feat(ff-a): use memcpy that is trapped GPF
In `FFA_PARTITION_INFO_GET` the SPMC copies the paritition info
descriptor to the RX buffer of the NWd. This is prone to a GPF,
if NWd request realm to add memory to the realm PAS.
With `memcpy_trapped` the SPMC should be able to recover from GPF,
and return error FFA_ABORTED to the caller.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I2b25276c36eb70a46290f7157d71b3df9f1a4adb
diff --git a/src/api.c b/src/api.c
index f642f0c..376d6ea 100644
--- a/src/api.c
+++ b/src/api.c
@@ -10,6 +10,7 @@
#include "hf/arch/cpu.h"
#include "hf/arch/ffa.h"
+#include "hf/arch/memcpy_trapped.h"
#include "hf/arch/mm.h"
#include "hf/arch/other_world.h"
#include "hf/arch/plat/ffa.h"
@@ -448,8 +449,7 @@
if (buffer_size > HF_MAILBOX_SIZE) {
dlog_error(
"Partition information does not fit in the "
- "VM's RX "
- "buffer.\n");
+ "VM's RX buffer.\n");
return ffa_error(FFA_NO_MEMORY);
}
@@ -469,6 +469,7 @@
} else {
partition_info_size = sizeof(struct ffa_partition_info);
buffer_size = partition_info_size * vm_count;
+
if (buffer_size > HF_MAILBOX_SIZE) {
dlog_error(
"Partition information does not fit in the "
@@ -477,10 +478,17 @@
return ffa_error(FFA_NO_MEMORY);
}
- /* Populate the VM's RX buffer with the partition information.
+ /*
+ * Populate the VM's RX buffer with the partition information.
*/
- memcpy_s(vm->mailbox.recv, HF_MAILBOX_SIZE, partitions,
- buffer_size);
+ if (!memcpy_trapped(vm->mailbox.recv, HF_MAILBOX_SIZE,
+ partitions, buffer_size)) {
+ dlog_error(
+ "%s: Failed to copy ffa_partition_info "
+ "descriptor\n",
+ __func__);
+ return ffa_error(FFA_ABORTED);
+ }
}
vm->mailbox.recv_size = buffer_size;