commit cb05d972ca8711bfdb3af88c65150fdd5b26a26b
author David Hu <david.hu@arm.com> Tue Aug 06 18:10:11 2019 +0800
committer Ken Liu <ken.liu@arm.com> Tue Aug 13 10:32:15 2019 +0000
tree 89cf54e0c29cc2815e162291ad0fbdfd490d1f82
parent e348ebe969816d44b550bbae8cda19ae7ceb684e

Core: Change buffer address type to const void * in memory access check

Change buffer base address type to const void * in
tfm_memory_check() and tfm_core_has_write_access_to_region().
Remove unnecessary explicit type casts.

Change-Id: I59d03871d35837c1deebe095aa88c255f120c111
Signed-off-by: David Hu <david.hu@arm.com>

secure_fw/core/ipc/tfm_svcalls.c

diff --git a/secure_fw/core/ipc/tfm_svcalls.c b/secure_fw/core/ipc/tfm_svcalls.c
index e507057..a5f3239 100644
--- a/secure_fw/core/ipc/tfm_svcalls.c
+++ b/secure_fw/core/ipc/tfm_svcalls.c
@@ -186,11 +186,11 @@
          * Read parameters from the arguments. It is a fatal error if the
          * memory reference for buffer is invalid or not readable.
          */
-        if (tfm_memory_check((void *)args[2], sizeof(uint32_t),
+        if (tfm_memory_check((const void *)args[2], sizeof(uint32_t),
             ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
             tfm_panic();
         }
-        if (tfm_memory_check((void *)args[3], sizeof(uint32_t),
+        if (tfm_memory_check((const void *)args[3], sizeof(uint32_t),
             ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
             tfm_panic();
         }
@@ -218,8 +218,8 @@
      * if the memory reference for the wrap input vector is invalid or not
      * readable.
      */
-    if (tfm_memory_check((void *)inptr, in_num * sizeof(psa_invec),
-        ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+    if (tfm_memory_check(inptr, in_num * sizeof(psa_invec), ns_caller,
+        TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
         tfm_panic();
     }
     /*
@@ -227,8 +227,8 @@
      * actual length later. It is a fatal error if the memory reference for
      * the wrap output vector is invalid or not read-write.
      */
-    if (tfm_memory_check((void *)outptr, out_num * sizeof(psa_outvec),
-        ns_caller, TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+    if (tfm_memory_check(outptr, out_num * sizeof(psa_outvec), ns_caller,
+        TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
         tfm_panic();
     }
 
@@ -244,8 +244,8 @@
      * memory reference was invalid or not readable.
      */
     for (i = 0; i < in_num; i++) {
-        if (tfm_memory_check((void *)invecs[i].base, invecs[i].len,
-            ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+        if (tfm_memory_check(invecs[i].base, invecs[i].len, ns_caller,
+            TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
             tfm_panic();
         }
     }
@@ -423,8 +423,8 @@
      * Write the message to the service buffer. It is a fatal error if the
      * input msg pointer is not a valid memory reference or not read-write.
      */
-    if (tfm_memory_check((void *)msg, sizeof(psa_msg_t),
-        false, TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+    if (tfm_memory_check(msg, sizeof(psa_msg_t), false, TFM_MEMORY_ACCESS_RW,
+        privileged) != IPC_SUCCESS) {
         tfm_panic();
     }
 

secure_fw/core/tfm_secure_api.c

diff --git a/secure_fw/core/tfm_secure_api.c b/secure_fw/core/tfm_secure_api.c
index 3a262d4..6555fcb 100644
--- a/secure_fw/core/tfm_secure_api.c
+++ b/secure_fw/core/tfm_secure_api.c
@@ -166,7 +166,7 @@
     return has_access_to_region(p, s, flags);
 }
 
-enum tfm_status_e tfm_core_has_write_access_to_region(void *p, size_t s,
+enum tfm_status_e tfm_core_has_write_access_to_region(const void *p, size_t s,
                                                       uint32_t ns_caller,
                                                       uint32_t privileged)
 {

secure_fw/core/tfm_secure_api.h

diff --git a/secure_fw/core/tfm_secure_api.h b/secure_fw/core/tfm_secure_api.h
index 69828f0..c626df1 100644
--- a/secure_fw/core/tfm_secure_api.h
+++ b/secure_fw/core/tfm_secure_api.h
@@ -126,7 +126,7 @@
  * \return TFM_SUCCESS if the partition has access to the memory range,
  *         TFM_ERROR_GENERIC otherwise.
  */
-enum tfm_status_e tfm_core_has_write_access_to_region(void *p, size_t s,
+enum tfm_status_e tfm_core_has_write_access_to_region(const void *p, size_t s,
                                                       uint32_t ns_caller,
                                                       uint32_t privileged);
 

secure_fw/spm/spm_api.h

diff --git a/secure_fw/spm/spm_api.h b/secure_fw/spm/spm_api.h
index 7f95339..02c5dbf 100644
--- a/secure_fw/spm/spm_api.h
+++ b/secure_fw/spm/spm_api.h
@@ -638,7 +638,7 @@
  * \retval IPC_ERROR_BAD_PARAMETERS  Bad parameters input
  * \retval IPC_ERROR_MEMORY_CHECK    Check failed
  */
-int32_t tfm_memory_check(void *buffer, size_t len, int32_t ns_caller,
+int32_t tfm_memory_check(const void *buffer, size_t len, int32_t ns_caller,
                          enum tfm_memory_access_e access,
                          uint32_t privileged);
 

secure_fw/spm/spm_api_ipc.c

diff --git a/secure_fw/spm/spm_api_ipc.c b/secure_fw/spm/spm_api_ipc.c
index 98f6046..24fd179 100644
--- a/secure_fw/spm/spm_api_ipc.c
+++ b/secure_fw/spm/spm_api_ipc.c
@@ -450,7 +450,7 @@
                     partition_priority;
 }
 
-int32_t tfm_memory_check(void *buffer, size_t len, int32_t ns_caller,
+int32_t tfm_memory_check(const void *buffer, size_t len, int32_t ns_caller,
                          enum tfm_memory_access_e access,
                          uint32_t privileged)
 {