diff options
| author | Olivier Deprez <olivier.deprez@arm.com> | 2021-04-22 14:39:54 +0200 |
|---|---|---|
| committer | Olivier Deprez <olivier.deprez@arm.com> | 2022-03-01 18:51:43 +0100 |
| commit | 20b9b1784f209811a05db71f8503980c97f4634a (patch) | |
| tree | 8c5da473df4f3cab66eeb9c12ed7c45f62a7d635 /spm/cactus/cactus_tests | |
| parent | 572ee4fde07faf8c208ebfd1bcaf745a93db003d (diff) | |
test(cactus): prevent realm region access from swd
This change adds TFTF and cactus tests to check a realm region cannot
be accessed from secure world.
A non-secure buffer is delegated to realm PAS and shared to a secure
partition through FF-A memory sharing operations.
The SP retrieves the region from the SPM, maps it and attempts a write
access. The PE is expected to trigger a GPF data abort caught by a
custom exception handler.
Exception is trapped at S-EL1 within the secure partition because
Hafnium configures HCR_EL2.GPF=0 (and SCR_EL3.GPF=0).
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I8f855f394d0490b3584e60ceba4f3d2a20197495
Diffstat (limited to 'spm/cactus/cactus_tests')
| -rw-r--r-- | spm/cactus/cactus_tests/cactus_test_memory_sharing.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/spm/cactus/cactus_tests/cactus_test_memory_sharing.c b/spm/cactus/cactus_tests/cactus_test_memory_sharing.c index 69d62dd..051208e 100644 --- a/spm/cactus/cactus_tests/cactus_test_memory_sharing.c +++ b/spm/cactus/cactus_tests/cactus_test_memory_sharing.c @@ -14,6 +14,27 @@ #include <sp_helpers.h> #include <xlat_tables_defs.h> #include <lib/xlat_tables/xlat_tables_v2.h> +#include <sync.h> + +static volatile uint32_t data_abort_gpf_triggered; + +static bool data_abort_gpf_handler(void) +{ + uint64_t esr_el1 = read_esr_el1(); + + VERBOSE("%s count %u esr_el1 %llx elr_el1 %llx\n", + __func__, data_abort_gpf_triggered, esr_el1, + read_elr_el1()); + + /* Expect a data abort because of a GPF. */ + if ((EC_BITS(esr_el1) == EC_DABORT_CUR_EL) && + ((ISS_BITS(esr_el1) & ISS_DFSC_MASK) == DFSC_GPF_DABORT)) { + data_abort_gpf_triggered++; + return true; + } + + return false; +} /** * Each Cactus SP has a memory region dedicated to memory sharing tests @@ -51,7 +72,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD) cactus_mem_send_get_retrv_flags(*args); uint32_t words_to_write = cactus_mem_send_words_to_write(*args); - expect(memory_retrieve(mb, &m, handle, source, vm_id, mem_func, + expect(memory_retrieve(mb, &m, handle, source, vm_id, retrv_flags), true); composite = ffa_memory_region_get_composite(m, 0); @@ -104,12 +125,17 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD) } } + data_abort_gpf_triggered = 0; + register_custom_sync_exception_handler(data_abort_gpf_handler); + /* Write mem_func to retrieved memory region for validation purposes. */ VERBOSE("Writing: %x\n", mem_func); for (unsigned int i = 0U; i < words_to_write; i++) { ptr[i] = mem_func; } + unregister_custom_sync_exception_handler(); + /* * A FFA_MEM_DONATE changes the ownership of the page, as such no * relinquish is needed. @@ -120,7 +146,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD) composite->constituents[0].page_count * PAGE_SIZE); if (ret != 0) { - ERROR("Failed first mmap_add_dynamic_region!\n"); + ERROR("Failed to unmap received memory region(%d)!\n", ret); return cactus_error_resp(vm_id, source, CACTUS_ERROR_TEST); } @@ -139,7 +165,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD) } return cactus_success_resp(vm_id, - source, 0); + source, data_abort_gpf_triggered); } CACTUS_CMD_HANDLER(req_mem_send_cmd, CACTUS_REQ_MEM_SEND_CMD) |