SPM: Invert tfm_spm_check_buffer_access() logic
Invert the logic for the tfm_spm_check_buffer_access() function
to conform to "0 means success" and align to other APIs. Refactor
the function itself to provide different return codes on error and
a default failure return instead of default success.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I40ef814a472375cdb2c40ac75dd5f605a9eccbfe
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
index 9d0df04..1d4c9ee 100644
--- a/interface/include/tfm_api.h
+++ b/interface/include/tfm_api.h
@@ -53,6 +53,7 @@
TFM_ERROR_NOT_INITIALIZED,
TFM_ERROR_NO_ACTIVE_PARTITION,
TFM_ERROR_INVALID_EXC_MODE,
+ TFM_ERROR_NOT_IN_RANGE,
TFM_SECURE_LOCK_FAILED,
TFM_SECURE_UNLOCK_FAILED,
TFM_ERROR_GENERIC = 0x1F,
diff --git a/secure_fw/spm/cmsis_func/include/spm_func.h b/secure_fw/spm/cmsis_func/include/spm_func.h
index 88d2f7d..ac0bc7b 100644
--- a/secure_fw/spm/cmsis_func/include/spm_func.h
+++ b/secure_fw/spm/cmsis_func/include/spm_func.h
@@ -303,9 +303,9 @@
* \param[in] len The length of the buffer
* \param[in] alignment The expected alignment (in bits)
*
- * \return 1 if the check passes, 0 otherwise.
+ * \return TFM_SUCCESS on successful return, an error code otherwise
*
- * \note For a 0 long buffer the check fails.
+ * \note For a zero length buffer the check fails.
*/
int32_t tfm_spm_check_buffer_access(uint32_t partition_idx,
void *start_addr,
diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c
index 62e0060..0967844 100644
--- a/secure_fw/spm/cmsis_func/spm_func.c
+++ b/secure_fw/spm/cmsis_func/spm_func.c
@@ -894,26 +894,19 @@
alignment_mask = (((uintptr_t)1) << alignment) - 1;
- /* Check that the pointer is aligned properly */
- if (start_addr_value & alignment_mask) {
- /* not aligned, return error */
- return 0;
+ /* Check pointer alignment and protect against overflow and zero len */
+ if (!(start_addr_value & alignment_mask) &&
+ (end_addr_value > start_addr_value)) {
+ /* Check that the range is in S_DATA */
+ if ((start_addr_value >= S_DATA_START) &&
+ (end_addr_value <= (S_DATA_START + S_DATA_SIZE))) {
+ return TFM_SUCCESS;
+ } else {
+ return TFM_ERROR_NOT_IN_RANGE;
+ }
}
- /* Protect against overflow (and zero len) */
- if (end_addr_value <= start_addr_value) {
- return 0;
- }
-
- /* For privileged partition execution, all secure data memory and stack
- * is accessible
- */
- if (start_addr_value >= S_DATA_START &&
- end_addr_value <= (S_DATA_START + S_DATA_SIZE)) {
- return 1;
- }
-
- return 0;
+ return TFM_ERROR_INVALID_PARAMETER;
}
void tfm_spm_get_caller_client_id_handler(uint32_t *svc_args)
@@ -946,9 +939,9 @@
(void *)result_ptr_value,
sizeof(curr_part_data->caller_client_id),
2);
- if (!res) {
+ if (res != TFM_SUCCESS) {
/* Not in accessible range, return error */
- svc_args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
+ svc_args[0] = (uint32_t)res;
return;
}
diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c
index 1b9ed64..d7db303 100644
--- a/secure_fw/spm/ffm/tfm_boot_data.c
+++ b/secure_fw/spm/ffm/tfm_boot_data.c
@@ -163,9 +163,9 @@
(void *)buf_start,
buf_size,
2);
- if (!res) {
+ if (res != TFM_SUCCESS) {
/* Not in accessible range, return error */
- args[0] = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
+ args[0] = (uint32_t)res;
return;
}
#else