secureshield: check shared memory in vmpu init

BabaYB · BabaYB · commit 2bd58a72b1aa · 2019-05-10T10:29:36.000+08:00
Signed-off-by: Yiping Peng &lt;yibingp@synopsys.com&gt;
diff --git a/example/baremetal/secureshield/secret_normal/container_cfg.c b/example/baremetal/secureshield/secret_normal/container_cfg.c
@@ -37,12 +37,12 @@
 static CONTAINER_AC_TABLE g_container1_act[] = {
 	{init_secret, 0, SECURESHIELD_AC_INTERFACE},
 	{operate_secret, 3, SECURESHIELD_AC_INTERFACE},
-	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM}
+	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM + SECURESHIELD_AC_SHARED}
  };
 
 // Container 2: special memory regions for communication with container 2
 static CONTAINER_AC_TABLE g_container2_act[] = {
-	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM},
+	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM + SECURESHIELD_AC_SHARED},
 	{trusted_ops, 0, SECURESHIELD_AC_INTERFACE}
 };
 
diff --git a/example/freertos/kernel_secure/container_cfg.c b/example/freertos/kernel_secure/container_cfg.c
@@ -37,12 +37,12 @@
 static CONTAINER_AC_TABLE g_container1_act[] = {
 	{init_secret, 0, SECURESHIELD_AC_INTERFACE},
 	{operate_secret, 3, SECURESHIELD_AC_INTERFACE},
-	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM}
+	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM + SECURESHIELD_AC_SHARED}
 };
 
 // Container 2: one special memory region for communication with container 2
 static CONTAINER_AC_TABLE g_container2_act[] = {
-	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM},
+	{(void *)CONTAINER_12_SHARED_ORIGIN, CONTAINER_12_SHARED_LENGTH, SECURESHIELD_ACDEF_URAM + SECURESHIELD_AC_SHARED},
 	{trusted_ops, 0, SECURESHIELD_AC_INTERFACE}
 };
 
diff --git a/library/secureshield/core/src/secureshield_vmpu_arc.c b/library/secureshield/core/src/secureshield_vmpu_arc.c
@@ -169,6 +169,38 @@ static const MPU_REGION* vmpu_fault_find_region(uint32_t fault_addr)
 	}
 }
 
+/**
+ * \brief mpu region address check
+ * \details search all mpu regions to check if the region address is confict with that
+ *          allow shared memory
+ * \return 0 no confict, 1 exist conflict
+ */
+static uint32_t mem_region_checks(uint32_t start, uint32_t end, CONTAINER_AC ac)
+{
+	const MPU_REGION *region;
+	uint32_t base, size;
+
+#if ARC_FEATURE_MPU_BUILD_S == 1 && SECURESHIELD_USE_MPU_SID == 1
+	if (ac & SECURESHIELD_AC_SHARED)
+		SECURESHIELD_HALT("Secureshield does not support shared memory when SID is enabled!");
+#endif
+
+	for (uint32_t i = 0; i < g_mpu_region_count; i++) {
+		region = &g_mpu_list[i];
+		base = region->base;
+		size = region->size;
+
+		if (((start >= base) && (start < (base + size))) ||
+			((end >= base) && (end < (base + size))) ||
+			((start < base) && (end >= (base + size)))) {
+			if (!((region->ac & SECURESHIELD_AC_SHARED) &&
+					(ac & SECURESHIELD_AC_SHARED)))
+				return 1;
+		}
+	}
+	return 0;
+}
+
 /**
  * \brief get the bits according to size
  * \param[in] size
@@ -560,6 +592,11 @@ void vmpu_ac_mem(uint8_t container_id, void* addr, uint32_t size, CONTAINER_AC a
 		return ;
 	}
 
+	if (mem_region_checks((uint32_t)addr, (uint32_t)addr + size - 1, ac)) {
+		SECURESHIELD_HALT("vmpu_ac_mem memory region address error, check the configuration\n");
+		return ;
+	}
+
 	/* assign container region pointer */
 	container = &g_mpu_container[container_id];
 	if (!container->region) {
