fix(notifications): flag that Must Be Zero
According to FF-A v1.1 EAC0 specification the bits [31:4] of the 'flags'
argument to the FFA_NOTIFICATION_GET ABI Must Be Zero.
Change-Id: I6381d9572eb8d7f7af700833c26ced59493a36b0
Signed-off-by: J-Alves <joao.alves@arm.com>
diff --git a/src/api.c b/src/api.c
index 55e7b81..e560f8b 100644
--- a/src/api.c
+++ b/src/api.c
@@ -3082,13 +3082,27 @@
ffa_notifications_bitmap_t vm_notifications = 0;
struct vm_locked receiver_locked;
struct ffa_value ret;
+ const uint32_t flags_mbz = ~(FFA_NOTIFICATION_FLAG_BITMAP_HYP |
+ FFA_NOTIFICATION_FLAG_BITMAP_SPM |
+ FFA_NOTIFICATION_FLAG_BITMAP_SP |
+ FFA_NOTIFICATION_FLAG_BITMAP_VM);
+
+ /* The FF-A v1.1 EAC0 specification states bits [31:4] Must Be Zero. */
+ if ((flags & flags_mbz) != 0U) {
+ dlog_verbose(
+ "Invalid flags bit(s) set in notifications get. [31:4] "
+ "MBZ(%x)\n",
+ flags);
+ return ffa_error(FFA_INVALID_PARAMETERS);
+ }
/*
- * Following check should capture wrong uses of the interface, depending
- * on whether Hafnium is SPMC or hypervisor.
- * On the rest of the function it is assumed this condition is met.
+ * Following check should capture wrong uses of the interface,
+ * depending on whether Hafnium is SPMC or hypervisor. On the
+ * rest of the function it is assumed this condition is met.
*/
- if (!plat_ffa_is_notification_get_valid(current, receiver_vm_id)) {
+ if (!plat_ffa_is_notification_get_valid(current, receiver_vm_id,
+ flags)) {
dlog_verbose("Invalid use of notifications get interface.\n");
return ffa_error(FFA_INVALID_PARAMETERS);
}