TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / c7dc932e9a157ff4291b652ed54360659234448c^! / . / inc
commitc7dc932e9a157ff4291b652ed54360659234448c[log] [tgz]
authorDaniel Boulby <daniel.boulby@arm.com>Fri Oct 27 15:12:07 2023 +0100
committerJoao Alves <joao.alves@arm.com>Mon Jan 15 14:48:20 2024 +0100
tree1433931316847dbcd6e05bcbcb2815973412f844
parentd5ae44bed0c1e1b931a968e320444bb27658ec4b [diff]
feat(memory share): check memory region desc values

This patch introduces a helper function to check that the values
provided in the memory region descriptor are valid and safe.
Offset values are within safe bounds, receiver count will not
cause overflows and reserved fields are 0.

Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: If3e751cf80cd5a0ecbcc77245a91daac50465a5c

diff --git a/inc/hf/ffa_memory.h b/inc/hf/ffa_memory.h
index 8187e6f..7d7ccac 100644
--- a/inc/hf/ffa_memory.h
+++ b/inc/hf/ffa_memory.h

@@ -13,6 +13,11 @@
 
 #include "vmapi/hf/ffa.h"
 
+bool ffa_memory_region_sanity_check(struct ffa_memory_region *memory_region,
+				    uint32_t ffa_version,
+				    uint32_t fragment_length,
+				    bool send_transaction);
+
 struct ffa_value ffa_memory_send(struct vm_locked from_locked,
 				 struct ffa_memory_region *memory_region,
 				 uint32_t memory_share_length,

diff --git a/inc/vmapi/hf/ffa.h b/inc/vmapi/hf/ffa.h
index 8b61fbe..4ab3592 100644
--- a/inc/vmapi/hf/ffa.h
+++ b/inc/vmapi/hf/ffa.h

@@ -23,6 +23,17 @@
 #define FFA_VERSION_COMPILED \
 	MAKE_FFA_VERSION(FFA_VERSION_MAJOR, FFA_VERSION_MINOR)
 
+/**
+ * Check major versions are equal and the minor version of the caller is
+ * less than or equal to the minor version of the callee.
+ */
+#define FFA_VERSIONS_ARE_COMPATIBLE(v_caller, v_callee)                        \
+	((((v_caller >> FFA_VERSION_MAJOR_OFFSET) & FFA_VERSION_MAJOR_MASK) == \
+	  ((v_callee >> FFA_VERSION_MAJOR_OFFSET) &                            \
+	   FFA_VERSION_MAJOR_MASK)) &&                                         \
+	 (((v_caller >> FFA_VERSION_MINOR_OFFSET) & FFA_VERSION_MINOR_MASK) <= \
+	  ((v_callee >> FFA_VERSION_MINOR_OFFSET) & FFA_VERSION_MINOR_MASK)))
+
 /* clang-format off */
 
 #define FFA_LOW_32_ID  0x84000060
@@ -1128,6 +1139,13 @@
 };
 
 /**
+ * Returns the first FF-A version that matches the memory access descriptor
+ * size.
+ */
+uint32_t ffa_version_from_memory_access_desc_size(
+	uint32_t memory_access_desc_size);
+
+/**
  * To maintain forwards compatability we can't make assumptions about the size
  * of the endpoint memory access descriptor so provide a helper function
  * to get a receiver from the receiver array using the memory access descriptor