aboutsummaryrefslogtreecommitdiff
path: root/interface
diff options
context:
space:
mode:
authorShawn Shan <Shawn.Shan@arm.com>2021-05-17 15:28:02 +0800
committerKen Liu <ken.liu@arm.com>2021-05-31 05:21:45 +0200
commit9c7b9bec77d87a408f9d5594e429667c3c241e68 (patch)
tree386a7b375f71338b2852a5be56eef3bd0f5c4824 /interface
parentcbaa22bfe88133591ed47fe08b9e95596795a24e (diff)
downloadtrusted-firmware-m-9c7b9bec77d87a408f9d5594e429667c3c241e68.tar.gz
SPM: Correct 'invalid parameter' error handling
- 'Invalid parameter' is regarded as 'programmer error' instead of return 'PSA_ERROR_INVALID_ARGUMENT'. - 'Programmer error' should be handled inside SPM instead of interface, as SPM needs to decide the error handling based on the caller attribute. - Keep the parameters range check inside the interface to give an explicit hint. - Correct 'type' casting to avoid lose sign bit. Change-Id: I35a5b70b5dc1ea7072c45f0ebac0630f65edfa00 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
Diffstat (limited to 'interface')
-rw-r--r--interface/include/psa/client.h8
-rw-r--r--interface/src/psa/psa_client.c7
-rw-r--r--interface/src/tfm_psa_ns_api.c7
3 files changed, 14 insertions, 8 deletions
diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h
index d92de026f..7aee1e5e6 100644
--- a/interface/include/psa/client.h
+++ b/interface/include/psa/client.h
@@ -130,6 +130,14 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t version);
/**
* \brief Call an RoT Service on an established connection.
*
+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ * support at most 4 parameters. TF-M chooses to encode 'in_len',
+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ * Compared with struct-based encoding, this method saves extra memory
+ * check and memory copy operation. The disadvantage is that the 'type'
+ * range has to be reduced into a 16-bit integer. So with this encoding,
+ * the valid range for 'type' is 0-32767.
+ *
* \param[in] handle A handle to an established connection.
* \param[in] type The request type.
* Must be zero( \ref PSA_IPC_CALL) or positive.
diff --git a/interface/src/psa/psa_client.c b/interface/src/psa/psa_client.c
index 00d95eeb2..6960ac67a 100644
--- a/interface/src/psa/psa_client.c
+++ b/interface/src/psa/psa_client.c
@@ -56,10 +56,9 @@ psa_status_t psa_call(psa_handle_t handle,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return psa_call_param_pack(handle,
diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c
index 9d60a11d7..751216dd0 100644
--- a/interface/src/tfm_psa_ns_api.c
+++ b/interface/src/tfm_psa_ns_api.c
@@ -50,10 +50,9 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return tfm_ns_interface_dispatch(