commit 41c5da385103b0ac0e6d9801a8adfc56d8e70416
author J-Alves <joao.alves@arm.com> Wed Jun 19 10:05:05 2024 +0100
committer Madhukar Pappireddy <madhukar.pappireddy@arm.com> Tue Sep 17 15:14:42 2024 +0200
tree 539bcdb4592f0dff56c3b85c4128040a3eb2ce12
parent d9e7c8fd3cf9bbca38b387d313f823a4754028b3

fix(notifications): delay SRI flag use from NWd

Per FF-A v1.2 EAC0 section 16.5.1 the FFA_NOTIFICATION_SET
parameter Flags[1] 'Delay Schedule Receiver interrupt flag'
can only be set by a SP at the secure virtual FF-A instance.
Invocation from the normal world must return an error.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I8e58eea6a0ab60b72c21980010137665733b2a3c

src/api.c

diff --git a/src/api.c b/src/api.c
index 974e507..3ef072d 100644
--- a/src/api.c
+++ b/src/api.c
@@ -4283,6 +4283,7 @@
 	const uint32_t flags_mbz =
 		~(FFA_NOTIFICATIONS_FLAG_PER_VCPU |
 		  FFA_NOTIFICATIONS_FLAG_DELAY_SRI | (0xFFFFU << 16));
+	const bool delay_sri = (FFA_NOTIFICATIONS_FLAG_DELAY_SRI & flags) != 0U;
 
 	if ((flags_mbz & flags) != 0U) {
 		dlog_verbose("%s: caller shouldn't set bits that MBZ.\n",
@@ -4309,6 +4310,17 @@
 		return ffa_error(FFA_INVALID_PARAMETERS);
 	}
 
+	/*
+	 * The 'Delay Schedule Receiver interrupt flag' only applies to the
+	 * secure virtual FF-A instance.
+	 */
+	if (!vm_id_is_current_world(sender_vm_id) && delay_sri) {
+		dlog_verbose(
+			"The delay SRI flag can only be set at the secure "
+			"virtual FF-A instance.\n");
+		return ffa_error(FFA_INVALID_PARAMETERS);
+	}
+
 	if (plat_ffa_notification_set_forward(sender_vm_id, receiver_vm_id,
 					      flags, notifications, &ret)) {
 		return ret;
@@ -4370,7 +4382,7 @@
 
 	dlog_verbose("Set the notifications: %lx.\n", notifications);
 
-	if ((FFA_NOTIFICATIONS_FLAG_DELAY_SRI & flags) == 0) {
+	if (!delay_sri) {
 		dlog_verbose("SRI was NOT delayed. vcpu: %u!\n",
 			     vcpu_index(current));
 		plat_ffa_sri_trigger_not_delayed(current->cpu);