commit 788b44922d578aee9b03e33c77a766484365dae9
author J-Alves <joao.alves@arm.com> Tue Apr 18 14:01:23 2023 +0100
committer J-Alves <joao.alves@arm.com> Fri Oct 13 14:06:15 2023 +0100
tree c0ccf56b4578dfa8cc5b30ca09f937dafc7f187e
parent f57948d73d76e412156825778f39df748fd13865

fix(memory share): SP to VM is not allowed

The FF-A v1.1 Rel0 doesn't allow for any memory to sent from the SWd to
the NWd, according to table 10.7.
Hafnium allowed for memory to be donated from SP to the NWd.

As of this patch, SPs can not share/lend/donate memory to the NWd.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I69a9f6b05b81729f01342ef2c00b6e62c4bd3aa8

src/ffa_memory.c

diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 5c8b5be..cafc17d 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -456,7 +456,7 @@
 	}
 
 	/* Ensure the address range is normal memory and not a device. */
-	if (*orig_from_mode & MM_MODE_D) {
+	if ((*orig_from_mode & MM_MODE_D) != 0U) {
 		dlog_verbose("Can't share device memory (mode is %#x).\n",
 			     *orig_from_mode);
 		return ffa_error(FFA_DENIED);
@@ -478,12 +478,22 @@
 		uint32_t required_from_mode = ffa_memory_permissions_to_mode(
 			permissions, *orig_from_mode);
 
+		/*
+		 * The assumption is that at this point, the operation from
+		 * SP to a receiver VM, should have returned an FFA_ERROR
+		 * already.
+		 */
+		if (!ffa_is_vm_id(from.vm->id)) {
+			assert(!ffa_is_vm_id(
+				receivers[i].receiver_permissions.receiver));
+		}
+
 		if ((*orig_from_mode & required_from_mode) !=
 		    required_from_mode) {
 			dlog_verbose(
 				"Sender tried to send memory with permissions "
-				"which "
-				"required mode %#x but only had %#x itself.\n",
+				"which required mode %#x but only had %#x "
+				"itself.\n",
 				required_from_mode, *orig_from_mode);
 			return ffa_error(FFA_DENIED);
 		}