TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 45abeebfd2b4ebceaa403d3a929997527aa9c641^! / . / src
commit45abeebfd2b4ebceaa403d3a929997527aa9c641[log] [tgz]
authorKarl Meakin <karl.meakin@arm.com>Fri Aug 02 16:55:44 2024 +0100
committerKarl Meakin <karl.meakin@arm.com>Wed Oct 09 17:37:13 2024 +0100
tree5f9ae7bba22098449314bb054da0f7a0391eb40a
parent6053297ef775b739c3472b7a7d5dfbf3e6e755c0 [diff]
feat: report error if too many UUIDs in manifest

Previously, the FF-A manifest parser would silently ignore any UUIDs
after `PARTITION_MAX_UUIDS`. Return an error instead.

Change-Id: I2c277ca52b940c31e27d5bbc613901f60909bca1
Signed-off-by: Karl Meakin <karl.meakin@arm.com>

diff --git a/src/manifest.c b/src/manifest.c
index c0586dc..9de1935 100644
--- a/src/manifest.c
+++ b/src/manifest.c

@@ -430,7 +430,7 @@
 {
 	uint16_t j;
 
-	for (j = 0; j < PARTITION_MAX_UUIDS && uint32list_has_next(uuid); j++) {
+	for (j = 0; uint32list_has_next(uuid); j++) {
 		TRY(parse_uuid(uuid, &out[j]));
 
 		if (ffa_uuid_is_null(&out[j])) {
@@ -438,6 +438,10 @@
 		}
 		dlog_verbose("  UUID %#x-%x-%x-%x\n", out[j].uuid[0],
 			     out[j].uuid[1], out[j].uuid[2], out[j].uuid[3]);
+
+		if (j >= PARTITION_MAX_UUIDS) {
+			return MANIFEST_ERROR_TOO_MANY_UUIDS;
+		}
 	}
 
 	*len = j;
@@ -1735,6 +1739,9 @@
 		       "default largest value";
 	case MANIFEST_ERROR_UUID_ALL_ZEROS:
 		return "UUID should not be NIL";
+	case MANIFEST_ERROR_TOO_MANY_UUIDS:
+		return "Manifest specifies more UUIDs than Hafnium has "
+		       "statically allocated space for";
 	case MANIFEST_ERROR_MISSING_SMMU_ID:
 		return "SMMU ID must be specified for the given Stream IDs";
 	case MANIFEST_ERROR_MISMATCH_DMA_ACCESS_PERMISSIONS:

diff --git a/src/manifest_test.cc b/src/manifest_test.cc
index 41350de..97148ad 100644
--- a/src/manifest_test.cc
+++ b/src/manifest_test.cc

@@ -1979,6 +1979,35 @@
 	ASSERT_EQ(vm->partition.messaging_method, FFA_PARTITION_INDIRECT_MSG);
 	ASSERT_EQ(vm->partition.ns_interrupts_action, NS_ACTION_ME);
 }
+
+TEST_F(manifest, ffa_too_many_uuids)
+{
+	struct_manifest *m;
+
+	/* clang-format off */
+	std::vector<char>  dtb = ManifestDtBuilder()
+		.Compatible({ "arm,ffa-manifest-1.0" })
+		.Property("ffa-version", "<0x10002>")
+		.Property("uuid",
+			 "<0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>,"
+			  "<0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1daaa>,"
+			  "<0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1daaa>,"
+			  "<0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1daaa>,"
+			  "<0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1daaa>")
+		.Property("execution-ctx-count", "<1>")
+		.Property("exception-level", "<2>")
+		.Property("execution-state", "<0>")
+		.Property("entrypoint-offset", "<0x00002000>")
+		.Property("xlat-granule", "<0>")
+		.Property("boot-order", "<0>")
+		.Property("messaging-method", "<4>")
+		.Property("ns-interrupts-action", "<1>")
+		.Build();
+	/* clang-format on */
+	ASSERT_EQ(ffa_manifest_from_vec(&m, dtb),
+		  MANIFEST_ERROR_TOO_MANY_UUIDS);
+}
+
 TEST_F(manifest, ffa_uuid_all_zeros)
 {
 	struct_manifest *m;