test(spm): validate NWd can't share forbidden addresses
Validate that the NWd can't share memory addresses that are owned
by SPMC, or the SPs. Such scenario could be used to circumvent
SPM enforced sandboxing of each SP.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I43abffc0122183222d701c2a44cc806ca620b1ca
diff --git a/tftf/tests/runtime_services/secure_service/test_ffa_memory_sharing.c b/tftf/tests/runtime_services/secure_service/test_ffa_memory_sharing.c
index ea33587..c469478 100644
--- a/tftf/tests/runtime_services/secure_service/test_ffa_memory_sharing.c
+++ b/tftf/tests/runtime_services/secure_service/test_ffa_memory_sharing.c
@@ -39,6 +39,65 @@
return true;
}
+static bool test_memory_send_expect_denied(uint32_t mem_func,
+ void *mem_ptr)
+{
+ struct ffa_value ret;
+ struct mailbox_buffers mb;
+ struct ffa_memory_region_constituent constituents[] = {
+ {(void *)mem_ptr, 1, 0}
+ };
+ ffa_memory_handle_t handle;
+
+ const uint32_t constituents_count = sizeof(constituents) /
+ sizeof(struct ffa_memory_region_constituent);
+ GET_TFTF_MAILBOX(mb);
+
+ handle = memory_init_and_send((struct ffa_memory_region *)mb.send,
+ MAILBOX_SIZE, SENDER, RECEIVER,
+ constituents, constituents_count,
+ mem_func, &ret);
+
+ if (handle != FFA_MEMORY_HANDLE_INVALID) {
+ ERROR("Received a valid FF-A memory handle, and that isn't"
+ " expected.\n");
+ return false;
+ }
+
+ if (!is_expected_ffa_error(ret, FFA_ERROR_DENIED)) {
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Test invocation to FF-A memory sharing interfaces that should return in an
+ * error.
+ */
+test_result_t test_share_forbidden_ranges(void)
+{
+ const uintptr_t forbidden_address[] = {
+ /* Cactus SP memory. */
+ (uintptr_t)0x7200000,
+ /* SPMC Memory. */
+ (uintptr_t)0x6000000,
+ /* NS memory defined in cactus tertiary. */
+ (uintptr_t)0x0000880080001000,
+ };
+
+ CHECK_SPMC_TESTING_SETUP(1, 1, expected_sp_uuids);
+
+ for (unsigned i = 0; i < 3; i++) {
+ if (!test_memory_send_expect_denied(
+ FFA_MEM_SHARE_SMC32, (void *)forbidden_address[i])) {
+ return TEST_RESULT_FAIL;
+ }
+ }
+
+ return TEST_RESULT_SUCCESS;
+}
+
/**
* Tests that it is possible to share memory with SWd from NWd.
* After calling the respective memory send API, it will expect a reply from
diff --git a/tftf/tests/tests-spm.xml b/tftf/tests/tests-spm.xml
index 6f6fb75..b8861d3 100644
--- a/tftf/tests/tests-spm.xml
+++ b/tftf/tests/tests-spm.xml
@@ -92,6 +92,8 @@
function="test_req_mem_share_sp_to_vm" />
<testcase name="Request Lend Memory SP-to-VM"
function="test_req_mem_lend_sp_to_vm" />
+ <testcase name="Share forbidden memory with SP"
+ function="test_share_forbidden_ranges" />
</testsuite>
<testsuite name="SIMD,SVE Registers context"