|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [XEN PATCH] xen/arm: optee: provide an initialization for struct arm_smccc_res
The local variables with type 'struct arm_smccc_res' are initialized
just after the declaration to avoid any possible read usage prior
to any write usage, which would constitute a violation of
MISRA C:2012 Rule 9.1.
This is already prevented by suitable checks in the code,
but the correctness of this approach is difficult to prove and
reason about.
Therefore, storing a suitable initial value in those registers
(OPTEE_SMC_RETURN_ENOTAVAIL) will prevent futher checks from
assuming the operation performed by the macro 'arm_smccc_smc'
was completed correctly.
Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
---
I was in doubt about the safe value to put in 'optee_relinquish_resources'
therefore I zero-initialized it.
---
xen/arch/arm/tee/optee.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index 301d205a36..2c2ae88c28 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -171,6 +171,10 @@ static bool optee_probe(void)
{
struct dt_device_node *node;
struct arm_smccc_res resp;
+ resp.a0 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a1 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a2 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a3 = OPTEE_SMC_RETURN_ENOTAVAIL;
/* Check for entry in dtb */
node = dt_find_compatible_node(NULL, NULL, "linaro,optee-tz");
@@ -229,6 +233,7 @@ static int optee_domain_init(struct domain *d)
{
struct arm_smccc_res resp;
struct optee_domain *ctx;
+ resp.a0 = OPTEE_SMC_RETURN_ENOTAVAIL;
ctx = xzalloc(struct optee_domain);
if ( !ctx )
@@ -640,7 +645,7 @@ static void free_optee_shm_buf_pg_list(struct optee_domain
*ctx,
static int optee_relinquish_resources(struct domain *d)
{
- struct arm_smccc_res resp;
+ struct arm_smccc_res resp = {0};
struct optee_std_call *call, *call_tmp;
struct shm_rpc *shm_rpc, *shm_rpc_tmp;
struct optee_shm_buf *optee_shm_buf, *optee_shm_buf_tmp;
@@ -1169,6 +1174,10 @@ static void do_call_with_arg(struct optee_domain *ctx,
register_t a3, register_t a4, register_t a5)
{
struct arm_smccc_res res;
+ res.a0 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ res.a1 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ res.a2 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ res.a3 = OPTEE_SMC_RETURN_ENOTAVAIL;
arm_smccc_smc(a0, a1, a2, a3, a4, a5, 0, OPTEE_CLIENT_ID(current->domain),
&res);
@@ -1608,6 +1617,8 @@ static void handle_exchange_capabilities(struct
cpu_user_regs *regs)
{
struct arm_smccc_res resp;
uint32_t caps;
+ resp.a0 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a1 = OPTEE_SMC_RETURN_ENOTAVAIL;
/* Filter out unknown guest caps */
caps = get_user_reg(regs, 1);
@@ -1643,6 +1654,10 @@ static bool optee_handle_call(struct cpu_user_regs *regs)
{
struct arm_smccc_res resp;
struct optee_domain *ctx = current->domain->arch.tee;
+ resp.a0 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a1 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a2 = OPTEE_SMC_RETURN_ENOTAVAIL;
+ resp.a3 = OPTEE_SMC_RETURN_ENOTAVAIL;
if ( !ctx )
return false;
--
2.34.1
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |