commit 9bd324a42f379e3280ab2f0bf09ce1535142ef75
author J-Alves <joao.alves@arm.com> Thu Jan 12 10:52:52 2023 +0000
committer J-Alves <joao.alves@arm.com> Wed Jan 18 11:37:34 2023 +0000
tree d3b632ba3dfdf0efb0d1ae6389fa71bd598048a8
parent 486360ddc16601f67da0964d2f67e3fa5a3ba252

fix(indirect message): rxtx unmap from NWd

This patch ensures that calls to FFA_RXTX_UNMAP from NS physical FF-A
instance can't be exploited to unmap buffer belonging to an SP.

Rewritten for clarity some error logs.

Change-Id: I67cd8d70cedcb12b97db3fcafcef97f9fb82c82f
Signed-off-by: J-Alves <joao.alves@arm.com>

src/api.c

diff --git a/src/api.c b/src/api.c
index 94392c7..a11fd1a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1406,9 +1406,18 @@
 	paddr_t recv_pa_end;
 	struct ffa_value ret = (struct ffa_value){.func = FFA_SUCCESS_32};
 
+	if (vm->id == HF_HYPERVISOR_VM_ID && !plat_ffa_is_vm_id(allocator_id)) {
+		dlog_error(
+			"The Hypervisor must specify a valid VM ID in register "
+			"W1, if FFA_RXTX_UNMAP call forwarded to SPM.\n");
+		return ffa_error(FFA_INVALID_PARAMETERS);
+	}
+
 	/* Ensure `allocator_id` is set only at Non-Secure Physical instance. */
 	if (vm_id_is_current_world(vm->id) && (allocator_id != 0)) {
-		dlog_error("`allocator_id` must be 0 at virtual instances.\n");
+		dlog_error(
+			"The register W1 (containing ID) must be 0 at virtual "
+			"instances.\n");
 		return ffa_error(FFA_INVALID_PARAMETERS);
 	}