Merge "fix(intel): update fcs functions to check ddr range" into integration

commit: deb053c80b8910b4e22c979a4aae27f8d1088ccf [log] [tgz]
author: Sandrine Bailleux <sandrine.bailleux@arm.com> Tue Dec 19 14:26:28 2023 +0100
committer: TrustedFirmware Code Review <review@review.trustedfirmware.org> Tue Dec 19 14:26:28 2023 +0100
tree: 532e180a11defd84a58d7e6f8f28ae401d26768d
parent: e3a7c08d9cc3f99fffc53723d7420c1c7a128ca8 [diff]
parent: c0dc40e224c89595113d35dade50640e17a20603 [diff]
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index beaa720..843ec69 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c

@@ -247,14 +247,6 @@
 	int status;
 	uint32_t load_size;
 
-	fcs_encrypt_payload payload = {
-		FCS_ENCRYPTION_DATA_0,
-		src_addr,
-		src_size,
-		dst_addr,
-		dst_size };
-	load_size = sizeof(payload) / MBOX_WORD_BYTE;
-
 	if (!is_address_in_ddr_range(src_addr, src_size) ||
 		!is_address_in_ddr_range(dst_addr, dst_size)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -264,6 +256,14 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	fcs_encrypt_payload payload = {
+		FCS_ENCRYPTION_DATA_0,
+		src_addr,
+		src_size,
+		dst_addr,
+		dst_size };
+	load_size = sizeof(payload) / MBOX_WORD_BYTE;
+
 	status = mailbox_send_cmd_async(send_id, MBOX_FCS_ENCRYPT_REQ,
 				(uint32_t *) &payload, load_size,
 				CMD_INDIRECT);
@@ -283,6 +283,15 @@
 	uint32_t load_size;
 	uintptr_t id_offset;
 
+	if (!is_address_in_ddr_range(src_addr, src_size) ||
+		!is_address_in_ddr_range(dst_addr, dst_size)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	if (!is_size_4_bytes_aligned(src_size)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	inv_dcache_range(src_addr, src_size); /* flush cache before mmio read to avoid reading old values */
 	id_offset = src_addr + FCS_OWNER_ID_OFFSET;
 	fcs_decrypt_payload payload = {
@@ -295,15 +304,6 @@
 		dst_size };
 	load_size = sizeof(payload) / MBOX_WORD_BYTE;
 
-	if (!is_address_in_ddr_range(src_addr, src_size) ||
-		!is_address_in_ddr_range(dst_addr, dst_size)) {
-		return INTEL_SIP_SMC_STATUS_REJECTED;
-	}
-
-	if (!is_size_4_bytes_aligned(src_size)) {
-		return INTEL_SIP_SMC_STATUS_REJECTED;
-	}
-
 	status = mailbox_send_cmd_async(send_id, MBOX_FCS_DECRYPT_REQ,
 				(uint32_t *) &payload, load_size,
 				CMD_INDIRECT);
@@ -2023,6 +2023,10 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	if (!is_address_in_ddr_range(dst_addr, *dst_size)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	if (fcs_ecdsa_get_pubkey_param.session_id != session_id ||
 		fcs_ecdsa_get_pubkey_param.context_id != context_id) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -2234,7 +2238,8 @@
 	}
 
 	if ((!is_8_bytes_aligned(dst_addr)) ||
-		(!is_32_bytes_aligned(dst_size))) {
+		(!is_32_bytes_aligned(dst_size)) ||
+		(!is_address_in_ddr_range(dst_addr, dst_size))) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
commit	deb053c80b8910b4e22c979a4aae27f8d1088ccf	[log] [tgz]
author	Sandrine Bailleux <sandrine.bailleux@arm.com>	Tue Dec 19 14:26:28 2023 +0100
committer	TrustedFirmware Code Review <review@review.trustedfirmware.org>	Tue Dec 19 14:26:28 2023 +0100
tree	532e180a11defd84a58d7e6f8f28ae401d26768d
parent	e3a7c08d9cc3f99fffc53723d7420c1c7a128ca8 [diff]
parent	c0dc40e224c89595113d35dade50640e17a20603 [diff]