Distinguish device and normal memory. The large address space mapped to the primary is marked as device memory. The normal memory is then specifically marked based on the `memory` nodes in the manifest. Sharing is restricted to normal memory as sharing device memory is dangerous without full device reassignment. Change-Id: I117d621342bae89a35cde33e3a6e59e56add9a5c

commit: b5f49e0a2ec42363f764686a5cddf623d4ac6c6d [log] [tgz]
author: Andrew Scull <ascull@google.com> Wed Oct 02 13:20:47 2019 +0100
committer: Andrew Scull <ascull@google.com> Wed Oct 02 17:05:28 2019 +0100
tree: c38c2469d506a77ebe39e3eb52c3cb7f154b6faa
parent: ef892264006a96ecfda63174fd4cd332b0503d86 [diff] [blame]
diff --git a/src/api.c b/src/api.c
index b803cf5..0db632a 100644
--- a/src/api.c
+++ b/src/api.c

@@ -561,8 +561,8 @@
  */
 static bool api_mode_valid_owned_and_exclusive(int mode)
 {
-	return (mode & (MM_MODE_INVALID | MM_MODE_UNOWNED | MM_MODE_SHARED)) ==
-	       0;
+	return (mode & (MM_MODE_D | MM_MODE_INVALID | MM_MODE_UNOWNED |
+			MM_MODE_SHARED)) == 0;
 }
 
 /**
@@ -1578,6 +1578,11 @@
 		goto fail;
 	}
 
+	/* Ensure the address range is normal memory and not a device. */
+	if (orig_from_mode & MM_MODE_D) {
+		goto fail;
+	}
+
 	/*
 	 * Ensure the memory range is valid for the sender. If it isn't, the
 	 * sender has either shared it with another VM already or has no claim
commit	b5f49e0a2ec42363f764686a5cddf623d4ac6c6d	[log] [tgz]
author	Andrew Scull <ascull@google.com>	Wed Oct 02 13:20:47 2019 +0100
committer	Andrew Scull <ascull@google.com>	Wed Oct 02 17:05:28 2019 +0100
tree	c38c2469d506a77ebe39e3eb52c3cb7f154b6faa
parent	ef892264006a96ecfda63174fd4cd332b0503d86 [diff] [blame]