diff options
author | Kevin Peng <kevin.peng@arm.com> | 2021-01-27 10:01:31 +0800 |
---|---|---|
committer | Kevin Peng <kevin.peng@arm.com> | 2021-02-22 08:55:29 +0000 |
commit | 5ec7965124f4b6d0c1b1653d67da2171175c26da (patch) | |
tree | 9fa4874dd5f4ca7ba26a9a33908ddb2e308cb85b /interface/include | |
parent | bbb7fdf52225cc0fdf6fe8adedd46c91623bf4cc (diff) | |
download | trusted-firmware-m-5ec7965124f4b6d0c1b1653d67da2171175c26da.tar.gz |
Interface: Ensure veneer function result return in dispatch
The tfm_ns_interface_dispatch() function returns TFM_ERROR_GENERIC
when mutex operations fails.
However, this error code could be interrepted by the caller as
another status code or even valid return.
For example the psa_connect() of NS interface, it treats the value
of TFM_ERROR_GENERIC a valid handle.
And the psa_call() could treat TFM_ERROR_GENERIC as another status
code of the RoT service.
In both cases, the TFM_ERROR_GENERIC is translated incorrectly.
The tfm_ns_interface_dispatch() should only return status code from
the veneer function being called. Other unrecoverable errors should
be considered as fatal error and should not return.
Change-Id: Id4082a46cd866acaba85aa63d10cfe46d09b3044
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
Diffstat (limited to 'interface/include')
-rw-r--r-- | interface/include/tfm_ns_interface.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/interface/include/tfm_ns_interface.h b/interface/include/tfm_ns_interface.h index 21857bed6f..1dd0692571 100644 --- a/interface/include/tfm_ns_interface.h +++ b/interface/include/tfm_ns_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * Copyright (c) 2017-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -31,6 +31,10 @@ typedef int32_t (*veneer_fn) (uint32_t arg0, uint32_t arg1, * \param[in] arg3 Argument 3 * * \return Returns the same return value of the requested veneer function + * + * \note This API must ensure the return value is from the veneer function. + * Other unrecoverable errors must be considered as fatal error and should + * not return. */ int32_t tfm_ns_interface_dispatch(veneer_fn fn, uint32_t arg0, uint32_t arg1, |