aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMate Toth-Pal <mate.toth-pal@arm.com>2019-10-19 10:11:12 +0200
committerMate Toth-Pal <mate.toth-pal@arm.com>2020-01-10 14:41:08 +0100
commit47ecbf04561876f4ae94705c086519654be07422 (patch)
tree1c317781d68d6bfea97fb3d1da6ee3177290d5c9
parent0c7a038f801ef0ba7d2f3cb2c6787e912e4d6eec (diff)
downloadtrusted-firmware-m-47ecbf04561876f4ae94705c086519654be07422.tar.gz
Core: Fix privileged in memory check for NS caller
tfm_memory_check uses the cmse_check_address_range function to check whether the current (S or NS) MPU settings allow the caller to access the memory region provided to the function. In the current call sites the 'privileged' parameter of the function is calculated with the tfm_spm_partition_get_privileged_mode(...) function, which returns unprivileged for NS callers. tfm_core_has_[read|write]_access_to_region is called with the 'privileged' field calculated earlier. So inside tfm_memory_check the privileged flag needs to be modified to reflect the current Thread mode privilege setting in the NS CONTROL register. Change-Id: Ife4a40757db595d27b6005855b5e59a8a5569718 Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
-rw-r--r--secure_fw/core/tfm_core_mem_check.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/secure_fw/core/tfm_core_mem_check.c b/secure_fw/core/tfm_core_mem_check.c
index 62df3fd8f..6e6510202 100644
--- a/secure_fw/core/tfm_core_mem_check.c
+++ b/secure_fw/core/tfm_core_mem_check.c
@@ -48,6 +48,20 @@ enum tfm_status_e tfm_core_has_read_access_to_region(const void *p, size_t s,
{
int flags = CMSE_MPU_READ;
+ /* In case of NS caller, only force unprivileged check, if the non secure
+ * Thread mode is unprivileged
+ */
+ if (ns_caller) {
+ CONTROL_Type ctrl;
+
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ privileged = TFM_PARTITION_UNPRIVILEGED_MODE;
+ } else {
+ privileged = TFM_PARTITION_PRIVILEGED_MODE;
+ }
+ }
+
if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
flags |= CMSE_MPU_UNPRIV;
}
@@ -65,6 +79,20 @@ enum tfm_status_e tfm_core_has_write_access_to_region(const void *p, size_t s,
{
int flags = CMSE_MPU_READWRITE;
+ /* In case of NS caller, only force unprivileged check, if the non secure
+ * Thread mode is unprivileged
+ */
+ if (ns_caller) {
+ CONTROL_Type ctrl;
+
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ privileged = TFM_PARTITION_UNPRIVILEGED_MODE;
+ } else {
+ privileged = TFM_PARTITION_PRIVILEGED_MODE;
+ }
+ }
+
if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
flags |= CMSE_MPU_UNPRIV;
}