TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 9364465e5196b509539cdd127d560173173f2c0a^! / . / src / init.c
commit9364465e5196b509539cdd127d560173173f2c0a[log] [tgz]
authorOlivier Deprez <olivier.deprez@arm.com>Fri Sep 09 11:01:12 2022 +0200
committerJoao Alves <joao.alves@arm.com>Wed Oct 19 17:52:26 2022 +0200
tree1e79bbdf480736027c892abca5fd122a31d4f8ec
parente6df3455448635297a7a0ce79f464d151bc477da [diff] [blame]
refactor: manifest data allocation from page pool

As follow up to [1] allocate the (large) struct manifest object used
during manifest parsing from the page pool and releases it when manifest
parsing completes.
Clear manifest data memory after allocating and before de-allocating, to
prevent undesired data leakage.

[1] https://review.trustedfirmware.org/c/hafnium/hafnium/+/15741/10/src/init.c#45

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Iff9d2b9f0fd7ac234d18621ee78c56f4cb36f500

diff --git a/src/init.c b/src/init.c
index 83de0b4..a97fca1 100644
--- a/src/init.c
+++ b/src/init.c

@@ -38,12 +38,6 @@
 
 static struct mpool ppool;
 
-/*
- * Hafnium manifest declaring all VMs. Notice this structure is large hence kept
- * in BSS rather than directly allocated to the stack in one_time_init.
- */
-static struct manifest manifest;
-
 /**
  * Performs one-time initialisation of memory management for the hypervisor.
  *
@@ -81,6 +75,7 @@
 	void *initrd;
 	size_t i;
 	struct mm_stage1_locked mm_stage1_locked;
+	struct manifest *manifest;
 
 	arch_one_time_init();
 
@@ -143,7 +138,7 @@
 		      manifest_strerror(manifest_ret));
 	}
 
-	plat_ffa_set_tee_enabled(manifest.ffa_tee_enabled);
+	plat_ffa_set_tee_enabled(manifest->ffa_tee_enabled);
 
 	if (!plat_iommu_init(&fdt, mm_stage1_locked, &ppool)) {
 		panic("Could not initialize IOMMUs.");
@@ -162,19 +157,19 @@
 
 	/* Load all VMs. */
 	update.reserved_ranges_count = 0;
-	if (!load_vms(mm_stage1_locked, &manifest, &cpio, &params, &update,
+	if (!load_vms(mm_stage1_locked, manifest, &cpio, &params, &update,
 		      &ppool)) {
 		panic("Unable to load VMs.");
 	}
 
-	/* Now manifest parsing has completed free the resourses used. */
-	manifest_deinit(&ppool);
-
-	if (!boot_flow_update(mm_stage1_locked, &manifest, &update, &cpio,
+	if (!boot_flow_update(mm_stage1_locked, manifest, &update, &cpio,
 			      &ppool)) {
 		panic("Unable to update boot flow.");
 	}
 
+	/* Now manifest parsing has completed free the resourses used. */
+	manifest_deinit(&ppool);
+
 	mm_unlock_stage1(&mm_stage1_locked);
 
 	/* Enable TLB invalidation for VM page table updates. */