diff options
-rw-r--r-- | interface/include/psa/client.h | 8 | ||||
-rw-r--r-- | interface/src/psa/psa_client.c | 7 | ||||
-rw-r--r-- | interface/src/tfm_psa_ns_api.c | 7 | ||||
-rw-r--r-- | secure_fw/spm/ffm/psa_client_service_apis.c | 2 |
4 files changed, 15 insertions, 9 deletions
diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h index d92de026f2..7aee1e5e6a 100644 --- a/interface/include/psa/client.h +++ b/interface/include/psa/client.h @@ -130,6 +130,14 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t version); /** * \brief Call an RoT Service on an established connection. * + * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI + * support at most 4 parameters. TF-M chooses to encode 'in_len', + * 'out_len', and 'type' into a 32-bit integer to improve efficiency. + * Compared with struct-based encoding, this method saves extra memory + * check and memory copy operation. The disadvantage is that the 'type' + * range has to be reduced into a 16-bit integer. So with this encoding, + * the valid range for 'type' is 0-32767. + * * \param[in] handle A handle to an established connection. * \param[in] type The request type. * Must be zero( \ref PSA_IPC_CALL) or positive. diff --git a/interface/src/psa/psa_client.c b/interface/src/psa/psa_client.c index 00d95eeb2b..6960ac67af 100644 --- a/interface/src/psa/psa_client.c +++ b/interface/src/psa/psa_client.c @@ -56,10 +56,9 @@ psa_status_t psa_call(psa_handle_t handle, { if ((type > INT16_MAX) || (type < INT16_MIN) || - (in_len > PSA_MAX_IOVEC) || - (out_len > PSA_MAX_IOVEC) || - ((in_len + out_len) > PSA_MAX_IOVEC)) { - return PSA_ERROR_INVALID_ARGUMENT; + (in_len > UINT8_MAX) || + (out_len > UINT8_MAX)) { + return PSA_ERROR_PROGRAMMER_ERROR; } return psa_call_param_pack(handle, diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c index 9d60a11d7f..751216dd0b 100644 --- a/interface/src/tfm_psa_ns_api.c +++ b/interface/src/tfm_psa_ns_api.c @@ -50,10 +50,9 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, { if ((type > INT16_MAX) || (type < INT16_MIN) || - (in_len > PSA_MAX_IOVEC) || - (out_len > PSA_MAX_IOVEC) || - ((in_len + out_len) > PSA_MAX_IOVEC)) { - return PSA_ERROR_INVALID_ARGUMENT; + (in_len > UINT8_MAX) || + (out_len > UINT8_MAX)) { + return PSA_ERROR_PROGRAMMER_ERROR; } return tfm_ns_interface_dispatch( diff --git a/secure_fw/spm/ffm/psa_client_service_apis.c b/secure_fw/spm/ffm/psa_client_service_apis.c index 2f57c0cc8a..57c1b82a41 100644 --- a/secure_fw/spm/ffm/psa_client_service_apis.c +++ b/secure_fw/spm/ffm/psa_client_service_apis.c @@ -78,7 +78,7 @@ psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr) privileged = tfm_spm_partition_get_privileged_mode( partition->p_static->flags); - type = (int32_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET); + type = (int32_t)(int16_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET); in_num = (size_t)((args[1] & IN_LEN_MASK) >> IN_LEN_OFFSET); out_num = (size_t)((args[1] & OUT_LEN_MASK) >> OUT_LEN_OFFSET); inptr = (psa_invec *)args[2]; |