From 3954bc3c03439dbdc7029cf2418c79a037918ce4 Mon Sep 17 00:00:00 2001
From: Marc Bonnici <marc.bonnici@arm.com>
Date: Fri, 20 May 2022 14:34:56 +0100
Subject: [PATCH 1/2] fix(spmc): fix FF-A memory transaction validation

Fix an incorrect bound check for overlapping memory regions which can
give false positives if the two regions are consecutive to each other.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I997dc4d1ef2014660cc964aff0a73e348c44eff0
---
 services/std_svc/spm/el3_spmc/spmc_shared_mem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 1602981bf..98d069ac9 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -304,7 +304,7 @@ overlapping_memory_regions(struct ffa_comp_mrd *region1,
 
 			if ((region1_start >= region2_start &&
 			     region1_start < region2_end) ||
-			    (region1_end >= region2_start
+			    (region1_end > region2_start
 			     && region1_end < region2_end)) {
 				WARN("Overlapping mem regions 0x%lx-0x%lx & 0x%lx-0x%lx\n",
 				     region1_start, region1_end,

From 25eb2d41a6d2ede1e945bbc67ae3f740b92a40bb Mon Sep 17 00:00:00 2001
From: Marc Bonnici <marc.bonnici@arm.com>
Date: Fri, 20 May 2022 14:38:55 +0100
Subject: [PATCH 2/2] fix(spmc): fix incorrect FF-A version usage

Fix the wrong FF-A version being used for retrieving existing memory
descriptors for v1.0 clients. Internally these should always be stored
using the latest version rather than client version.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ibee1b2452c8d6ebd23bbd9d703c96ca185444093
---
 services/std_svc/spm/el3_spmc/spmc_shared_mem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 98d069ac9..4a24108e0 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -815,7 +815,7 @@ static int spmc_shmem_check_state_obj(struct spmc_shmem_obj *obj,
 		if ((obj->desc.handle != inflight_obj->desc.handle) &&
 		    (obj->desc_size == obj->desc_filled)) {
 			other_mrd = spmc_shmem_obj_get_comp_mrd(inflight_obj,
-								ffa_version);
+							  FFA_VERSION_COMPILED);
 			if (other_mrd == NULL) {
 				return -EINVAL;
 			}