refactor(el3-spmc): validate alignment earlier
Future changes will cause spmc_shmem_obj_get_comp_mrd to panic instead
of returning NULL, so be sure that comp_mrd_offset has been validated
already. The existing code checks for 8-byte alignment, but comments in
el3_spmc_ffa_memory.h indicate that 16-byte alignment is expected, so
require 16-byte alignment.
Change-Id: I400f0f1f163522cb5ea77d4811c91e8b7e655c18
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 8183a0a..6863d00 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -854,6 +854,14 @@
return FFA_ERROR_INVALID_PARAMETER;
}
+ /* Ensure the composite descriptor offset is aligned. */
+ if (!is_aligned(comp_mrd_offset, 16)) {
+ WARN("%s: invalid object, unaligned composite memory "
+ "region descriptor offset %u.\n",
+ __func__, comp_mrd_offset);
+ return FFA_ERROR_INVALID_PARAMETER;
+ }
+
size = obj->desc_size;
if (offset > size) {
@@ -874,11 +882,6 @@
comp = spmc_shmem_obj_get_comp_mrd(obj, ffa_version);
- if (comp == NULL) {
- WARN("%s: invalid comp_mrd offset\n", __func__);
- return FFA_ERROR_INVALID_PARAMETER;
- }
-
if (comp->address_range_count != count) {
WARN("%s: invalid object, desc count %u != %zu\n",
__func__, comp->address_range_count, count);