commit 41ef8baba3638ba1a4af99b93fabf699a65239ac
author Daniel Boulby <daniel.boulby@arm.com> Fri Oct 13 17:01:22 2023 +0100
committer Daniel Boulby <daniel.boulby@arm.com> Fri Jan 19 18:01:34 2024 +0000
tree 292937b55648ba976fc3fc40802d2536d3f8ca54
parent 39bc21b073092d8e7c097bf6b2c12c5ce66b4753

refactor(memory share): use receiver_offsets to find receiver array

The receiver_offsets field was introduced to the ffa_memory_region
struct to help with forwards compatability in future FF-A versions
as the size of the `ffa_memory_region` struct varies. This patch moves
away from using `sizeof(ffa_memory_region)` to find the receiver array
and instead to using the `receivers_offset` field.

This is safe to do due to the introdution to the use of the
`ffa_memory_region_check_values` function in the previous patch.

Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I6aac59df0ad19ef500550d1bd60d1519a125598a

src/ffa_memory.c

diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 820d010..e146121 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -1467,6 +1467,7 @@
 {
 	struct ffa_memory_region *memory_region = share_state->memory_region;
 	struct ffa_composite_memory_region *composite;
+	struct ffa_memory_access *receiver;
 	struct ffa_value ret;
 
 	/* Lock must be held. */
@@ -1474,13 +1475,15 @@
 	assert(memory_region != NULL);
 	composite = ffa_memory_region_get_composite(memory_region, 0);
 	assert(composite != NULL);
+	receiver = ffa_memory_region_get_receiver(memory_region, 0);
+	assert(receiver != NULL);
 
 	/* Check that state is valid in sender page table and update. */
 	ret = ffa_send_check_update(
 		from_locked, share_state->fragments,
 		share_state->fragment_constituent_counts,
 		share_state->fragment_count, composite->page_count,
-		share_state->share_func, memory_region->receivers,
+		share_state->share_func, receiver,
 		memory_region->receiver_count, page_pool,
 		memory_region->flags & FFA_MEMORY_REGION_FLAG_CLEAR,
 		orig_from_mode_ret);
@@ -1563,9 +1566,9 @@
 	enum ffa_memory_security security_state;
 	struct ffa_value ret;
 	const size_t minimum_first_fragment_length =
-		(sizeof(struct ffa_memory_region) +
-		 memory_region->memory_access_desc_size +
-		 sizeof(struct ffa_composite_memory_region));
+		memory_region->receivers_offset +
+		memory_region->memory_access_desc_size +
+		sizeof(struct ffa_composite_memory_region);
 
 	if (fragment_length < minimum_first_fragment_length) {
 		dlog_verbose("Fragment length %u too short (min %u).\n",
@@ -1594,9 +1597,6 @@
 		return ffa_error(FFA_INVALID_PARAMETERS);
 	}
 
-	assert(memory_region->receivers_offset ==
-	       offsetof(struct ffa_memory_region, receivers));
-
 	/* The sender must match the caller. */
 	if ((!vm_id_is_current_world(from_locked.vm->id) &&
 	     vm_id_is_current_world(memory_region->sender)) ||
@@ -1618,7 +1618,7 @@
 	 */
 	receivers_end = ((uint64_t)memory_region->memory_access_desc_size *
 			 (uint64_t)memory_region->receiver_count) +
-			sizeof(struct ffa_memory_region);
+			memory_region->receivers_offset;
 	min_length = receivers_end +
 		     sizeof(struct ffa_composite_memory_region) +
 		     sizeof(struct ffa_memory_region_constituent);
@@ -2198,7 +2198,7 @@
 		 * alignment faults.
 		 */
 		composite_offset =
-			sizeof(struct ffa_memory_region) +
+			retrieve_response->receivers_offset +
 			(uint32_t)(receiver_count *
 				   retrieve_response->memory_access_desc_size);
 
@@ -2739,7 +2739,7 @@
 				     struct mpool *page_pool)
 {
 	uint32_t expected_retrieve_request_length =
-		sizeof(struct ffa_memory_region) +
+		retrieve_request->receivers_offset +
 		(uint32_t)(retrieve_request->receiver_count *
 			   retrieve_request->memory_access_desc_size);
 	ffa_memory_handle_t handle = retrieve_request->handle;