commit 872cd690062af31973a88da280fa0b29d081705b
author Federico Recanati <federico.recanati@arm.com> Wed Jan 05 13:10:10 2022 +0100
committer Olivier Deprez <olivier.deprez@arm.com> Tue Jan 18 15:42:03 2022 +0100
tree e7d7eb7b84018e71523dbda0d33d3758e98857c6
parent a98603aa965e3ff3ca5383249213e2fd1a96d850

fix(ff-a): check composite_memory_region_offset is set for memory send

In memory sending operations (lend/donate/share) there must be at least
one endpoint memory access descriptor.
Hafnium expects exactly one endpoint memory access descriptor and
checks that the offset to its composite memory region description is
within the TX buffer upper bound.

Adding the check that such offset is set > 0.

Change-Id: I0b0a8268013103e4f3edcb110ae0c041e64fe859
Signed-off-by: Federico Recanati <federico.recanati@arm.com>

src/ffa_memory.c

diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 84b6ae8..773e588 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -1395,6 +1395,7 @@
 {
 	struct ffa_composite_memory_region *composite;
 	uint32_t receivers_length;
+	uint32_t composite_memory_region_offset;
 	uint32_t constituents_offset;
 	uint32_t constituents_length;
 	enum ffa_data_access data_access;
@@ -1423,8 +1424,11 @@
 			   memory_region->receiver_count;
 	constituents_offset =
 		ffa_composite_constituent_offset(memory_region, 0);
-	if (memory_region->receivers[0].composite_memory_region_offset <
-		    sizeof(struct ffa_memory_region) + receivers_length ||
+	composite_memory_region_offset =
+		memory_region->receivers[0].composite_memory_region_offset;
+	if ((composite_memory_region_offset == 0) ||
+	    (composite_memory_region_offset <
+	     sizeof(struct ffa_memory_region) + receivers_length) ||
 	    constituents_offset > fragment_length) {
 		dlog_verbose(
 			"Invalid composite memory region descriptor offset "