feat(spmd): avoid spoofing in FF-A direct request Validate that non-secure caller does not spoof SPMD, SPMC or any secure endpoint ID in FFA_MSG_SEND_DIRECT_REQ. Change-Id: I7eadb8886142d94bef107cf485462dfcda828895 Signed-off-by: Shruti <shruti.gupta@arm.com>

commit: 3d8596724865d7c33f59d827f181bc7c7125d08d [log] [tgz]
author: Shruti <shruti.gupta@arm.com> Thu Jun 09 11:03:11 2022 +0100
committer: Shruti Gupta <shruti.gupta@arm.com> Fri Jul 01 11:54:17 2022 +0100
tree: 6f6bce5b43dd141340473be1a16041e705be2962
parent: 52e4b41b13c6bd024884b4c55bc9b5d897494a3e [diff]
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index e388784..7e6c89d 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c

@@ -803,6 +803,14 @@
 		break; /* not reached */
 
 	case FFA_MSG_SEND_DIRECT_REQ_SMC32:
+	case FFA_MSG_SEND_DIRECT_REQ_SMC64:
+		if (!secure_origin) {
+			/* Validate source endpoint is non-secure for non-secure caller. */
+			if (ffa_is_secure_world_id(ffa_endpoint_source(x1))) {
+				return spmd_ffa_error_return(handle,
+						FFA_ERROR_INVALID_PARAMETER);
+			}
+		}
 		if (secure_origin && spmd_is_spmc_message(x1)) {
 			ret = spmd_handle_spmc_message(x3, x4,
 				SMC_GET_GP(handle, CTX_GPREG_X5),
@@ -862,7 +870,6 @@
 
 		/* Fall through to forward the call to the other world */
 	case FFA_MSG_SEND:
-	case FFA_MSG_SEND_DIRECT_REQ_SMC64:
 	case FFA_MSG_SEND_DIRECT_RESP_SMC64:
 	case FFA_MEM_DONATE_SMC32:
 	case FFA_MEM_DONATE_SMC64:
commit	3d8596724865d7c33f59d827f181bc7c7125d08d	[log] [tgz]
author	Shruti <shruti.gupta@arm.com>	Thu Jun 09 11:03:11 2022 +0100
committer	Shruti Gupta <shruti.gupta@arm.com>	Fri Jul 01 11:54:17 2022 +0100
tree	6f6bce5b43dd141340473be1a16041e705be2962
parent	52e4b41b13c6bd024884b4c55bc9b5d897494a3e [diff]