/* * Copyright (c) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* -------------------------------------- Includes ----------------------------------- */ #include "psa_defs.h" #include "cmsis_os2.h" #include "mbed_critical.h" #include "spm_internal.h" #include "spm_panic.h" #include "handles_manager.h" #include <string.h> #include <stdbool.h> #include <stdlib.h> /* ------------------------------------ Definitions ---------------------------------- */ #define PSA_HANDLE_MGR_HANDLE_INDEX_POS 16 #define PSA_HANDLE_MGR_HANDLE_INDEX_MSK 0xFFFF /* -------------------------------- Handle Manager Module ---------------------------- */ /* The Handle Manager Module manages handles. * * It basically generates and exposes a unique handle identifier [handle] per * handle memory [handle_mem] it receives from the user. * Then users can use the exposed handle identifier to relate to the "registered" * handle memory. * * Users can: * - Ask for a unique handle identifier for a given handle memory [handle_create] * - Ask for a pointer to the handle memory corresponding to a * handle identifier [handle_get_mem] * - Remove a handle from the handle manager module [handle_destroy] * * Note: * Handles generation is done exclusively. * Once we got a handle, removing a handle or getting its memory can be * done non-exclusive. * The assumption is that only one context is dealing with a handle after it was * generated. */ /* ------------------------------------- Functions ----------------------------------- */ /********************************************************************************************************************************** * Function : psa_hndl_mgr_handle_create * * Description: This function generates a unique handle identifier, and "couples" it with the received handle memory. * If there is no vacant space for the new handle, the function fails. * * Note: This function is expected to pass since it is always coupled with memory pool allocation of the same size. * In case memory pool allocation fails, this function should not be called. * This function will panic on non vacant space use case. * * Parameters : handle_mgr - [IN] A pointer to the handle manager object * handle_mem - [IN] A pointer to a pre-allocated handle memory to get a handle identifier for * friend_pid - [IN] The partition id which is allowed to get_mem() and destroy() in addition to the handle owner. * Use PSA_HANDLE_MGR_INVALID_FRIEND_OWNER to denote there is no friend partition. * * Return : The created handle identifier *********************************************************************************************************************************/ psa_handle_t psa_hndl_mgr_handle_create(psa_handle_manager_t *handle_mgr, void *handle_mem, int32_t friend_pid) { // Make sanity checks on arguments SPM_ASSERT(handle_mgr != NULL); SPM_ASSERT(handle_mem != NULL); // Get active partition id - Needed for requester identification spm_partition_t *curr_part_ptr = get_active_partition(); int32_t current_pid = ((curr_part_ptr != NULL) ? curr_part_ptr->partition_id : PSA_NSPE_IDENTIFIER); uint32_t expected = UINT16_MAX; // Avoid passing UINT16_MAX. Start again from 0 if reached. // The reason for this is that we use the 16 upper bits to store the handle's index in the handles pool (for performance reasons) core_util_atomic_cas_u32( (uint32_t *)( &(handle_mgr->handle_generator) ), &expected, PSA_HANDLE_MGR_INVALID_HANDLE ); // Generate a new handle identifier uint32_t tmp_handle = core_util_atomic_incr_u32(&(handle_mgr->handle_generator), 1); uint32_t new_handle = PSA_HANDLE_MGR_INVALID_HANDLE; uint32_t pool_ix = 0; // Look for a vacant space in handles pool for the generated handle for(pool_ix = 0; pool_ix < handle_mgr->pool_size; pool_ix++) { expected = PSA_HANDLE_MGR_INVALID_HANDLE; // Write the handles pool index in the upper 16 bits of the handle new_handle = ((pool_ix << PSA_HANDLE_MGR_HANDLE_INDEX_POS) | tmp_handle); // Store the generated handle in the handles pool if(core_util_atomic_cas_u32( (uint32_t *)( &(handle_mgr->handles_pool[pool_ix].handle) ), &expected, new_handle )) { // Handle is successfully stored in handles pool // Store the handle memory in the handles pool, "coupled" with the stored handle handle_mgr->handles_pool[pool_ix].handle_mem = handle_mem; handle_mgr->handles_pool[pool_ix].handle_owner = current_pid; handle_mgr->handles_pool[pool_ix].handle_friend = friend_pid; break; } // Occupied index in handles pool - continue looping } // Handle creation should only occur after a successful memory allocation // and is not expected to fail. SPM_ASSERT(pool_ix != handle_mgr->pool_size); return new_handle; } /********************************************************************************************************************************** * Function : psa_hndl_mgr_handle_destroy * * Description: This function removes a handle from the handle manager. * * Parameters : handle_mgr - [IN] A pointer to the handle manager object * handle - [IN] The handle to be removed * * Return : Void *********************************************************************************************************************************/ void psa_hndl_mgr_handle_destroy(psa_handle_manager_t *handle_mgr, psa_handle_t handle) { // Make sanity checks on arguments SPM_ASSERT(handle_mgr != NULL); SPM_ASSERT(handle != PSA_NULL_HANDLE); // Get the handle's index in the handles pool uint32_t pool_ix = ((handle >> PSA_HANDLE_MGR_HANDLE_INDEX_POS) & PSA_HANDLE_MGR_HANDLE_INDEX_MSK); if(pool_ix >= handle_mgr->pool_size) { SPM_PANIC("[ERROR] Handle's index [%d] is bigger than handles pool size [%d]! \n", (int)pool_ix, (int)(handle_mgr->pool_size)); } if(handle_mgr->handles_pool[pool_ix].handle != handle) { SPM_PANIC("[ERROR] Handle %d is not found in expected index! \n", (int)handle); } // Get active partition id - Needed for requester identification spm_partition_t *curr_part_ptr = get_active_partition(); int32_t current_pid = ((curr_part_ptr != NULL) ? curr_part_ptr->partition_id : PSA_NSPE_IDENTIFIER); if( (handle_mgr->handles_pool[pool_ix].handle_owner != current_pid) && (handle_mgr->handles_pool[pool_ix].handle_friend != current_pid) ) { SPM_PANIC("[ERROR] Request for destroy by non-owner or friend!\n"); } handle_mgr->handles_pool[pool_ix].handle = PSA_NULL_HANDLE; handle_mgr->handles_pool[pool_ix].handle_owner = PSA_HANDLE_MGR_INVALID_FRIEND_OWNER; handle_mgr->handles_pool[pool_ix].handle_friend = PSA_HANDLE_MGR_INVALID_FRIEND_OWNER; } /********************************************************************************************************************************** * Function : psa_hndl_mgr_handle_get_mem * * Description: This function looks for the handle memory corresponding to <handle>. * If it is not found in the expected index in the handles pool, the function fails. * * Parameters : handle_mgr - [IN] A pointer to the handle manager object. * handle - [IN] The handle for which we request the corresponding memory handle. * * Return : A pointer to the memory corresponding to the handle. *********************************************************************************************************************************/ void *psa_hndl_mgr_handle_get_mem(psa_handle_manager_t *handle_mgr, psa_handle_t handle) { SPM_ASSERT(handle_mgr != NULL); if(handle == PSA_NULL_HANDLE) { SPM_PANIC("[ERROR] Trying to get memory for an invalid handle! \n"); } // Get the handle's index in the handles pool uint32_t pool_ix = ((handle >> PSA_HANDLE_MGR_HANDLE_INDEX_POS) & PSA_HANDLE_MGR_HANDLE_INDEX_MSK); if(pool_ix >= handle_mgr->pool_size) { SPM_PANIC("[ERROR] Handle's index [%d] is bigger than handles pool size [%d]! \n", (int)pool_ix, (int)(handle_mgr->pool_size)); } if(handle_mgr->handles_pool[pool_ix].handle != handle) { SPM_PANIC("[ERROR] Handle %d is not found in expected index! \n", (int)handle); } // Get active partition id - Needed for requester identification spm_partition_t *curr_part_ptr = get_active_partition(); int32_t current_pid = ((curr_part_ptr != NULL) ? curr_part_ptr->partition_id : PSA_NSPE_IDENTIFIER); if( (current_pid != handle_mgr->handles_pool[pool_ix].handle_owner) && (current_pid != handle_mgr->handles_pool[pool_ix].handle_friend) ) { SPM_PANIC("[ERROR] Request for handle memory is not allowed for this partition! \n"); } // If a valid handle is "coupled" with a NULL handle memory then // it is an internal module error or memory was overwritten --> Assert SPM_ASSERT(handle_mgr->handles_pool[pool_ix].handle_mem != NULL); return handle_mgr->handles_pool[pool_ix].handle_mem; }