SPM: Use a standalone lock for scheduling
Use a global 'scheduler_lock' to represent whether scheduling
in pendSV is allowed. When it is SCHEDULER_UNLOCKED, scheduling
is allowed.
Add more critical sections while operating the global handle pool
and the message list in SPM APIs, to avoid race condition.
Change-Id: I38121219942e836d8b75d9578090221f4c577fec
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
diff --git a/secure_fw/spm/ffm/backend_ipc.c b/secure_fw/spm/ffm/backend_ipc.c
index c544f73..a6c8031 100644
--- a/secure_fw/spm/ffm/backend_ipc.c
+++ b/secure_fw/spm/ffm/backend_ipc.c
@@ -6,6 +6,7 @@
*/
#include <stdint.h>
+#include "critical_section.h"
#include "compiler_ext_defs.h"
#include "spm_ipc.h"
#include "tfm_hal_isolation.h"
@@ -48,6 +49,7 @@
{
struct partition_t *p_owner = NULL;
psa_signal_t signal = 0;
+ struct critical_section_t cs_assert = CRITICAL_SECTION_STATIC_INIT;
if (!msg || !service || !service->p_ldinf || !service->partition) {
tfm_core_panic();
@@ -56,6 +58,7 @@
p_owner = service->partition;
signal = service->p_ldinf->signal;
+ CRITICAL_SECTION_ENTER(cs_assert);
/* Add message to partition message list tail */
BI_LIST_INSERT_BEFORE(&p_owner->msg_list, &msg->msg_node);
@@ -67,6 +70,7 @@
(p_owner->signals_asserted & p_owner->signals_waiting));
p_owner->signals_waiting &= ~signal;
}
+ CRITICAL_SECTION_LEAVE(cs_assert);
/*
* If it is a NS request via RPC, it is unnecessary to block current