feat(manifest): disallow overlap with `load-address`
Disallow overlaps between memory regions and `load-address`, unless the
memory region is relative.
Change-Id: I78a788925f97bdc056711b21371d63d8b8eb32d8
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
diff --git a/src/manifest.c b/src/manifest.c
index 38ed02b..6f40ec2 100644
--- a/src/manifest.c
+++ b/src/manifest.c
@@ -601,7 +601,7 @@
uintptr_t base_address, uint32_t page_count,
struct mem_range *mem_ranges, size_t *mem_regions_index)
{
- bool overlap_of_regions;
+ paddr_t begin;
if (!is_aligned(base_address, PAGE_SIZE)) {
dlog_error("base_address (%#lx) is not aligned to page size.\n",
@@ -609,21 +609,19 @@
return MANIFEST_ERROR_MEM_REGION_UNALIGNED;
}
- overlap_of_regions = is_memory_region_within_ranges(
- base_address, page_count, mem_ranges, *mem_regions_index);
-
- if (!overlap_of_regions) {
- paddr_t begin = pa_init(base_address);
-
- mem_ranges[*mem_regions_index].begin = begin;
- mem_ranges[*mem_regions_index].end =
- pa_add(begin, page_count * PAGE_SIZE - 1);
- (*mem_regions_index)++;
-
- return MANIFEST_SUCCESS;
+ if (is_memory_region_within_ranges(base_address, page_count, mem_ranges,
+ *mem_regions_index)) {
+ return MANIFEST_ERROR_MEM_REGION_OVERLAP;
}
- return MANIFEST_ERROR_MEM_REGION_OVERLAP;
+ begin = pa_init(base_address);
+
+ mem_ranges[*mem_regions_index].begin = begin;
+ mem_ranges[*mem_regions_index].end =
+ pa_add(begin, page_count * PAGE_SIZE - 1);
+ (*mem_regions_index)++;
+
+ return MANIFEST_SUCCESS;
}
static enum manifest_return_code parse_common_fields_mem_dev_region_node(
@@ -711,6 +709,7 @@
mem_region->base_address =
is_absolute ? absolute_address : load_address + relative_offset;
+ mem_region->is_relative = is_relative;
return MANIFEST_SUCCESS;
}
@@ -815,6 +814,20 @@
mem_regions[i].base_address, mem_regions[i].page_count,
mem_regions[i].attributes, boot_params, false));
+ /*
+ * Memory regions are not allowed to overlap with
+ * `load_address`, unless the memory region is relative.
+ */
+ if (!mem_regions[i].is_relative) {
+ struct mem_range range =
+ make_mem_range(mem_regions[i].base_address,
+ mem_regions[i].page_count);
+
+ if (mem_range_contains(range, load_address)) {
+ return MANIFEST_ERROR_MEM_REGION_OVERLAP;
+ }
+ }
+
TRY(check_and_record_memory_used(
mem_regions[i].base_address, mem_regions[i].page_count,
manifest_data->mem_regions,
@@ -1278,8 +1291,9 @@
TRY(read_optional_uint64(&root, "load-address", 0, &load_address));
if (vm->partition.load_addr != load_address) {
dlog_warning(
- "Partition's load address at its manifest differs"
- " from specified in partition's package.\n");
+ "Partition's `load_address` (%#lx) in its manifest "
+ "differs from `load-address` (%#lx) in its package\n",
+ vm->partition.load_addr, load_address);
}
dlog_verbose(" Load address %#lx\n", vm->partition.load_addr);
diff --git a/src/manifest_test.cc b/src/manifest_test.cc
index 18d6a38..8bcef30 100644
--- a/src/manifest_test.cc
+++ b/src/manifest_test.cc
@@ -444,6 +444,32 @@
return manifest_init(mm_stage1_locked, m, &it, ¶ms, &ppool);
}
+ enum manifest_return_code ffa_manifest_from_spkg(
+ struct_manifest **m, Partition_package *spkg)
+ {
+ struct memiter it;
+ struct mm_stage1_locked mm_stage1_locked;
+ struct boot_params params;
+
+ boot_params_init(¶ms, spkg);
+
+ /* clang-format off */
+ std::vector<char> core_dtb = ManifestDtBuilder()
+ .StartChild("hypervisor")
+ .Compatible()
+ .StartChild("vm1")
+ .DebugName("primary_vm")
+ .FfaPartition()
+ .LoadAddress((uint64_t)spkg)
+ .EndChild()
+ .EndChild()
+ .Build(true);
+ /* clang-format on */
+ memiter_init(&it, core_dtb.data(), core_dtb.size());
+
+ return manifest_init(mm_stage1_locked, m, &it, ¶ms, &ppool);
+ }
+
enum manifest_return_code ffa_manifest_from_vec(
struct_manifest **m, const std::vector<char> &vec)
{
@@ -1527,6 +1553,32 @@
.Label("rx")
.StartChild("rx")
.Description("rx-buffer")
+ .Property("load-address-relative-offset", "<0x0>")
+ .Property("pages-count", "<1>")
+ .Property("attributes", "<1>")
+ .EndChild()
+ .Label("tx")
+ .StartChild("tx")
+ .Description("tx-buffer")
+ .Property("load-address-relative-offset", "<0x0>")
+ .Property("pages-count", "<2>")
+ .Property("attributes", "<3>")
+ .EndChild()
+ .EndChild()
+ .Build();
+ /* clang-format on */
+ ASSERT_EQ(ffa_manifest_from_vec(&m, dtb),
+ MANIFEST_ERROR_MEM_REGION_OVERLAP);
+ manifest_dealloc();
+
+ /* clang-format off */
+ dtb = ManifestDtBuilder()
+ .FfaValidManifest()
+ .StartChild("memory-regions")
+ .Compatible({ "arm,ffa-manifest-memory-regions" })
+ .Label("rx")
+ .StartChild("rx")
+ .Description("rx-buffer")
.Property("base-address", "<0x7300000>")
.Property("pages-count", "<2>")
.Property("attributes", "<1>")
@@ -1570,6 +1622,92 @@
ASSERT_EQ(ffa_manifest_from_vec(&m, dtb),
MANIFEST_ERROR_MEM_REGION_OVERLAP);
manifest_dealloc();
+
+ /* clang-format off */
+ Partition_package spkg(dtb);
+ dtb = ManifestDtBuilder()
+ .FfaValidManifest()
+ .StartChild("memory-regions")
+ .Compatible({ "arm,ffa-manifest-memory-regions" })
+ .StartChild("test-memory")
+ .Description("test-memory")
+ .Integer64Property("base-address", (uint64_t)&spkg,true)
+ .Property("pages-count", "<1>")
+ .Property("attributes", "<1>")
+ .EndChild()
+ .EndChild()
+ .Build(true);
+ /* clang-format on */
+ spkg.init(dtb);
+ ASSERT_EQ(ffa_manifest_from_spkg(&m, &spkg),
+ MANIFEST_ERROR_MEM_REGION_OVERLAP);
+ manifest_dealloc();
+}
+
+TEST_F(manifest, ffa_validate_mem_regions_overlapping_allowed)
+{
+ struct_manifest *m;
+ std::vector<char> dtb;
+
+ /*
+ * Mem regions are allowed to overlap with parent `load-address` if the
+ * `load-address-relative-offset` was specified.
+ */
+ /* clang-format off */
+ dtb = ManifestDtBuilder()
+ .FfaValidManifest()
+ .StartChild("memory-regions")
+ .Compatible({ "arm,ffa-manifest-memory-regions" })
+ .Label("rx")
+ .StartChild("rx")
+ .Description("rx-buffer")
+ .Property("load-address-relative-offset", "<0x1000>")
+ .Property("pages-count", "<1>")
+ .Property("attributes", "<1>")
+ .EndChild()
+ .Label("tx")
+ .StartChild("tx")
+ .Description("tx-buffer")
+ .Property("base-address", "<0x7300000>")
+ .Property("pages-count", "<2>")
+ .Property("attributes", "<3>")
+ .EndChild()
+ .EndChild()
+ .Build();
+ /* clang-format on */
+ ASSERT_EQ(ffa_manifest_from_vec(&m, dtb), MANIFEST_SUCCESS);
+ ASSERT_EQ(m->vm[0].partition.mem_regions[0].is_relative, true);
+ ASSERT_EQ(m->vm[0].partition.mem_regions[0].base_address,
+ m->vm[0].partition.load_addr + 0x1000);
+ manifest_dealloc();
+
+ /* clang-format off */
+ dtb = ManifestDtBuilder()
+ .FfaValidManifest()
+ .StartChild("memory-regions")
+ .Compatible({ "arm,ffa-manifest-memory-regions" })
+ .Label("rx")
+ .StartChild("rx")
+ .Description("rx-buffer")
+ .Property("base-address", "<0x7300000>")
+ .Property("pages-count", "<1>")
+ .Property("attributes", "<1>")
+ .EndChild()
+ .Label("tx")
+ .StartChild("tx")
+ .Description("tx-buffer")
+ .Property("load-address-relative-offset", "<0x1000>")
+ .Property("pages-count", "<2>")
+ .Property("attributes", "<3>")
+ .EndChild()
+ .EndChild()
+ .Build();
+ /* clang-format on */
+ ASSERT_EQ(ffa_manifest_from_vec(&m, dtb), MANIFEST_SUCCESS);
+ ASSERT_EQ(m->vm[0].partition.mem_regions[1].is_relative, true);
+ ASSERT_EQ(m->vm[0].partition.mem_regions[1].base_address,
+ m->vm[0].partition.load_addr + 0x1000);
+ manifest_dealloc();
}
TEST_F(manifest, ffa_validate_mem_regions_unaligned)