Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 14f19636aa7f691c2ea7be2546af3664221ce6a1^! / . / services / std_svc / spm / el3_spmc / spmc_shared_mem.c
commit14f19636aa7f691c2ea7be2546af3664221ce6a1[log] [tgz]
authorDemi Marie Obenour <demiobenour@gmail.com>Sun Jan 15 14:18:13 2023 -0500
committerDemi Marie Obenour <demiobenour@gmail.com>Tue Jun 20 11:18:05 2023 -0400
treecab1cc1e39e1dfdfc2da173b0dbf978797d1ae6c
parent70179dcbfb565a1a5e74bf81a482421e2743fed9 [diff] [blame]
refactor(el3-spmc): add comments and cleanup code

No functional change intended.

Change-Id: I08300ec4cb2e11d26c4a108769919d0c474292ff
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 88cf2cd..5c3d580 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c

@@ -777,16 +777,16 @@
 static int spmc_shmem_check_obj(struct spmc_shmem_obj *obj,
 				uint32_t ffa_version)
 {
-	uint64_t total_page_count;
+	unsigned long long total_page_count;
 	const struct ffa_emad_v1_0 *first_emad;
 	const struct ffa_emad_v1_0 *end_emad;
 	size_t emad_size;
-	uint32_t comp_mrd_offset = 0;
+	uint32_t comp_mrd_offset;
 	size_t header_emad_size;
 	size_t size;
 	size_t count;
 	size_t expected_size;
-	struct ffa_comp_mrd *comp;
+	const struct ffa_comp_mrd *comp;
 
 	if (obj->desc_filled != obj->desc_size) {
 		ERROR("BUG: %s called on incomplete object (%zu != %zu)\n",
@@ -884,16 +884,18 @@
 	}
 	size -= comp_mrd_offset;
 
+	/* Check that there is enough space for the composite descriptor. */
 	if (size < sizeof(struct ffa_comp_mrd)) {
 		WARN("%s: invalid object, offset %u, total size %zu, no header space.\n",
 		     __func__, comp_mrd_offset, obj->desc_size);
 		return FFA_ERROR_INVALID_PARAMETER;
 	}
-	size -= sizeof(struct ffa_comp_mrd);
+	size -= sizeof(*comp);
 
 	count = size / sizeof(struct ffa_cons_mrd);
 
-	comp = spmc_shmem_obj_get_comp_mrd(obj, ffa_version);
+	comp = (const struct ffa_comp_mrd *)
+	       ((const uint8_t *)(&obj->desc) + comp_mrd_offset);
 
 	if (comp->address_range_count != count) {
 		WARN("%s: invalid object, desc count %u != %zu\n",
@@ -901,6 +903,7 @@
 		return FFA_ERROR_INVALID_PARAMETER;
 	}
 
+	/* Ensure that the expected and actual sizes are equal. */
 	expected_size = comp_mrd_offset + sizeof(*comp) +
 		count * sizeof(struct ffa_cons_mrd);
 
@@ -912,6 +915,10 @@
 
 	total_page_count = 0;
 
+	/*
+	 * comp->address_range_count is 32-bit, so 'count' must fit in a
+	 * uint32_t at this point.
+	 */
 	for (size_t i = 0; i < count; i++) {
 		const struct ffa_cons_mrd *mrd = comp->address_range_array + i;
 
@@ -921,12 +928,17 @@
 			     __func__, i, (unsigned long long)mrd->address);
 		}
 
+		/*
+		 * No overflow possible: total_page_count can hold at
+		 * least 2^64 - 1, but will be have at most 2^32 - 1.
+		 * values added to it, each of which cannot exceed 2^32 - 1.
+		 */
 		total_page_count += mrd->page_count;
 	}
+
 	if (comp->total_page_count != total_page_count) {
-		WARN("%s: invalid object, desc total_page_count %u != %" PRIu64 "\n",
-		     __func__, comp->total_page_count,
-		total_page_count);
+		WARN("%s: invalid object, desc total_page_count %u != %llu\n",
+		     __func__, comp->total_page_count, total_page_count);
 		return FFA_ERROR_INVALID_PARAMETER;
 	}