commit 05da8116880e75d32d13c0cd32009f8efec33818
author Demi Marie Obenour <demiobenour@gmail.com> Sun Jan 15 14:37:36 2023 -0500
committer Demi Marie Obenour <demiobenour@gmail.com> Mon Jun 12 12:21:05 2023 -0400
tree 4ac8ff833e915467c56d712e0bd5587e08627287
parent 385225bdc83c9b92a182ae17f90aac0d4084ccfe

refactor(el3-spmc): validate alignment earlier

Future changes will cause spmc_shmem_obj_get_comp_mrd to panic instead
of returning NULL, so be sure that comp_mrd_offset has been validated
already.  The existing code checks for 8-byte alignment, but comments in
el3_spmc_ffa_memory.h indicate that 16-byte alignment is expected, so
require 16-byte alignment.

Change-Id: I400f0f1f163522cb5ea77d4811c91e8b7e655c18
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

services/std_svc/spm/el3_spmc/spmc_shared_mem.c

diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 8183a0a..6863d00 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -854,6 +854,14 @@
 			return FFA_ERROR_INVALID_PARAMETER;
 		}
 
+		/* Ensure the composite descriptor offset is aligned. */
+		if (!is_aligned(comp_mrd_offset, 16)) {
+			WARN("%s: invalid object, unaligned composite memory "
+			     "region descriptor offset %u.\n",
+			     __func__, comp_mrd_offset);
+			return FFA_ERROR_INVALID_PARAMETER;
+		}
+
 		size = obj->desc_size;
 
 		if (offset > size) {
@@ -874,11 +882,6 @@
 
 		comp = spmc_shmem_obj_get_comp_mrd(obj, ffa_version);
 
-		if (comp == NULL) {
-			WARN("%s: invalid comp_mrd offset\n", __func__);
-			return FFA_ERROR_INVALID_PARAMETER;
-		}
-
 		if (comp->address_range_count != count) {
 			WARN("%s: invalid object, desc count %u != %zu\n",
 			     __func__, comp->address_range_count, count);