commit 9c7b9bec77d87a408f9d5594e429667c3c241e68
author Shawn Shan <Shawn.Shan@arm.com> Mon May 17 15:28:02 2021 +0800
committer Ken Liu <ken.liu@arm.com> Mon May 31 05:21:45 2021 +0200
tree 386a7b375f71338b2852a5be56eef3bd0f5c4824
parent cbaa22bfe88133591ed47fe08b9e95596795a24e

SPM: Correct 'invalid parameter' error handling

- 'Invalid parameter' is regarded as 'programmer error' instead of
  return 'PSA_ERROR_INVALID_ARGUMENT'.
- 'Programmer error' should be handled inside SPM instead of interface,
  as SPM needs to decide the error handling based on the caller
  attribute.
- Keep the parameters range check inside the interface to give an explicit
  hint.
- Correct 'type' casting to avoid lose sign bit.

Change-Id: I35a5b70b5dc1ea7072c45f0ebac0630f65edfa00
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>

interface/include/psa/client.h

diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h
index d92de02..7aee1e5 100644
--- a/interface/include/psa/client.h
+++ b/interface/include/psa/client.h
@@ -130,6 +130,14 @@
 /**
  * \brief Call an RoT Service on an established connection.
  *
+ * \note  FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ *        support at most 4 parameters. TF-M chooses to encode 'in_len',
+ *        'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ *        Compared with struct-based encoding, this method saves extra memory
+ *        check and memory copy operation. The disadvantage is that the 'type'
+ *        range has to be reduced into a 16-bit integer. So with this encoding,
+ *        the valid range for 'type' is 0-32767.
+ *
  * \param[in] handle            A handle to an established connection.
  * \param[in] type              The request type.
  *                              Must be zero( \ref PSA_IPC_CALL) or positive.