TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 45633dd66cc0abf5575fd3eb8cdb6192d97ebc8d^! / . / src
commit45633dd66cc0abf5575fd3eb8cdb6192d97ebc8d[log] [tgz]
authorAndrew Walbran <qwandor@google.com>Wed Oct 07 17:59:54 2020 +0100
committerAndrew Walbran <qwandor@google.com>Fri Oct 09 14:57:28 2020 +0100
treeeffdcd2a6660a762989a8a4871cce94041077358
parent8e8bf3fe244db15ab253514105ad20cb9a79fb13 [diff]
Add helper function to check whether VM ID is in current world.

Assert that vCPU is in the right world before switching to it.

Change-Id: I5f994c63ec97058a52adf7dba04a88e6e69b1b25
Signed-off-by: Andrew Walbran <qwandor@google.com>

diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
index e330176..c6909c6 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c

@@ -448,6 +448,7 @@
 	struct ffa_value other_world_args =
 		arch_regs_get_args(&other_world_vcpu->regs);
 
+	CHECK(!vm_id_is_current_world(other_world_vcpu->vm->id));
 	CHECK(*next == NULL);
 
 	while (*next == NULL) {
@@ -472,6 +473,14 @@
 	}
 
 	/*
+	 * ffa_handler set *next to something, which means it wants to switch
+	 * back to an SP in EL1. It must be something in this world though, as
+	 * if it wanted to return back to the other world (where the last FF-A
+	 * call came from) it wouldn't have set *next at all.
+	 */
+	CHECK(vm_id_is_current_world((*next)->vm->id));
+
+	/*
 	 * Store the return value on the other world vCPU, ready for next time
 	 * we switch to it (in case they aren't overwritten at that point by
 	 * whatever API function decides to make the switch).
@@ -498,6 +507,8 @@
 			vcpu->interrupts.enabled_and_pending_count > 0);
 		sl_unlock(&vcpu->lock);
 	} else {
+		CHECK(vm_id_is_current_world(next->vm->id));
+
 		/*
 		 * About to switch vCPUs, set the bit for the vCPU to which we
 		 * are switching in the saved copy of the register.

diff --git a/src/vm.c b/src/vm.c
index 2ad3516..fbbdc9f 100644
--- a/src/vm.c
+++ b/src/vm.c

@@ -201,6 +201,17 @@
 }
 
 /**
+ * Return whether the given VM ID represents an entity in the current world:
+ * i.e. the hypervisor or a normal world VM when running in the normal world, or
+ * the SPM or an SP when running in the secure world.
+ */
+bool vm_id_is_current_world(ffa_vm_id_t vm_id)
+{
+	return (vm_id & HF_VM_ID_WORLD_MASK) !=
+	       (HF_OTHER_WORLD_ID & HF_VM_ID_WORLD_MASK);
+}
+
+/**
  * Map a range of addresses to the VM in both the MMU and the IOMMU.
  *
  * mm_vm_defrag should always be called after a series of page table updates,