SPM: Rename local handle pointer variable name
Rename the connection handle struct pointer name to
"handle" or "conn_handle" to indicate it is a handle
pointer.
The API "spm_get_handle_by_signal()" is used by IPC
backend only, fix the missing backend config macro of it.
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
Change-Id: I705f6c4c63452d39d7bc142da90043b85a82854c
diff --git a/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst b/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
index 7c56c6c..5f1bd98 100644
--- a/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
+++ b/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
@@ -435,15 +435,15 @@
.. code-block:: c
- void tfm_rpc_set_caller_data(struct conn_handle_t *msg, int32_t client_id);
+ void tfm_rpc_set_caller_data(struct conn_handle_t *handle, int32_t client_id);
**Parameters**
-+---------------+-----------------------------------------------------+
-| ``msg`` | TF-M message to be set with NS caller private data. |
-+---------------+-----------------------------------------------------+
-| ``client_id`` | The client ID of the NS caller. |
-+---------------+-----------------------------------------------------+
++---------------+--------------------------------------------------------------+
+| ``handle`` | The connection handle to be set with NS caller private data. |
++---------------+--------------------------------------------------------------+
+| ``client_id`` | The client ID of the NS caller. |
++---------------+--------------------------------------------------------------+
**Usage**
@@ -703,6 +703,6 @@
----------------
-*Copyright (c) 2019-2021 Arm Limited. All Rights Reserved.*
+*Copyright (c) 2019-2022 Arm Limited. All Rights Reserved.*
*Copyright (c) 2020-2022 Cypress Semiconductor Corporation. All Rights Reserved.*
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index eb9267c..a06baec 100755
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -207,24 +207,25 @@
struct conn_handle_t *spm_get_handle_by_signal(struct partition_t *p_ptn,
psa_signal_t signal)
{
- struct conn_handle_t *p_msg_iter;
- struct conn_handle_t **pr_msg_iter, **last_found_msg_holder = NULL;
+ struct conn_handle_t *p_handle_iter;
+ struct conn_handle_t **pr_handle_iter, **last_found_handle_holder = NULL;
struct critical_section_t cs_assert = CRITICAL_SECTION_STATIC_INIT;
uint32_t nr_found_msgs = 0;
CRITICAL_SECTION_ENTER(cs_assert);
/* Return the last found message which applies a FIFO mechanism. */
- UNI_LIST_FOREACH_NODE_PNODE(pr_msg_iter, p_msg_iter, p_ptn, p_handles) {
- if (p_msg_iter->service->p_ldinf->signal == signal) {
- last_found_msg_holder = pr_msg_iter;
+ UNI_LIST_FOREACH_NODE_PNODE(pr_handle_iter, p_handle_iter,
+ p_ptn, p_handles) {
+ if (p_handle_iter->service->p_ldinf->signal == signal) {
+ last_found_handle_holder = pr_handle_iter;
nr_found_msgs++;
}
}
- if (last_found_msg_holder) {
- p_msg_iter = *last_found_msg_holder;
- UNI_LIST_REMOVE_NODE_BY_PNODE(last_found_msg_holder, p_handles);
+ if (last_found_handle_holder) {
+ p_handle_iter = *last_found_handle_holder;
+ UNI_LIST_REMOVE_NODE_BY_PNODE(last_found_handle_holder, p_handles);
if (nr_found_msgs == 1) {
p_ptn->signals_asserted &= ~signal;
@@ -233,9 +234,9 @@
CRITICAL_SECTION_LEAVE(cs_assert);
- return p_msg_iter;
+ return p_handle_iter;
}
-#endif
+#endif /* CONFIG_TFM_SPM_BACKEND_IPC == 1 */
struct service_t *tfm_spm_get_service_by_sid(uint32_t sid)
{
@@ -341,7 +342,7 @@
* 1. Not a valid message handle. (The address of a message is not the
* address of a possible handle from the pool
* 2. Handle not belongs to the caller partition (The handle is either
- * unused, or owned by anither partition)
+ * unused, or owned by another partition)
* Check the conditions above
*/
int32_t partition_id;
@@ -370,7 +371,7 @@
return p_conn_handle;
}
-void spm_fill_message(struct conn_handle_t *hdl,
+void spm_fill_message(struct conn_handle_t *conn_handle,
struct service_t *service,
psa_handle_t handle,
int32_t type, int32_t client_id,
@@ -380,7 +381,7 @@
{
uint32_t i;
- TFM_CORE_ASSERT(hdl);
+ TFM_CORE_ASSERT(conn_handle);
TFM_CORE_ASSERT(service);
TFM_CORE_ASSERT(!(invec == NULL && in_len != 0));
TFM_CORE_ASSERT(!(outvec == NULL && out_len != 0));
@@ -389,37 +390,37 @@
TFM_CORE_ASSERT(in_len + out_len <= PSA_MAX_IOVEC);
/* Clear message buffer before using it */
- spm_memset(&hdl->msg, 0, sizeof(psa_msg_t));
+ spm_memset(&conn_handle->msg, 0, sizeof(psa_msg_t));
- THRD_SYNC_INIT(&hdl->ack_evnt);
- hdl->magic = TFM_MSG_MAGIC;
- hdl->service = service;
- hdl->p_client = GET_CURRENT_COMPONENT();
- hdl->caller_outvec = caller_outvec;
- hdl->msg.client_id = client_id;
+ THRD_SYNC_INIT(&conn_handle->ack_evnt);
+ conn_handle->magic = TFM_MSG_MAGIC;
+ conn_handle->service = service;
+ conn_handle->p_client = GET_CURRENT_COMPONENT();
+ conn_handle->caller_outvec = caller_outvec;
+ conn_handle->msg.client_id = client_id;
/* Copy contents */
- hdl->msg.type = type;
+ conn_handle->msg.type = type;
for (i = 0; i < in_len; i++) {
- hdl->msg.in_size[i] = invec[i].len;
- hdl->invec[i].base = invec[i].base;
+ conn_handle->msg.in_size[i] = invec[i].len;
+ conn_handle->invec[i].base = invec[i].base;
}
for (i = 0; i < out_len; i++) {
- hdl->msg.out_size[i] = outvec[i].len;
- hdl->outvec[i].base = outvec[i].base;
+ conn_handle->msg.out_size[i] = outvec[i].len;
+ conn_handle->outvec[i].base = outvec[i].base;
/* Out len is used to record the wrote number, set 0 here again */
- hdl->outvec[i].len = 0;
+ conn_handle->outvec[i].len = 0;
}
/* Use the user connect handle as the message handle */
- hdl->msg.handle = handle;
- hdl->msg.rhandle = hdl->rhandle;
+ conn_handle->msg.handle = handle;
+ conn_handle->msg.rhandle = conn_handle->rhandle;
/* Set the private data of NSPE client caller in multi-core topology */
if (TFM_CLIENT_ID_IS_NS(client_id)) {
- tfm_rpc_set_caller_data(hdl, client_id);
+ tfm_rpc_set_caller_data(conn_handle, client_id);
}
}
@@ -617,7 +618,7 @@
return AAPCS_DUAL_U32_AS_U64(ctx_ctrls);
}
-void update_caller_outvec_len(struct conn_handle_t *hdl)
+void update_caller_outvec_len(struct conn_handle_t *handle)
{
uint32_t i;
@@ -629,18 +630,19 @@
* If it is a NS request via RPC, the owner of this message is not set.
* Or if it is a SFN message, it does not have owner thread state either.
*/
- if ((!is_tfm_rpc_msg(hdl)) && (hdl->sfn_magic != TFM_MSG_MAGIC_SFN)) {
- TFM_CORE_ASSERT(hdl->ack_evnt.owner->state == THRD_STATE_BLOCK);
+ if ((!is_tfm_rpc_msg(handle)) && (handle->sfn_magic != TFM_MSG_MAGIC_SFN)) {
+ TFM_CORE_ASSERT(handle->ack_evnt.owner->state == THRD_STATE_BLOCK);
}
for (i = 0; i < PSA_MAX_IOVEC; i++) {
- if (hdl->msg.out_size[i] == 0) {
+ if (handle->msg.out_size[i] == 0) {
continue;
}
- TFM_CORE_ASSERT(hdl->caller_outvec[i].base == hdl->outvec[i].base);
+ TFM_CORE_ASSERT(
+ handle->caller_outvec[i].base == handle->outvec[i].base);
- hdl->caller_outvec[i].len = hdl->outvec[i].len;
+ handle->caller_outvec[i].len = handle->outvec[i].len;
}
}
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index b9d54d5..f8cc55d 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -170,7 +170,7 @@
* \retval "Not NULL" Service handle created
*/
struct conn_handle_t *tfm_spm_create_conn_handle(struct service_t *service,
- int32_t client_id);
+ int32_t client_id);
/**
* \brief Validate connection handle for client connect
@@ -181,9 +181,8 @@
* \retval SPM_SUCCESS Success
* \retval SPM_ERROR_GENERIC Invalid handle
*/
-int32_t tfm_spm_validate_conn_handle(
- const struct conn_handle_t *conn_handle,
- int32_t client_id);
+int32_t tfm_spm_validate_conn_handle(const struct conn_handle_t *conn_handle,
+ int32_t client_id);
/**
* \brief Free connection handle which not used anymore.
@@ -201,6 +200,7 @@
/******************** Partition management functions *************************/
+#if CONFIG_TFM_SPM_BACKEND_IPC == 1
/*
* Lookup and grab the last spotted handles containing the message
* by the given signal. Only ONE signal bit can be accepted in 'signal',
@@ -214,6 +214,7 @@
*/
struct conn_handle_t *spm_get_handle_by_signal(struct partition_t *p_ptn,
psa_signal_t signal);
+#endif /* CONFIG_TFM_SPM_BACKEND_IPC */
#if CONFIG_TFM_DOORBELL_API == 1
/**
@@ -257,7 +258,7 @@
/**
* \brief Fill the user message in handle.
*
- * \param[in] hdl The 'handle' contains the user message.
+ * \param[in] conn_handle The 'conn_handle' contains the user message.
* \param[in] service Target service context pointer, which can be
* obtained by partition management functions
* \prarm[in] handle Connect handle return by psa_connect().
@@ -270,7 +271,7 @@
* \param[in] out_len Number of output \ref psa_outvec structures
* \param[in] caller_outvec Array of caller output \ref psa_outvec structures
*/
-void spm_fill_message(struct conn_handle_t *hdl,
+void spm_fill_message(struct conn_handle_t *conn_handle,
struct service_t *service,
psa_handle_t handle,
int32_t type, int32_t client_id,
@@ -385,7 +386,7 @@
*/
void tfm_core_handler_mode(void);
-void update_caller_outvec_len(struct conn_handle_t *msg);
+void update_caller_outvec_len(struct conn_handle_t *handle);
/*
* Set partition signal.
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.c b/secure_fw/spm/cmsis_psa/tfm_rpc.c
index 86a1b5a..bfba0c8 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.c
@@ -115,13 +115,12 @@
void tfm_rpc_client_call_reply(const void *owner, int32_t ret)
{
- const struct conn_handle_t *hdl =
- (const struct conn_handle_t *)owner;
+ const struct conn_handle_t *handle = (const struct conn_handle_t *)owner;
- rpc_ops.reply(hdl->caller_data, ret);
+ rpc_ops.reply(handle->caller_data, ret);
}
-void tfm_rpc_set_caller_data(struct conn_handle_t *hdl, int32_t client_id)
+void tfm_rpc_set_caller_data(struct conn_handle_t *handle, int32_t client_id)
{
- hdl->caller_data = rpc_ops.get_caller_data(client_id);
+ handle->caller_data = rpc_ops.get_caller_data(client_id);
}
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.h b/secure_fw/spm/cmsis_psa/tfm_rpc.h
index 5023c40..d438025 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.h
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -162,13 +162,13 @@
/*
* Check if the message was allocated for a non-secure request via RPC
*
- * \param[in] msg The message body context pointer
- * \ref msg_body_t structures
+ * \param[in] handle The connection handle context pointer
+ * \ref conn_handle_t structures
*
* \retval true The message was allocated for a NS request via RPC.
* \retval false Otherwise.
*/
-__STATIC_INLINE bool is_tfm_rpc_msg(const struct conn_handle_t *msg)
+__STATIC_INLINE bool is_tfm_rpc_msg(const struct conn_handle_t *handle)
{
/*
* FIXME
@@ -180,7 +180,7 @@
* This condition check should be improved after TF-M non-secure client ID
* management is implemented.
*/
- if (msg && (msg->msg.client_id <= 0) && !msg->ack_evnt.owner) {
+ if (handle && (handle->msg.client_id <= 0) && !handle->ack_evnt.owner) {
return true;
}
@@ -188,13 +188,13 @@
}
/*
- * \brief Set the private data of the NS caller in \ref msg_body_t, to identify
- * the caller after PSA client call is compeleted.
+ * \brief Set the private data of the NS caller in \ref conn_handle_t, to
+ * identify the caller after PSA client call is compeleted.
*
- * \param[in] msg The address of \ref msg_body_t structure
+ * \param[in] handle The address of \ref conn_handle_t structure
* \param[in] client_id The client ID of the NS caller.
*/
-void tfm_rpc_set_caller_data(struct conn_handle_t *msg, int32_t client_id);
+void tfm_rpc_set_caller_data(struct conn_handle_t *handle, int32_t client_id);
#else /* TFM_MULTI_CORE_TOPOLOGY */
diff --git a/secure_fw/spm/ffm/backend_ipc.c b/secure_fw/spm/ffm/backend_ipc.c
index 9507b03..f43cfbc 100644
--- a/secure_fw/spm/ffm/backend_ipc.c
+++ b/secure_fw/spm/ffm/backend_ipc.c
@@ -46,13 +46,13 @@
* current thread and trigger scheduler.
*/
static psa_status_t ipc_messaging(struct service_t *service,
- struct conn_handle_t *hdl)
+ struct conn_handle_t *handle)
{
struct partition_t *p_owner = NULL;
psa_signal_t signal = 0;
struct critical_section_t cs_assert = CRITICAL_SECTION_STATIC_INIT;
- if (!hdl || !service || !service->p_ldinf || !service->partition) {
+ if (!handle || !service || !service->p_ldinf || !service->partition) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
@@ -61,7 +61,7 @@
CRITICAL_SECTION_ENTER(cs_assert);
- UNI_LIST_INSERT_AFTER(p_owner, hdl, p_handles);
+ UNI_LIST_INSERT_AFTER(p_owner, handle, p_handles);
/* Messages put. Update signals */
p_owner->signals_asserted |= signal;
@@ -78,19 +78,19 @@
* thread.
*/
- if (!is_tfm_rpc_msg(hdl)) {
- thrd_wait_on(&hdl->ack_evnt, CURRENT_THREAD);
+ if (!is_tfm_rpc_msg(handle)) {
+ thrd_wait_on(&handle->ack_evnt, CURRENT_THREAD);
}
return PSA_SUCCESS;
}
-static psa_status_t ipc_replying(struct conn_handle_t *hdl, int32_t status)
+static psa_status_t ipc_replying(struct conn_handle_t *handle, int32_t status)
{
- if (is_tfm_rpc_msg(hdl)) {
- tfm_rpc_client_call_reply(hdl, status);
+ if (is_tfm_rpc_msg(handle)) {
+ tfm_rpc_client_call_reply(handle, status);
} else {
- thrd_wake_up(&hdl->ack_evnt, status);
+ thrd_wake_up(&handle->ack_evnt, status);
}
/*
diff --git a/secure_fw/spm/ffm/backend_sfn.c b/secure_fw/spm/ffm/backend_sfn.c
index d52d0f5..f7995eb 100644
--- a/secure_fw/spm/ffm/backend_sfn.c
+++ b/secure_fw/spm/ffm/backend_sfn.c
@@ -32,18 +32,18 @@
* current component state and activate the next component.
*/
static psa_status_t sfn_messaging(struct service_t *service,
- struct conn_handle_t *hdl)
+ struct conn_handle_t *handle)
{
struct partition_t *p_target;
psa_status_t status;
- if (!hdl || !service || !service->p_ldinf || !service->partition) {
+ if (!handle || !service || !service->p_ldinf || !service->partition) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
- hdl->sfn_magic = TFM_MSG_MAGIC_SFN;
+ handle->sfn_magic = TFM_MSG_MAGIC_SFN;
p_target = service->partition;
- p_target->p_handles = hdl;
+ p_target->p_handles = handle;
SET_CURRENT_COMPONENT(p_target);
@@ -58,14 +58,14 @@
p_target->state = SFN_PARTITION_STATE_INITED;
}
- status = ((service_fn_t)service->p_ldinf->sfn)(&hdl->msg);
+ status = ((service_fn_t)service->p_ldinf->sfn)(&handle->msg);
return status;
}
-static psa_status_t sfn_replying(struct conn_handle_t *hdl, int32_t status)
+static psa_status_t sfn_replying(struct conn_handle_t *handle, int32_t status)
{
- SET_CURRENT_COMPONENT(hdl->p_client);
+ SET_CURRENT_COMPONENT(handle->p_client);
/*
* Returning a value here is necessary, because 'psa_reply' is absent
diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c
index 810f9bd..32ece55 100644
--- a/secure_fw/spm/ffm/psa_api.c
+++ b/secure_fw/spm/ffm/psa_api.c
@@ -67,23 +67,23 @@
#define IOVEC_UNMAPPED_BIT (1U << 1)
#define IOVEC_ACCESSED_BIT (1U << 2)
-#define IOVEC_IS_MAPPED(msg, iovec_idx) \
- ((((msg)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
+#define IOVEC_IS_MAPPED(handle, iovec_idx) \
+ ((((handle)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
IOVEC_MAPPED_BIT)
-#define IOVEC_IS_UNMAPPED(msg, iovec_idx) \
- ((((msg)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
+#define IOVEC_IS_UNMAPPED(handle, iovec_idx) \
+ ((((handle)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
IOVEC_UNMAPPED_BIT)
-#define IOVEC_IS_ACCESSED(msg, iovec_idx) \
- ((((msg)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
+#define IOVEC_IS_ACCESSED(handle, iovec_idx) \
+ ((((handle)->iovec_status) >> ((iovec_idx) * IOVEC_STATUS_BITS)) & \
IOVEC_ACCESSED_BIT)
-#define SET_IOVEC_MAPPED(msg, iovec_idx) \
- (((msg)->iovec_status) |= (IOVEC_MAPPED_BIT << \
+#define SET_IOVEC_MAPPED(handle, iovec_idx) \
+ (((handle)->iovec_status) |= (IOVEC_MAPPED_BIT << \
((iovec_idx) * IOVEC_STATUS_BITS)))
-#define SET_IOVEC_UNMAPPED(msg, iovec_idx) \
- (((msg)->iovec_status) |= (IOVEC_UNMAPPED_BIT << \
+#define SET_IOVEC_UNMAPPED(handle, iovec_idx) \
+ (((handle)->iovec_status) |= (IOVEC_UNMAPPED_BIT << \
((iovec_idx) * IOVEC_STATUS_BITS)))
-#define SET_IOVEC_ACCESSED(msg, iovec_idx) \
- (((msg)->iovec_status) |= (IOVEC_ACCESSED_BIT << \
+#define SET_IOVEC_ACCESSED(handle, iovec_idx) \
+ (((handle)->iovec_status) |= (IOVEC_ACCESSED_BIT << \
((iovec_idx) * IOVEC_STATUS_BITS)))
#endif /* PSA_FRAMEWORK_HAS_MM_IOVEC */
@@ -329,7 +329,7 @@
psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version)
{
struct service_t *service;
- struct conn_handle_t *connect_handle;
+ struct conn_handle_t *conn_handle;
int32_t client_id;
psa_handle_t handle;
bool ns_caller = tfm_spm_is_ns_caller();
@@ -372,18 +372,18 @@
* code to client when creation fails.
*/
CRITICAL_SECTION_ENTER(cs_assert);
- connect_handle = tfm_spm_create_conn_handle(service, client_id);
+ conn_handle = tfm_spm_create_conn_handle(service, client_id);
CRITICAL_SECTION_LEAVE(cs_assert);
- if (!connect_handle) {
+ if (!conn_handle) {
return PSA_ERROR_CONNECTION_BUSY;
}
- handle = tfm_spm_to_user_handle(connect_handle);
+ handle = tfm_spm_to_user_handle(conn_handle);
/* No input or output needed for connect message */
- spm_fill_message(connect_handle, service, handle, PSA_IPC_CONNECT,
+ spm_fill_message(conn_handle, service, handle, PSA_IPC_CONNECT,
client_id, NULL, 0, NULL, 0, NULL);
- return backend_instance.messaging(service, connect_handle);
+ return backend_instance.messaging(service, conn_handle);
}
psa_status_t tfm_spm_client_psa_close(psa_handle_t handle)
@@ -478,7 +478,7 @@
psa_status_t tfm_spm_partition_psa_get(psa_signal_t signal, psa_msg_t *msg)
{
- struct conn_handle_t *tmp_msg = NULL;
+ struct conn_handle_t *handle = NULL;
struct partition_t *partition = NULL;
uint32_t privileged;
@@ -523,14 +523,14 @@
* Get message by signal from partition. It is a fatal error if getting
* failed, which means the input signal is not correspond to an RoT service.
*/
- tmp_msg = spm_get_handle_by_signal(partition, signal);
- if (!tmp_msg) {
+ handle = spm_get_handle_by_signal(partition, signal);
+ if (!handle) {
return PSA_ERROR_DOES_NOT_EXIST;
}
- tmp_msg->status = TFM_HANDLE_STATUS_ACTIVE;
+ handle->status = TFM_HANDLE_STATUS_ACTIVE;
- spm_memcpy(msg, &tmp_msg->msg, sizeof(psa_msg_t));
+ spm_memcpy(msg, &handle->msg, sizeof(psa_msg_t));
return PSA_SUCCESS;
}
@@ -540,22 +540,23 @@
void *buffer, size_t num_bytes)
{
size_t bytes;
- struct conn_handle_t *msg = NULL;
+ struct conn_handle_t *handle = NULL;
uint32_t priv_mode;
/* It is a fatal error if message handle is invalid */
- msg = spm_get_handle_by_user_handle(msg_handle);
- if (!msg) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
- priv_mode = GET_PARTITION_PRIVILEGED_MODE(msg->service->partition->p_ldinf);
+ priv_mode = GET_PARTITION_PRIVILEGED_MODE(
+ handle->service->partition->p_ldinf);
/*
* It is a fatal error if message handle does not refer to a request
* message
*/
- if (msg->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -568,7 +569,7 @@
}
/* There was no remaining data in this input vector */
- if (msg->msg.in_size[invec_idx] == 0) {
+ if (handle->msg.in_size[invec_idx] == 0) {
return 0;
}
@@ -577,11 +578,11 @@
* It is a fatal error if the input vector has already been mapped using
* psa_map_invec().
*/
- if (IOVEC_IS_MAPPED(msg, (invec_idx + INVEC_IDX_BASE))) {
+ if (IOVEC_IS_MAPPED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
- SET_IOVEC_ACCESSED(msg, (invec_idx + INVEC_IDX_BASE));
+ SET_IOVEC_ACCESSED(handle, (invec_idx + INVEC_IDX_BASE));
#endif
/*
@@ -593,14 +594,15 @@
tfm_core_panic();
}
- bytes = num_bytes > msg->msg.in_size[invec_idx] ?
- msg->msg.in_size[invec_idx] : num_bytes;
+ bytes = num_bytes > handle->msg.in_size[invec_idx] ?
+ handle->msg.in_size[invec_idx] : num_bytes;
- spm_memcpy(buffer, msg->invec[invec_idx].base, bytes);
+ spm_memcpy(buffer, handle->invec[invec_idx].base, bytes);
/* There maybe some remaining data */
- msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base + bytes;
- msg->msg.in_size[invec_idx] -= bytes;
+ handle->invec[invec_idx].base =
+ (char *)handle->invec[invec_idx].base + bytes;
+ handle->msg.in_size[invec_idx] -= bytes;
return bytes;
}
@@ -608,11 +610,11 @@
size_t tfm_spm_partition_psa_skip(psa_handle_t msg_handle, uint32_t invec_idx,
size_t num_bytes)
{
- struct conn_handle_t *msg = NULL;
+ struct conn_handle_t *handle = NULL;
/* It is a fatal error if message handle is invalid */
- msg = spm_get_handle_by_user_handle(msg_handle);
- if (!msg) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
@@ -620,7 +622,7 @@
* It is a fatal error if message handle does not refer to a request
* message
*/
- if (msg->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -633,7 +635,7 @@
}
/* There was no remaining data in this input vector */
- if (msg->msg.in_size[invec_idx] == 0) {
+ if (handle->msg.in_size[invec_idx] == 0) {
return 0;
}
@@ -642,25 +644,25 @@
* It is a fatal error if the input vector has already been mapped using
* psa_map_invec().
*/
- if (IOVEC_IS_MAPPED(msg, (invec_idx + INVEC_IDX_BASE))) {
+ if (IOVEC_IS_MAPPED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
- SET_IOVEC_ACCESSED(msg, (invec_idx + INVEC_IDX_BASE));
+ SET_IOVEC_ACCESSED(handle, (invec_idx + INVEC_IDX_BASE));
#endif
/*
* If num_bytes is greater than the remaining size of the input vector then
* the remaining size of the input vector is used.
*/
- if (num_bytes > msg->msg.in_size[invec_idx]) {
- num_bytes = msg->msg.in_size[invec_idx];
+ if (num_bytes > handle->msg.in_size[invec_idx]) {
+ num_bytes = handle->msg.in_size[invec_idx];
}
/* There maybe some remaining data */
- msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base +
- num_bytes;
- msg->msg.in_size[invec_idx] -= num_bytes;
+ handle->invec[invec_idx].base =
+ (char *)handle->invec[invec_idx].base + num_bytes;
+ handle->msg.in_size[invec_idx] -= num_bytes;
return num_bytes;
}
@@ -668,22 +670,23 @@
void tfm_spm_partition_psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
const void *buffer, size_t num_bytes)
{
- struct conn_handle_t *msg = NULL;
+ struct conn_handle_t *handle = NULL;
uint32_t priv_mode;
/* It is a fatal error if message handle is invalid */
- msg = spm_get_handle_by_user_handle(msg_handle);
- if (!msg) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
- priv_mode = GET_PARTITION_PRIVILEGED_MODE(msg->service->partition->p_ldinf);
+ priv_mode = GET_PARTITION_PRIVILEGED_MODE(
+ handle->service->partition->p_ldinf);
/*
* It is a fatal error if message handle does not refer to a request
* message
*/
- if (msg->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -699,8 +702,8 @@
* It is a fatal error if the call attempts to write data past the end of
* the client output vector
*/
- if (num_bytes > msg->msg.out_size[outvec_idx] -
- msg->outvec[outvec_idx].len) {
+ if (num_bytes > handle->msg.out_size[outvec_idx] -
+ handle->outvec[outvec_idx].len) {
tfm_core_panic();
}
@@ -709,11 +712,11 @@
* It is a fatal error if the output vector has already been mapped using
* psa_map_outvec().
*/
- if (IOVEC_IS_MAPPED(msg, (outvec_idx + OUTVEC_IDX_BASE))) {
+ if (IOVEC_IS_MAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE))) {
tfm_core_panic();
}
- SET_IOVEC_ACCESSED(msg, (outvec_idx + OUTVEC_IDX_BASE));
+ SET_IOVEC_ACCESSED(handle, (outvec_idx + OUTVEC_IDX_BASE));
#endif
/*
@@ -725,24 +728,24 @@
tfm_core_panic();
}
- spm_memcpy((char *)msg->outvec[outvec_idx].base +
- msg->outvec[outvec_idx].len, buffer, num_bytes);
+ spm_memcpy((char *)handle->outvec[outvec_idx].base +
+ handle->outvec[outvec_idx].len, buffer, num_bytes);
/* Update the write number */
- msg->outvec[outvec_idx].len += num_bytes;
+ handle->outvec[outvec_idx].len += num_bytes;
}
psa_status_t tfm_spm_partition_psa_reply(psa_handle_t msg_handle,
psa_status_t status)
{
struct service_t *service;
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
psa_status_t ret = PSA_SUCCESS;
struct critical_section_t cs_assert = CRITICAL_SECTION_STATIC_INIT;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
@@ -751,12 +754,12 @@
* body structure. Only two parameters are passed in this function: handle
* and status, so it is useful and simply to do like this.
*/
- service = hdl->service;
+ service = handle->service;
if (!service) {
tfm_core_panic();
}
- switch (hdl->msg.type) {
+ switch (handle->msg.type) {
case PSA_IPC_CONNECT:
/*
* Reply to PSA_IPC_CONNECT message. Connect handle is returned if the
@@ -767,7 +770,7 @@
ret = msg_handle;
} else if (status == PSA_ERROR_CONNECTION_REFUSED) {
/* Refuse the client connection, indicating a permanent error. */
- tfm_spm_free_conn_handle(service, hdl);
+ tfm_spm_free_conn_handle(service, handle);
ret = PSA_ERROR_CONNECTION_REFUSED;
} else if (status == PSA_ERROR_CONNECTION_BUSY) {
/* Fail the client connection, indicating a transient error. */
@@ -778,7 +781,7 @@
break;
case PSA_IPC_DISCONNECT:
/* Service handle is not used anymore */
- tfm_spm_free_conn_handle(service, hdl);
+ tfm_spm_free_conn_handle(service, handle);
/*
* If the message type is PSA_IPC_DISCONNECT, then the status code is
@@ -786,7 +789,7 @@
*/
break;
default:
- if (hdl->msg.type >= PSA_IPC_CALL) {
+ if (handle->msg.type >= PSA_IPC_CALL) {
#if PSA_FRAMEWORK_HAS_MM_IOVEC
@@ -797,14 +800,15 @@
int i;
for (i = 0; i < PSA_MAX_IOVEC * 2; i++) {
- if (IOVEC_IS_MAPPED(hdl, i) && (!IOVEC_IS_UNMAPPED(hdl, i))) {
- SET_IOVEC_UNMAPPED(hdl, i);
+ if (IOVEC_IS_MAPPED(handle, i) &&
+ (!IOVEC_IS_UNMAPPED(handle, i))) {
+ SET_IOVEC_UNMAPPED(handle, i);
/*
* Any output vectors that are still mapped will report that
* zero bytes have been written.
*/
if (i >= OUTVEC_IDX_BASE) {
- hdl->outvec[i - OUTVEC_IDX_BASE].len = 0;
+ handle->outvec[i - OUTVEC_IDX_BASE].len = 0;
}
}
}
@@ -818,9 +822,9 @@
* psa_outvec structure for the parameter before returning from
* psa_call().
*/
- update_caller_outvec_len(hdl);
+ update_caller_outvec_len(handle);
if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) {
- tfm_spm_free_conn_handle(service, hdl);
+ tfm_spm_free_conn_handle(service, handle);
}
} else {
tfm_core_panic();
@@ -832,13 +836,13 @@
* If the source of the programmer error is a Secure Partition, the SPM
* must panic the Secure Partition in response to a PROGRAMMER ERROR.
*/
- if (TFM_CLIENT_ID_IS_NS(hdl->msg.client_id)) {
- hdl->status = TFM_HANDLE_STATUS_CONNECT_ERROR;
+ if (TFM_CLIENT_ID_IS_NS(handle->msg.client_id)) {
+ handle->status = TFM_HANDLE_STATUS_CONNECT_ERROR;
} else {
tfm_core_panic();
}
} else {
- hdl->status = TFM_HANDLE_STATUS_IDLE;
+ handle->status = TFM_HANDLE_STATUS_IDLE;
}
/*
@@ -847,7 +851,7 @@
* involved.
*/
CRITICAL_SECTION_ENTER(cs_assert);
- ret = backend_instance.replying(hdl, ret);
+ ret = backend_instance.replying(handle, ret);
CRITICAL_SECTION_LEAVE(cs_assert);
return ret;
@@ -896,21 +900,21 @@
void tfm_spm_partition_psa_set_rhandle(psa_handle_t msg_handle, void *rhandle)
{
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
/* It is a PROGRAMMER ERROR if a stateless service sets rhandle. */
- if (SERVICE_IS_STATELESS(hdl->service->p_ldinf->flags)) {
+ if (SERVICE_IS_STATELESS(handle->service->p_ldinf->flags)) {
tfm_core_panic();
}
- hdl->msg.rhandle = rhandle;
- hdl->rhandle = rhandle;
+ handle->msg.rhandle = rhandle;
+ handle->rhandle = rhandle;
}
#endif /* CONFIG_TFM_CONNECTION_BASED_SERVICE_API */
@@ -1020,24 +1024,24 @@
const void *tfm_spm_partition_psa_map_invec(psa_handle_t msg_handle,
uint32_t invec_idx)
{
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
uint32_t privileged;
struct partition_t *partition = NULL;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
- partition = hdl->service->partition;
+ partition = handle->service->partition;
privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
/*
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
* Service that received the message.
*/
- if (!SERVICE_ENABLED_MM_IOVEC(hdl->service->p_ldinf->flags)) {
+ if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) {
tfm_core_panic();
}
@@ -1045,7 +1049,7 @@
* It is a fatal error if message handle does not refer to a request
* message.
*/
- if (hdl->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -1058,7 +1062,7 @@
}
/* It is a fatal error if the input vector has length zero. */
- if (hdl->msg.in_size[invec_idx] == 0) {
+ if (handle->msg.in_size[invec_idx] == 0) {
tfm_core_panic();
}
@@ -1066,7 +1070,7 @@
* It is a fatal error if the input vector has already been mapped using
* psa_map_invec().
*/
- if (IOVEC_IS_MAPPED(hdl, (invec_idx + INVEC_IDX_BASE))) {
+ if (IOVEC_IS_MAPPED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
@@ -1074,7 +1078,7 @@
* It is a fatal error if the input vector has already been accessed
* using psa_read() or psa_skip().
*/
- if (IOVEC_IS_ACCESSED(hdl, (invec_idx + INVEC_IDX_BASE))) {
+ if (IOVEC_IS_ACCESSED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
@@ -1082,24 +1086,26 @@
* It is a fatal error if the memory reference for the wrap input vector is
* invalid or not readable.
*/
- if (tfm_memory_check(hdl->invec[invec_idx].base, hdl->invec[invec_idx].len,
- false, TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
+ if (tfm_memory_check(handle->invec[invec_idx].base,
+ handle->invec[invec_idx].len,
+ false, TFM_MEMORY_ACCESS_RO,
+ privileged) != SPM_SUCCESS) {
tfm_core_panic();
}
- SET_IOVEC_MAPPED(hdl, (invec_idx + INVEC_IDX_BASE));
+ SET_IOVEC_MAPPED(handle, (invec_idx + INVEC_IDX_BASE));
- return hdl->invec[invec_idx].base;
+ return handle->invec[invec_idx].base;
}
void tfm_spm_partition_psa_unmap_invec(psa_handle_t msg_handle,
uint32_t invec_idx)
{
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
@@ -1107,7 +1113,7 @@
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
* Service that received the message.
*/
- if (!SERVICE_ENABLED_MM_IOVEC(hdl->service->p_ldinf->flags)) {
+ if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) {
tfm_core_panic();
}
@@ -1115,7 +1121,7 @@
* It is a fatal error if message handle does not refer to a request
* message.
*/
- if (hdl->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -1131,7 +1137,7 @@
* It is a fatal error if The input vector has not been mapped by a call to
* psa_map_invec().
*/
- if (!IOVEC_IS_MAPPED(hdl, (invec_idx + INVEC_IDX_BASE))) {
+ if (!IOVEC_IS_MAPPED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
@@ -1139,34 +1145,34 @@
* It is a fatal error if the input vector has already been unmapped by a
* call to psa_unmap_invec().
*/
- if (IOVEC_IS_UNMAPPED(hdl, (invec_idx + INVEC_IDX_BASE))) {
+ if (IOVEC_IS_UNMAPPED(handle, (invec_idx + INVEC_IDX_BASE))) {
tfm_core_panic();
}
- SET_IOVEC_UNMAPPED(hdl, (invec_idx + INVEC_IDX_BASE));
+ SET_IOVEC_UNMAPPED(handle, (invec_idx + INVEC_IDX_BASE));
}
void *tfm_spm_partition_psa_map_outvec(psa_handle_t msg_handle,
uint32_t outvec_idx)
{
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
uint32_t privileged;
struct partition_t *partition = NULL;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
- partition = hdl->service->partition;
+ partition = handle->service->partition;
privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
/*
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
* Service that received the message.
*/
- if (!SERVICE_ENABLED_MM_IOVEC(hdl->service->p_ldinf->flags)) {
+ if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) {
tfm_core_panic();
}
@@ -1174,7 +1180,7 @@
* It is a fatal error if message handle does not refer to a request
* message.
*/
- if (hdl->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -1187,7 +1193,7 @@
}
/* It is a fatal error if the output vector has length zero. */
- if (hdl->msg.out_size[outvec_idx] == 0) {
+ if (handle->msg.out_size[outvec_idx] == 0) {
tfm_core_panic();
}
@@ -1195,7 +1201,7 @@
* It is a fatal error if the output vector has already been mapped using
* psa_map_outvec().
*/
- if (IOVEC_IS_MAPPED(hdl, (outvec_idx + OUTVEC_IDX_BASE))) {
+ if (IOVEC_IS_MAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE))) {
tfm_core_panic();
}
@@ -1203,31 +1209,31 @@
* It is a fatal error if the output vector has already been accessed
* using psa_write().
*/
- if (IOVEC_IS_ACCESSED(hdl, (outvec_idx + OUTVEC_IDX_BASE))) {
+ if (IOVEC_IS_ACCESSED(handle, (outvec_idx + OUTVEC_IDX_BASE))) {
tfm_core_panic();
}
/*
* It is a fatal error if the output vector is invalid or not read-write.
*/
- if (tfm_memory_check(hdl->outvec[outvec_idx].base,
- hdl->outvec[outvec_idx].len, false,
+ if (tfm_memory_check(handle->outvec[outvec_idx].base,
+ handle->outvec[outvec_idx].len, false,
TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
tfm_core_panic();
}
- SET_IOVEC_MAPPED(hdl, (outvec_idx + OUTVEC_IDX_BASE));
+ SET_IOVEC_MAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE));
- return hdl->outvec[outvec_idx].base;
+ return handle->outvec[outvec_idx].base;
}
void tfm_spm_partition_psa_unmap_outvec(psa_handle_t msg_handle,
uint32_t outvec_idx, size_t len)
{
- struct conn_handle_t *hdl;
+ struct conn_handle_t *handle;
/* It is a fatal error if message handle is invalid */
- hdl = spm_get_handle_by_user_handle(msg_handle);
- if (!hdl) {
+ handle = spm_get_handle_by_user_handle(msg_handle);
+ if (!handle) {
tfm_core_panic();
}
@@ -1235,7 +1241,7 @@
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
* Service that received the message.
*/
- if (!SERVICE_ENABLED_MM_IOVEC(hdl->service->p_ldinf->flags)) {
+ if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) {
tfm_core_panic();
}
@@ -1243,7 +1249,7 @@
* It is a fatal error if message handle does not refer to a request
* message.
*/
- if (hdl->msg.type < PSA_IPC_CALL) {
+ if (handle->msg.type < PSA_IPC_CALL) {
tfm_core_panic();
}
@@ -1258,7 +1264,7 @@
/*
* It is a fatal error if len is greater than the output vector size.
*/
- if (len > hdl->msg.out_size[outvec_idx]) {
+ if (len > handle->msg.out_size[outvec_idx]) {
tfm_core_panic();
}
@@ -1266,7 +1272,7 @@
* It is a fatal error if The output vector has not been mapped by a call to
* psa_map_outvec().
*/
- if (!IOVEC_IS_MAPPED(hdl, (outvec_idx + OUTVEC_IDX_BASE))) {
+ if (!IOVEC_IS_MAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE))) {
tfm_core_panic();
}
@@ -1274,14 +1280,14 @@
* It is a fatal error if the output vector has already been unmapped by a
* call to psa_unmap_outvec().
*/
- if (IOVEC_IS_UNMAPPED(hdl, (outvec_idx + OUTVEC_IDX_BASE))) {
+ if (IOVEC_IS_UNMAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE))) {
tfm_core_panic();
}
- SET_IOVEC_UNMAPPED(hdl, (outvec_idx + OUTVEC_IDX_BASE));
+ SET_IOVEC_UNMAPPED(handle, (outvec_idx + OUTVEC_IDX_BASE));
/* Update the write number */
- hdl->outvec[outvec_idx].len = len;
+ handle->outvec[outvec_idx].len = len;
}
#endif /* PSA_FRAMEWORK_HAS_MM_IOVEC */
diff --git a/secure_fw/spm/include/ffm/backend.h b/secure_fw/spm/include/ffm/backend.h
index 7c3bce2..d5e470c 100644
--- a/secure_fw/spm/include/ffm/backend.h
+++ b/secure_fw/spm/include/ffm/backend.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,13 +33,13 @@
/* Runtime model-specific message handling mechanism. */
psa_status_t (*messaging)(struct service_t *p_serv,
- struct conn_handle_t *hdl);
+ struct conn_handle_t *handle);
/*
* Runtime model-specific message replying.
* Return the connection handle or the acked status code.
*/
- psa_status_t (*replying)(struct conn_handle_t *hdl, int32_t status);
+ psa_status_t (*replying)(struct conn_handle_t *handle, int32_t status);
};
/* RUNTIME MODEL BACKENDS DECLARATION */