SMC whitelist from the manifest.
This works for a small number of SMCs. `smc_whitelist` is a list of the
SMCs a VM is allowed to make. `smc_whitelist_permissive` can be set to
allow SMCs through even if they are not whitelisted (for development and
debug).
Bug: 132421503
Change-Id: I64b243d551da35f7625368a72a5a3980d63752f9
diff --git a/inc/hf/manifest.h b/inc/hf/manifest.h
index 3e9f76f..cfedc61 100644
--- a/inc/hf/manifest.h
+++ b/inc/hf/manifest.h
@@ -20,6 +20,7 @@
#include "hf/memiter.h"
#include "hf/spci.h"
#include "hf/string.h"
+#include "hf/vm.h"
/**
* Holds information about one of the VMs described in the manifest.
@@ -28,6 +29,7 @@
/* Properties defined for both primary and secondary VMs. */
struct string debug_name;
struct string kernel_filename;
+ struct smc_whitelist smc_whitelist;
union {
/* Properties specific to the primary VM. */
@@ -63,6 +65,7 @@
MANIFEST_ERROR_MALFORMED_STRING_LIST,
MANIFEST_ERROR_MALFORMED_INTEGER,
MANIFEST_ERROR_INTEGER_OVERFLOW,
+ MANIFEST_ERROR_MALFORMED_INTEGER_LIST,
};
enum manifest_return_code manifest_init(struct manifest *manifest,
diff --git a/inc/hf/vm.h b/inc/hf/vm.h
index 4abff00..7ea1e12 100644
--- a/inc/hf/vm.h
+++ b/inc/hf/vm.h
@@ -27,6 +27,7 @@
#include "vmapi/hf/spci.h"
+#define MAX_SMCS 32
#define LOG_BUFFER_SIZE 256
enum mailbox_state {
@@ -77,8 +78,16 @@
struct list_entry ready_list;
};
+struct smc_whitelist {
+ uint32_t smcs[MAX_SMCS];
+ uint16_t smc_count;
+ bool permissive;
+};
+
struct vm {
spci_vm_id_t id;
+ struct smc_whitelist smc_whitelist;
+
/** See api.c for the partial ordering on locks. */
struct spinlock lock;
spci_vcpu_count_t vcpu_count;
@@ -86,7 +95,7 @@
struct mm_ptable ptable;
struct mailbox mailbox;
char log_buffer[LOG_BUFFER_SIZE];
- size_t log_buffer_length;
+ uint16_t log_buffer_length;
/** Wait entries to be used when waiting on other VM mailboxes. */
struct wait_entry wait_entries[MAX_VMS];