From 5519f07cd46a4139615a3e8f5e57d1834b23a6f8 Mon Sep 17 00:00:00 2001 From: Shruti Date: Thu, 9 Jun 2022 11:03:11 +0100 Subject: [PATCH] feat(spmd): avoid spoofing in FF-A direct request Validate that non-secure caller does not spoof SPMD, SPMC or any secure endpoint ID in FFA_MSG_SEND_DIRECT_REQ. Change-Id: I7eadb8886142d94bef107cf485462dfcda828895 Signed-off-by: Shruti --- services/std_svc/spmd/spmd_main.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c index e38878432..7e6c89df3 100644 --- a/services/std_svc/spmd/spmd_main.c +++ b/services/std_svc/spmd/spmd_main.c @@ -803,6 +803,14 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, break; /* not reached */ case FFA_MSG_SEND_DIRECT_REQ_SMC32: + case FFA_MSG_SEND_DIRECT_REQ_SMC64: + if (!secure_origin) { + /* Validate source endpoint is non-secure for non-secure caller. */ + if (ffa_is_secure_world_id(ffa_endpoint_source(x1))) { + return spmd_ffa_error_return(handle, + FFA_ERROR_INVALID_PARAMETER); + } + } if (secure_origin && spmd_is_spmc_message(x1)) { ret = spmd_handle_spmc_message(x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), @@ -862,7 +870,6 @@ uint64_t spmd_smc_handler(uint32_t smc_fid, /* Fall through to forward the call to the other world */ case FFA_MSG_SEND: - case FFA_MSG_SEND_DIRECT_REQ_SMC64: case FFA_MSG_SEND_DIRECT_RESP_SMC64: case FFA_MEM_DONATE_SMC32: case FFA_MEM_DONATE_SMC64: -- 2.39.5