trusty: Avoid signed overflow

SMC_FC_FFA_MEM_FRAG_RX returns the 16 bit sender-id in the top 16 bits
of 32 bit register. Cast to uint32_t before shifting it up to avoid
having the uint16_t promoted to a signed int for the shift.

Currently the value we return will never have the top bit of the
sender-id in this context, but this could change in the future.

Bug: 185307117
Change-Id: I401e3bcf9dbe2ffa99f03e527df0f9f3f8ff0d3e
diff --git a/services/spd/trusty/shared-mem-smcall.c b/services/spd/trusty/shared-mem-smcall.c
index 5ec858b..ba60b74 100644
--- a/services/spd/trusty/shared-mem-smcall.c
+++ b/services/spd/trusty/shared-mem-smcall.c
@@ -317,7 +317,7 @@
 	if (obj->desc_filled != obj->desc_size) {
 		SMC_RET8(smc_handle, SMC_FC_FFA_MEM_FRAG_RX, handle_low,
 			 handle_high, obj->desc_filled,
-			 obj->desc.sender_id << 16, 0, 0, 0);
+			 (uint32_t)obj->desc.sender_id << 16, 0, 0, 0);
 	}
 
 	SMC_RET8(smc_handle, SMC_FC_FFA_SUCCESS, 0, handle_low, handle_high, 0,