From 93ff138b59d493fe93ba7fee99e9f1d0f1acb361 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 23 Dec 2019 16:21:12 +0100 Subject: [PATCH] SPMD: smc handler qualify secure origin using booleans Change-Id: Icc8f73660453a2cbb2241583684b615d5d1af9d4 Signed-off-by: Olivier Deprez --- services/std_svc/spmd/spmd_main.c | 61 ++++++++++++++----------------- 1 file changed, 27 insertions(+), 34 deletions(-) diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c index 50c32fc83..f49d23610 100644 --- a/services/std_svc/spmd/spmd_main.c +++ b/services/std_svc/spmd/spmd_main.c @@ -47,10 +47,9 @@ static entry_point_info_t *spmc_ep_info; static int32_t spmd_init(void); static int spmd_spmc_init(void *rd_base, size_t rd_size); static uint64_t spmd_spci_error_return(void *handle, int error_code); -static uint64_t spmd_smc_forward(uint32_t smc_fid, uint32_t in_sstate, - uint32_t out_sstate, uint64_t x1, - uint64_t x2, uint64_t x3, uint64_t x4, - void *handle); +static uint64_t spmd_smc_forward(uint32_t smc_fid, bool secure_origin, + uint64_t x1, uint64_t x2, uint64_t x3, + uint64_t x4, void *handle); /******************************************************************************* * This function takes an SP context pointer and performs a synchronous entry @@ -324,21 +323,23 @@ int spmd_setup(void) /******************************************************************************* * Forward SMC to the other security state ******************************************************************************/ -static uint64_t spmd_smc_forward(uint32_t smc_fid, uint32_t in_sstate, - uint32_t out_sstate, uint64_t x1, - uint64_t x2, uint64_t x3, uint64_t x4, - void *handle) +static uint64_t spmd_smc_forward(uint32_t smc_fid, bool secure_origin, + uint64_t x1, uint64_t x2, uint64_t x3, + uint64_t x4, void *handle) { + uint32_t secure_state_in = (secure_origin) ? SECURE : NON_SECURE; + uint32_t secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; + /* Save incoming security state */ - cm_el1_sysregs_context_save(in_sstate); - cm_el2_sysregs_context_save(in_sstate); + cm_el1_sysregs_context_save(secure_state_in); + cm_el2_sysregs_context_save(secure_state_in); /* Restore outgoing security state */ - cm_el1_sysregs_context_restore(out_sstate); - cm_el2_sysregs_context_restore(out_sstate); - cm_set_next_eret_context(out_sstate); + cm_el1_sysregs_context_restore(secure_state_out); + cm_el2_sysregs_context_restore(secure_state_out); + cm_set_next_eret_context(secure_state_out); - SMC_RET8(cm_get_context(out_sstate), smc_fid, x1, x2, x3, x4, + SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), SMC_GET_GP(handle, CTX_GPREG_X6), SMC_GET_GP(handle, CTX_GPREG_X7)); @@ -363,19 +364,12 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3, uint64_t x4, void *cookie, void *handle, uint64_t flags) { - uint32_t in_sstate; - uint32_t out_sstate; - int32_t ret; spmd_spm_core_context_t *ctx = &spm_core_context[plat_my_core_pos()]; + bool secure_origin; + int32_t ret; /* Determine which security state this SMC originated from */ - if (is_caller_secure(flags)) { - in_sstate = SECURE; - out_sstate = NON_SECURE; - } else { - in_sstate = NON_SECURE; - out_sstate = SECURE; - } + secure_origin = is_caller_secure(flags); INFO("SPM: 0x%x, 0x%llx, 0x%llx, 0x%llx, 0x%llx, " "0x%llx, 0x%llx, 0x%llx\n", @@ -390,12 +384,11 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, * this CPU. If so, then indicate that the SPM core initialised * unsuccessfully. */ - if ((in_sstate == SECURE) && - (ctx->state == SPMC_STATE_RESET)) { + if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { spmd_spm_core_sync_exit(x2); } - return spmd_smc_forward(smc_fid, in_sstate, out_sstate, + return spmd_smc_forward(smc_fid, secure_origin, x1, x2, x3, x4, handle); break; /* not reached */ @@ -429,8 +422,8 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, } /* Forward SMC from Normal world to the SPM core */ - if (in_sstate == NON_SECURE) { - return spmd_smc_forward(smc_fid, in_sstate, out_sstate, + if (!secure_origin) { + return spmd_smc_forward(smc_fid, secure_origin, x1, x2, x3, x4, handle); } else { /* @@ -452,7 +445,7 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, case SPCI_RXTX_UNMAP: case SPCI_MSG_RUN: /* This interface must be invoked only by the Normal world */ - if (in_sstate == SECURE) { + if (secure_origin) { return spmd_spci_error_return(handle, SPCI_ERROR_NOT_SUPPORTED); } @@ -485,7 +478,7 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, * simply forward the call to the Normal world. */ - return spmd_smc_forward(smc_fid, in_sstate, out_sstate, + return spmd_smc_forward(smc_fid, secure_origin, x1, x2, x3, x4, handle); break; /* not reached */ @@ -495,7 +488,7 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, * this CPU from the Secure world. If so, then indicate that the * SPM core initialised successfully. */ - if ((in_sstate == SECURE) && (ctx->state == SPMC_STATE_RESET)) { + if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { spmd_spm_core_sync_exit(0); } @@ -503,12 +496,12 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, case SPCI_MSG_YIELD: /* This interface must be invoked only by the Secure world */ - if (in_sstate == NON_SECURE) { + if (!secure_origin) { return spmd_spci_error_return(handle, SPCI_ERROR_NOT_SUPPORTED); } - return spmd_smc_forward(smc_fid, in_sstate, out_sstate, + return spmd_smc_forward(smc_fid, secure_origin, x1, x2, x3, x4, handle); break; /* not reached */