Question about sbi_covh_run_tvm_vcpu() and related scause

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.

https://jira.riscv.org/browse/RVG-76

Creative Commons Attribution 4.0 International

49 stars 19 forks source link

Question about sbi_covh_run_tvm_vcpu() and related scause #79

Closed gagachang closed 2 months ago

gagachang commented 2 months ago

Host OS/VMM invokes sbi_covh_run_tvm_vcpu() to run TVM. If there is an interrupt/exception during TVM execution, TVM will exit and sbi_covh_run_tvm_vcpu() will be returned to host OS/VMM. The TSM updates the host’s scause CSR. The host should use the scause field to determine whether the exit was caused by an interrupt or exception.

However, if sbi_covh_run_tvm_vcpu() is invoked with host's interrupt enabled, there can be another interrupt taken immediately after sbi_covh_run_tvm_vcpu() returns. Which causing the value of scause overwritten by new interrupt.

Am I correct ? sbi_covh_run_tvm_vcpu() requires host OS/VMM disables interrupts first.

rsahita commented 2 months ago

Correct - at the initial entry to the TSM s-mode interrupts are disabled - see the note on page 31 (copied below):

Interruptible TSM with no re-entrancy - In this model, after the initial entry to the TSM with S- mode interrupts disabled, the TSM enables interrupts during execution of the TSM security routines. The TSM may install its interrupt handlers at this entry (or may be installed via the TEECALL flow as shown below).

gagachang commented 2 months ago

Correct - at the initial entry to the TSM s-mode interrupts are disabled - see the note on page 31 (copied below):

It's clear, thanks!