commit fe636b1973784671f4f2e82ae16d70eadbac8aa3
author Andrew Scull <ascull@google.com> Mon Jul 30 14:15:54 2018 +0100
committer Andrew Scull <ascull@google.com> Mon Jul 30 16:14:03 2018 +0100
tree 51dc125dea627063da95085ecb2499a522dc9467
parent 52bb3f94597bd9fb20d85050e9ea34dc89726922

Only allow identity memory mapping

The code has the assumption that virtual addresses are mapped to the
same physical address but the mm function would allow this assumption to
be broken. Only offering identity mapping function avoids this problem
by enforcing assumption.

Non-identity mapping can still be added later if there proves to be a
need for it.

Change-Id: Ie3db41e1582c72d880275acdb48cabefe05b3ba0

src/api.c

diff --git a/src/api.c b/src/api.c
index 93b14c2..3c6edb2 100644
--- a/src/api.c
+++ b/src/api.c
@@ -141,8 +141,8 @@
 	}
 
 	/* Map the send page as read-only in the hypervisor address space. */
-	if (!mm_map((vaddr_t)send, (vaddr_t)send + PAGE_SIZE, send,
-		    MM_MODE_R)) {
+	if (!mm_identity_map((vaddr_t)send, (vaddr_t)send + PAGE_SIZE,
+			     MM_MODE_R)) {
 		ret = -1;
 		goto exit;
 	}
@@ -151,8 +151,8 @@
 	 * Map the receive page as writable in the hypervisor address space. On
 	 * failure, unmap the send page before returning.
 	 */
-	if (!mm_map((vaddr_t)recv, (vaddr_t)recv + PAGE_SIZE, recv,
-		    MM_MODE_W)) {
+	if (!mm_identity_map((vaddr_t)recv, (vaddr_t)recv + PAGE_SIZE,
+			     MM_MODE_W)) {
 		mm_unmap((vaddr_t)send, (vaddr_t)send + PAGE_SIZE, 0);
 		ret = -1;
 		goto exit;