From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by mx.groups.io with SMTP id smtpd.web08.161.1629819098655817578 for ; Tue, 24 Aug 2021 08:31:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eVsiaHmf; spf=pass (domain: kernel.org, ip: 198.145.29.99, mailfrom: ardb@kernel.org) Received: by mail.kernel.org (Postfix) with ESMTPSA id BA67861265; Tue, 24 Aug 2021 15:31:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629819098; bh=EhRobBW1yzafduzwVnF9FNlA8uEWBVasprOkMliHEVA=; h=From:To:Cc:Subject:Date:From; b=eVsiaHmfkA6/YOT/oVbu+IsasnUM0U3p4wzksosN4YwTomuvsREtLeVcjKRuoOg9M n6M3sd8M8z4ypSEKtX8ONCJwn/djqKF8driQpZW/DQMDA03upwnv63IfihyQ3EFOfq ScCM21xGI0sz+JsiNpvNH/5Ua7Hsns6taVUedO5FdUMHBNeVoSqVz9B316IPv95HhG t5+iWypRgD6GFKBOBEFlCYmDrD7wxgLu1fnIGfRBn/CnfloFjfPlhre3oN2ib18xx9 qu6sEPJvnlKJy+MUDq+QUc1wU/jlBEzfLK5L5G5rrHEko2B6kNFNXF5rCh4Ssh8Qcx GIO40ejCM+OIQ== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: leif@nuviainc.com, sami.mujawar@arm.com, gaoliming@byosoft.com.cn, Ard Biesheuvel , Marc Zyngier Subject: [PATCH] ArmPkg/GicV3Dxe: Don't signal EOI on arbitrary interrupts Date: Tue, 24 Aug 2021 17:31:32 +0200 Message-Id: <20210824153132.5379-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Currently, at ExitBootServices() time, the GICv3 driver signals End-Of-Interrupt (EOI) on all interrupt lines that are supported by the interrupt controller. This appears to have been carried over from the GICv2 version, but has been turned into something that violates the GIC spec, and may trigger SError exceptions on some implementations. Marc puts it as follows: The GIC interrupt state machine is pretty strict. An interrupt can only be deactivated (with or without prior priority drop) if it has been acknowledged first. In GIC speak, this means that only the following sequences are valid: With EOImode=3D=3D0: x =3D ICC_IAR{0,1}_EL1; ICC_EOIR{0,1}_EL1 =3D x; With EOImode=3D=3D1: x =3D ICC_IAR{0,1}_EL1; ICC_EOIR{0,1}_EL1 =3D x; ICC_DIR_EL1 =3D x; Any write to ICC_EOIR{0,1}_EL1 that isn't the direct consequence of the same value being read from ICC_IAR{0,1}_EL1, and with the correct nesting, breaks the state machine and leads to unpredictable results that affects *all* interrupts in the system (most likely, the priority system is dead). See Figure 4-3 ("Interrupt handling state machine") in Arm IHI 0069F for a description of the acceptable transitions. Additionally, on implementations that have ICC_CTLR_EL1.SEIS=3D=3D1, a SError may be generated to signal the error. See the various IMPLEMENTATION_DEFINED "SError ...."; that are all over the pseudocode contained in the same architecture spec. Needless to say, this is pretty final for any SW that would do silly things on such implementations (which do exist). Given that in our implementation, every signalled interrupt is acked, handled and EOId in sequence, there is no reason to EOI all interrupts at ExitBootServices() time in the first place, so let's just drop this code. This fixes an issue reported by Marc where an SError is triggered by this code, bringing down the system. Reported-by: Marc Zyngier Signed-off-by: Ard Biesheuvel --- This is a clear bugfix, but given how late we are in the cycle, I will leave it up to Liming to decide whether we can still take this for the upcoming stable tag. ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c b/ArmPkg/Drivers/Arm= Gic/GicV3/ArmGicV3Dxe.c index 85ee4c87b6d1..fa515d1a01ba 100644 --- a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c +++ b/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c @@ -344,10 +344,6 @@ GicV3ExitBootServicesEvent ( GicV3DisableInterruptSource (&gHardwareInterruptV3Protocol, Index);=0D }=0D =0D - for (Index =3D 0; Index < mGicNumInterrupts; Index++) {=0D - GicV3EndOfInterrupt (&gHardwareInterruptV3Protocol, Index);=0D - }=0D -=0D // Disable Gic Interface=0D ArmGicV3DisableInterruptInterface ();=0D =0D --=20 2.30.2