SPM: Implementation error codes update
Even SPM care only about the error code returned from implementation
functions is successful or not, the returned error code still can be
logged somewhere for debug/logging purpose. 'bool' is not a good
candidate for the return type, in case the implementation has rich
internal error codes.
Create an implementation error code base, and implementation could
expand its own error codes base on this base.
Change-Id: I33ede91801d29ae0fd66296ca7e7fd0fa59364cc
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
diff --git a/secure_fw/spm/cmsis_psa/internal_errors.h b/secure_fw/spm/cmsis_psa/internal_errors.h
new file mode 100644
index 0000000..dfd0232
--- /dev/null
+++ b/secure_fw/spm/cmsis_psa/internal_errors.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __INTERNAL_ERRORS_H__
+#define __INTERNAL_ERRORS_H__
+
+#include <stdint.h>
+#include "ffm/spm_error_base.h"
+
+/* Code for 'no error'. */
+#ifndef SPM_SUCCESS
+#define SPM_SUCCESS 0
+#endif
+
+/* Implementation internal error codes */
+#define SPM_ERROR_BAD_PARAMETERS ((int32_t)(SPM_ERROR_BASE) + 1)
+#define SPM_ERROR_SHORT_BUFFER ((int32_t)(SPM_ERROR_BASE) + 2)
+#define SPM_ERROR_VERSION ((int32_t)(SPM_ERROR_BASE) + 3)
+#define SPM_ERROR_MEMORY_CHECK ((int32_t)(SPM_ERROR_BASE) + 4)
+#define SPM_ERROR_GENERIC ((int32_t)(SPM_ERROR_BASE) + 5)
+
+#endif /* __INTERNAL_ERRORS_H__ */
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index b64cd1d..dd4477b 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -11,7 +11,7 @@
#include "psa/service.h"
#include "tfm_thread.h"
#include "tfm_wait.h"
-#include "tfm_internal_defines.h"
+#include "internal_errors.h"
#include "tfm_spm_hal.h"
#include "tfm_irq_list.h"
#include "tfm_api.h"
@@ -164,15 +164,15 @@
/* Check the handle address is validated */
if (is_valid_chunk_data_in_pool(conn_handle_pool,
(uint8_t *)conn_handle) != true) {
- return IPC_ERROR_GENERIC;
+ return SPM_ERROR_GENERIC;
}
/* Check the handle caller is correct */
if (conn_handle->client_id != client_id) {
- return IPC_ERROR_GENERIC;
+ return SPM_ERROR_GENERIC;
}
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
int32_t tfm_spm_free_conn_handle(struct tfm_spm_service_t *service,
@@ -189,7 +189,7 @@
/* Back handle buffer to pool */
tfm_pool_free(conn_handle);
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
int32_t tfm_spm_set_rhandle(struct tfm_spm_service_t *service,
@@ -201,7 +201,7 @@
TFM_CORE_ASSERT(conn_handle != NULL);
conn_handle->rhandle = rhandle;
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
/**
@@ -396,18 +396,18 @@
switch (service->service_db->version_policy) {
case TFM_VERSION_POLICY_RELAXED:
if (version > service->service_db->version) {
- return IPC_ERROR_VERSION;
+ return SPM_ERROR_VERSION;
}
break;
case TFM_VERSION_POLICY_STRICT:
if (version != service->service_db->version) {
- return IPC_ERROR_VERSION;
+ return SPM_ERROR_VERSION;
}
break;
default:
- return IPC_ERROR_VERSION;
+ return SPM_ERROR_VERSION;
}
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
int32_t tfm_spm_check_authorization(uint32_t sid,
@@ -421,7 +421,7 @@
if (ns_caller) {
if (!service->service_db->non_secure_client) {
- return IPC_ERROR_GENERIC;
+ return SPM_ERROR_GENERIC;
}
} else {
partition = tfm_spm_get_running_partition();
@@ -436,10 +436,10 @@
}
if (i == partition->p_static->ndeps) {
- return IPC_ERROR_GENERIC;
+ return SPM_ERROR_GENERIC;
}
}
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
/* Message functions */
@@ -575,7 +575,7 @@
tfm_event_wait(&msg->ack_evnt);
}
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
uint32_t tfm_spm_partition_get_running_partition_id(void)
@@ -599,15 +599,15 @@
/* If len is zero, this indicates an empty buffer and base is ignored */
if (len == 0) {
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
if (!buffer) {
- return IPC_ERROR_BAD_PARAMETERS;
+ return SPM_ERROR_BAD_PARAMETERS;
}
if ((uintptr_t)buffer > (UINTPTR_MAX - len)) {
- return IPC_ERROR_MEMORY_CHECK;
+ return SPM_ERROR_MEMORY_CHECK;
}
if (access == TFM_MEMORY_ACCESS_RW) {
@@ -629,10 +629,10 @@
err = tfm_hal_memory_has_access((uintptr_t)buffer, len, attr);
if (err == TFM_HAL_SUCCESS) {
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
- return IPC_ERROR_MEMORY_CHECK;
+ return SPM_ERROR_MEMORY_CHECK;
}
uint32_t tfm_spm_init(void)
@@ -888,7 +888,7 @@
}
}
- return -1;
+ return SPM_ERROR_GENERIC;
}
void tfm_spm_enable_irq(uint32_t *args)
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index 786ae65..d8ffe48 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -221,8 +221,8 @@
* \param[in] conn_handle Handle to be validated
* \param[in] client_id Partition ID of the sender of the message
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_GENERIC Invalid handle
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_GENERIC Invalid handle
*/
int32_t tfm_spm_validate_conn_handle(
const struct tfm_conn_handle_t *conn_handle,
@@ -235,8 +235,8 @@
* \param[in] conn_handle Connection handle created by
* tfm_spm_create_conn_handle()
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_BAD_PARAMETERS Bad parameters input
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_BAD_PARAMETERS Bad parameters input
* \retval "Does not return" Panic for not find service by handle
*/
int32_t tfm_spm_free_conn_handle(struct tfm_spm_service_t *service,
@@ -337,9 +337,9 @@
* \param[in] msg message created by tfm_spm_create_msg()
* \ref tfm_msg_body_t structures
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_BAD_PARAMETERS Bad parameters input
- * \retval IPC_ERROR_GENERIC Failed to enqueue message to service message queue
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_BAD_PARAMETERS Bad parameters input
+ * \retval SPM_ERROR_GENERIC Failed to enqueue message to service message queue
*/
int32_t tfm_spm_send_event(struct tfm_spm_service_t *service,
struct tfm_msg_body_t *msg);
@@ -352,9 +352,9 @@
* by partition management functions
* \param[in] version Client support version
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_BAD_PARAMETERS Bad parameters input
- * \retval IPC_ERROR_VERSION Check failed
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_BAD_PARAMETERS Bad parameters input
+ * \retval SPM_ERROR_VERSION Check failed
*/
int32_t tfm_spm_check_client_version(struct tfm_spm_service_t *service,
uint32_t version);
@@ -367,8 +367,8 @@
* by partition management functions
* \param[in] ns_caller Whether from NS caller
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_GENERIC Authorization check failed
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_GENERIC Authorization check failed
*/
int32_t tfm_spm_check_authorization(uint32_t sid,
struct tfm_spm_service_t *service,
@@ -386,9 +386,9 @@
* \ref TFM_PARTITION_UNPRIVILEGED_MODE
* \ref TFM_PARTITION_PRIVILEGED_MODE
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_BAD_PARAMETERS Bad parameters input
- * \retval IPC_ERROR_MEMORY_CHECK Check failed
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_BAD_PARAMETERS Bad parameters input
+ * \retval SPM_ERROR_MEMORY_CHECK Check failed
*/
int32_t tfm_memory_check(const void *buffer, size_t len, bool ns_caller,
enum tfm_memory_access_e access,
@@ -479,8 +479,8 @@
* tfm_spm_create_conn_handle()
* \param[in] rhandle rhandle need to save
*
- * \retval IPC_SUCCESS Success
- * \retval IPC_ERROR_BAD_PARAMETERS Bad parameters input
+ * \retval SPM_SUCCESS Success
+ * \retval SPM_ERROR_BAD_PARAMETERS Bad parameters input
* \retval "Does not return" Panic for not find handle node
*/
int32_t tfm_spm_set_rhandle(struct tfm_spm_service_t *service,
diff --git a/secure_fw/spm/cmsis_psa/tfm_internal_defines.h b/secure_fw/spm/cmsis_psa/tfm_internal_defines.h
deleted file mode 100644
index e948e7e..0000000
--- a/secure_fw/spm/cmsis_psa/tfm_internal_defines.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-#ifndef __TFM_INTERNAL_DEFINES_H__
-#define __TFM_INTERNAL_DEFINES_H__
-
-#include <inttypes.h>
-
-/* IPC internal return status */
-#define IPC_SUCCESS 0
-#define IPC_ERROR_BAD_PARAMETERS (INT32_MIN)
-#define IPC_ERROR_SHORT_BUFFER (INT32_MIN + 1)
-#define IPC_ERROR_VERSION (INT32_MIN + 2)
-#define IPC_ERROR_MEMORY_CHECK (INT32_MIN + 3)
-#define IPC_ERROR_GENERIC (INT32_MIN + 0x1F)
-
-#endif
diff --git a/secure_fw/spm/cmsis_psa/tfm_pools.c b/secure_fw/spm/cmsis_psa/tfm_pools.c
index 621d4cc..7c02ac5 100644
--- a/secure_fw/spm/cmsis_psa/tfm_pools.c
+++ b/secure_fw/spm/cmsis_psa/tfm_pools.c
@@ -11,7 +11,7 @@
#include "tfm_wait.h"
#include "psa/client.h"
#include "psa/service.h"
-#include "tfm_internal_defines.h"
+#include "internal_errors.h"
#include "cmsis_compiler.h"
#include "utilities.h"
#include "tfm_list.h"
@@ -26,13 +26,13 @@
size_t i;
if (!pool || num == 0) {
- return IPC_ERROR_BAD_PARAMETERS;
+ return SPM_ERROR_BAD_PARAMETERS;
}
/* Ensure buffer is large enough */
if (poolsz != ((chunksz + sizeof(struct tfm_pool_chunk_t)) * num +
sizeof(struct tfm_pool_instance_t))) {
- return IPC_ERROR_BAD_PARAMETERS;
+ return SPM_ERROR_BAD_PARAMETERS;
}
/* Buffer should be BSS cleared but clear it again */
@@ -52,7 +52,7 @@
pool->chunksz = chunksz;
pool->chunk_count = num;
- return IPC_SUCCESS;
+ return SPM_SUCCESS;
}
void *tfm_pool_alloc(struct tfm_pool_instance_t *pool)
diff --git a/secure_fw/spm/cmsis_psa/tfm_pools.h b/secure_fw/spm/cmsis_psa/tfm_pools.h
index 2d54f51..b1f39d9 100644
--- a/secure_fw/spm/cmsis_psa/tfm_pools.h
+++ b/secure_fw/spm/cmsis_psa/tfm_pools.h
@@ -77,8 +77,8 @@
* \param[in] chunksz Size of chunks.
* \param[in] num Number of chunks.
*
- * \retval IPC_SUCCESS Success.
- * \retval IPC_ERROR_BAD_PARAMETERS Parameters error.
+ * \retval SPM_SUCCESS Success.
+ * \retval SPM_ERROR_BAD_PARAMETERS Parameters error.
*/
int32_t tfm_pool_init(struct tfm_pool_instance_t *pool, size_t poolsz,
size_t chunksz, size_t num);
diff --git a/secure_fw/spm/ffm/psa_client_service_apis.c b/secure_fw/spm/ffm/psa_client_service_apis.c
index be24561..9fba6ee 100644
--- a/secure_fw/spm/ffm/psa_client_service_apis.c
+++ b/secure_fw/spm/ffm/psa_client_service_apis.c
@@ -15,7 +15,7 @@
#endif
#include "tfm_core_utils.h"
#include "tfm_hal_platform.h"
-#include "tfm_internal_defines.h"
+#include "ffm/spm_error_base.h"
#include "tfm_rpc.h"
#include "tfm_spm_hal.h"
@@ -84,7 +84,7 @@
*/
if (tfm_memory_check((const void *)args[1],
sizeof(struct tfm_control_parameter_t), ns_caller,
- TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
@@ -199,7 +199,7 @@
* input msg pointer is not a valid memory reference or not read-write.
*/
if (tfm_memory_check(msg, sizeof(psa_msg_t), false, TFM_MEMORY_ACCESS_RW,
- privileged) != IPC_SUCCESS) {
+ privileged) != SPM_SUCCESS) {
tfm_core_panic();
}
@@ -314,7 +314,7 @@
* if the memory reference for buffer is invalid or not read-write.
*/
if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
tfm_core_panic();
}
@@ -441,7 +441,7 @@
* if the memory reference for buffer is invalid or not readable.
*/
if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
tfm_core_panic();
}
diff --git a/secure_fw/spm/ffm/spm_psa_client_call.c b/secure_fw/spm/ffm/spm_psa_client_call.c
index d054705..c37913e 100644
--- a/secure_fw/spm/ffm/spm_psa_client_call.c
+++ b/secure_fw/spm/ffm/spm_psa_client_call.c
@@ -8,12 +8,12 @@
#include "psa/service.h"
#include "spm_ipc.h"
#include "tfm_core_utils.h"
-#include "tfm_internal_defines.h"
#include "tfm_memory_utils.h"
#include "spm_psa_client_call.h"
#include "utilities.h"
#include "tfm_wait.h"
#include "tfm_nspm.h"
+#include "ffm/spm_error_base.h"
uint32_t tfm_spm_client_psa_framework_version(void)
{
@@ -37,7 +37,7 @@
* It should return PSA_VERSION_NONE if the caller is not authorized
* to access the RoT Service.
*/
- if (tfm_spm_check_authorization(sid, service, ns_caller) != IPC_SUCCESS) {
+ if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
return PSA_VERSION_NONE;
}
@@ -69,7 +69,7 @@
* It is a PROGRAMMER ERROR if the caller is not authorized to access the RoT
* Service.
*/
- if (tfm_spm_check_authorization(sid, service, ns_caller) != IPC_SUCCESS) {
+ if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
}
@@ -86,7 +86,7 @@
* It is a PROGRAMMER ERROR if the version of the RoT Service requested is not
* supported on the platform.
*/
- if (tfm_spm_check_client_version(service, version) != IPC_SUCCESS) {
+ if (tfm_spm_check_client_version(service, version) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
}
@@ -138,7 +138,7 @@
conn_handle = tfm_spm_to_handle_instance(handle);
/* It is a PROGRAMMER ERROR if an invalid handle was passed. */
- if (tfm_spm_validate_conn_handle(conn_handle, client_id) != IPC_SUCCESS) {
+ if (tfm_spm_validate_conn_handle(conn_handle, client_id) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
@@ -167,7 +167,7 @@
* readable.
*/
if (tfm_memory_check(inptr, in_num * sizeof(psa_invec), ns_caller,
- TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
@@ -177,7 +177,7 @@
* the wrap output vector is invalid or not read-write.
*/
if (tfm_memory_check(outptr, out_num * sizeof(psa_outvec), ns_caller,
- TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
@@ -194,7 +194,7 @@
*/
for (i = 0; i < in_num; i++) {
if (tfm_memory_check(invecs[i].base, invecs[i].len, ns_caller,
- TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
}
@@ -221,7 +221,7 @@
*/
for (i = 0; i < out_num; i++) {
if (tfm_memory_check(outvecs[i].base, outvecs[i].len,
- ns_caller, TFM_MEMORY_ACCESS_RW, privileged) != IPC_SUCCESS) {
+ ns_caller, TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
}
}
@@ -243,7 +243,7 @@
* Send message and wake up the SP who is waiting on message queue,
* and scheduler triggered
*/
- if (tfm_spm_send_event(service, msg) != IPC_SUCCESS) {
+ if (tfm_spm_send_event(service, msg) != SPM_SUCCESS) {
/* FixMe: Need to refine failure process here. */
tfm_core_panic();
}
@@ -273,7 +273,7 @@
* It is a PROGRAMMER ERROR if an invalid handle was provided that is not
* the null handle.
*/
- if (tfm_spm_validate_conn_handle(conn_handle, client_id) != IPC_SUCCESS) {
+ if (tfm_spm_validate_conn_handle(conn_handle, client_id) != SPM_SUCCESS) {
TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
}
diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c
index 2dc67f0..f05e0e3 100644
--- a/secure_fw/spm/ffm/tfm_boot_data.c
+++ b/secure_fw/spm/ffm/tfm_boot_data.c
@@ -13,7 +13,7 @@
#include "tfm_core_utils.h"
#include "spm_partition_defs.h"
#ifdef TFM_PSA_API
-#include "tfm_internal_defines.h"
+#include "internal_errors.h"
#include "utilities.h"
#include "psa/service.h"
#include "tfm_thread.h"
@@ -175,7 +175,7 @@
tfm_spm_partition_get_privileged_mode(partition->p_static->flags);
if (tfm_memory_check(buf_start, buf_size, false, TFM_MEMORY_ACCESS_RW,
- privileged) != IPC_SUCCESS) {
+ privileged) != SPM_SUCCESS) {
/* Not in accessible range, return error */
args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
return;
diff --git a/secure_fw/spm/include/ffm/spm_error_base.h b/secure_fw/spm/include/ffm/spm_error_base.h
new file mode 100644
index 0000000..ba538ac
--- /dev/null
+++ b/secure_fw/spm/include/ffm/spm_error_base.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __SPM_ERROR_BASE__
+#define __SPM_ERROR_BASE__
+
+#include <stdint.h>
+
+/*
+ * SPM logs the implementation error code but does not parse it. SPM cares
+ * only two status of implementation function: SPM_SUCCESS or !SPM_SUCCESS.
+ *
+ * SPM_SUCCESS is defined as ZERO. Other error codes MUST be defined by
+ * performing arithmetic increasements on SPM_ERROR_BASE.
+ */
+#define SPM_ERROR_BASE INT32_MIN
+
+/* The 'no error' code, which is 'success'. */
+#define SPM_SUCCESS 0
+
+#endif /* __SPM_ERROR_BASE__ */