TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 84658fc6c4cd7577140b9958a50b99395622ffea^! / . / src / ffa_memory.c
commit84658fc6c4cd7577140b9958a50b99395622ffea[log] [tgz]
authorJ-Alves <joao.alves@arm.com>Thu Jun 17 14:37:32 2021 +0100
committerOlivier Deprez <olivier.deprez@arm.com>Wed Sep 08 10:18:13 2021 +0200
treecd6a5787c39c82b29f38e4b9c13d56933d2967b0
parent86ba0acec114310e2a49537a7a784435b9ce2254 [diff] [blame]
fix(memory share): Flags from mem region MBZ

According to the FF-A specification, the flags field from the memory
transaction descriptor is used to govern the behavior in a memory
management transaction, and in some cases some bits Must Be Zero (MBZ).
This patch adds proper checks to the 'ffa_memory_region' when handling
the memory sharing interfaces, so that error is returned when the bits
that MBZ aren't.

Change-Id: If5de9bb25d263b01a21e3c7d71bac707ab8652d5
Signed-off-by: J-Alves <joao.alves@arm.com>

diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index f92957b..265f2f3 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c

@@ -2246,6 +2246,24 @@
 		goto out;
 	}
 
+	if ((retrieve_request->flags & ~0x7FF) != 0U) {
+		dlog_verbose(
+			"Bits 31-10 must be zero in memory region's flags.\n");
+		ret = ffa_error(FFA_INVALID_PARAMETERS);
+		goto out;
+	}
+
+	if (share_state->share_func == FFA_MEM_SHARE_32 &&
+	    (retrieve_request->flags &
+	     (FFA_MEMORY_REGION_FLAG_CLEAR |
+	      FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH)) != 0U) {
+		dlog_verbose(
+			"Memory Share operation can't clean after relinquish "
+			"memory region.\n");
+		ret = ffa_error(FFA_INVALID_PARAMETERS);
+		goto out;
+	}
+
 	/*
 	 * Check permissions from sender against permissions requested by
 	 * receiver.
@@ -2262,6 +2280,16 @@
 	requested_instruction_access =
 		ffa_get_instruction_access_attr(requested_permissions);
 	permissions = 0;
+
+	if ((sent_data_access == FFA_DATA_ACCESS_RO ||
+	     requested_permissions == FFA_DATA_ACCESS_RO) &&
+	    (retrieve_request->flags & FFA_MEMORY_REGION_FLAG_CLEAR) != 0U) {
+		dlog_verbose(
+			"Receiver has RO permissions can not request clear.\n");
+		ret = ffa_error(FFA_DENIED);
+		goto out;
+	}
+
 	switch (sent_data_access) {
 	case FFA_DATA_ACCESS_NOT_SPECIFIED:
 	case FFA_DATA_ACCESS_RW: