feat(manifest): disallow overlap with `load-address`

Disallow overlaps between memory regions and `load-address`, unless the
memory region is relative.

Change-Id: I78a788925f97bdc056711b21371d63d8b8eb32d8
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
diff --git a/src/manifest.c b/src/manifest.c
index 38ed02b..6f40ec2 100644
--- a/src/manifest.c
+++ b/src/manifest.c
@@ -601,7 +601,7 @@
 	uintptr_t base_address, uint32_t page_count,
 	struct mem_range *mem_ranges, size_t *mem_regions_index)
 {
-	bool overlap_of_regions;
+	paddr_t begin;
 
 	if (!is_aligned(base_address, PAGE_SIZE)) {
 		dlog_error("base_address (%#lx) is not aligned to page size.\n",
@@ -609,21 +609,19 @@
 		return MANIFEST_ERROR_MEM_REGION_UNALIGNED;
 	}
 
-	overlap_of_regions = is_memory_region_within_ranges(
-		base_address, page_count, mem_ranges, *mem_regions_index);
-
-	if (!overlap_of_regions) {
-		paddr_t begin = pa_init(base_address);
-
-		mem_ranges[*mem_regions_index].begin = begin;
-		mem_ranges[*mem_regions_index].end =
-			pa_add(begin, page_count * PAGE_SIZE - 1);
-		(*mem_regions_index)++;
-
-		return MANIFEST_SUCCESS;
+	if (is_memory_region_within_ranges(base_address, page_count, mem_ranges,
+					   *mem_regions_index)) {
+		return MANIFEST_ERROR_MEM_REGION_OVERLAP;
 	}
 
-	return MANIFEST_ERROR_MEM_REGION_OVERLAP;
+	begin = pa_init(base_address);
+
+	mem_ranges[*mem_regions_index].begin = begin;
+	mem_ranges[*mem_regions_index].end =
+		pa_add(begin, page_count * PAGE_SIZE - 1);
+	(*mem_regions_index)++;
+
+	return MANIFEST_SUCCESS;
 }
 
 static enum manifest_return_code parse_common_fields_mem_dev_region_node(
@@ -711,6 +709,7 @@
 
 	mem_region->base_address =
 		is_absolute ? absolute_address : load_address + relative_offset;
+	mem_region->is_relative = is_relative;
 
 	return MANIFEST_SUCCESS;
 }
@@ -815,6 +814,20 @@
 			mem_regions[i].base_address, mem_regions[i].page_count,
 			mem_regions[i].attributes, boot_params, false));
 
+		/*
+		 * Memory regions are not allowed to overlap with
+		 * `load_address`, unless the memory region is relative.
+		 */
+		if (!mem_regions[i].is_relative) {
+			struct mem_range range =
+				make_mem_range(mem_regions[i].base_address,
+					       mem_regions[i].page_count);
+
+			if (mem_range_contains(range, load_address)) {
+				return MANIFEST_ERROR_MEM_REGION_OVERLAP;
+			}
+		}
+
 		TRY(check_and_record_memory_used(
 			mem_regions[i].base_address, mem_regions[i].page_count,
 			manifest_data->mem_regions,
@@ -1278,8 +1291,9 @@
 	TRY(read_optional_uint64(&root, "load-address", 0, &load_address));
 	if (vm->partition.load_addr != load_address) {
 		dlog_warning(
-			"Partition's load address at its manifest differs"
-			" from specified in partition's package.\n");
+			"Partition's `load_address` (%#lx) in its manifest "
+			"differs from `load-address` (%#lx) in its package\n",
+			vm->partition.load_addr, load_address);
 	}
 	dlog_verbose("  Load address %#lx\n", vm->partition.load_addr);
 
diff --git a/src/manifest_test.cc b/src/manifest_test.cc
index 18d6a38..8bcef30 100644
--- a/src/manifest_test.cc
+++ b/src/manifest_test.cc
@@ -444,6 +444,32 @@
 		return manifest_init(mm_stage1_locked, m, &it, &params, &ppool);
 	}
 
+	enum manifest_return_code ffa_manifest_from_spkg(
+		struct_manifest **m, Partition_package *spkg)
+	{
+		struct memiter it;
+		struct mm_stage1_locked mm_stage1_locked;
+		struct boot_params params;
+
+		boot_params_init(&params, spkg);
+
+		/* clang-format off */
+		std::vector<char> core_dtb = ManifestDtBuilder()
+			.StartChild("hypervisor")
+				.Compatible()
+				.StartChild("vm1")
+					.DebugName("primary_vm")
+					.FfaPartition()
+					.LoadAddress((uint64_t)spkg)
+				.EndChild()
+			.EndChild()
+			.Build(true);
+		/* clang-format on */
+		memiter_init(&it, core_dtb.data(), core_dtb.size());
+
+		return manifest_init(mm_stage1_locked, m, &it, &params, &ppool);
+	}
+
 	enum manifest_return_code ffa_manifest_from_vec(
 		struct_manifest **m, const std::vector<char> &vec)
 	{
@@ -1527,6 +1553,32 @@
 			.Label("rx")
 			.StartChild("rx")
 				.Description("rx-buffer")
+				.Property("load-address-relative-offset", "<0x0>")
+				.Property("pages-count", "<1>")
+				.Property("attributes", "<1>")
+			.EndChild()
+			.Label("tx")
+			.StartChild("tx")
+				.Description("tx-buffer")
+				.Property("load-address-relative-offset", "<0x0>")
+				.Property("pages-count", "<2>")
+				.Property("attributes", "<3>")
+			.EndChild()
+		.EndChild()
+		.Build();
+	/* clang-format on */
+	ASSERT_EQ(ffa_manifest_from_vec(&m, dtb),
+		  MANIFEST_ERROR_MEM_REGION_OVERLAP);
+	manifest_dealloc();
+
+	/* clang-format off */
+	dtb = ManifestDtBuilder()
+		.FfaValidManifest()
+		.StartChild("memory-regions")
+			.Compatible({ "arm,ffa-manifest-memory-regions" })
+			.Label("rx")
+			.StartChild("rx")
+				.Description("rx-buffer")
 				.Property("base-address", "<0x7300000>")
 				.Property("pages-count", "<2>")
 				.Property("attributes", "<1>")
@@ -1570,6 +1622,92 @@
 	ASSERT_EQ(ffa_manifest_from_vec(&m, dtb),
 		  MANIFEST_ERROR_MEM_REGION_OVERLAP);
 	manifest_dealloc();
+
+	/* clang-format off */
+	Partition_package spkg(dtb);
+	dtb = ManifestDtBuilder()
+		.FfaValidManifest()
+		.StartChild("memory-regions")
+			.Compatible({ "arm,ffa-manifest-memory-regions" })
+			.StartChild("test-memory")
+				.Description("test-memory")
+				.Integer64Property("base-address", (uint64_t)&spkg,true)
+				.Property("pages-count", "<1>")
+				.Property("attributes", "<1>")
+			.EndChild()
+		.EndChild()
+		.Build(true);
+	/* clang-format on */
+	spkg.init(dtb);
+	ASSERT_EQ(ffa_manifest_from_spkg(&m, &spkg),
+		  MANIFEST_ERROR_MEM_REGION_OVERLAP);
+	manifest_dealloc();
+}
+
+TEST_F(manifest, ffa_validate_mem_regions_overlapping_allowed)
+{
+	struct_manifest *m;
+	std::vector<char> dtb;
+
+	/*
+	 * Mem regions are allowed to overlap with parent `load-address` if the
+	 * `load-address-relative-offset` was specified.
+	 */
+	/* clang-format off */
+	dtb = ManifestDtBuilder()
+		.FfaValidManifest()
+		.StartChild("memory-regions")
+			.Compatible({ "arm,ffa-manifest-memory-regions" })
+			.Label("rx")
+			.StartChild("rx")
+				.Description("rx-buffer")
+				.Property("load-address-relative-offset", "<0x1000>")
+				.Property("pages-count", "<1>")
+				.Property("attributes", "<1>")
+			.EndChild()
+			.Label("tx")
+			.StartChild("tx")
+				.Description("tx-buffer")
+				.Property("base-address", "<0x7300000>")
+				.Property("pages-count", "<2>")
+				.Property("attributes", "<3>")
+			.EndChild()
+		.EndChild()
+		.Build();
+	/* clang-format on */
+	ASSERT_EQ(ffa_manifest_from_vec(&m, dtb), MANIFEST_SUCCESS);
+	ASSERT_EQ(m->vm[0].partition.mem_regions[0].is_relative, true);
+	ASSERT_EQ(m->vm[0].partition.mem_regions[0].base_address,
+		  m->vm[0].partition.load_addr + 0x1000);
+	manifest_dealloc();
+
+	/* clang-format off */
+	dtb = ManifestDtBuilder()
+		.FfaValidManifest()
+		.StartChild("memory-regions")
+			.Compatible({ "arm,ffa-manifest-memory-regions" })
+			.Label("rx")
+			.StartChild("rx")
+				.Description("rx-buffer")
+				.Property("base-address", "<0x7300000>")
+				.Property("pages-count", "<1>")
+				.Property("attributes", "<1>")
+			.EndChild()
+			.Label("tx")
+			.StartChild("tx")
+				.Description("tx-buffer")
+				.Property("load-address-relative-offset", "<0x1000>")
+				.Property("pages-count", "<2>")
+				.Property("attributes", "<3>")
+			.EndChild()
+		.EndChild()
+		.Build();
+	/* clang-format on */
+	ASSERT_EQ(ffa_manifest_from_vec(&m, dtb), MANIFEST_SUCCESS);
+	ASSERT_EQ(m->vm[0].partition.mem_regions[1].is_relative, true);
+	ASSERT_EQ(m->vm[0].partition.mem_regions[1].base_address,
+		  m->vm[0].partition.load_addr + 0x1000);
+	manifest_dealloc();
 }
 
 TEST_F(manifest, ffa_validate_mem_regions_unaligned)