Age | Commit message (Collapse) | Author |
|
In the test 'rl_memory_cannot_be_accessed_in_s', tftf
shares memory to the SP that it changed to realm PAS.
The access from the SP should result in an exception.
Cactus receives an indication it should expect an
exception on memory access via the arguments of the
'cactus_mem_send_cmd' request. This is used to avoid
the reads to check memory, which could return in an error
response, which would make the test falsely fail.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ie220d4bab04c052a73e8b04c8667c9973b95a9e0
|
|
In RME enabled systems, the memory is expected to be
scrubbed on PAS updates from S to NS. As well, it is likely
that the memory addresses are shadowed, and the contents are not
visible accross updates from the different address spaces.
As such, the SP shall not rely on memory content to be
in any form. FFA_MEM_LEND/FFA_MEM_DONATE are thus considered
for memory allocation purposes.
This patch changes the memory sharing tests, to cater
for the correct assumptions.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I78ed47df789dda1d695e2e52b0df8c28b12658da
|
|
Clean-up after failed memory share test, to allow for subsequent
tests to still provide meaningful test results.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ic763fb64c0948c19e6b7d7f99119b20cc05fc83b
|
|
Validate if memory gets delegated to a realm PAS, it can't be used
in FF-A memory lend/donate from NS to SWd.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I16c9b7193b4ae8f56b1182e3b28d13a742bfcd4e
|
|
On memory sharing operation use all the constituents within the
composite.
Extended memory lend operation test to include multiple scattered
pages to make sure the update to security state is happening
to all memory regions.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I2179df12ca63636bdb6489eea77e809422f95430
|
|
Validate during the lend/donate with the SWd, when RME
is in the platform of test, if the NWd attempts to access
the memory it will trigger a fault due to Granule Protection
Checks (GPC).
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ibab25e7e56abaa28ae077d8b8c2c7cd377ccf515
|
|
Added functions to validate the receivers list in the
hypervisor retrieve request tests.
Leverage them to validate receivers list.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I705f3ca9f0e540dce60f660ebf996f2462a51e3c
|
|
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I647ad7d5cac7942dd24f5c5cc339943225821be8
|
|
Checks that the hypervisor retrieve request from section 17.4.3 of FF-A
v1.2 REL0 is supported, when the request does not fit in a single
fragment.
Change-Id: I34c24251e2ed131758ce692dc538de704746e488
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
|
|
Updates `memory_init_and_send` to allow sending memory share messages
across multiple fragments.
Tests for this functionality will be added in the next commit.
Change-Id: I6a47735415a8fed1d15322499f1d08cc3e1fd6a2
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
|
|
Checks that the hypervisor retrieve request from section 17.4.3 of FF-A
v1.2 REL0 is supported, when specifying multiple recievers.
Change-Id: I55e9f25aedaa408ab015115d5bab72bf17b22d25
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
|
|
Updates `memory_init_and_send` to allow passing more than one receiver.
Tests for this functionality will be added in the next commit.
Change-Id: I51d92d74f64bfebfa3d49ff6d5066050087b44ef
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
|
|
Checks that the hypervisor retrieve request from section 17.4.3 of FF-A
v1.2 REL0 is supported.
Specifically, the tests:
1. Sends a FFA_MEM_SHARE/FFA_MEM_LEND/FFA_MEM_DONATE message from the
tftf target to the SPMC.
2. Sends a hypervisor retrieve request from the tftf target to the SPMC.
3. Verify the contents of the FFA_MEM_RETRIEVE_RESP message against the
previously sent message.
4. Invoke reclaim interface for SPMC to free memory owned by the handle.
Change-Id: If27d8d5b515c5e468977ed4f5f4ddeb86e44c5df
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
|
|
Add another constituent to the test using the clear memory flags
on retrieve request.
This is relevant as there was a bug in the SPM implemention
that was not clearing correctly multiple constituents in a fragment.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I17cf3f32b111771ca913e84e3e10e5b6f669933e
|
|
If the test relates with FFA_MEM_DONATE do not reclaim or check memory.
The memory is owned by the receiver, and is not accessible to sender.
If operation is lend/share, TFTF should reclaim memory contents first,
and then validate that the SP's access to memory. This is to avoid
fault on lend, as lender doesn't have access to memory until after
the reclaim.
Change-Id: I548b5cf2ac5c2774123f438a02565723470b4d85
Signed-off-by: J-Alves <joao.alves@arm.com>
|
|
Cactus uses security attribute from memory transaction
descriptor in the shared memory related tests.
Change-Id: I7c4f3ef2c72e36236d23e5a061e27a2ea60fa2d6
Signed-off-by: J-Alves <joao.alves@arm.com>
|
|
Hafnium does not support Aarch32 therefore we do not want to build
in this case. Move spm related test helpers into their own file
and add FF-A tests to the aarch32_tests_to_skip.txt file
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: Ic5a83ddf4aae2b7dd4b1c30e4cc76b0447e5b405
|
|
TFTF attempts to donate the same memory address consecutively.
The added test validates that such attempt fails, from NWd
targetting the SP receiver to the first donate, as well as
another SP.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Iee55ebea54beab2499b38372aa2579024237da5f
|
|
Refactor the memory sharing tests helper functions, to reuse
them in the test of subsequent patches.
Functions do not use hard-coded memory address and borrower in
the memory share operation. Instead, these are provided in the
arguments to the referred functions.
Change-Id: I1fda810e3acde23e33b5bbe06cbbbc0c652eed97
Signed-off-by: J-Alves <joao.alves@arm.com>
|
|
Validate that the NWd can't share memory addresses that are owned
by SPMC, or the SPs. Such scenario could be used to circumvent
SPM enforced sandboxing of each SP.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I43abffc0122183222d701c2a44cc806ca620b1ca
|
|
Reorder the logs in memory sharing tests for clarity.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I718024dea191346eacc4ebc0a64e0396b001d63f
|
|
Hafnium was updated to match FF-A v1.1 EAC0 [1].
This is the equivalent change for FF-A memory sharing
tests.
[1] https://review.trustedfirmware.org/c/hafnium/hafnium/+/15012
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ibf39ac35e1c7e336843be848fb389401dd792516
|
|
Update memory share tests to match [1] in Hafnium.
The memory attributes are not to be specified by the sender for memory
lend or donate operations.
[1] https://review.trustedfirmware.org/c/hafnium/hafnium/+/15514/4
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ieed108ad3cfc8f0335ca6f0d7477a9766d8a40d5
|
|
|
|
Fix [1] by increasing cactus number of xlat tables.
This permits running the SP SP mem sharing of a buffer located at a
high physical PA region.
Test config [2] provides the model parameters to configurare the PE,
interconnect and SMMU to handle 48b physical address size.
[1] https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/13599
[2] https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/15445
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia290f15a6d30c898a5219d2bc1c3949b6ae7e7ef
|
|
Allow the ivy partition to use the ffa_helpers functions.
To achieve this we create a common struct for ff-a calls that is
used for both parameters and returns, this aligns with the Hafnium
implementation. We can then use preprocessor macros to pick either
SMC or SVC as the conduit depending on the exception level the SP
is running at.
Change-Id: Ic9525baabcf40d15545b6f6d504cf954373f08f9
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
|
|
Define a new shared memory region in 48-bit address range
(configured as NS in the TZC) in cactus-tertiary's manifest.
Since SPs can share either secure or non-secure memory, propagate the
security information in the relevant cactus commands:
CACTUS_REQ_MEM_SEND_CMD and CACTUS_MEM_SEND_CMD.
Change-Id: I10af24c96ff8fc0d13c80a52b0264a1482a5cf56
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
|
|
Add test to validate that memory is cleared on memory sharing operations
between the SWd and NWd.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ia1ac0f2a542b7498ac2ef6910d3af4bdb2f7755b
|
|
Extend the test command CACTUS_MEM_SEND_CMD:
- To include the flags for the retriever to use in transaction
descriptor to the FFA_MEM_RETRIEVE_REQ.
- Number of words cactus should write to the shared page after
retrieving it.
- Check if memory has been cleared after mapping to cactus address space
if clear memory flag was propagated in the command arguments.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I825b0f766bd7132a3488cdd17d83fce85adf4a5a
|
|
Memory sharing/lending from SP to NS-endpoint is not allowed. Checks
that the said operations are denied by SPMC.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I86f3bd637711735b40de9a169e2b3c934d32f1be
|
|
In order to test FF-A memory sharing operations in faulty cases we need
to be able to get the details of smc call failure in tftf and cactus.
Passes smc_ret_value in the relevant memory management test helpers.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I81059b77cbb01fe9427905adbe262ba8d0670cee
|
|
The type ffa_vm_id_t is used for all ffa_id variables not just
ones specific to vms so remove this element from the name to make
it simple ffa_id_t
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I29d751880c29b0a401cbc698f856c3651cc02789
|
|
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I7c4cb416baf6eb024eb134edb4bbb62d8746629f
|
|
Moving code about memory sharing tests to comply with recent changes:
- Placed helper functions that can be used by TFTF and Cactus in files
spm_common.c/h.
- Removed 'ffa_memory_sharing_test' and added its body to handler of
test command CACTUS_MEM_SEND_CMD.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I58af9b475730d171306581741becbb0665e1859d
|
|
Added a helper function to check if return of FFA_MSG_SEND_DIRECT_REQ
is FFA_MSG_SEND_DIRECT_RESP.
This is intended to make it easier to maintain cactus test commands
framework.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ia43e88908aa3cbdd529a8835bffe43dee3e04a76
|
|
Defined some accessors for arguments from FF-A calls, namely for
func id, error code, and direct message destination/source.
This should help make consistent how they were being handled,
enforcing also adequate type checking.
Replace the accesses to those FF-A arguments with respective wrapper
calls.
Change-Id: I99d8e77f3b24728c30eafa3e76a830246790ec5f
Signed-off-by: J-Alves <joao.alves@arm.com>
|
|
This patch moves the code used to test SPM functionality, not explicitly
described in FF-A specification, from ffa_helpers to spm_common which is
built for both tftf and cactus.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I461efad977cc4d02701feea7b2215a61453716ef
|
|
|
|
Removed reference to Hafnium in name from helper function and macro to
make them generic.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5bdba013b3a0478dc1ef9058e71747480ba5ff1d
|
|
Change from macros to static inline functions, to enforce type checking.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I2cbaf99683ca5b2a5689256240894ed05d99e0d8
|
|
Previously there was no cmd id for the mem share tests in
'cactus_test_cmds.h', the func id was being reused. For consistency
added the cmd id 'CACTUS_MEM_SEND_CMD'.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ia2cee00d444d2b753855f2323578df0f9bcf4fb2
|
|
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I06cd2aedf48232dff4c530f1930297f2d962b3f3
|
|
- Created helper functions to initialize ffa_memory_region and to send
the respective memory region to the SP, making it possible
to reuse the logic in SP-to-SP memory share tests.
- Added comments to document relevant aspects about memory sharing.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Id3c6db092d5b5eeed746a5fae30b8c853876fc53
|
|
Added functions and macros to help check at the beginning of the test,
that system is as expected for SPM tests in which Hafnium is deployed as
SPMC.
This includes:
- Checking SPMC has expected FFA_VERSION;
- Checking that expected FF-A endpoints are deployed in the system;
- Getting global TFTF mailbox.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I9195bcff8ed93156e838b192bb70a9634e18fbbf
|
|
Some FF-A interfaces use RXTX buffers to exchange information with SPMC.
To avoid repetition of RXTX mapping across the spm-related tests, and
prevent allocation of multiple pages for RXTX buffers within TFTF
runtime:
- Implemented test helpers that hold address of RXTX buffers;
- Implemented test to FFA_RXTX_MAP ABI, that also sets value of RXTX
buffers;
- Cleaned up memory sharing tests that previously implemented RXTX
mapping.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I4a67982d3d185bf83809156e4fce03c6edb967d9
|
|
Test FF-A memory sharing interfaces between tftf and cactus secure
partitions.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I837e44ab2cb10b42af23afbc9a94c726b4af7b64
|