feat(mm): add check on address width before mapping a page
NWd and SWd can be configured with different PA ranges.
Currently Hafnium have hardcoded a 39-bit address space.
It is possible that the NWd wants to share a buffer with the SWd in an
address range beyond SWd PA limit.
In theory this should be safely handled by the architecture, that
expects:
- an address size fault if the OA of a translation is wider
than the configured TCR_ELx.{I}PS;
- a translation fault if the IA is wider of the TCR_ELx.TnSZ
Nevertheless the debug of such failure would be tricky, hence adding a
check on the address width of each page before it's mapped should
prevent it.
Change-Id: I53d99eb099c91ff349c0e08aa1e3601b78154ffe
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index d68636c..c7ae984 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -8,6 +8,7 @@
#include "hf/ffa_memory.h"
+#include "hf/arch/mm.h"
#include "hf/arch/other_world.h"
#include "hf/arch/plat/ffa.h"
@@ -751,6 +752,17 @@
paddr_t pa_begin =
pa_from_ipa(ipa_init(fragments[i][j].address));
paddr_t pa_end = pa_add(pa_begin, size);
+ uint32_t pa_range = arch_mm_get_pa_range();
+
+ /*
+ * Ensure the requested region falls into system's PA
+ * range.
+ */
+ if (((pa_addr(pa_begin) >> pa_range) > 0) ||
+ ((pa_addr(pa_end) >> pa_range) > 0)) {
+ dlog_error("Region is outside of PA Range\n");
+ return false;
+ }
if (commit) {
vm_identity_commit(vm_locked, pa_begin, pa_end,