lib: utils: Disallow non-root domains from adding M-mode regions

author Himanshu Chauhan <hchauhan@ventanamicro.com>

Mon, 9 Jan 2023 05:20:41 +0000 (05:20 +0000)

committer Anup Patel <anup@brainfault.org>

Mon, 9 Jan 2023 12:34:25 +0000 (18:04 +0530)
author Himanshu Chauhan <hchauhan@ventanamicro.com>
Mon, 9 Jan 2023 05:20:41 +0000 (05:20 +0000)
committer Anup Patel <anup@brainfault.org>
Mon, 9 Jan 2023 12:34:25 +0000 (18:04 +0530)
diff --git a/include/sbi/sbi_domain.h b/include/sbi/sbi_domain.h

index a42c20d..bbb3eff 100644 (file)
--- a/include/sbi/sbi_domain.h
+++ b/include/sbi/sbi_domain.h
@@ -51,6 +51,11 @@ struct sbi_domain_memregion {
                                  SBI_DOMAIN_MEMREGION_M_WRITABLE | \
                                  SBI_DOMAIN_MEMREGION_M_EXECUTABLE)
  
+#define SBI_DOMAIN_MEMREGION_SU_RWX            \
+                               (SBI_DOMAIN_MEMREGION_SU_READABLE | \
+                                SBI_DOMAIN_MEMREGION_SU_WRITABLE | \
+                                SBI_DOMAIN_MEMREGION_SU_EXECUTABLE)
+
  /* Unrestricted M-mode accesses but enfoced on SU-mode */
  #define SBI_DOMAIN_MEMREGION_READABLE          \
                                 (SBI_DOMAIN_MEMREGION_SU_READABLE | \
diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c

index 45612ef..2b51a8e 100644 (file)
--- a/lib/utils/fdt/fdt_domain.c
+++ b/lib/utils/fdt/fdt_domain.c
@@ -239,6 +239,20 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
         u32 *region_count = opaque;
         struct sbi_domain_memregion *region;
  
+       /*
+        * Non-root domains cannot add a region with only M-mode
+        * access permissions. M-mode regions can only be part of
+        * root domain.
+        *
+        * SU permission bits can't be all zeroes and M-mode permission
+        * bits must be all set.
+        */
+       if (!((region_access & SBI_DOMAIN_MEMREGION_SU_ACCESS_MASK)
+            & SBI_DOMAIN_MEMREGION_SU_RWX)
+           && ((region_access & SBI_DOMAIN_MEMREGION_M_ACCESS_MASK)
+               & SBI_DOMAIN_MEMREGION_M_RWX))
+               return SBI_EINVAL;
+
         /* Find next region of the domain */
         if (FDT_DOMAIN_REGION_MAX_COUNT <= *region_count)
                 return SBI_EINVAL;
author	Himanshu Chauhan <hchauhan@ventanamicro.com>
	Mon, 9 Jan 2023 05:20:41 +0000 (05:20 +0000)
committer	Anup Patel <anup@brainfault.org>
	Mon, 9 Jan 2023 12:34:25 +0000 (18:04 +0530)
include/sbi/sbi_domain.h		patch \| blob \| history
lib/utils/fdt/fdt_domain.c		patch \| blob \| history