fix(memory share): read-only memory can't clear memory
If the receiver was given RO permissions it shouldn't be able to
request the clearing of memory via the flags of
FFA_MEM_RELINQUISH.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ibd61e23f920ecf0f391f2cbabe7343f8785b144a
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 969e4d7..22aba6f 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -2883,6 +2883,7 @@
struct ffa_value ret;
uint32_t receiver_index;
bool receivers_relinquished_memory;
+ ffa_memory_access_permissions_t receiver_permissions = 0;
if (relinquish_request->endpoint_count != 1) {
dlog_verbose(
@@ -2958,6 +2959,8 @@
if (receiver->receiver_permissions.receiver ==
from_locked.vm->id) {
+ receiver_permissions =
+ receiver->receiver_permissions.permissions;
continue;
}
@@ -2982,6 +2985,13 @@
goto out;
}
+ if (clear && receiver_permissions == FFA_DATA_ACCESS_RO) {
+ dlog_verbose("%s: RO memory can't use clear memory flag.\n",
+ __func__);
+ ret = ffa_error(FFA_DENIED);
+ goto out;
+ }
+
ret = ffa_relinquish_check_update(
from_locked, share_state->fragments,
share_state->fragment_constituent_counts,