SCR setting not always done properly

[lpaatero]

BL31 in bl31_prepare_next_image_entry uses cm_set_el3_eret_context to configure registers. However it does not configure scr to match non-secure RW to 64 bit, in case SP has already been initialized and is 32 bit. Thus non-secure code execution fails.

It seems that whenever cm_set_el3_eret_context is called, both scr SCR_RW_BIT and SCR_NS_BIT should always be configured to match values in SPSR and in security_state. Relying on previous set values seems unnecessary optimization.

It could be better design to make cm_set_el3_eret_context configure those bits correctly always, and perhaps even leave scr parameter out.

[athoelke]

I had an idea that the SCR handling was going to need rework:

• with separate copies kept in the secure and non-secure contexts I do not think there is a need to modify SCR_EL3 for each context once it has been correctly set on first initialisation - so we should write SCR_EL3 to the saved context when the context is initialised, not save it on exception entry, but always restore it on exception exit
• then we should ensure that the saved SCR_EL3 value for each context is correctly initialised when creating the context - and getting the register width right as you report is one of the things to consider (IRQ/FIQ/EA traps are another)
• ultimately we might need a third SCR_EL3 value used during execution in EL3 if there is a need to change the asynchronous traps

[lpaatero]

Your analysis seem very sensible direction to go for me.