aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio de Angelis <Antonio.deAngelis@arm.com>2021-04-28 13:52:13 +0100
committerAntonio de Angelis <Antonio.deAngelis@arm.com>2021-06-08 11:47:43 +0200
commitf8564cbf47ad942e90d379df4f34ee6c9ac6db5f (patch)
tree0fc315f4d61ab452c361757c34fd23874dffb4fe
parent8d004f7772630c50c691966257ff1dfcaf79f3f3 (diff)
downloadtrusted-firmware-m-f8564cbf47ad942e90d379df4f34ee6c9ac6db5f.tar.gz
SPM: Invert tfm_spm_check_buffer_access() logic
Invert the logic for the tfm_spm_check_buffer_access() function to conform to "0 means success" and align to other APIs. Refactor the function itself to provide different return codes on error and a default failure return instead of default success. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I40ef814a472375cdb2c40ac75dd5f605a9eccbfe
-rw-r--r--interface/include/tfm_api.h1
-rw-r--r--secure_fw/spm/cmsis_func/include/spm_func.h4
-rw-r--r--secure_fw/spm/cmsis_func/spm_func.c33
-rw-r--r--secure_fw/spm/ffm/tfm_boot_data.c4
4 files changed, 18 insertions, 24 deletions
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
index 9d0df047a..1d4c9ee5a 100644
--- a/interface/include/tfm_api.h
+++ b/interface/include/tfm_api.h
@@ -53,6 +53,7 @@ enum tfm_status_e
TFM_ERROR_NOT_INITIALIZED,
TFM_ERROR_NO_ACTIVE_PARTITION,
TFM_ERROR_INVALID_EXC_MODE,
+ TFM_ERROR_NOT_IN_RANGE,
TFM_SECURE_LOCK_FAILED,
TFM_SECURE_UNLOCK_FAILED,
TFM_ERROR_GENERIC = 0x1F,
diff --git a/secure_fw/spm/cmsis_func/include/spm_func.h b/secure_fw/spm/cmsis_func/include/spm_func.h
index 88d2f7dde..ac0bc7b7d 100644
--- a/secure_fw/spm/cmsis_func/include/spm_func.h
+++ b/secure_fw/spm/cmsis_func/include/spm_func.h
@@ -303,9 +303,9 @@ void tfm_spm_memory_permission_check_handler(uint32_t *svc_args);
* \param[in] len The length of the buffer
* \param[in] alignment The expected alignment (in bits)
*
- * \return 1 if the check passes, 0 otherwise.
+ * \return TFM_SUCCESS on successful return, an error code otherwise
*
- * \note For a 0 long buffer the check fails.
+ * \note For a zero length buffer the check fails.
*/
int32_t tfm_spm_check_buffer_access(uint32_t partition_idx,
void *start_addr,
diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c
index 62e006013..096784479 100644
--- a/secure_fw/spm/cmsis_func/spm_func.c
+++ b/secure_fw/spm/cmsis_func/spm_func.c
@@ -894,26 +894,19 @@ int32_t tfm_spm_check_buffer_access(uint32_t partition_idx,
alignment_mask = (((uintptr_t)1) << alignment) - 1;
- /* Check that the pointer is aligned properly */
- if (start_addr_value & alignment_mask) {
- /* not aligned, return error */
- return 0;
- }
-
- /* Protect against overflow (and zero len) */
- if (end_addr_value <= start_addr_value) {
- return 0;
- }
-
- /* For privileged partition execution, all secure data memory and stack
- * is accessible
- */
- if (start_addr_value >= S_DATA_START &&
- end_addr_value <= (S_DATA_START + S_DATA_SIZE)) {
- return 1;
+ /* Check pointer alignment and protect against overflow and zero len */
+ if (!(start_addr_value & alignment_mask) &&
+ (end_addr_value > start_addr_value)) {
+ /* Check that the range is in S_DATA */
+ if ((start_addr_value >= S_DATA_START) &&
+ (end_addr_value <= (S_DATA_START + S_DATA_SIZE))) {
+ return TFM_SUCCESS;
+ } else {
+ return TFM_ERROR_NOT_IN_RANGE;
+ }
}
- return 0;
+ return TFM_ERROR_INVALID_PARAMETER;
}
void tfm_spm_get_caller_client_id_handler(uint32_t *svc_args)
@@ -946,9 +939,9 @@ void tfm_spm_get_caller_client_id_handler(uint32_t *svc_args)
(void *)result_ptr_value,
sizeof(curr_part_data->caller_client_id),
2);
- if (!res) {
+ if (res != TFM_SUCCESS) {
/* Not in accessible range, return error */
- svc_args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
+ svc_args[0] = (uint32_t)res;
return;
}
diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c
index 1b9ed64e0..d7db3038c 100644
--- a/secure_fw/spm/ffm/tfm_boot_data.c
+++ b/secure_fw/spm/ffm/tfm_boot_data.c
@@ -163,9 +163,9 @@ void tfm_core_get_boot_data_handler(uint32_t args[])
(void *)buf_start,
buf_size,
2);
- if (!res) {
+ if (res != TFM_SUCCESS) {
/* Not in accessible range, return error */
- args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
+ args[0] = (uint32_t)res;
return;
}
#else