commit 8f2150d1d4c6e1361b81abaa7d0e90d8a4f522ba
author J-Alves <joao.alves@arm.com> Thu Mar 28 16:15:56 2024 +0000
committer Madhukar Pappireddy <madhukar.pappireddy@arm.com> Fri Jul 12 19:11:53 2024 +0200
tree f82e72333606260d6a3cd67d83a810399f46fcd8
parent f220d57a4102d5ab79cfe03c06feecfaf8739e1f

feat(memory share): `memcpy_trapped` to read from tx

Changed the handling of the accesses to TX buffers, at the
start of handling of the following memory sharing handlers:
 - `api_ffa_mem_send`;
 - `api_ffa_mem_relinquish`;
 - `api_ffa_mem_frag_tx`;
 - `api_ffa_mem_retrieve_req`.

Change-Id: Ica821f62b178014c9cdd60a0cf9a496c331cdaee
Signed-off-by: J-Alves <joao.alves@arm.com>

src/api.c

diff --git a/src/api.c b/src/api.c
index 5221f87..0eddcef 100644
--- a/src/api.c
+++ b/src/api.c
@@ -3457,8 +3457,13 @@
 		return ffa_error(FFA_NO_MEMORY);
 	}
 
-	memcpy_s(allocated_entry, MM_PPOOL_ENTRY_SIZE, from_msg,
-		 fragment_length);
+	if (!memcpy_trapped(allocated_entry, MM_PPOOL_ENTRY_SIZE, from_msg,
+			    fragment_length)) {
+		dlog_error(
+			"%s: Failed to copy FF-A memory region descriptor.\n",
+			__func__);
+		return ffa_error(FFA_ABORTED);
+	}
 
 	if (!ffa_memory_region_sanity_check(allocated_entry, ffa_version,
 					    fragment_length, true)) {
@@ -3622,7 +3627,15 @@
 	 * Copy the retrieve request descriptor to an internal buffer, so that
 	 * the caller can't change it underneath us.
 	 */
-	memcpy_s(retrieve_msg, message_buffer_size, to_msg, length);
+	if (!memcpy_trapped(retrieve_msg, message_buffer_size, to_msg,
+			    length)) {
+		dlog_error(
+			"%s: Failed to copy FF-A retrieve request "
+			"descriptor.\n",
+			__func__);
+		ret = ffa_error(FFA_ABORTED);
+		goto out;
+	}
 
 	if ((vm_is_mailbox_other_world_owned(to_locked) &&
 	     !plat_ffa_acquire_receiver_rx(to_locked, &ret)) ||
@@ -3707,7 +3720,14 @@
 		ret = ffa_error(FFA_INVALID_PARAMETERS);
 		goto out;
 	}
-	memcpy_s(relinquish_request, message_buffer_size, from_msg, length);
+
+	if (!memcpy_trapped(relinquish_request, message_buffer_size, from_msg,
+			    length)) {
+		dlog_error("%s: Failed to copy FF-A relinquish request.\n",
+			   __func__);
+		ret = ffa_error(FFA_ABORTED);
+		goto out;
+	}
 
 	if (sizeof(struct ffa_mem_relinquish) +
 		    relinquish_request->endpoint_count * sizeof(ffa_id_t) !=
@@ -3840,7 +3860,12 @@
 		dlog_verbose("Failed to allocate fragment copy.\n");
 		return ffa_error(FFA_NO_MEMORY);
 	}
-	memcpy_s(fragment_copy, MM_PPOOL_ENTRY_SIZE, from_msg, fragment_length);
+
+	if (!memcpy_trapped(fragment_copy, MM_PPOOL_ENTRY_SIZE, from_msg,
+			    fragment_length)) {
+		dlog_error("%s: Failed to copy fragment.\n", __func__);
+		return ffa_error(FFA_ABORTED);
+	}
 
 	/*
 	 * Hafnium doesn't support fragmentation of memory retrieve requests