commit 1ce712affb8be91ede0d1d9fd4f45d68201ac591
author Summer Qin <summer.qin@arm.com> Mon Oct 14 18:04:05 2019 +0800
committer Ken Liu <ken.liu@arm.com> Thu Dec 05 03:34:51 2019 +0000
tree ff8ee2b5b4ff6820da928eb9e1cac440e205bc89
parent 8aae06ff913222e28055c792597ed43d00449d67

Core: Add connect handle check

Check from the two aspects:
- Check the validation of the connection handle by checking if it is
  allocated from conn_handle_pool.
- Check the ownership of the connection handle by checking if the
  client_id stored in handle is the same as the current caller.

Change-Id: I4a6031f34d022760800acf1c3a41c4f7dc7747cc
Signed-off-by: Summer Qin <summer.qin@arm.com>

secure_fw/spm/spm_api_ipc.c

diff --git a/secure_fw/spm/spm_api_ipc.c b/secure_fw/spm/spm_api_ipc.c
index 58a0fd3..4933e97 100644
--- a/secure_fw/spm/spm_api_ipc.c
+++ b/secure_fw/spm/spm_api_ipc.c
@@ -50,7 +50,8 @@
 /********************** SPM functions for handler mode ***********************/
 
 /* Service handle management functions */
-psa_handle_t tfm_spm_create_conn_handle(struct tfm_spm_service_t *service)
+psa_handle_t tfm_spm_create_conn_handle(struct tfm_spm_service_t *service,
+                                        int32_t client_id)
 {
     struct tfm_conn_handle_t *p_handle;
 
@@ -64,6 +65,7 @@
 
     p_handle->service = service;
     p_handle->status = TFM_HANDLE_STATUS_IDLE;
+    p_handle->client_id = client_id;
 
     /* Add handle node to list for next psa functions */
     tfm_list_add_tail(&service->handle_list, &p_handle->list);
@@ -71,6 +73,23 @@
     return (psa_handle_t)p_handle;
 }
 
+int32_t tfm_spm_validate_conn_handle(psa_handle_t conn_handle,
+                                     int32_t client_id)
+{
+    /* Check the handle address is validated */
+    if (is_valid_chunk_data_in_pool(conn_handle_pool,
+                                    (uint8_t *)conn_handle) != true) {
+        return IPC_ERROR_GENERIC;
+    }
+
+    /* Check the handle caller is correct */
+    if (((struct tfm_conn_handle_t *)conn_handle)->client_id != client_id) {
+        return IPC_ERROR_GENERIC;
+    }
+
+    return IPC_SUCCESS;
+}
+
 static struct tfm_conn_handle_t *
     tfm_spm_find_conn_handle_node(struct tfm_spm_service_t *service,
                                   psa_handle_t conn_handle)
@@ -304,7 +323,7 @@
 void tfm_spm_fill_msg(struct tfm_msg_body_t *msg,
                       struct tfm_spm_service_t *service,
                       psa_handle_t handle,
-                      int32_t type, int32_t ns_caller,
+                      int32_t type, int32_t client_id,
                       psa_invec *invec, size_t in_len,
                       psa_outvec *outvec, size_t out_len,
                       psa_outvec *caller_outvec)
@@ -327,12 +346,7 @@
     msg->service = service;
     msg->handle = handle;
     msg->caller_outvec = caller_outvec;
-    /* Get current partition id */
-    if (ns_caller) {
-        msg->msg.client_id = tfm_nspm_get_current_client_id();
-    } else {
-        msg->msg.client_id = tfm_spm_partition_get_running_partition_id();
-    }
+    msg->msg.client_id = client_id;
 
     /* Copy contents */
     msg->msg.type = type;