TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 4342a3c3c7b23d999b7b8c48e8003ee439437fef^! / . / src
commit4342a3c3c7b23d999b7b8c48e8003ee439437fef[log] [tgz]
authorOlivier Deprez <olivier.deprez@arm.com>Mon Feb 28 09:37:25 2022 +0100
committerOlivier Deprez <olivier.deprez@arm.com>Wed Apr 12 10:32:03 2023 +0200
treef893ef428a9dd7bf3478d527447292b4008593bc
parentbbf1bec1dedc23f824c47443bf720eafca05be69 [diff]
feat: add security state attribute definitions

FF-A v1.1 REL0 section 10.10.4.1 "Usage of NS bit" permits the SPMC to
provide the security state of a memory region through the memory
transaction descriptor attributes in a memory retrieve response.
Add the appropriate macro definitions.
Ensure a caller clears the security state attribute (NS-bit in
Table 10.18) in the memory transaction descriptor for a memory retrieve
request, donate, lend and share (section 10.10.4.1 bullet 1).

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9e93e37757ee4b7d7198d9f09494cbdee840de97

diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index ee64f54..26733b8 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c

@@ -1192,6 +1192,7 @@
 	uint32_t constituents_length;
 	enum ffa_data_access data_access;
 	enum ffa_instruction_access instruction_access;
+	enum ffa_memory_security security_state;
 	struct ffa_value ret;
 
 	/* The sender must match the caller. */
@@ -1362,6 +1363,15 @@
 		}
 	}
 
+	/* Memory region attributes NS-Bit MBZ for FFA_MEM_SHARE/LEND/DONATE. */
+	security_state =
+		ffa_get_memory_security_attr(memory_region->attributes);
+	if (security_state != FFA_MEMORY_SECURITY_UNSPECIFIED) {
+		dlog_verbose(
+			"Invalid security state for memory share operation.\n");
+		return ffa_error(FFA_INVALID_PARAMETERS);
+	}
+
 	/*
 	 * If a memory donate or lend with single borrower, the memory type
 	 * shall not be specified by the sender.
@@ -1914,6 +1924,7 @@
 	ffa_memory_region_flags_t transaction_type =
 		retrieve_request->flags &
 		FFA_MEMORY_REGION_TRANSACTION_TYPE_MASK;
+	enum ffa_memory_security security_state;
 
 	assert(retrieve_request != NULL);
 	assert(memory_region != NULL);
@@ -2003,6 +2014,16 @@
 		return ffa_error(FFA_DENIED);
 	}
 
+	/* Memory region attributes NS-Bit MBZ for FFA_MEM_RETRIEVE_REQ. */
+	security_state =
+		ffa_get_memory_security_attr(retrieve_request->attributes);
+	if (security_state != FFA_MEMORY_SECURITY_UNSPECIFIED) {
+		dlog_verbose(
+			"Invalid security state for memory retrieve request "
+			"operation.\n");
+		return ffa_error(FFA_INVALID_PARAMETERS);
+	}
+
 	/*
 	 * If memory type is not specified, bypass validation of memory
 	 * attributes in the retrieve request. The retriever is expecting to