Replace partition state FSM by channel state FSM

- fix - release channel memory in psa_connect() when connection fails
- enhancement - handle cases of incorrect connection handle in 
    psa_call() and psa_close()
- replace partition state FSM by channel state FSM
- fix negative SPM tests

Author: romkuz01

TESTS/spm/neg_client_tests/spm_reboot.c

@@ -35,7 +35,6 @@ void spm_reboot(void)
         status = osSemaphoreDelete(g_spm.partitions[i].semaphore);
         MBED_ASSERT(status == osOK);
 
-        g_spm.partitions[i].partition_state = PARTITION_STATE_INVALID;
         g_spm.partitions[i].thread_id = NULL;
         for (uint32_t j = 0; j < g_spm.partitions[i].sec_funcs_count; ++j) {
             g_spm.partitions[i].sec_funcs[j].partition = NULL;

TESTS/spm/neg_dual_partition/spm_reboot.c

@@ -35,7 +35,6 @@ void spm_reboot(void)
         status = osSemaphoreDelete(g_spm.partitions[i].semaphore);
         MBED_ASSERT(status == osOK);
 
-        g_spm.partitions[i].partition_state = PARTITION_STATE_INVALID;
         g_spm.partitions[i].thread_id = NULL;
         for (uint32_t j = 0; j < g_spm.partitions[i].sec_funcs_count; ++j) {
             g_spm.partitions[i].sec_funcs[j].partition = NULL;

TESTS/spm/neg_server_tests/spm_reboot.c

@@ -35,7 +35,6 @@ void spm_reboot(void)
         status = osSemaphoreDelete(g_spm.partitions[i].semaphore);
         MBED_ASSERT(status == osOK);
 
-        g_spm.partitions[i].partition_state = PARTITION_STATE_INVALID;
         g_spm.partitions[i].thread_id = NULL;
         for (uint32_t j = 0; j < g_spm.partitions[i].sec_funcs_count; ++j) {
             g_spm.partitions[i].sec_funcs[j].partition = NULL;

spm/spm_client.c

@@ -117,8 +117,6 @@ psa_handle_t psa_connect(uint32_t sfid, uint32_t minor_version)
     osStatus_t os_status = osMutexAcquire(dst_partition->mutex, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_IDLE);
-
     ipc_channel_t *channel = (ipc_channel_t *)osMemoryPoolAlloc(g_spm.channel_mem_pool, 0);
     if (NULL == channel) {
         os_status = osMutexRelease(dst_partition->mutex);
@@ -127,6 +125,7 @@ psa_handle_t psa_connect(uint32_t sfid, uint32_t minor_version)
     }
 
     memset(channel, 0, sizeof(ipc_channel_t));
+    channel->state = CHANNEL_STATE_CONNECTING;
     channel->src_partition = current_part;
     channel->dst_sec_func = dst_sec_func;
     channel->rhandle = NULL;
@@ -138,27 +137,28 @@ psa_handle_t psa_connect(uint32_t sfid, uint32_t minor_version)
 
     active_msg->type = PSA_IPC_MSG_TYPE_CONNECT;
 
-    dst_partition->partition_state = PARTITION_STATE_ACTIVE;
-
     int32_t flags = (int32_t)osThreadFlagsSet(dst_partition->thread_id, dst_sec_func->mask);
     SPM_ASSERT(flags >= 0);
     PSA_UNUSED(flags);
 
     os_status = osSemaphoreAcquire(dst_partition->semaphore, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_COMPLETED);
-
     psa_handle_t handle = active_msg->rc;
     if (PSA_SUCCESS == active_msg->rc) {
+        CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_IDLE);
+
         psa_error_t status = spm_channel_handle_create(channel, PSA_HANDLE_MGR_INVALID_FRIEND_OWNER, &handle);
         // handle_create() is expected to pass since channel allocation has already passed,
         // and the channels handler manager has the same storage size as the channels pool storage size
         SPM_ASSERT(PSA_SUCCESS == status);
         PSA_UNUSED(status);
-    }
+    } else {
+        CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_INVALID);
 
-    dst_partition->partition_state = PARTITION_STATE_IDLE;
+        os_status = osMemoryPoolFree(g_spm.channel_mem_pool, channel);
+        SPM_ASSERT(osOK == os_status);
+    }
 
     os_status = osMutexRelease(dst_partition->mutex);
     SPM_ASSERT(osOK == os_status);
@@ -176,6 +176,10 @@ psa_error_t psa_call(
     size_t out_len
     )
 {
+    if (handle <= 0) {
+        SPM_PANIC("handle (%d) is invalid, must be a positive number\n", handle);
+    }
+
     if (in_len != 0) {
         if (in_len > PSA_MAX_INVEC_LEN) {
             SPM_PANIC("in_len (%d) is bigger than allowed (%d)\n", in_len, PSA_MAX_INVEC_LEN);
@@ -225,7 +229,7 @@ psa_error_t psa_call(
     osStatus_t os_status = osMutexAcquire(dst_partition->mutex, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_IDLE);
+    CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_IDLE);
 
     active_msg_t *active_msg = &(dst_partition->active_msg);
     SPM_ASSERT(PSA_IPC_MSG_TYPE_INVALID == active_msg->type);
@@ -244,7 +248,7 @@ psa_error_t psa_call(
 
     active_msg->type = PSA_IPC_MSG_TYPE_CALL;
 
-    dst_partition->partition_state = PARTITION_STATE_ACTIVE;
+    channel->state = CHANNEL_STATE_PENDING;
 
     int32_t flags = (int32_t)osThreadFlagsSet(dst_partition->thread_id, dst_sec_func->mask);
     SPM_ASSERT(flags >= 0);
@@ -253,9 +257,7 @@ psa_error_t psa_call(
     os_status = osSemaphoreAcquire(dst_partition->semaphore, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_COMPLETED);
-
-    dst_partition->partition_state = PARTITION_STATE_IDLE;
+    CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_IDLE);
 
     psa_error_t rc = active_msg->rc;
     memset(active_msg, 0, sizeof(active_msg_t));
@@ -270,7 +272,7 @@ psa_error_t psa_call(
 
 psa_error_t psa_close(psa_handle_t handle)
 {
-    if (handle == PSA_NULL_HANDLE) {
+    if (handle <= 0) {
         return PSA_SUCCESS;
     }
 
@@ -285,7 +287,7 @@ psa_error_t psa_close(psa_handle_t handle)
     osStatus_t os_status = osMutexAcquire(dst_partition->mutex, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_IDLE);
+    CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_IDLE);
 
     active_msg_t *active_msg = &(dst_partition->active_msg);
     SPM_ASSERT(PSA_IPC_MSG_TYPE_INVALID == active_msg->type);
@@ -294,7 +296,7 @@ psa_error_t psa_close(psa_handle_t handle)
 
     active_msg->type = PSA_IPC_MSG_TYPE_DISCONNECT;
 
-    dst_partition->partition_state = PARTITION_STATE_ACTIVE;
+    channel->state = CHANNEL_STATE_INVALID;
 
     int32_t flags = (int32_t)osThreadFlagsSet(dst_partition->thread_id, dst_sec_func->mask);
     SPM_ASSERT(flags >= 0);
@@ -303,9 +305,7 @@ psa_error_t psa_close(psa_handle_t handle)
     os_status = osSemaphoreAcquire(dst_partition->semaphore, osWaitForever);
     SPM_ASSERT(osOK == os_status);
 
-    PARTITION_STATE_ASSERT(dst_partition, PARTITION_STATE_COMPLETED);
-
-    dst_partition->partition_state = PARTITION_STATE_IDLE;
+    CHANNEL_STATE_ASSERT(channel->state, CHANNEL_STATE_INVALID);
 
     spm_channel_handle_destroy(handle);
 

spm/spm_internal.h

@@ -26,26 +26,27 @@
 extern "C" {
 #endif
 
-#define PARTITION_STATE_ASSERT(partition, partition_state_expected)                                       \
-do {                                                                                                      \
-    if (partition->partition_state != partition_state_expected) {                                         \
-        SPM_PANIC("partition with ID 0x%x is in incorrect processing state: %d while %d is expected!\n",  \
-            partition->partition_id, partition->partition_state, partition_state_expected);               \
-    }                                                                                                     \
+#define CHANNEL_STATE_ASSERT(current_state, expected_state)                                \
+do {                                                                                       \
+    if (current_state != expected_state) {                                                 \
+        SPM_PANIC("channel in incorrect processing state: %d while %d is expected!\n",     \
+            current_state, expected_state);                                                \
+    }                                                                                      \
 } while (0)
 
 typedef struct partition partition_t;
 typedef struct ipc_channel ipc_channel_t;
 
 /*
- * Enumeration for the possible Partition processing states.
+ * Enumeration for the possible channel processing states.
  */
 typedef enum partition_state {
-    PARTITION_STATE_INVALID = 0,
-    PARTITION_STATE_IDLE = 1,
-    PARTITION_STATE_ACTIVE = 2,
-    PARTITION_STATE_COMPLETED = 3
-} PartitionState;
+    CHANNEL_STATE_INVALID = 0,
+    CHANNEL_STATE_CONNECTING = 1,
+    CHANNEL_STATE_IDLE = 2,
+    CHANNEL_STATE_PENDING = 3,
+    CHANNEL_STATE_ACTIVE = 4
+} ChannelState;
 
 /*
  * Structure containing the SPM internal data.
@@ -86,7 +87,6 @@ typedef struct secure_func {
  */
 typedef struct partition {
     const int32_t partition_id; /* The Partition ID.*/
-    PartitionState partition_state; /* The current processing state of the Partition.*/
     osThreadId_t thread_id; /* Thread ID of the Partition thread.*/
     const uint32_t flags_sf; /* Mask of all the SF signals the partition supports.*/
     const uint32_t flags_interrupts; /* Mask of all the IRQs & doorbell which the partition supports.*/
@@ -104,6 +104,7 @@ typedef struct partition {
  * Structure containing Partition->Secure-Function channel information.
  */
 typedef struct ipc_channel {
+    ChannelState state; /* The current processing state of the channel.*/
     partition_t *src_partition; /* Pointer to the Partition which connects to the Secure function.*/
     secure_func_t *dst_sec_func; /* Pointer to the connected Secure Function.*/
     void *rhandle; /* Reverse handle to be used for this channel.*/

spm/spm_server.c

@@ -146,7 +146,30 @@ void psa_get(psa_signal_t signum, psa_msg_t *msg)
     SPM_ASSERT((active_msg->channel->rhandle == NULL) ||
                (active_msg->type != PSA_IPC_MSG_TYPE_CONNECT));
 
-    PARTITION_STATE_ASSERT(curr_partition, PARTITION_STATE_ACTIVE);
+    ChannelState expected_channel_state = CHANNEL_STATE_INVALID;
+    ChannelState next_channel_state = CHANNEL_STATE_INVALID;
+    switch (active_msg->type) {
+        case PSA_IPC_MSG_TYPE_CONNECT:
+            expected_channel_state = CHANNEL_STATE_CONNECTING;
+            next_channel_state = CHANNEL_STATE_IDLE;
+            break;
+
+        case PSA_IPC_MSG_TYPE_CALL:
+            expected_channel_state = CHANNEL_STATE_PENDING;
+            next_channel_state = CHANNEL_STATE_ACTIVE;
+            break;
+
+        case PSA_IPC_MSG_TYPE_DISCONNECT:
+            expected_channel_state = CHANNEL_STATE_INVALID;
+            next_channel_state = CHANNEL_STATE_INVALID;
+            break;
+
+        default:
+            SPM_PANIC("Unexpected message type %d\n", active_msg->type);
+    }
+    CHANNEL_STATE_ASSERT(active_msg->channel->state, expected_channel_state);
+
+    active_msg->channel->state = next_channel_state;
 
     if (curr_partition->msg_handle == PSA_NULL_HANDLE) {
         psa_error_t status = spm_msg_handle_create(
@@ -183,7 +206,7 @@ static size_t read_or_skip(psa_handle_t msg_handle, uint32_t invec_idx, void *bu
     SPM_ASSERT((active_msg->type > PSA_IPC_MSG_TYPE_INVALID) &&
                (active_msg->type <= PSA_IPC_MSG_TYPE_MAX));
 
-    PARTITION_STATE_ASSERT(active_msg->channel->dst_sec_func->partition, PARTITION_STATE_ACTIVE);
+    CHANNEL_STATE_ASSERT(active_msg->channel->state, CHANNEL_STATE_ACTIVE);
 
     psa_invec_t *active_iovec = &active_msg->in_vec[invec_idx];
 
@@ -236,7 +259,7 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, const void *buffer,
     SPM_ASSERT((active_msg->type > PSA_IPC_MSG_TYPE_INVALID) &&
                (active_msg->type <= PSA_IPC_MSG_TYPE_MAX));
 
-    PARTITION_STATE_ASSERT(active_msg->channel->dst_sec_func->partition, PARTITION_STATE_ACTIVE);
+    CHANNEL_STATE_ASSERT(active_msg->channel->state, CHANNEL_STATE_ACTIVE);
 
     psa_outvec_t *active_iovec = &active_msg->out_vec[outvec_idx];
 
@@ -269,13 +292,35 @@ void psa_end(psa_handle_t msg_handle, psa_error_t retval)
 
     secure_func_t *dst_sec_func = active_msg->channel->dst_sec_func;
 
-    PARTITION_STATE_ASSERT(dst_sec_func->partition, PARTITION_STATE_ACTIVE);
+    ChannelState expected_channel_state = CHANNEL_STATE_INVALID;
+    ChannelState next_channel_state = CHANNEL_STATE_INVALID;
+    switch (active_msg->type) {
+        case PSA_IPC_MSG_TYPE_CONNECT:
+            expected_channel_state = CHANNEL_STATE_IDLE;
+            next_channel_state = (retval < 0 ? CHANNEL_STATE_INVALID : CHANNEL_STATE_IDLE);
+            break;
+
+        case PSA_IPC_MSG_TYPE_CALL:
+            expected_channel_state = CHANNEL_STATE_ACTIVE;
+            next_channel_state = CHANNEL_STATE_IDLE;
+            break;
+
+        case PSA_IPC_MSG_TYPE_DISCONNECT:
+            expected_channel_state = CHANNEL_STATE_INVALID;
+            next_channel_state = CHANNEL_STATE_INVALID;
+            break;
+
+        default:
+            SPM_PANIC("Unexpected message type %d\n", active_msg->type);
+    }
+
+    CHANNEL_STATE_ASSERT(active_msg->channel->state, expected_channel_state);
+
+    active_msg->channel->state = next_channel_state;
 
     active_msg->type = PSA_IPC_MSG_TYPE_INVALID; // Invalidate active_msg
     active_msg->rc = retval;
 
-    dst_sec_func->partition->partition_state = PARTITION_STATE_COMPLETED;
-
     partition_t *curr_partition = active_partition_get();
     SPM_ASSERT(NULL != curr_partition);        // active thread in SPM must be in partition DB
     spm_msg_handle_destroy(curr_partition->msg_handle);

tools/spm/templates/psa_NAME_partition.c.tpl

@@ -125,6 +125,5 @@ void {{partition.name|lower}}_init(partition_t *partition)
     if (NULL == partition->thread_id) {
         SPM_PANIC("Failed to create start main thread of partition {{partition.name|lower}}!\n");
     }
-    partition->partition_state = PARTITION_STATE_IDLE;
 }
 {# End of file #}

tools/spm/templates/psa_common.c.tpl

@@ -37,7 +37,6 @@ partition_t g_partitions[{{partitions|count}}] = {
 {% for partition in partitions %}
     {
         .partition_id = {{partition.id}},
-        .partition_state = PARTITION_STATE_INVALID,
         .thread_id = 0,
         .flags_sf = {{partition.name|upper}}_WAIT_ANY_SFID_MSK,
         .flags_interrupts = {{partition.name|upper}}_WAIT_ANY_IRQ_MSK | {{partition.name|upper}}_DOORBELL_MSK,