diff options
author | Antonio de Angelis <Antonio.deAngelis@arm.com> | 2021-04-28 13:52:13 +0100 |
---|---|---|
committer | Antonio de Angelis <Antonio.deAngelis@arm.com> | 2021-06-08 11:47:43 +0200 |
commit | f8564cbf47ad942e90d379df4f34ee6c9ac6db5f (patch) | |
tree | 0fc315f4d61ab452c361757c34fd23874dffb4fe | |
parent | 8d004f7772630c50c691966257ff1dfcaf79f3f3 (diff) | |
download | trusted-firmware-m-f8564cbf47ad942e90d379df4f34ee6c9ac6db5f.tar.gz |
SPM: Invert tfm_spm_check_buffer_access() logic
Invert the logic for the tfm_spm_check_buffer_access() function
to conform to "0 means success" and align to other APIs. Refactor
the function itself to provide different return codes on error and
a default failure return instead of default success.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I40ef814a472375cdb2c40ac75dd5f605a9eccbfe
-rw-r--r-- | interface/include/tfm_api.h | 1 | ||||
-rw-r--r-- | secure_fw/spm/cmsis_func/include/spm_func.h | 4 | ||||
-rw-r--r-- | secure_fw/spm/cmsis_func/spm_func.c | 33 | ||||
-rw-r--r-- | secure_fw/spm/ffm/tfm_boot_data.c | 4 |
4 files changed, 18 insertions, 24 deletions
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h index 9d0df047ac..1d4c9ee5a7 100644 --- a/interface/include/tfm_api.h +++ b/interface/include/tfm_api.h @@ -53,6 +53,7 @@ enum tfm_status_e TFM_ERROR_NOT_INITIALIZED, TFM_ERROR_NO_ACTIVE_PARTITION, TFM_ERROR_INVALID_EXC_MODE, + TFM_ERROR_NOT_IN_RANGE, TFM_SECURE_LOCK_FAILED, TFM_SECURE_UNLOCK_FAILED, TFM_ERROR_GENERIC = 0x1F, diff --git a/secure_fw/spm/cmsis_func/include/spm_func.h b/secure_fw/spm/cmsis_func/include/spm_func.h index 88d2f7dde3..ac0bc7b7d3 100644 --- a/secure_fw/spm/cmsis_func/include/spm_func.h +++ b/secure_fw/spm/cmsis_func/include/spm_func.h @@ -303,9 +303,9 @@ void tfm_spm_memory_permission_check_handler(uint32_t *svc_args); * \param[in] len The length of the buffer * \param[in] alignment The expected alignment (in bits) * - * \return 1 if the check passes, 0 otherwise. + * \return TFM_SUCCESS on successful return, an error code otherwise * - * \note For a 0 long buffer the check fails. + * \note For a zero length buffer the check fails. */ int32_t tfm_spm_check_buffer_access(uint32_t partition_idx, void *start_addr, diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c index 62e006013e..096784479e 100644 --- a/secure_fw/spm/cmsis_func/spm_func.c +++ b/secure_fw/spm/cmsis_func/spm_func.c @@ -894,26 +894,19 @@ int32_t tfm_spm_check_buffer_access(uint32_t partition_idx, alignment_mask = (((uintptr_t)1) << alignment) - 1; - /* Check that the pointer is aligned properly */ - if (start_addr_value & alignment_mask) { - /* not aligned, return error */ - return 0; - } - - /* Protect against overflow (and zero len) */ - if (end_addr_value <= start_addr_value) { - return 0; - } - - /* For privileged partition execution, all secure data memory and stack - * is accessible - */ - if (start_addr_value >= S_DATA_START && - end_addr_value <= (S_DATA_START + S_DATA_SIZE)) { - return 1; + /* Check pointer alignment and protect against overflow and zero len */ + if (!(start_addr_value & alignment_mask) && + (end_addr_value > start_addr_value)) { + /* Check that the range is in S_DATA */ + if ((start_addr_value >= S_DATA_START) && + (end_addr_value <= (S_DATA_START + S_DATA_SIZE))) { + return TFM_SUCCESS; + } else { + return TFM_ERROR_NOT_IN_RANGE; + } } - return 0; + return TFM_ERROR_INVALID_PARAMETER; } void tfm_spm_get_caller_client_id_handler(uint32_t *svc_args) @@ -946,9 +939,9 @@ void tfm_spm_get_caller_client_id_handler(uint32_t *svc_args) (void *)result_ptr_value, sizeof(curr_part_data->caller_client_id), 2); - if (!res) { + if (res != TFM_SUCCESS) { /* Not in accessible range, return error */ - svc_args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER; + svc_args[0] = (uint32_t)res; return; } diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c index 1b9ed64e04..d7db3038cd 100644 --- a/secure_fw/spm/ffm/tfm_boot_data.c +++ b/secure_fw/spm/ffm/tfm_boot_data.c @@ -163,9 +163,9 @@ void tfm_core_get_boot_data_handler(uint32_t args[]) (void *)buf_start, buf_size, 2); - if (!res) { + if (res != TFM_SUCCESS) { /* Not in accessible range, return error */ - args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER; + args[0] = (uint32_t)res; return; } #else |