FF-A: x2/w2 MBZ in direct message interfaces
According to sections 10.2.1.2 & 10.3.1.2 of FF-A specification, the
register x2/w2 Must Be Zero, and should be set by the sender. The
relayer must must validate this condition and return FFA_ERROR_INVALID
if such isn't met.
Change-Id: I899ed7a99e0c3e7c70045688c7e0de4b9bd93a41
Signed-off-by: J-Alves <joao.alves@arm.com>
diff --git a/src/api.c b/src/api.c
index 41bc1a3..cce9cf9 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1638,6 +1638,15 @@
}
/**
+ * FF-A specification states that x2/w2 Must Be Zero for direct messaging
+ * interfaces.
+ */
+static inline bool api_ffa_dir_msg_is_arg2_zero(struct ffa_value args)
+{
+ return args.arg2 == 0U;
+}
+
+/**
* Send an FF-A direct message request.
*/
struct ffa_value api_ffa_msg_send_direct_req(ffa_vm_id_t sender_vm_id,
@@ -1651,6 +1660,10 @@
struct vcpu *receiver_vcpu;
struct two_vcpu_locked vcpus_locked;
+ if (!api_ffa_dir_msg_is_arg2_zero(args)) {
+ return ffa_error(FFA_INVALID_PARAMETERS);
+ }
+
if (!arch_other_world_is_direct_request_valid(current, sender_vm_id,
receiver_vm_id)) {
return ffa_error(FFA_NOT_SUPPORTED);
@@ -1771,6 +1784,11 @@
struct vcpu **next)
{
struct vcpu_locked current_locked;
+
+ if (!api_ffa_dir_msg_is_arg2_zero(args)) {
+ return ffa_error(FFA_INVALID_PARAMETERS);
+ }
+
struct ffa_value to_ret = {
.func = args.func,
.arg1 = args.arg1,