fix(el3-spmc): only call spmc_shm_check_obj() on complete objects
When called on incomplete objects, it might fail or access uninitialized
memory. This allows simplifying spmc_shm_check_obj().
Change-Id: I7c11f15d4c8ebe8cd15e7d8c37a0d0f3daa83675
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 6cc6b7d..1dc71c7 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -878,14 +878,6 @@
return -EINVAL;
}
- if (obj->desc_filled < obj->desc_size) {
- /*
- * The whole descriptor has not yet been received.
- * Skip final checks.
- */
- return 0;
- }
-
/*
* The offset provided to the composite memory region descriptor
* should be consistent across endpoint descriptors. Store the
@@ -1044,11 +1036,6 @@
}
obj->desc_filled += fragment_length;
- ret = spmc_shmem_check_obj(obj, ffa_version);
- if (ret != 0) {
- ret = FFA_ERROR_INVALID_PARAMETER;
- goto err_bad_desc;
- }
handle_low = (uint32_t)obj->desc.handle;
handle_high = obj->desc.handle >> 32;
@@ -1061,6 +1048,12 @@
/* The full descriptor has been received, perform any final checks. */
+ ret = spmc_shmem_check_obj(obj, ffa_version);
+ if (ret != 0) {
+ ret = FFA_ERROR_INVALID_PARAMETER;
+ goto err_bad_desc;
+ }
+
/*
* If a partition ID resides in the secure world validate that the
* partition ID is for a known partition. Ignore any partition ID