good way to forward the FIQ. RDSM has to temporarily disable interrupts from the inactive domain source before However, as you mentioned, this would cause extra m-mode round trips on FIQs delivery path. I have not done many in OPTEE and perhaps this is another topic. But I am wondering what makes OPTEE need managed exit, because Linux doesn't need it. |
|
Hi @AndybnACT If I understand correctly, your proposal would look like following pseudo code of CPU actions: /* Inactive SDs' interrupt controllers send the signal to CPU while CPU is running active SD. */
if (msdeip[i] && msdeie[i]) { /* Making mip.MSDEIP = 1 */
if (mie.MSDEIE) {
if (msdeideleg[i]) {
sip.SSDEIP = 1;
if (sie.SSDEIE) {
/* Trap to S-mode active SD. Acts as FIQ. */
} else {
/* Just pending FIQ since active SD masks FIQ. */
}
} else {
/* Trap to M-mode RDSM */
}
}
}
Yes, you got the point.
AFAIK it is because Linux can do "task migration to another CPU" and cause OP-TEE context corrupts if there is no managed exit, on SMP system.
If RDSM directly preempts OP-TEE without managed exit:
Because RDSM has no information about task migration, it will restore wrong OP-TEE context in this case. |
|
@gagachang The RDSM should not have any info of any task migration by design - it is the role of the SDSM (the security monitor in the supervisor domain) to activate the right TA context on the pCPU/pHart selected by the host (Linux) and save it on an interrupt that was delegated to it or emulated by the RDSM. Please see the models described in the cove spec (which is one of the use cases of supervisor domains) - see section "5.3. TSM operation and properties" in this spec |
Thanks @rsahita! I checked section 5.3 and it aligns our thought here. From paragraph of section 5.3:
We are thinking if we can improve the performance of "notifying TSM that there is an OS/VMM's interrupt". If vendor wants to deploy unilaterally-mistrusting domains model (e.g., Linux + OP-TEE), we may want to define a faster way into Smmtt to eliminate that round trips. |
right - this is by design, as we do not want one SD to prevent/modify the delivery of any interrupts meant for another SD. |
It's correct for mutually-mistrusting SDs. |
|
@gagachang can you clarify what does Secure/Non-Secure SDs mean? |
Hi @rsahita Sure! Secure world has higher system permission than normal world:
Above bullet 1 and 2 can be kind of shared-memory in MTT. |
|
I suggest discussing in terms of RISC-V architecture. When a Secure-SD is executing, there might be one of the following interrupts pending for non-secure-SD that may require switching out of the currently executing secure-SD to the non-secure-SD - External Interrupt, Timer Interrupt, other local interrupts such as High priority RAS interrupt, Low priority RAS interrupt, high-power or over-temperature event (not ratified), debug/trace interrupt (not ratified) or other custom interrupts. In case of ARM architecture I believe FIQ used to represent a higher priority interrupt than IRQ but starting ARMv8 I believe that is not true and FIQ are generally designated for use as secure interrupt and so would just be only delegated to secure-SD exclusively (or shared somehow between the secure monitor and the secure SD). While what is being discussed here could possibly provide an external interrupt notification to the secure-SD, the RDSM still needs to provide a notification interrupt to the SD on occurrence of all other forms of interrupts. Given that there is no concept of "Fast" interrupt vs. "Slow" interrupt, I am not sure there is much motivation to add complexity and exposures (covert channels, avenues for denial of service, etc.) by delegating just the external interrupt. |
|
Hi @ved-rivos Refer to ARM documents, they use FIQ as Group 1 interrupts from other security state [1]. (Group 0 is group of interrupts that should be handled in EL3)
Yes, you're right, RISC-V has so many local interrupts, while most of ARM interrupts are routed into GIC and become IRQ/FIQ.
If platform chooses this model, that implies active SD is trusted by other SDs. [1]: https://developer.arm.com/documentation/ihi0069/latest/ |
|
I hope none of the information you pasted is encumbered information. I am choosing not to visit the links you have pasted here. For the secure/non-secure SD scenarios we only need to be able to delegate the MSDEIP to the secure SD. We can rename this interrupt to SDEIP and make the corresponding bit writable in mip. |
Are you asking if FIQ has a patent ?
Thanks! I think it is correct direction. I guess current design would be if (mip.SDEIP && !msdeip[SDICN]) {
/* There is an interrupt from other SD. */
if (mideleg[32]) {
/* Trap to S-mode to notify active SD directly. */
sip.SDEIP = 1
} else {
/* Trap to M-mode, M-mode should notify active SD. */
}
}BTW, @AndybnACT proposed if (mip.SDEIP && !msdeip[SDICN]) {
/* There is an interrupt from other SDs. */
/* Assume interrupt is from interrupt controller N, which is bound with another SD. */
if (msdeideleg[N]) {
/* Trap to S-mode to notify it directly. */
sip.SDEIP = 1
} else {
/* Trap to M-mode, M-mode should notify active SD. */
}
} |
Hi @ved-rivos
Skip them in hardware side may increase performance, since RDSM doesn't need to set/clear msdeie every domain context-switch. roughly pseudo code: /* Current design */
mip.SDEIP = msdeie & msdeip
/* Proposed */
mip.SDEIP = {msdeie[MXLEN - 1 : SDICN + 1], msdeie[SDICN - 1: 0]} & {msdeip[MXLEN - 1 : SDICN + 1], msdeip[SDICN - 1: 0]} |
Sorry I don't quite understand the first "if" clause. Shouldn't /* external s-domain interrupt */
if (msdeip & msdeie)
mip.MSDEIP = 1 IIUC, the likely happening one is: /* external s-domain interrupt */
if (msdeip & msdeie) {
/* mip.SDEIE is writable so is able to be delegated into s-mode */
mip.SDEIP = 1
}The one I proposed add a layer of control. It controls whether each s-domain external interrupt is delegated along with /* external s-domain interrupt */
if (msdeip & msdeie) {
mip.SDEIP = 1
}/* Delegation */
if ((~msdeideleg) & msdeip & msdeie) {
/* causes trap into m-mode */
}
if (mdeleg.SDEIE && (msdeideleg & msdeip & msdeie)) {
/* delegates to s-mode */
}I am not sure if this can complicate the spec too much. What if |
I don't think performance may be a big concern since Since interrupts from the active domain go through if ((msdeip & msdeie) & ~(1 << msdcfg.SDICN)) {
mip.SDEIP = 1
} |
|
What I proposed is to simply make |
Thanks @ved-rivos ! That's a cleaner way to achieve the feature. |
Active domain's interrupts are already controlled to be delegated or not by mideleg[SEIP]. Anyway, if the programmers are cautious about this, it might not be problem. |
|
FYI @AndybnACT @gagachang PR #40 |
|
closing this as PR #40 has been acked by Andy. |
Some TEE OSes may have a requirement to toggle the interrupt enable bit from the REE. For instance, OPTEE calls
spin_lock_xsave()to disable both FIQ and IRQ during some critical sections. It seems like the riscv porting effort has to upgrade this operation to a sbi-call even withsmsdiain SMMTT. This is becausemsdeieis an m-mode register, andSDEIEis only available inmie, which means delegation of this type of interrupt to s-mode is impossible. This is a good security choice as s-mode domain should not interfere with interrupts belonging to others. Every thing related to inter-domain managements should be done by the RDSM. However, this may increase the latency or complexity to do interrupt management when the relationship between some domains are not symmetric (Linux + OPTEE).To achieve the improved latency without sacrificing security. Should we consider adding following 2 changes?
SDEIEvisible insieso delegation works.MAXLENCSRmsdeidelegE.g. to selectively determine if any of a supervisor domain external interrupts are able to be delegated.Interrupts for an inactive s-mode domain only get delegated into the hart if
mie.SDEIEis set, and the bit representing the s-mode domain inmsdeieandmsdeidelegis set. Interrupts for an inactive domain wheremsdeieis true butmsdeidelegis not set still trigger a m-mode interrupt.This type of delegation does not mean the running s-mode domain should process interrupts from an inactive s-file domain. Instead, this delegation works as a mask-able notification for the running s-mode domain.
The text was updated successfully, but these errors were encountered: