Merge "Allow crashCommand for tombstone to fail" into main
diff --git a/README.md b/README.md
index 210f70e..1b092f6 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@
* [vmbase](vmbase/README.md)
AVF APIs:
-* [Java API](javalib/README.md)
+* [Java API](java/framework/README.md)
* [VM Payload API](vm_payload/README.md)
How-Tos:
@@ -29,4 +29,4 @@
* [Building and running a demo app in C++](demo_native/README.md)
* [Debugging](docs/debug)
* [Using custom VM](docs/custom_vm.md)
-* [Device assignment](docs/device_assignment.md)
\ No newline at end of file
+* [Device assignment](docs/device_assignment.md)
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 8ac600d..e04d5e1 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -73,6 +73,7 @@
tools: [
"fsverity_manifest_generator",
"fsverity",
+ "soong_zip",
],
srcs: [
"testdata/input.4k",
@@ -85,13 +86,11 @@
* to load a generated fsverity manifest for the test input files into the
* test VM.
*/
- cmd: "out_dir=$$(dirname $(out))" +
- "&& assets_dir=\"assets\" " +
- "&& mkdir -p $$out_dir/$$assets_dir" +
+ cmd: "mkdir -p $(genDir)/assets" +
"&& $(location fsverity_manifest_generator) " +
" --fsverity-path $(location fsverity) " +
" --base-dir $$(dirname $(in) | head -1) " +
- " --output $$out_dir/$$assets_dir/input_manifest.pb " +
+ " --output $(genDir)/assets/input_manifest.pb " +
" $(in) " +
- "&& jar cf $(out) -C $$out_dir $$assets_dir",
+ "&& $(location soong_zip) -jar -o $(out) -C $(genDir) -D $(genDir)/assets",
}
diff --git a/authfs/tests/benchmarks/Android.bp b/authfs/tests/benchmarks/Android.bp
index 93ba41a..27a6af1 100644
--- a/authfs/tests/benchmarks/Android.bp
+++ b/authfs/tests/benchmarks/Android.bp
@@ -46,9 +46,8 @@
srcs: [
":measure_io",
],
- cmd: "out_dir=$$(dirname $(out))" +
- "&& bin_dir=\"bin\" " +
- "&& mkdir -p $$out_dir/$$bin_dir" +
- "&& cp $(in) $$out_dir/$$bin_dir" +
- "&& jar cf $(out) -C $$out_dir $$bin_dir",
+ tools: ["soong_zip"],
+ cmd: "mkdir -p $(genDir)/bin" +
+ "&& cp $(in) $(genDir)/bin" +
+ "&& $(location soong_zip) -jar -o $(out) -C $(genDir) -D $(genDir)/bin",
}
diff --git a/compos/common/compos_client.rs b/compos/common/compos_client.rs
index a8a176a..abaa74c 100644
--- a/compos/common/compos_client.rs
+++ b/compos/common/compos_client.rs
@@ -62,8 +62,6 @@
pub debug_mode: bool,
/// CPU topology of the VM. Defaults to 1 vCPU.
pub cpu_topology: VmCpuTopology,
- /// List of task profiles to apply to the VM
- pub task_profiles: Vec<String>,
/// If present, overrides the amount of RAM to give the VM
pub memory_mib: Option<i32>,
/// Whether the VM prefers staged APEXes or activated ones (false; default)
@@ -131,10 +129,7 @@
protectedVm: protected_vm,
memoryMib: parameters.memory_mib.unwrap_or(0), // 0 means use the default
cpuTopology: cpu_topology,
- customConfig: Some(CustomConfig {
- taskProfiles: parameters.task_profiles.clone(),
- ..Default::default()
- }),
+ customConfig: Some(CustomConfig { ..Default::default() }),
});
// Let logs go to logcat.
@@ -144,7 +139,7 @@
service,
&config,
console_fd,
- /*console_in_fd */ None,
+ /* console_in_fd */ None,
log_fd,
Some(callback),
)
diff --git a/compos/composd/Android.bp b/compos/composd/Android.bp
index b0294dd..75f0c4f 100644
--- a/compos/composd/Android.bp
+++ b/compos/composd/Android.bp
@@ -7,6 +7,7 @@
srcs: ["src/composd_main.rs"],
edition: "2021",
prefer_rlib: true,
+ defaults: ["avf_build_flags_rust"],
rustlibs: [
"android.system.composd-rust",
"android.system.virtualizationservice-rust",
diff --git a/compos/composd/src/instance_manager.rs b/compos/composd/src/instance_manager.rs
index 510ad11..9e94035 100644
--- a/compos/composd/src/instance_manager.rs
+++ b/compos/composd/src/instance_manager.rs
@@ -82,9 +82,8 @@
// a system property. Start the VM with all CPUs and assume the guest will start a suitable
// number of dex2oat threads.
let cpu_topology = VmCpuTopology::MatchHost;
- let task_profiles = vec!["SCHED_SP_COMPUTE".to_string()];
let memory_mib = Some(compos_memory_mib()?);
- Ok(VmParameters { cpu_topology, task_profiles, memory_mib, ..Default::default() })
+ Ok(VmParameters { cpu_topology, memory_mib, ..Default::default() })
}
fn compos_memory_mib() -> Result<i32> {
diff --git a/docs/updatable_vm.md b/docs/updatable_vm.md
new file mode 100644
index 0000000..de5552e
--- /dev/null
+++ b/docs/updatable_vm.md
@@ -0,0 +1,3 @@
+# Updatable VM
+
+(To be filled)
diff --git a/docs/vm_remote_attestation.md b/docs/vm_remote_attestation.md
new file mode 100644
index 0000000..093418b
--- /dev/null
+++ b/docs/vm_remote_attestation.md
@@ -0,0 +1,3 @@
+# VM Remote Attestation
+
+(To be filled)
diff --git a/java/Android.bp b/java/Android.bp
new file mode 100644
index 0000000..1c55f78
--- /dev/null
+++ b/java/Android.bp
@@ -0,0 +1,24 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+soong_config_module_type {
+ name: "avf_flag_aware_android_app",
+ module_type: "android_app",
+ config_namespace: "ANDROID",
+ bool_variables: ["release_avf_allow_preinstalled_apps"],
+ properties: ["manifest"],
+}
+
+// Defines our permissions
+avf_flag_aware_android_app {
+ name: "android.system.virtualmachine.res",
+ installable: true,
+ apex_available: ["com.android.virt"],
+ platform_apis: true,
+ soong_config_variables: {
+ release_avf_allow_preinstalled_apps: {
+ manifest: "AndroidManifestNext.xml",
+ },
+ },
+}
diff --git a/javalib/AndroidManifest.xml b/java/AndroidManifest.xml
similarity index 100%
rename from javalib/AndroidManifest.xml
rename to java/AndroidManifest.xml
diff --git a/javalib/AndroidManifestNext.xml b/java/AndroidManifestNext.xml
similarity index 100%
rename from javalib/AndroidManifestNext.xml
rename to java/AndroidManifestNext.xml
diff --git a/javalib/Android.bp b/java/framework/Android.bp
similarity index 67%
rename from javalib/Android.bp
rename to java/framework/Android.bp
index a7c531e..32b2aee 100644
--- a/javalib/Android.bp
+++ b/java/framework/Android.bp
@@ -2,27 +2,6 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-soong_config_module_type {
- name: "avf_flag_aware_android_app",
- module_type: "android_app",
- config_namespace: "ANDROID",
- bool_variables: ["release_avf_allow_preinstalled_apps"],
- properties: ["manifest"],
-}
-
-// Defines our permissions
-avf_flag_aware_android_app {
- name: "android.system.virtualmachine.res",
- installable: true,
- apex_available: ["com.android.virt"],
- platform_apis: true,
- soong_config_variables: {
- release_avf_allow_preinstalled_apps: {
- manifest: "AndroidManifestNext.xml",
- },
- },
-}
-
java_sdk_library {
name: "framework-virtualization",
diff --git a/javalib/README.md b/java/framework/README.md
similarity index 100%
rename from javalib/README.md
rename to java/framework/README.md
diff --git a/javalib/api/current.txt b/java/framework/api/current.txt
similarity index 100%
rename from javalib/api/current.txt
rename to java/framework/api/current.txt
diff --git a/javalib/api/module-lib-current.txt b/java/framework/api/module-lib-current.txt
similarity index 100%
rename from javalib/api/module-lib-current.txt
rename to java/framework/api/module-lib-current.txt
diff --git a/javalib/api/module-lib-removed.txt b/java/framework/api/module-lib-removed.txt
similarity index 100%
rename from javalib/api/module-lib-removed.txt
rename to java/framework/api/module-lib-removed.txt
diff --git a/javalib/api/removed.txt b/java/framework/api/removed.txt
similarity index 100%
rename from javalib/api/removed.txt
rename to java/framework/api/removed.txt
diff --git a/javalib/api/system-current.txt b/java/framework/api/system-current.txt
similarity index 100%
rename from javalib/api/system-current.txt
rename to java/framework/api/system-current.txt
diff --git a/javalib/api/system-removed.txt b/java/framework/api/system-removed.txt
similarity index 100%
rename from javalib/api/system-removed.txt
rename to java/framework/api/system-removed.txt
diff --git a/javalib/api/test-current.txt b/java/framework/api/test-current.txt
similarity index 89%
rename from javalib/api/test-current.txt
rename to java/framework/api/test-current.txt
index 0a988d8..3cd8e42 100644
--- a/javalib/api/test-current.txt
+++ b/java/framework/api/test-current.txt
@@ -16,7 +16,7 @@
public static final class VirtualMachineConfig.Builder {
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder addExtraApk(@NonNull String);
- method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setOs(@NonNull String);
+ method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setOs(@NonNull String);
method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setVendorDiskImage(@NonNull java.io.File);
method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setVmConsoleInputSupported(boolean);
@@ -26,6 +26,7 @@
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public java.util.List<java.lang.String> getSupportedOSList() throws android.system.virtualmachine.VirtualMachineException;
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @RequiresPermission(android.system.virtualmachine.VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION) public boolean isFeatureEnabled(String) throws android.system.virtualmachine.VirtualMachineException;
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_DICE_CHANGES = "com.android.kvm.DICE_CHANGES";
+ field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_LLPVM_CHANGES = "com.android.kvm.LLPVM_CHANGES";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_MULTI_TENANT = "com.android.kvm.MULTI_TENANT";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_REMOTE_ATTESTATION = "com.android.kvm.REMOTE_ATTESTATION";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_VENDOR_MODULES = "com.android.kvm.VENDOR_MODULES";
diff --git a/javalib/api/test-removed.txt b/java/framework/api/test-removed.txt
similarity index 100%
rename from javalib/api/test-removed.txt
rename to java/framework/api/test-removed.txt
diff --git a/javalib/jarjar-rules.txt b/java/framework/jarjar-rules.txt
similarity index 100%
rename from javalib/jarjar-rules.txt
rename to java/framework/jarjar-rules.txt
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachine.java b/java/framework/src/android/system/virtualmachine/VirtualMachine.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualMachine.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachine.java
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineCallback.java b/java/framework/src/android/system/virtualmachine/VirtualMachineCallback.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualMachineCallback.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachineCallback.java
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
similarity index 99%
rename from javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
index 19e663f..693a7d7 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -530,6 +530,7 @@
&& this.mEncryptedStorageBytes == other.mEncryptedStorageBytes
&& this.mVmOutputCaptured == other.mVmOutputCaptured
&& this.mVmConsoleInputSupported == other.mVmConsoleInputSupported
+ && (this.mVendorDiskImage == null) == (other.mVendorDiskImage == null)
&& Objects.equals(this.mPayloadConfigPath, other.mPayloadConfigPath)
&& Objects.equals(this.mPayloadBinaryName, other.mPayloadBinaryName)
&& Objects.equals(this.mPackageName, other.mPackageName)
@@ -587,7 +588,6 @@
if (mVendorDiskImage != null) {
VirtualMachineAppConfig.CustomConfig customConfig =
new VirtualMachineAppConfig.CustomConfig();
- customConfig.taskProfiles = EMPTY_STRING_ARRAY;
customConfig.devices = EMPTY_STRING_ARRAY;
try {
customConfig.vendorImage =
@@ -1023,6 +1023,7 @@
*/
@TestApi
@FlaggedApi(Flags.FLAG_AVF_V_TEST_APIS)
+ @RequiresPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION)
@NonNull
public Builder setOs(@NonNull String os) {
mOs = requireNonNull(os, "os must not be null");
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineDescriptor.java b/java/framework/src/android/system/virtualmachine/VirtualMachineDescriptor.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualMachineDescriptor.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachineDescriptor.java
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineException.java b/java/framework/src/android/system/virtualmachine/VirtualMachineException.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualMachineException.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachineException.java
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
similarity index 97%
rename from javalib/src/android/system/virtualmachine/VirtualMachineManager.java
rename to java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
index f263b32..5020ff0 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
@@ -119,9 +119,10 @@
prefix = "FEATURE_",
value = {
FEATURE_DICE_CHANGES,
+ FEATURE_LLPVM_CHANGES,
FEATURE_MULTI_TENANT,
FEATURE_REMOTE_ATTESTATION,
- FEATURE_VENDOR_MODULES
+ FEATURE_VENDOR_MODULES,
})
public @interface Features {}
@@ -164,6 +165,15 @@
IVirtualizationService.FEATURE_VENDOR_MODULES;
/**
+ * Feature to enable Secretkeeper protected secrets in Microdroid based pVMs.
+ *
+ * @hide
+ */
+ @TestApi
+ @FlaggedApi(Flags.FLAG_AVF_V_TEST_APIS)
+ public static final String FEATURE_LLPVM_CHANGES = IVirtualizationService.FEATURE_LLPVM_CHANGES;
+
+ /**
* Returns a set of flags indicating what this implementation of virtualization is capable of.
*
* @see #CAPABILITY_PROTECTED_VM
diff --git a/javalib/src/android/system/virtualmachine/VirtualizationFrameworkInitializer.java b/java/framework/src/android/system/virtualmachine/VirtualizationFrameworkInitializer.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualizationFrameworkInitializer.java
rename to java/framework/src/android/system/virtualmachine/VirtualizationFrameworkInitializer.java
diff --git a/javalib/src/android/system/virtualmachine/VirtualizationService.java b/java/framework/src/android/system/virtualmachine/VirtualizationService.java
similarity index 100%
rename from javalib/src/android/system/virtualmachine/VirtualizationService.java
rename to java/framework/src/android/system/virtualmachine/VirtualizationService.java
diff --git a/javalib/jni/Android.bp b/java/jni/Android.bp
similarity index 100%
rename from javalib/jni/Android.bp
rename to java/jni/Android.bp
diff --git a/javalib/jni/android_system_virtualmachine_VirtualMachine.cpp b/java/jni/android_system_virtualmachine_VirtualMachine.cpp
similarity index 100%
rename from javalib/jni/android_system_virtualmachine_VirtualMachine.cpp
rename to java/jni/android_system_virtualmachine_VirtualMachine.cpp
diff --git a/javalib/jni/android_system_virtualmachine_VirtualizationService.cpp b/java/jni/android_system_virtualmachine_VirtualizationService.cpp
similarity index 100%
rename from javalib/jni/android_system_virtualmachine_VirtualizationService.cpp
rename to java/jni/android_system_virtualmachine_VirtualizationService.cpp
diff --git a/javalib/jni/common.h b/java/jni/common.h
similarity index 100%
rename from javalib/jni/common.h
rename to java/jni/common.h
diff --git a/javalib/service/Android.bp b/java/service/Android.bp
similarity index 86%
rename from javalib/service/Android.bp
rename to java/service/Android.bp
index 9c1fa01..fdfb203 100644
--- a/javalib/service/Android.bp
+++ b/java/service/Android.bp
@@ -23,8 +23,13 @@
],
defaults: [
"framework-system-server-module-defaults",
+ "platform_service_defaults",
],
- sdk_version: "system_server_current",
+ libs: [
+ "framework",
+ "services.core",
+ ],
+ sdk_version: "core_platform",
apex_available: ["com.android.virt"],
installable: true,
}
diff --git a/javalib/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java b/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
similarity index 100%
rename from javalib/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
rename to java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
diff --git a/libs/avf_features/Android.bp b/libs/avf_features/Android.bp
new file mode 100644
index 0000000..71f33db
--- /dev/null
+++ b/libs/avf_features/Android.bp
@@ -0,0 +1,26 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "libavf_features.defaults",
+ crate_name: "avf_features",
+ defaults: ["avf_build_flags_rust"],
+ srcs: ["src/lib.rs"],
+ edition: "2021",
+ prefer_rlib: true,
+ rustlibs: [
+ "android.system.virtualizationservice-rust",
+ "libanyhow",
+ "liblog_rust",
+ ],
+}
+
+rust_library {
+ name: "libavf_features",
+ defaults: ["libavf_features.defaults"],
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
+}
diff --git a/libs/avf_features/src/lib.rs b/libs/avf_features/src/lib.rs
new file mode 100644
index 0000000..c0faab0
--- /dev/null
+++ b/libs/avf_features/src/lib.rs
@@ -0,0 +1,38 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Provide functionality for handling AVF build-time feature flags.
+
+use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
+ IVirtualizationService::FEATURE_DICE_CHANGES, IVirtualizationService::FEATURE_LLPVM_CHANGES,
+ IVirtualizationService::FEATURE_MULTI_TENANT,
+ IVirtualizationService::FEATURE_REMOTE_ATTESTATION,
+ IVirtualizationService::FEATURE_VENDOR_MODULES,
+};
+use log::warn;
+
+/// Check if an AVF feature is enabled.
+pub fn is_feature_enabled(feature: &str) -> bool {
+ match feature {
+ FEATURE_DICE_CHANGES => cfg!(dice_changes),
+ FEATURE_LLPVM_CHANGES => cfg!(llpvm_changes),
+ FEATURE_MULTI_TENANT => cfg!(multi_tenant),
+ FEATURE_REMOTE_ATTESTATION => cfg!(remote_attestation),
+ FEATURE_VENDOR_MODULES => cfg!(vendor_modules),
+ _ => {
+ warn!("unknown feature {feature}");
+ false
+ }
+ }
+}
diff --git a/libs/libfdt/Android.bp b/libs/libfdt/Android.bp
index b5f7471..1bb5692 100644
--- a/libs/libfdt/Android.bp
+++ b/libs/libfdt/Android.bp
@@ -40,6 +40,7 @@
"libcstr",
"liblibfdt_bindgen",
"libmemoffset_nostd",
+ "libstatic_assertions",
"libzerocopy_nostd",
],
whole_static_libs: [
diff --git a/libs/libfdt/src/ctypes.rs b/libs/libfdt/src/ctypes.rs
deleted file mode 100644
index 640d447..0000000
--- a/libs/libfdt/src/ctypes.rs
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright 2024, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Safe zero-cost wrappers around integer values used by libfdt.
-
-use crate::{FdtError, Result};
-
-/// Wrapper guaranteed to contain a valid phandle.
-#[repr(transparent)]
-#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
-pub struct Phandle(u32);
-
-impl Phandle {
- /// Minimum valid value for device tree phandles.
- pub const MIN: Self = Self(1);
- /// Maximum valid value for device tree phandles.
- pub const MAX: Self = Self(libfdt_bindgen::FDT_MAX_PHANDLE);
-
- /// Creates a new Phandle
- pub const fn new(value: u32) -> Option<Self> {
- if Self::MIN.0 <= value && value <= Self::MAX.0 {
- Some(Self(value))
- } else {
- None
- }
- }
-}
-
-impl From<Phandle> for u32 {
- fn from(phandle: Phandle) -> u32 {
- phandle.0
- }
-}
-
-impl TryFrom<u32> for Phandle {
- type Error = FdtError;
-
- fn try_from(value: u32) -> Result<Self> {
- Self::new(value).ok_or(FdtError::BadPhandle)
- }
-}
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index d1ab24e..3339262 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -17,23 +17,22 @@
#![no_std]
-mod ctypes;
mod iterators;
mod libfdt;
mod result;
+mod safe_types;
-pub use ctypes::Phandle;
pub use iterators::{
AddressRange, CellIterator, CompatibleIterator, DescendantsIterator, MemRegIterator,
PropertyIterator, RangesIterator, Reg, RegIterator, SubnodeIterator,
};
pub use result::{FdtError, Result};
+pub use safe_types::{FdtHeader, NodeOffset, Phandle, PropOffset, StringOffset};
-use core::ffi::{c_int, c_void, CStr};
+use core::ffi::{c_void, CStr};
use core::ops::Range;
use cstr::cstr;
use libfdt::get_slice_at_ptr;
-use result::{fdt_err, fdt_err_expect_zero, fdt_err_or_option};
use zerocopy::AsBytes as _;
use crate::libfdt::{Libfdt, LibfdtMut};
@@ -94,12 +93,12 @@
}
impl FdtPropertyStruct {
- fn from_offset(fdt: &Fdt, offset: c_int) -> Result<&Self> {
+ fn from_offset(fdt: &Fdt, offset: PropOffset) -> Result<&Self> {
Ok(fdt.get_property_by_offset(offset)?.as_ref())
}
- fn name_offset(&self) -> c_int {
- u32::from_be(self.0.nameoff).try_into().unwrap()
+ fn name_offset(&self) -> StringOffset {
+ StringOffset(u32::from_be(self.0.nameoff).try_into().unwrap())
}
fn data_len(&self) -> usize {
@@ -115,12 +114,12 @@
#[derive(Clone, Copy, Debug)]
pub struct FdtProperty<'a> {
fdt: &'a Fdt,
- offset: c_int,
+ offset: PropOffset,
property: &'a FdtPropertyStruct,
}
impl<'a> FdtProperty<'a> {
- fn new(fdt: &'a Fdt, offset: c_int) -> Result<Self> {
+ fn new(fdt: &'a Fdt, offset: PropOffset) -> Result<Self> {
let property = FdtPropertyStruct::from_offset(fdt, offset)?;
Ok(Self { fdt, offset, property })
}
@@ -148,7 +147,7 @@
#[derive(Clone, Copy, Debug)]
pub struct FdtNode<'a> {
fdt: &'a Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNode<'a> {
@@ -356,7 +355,7 @@
#[derive(Debug)]
pub struct FdtNodeMut<'a> {
fdt: &'a mut Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNodeMut<'a> {
@@ -434,7 +433,7 @@
}
/// Adds new subnodes to the given node.
- pub fn add_subnodes(&mut self, names: &[&CStr]) -> Result<()> {
+ pub fn add_subnodes(self, names: &[&CStr]) -> Result<()> {
for name in names {
self.fdt.add_subnode_namelen(self.offset, name.to_bytes())?;
}
@@ -442,7 +441,7 @@
}
/// Adds a new subnode to the given node and return it as a FdtNodeMut on success.
- pub fn add_subnode(&'a mut self, name: &CStr) -> Result<Self> {
+ pub fn add_subnode(self, name: &CStr) -> Result<Self> {
let name = name.to_bytes();
let offset = self.fdt.add_subnode_namelen(self.offset, name)?;
@@ -451,7 +450,7 @@
/// Adds a new subnode to the given node with name and namelen, and returns it as a FdtNodeMut
/// on success.
- pub fn add_subnode_with_namelen(&'a mut self, name: &CStr, namelen: usize) -> Result<Self> {
+ pub fn add_subnode_with_namelen(self, name: &CStr, namelen: usize) -> Result<Self> {
let name = &name.to_bytes()[..namelen];
let offset = self.fdt.add_subnode_namelen(self.offset, name)?;
@@ -493,6 +492,7 @@
let next_node = self.delete_and_next(Some(offset))?.unwrap();
Ok(Some((next_node, depth)))
} else {
+ self.delete_and_next(None)?;
Ok(None)
}
}
@@ -526,7 +526,7 @@
self.delete_and_next(next_offset)
}
- fn delete_and_next(self, next_offset: Option<c_int>) -> Result<Option<Self>> {
+ fn delete_and_next(self, next_offset: Option<NodeOffset>) -> Result<Option<Self>> {
if Some(self.offset) == next_offset {
return Err(FdtError::Internal);
}
@@ -637,40 +637,30 @@
/// Unpacks the DT to cover the whole slice it is contained in.
pub fn unpack(&mut self) -> Result<()> {
- // SAFETY: "Opens" the DT in-place (supported use-case) by updating its header and
- // internal structures to make use of the whole self.fdt slice but performs no accesses
- // outside of it and leaves the DT in a state that will be detected by other functions.
- let ret = unsafe {
- libfdt_bindgen::fdt_open_into(
- self.as_ptr(),
- self.as_mut_ptr(),
- self.capacity().try_into().map_err(|_| FdtError::Internal)?,
- )
- };
- fdt_err_expect_zero(ret)
+ self.open_into_self()
}
/// Packs the DT to take a minimum amount of memory.
///
/// Doesn't shrink the underlying memory slice.
pub fn pack(&mut self) -> Result<()> {
- // SAFETY: "Closes" the DT in-place by updating its header and relocating its structs.
- let ret = unsafe { libfdt_bindgen::fdt_pack(self.as_mut_ptr()) };
- fdt_err_expect_zero(ret)
+ LibfdtMut::pack(self)
}
/// Applies a DT overlay on the base DT.
///
/// # Safety
///
- /// On failure, the library corrupts the DT and overlay so both must be discarded.
- pub unsafe fn apply_overlay<'a>(&'a mut self, overlay: &'a mut Fdt) -> Result<&'a mut Self> {
- let ret =
- // SAFETY: Both pointers are valid because they come from references, and fdt_overlay_apply
- // doesn't keep them after it returns. It may corrupt their contents if there is an error,
- // but that's our caller's responsibility.
- unsafe { libfdt_bindgen::fdt_overlay_apply(self.as_mut_ptr(), overlay.as_mut_ptr()) };
- fdt_err_expect_zero(ret)?;
+ /// As libfdt corrupts the input DT on failure, `self` should be discarded on error:
+ ///
+ /// let fdt = fdt.apply_overlay(overlay)?;
+ ///
+ /// Furthermore, `overlay` is _always_ corrupted by libfdt and will never refer to a valid
+ /// `Fdt` after this function returns and must therefore be discarded by the caller.
+ pub unsafe fn apply_overlay<'a>(&'a mut self, overlay: &mut Fdt) -> Result<&'a mut Self> {
+ // SAFETY: Our caller will properly discard overlay and/or self as needed.
+ unsafe { self.overlay_apply(overlay) }?;
+
Ok(self)
}
@@ -679,7 +669,7 @@
///
/// NOTE: This does not support individual "/memory@XXXX" banks.
pub fn memory(&self) -> Result<MemRegIterator> {
- let node = self.node(cstr!("/memory"))?.ok_or(FdtError::NotFound)?;
+ let node = self.root()?.subnode(cstr!("memory"))?.ok_or(FdtError::NotFound)?;
if node.device_type()? != Some(cstr!("memory")) {
return Err(FdtError::BadValue);
}
@@ -693,7 +683,7 @@
/// Returns the standard /chosen node.
pub fn chosen(&self) -> Result<Option<FdtNode>> {
- self.node(cstr!("/chosen"))
+ self.root()?.subnode(cstr!("chosen"))
}
/// Returns the standard /chosen node as mutable.
@@ -703,12 +693,12 @@
/// Returns the root node of the tree.
pub fn root(&self) -> Result<FdtNode> {
- self.node(cstr!("/"))?.ok_or(FdtError::Internal)
+ Ok(FdtNode { fdt: self, offset: NodeOffset::ROOT })
}
/// Returns the standard /__symbols__ node.
pub fn symbols(&self) -> Result<Option<FdtNode>> {
- self.node(cstr!("/__symbols__"))
+ self.root()?.subnode(cstr!("__symbols__"))
}
/// Returns the standard /__symbols__ node as mutable
@@ -749,7 +739,7 @@
/// Returns the mutable root node of the tree.
pub fn root_mut(&mut self) -> Result<FdtNodeMut> {
- self.node_mut(cstr!("/"))?.ok_or(FdtError::Internal)
+ Ok(FdtNodeMut { fdt: self, offset: NodeOffset::ROOT })
}
/// Returns a mutable tree node by its full path.
@@ -759,7 +749,11 @@
Ok(offset.map(|offset| FdtNodeMut { fdt: self, offset }))
}
- fn next_node_skip_subnodes(&self, node: c_int, depth: usize) -> Result<Option<(c_int, usize)>> {
+ fn next_node_skip_subnodes(
+ &self,
+ node: NodeOffset,
+ depth: usize,
+ ) -> Result<Option<(NodeOffset, usize)>> {
let mut iter = self.next_node(node, depth)?;
while let Some((offset, next_depth)) = iter {
if next_depth <= depth {
@@ -785,21 +779,14 @@
self.buffer.as_ptr().cast()
}
- fn as_mut_ptr(&mut self) -> *mut c_void {
- self.buffer.as_mut_ptr().cast::<_>()
- }
-
- fn capacity(&self) -> usize {
- self.buffer.len()
- }
-
- fn header(&self) -> &libfdt_bindgen::fdt_header {
- let p = self.as_ptr().cast();
+ fn header(&self) -> &FdtHeader {
+ let p = self.as_ptr().cast::<libfdt_bindgen::fdt_header>();
// SAFETY: A valid FDT (verified by constructor) must contain a valid fdt_header.
- unsafe { &*p }
+ let header = unsafe { &*p };
+ header.as_ref()
}
fn totalsize(&self) -> usize {
- u32::from_be(self.header().totalsize) as usize
+ self.header().totalsize.get().try_into().unwrap()
}
}
diff --git a/libs/libfdt/src/libfdt.rs b/libs/libfdt/src/libfdt.rs
index 7737718..1af9edf 100644
--- a/libs/libfdt/src/libfdt.rs
+++ b/libs/libfdt/src/libfdt.rs
@@ -18,11 +18,12 @@
//! user-friendly higher-level types, allowing the trait to be shared between different ones,
//! adapted to their use-cases (e.g. alloc-based userspace or statically allocated no_std).
-use core::ffi::{c_int, CStr};
+use core::ffi::CStr;
use core::mem;
use core::ptr;
-use crate::{fdt_err, fdt_err_expect_zero, fdt_err_or_option, FdtError, Phandle, Result};
+use crate::result::FdtRawResult;
+use crate::{FdtError, NodeOffset, Phandle, PropOffset, Result, StringOffset};
// Function names are the C function names without the `fdt_` prefix.
@@ -35,7 +36,7 @@
// There will be no memory write outside of the given fdt.
let ret = unsafe { libfdt_bindgen::fdt_create_empty_tree(fdt, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_check_full()` (C function).
@@ -49,7 +50,7 @@
// calls as it expects the client code to keep track of the objects (DT, nodes, ...).
let ret = unsafe { libfdt_bindgen::fdt_check_full(fdt, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Wrapper for the read-only libfdt.h functions.
@@ -67,7 +68,7 @@
fn as_fdt_slice(&self) -> &[u8];
/// Safe wrapper around `fdt_path_offset_namelen()` (C function).
- fn path_offset_namelen(&self, path: &[u8]) -> Result<Option<c_int>> {
+ fn path_offset_namelen(&self, path: &[u8]) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
// *_namelen functions don't include the trailing nul terminator in 'len'.
let len = path.len().try_into().map_err(|_| FdtError::BadPath)?;
@@ -76,37 +77,43 @@
// function respects the passed number of characters.
let ret = unsafe { libfdt_bindgen::fdt_path_offset_namelen(fdt, path, len) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_node_offset_by_phandle()` (C function).
- fn node_offset_by_phandle(&self, phandle: Phandle) -> Result<Option<c_int>> {
+ fn node_offset_by_phandle(&self, phandle: Phandle) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
let phandle = phandle.into();
// SAFETY: Accesses are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_node_offset_by_phandle(fdt, phandle) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_node_offset_by_compatible()` (C function).
- fn node_offset_by_compatible(&self, prev: c_int, compatible: &CStr) -> Result<Option<c_int>> {
+ fn node_offset_by_compatible(
+ &self,
+ prev: NodeOffset,
+ compatible: &CStr,
+ ) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let prev = prev.into();
let compatible = compatible.as_ptr();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_node_offset_by_compatible(fdt, prev, compatible) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_node()` (C function).
- fn next_node(&self, node: c_int, depth: usize) -> Result<Option<(c_int, usize)>> {
+ fn next_node(&self, node: NodeOffset, depth: usize) -> Result<Option<(NodeOffset, usize)>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let mut depth = depth.try_into().unwrap();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_node(fdt, node, &mut depth) };
- match fdt_err_or_option(ret)? {
+ match FdtRawResult::from(ret).try_into()? {
Some(offset) if depth >= 0 => {
let depth = depth.try_into().unwrap();
Ok(Some((offset, depth)))
@@ -118,90 +125,103 @@
/// Safe wrapper around `fdt_parent_offset()` (C function).
///
/// Note that this function returns a `Err` when called on a root.
- fn parent_offset(&self, node: c_int) -> Result<c_int> {
+ fn parent_offset(&self, node: NodeOffset) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_parent_offset(fdt, node) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_supernode_atdepth_offset()` (C function).
///
/// Note that this function returns a `Err` when called on a node at a depth shallower than
/// the provided `depth`.
- fn supernode_atdepth_offset(&self, node: c_int, depth: usize) -> Result<c_int> {
+ fn supernode_atdepth_offset(&self, node: NodeOffset, depth: usize) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let depth = depth.try_into().unwrap();
let nodedepth = ptr::null_mut();
let ret =
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
unsafe { libfdt_bindgen::fdt_supernode_atdepth_offset(fdt, node, depth, nodedepth) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_subnode_offset_namelen()` (C function).
- fn subnode_offset_namelen(&self, parent: c_int, name: &[u8]) -> Result<Option<c_int>> {
+ fn subnode_offset_namelen(
+ &self,
+ parent: NodeOffset,
+ name: &[u8],
+ ) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let parent = parent.into();
let namelen = name.len().try_into().unwrap();
let name = name.as_ptr().cast();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_subnode_offset_namelen(fdt, parent, name, namelen) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_first_subnode()` (C function).
- fn first_subnode(&self, node: c_int) -> Result<Option<c_int>> {
+ fn first_subnode(&self, node: NodeOffset) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_subnode(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_subnode()` (C function).
- fn next_subnode(&self, node: c_int) -> Result<Option<c_int>> {
+ fn next_subnode(&self, node: NodeOffset) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_subnode(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_address_cells()` (C function).
- fn address_cells(&self, node: c_int) -> Result<usize> {
+ fn address_cells(&self, node: NodeOffset) -> Result<usize> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_address_cells(fdt, node) };
- Ok(fdt_err(ret)?.try_into().unwrap())
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_size_cells()` (C function).
- fn size_cells(&self, node: c_int) -> Result<usize> {
+ fn size_cells(&self, node: NodeOffset) -> Result<usize> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_size_cells(fdt, node) };
- Ok(fdt_err(ret)?.try_into().unwrap())
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_get_name()` (C function).
- fn get_name(&self, node: c_int) -> Result<&[u8]> {
+ fn get_name(&self, node: NodeOffset) -> Result<&[u8]> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let mut len = 0;
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor). On success, the
// function returns valid null terminating string and otherwise returned values are dropped.
let name = unsafe { libfdt_bindgen::fdt_get_name(fdt, node, &mut len) };
- let len = usize::try_from(fdt_err(len)?).unwrap().checked_add(1).unwrap();
+ let len = usize::try_from(FdtRawResult::from(len))?.checked_add(1).unwrap();
get_slice_at_ptr(self.as_fdt_slice(), name.cast(), len).ok_or(FdtError::Internal)
}
/// Safe wrapper around `fdt_getprop_namelen()` (C function).
- fn getprop_namelen(&self, node: c_int, name: &[u8]) -> Result<Option<&[u8]>> {
+ fn getprop_namelen(&self, node: NodeOffset, name: &[u8]) -> Result<Option<&[u8]>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let namelen = name.len().try_into().map_err(|_| FdtError::BadPath)?;
let name = name.as_ptr().cast();
let mut len = 0;
@@ -210,8 +230,7 @@
// function respects the passed number of characters.
unsafe { libfdt_bindgen::fdt_getprop_namelen(fdt, node, name, namelen, &mut len) };
- if let Some(len) = fdt_err_or_option(len)? {
- let len = usize::try_from(len).unwrap();
+ if let Some(len) = FdtRawResult::from(len).try_into()? {
let bytes = get_slice_at_ptr(self.as_fdt_slice(), prop.cast(), len);
Ok(Some(bytes.ok_or(FdtError::Internal)?))
@@ -221,13 +240,14 @@
}
/// Safe wrapper around `fdt_get_property_by_offset()` (C function).
- fn get_property_by_offset(&self, offset: c_int) -> Result<&libfdt_bindgen::fdt_property> {
+ fn get_property_by_offset(&self, offset: PropOffset) -> Result<&libfdt_bindgen::fdt_property> {
let mut len = 0;
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let offset = offset.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let prop = unsafe { libfdt_bindgen::fdt_get_property_by_offset(fdt, offset, &mut len) };
- let data_len = fdt_err(len)?.try_into().unwrap();
+ let data_len = FdtRawResult::from(len).try_into()?;
// TODO(stable_feature(offset_of)): mem::offset_of!(fdt_property, data).
let data_offset = memoffset::offset_of!(libfdt_bindgen::fdt_property, data);
let len = data_offset.checked_add(data_len).ok_or(FdtError::Internal)?;
@@ -247,21 +267,23 @@
}
/// Safe wrapper around `fdt_first_property_offset()` (C function).
- fn first_property_offset(&self, node: c_int) -> Result<Option<c_int>> {
+ fn first_property_offset(&self, node: NodeOffset) -> Result<Option<PropOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_property_offset(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_property_offset()` (C function).
- fn next_property_offset(&self, prev: c_int) -> Result<Option<c_int>> {
+ fn next_property_offset(&self, prev: PropOffset) -> Result<Option<PropOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let prev = prev.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_property_offset(fdt, prev) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_find_max_phandle()` (C function).
@@ -271,14 +293,15 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_find_max_phandle(fdt, &mut phandle) };
- fdt_err_expect_zero(ret)?;
+ FdtRawResult::from(ret).try_into()?;
phandle.try_into()
}
/// Safe wrapper around `fdt_string()` (C function).
- fn string(&self, offset: c_int) -> Result<&CStr> {
+ fn string(&self, offset: StringOffset) -> Result<&CStr> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let offset = offset.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ptr = unsafe { libfdt_bindgen::fdt_string(fdt, offset) };
let bytes =
@@ -286,6 +309,13 @@
CStr::from_bytes_until_nul(bytes).map_err(|_| FdtError::Internal)
}
+
+ /// Safe wrapper around `fdt_open_into()` (C function).
+ fn open_into(&self, dest: &mut [u8]) -> Result<()> {
+ let fdt = self.as_fdt_slice().as_ptr().cast();
+
+ open_into(fdt, dest)
+ }
}
/// Wrapper for the read-write libfdt.h functions.
@@ -309,28 +339,31 @@
fn as_fdt_slice_mut(&mut self) -> &mut [u8];
/// Safe wrapper around `fdt_nop_node()` (C function).
- fn nop_node(&mut self, node: c_int) -> Result<()> {
+ fn nop_node(&mut self, node: NodeOffset) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_nop_node(fdt, node) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_add_subnode_namelen()` (C function).
- fn add_subnode_namelen(&mut self, node: c_int, name: &[u8]) -> Result<c_int> {
+ fn add_subnode_namelen(&mut self, node: NodeOffset, name: &[u8]) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let namelen = name.len().try_into().unwrap();
let name = name.as_ptr().cast();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_add_subnode_namelen(fdt, node, name, namelen) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_setprop()` (C function).
- fn setprop(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn setprop(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
@@ -338,12 +371,18 @@
// (validated by underlying libfdt).
let ret = unsafe { libfdt_bindgen::fdt_setprop(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_setprop_placeholder()` (C function).
- fn setprop_placeholder(&mut self, node: c_int, name: &CStr, size: usize) -> Result<&mut [u8]> {
+ fn setprop_placeholder(
+ &mut self,
+ node: NodeOffset,
+ name: &CStr,
+ size: usize,
+ ) -> Result<&mut [u8]> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = size.try_into().unwrap();
let mut data = ptr::null_mut();
@@ -351,14 +390,15 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
unsafe { libfdt_bindgen::fdt_setprop_placeholder(fdt, node, name, len, &mut data) };
- fdt_err_expect_zero(ret)?;
+ FdtRawResult::from(ret).try_into()?;
get_mut_slice_at_ptr(self.as_fdt_slice_mut(), data.cast(), size).ok_or(FdtError::Internal)
}
/// Safe wrapper around `fdt_setprop_inplace()` (C function).
- fn setprop_inplace(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn setprop_inplace(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
@@ -366,43 +406,47 @@
// (validated by underlying libfdt).
let ret = unsafe { libfdt_bindgen::fdt_setprop_inplace(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_appendprop()` (C function).
- fn appendprop(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn appendprop(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_appendprop(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_appendprop_addrrange()` (C function).
fn appendprop_addrrange(
&mut self,
- parent: c_int,
- node: c_int,
+ parent: NodeOffset,
+ node: NodeOffset,
name: &CStr,
addr: u64,
size: u64,
) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let parent = parent.into();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe {
libfdt_bindgen::fdt_appendprop_addrrange(fdt, parent, node, name, addr, size)
};
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_delprop()` (C function).
- fn delprop(&mut self, node: c_int, name: &CStr) -> Result<()> {
+ fn delprop(&mut self, node: NodeOffset, name: &CStr) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor) when the
// library locates the node's property. Removing the property may shift the offsets of
@@ -410,18 +454,61 @@
// being called when FdtNode instances are in use.
let ret = unsafe { libfdt_bindgen::fdt_delprop(fdt, node, name) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_nop_property()` (C function).
- fn nop_property(&mut self, node: c_int, name: &CStr) -> Result<()> {
+ fn nop_property(&mut self, node: NodeOffset, name: &CStr) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor) when the
// library locates the node's property.
let ret = unsafe { libfdt_bindgen::fdt_nop_property(fdt, node, name) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
+ }
+
+ /// Safe and aliasing-compatible wrapper around `fdt_open_into()` (C function).
+ ///
+ /// The C API allows both input (`const void*`) and output (`void *`) to point to the same
+ /// memory region but the borrow checker would reject an API such as
+ ///
+ /// self.open_into(&mut self.buffer)
+ ///
+ /// so this wrapper is provided to implement such a common aliasing case.
+ fn open_into_self(&mut self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut();
+
+ open_into(fdt.as_ptr().cast(), fdt)
+ }
+
+ /// Safe wrapper around `fdt_pack()` (C function).
+ fn pack(&mut self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ // SAFETY: Accesses (R/W) are constrained to the DT totalsize (validated by ctor).
+ let ret = unsafe { libfdt_bindgen::fdt_pack(fdt) };
+
+ FdtRawResult::from(ret).try_into()
+ }
+
+ /// Wrapper around `fdt_overlay_apply()` (C function).
+ ///
+ /// # Safety
+ ///
+ /// This function safely wraps the C function call but is unsafe because the caller must
+ ///
+ /// - discard `overlay` as a &LibfdtMut because libfdt corrupts its header before returning;
+ /// - on error, discard `self` as a &LibfdtMut for the same reason.
+ unsafe fn overlay_apply(&mut self, overlay: &mut Self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let overlay = overlay.as_fdt_slice_mut().as_mut_ptr().cast();
+ // SAFETY: Both pointers are valid because they come from references, and fdt_overlay_apply
+ // doesn't keep them after it returns. It may corrupt their contents if there is an error,
+ // but that's our caller's responsibility.
+ let ret = unsafe { libfdt_bindgen::fdt_overlay_apply(fdt, overlay) };
+
+ FdtRawResult::from(ret).try_into()
}
}
@@ -449,6 +536,19 @@
})
}
+fn open_into(fdt: *const u8, dest: &mut [u8]) -> Result<()> {
+ let fdt = fdt.cast();
+ let len = dest.len().try_into().map_err(|_| FdtError::Internal)?;
+ let dest = dest.as_mut_ptr().cast();
+ // SAFETY: Reads the whole fdt slice (based on the validated totalsize) and, if it fits, copies
+ // it to the (properly mutable) dest buffer of size len. On success, the resulting dest
+ // contains a valid DT with the nodes and properties of the original one but of a different
+ // size, reflected in its fdt_header::totalsize.
+ let ret = unsafe { libfdt_bindgen::fdt_open_into(fdt, dest, len) };
+
+ FdtRawResult::from(ret).try_into()
+}
+
// TODO(stable_feature(pointer_is_aligned)): p.is_aligned()
fn is_aligned<T>(p: *const T) -> bool {
(p as usize) % mem::align_of::<T>() == 0
diff --git a/libs/libfdt/src/result.rs b/libs/libfdt/src/result.rs
index 9643e1e..52291ca 100644
--- a/libs/libfdt/src/result.rs
+++ b/libs/libfdt/src/result.rs
@@ -14,7 +14,7 @@
//! Rust types related to the libfdt C integer results.
-use core::ffi::c_int;
+use core::ffi::{c_int, c_uint};
use core::fmt;
use core::result;
@@ -94,46 +94,99 @@
/// Result type with FdtError enum.
pub type Result<T> = result::Result<T, FdtError>;
-pub(crate) fn fdt_err(val: c_int) -> Result<c_int> {
- if val >= 0 {
- Ok(val)
- } else {
- Err(match -val as _ {
- libfdt_bindgen::FDT_ERR_NOTFOUND => FdtError::NotFound,
- libfdt_bindgen::FDT_ERR_EXISTS => FdtError::Exists,
- libfdt_bindgen::FDT_ERR_NOSPACE => FdtError::NoSpace,
- libfdt_bindgen::FDT_ERR_BADOFFSET => FdtError::BadOffset,
- libfdt_bindgen::FDT_ERR_BADPATH => FdtError::BadPath,
- libfdt_bindgen::FDT_ERR_BADPHANDLE => FdtError::BadPhandle,
- libfdt_bindgen::FDT_ERR_BADSTATE => FdtError::BadState,
- libfdt_bindgen::FDT_ERR_TRUNCATED => FdtError::Truncated,
- libfdt_bindgen::FDT_ERR_BADMAGIC => FdtError::BadMagic,
- libfdt_bindgen::FDT_ERR_BADVERSION => FdtError::BadVersion,
- libfdt_bindgen::FDT_ERR_BADSTRUCTURE => FdtError::BadStructure,
- libfdt_bindgen::FDT_ERR_BADLAYOUT => FdtError::BadLayout,
- libfdt_bindgen::FDT_ERR_INTERNAL => FdtError::Internal,
- libfdt_bindgen::FDT_ERR_BADNCELLS => FdtError::BadNCells,
- libfdt_bindgen::FDT_ERR_BADVALUE => FdtError::BadValue,
- libfdt_bindgen::FDT_ERR_BADOVERLAY => FdtError::BadOverlay,
- libfdt_bindgen::FDT_ERR_NOPHANDLES => FdtError::NoPhandles,
- libfdt_bindgen::FDT_ERR_BADFLAGS => FdtError::BadFlags,
- libfdt_bindgen::FDT_ERR_ALIGNMENT => FdtError::Alignment,
- _ => FdtError::Unknown(val),
- })
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+pub(crate) struct FdtRawResult(c_int);
+
+impl From<c_int> for FdtRawResult {
+ fn from(value: c_int) -> Self {
+ Self(value)
}
}
-pub(crate) fn fdt_err_expect_zero(val: c_int) -> Result<()> {
- match fdt_err(val)? {
- 0 => Ok(()),
- _ => Err(FdtError::Unknown(val)),
+impl TryFrom<FdtRawResult> for c_int {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ use libfdt_bindgen::{
+ FDT_ERR_ALIGNMENT, FDT_ERR_BADFLAGS, FDT_ERR_BADLAYOUT, FDT_ERR_BADMAGIC,
+ FDT_ERR_BADNCELLS, FDT_ERR_BADOFFSET, FDT_ERR_BADOVERLAY, FDT_ERR_BADPATH,
+ FDT_ERR_BADPHANDLE, FDT_ERR_BADSTATE, FDT_ERR_BADSTRUCTURE, FDT_ERR_BADVALUE,
+ FDT_ERR_BADVERSION, FDT_ERR_EXISTS, FDT_ERR_INTERNAL, FDT_ERR_NOPHANDLES,
+ FDT_ERR_NOSPACE, FDT_ERR_NOTFOUND, FDT_ERR_TRUNCATED,
+ };
+ match res.0 {
+ x if x >= 0 => Ok(x),
+ x if x == -(FDT_ERR_NOTFOUND as c_int) => Err(FdtError::NotFound),
+ x if x == -(FDT_ERR_EXISTS as c_int) => Err(FdtError::Exists),
+ x if x == -(FDT_ERR_NOSPACE as c_int) => Err(FdtError::NoSpace),
+ x if x == -(FDT_ERR_BADOFFSET as c_int) => Err(FdtError::BadOffset),
+ x if x == -(FDT_ERR_BADPATH as c_int) => Err(FdtError::BadPath),
+ x if x == -(FDT_ERR_BADPHANDLE as c_int) => Err(FdtError::BadPhandle),
+ x if x == -(FDT_ERR_BADSTATE as c_int) => Err(FdtError::BadState),
+ x if x == -(FDT_ERR_TRUNCATED as c_int) => Err(FdtError::Truncated),
+ x if x == -(FDT_ERR_BADMAGIC as c_int) => Err(FdtError::BadMagic),
+ x if x == -(FDT_ERR_BADVERSION as c_int) => Err(FdtError::BadVersion),
+ x if x == -(FDT_ERR_BADSTRUCTURE as c_int) => Err(FdtError::BadStructure),
+ x if x == -(FDT_ERR_BADLAYOUT as c_int) => Err(FdtError::BadLayout),
+ x if x == -(FDT_ERR_INTERNAL as c_int) => Err(FdtError::Internal),
+ x if x == -(FDT_ERR_BADNCELLS as c_int) => Err(FdtError::BadNCells),
+ x if x == -(FDT_ERR_BADVALUE as c_int) => Err(FdtError::BadValue),
+ x if x == -(FDT_ERR_BADOVERLAY as c_int) => Err(FdtError::BadOverlay),
+ x if x == -(FDT_ERR_NOPHANDLES as c_int) => Err(FdtError::NoPhandles),
+ x if x == -(FDT_ERR_BADFLAGS as c_int) => Err(FdtError::BadFlags),
+ x if x == -(FDT_ERR_ALIGNMENT as c_int) => Err(FdtError::Alignment),
+ x => Err(FdtError::Unknown(x)),
+ }
}
}
-pub(crate) fn fdt_err_or_option(val: c_int) -> Result<Option<c_int>> {
- match fdt_err(val) {
- Ok(val) => Ok(Some(val)),
- Err(FdtError::NotFound) => Ok(None),
- Err(e) => Err(e),
+impl TryFrom<FdtRawResult> for Option<c_int> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl TryFrom<FdtRawResult> for c_uint {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(c_int::try_from(res)?.try_into().unwrap())
+ }
+}
+
+impl TryFrom<FdtRawResult> for usize {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(c_int::try_from(res)?.try_into().unwrap())
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<usize> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl TryFrom<FdtRawResult> for () {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into()? {
+ 0 => Ok(()),
+ n => Err(FdtError::Unknown(n)),
+ }
}
}
diff --git a/libs/libfdt/src/safe_types.rs b/libs/libfdt/src/safe_types.rs
new file mode 100644
index 0000000..3848542
--- /dev/null
+++ b/libs/libfdt/src/safe_types.rs
@@ -0,0 +1,228 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Safe zero-cost wrappers around integer values used by libfdt.
+
+use core::ffi::c_int;
+
+use crate::result::FdtRawResult;
+use crate::{FdtError, Result};
+
+use zerocopy::byteorder::big_endian;
+use zerocopy::{FromBytes, FromZeroes};
+
+macro_rules! assert_offset_eq {
+ // TODO(stable_feature(offset_of)): mem::offset_of
+ // TODO(const_feature(assert_eq)): assert_eq!()
+ ($t:ty, $u:ty, $id:ident) => {
+ static_assertions::const_assert_eq!(
+ memoffset::offset_of!($t, $id),
+ memoffset::offset_of!($u, $id),
+ );
+ };
+}
+
+/// Thin wrapper around `libfdt_bindgen::fdt_header` for transparent endianness handling.
+#[repr(C)]
+#[derive(Debug, FromZeroes, FromBytes)]
+pub struct FdtHeader {
+ /// magic word FDT_MAGIC
+ pub magic: big_endian::U32,
+ /// total size of DT block
+ pub totalsize: big_endian::U32,
+ /// offset to structure
+ pub off_dt_struct: big_endian::U32,
+ /// offset to strings
+ pub off_dt_strings: big_endian::U32,
+ /// offset to memory reserve map
+ pub off_mem_rsvmap: big_endian::U32,
+ /// format version
+ pub version: big_endian::U32,
+ /// last compatible version
+ pub last_comp_version: big_endian::U32,
+ /* version 2 fields below */
+ /// Which physical CPU id we're booting on
+ pub boot_cpuid_phys: big_endian::U32,
+ /* version 3 fields below */
+ /// size of the strings block
+ pub size_dt_strings: big_endian::U32,
+ /* version 17 fields below */
+ /// size of the structure block
+ pub size_dt_struct: big_endian::U32,
+}
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, magic);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, totalsize);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_dt_struct);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_dt_strings);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_mem_rsvmap);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, version);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, last_comp_version);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, boot_cpuid_phys);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, size_dt_strings);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, size_dt_struct);
+
+impl AsRef<FdtHeader> for libfdt_bindgen::fdt_header {
+ fn as_ref(&self) -> &FdtHeader {
+ let ptr = self as *const _ as *const _;
+ // SAFETY: Types have the same layout (u32 and U32 have the same storage) and alignment.
+ unsafe { &*ptr }
+ }
+}
+
+/// Wrapper guaranteed to contain a valid phandle.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct Phandle(u32);
+
+impl Phandle {
+ /// Minimum valid value for device tree phandles.
+ pub const MIN: Self = Self(1);
+ /// Maximum valid value for device tree phandles.
+ pub const MAX: Self = Self(libfdt_bindgen::FDT_MAX_PHANDLE);
+
+ /// Creates a new Phandle
+ pub const fn new(value: u32) -> Option<Self> {
+ if Self::MIN.0 <= value && value <= Self::MAX.0 {
+ Some(Self(value))
+ } else {
+ None
+ }
+ }
+}
+
+impl From<Phandle> for u32 {
+ fn from(phandle: Phandle) -> u32 {
+ phandle.0
+ }
+}
+
+impl TryFrom<u32> for Phandle {
+ type Error = FdtError;
+
+ fn try_from(value: u32) -> Result<Self> {
+ Self::new(value).ok_or(FdtError::BadPhandle)
+ }
+}
+
+impl TryFrom<FdtRawResult> for Phandle {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Self::new(res.try_into()?).ok_or(FdtError::BadPhandle)
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree node offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct NodeOffset(c_int);
+
+impl NodeOffset {
+ /// Offset of the root node; 0, by definition.
+ pub const ROOT: Self = Self(0);
+}
+
+impl TryFrom<FdtRawResult> for NodeOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<NodeOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<NodeOffset> for c_int {
+ fn from(offset: NodeOffset) -> Self {
+ offset.0
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree property offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct PropOffset(c_int);
+
+impl TryFrom<FdtRawResult> for PropOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<PropOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<PropOffset> for c_int {
+ fn from(offset: PropOffset) -> Self {
+ offset.0
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree string offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct StringOffset(pub c_int); // TODO(ptosi): Move fdt_property wrapper here and remove pub.
+
+impl TryFrom<FdtRawResult> for StringOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<StringOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<StringOffset> for c_int {
+ fn from(offset: StringOffset) -> Self {
+ offset.0
+ }
+}
diff --git a/libs/libfdt/tests/api_test.rs b/libs/libfdt/tests/api_test.rs
index ddc4538..8f5b76d 100644
--- a/libs/libfdt/tests/api_test.rs
+++ b/libs/libfdt/tests/api_test.rs
@@ -267,8 +267,8 @@
let node = fdt.node(node_path).unwrap().unwrap();
assert_eq!(Ok(None), node.subnode_with_name_bytes(name));
- let mut node = fdt.node_mut(node_path).unwrap().unwrap();
- node.add_subnode_with_namelen(subnode_name, len).unwrap();
+ let node = fdt.node_mut(node_path).unwrap().unwrap();
+ let _ = node.add_subnode_with_namelen(subnode_name, len).unwrap();
let node = fdt.node(node_path).unwrap().unwrap();
assert_ne!(Ok(None), node.subnode_with_name_bytes(name));
@@ -438,6 +438,22 @@
}
#[test]
+fn node_mut_delete_and_next_node_with_last_node() {
+ let mut data = fs::read(TEST_TREE_WITH_EMPTY_MEMORY_RANGE_PATH).unwrap();
+ let fdt = Fdt::from_mut_slice(&mut data).unwrap();
+
+ let mut iter = fdt.root_mut().unwrap().next_node(0).unwrap();
+ while let Some((node, depth)) = iter {
+ iter = node.delete_and_next_node(depth).unwrap();
+ }
+
+ let root = fdt.root().unwrap();
+ let all_descendants: Vec<_> =
+ root.descendants().map(|(node, depth)| (node.name(), depth)).collect();
+ assert!(all_descendants.is_empty(), "{all_descendants:?}");
+}
+
+#[test]
#[ignore] // Borrow checker test. Compilation success is sufficient.
fn node_name_lifetime() {
let data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
@@ -456,7 +472,7 @@
let mut data = vec![0_u8; 1000];
let fdt = Fdt::create_empty_tree(&mut data).unwrap();
- let mut root = fdt.root_mut().unwrap();
+ let root = fdt.root_mut().unwrap();
let names = [cstr!("a"), cstr!("b")];
root.add_subnodes(&names).unwrap();
diff --git a/pvmfw/platform.dts b/pvmfw/platform.dts
index cea1c33..275a1c9 100644
--- a/pvmfw/platform.dts
+++ b/pvmfw/platform.dts
@@ -52,11 +52,40 @@
cpus {
#address-cells = <1>;
#size-cells = <0>;
- cpu@0 {
+
+ cpu-map {
+ cluster0 {
+ core0 { cpu = <PLACEHOLDER>; };
+ core1 { cpu = <PLACEHOLDER>; };
+ core2 { cpu = <PLACEHOLDER>; };
+ core3 { cpu = <PLACEHOLDER>; };
+ core4 { cpu = <PLACEHOLDER>; };
+ core5 { cpu = <PLACEHOLDER>; };
+ };
+ cluster1 {
+ core0 { cpu = <PLACEHOLDER>; };
+ core1 { cpu = <PLACEHOLDER>; };
+ core2 { cpu = <PLACEHOLDER>; };
+ core3 { cpu = <PLACEHOLDER>; };
+ core4 { cpu = <PLACEHOLDER>; };
+ core5 { cpu = <PLACEHOLDER>; };
+ };
+ cluster2 {
+ core0 { cpu = <PLACEHOLDER>; };
+ core1 { cpu = <PLACEHOLDER>; };
+ core2 { cpu = <PLACEHOLDER>; };
+ core3 { cpu = <PLACEHOLDER>; };
+ core4 { cpu = <PLACEHOLDER>; };
+ core5 { cpu = <PLACEHOLDER>; };
+ };
+ };
+
+ cpu0: cpu@0 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <0>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table0>;
opp_table0: opp-table-0 {
compatible = "operating-points-v2";
@@ -83,11 +112,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@1 {
+ cpu1: cpu@1 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <1>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table1>;
opp_table1: opp-table-1 {
compatible = "operating-points-v2";
@@ -114,11 +144,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@2 {
+ cpu2: cpu@2 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <2>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table2>;
opp_table2: opp-table-2 {
compatible = "operating-points-v2";
@@ -145,11 +176,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@3 {
+ cpu3: cpu@3 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <3>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table3>;
opp_table3: opp-table-3 {
compatible = "operating-points-v2";
@@ -176,11 +208,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@4 {
+ cpu4: cpu@4 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <4>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table4>;
opp_table4: opp-table-4 {
compatible = "operating-points-v2";
@@ -207,11 +240,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@5 {
+ cpu5: cpu@5 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <5>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table5>;
opp_table5: opp-table-5 {
compatible = "operating-points-v2";
@@ -238,11 +272,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@6 {
+ cpu6: cpu@6 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <6>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table6>;
opp_table6: opp-table-6 {
compatible = "operating-points-v2";
@@ -269,11 +304,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@7 {
+ cpu7: cpu@7 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <7>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table7>;
opp_table7: opp-table-7 {
compatible = "operating-points-v2";
@@ -300,12 +336,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@8 {
+ cpu8: cpu@8 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <8>;
-
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table8>;
opp_table8: opp-table-8 {
compatible = "operating-points-v2";
@@ -332,11 +368,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@9 {
+ cpu9: cpu@9 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <9>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table9>;
opp_table9: opp-table-9 {
compatible = "operating-points-v2";
@@ -363,11 +400,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@10 {
+ cpu10: cpu@10 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <10>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table10>;
opp_table10: opp-table-10 {
compatible = "operating-points-v2";
@@ -394,11 +432,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@11 {
+ cpu11: cpu@11 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <11>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table11>;
opp_table11: opp-table-11 {
compatible = "operating-points-v2";
@@ -425,11 +464,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@12 {
+ cpu12: cpu@12 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <12>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table12>;
opp_table12: opp-table-12 {
compatible = "operating-points-v2";
@@ -456,11 +496,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@13 {
+ cpu13: cpu@13 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <13>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table13>;
opp_table13: opp-table-13 {
compatible = "operating-points-v2";
@@ -487,11 +528,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@14 {
+ cpu14: cpu@14 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <14>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table14>;
opp_table14: opp-table-14 {
compatible = "operating-points-v2";
@@ -518,11 +560,12 @@
opp20 { opp-hz = <PLACEHOLDER2>; };
};
};
- cpu@15 {
+ cpu15: cpu@15 {
device_type = "cpu";
compatible = "arm,arm-v8";
enable-method = "psci";
reg = <15>;
+ capacity-dmips-mhz = <PLACEHOLDER>;
operating-points-v2 = <&opp_table15>;
opp_table15: opp-table-15 {
compatible = "operating-points-v2";
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index f20451a..146d012 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -21,6 +21,7 @@
use crate::RebootReason;
use alloc::collections::BTreeMap;
use alloc::ffi::CString;
+use alloc::format;
use alloc::vec::Vec;
use core::cmp::max;
use core::cmp::min;
@@ -37,6 +38,7 @@
use libfdt::FdtError;
use libfdt::FdtNode;
use libfdt::FdtNodeMut;
+use libfdt::Phandle;
use log::debug;
use log::error;
use log::info;
@@ -57,6 +59,8 @@
InvalidCpuCount(usize),
/// Invalid VCpufreq Range.
InvalidVcpufreq(u64, u64),
+ /// Forbidden /avf/untrusted property.
+ ForbiddenUntrustedProp(&'static CStr),
}
impl fmt::Display for FdtValidationError {
@@ -66,6 +70,9 @@
Self::InvalidVcpufreq(addr, size) => {
write!(f, "Invalid vcpufreq region: ({addr:#x}, {size:#x})")
}
+ Self::ForbiddenUntrustedProp(name) => {
+ write!(f, "Forbidden /avf/untrusted property '{name:?}'")
+ }
}
}
}
@@ -178,10 +185,10 @@
.setprop_inplace(cstr!("reg"), [addr.to_be(), size.to_be()].as_bytes())
}
-//TODO: Need to add info for cpu capacity
#[derive(Debug, Default)]
struct CpuInfo {
opptable_info: Option<ArrayVec<[u64; CpuInfo::MAX_OPPTABLES]>>,
+ cpu_capacity: Option<u32>,
}
impl CpuInfo {
@@ -200,10 +207,64 @@
Ok(table)
}
-fn read_cpu_info_from(fdt: &Fdt) -> libfdt::Result<ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>> {
+#[derive(Debug, Default)]
+struct ClusterTopology {
+ // TODO: Support multi-level clusters & threads.
+ cores: [Option<usize>; ClusterTopology::MAX_CORES_PER_CLUSTER],
+}
+
+impl ClusterTopology {
+ const MAX_CORES_PER_CLUSTER: usize = 6;
+}
+
+#[derive(Debug, Default)]
+struct CpuTopology {
+ // TODO: Support sockets.
+ clusters: [Option<ClusterTopology>; CpuTopology::MAX_CLUSTERS],
+}
+
+impl CpuTopology {
+ const MAX_CLUSTERS: usize = 3;
+}
+
+fn read_cpu_map_from(fdt: &Fdt) -> libfdt::Result<Option<BTreeMap<Phandle, (usize, usize)>>> {
+ let Some(cpu_map) = fdt.node(cstr!("/cpus/cpu-map"))? else {
+ return Ok(None);
+ };
+
+ let mut topology = BTreeMap::new();
+ for n in 0..CpuTopology::MAX_CLUSTERS {
+ let name = CString::new(format!("cluster{n}")).unwrap();
+ let Some(cluster) = cpu_map.subnode(&name)? else {
+ break;
+ };
+ for m in 0..ClusterTopology::MAX_CORES_PER_CLUSTER {
+ let name = CString::new(format!("core{m}")).unwrap();
+ let Some(core) = cluster.subnode(&name)? else {
+ break;
+ };
+ let cpu = core.getprop_u32(cstr!("cpu"))?.ok_or(FdtError::NotFound)?;
+ let prev = topology.insert(cpu.try_into()?, (n, m));
+ if prev.is_some() {
+ return Err(FdtError::BadValue);
+ }
+ }
+ }
+
+ Ok(Some(topology))
+}
+
+fn read_cpu_info_from(
+ fdt: &Fdt,
+) -> libfdt::Result<(ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>, Option<CpuTopology>)> {
let mut cpus = ArrayVec::new();
+
+ let cpu_map = read_cpu_map_from(fdt)?;
+ let mut topology: CpuTopology = Default::default();
+
let mut cpu_nodes = fdt.compatible_nodes(cstr!("arm,arm-v8"))?;
- for cpu in cpu_nodes.by_ref().take(cpus.capacity()) {
+ for (idx, cpu) in cpu_nodes.by_ref().take(cpus.capacity()).enumerate() {
+ let cpu_capacity = cpu.getprop_u32(cstr!("capacity-dmips-mhz"))?;
let opp_phandle = cpu.getprop_u32(cstr!("operating-points-v2"))?;
let opptable_info = if let Some(phandle) = opp_phandle {
let phandle = phandle.try_into()?;
@@ -212,21 +273,31 @@
} else {
None
};
- let info = CpuInfo { opptable_info };
+ let info = CpuInfo { opptable_info, cpu_capacity };
cpus.push(info);
+
+ if let Some(ref cpu_map) = cpu_map {
+ let phandle = cpu.get_phandle()?.ok_or(FdtError::NotFound)?;
+ let (cluster, core_idx) = cpu_map.get(&phandle).ok_or(FdtError::BadValue)?;
+ let cluster = topology.clusters[*cluster].get_or_insert(Default::default());
+ if cluster.cores[*core_idx].is_some() {
+ return Err(FdtError::BadValue);
+ }
+ cluster.cores[*core_idx] = Some(idx);
+ }
}
+
if cpu_nodes.next().is_some() {
warn!("DT has more than {} CPU nodes: discarding extra nodes.", cpus.capacity());
}
- Ok(cpus)
+ Ok((cpus, cpu_map.map(|_| topology)))
}
fn validate_cpu_info(cpus: &[CpuInfo]) -> Result<(), FdtValidationError> {
if cpus.is_empty() {
return Err(FdtValidationError::InvalidCpuCount(0));
}
-
Ok(())
}
@@ -304,19 +375,74 @@
Ok(node)
}
-fn patch_cpus(fdt: &mut Fdt, cpus: &[CpuInfo]) -> libfdt::Result<()> {
+fn patch_cpus(
+ fdt: &mut Fdt,
+ cpus: &[CpuInfo],
+ topology: &Option<CpuTopology>,
+) -> libfdt::Result<()> {
const COMPAT: &CStr = cstr!("arm,arm-v8");
+ let mut cpu_phandles = Vec::new();
for (idx, cpu) in cpus.iter().enumerate() {
- let cur = get_nth_compatible(fdt, idx, COMPAT)?.ok_or(FdtError::NoSpace)?;
+ let mut cur = get_nth_compatible(fdt, idx, COMPAT)?.ok_or(FdtError::NoSpace)?;
+ let phandle = cur.as_node().get_phandle()?.unwrap();
+ cpu_phandles.push(phandle);
+ if let Some(cpu_capacity) = cpu.cpu_capacity {
+ cur.setprop_inplace(cstr!("capacity-dmips-mhz"), &cpu_capacity.to_be_bytes())?;
+ }
patch_opptable(cur, cpu.opptable_info)?;
}
let mut next = get_nth_compatible(fdt, cpus.len(), COMPAT)?;
while let Some(current) = next {
next = current.delete_and_next_compatible(COMPAT)?;
}
+
+ if let Some(topology) = topology {
+ for (n, cluster) in topology.clusters.iter().enumerate() {
+ let path = CString::new(format!("/cpus/cpu-map/cluster{n}")).unwrap();
+ let cluster_node = fdt.node_mut(&path)?.unwrap();
+ if let Some(cluster) = cluster {
+ let mut iter = cluster_node.first_subnode()?;
+ for core in cluster.cores {
+ let mut core_node = iter.unwrap();
+ iter = if let Some(core_idx) = core {
+ let phandle = *cpu_phandles.get(core_idx).unwrap();
+ let value = u32::from(phandle).to_be_bytes();
+ core_node.setprop_inplace(cstr!("cpu"), &value)?;
+ core_node.next_subnode()?
+ } else {
+ core_node.delete_and_next_subnode()?
+ };
+ }
+ assert!(iter.is_none());
+ } else {
+ cluster_node.nop()?;
+ }
+ }
+ } else {
+ fdt.node_mut(cstr!("/cpus/cpu-map"))?.unwrap().nop()?;
+ }
+
Ok(())
}
+/// Reads the /avf/untrusted DT node, which the host can use to pass properties (no subnodes) to
+/// the guest that don't require being validated by pvmfw.
+fn parse_untrusted_props(fdt: &Fdt) -> libfdt::Result<BTreeMap<CString, Vec<u8>>> {
+ let mut props = BTreeMap::new();
+ if let Some(node) = fdt.node(cstr!("/avf/untrusted"))? {
+ for property in node.properties()? {
+ let name = property.name()?;
+ let value = property.value()?;
+ props.insert(CString::from(name), value.to_vec());
+ }
+ if node.subnodes()?.next().is_some() {
+ warn!("Discarding unexpected /avf/untrusted subnodes.");
+ }
+ }
+
+ Ok(props)
+}
+
/// Read candidate properties' names from DT which could be overlaid
fn parse_vm_ref_dt(fdt: &Fdt) -> libfdt::Result<BTreeMap<CString, Vec<u8>>> {
let mut property_map = BTreeMap::new();
@@ -333,6 +459,19 @@
Ok(property_map)
}
+fn validate_untrusted_props(props: &BTreeMap<CString, Vec<u8>>) -> Result<(), FdtValidationError> {
+ const FORBIDDEN_PROPS: &[&CStr] =
+ &[cstr!("compatible"), cstr!("linux,phandle"), cstr!("phandle")];
+
+ for name in FORBIDDEN_PROPS {
+ if props.contains_key(*name) {
+ return Err(FdtValidationError::ForbiddenUntrustedProp(name));
+ }
+ }
+
+ Ok(())
+}
+
/// Overlay VM reference DT into VM DT based on the props_info. Property is overlaid in vm_dt only
/// when it exists both in vm_ref_dt and props_info. If the values mismatch, it returns error.
fn validate_vm_ref_dt(
@@ -340,7 +479,7 @@
vm_ref_dt: &Fdt,
props_info: &BTreeMap<CString, Vec<u8>>,
) -> libfdt::Result<()> {
- let mut root_vm_dt = vm_dt.root_mut()?;
+ let root_vm_dt = vm_dt.root_mut()?;
let mut avf_vm_dt = root_vm_dt.add_subnode(cstr!("avf"))?;
// TODO(b/318431677): Validate nodes beyond /avf.
let avf_node = vm_ref_dt.node(cstr!("/avf"))?.ok_or(FdtError::NotFound)?;
@@ -734,6 +873,23 @@
node.setprop_inplace(cstr!("interrupts"), value.as_bytes())
}
+fn patch_untrusted_props(fdt: &mut Fdt, props: &BTreeMap<CString, Vec<u8>>) -> libfdt::Result<()> {
+ let avf_node = if let Some(node) = fdt.node_mut(cstr!("/avf"))? {
+ node
+ } else {
+ fdt.root_mut()?.add_subnode(cstr!("avf"))?
+ };
+
+ // The node shouldn't already be present; if it is, return the error.
+ let mut node = avf_node.add_subnode(cstr!("untrusted"))?;
+
+ for (name, value) in props {
+ node.setprop(name, value)?;
+ }
+
+ Ok(())
+}
+
#[derive(Debug)]
struct VcpufreqInfo {
addr: u64,
@@ -756,10 +912,12 @@
pub memory_range: Range<usize>,
bootargs: Option<CString>,
cpus: ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>,
+ cpu_topology: Option<CpuTopology>,
pci_info: PciInfo,
serial_info: SerialInfo,
pub swiotlb_info: SwiotlbInfo,
device_assignment: Option<DeviceAssignmentInfo>,
+ untrusted_props: BTreeMap<CString, Vec<u8>>,
vm_ref_dt_props_info: BTreeMap<CString, Vec<u8>>,
vcpufreq_info: Option<VcpufreqInfo>,
}
@@ -865,7 +1023,7 @@
RebootReason::InvalidFdt
})?;
- let cpus = read_cpu_info_from(fdt).map_err(|e| {
+ let (cpus, cpu_topology) = read_cpu_info_from(fdt).map_err(|e| {
error!("Failed to read CPU info from DT: {e}");
RebootReason::InvalidFdt
})?;
@@ -919,6 +1077,15 @@
None => None,
};
+ let untrusted_props = parse_untrusted_props(fdt).map_err(|e| {
+ error!("Failed to read untrusted properties: {e}");
+ RebootReason::InvalidFdt
+ })?;
+ validate_untrusted_props(&untrusted_props).map_err(|e| {
+ error!("Failed to validate untrusted properties: {e}");
+ RebootReason::InvalidFdt
+ })?;
+
let vm_ref_dt_props_info = parse_vm_ref_dt(fdt).map_err(|e| {
error!("Failed to read names of properties under /avf from DT: {e}");
RebootReason::InvalidFdt
@@ -930,10 +1097,12 @@
memory_range,
bootargs,
cpus,
+ cpu_topology,
pci_info,
serial_info,
swiotlb_info,
device_assignment,
+ untrusted_props,
vm_ref_dt_props_info,
vcpufreq_info,
})
@@ -956,7 +1125,7 @@
RebootReason::InvalidFdt
})?;
}
- patch_cpus(fdt, &info.cpus).map_err(|e| {
+ patch_cpus(fdt, &info.cpus, &info.cpu_topology).map_err(|e| {
error!("Failed to patch cpus to DT: {e}");
RebootReason::InvalidFdt
})?;
@@ -992,6 +1161,10 @@
RebootReason::InvalidFdt
})?;
}
+ patch_untrusted_props(fdt, &info.untrusted_props).map_err(|e| {
+ error!("Failed to patch untrusted properties: {e}");
+ RebootReason::InvalidFdt
+ })?;
Ok(())
}
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index ad9b776..48b69b3 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -177,7 +177,9 @@
let mut vsock_stream = VsockStream::new(socket_device, host_addr())?;
while let ServiceVmRequest::Process(req) = vsock_stream.read_request()? {
+ info!("Received request: {}", req.name());
let response = process_request(req, bcc_handover.as_ref());
+ info!("Sending response: {}", response.name());
vsock_stream.write_response(&response)?;
vsock_stream.flush()?;
}
diff --git a/service_vm/comm/src/message.rs b/service_vm/comm/src/message.rs
index 80a9608..9f83b78 100644
--- a/service_vm/comm/src/message.rs
+++ b/service_vm/comm/src/message.rs
@@ -56,6 +56,18 @@
RequestClientVmAttestation(ClientVmAttestationParams),
}
+impl Request {
+ /// Returns the name of the request.
+ pub fn name(&self) -> &'static str {
+ match self {
+ Self::Reverse(_) => "Reverse",
+ Self::GenerateEcdsaP256KeyPair => "GenerateEcdsaP256KeyPair",
+ Self::GenerateCertificateRequest(_) => "GenerateCertificateRequest",
+ Self::RequestClientVmAttestation(_) => "RequestClientVmAttestation",
+ }
+ }
+}
+
/// Represents the params passed to `Request::RequestClientVmAttestation`.
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ClientVmAttestationParams {
@@ -98,6 +110,19 @@
Err(RequestProcessingError),
}
+impl Response {
+ /// Returns the name of the response.
+ pub fn name(&self) -> &'static str {
+ match self {
+ Self::Reverse(_) => "Reverse",
+ Self::GenerateEcdsaP256KeyPair(_) => "GenerateEcdsaP256KeyPair",
+ Self::GenerateCertificateRequest(_) => "GenerateCertificateRequest",
+ Self::RequestClientVmAttestation(_) => "RequestClientVmAttestation",
+ Self::Err(_) => "Err",
+ }
+ }
+}
+
/// Errors related to request processing.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum RequestProcessingError {
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index 2d52732..ba02067 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -276,9 +276,9 @@
(builder) -> builder);
}
- @Test
- public void testMicrodroidDebugBootTime_withVendorPartition() throws Exception {
- assume().withMessage("Cuttlefish doesn't support device tree under" + " /proc/device-tree")
+ private void testMicrodroidDebugBootTime_withVendorBase(File vendorDiskImage) throws Exception {
+ // TODO(b/325094712): Boot fails with vendor partition in Cuttlefish.
+ assume().withMessage("Cuttlefish doesn't support device tree under /proc/device-tree")
.that(isCuttlefish())
.isFalse();
// TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
@@ -287,11 +287,6 @@
.that(isHwasan())
.isFalse();
assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
-
- File vendorDiskImage = new File("/vendor/etc/avf/microdroid/microdroid_vendor.img");
- assume().withMessage("Microdroid vendor image doesn't exist, skip")
- .that(vendorDiskImage.exists())
- .isTrue();
runBootTimeTest(
"test_vm_boot_time_debug_with_vendor_partition",
"assets/" + os() + "/vm_config.json",
@@ -300,6 +295,27 @@
}
@Test
+ public void testMicrodroidDebugBootTime_withVendorPartition() throws Exception {
+ File vendorDiskImage = new File("/vendor/etc/avf/microdroid/microdroid_vendor.img");
+ assume().withMessage("Microdroid vendor image doesn't exist, skip")
+ .that(vendorDiskImage.exists())
+ .isTrue();
+ testMicrodroidDebugBootTime_withVendorBase(vendorDiskImage);
+ }
+
+ @Test
+ public void testMicrodroidDebugBootTime_withCustomVendorPartition() throws Exception {
+ assume().withMessage(
+ "Skip test for protected VM, pvmfw config data doesn't contain any"
+ + " information of test images, such as root digest.")
+ .that(mProtectedVm)
+ .isFalse();
+ File vendorDiskImage =
+ new File("/data/local/tmp/microdroid-bench/microdroid_vendor_image.img");
+ testMicrodroidDebugBootTime_withVendorBase(vendorDiskImage);
+ }
+
+ @Test
public void testMicrodroidImageSize() throws IOException {
Bundle bundle = new Bundle();
for (File file : new File(APEX_ETC_FS).listFiles()) {
@@ -415,8 +431,9 @@
long guestRss = 0;
long guestPss = 0;
boolean hasGuestMaps = false;
- for (ProcessUtil.SMapEntry entry :
- ProcessUtil.getProcessSmaps(vmPid, shellExecutor)) {
+ List<ProcessUtil.SMapEntry> smaps =
+ ProcessUtil.getProcessSmaps(vmPid, shellExecutor);
+ for (ProcessUtil.SMapEntry entry : smaps) {
long rss = entry.metrics.get("Rss");
long pss = entry.metrics.get("Pss");
if (entry.name.contains("crosvm_guest")) {
@@ -429,8 +446,12 @@
}
}
if (!hasGuestMaps) {
+ StringBuilder sb = new StringBuilder();
+ for (ProcessUtil.SMapEntry entry : smaps) {
+ sb.append(entry.toString());
+ }
throw new IllegalStateException(
- "found no crosvm_guest smap entry in crosvm process");
+ "found no crosvm_guest smap entry in crosvm process: " + sb);
}
mHostRss = hostRss;
mHostPss = hostPss;
diff --git a/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java b/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
index c72d91e..e058674 100644
--- a/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
+++ b/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
@@ -33,13 +33,24 @@
public static class SMapEntry {
public String name;
public Map<String, Long> metrics;
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ sb.append("name: " + name + "\n");
+ metrics.forEach(
+ (k, v) -> {
+ sb.append(" " + k + ": " + v + "\n");
+ });
+ return sb.toString();
+ }
}
/** Gets metrics key and values mapping of specified process id */
public static List<SMapEntry> getProcessSmaps(int pid, Function<String, String> shellExecutor)
throws IOException {
String path = "/proc/" + pid + "/smaps";
- return parseMemoryInfo(shellExecutor.apply("cat " + path + " || true"));
+ return parseMemoryInfo(shellExecutor.apply("cat " + path));
}
/** Gets metrics key and values mapping of specified process id */
diff --git a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
index 8e11218..2c92f04 100644
--- a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
+++ b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
@@ -21,6 +21,7 @@
import static com.google.common.truth.TruthJUnit.assume;
import static org.junit.Assume.assumeTrue;
+import static org.junit.Assume.assumeFalse;
import android.app.Instrumentation;
import android.app.UiAutomation;
@@ -62,6 +63,7 @@
private static final String TAG = "MicrodroidDeviceTestBase";
private final String MAX_PERFORMANCE_TASK_PROFILE = "CPUSET_SP_TOP_APP";
+ protected static final String KERNEL_VERSION = SystemProperties.get("ro.kernel.version");
protected static final Set<String> SUPPORTED_GKI_VERSIONS =
Collections.unmodifiableSet(new HashSet(Arrays.asList("android14-6.1")));
@@ -110,7 +112,7 @@
}
}
- private Context mCtx;
+ private final Context mCtx = ApplicationProvider.getApplicationContext();
private boolean mProtectedVm;
private String mGki;
@@ -165,10 +167,7 @@
}
public void prepareTestSetup(boolean protectedVm, String gki) {
- mCtx = ApplicationProvider.getApplicationContext();
- assume().withMessage("Device doesn't support AVF")
- .that(mCtx.getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK))
- .isTrue();
+ assumeFeatureVirtualizationFramework();
mProtectedVm = protectedVm;
mGki = gki;
@@ -194,6 +193,18 @@
}
}
+ protected void assumeFeatureVirtualizationFramework() {
+ assume().withMessage("Device doesn't support AVF")
+ .that(mCtx.getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK))
+ .isTrue();
+ }
+
+ protected void assumeSupportedDevice() {
+ assume().withMessage("Skip on 5.4 kernel. b/218303240")
+ .that(KERNEL_VERSION)
+ .isNotEqualTo("5.4");
+ }
+
public abstract static class VmEventListener implements VirtualMachineCallback {
private ExecutorService mExecutorService = Executors.newSingleThreadExecutor();
private OptionalLong mVcpuStartedNanoTime = OptionalLong.empty();
@@ -601,4 +612,8 @@
protected void assumeProtectedVM() {
assumeTrue("Skip on non-protected VM", mProtectedVm);
}
+
+ protected void assumeNonProtectedVM() {
+ assumeFalse("Skip on protected VM", mProtectedVm);
+ }
}
diff --git a/tests/hostside/Android.bp b/tests/hostside/Android.bp
index e3d9cbe..13a9925 100644
--- a/tests/hostside/Android.bp
+++ b/tests/hostside/Android.bp
@@ -37,6 +37,8 @@
"lpunpack",
"sign_virt_apex",
"simg2img",
+ "dtdiff",
+ "dtc", // for dtdiff
],
// java_test_host doesn't have data_native_libs but jni_libs can be used to put
// native modules under ./lib directory.
@@ -51,5 +53,6 @@
"liblp",
"libsparse",
"libz",
+ "libfdt", // for dtc
],
}
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 0810ce0..0901fd4 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -47,6 +47,7 @@
import com.android.tradefed.device.TestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner.TestMetrics;
import com.android.tradefed.util.CommandResult;
+import com.android.tradefed.util.CommandStatus;
import com.android.tradefed.util.FileUtil;
import com.android.tradefed.util.RunUtil;
import com.android.tradefed.util.xml.AbstractXmlParser;
@@ -986,23 +987,71 @@
@Test
public void testDeviceAssignment() throws Exception {
- assumeProtectedVm();
+ // Check for preconditions
assumeVfioPlatformSupported();
List<String> devices = getAssignableDevices();
assumeFalse("no assignable devices", devices.isEmpty());
+ String vmFdtPath = "/sys/firmware/fdt";
+ File testDir = FileUtil.createTempDir("device_assignment_test");
+ File baseFdtFile = new File(testDir, "base_fdt.dtb");
+ File fdtFile = new File(testDir, "fdt.dtb");
+
+ // Generates baseline DT
+ launchWithDeviceAssignment(/* device= */ null);
+ assertThat(mMicrodroidDevice.pullFile(vmFdtPath, baseFdtFile)).isTrue();
+ getAndroidDevice().shutdownMicrodroid(mMicrodroidDevice);
+
+ // Prepares to run dtdiff. It requires dtc.
+ File dtdiff = findTestFile("dtdiff");
+ RunUtil runner = new RunUtil();
+ String separator = System.getProperty("path.separator");
+ String path = dtdiff.getParent() + separator + System.getenv("PATH");
+ runner.setEnvVariable("PATH", path);
+
+ // Try assign devices one by one
+ for (String device : devices) {
+ assertThat(device).isNotNull();
+ launchWithDeviceAssignment(device);
+ assertThat(mMicrodroidDevice.pullFile(vmFdtPath, fdtFile)).isTrue();
+ getAndroidDevice().shutdownMicrodroid(mMicrodroidDevice);
+
+ CommandResult result =
+ runner.runTimedCmd(
+ 500,
+ dtdiff.getAbsolutePath(),
+ baseFdtFile.getPath(),
+ fdtFile.getPath());
+
+ assertWithMessage(
+ "VM's device tree hasn't changed when assigning "
+ + device
+ + ", result="
+ + result)
+ .that(result.getStatus())
+ .isNotEqualTo(CommandStatus.SUCCESS);
+ }
+
+ mMicrodroidDevice = null;
+ }
+
+ private void launchWithDeviceAssignment(String device) throws Exception {
final String configPath = "assets/" + mOs + "/vm_config.json";
- mMicrodroidDevice =
+
+ MicrodroidBuilder builder =
MicrodroidBuilder.fromDevicePath(getPathForPackage(PACKAGE_NAME), configPath)
.debugLevel("full")
.memoryMib(minMemorySize())
.cpuTopology("match_host")
- .protectedVm(true)
- .addAssignableDevice(devices.get(0))
- .build(getAndroidDevice());
+ .protectedVm(mProtectedVm);
+ if (device != null) {
+ builder.addAssignableDevice(device);
+ }
+ mMicrodroidDevice = builder.build(getAndroidDevice());
- mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT);
+ assertThat(mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT)).isTrue();
+ assertThat(mMicrodroidDevice.enableAdbRoot()).isTrue();
}
@Test
@@ -1036,6 +1085,13 @@
}
mOs = (mGki != null) ? "microdroid_gki-" + mGki : "microdroid";
+
+ new CommandRunner(getDevice())
+ .tryRun(
+ "pm",
+ "grant",
+ SHELL_PACKAGE_NAME,
+ "android.permission.USE_CUSTOM_VIRTUAL_MACHINE");
}
@After
@@ -1050,21 +1106,13 @@
mTestLogs, getDevice(), LOG_PATH, "vm.log-" + mTestName.getMethodName());
getDevice().uninstallPackage(PACKAGE_NAME);
-
- // testCustomVirtualMachinePermission revokes this permission. Grant it again as cleanup
- new CommandRunner(getDevice())
- .tryRun(
- "pm",
- "grant",
- SHELL_PACKAGE_NAME,
- "android.permission.USE_CUSTOM_VIRTUAL_MACHINE");
}
- private void assumeProtectedVm() throws Exception {
+ private void assumeProtectedVm() {
assumeTrue("This test is only for protected VM.", mProtectedVm);
}
- private void assumeNonProtectedVm() throws Exception {
+ private void assumeNonProtectedVm() {
assumeFalse("This test is only for non-protected VM.", mProtectedVm);
}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
new file mode 100644
index 0000000..eb23e21
--- /dev/null
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.microdroid.test;
+
+import static com.google.common.truth.Truth.assertWithMessage;
+
+import android.system.virtualmachine.VirtualMachineManager;
+
+import com.android.compatibility.common.util.CddTest;
+import com.android.microdroid.test.device.MicrodroidDeviceTestBase;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Test the advertised AVF capabilities include the ability to start some type of VM.
+ *
+ * <p>Tests in MicrodroidTests run on either protected or non-protected VMs, provided they are
+ * supported. If neither is they are all skipped. So we need a separate test (that doesn't call
+ * {@link #prepareTestSetup}) to make sure that at least one of these is available.
+ */
+@RunWith(JUnit4.class)
+public class MicrodroidCapabilitiesTest extends MicrodroidDeviceTestBase {
+ @Test
+ @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
+ @Ignore("b/326092480")
+ public void supportForProtectedOrNonProtectedVms() {
+ assumeSupportedDevice();
+
+ // (There's a test for devices that don't expose the system feature over in
+ // NoMicrodroidTest.)
+ assumeFeatureVirtualizationFramework();
+
+ int capabilities = getVirtualMachineManager().getCapabilities();
+ int vmCapabilities =
+ capabilities
+ & (VirtualMachineManager.CAPABILITY_PROTECTED_VM
+ | VirtualMachineManager.CAPABILITY_NON_PROTECTED_VM);
+ assertWithMessage(
+ "A device that has FEATURE_VIRTUALIZATION_FRAMEWORK must support at least"
+ + " one of protected or non-protected VMs")
+ .that(vmCapabilities)
+ .isNotEqualTo(0);
+ }
+}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 0687a7b..3b8b4ac 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -118,8 +118,6 @@
@Rule public Timeout globalTimeout = Timeout.seconds(300);
- private static final String KERNEL_VERSION = SystemProperties.get("ro.kernel.version");
-
@Parameterized.Parameters(name = "protectedVm={0},gki={1}")
public static Collection<Object[]> params() {
List<Object[]> ret = new ArrayList<>();
@@ -142,13 +140,17 @@
@Before
public void setup() {
prepareTestSetup(mProtectedVm, mGki);
- // USE_CUSTOM_VIRTUAL_MACHINE permission has protection level signature|development, meaning
- // that it will be automatically granted when test apk is installed. We have some tests
- // checking the behavior when caller doesn't have this permission (e.g.
- // createVmWithConfigRequiresPermission). Proactively revoke the permission so that such
- // tests can pass when ran by itself, e.g.:
- // atest com.android.microdroid.test.MicrodroidTests#createVmWithConfigRequiresPermission
- revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ if (mGki != null) {
+ // Using a non-default VM always needs the custom permission.
+ grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ } else {
+ // USE_CUSTOM_VIRTUAL_MACHINE permission has protection level signature|development,
+ // meaning that it will be automatically granted when test apk is installed.
+ // But most callers shouldn't need this permission, so by default we run tests with it
+ // revoked.
+ // Tests that rely on the state of the permission should explicitly grant or revoke it.
+ revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ }
}
@After
@@ -590,6 +592,9 @@
.isFalse();
assertConfigCompatible(baseline, newBaselineBuilder().setPayloadBinaryName("different"))
.isFalse();
+ assertConfigCompatible(
+ baseline, newBaselineBuilder().setVendorDiskImage(new File("/foo/bar")))
+ .isFalse();
int capabilities = getVirtualMachineManager().getCapabilities();
if ((capabilities & CAPABILITY_PROTECTED_VM) != 0
&& (capabilities & CAPABILITY_NON_PROTECTED_VM) != 0) {
@@ -639,6 +644,7 @@
VirtualMachineConfig.Builder otherOsBuilder =
newBaselineBuilder().setOs("microdroid_gki-android14-6.1");
assertConfigCompatible(microdroidOsConfig, otherOsBuilder).isFalse();
+
}
private VirtualMachineConfig.Builder newBaselineBuilder() {
@@ -778,6 +784,7 @@
})
public void createVmWithConfigRequiresPermission() throws Exception {
assumeSupportedDevice();
+ revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
VirtualMachineConfig config =
newVmConfigBuilderWithPayloadConfig("assets/" + os() + "/vm_config.json")
@@ -2126,28 +2133,34 @@
}
}
- @Test
- public void configuringVendorDiskImageRequiresCustomPermission() throws Exception {
+ private VirtualMachineConfig buildVmConfigWithVendor(File vendorDiskImage) throws Exception {
assumeSupportedDevice();
+ // TODO(b/325094712): Boot fails with vendor partition in Cuttlefish.
assumeFalse(
"Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
- // TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
+ // TODO(b/317567210): Boot fails with vendor partition in HWASAN enabled microdroid
// after introducing verification based on DT and fstab in microdroid vendor partition.
assumeFalse(
"boot with vendor partition is failing in HWASAN enabled Microdroid.", isHwasan());
assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
-
- File vendorDiskImage =
- new File("/data/local/tmp/cts/microdroid/test_microdroid_vendor_image.img");
VirtualMachineConfig config =
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setVendorDiskImage(vendorDiskImage)
.setDebugLevel(DEBUG_LEVEL_FULL)
.build();
+ grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ return config;
+ }
+
+ @Test
+ public void configuringVendorDiskImageRequiresCustomPermission() throws Exception {
+ File vendorDiskImage =
+ new File("/data/local/tmp/cts/microdroid/test_microdroid_vendor_image.img");
+ VirtualMachineConfig config = buildVmConfigWithVendor(vendorDiskImage);
+ revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
VirtualMachine vm =
forceCreateNewVirtualMachine("test_vendor_image_req_custom_permission", config);
-
SecurityException e =
assertThrows(
SecurityException.class, () -> runVmTestService(TAG, vm, (ts, tr) -> {}));
@@ -2158,27 +2171,11 @@
@Test
public void bootsWithVendorPartition() throws Exception {
- assumeSupportedDevice();
- assumeFalse(
- "Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
- // TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
- // after introducing verification based on DT and fstab in microdroid vendor partition.
- assumeFalse(
- "Boot with vendor partition is failing in HWASAN enabled Microdroid.", isHwasan());
- assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
-
- grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
-
File vendorDiskImage = new File("/vendor/etc/avf/microdroid/microdroid_vendor.img");
assumeTrue("Microdroid vendor image doesn't exist, skip", vendorDiskImage.exists());
- VirtualMachineConfig config =
- newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
- .setVendorDiskImage(vendorDiskImage)
- .setDebugLevel(DEBUG_LEVEL_FULL)
- .build();
+ VirtualMachineConfig config = buildVmConfigWithVendor(vendorDiskImage);
VirtualMachine vm = forceCreateNewVirtualMachine("test_boot_with_vendor", config);
-
TestResults testResults =
runVmTestService(
TAG,
@@ -2186,40 +2183,57 @@
(ts, tr) -> {
tr.mMountFlags = ts.getMountFlags("/vendor");
});
-
assertThat(testResults.mException).isNull();
int expectedFlags = MS_NOATIME | MS_RDONLY;
assertThat(testResults.mMountFlags & expectedFlags).isEqualTo(expectedFlags);
}
@Test
- public void creationFailsWithUnsignedVendorPartition() throws Exception {
- assumeSupportedDevice();
- assumeFalse(
- "Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
- // TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
- // after introducing verification based on DT and fstab in microdroid vendor partition.
- assumeFalse(
- "boot with vendor partition is failing in HWASAN enabled Microdroid.", isHwasan());
- assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
+ public void bootsWithCustomVendorPartitionForNonPvm() throws Exception {
+ assumeNonProtectedVM();
+ File vendorDiskImage =
+ new File("/data/local/tmp/cts/microdroid/test_microdroid_vendor_image.img");
+ VirtualMachineConfig config = buildVmConfigWithVendor(vendorDiskImage);
- grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine("test_boot_with_custom_vendor_non_pvm", config);
+ TestResults testResults =
+ runVmTestService(
+ TAG,
+ vm,
+ (ts, tr) -> {
+ tr.mMountFlags = ts.getMountFlags("/vendor");
+ });
+ assertThat(testResults.mException).isNull();
+ int expectedFlags = MS_NOATIME | MS_RDONLY;
+ assertThat(testResults.mMountFlags & expectedFlags).isEqualTo(expectedFlags);
+ }
- File unsignedVendorDiskImage =
- new File(
- "/data/local/tmp/cts/microdroid/test_microdroid_vendor_image_unsigned.img");
- VirtualMachineConfig config =
- newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
- .setVendorDiskImage(unsignedVendorDiskImage)
- .setDebugLevel(DEBUG_LEVEL_FULL)
- .build();
+ @Test
+ public void bootFailsWithCustomVendorPartitionForPvm() throws Exception {
+ assumeProtectedVM();
+ File vendorDiskImage =
+ new File("/data/local/tmp/cts/microdroid/test_microdroid_vendor_image.img");
+ VirtualMachineConfig config = buildVmConfigWithVendor(vendorDiskImage);
- BootResult bootResult = tryBootVmWithConfig(config, "test_boot_with_unsigned_vendor");
+ BootResult bootResult = tryBootVmWithConfig(config, "test_boot_with_custom_vendor_pvm");
assertThat(bootResult.payloadStarted).isFalse();
assertThat(bootResult.deathReason).isEqualTo(VirtualMachineCallback.STOP_REASON_REBOOT);
}
@Test
+ public void creationFailsWithUnsignedVendorPartition() throws Exception {
+ File vendorDiskImage =
+ new File(
+ "/data/local/tmp/cts/microdroid/test_microdroid_vendor_image_unsigned.img");
+ VirtualMachineConfig config = buildVmConfigWithVendor(vendorDiskImage);
+
+ VirtualMachine vm = forceCreateNewVirtualMachine("test_boot_with_unsigned_vendor", config);
+ assertThrowsVmExceptionContaining(
+ () -> vm.run(), "Failed to extract vendor hashtree digest");
+ }
+
+ @Test
public void systemPartitionMountFlags() throws Exception {
assumeSupportedDevice();
@@ -2312,10 +2326,4 @@
return 0;
}
- private void assumeSupportedDevice() {
- assume()
- .withMessage("Skip on 5.4 kernel. b/218303240")
- .that(KERNEL_VERSION)
- .isNotEqualTo("5.4");
- }
}
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index 48b5cd1..d8f8209 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -32,14 +32,17 @@
"libandroid_logger",
"libanyhow",
"libapkverify",
+ "libavf_features",
"libavflog",
"libbase_rust",
"libbinder_rs",
+ "libcfg_if",
"libclap",
"libcstr",
"libcommand_fds",
"libdisk",
"libglob",
+ "libhex",
"libhypervisor_props",
"liblazy_static",
"liblibc",
@@ -60,6 +63,7 @@
"libshared_child",
"libstatslog_virtualization_rust",
"libtombstoned_client_rust",
+ "libvbmeta_rust",
"libvm_control",
"libvmconfig",
"libzip",
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index a2194cc..0655e5f 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -35,10 +35,6 @@
IVirtualMachine::{BnVirtualMachine, IVirtualMachine},
IVirtualMachineCallback::IVirtualMachineCallback,
IVirtualizationService::IVirtualizationService,
- IVirtualizationService::FEATURE_MULTI_TENANT,
- IVirtualizationService::FEATURE_VENDOR_MODULES,
- IVirtualizationService::FEATURE_DICE_CHANGES,
- IVirtualizationService::FEATURE_REMOTE_ATTESTATION,
MemoryTrimLevel::MemoryTrimLevel,
Partition::Partition,
PartitionType::PartitionType,
@@ -91,6 +87,7 @@
use std::os::unix::raw::pid_t;
use std::path::{Path, PathBuf};
use std::sync::{Arc, Mutex, Weak};
+use vbmeta::VbMetaImage;
use vmconfig::VmConfig;
use vsock::VsockStream;
use zip::ZipArchive;
@@ -306,19 +303,7 @@
/// Returns whether given feature is enabled
fn isFeatureEnabled(&self, feature: &str) -> binder::Result<bool> {
check_manage_access()?;
-
- // This approach is quite cumbersome, but will do the work for the short term.
- // TODO(b/298012279): make this scalable.
- match feature {
- FEATURE_DICE_CHANGES => Ok(cfg!(dice_changes)),
- FEATURE_MULTI_TENANT => Ok(cfg!(multi_tenant)),
- FEATURE_REMOTE_ATTESTATION => Ok(cfg!(remote_attestation)),
- FEATURE_VENDOR_MODULES => Ok(cfg!(vendor_modules)),
- _ => {
- warn!("unknown feature {feature}");
- Ok(false)
- }
- }
+ Ok(avf_features::is_feature_enabled(feature))
}
fn enableTestAttestation(&self) -> binder::Result<()> {
@@ -397,6 +382,23 @@
None
};
+ let vendor_hashtree_digest = extract_vendor_hashtree_digest(config)
+ .context("Failed to extract vendor hashtree digest")
+ .or_service_specific_exception(-1)?;
+
+ let trusted_props = if let Some(ref vendor_hashtree_digest) = vendor_hashtree_digest {
+ info!(
+ "Passing vendor hashtree digest to pvmfw. This will be rejected if it doesn't \
+ match the trusted digest in the pvmfw config, causing the VM to fail to start."
+ );
+ vec![(
+ cstr!("vendor_hashtree_descriptor_root_digest"),
+ vendor_hashtree_digest.as_slice(),
+ )]
+ } else {
+ vec![]
+ };
+
let untrusted_props = if cfg!(llpvm_changes) {
// TODO(b/291213394): Replace this with a per-VM instance Id.
let instance_id = b"sixtyfourbyteslonghardcoded_indeed_sixtyfourbyteslonghardcoded_h";
@@ -405,17 +407,23 @@
vec![]
};
- let device_tree_overlay = if host_ref_dt.is_some() || !untrusted_props.is_empty() {
- let dt_output = temporary_directory.join(VM_DT_OVERLAY_PATH);
- let mut data = [0_u8; VM_DT_OVERLAY_MAX_SIZE];
- let fdt = create_device_tree_overlay(&mut data, host_ref_dt, &untrusted_props)
+ let device_tree_overlay =
+ if host_ref_dt.is_some() || !untrusted_props.is_empty() || !trusted_props.is_empty() {
+ let dt_output = temporary_directory.join(VM_DT_OVERLAY_PATH);
+ let mut data = [0_u8; VM_DT_OVERLAY_MAX_SIZE];
+ let fdt = create_device_tree_overlay(
+ &mut data,
+ host_ref_dt,
+ &untrusted_props,
+ &trusted_props,
+ )
.map_err(|e| anyhow!("Failed to create DT overlay, {e:?}"))
.or_service_specific_exception(-1)?;
- fs::write(&dt_output, fdt.as_slice()).or_service_specific_exception(-1)?;
- Some(File::open(dt_output).or_service_specific_exception(-1)?)
- } else {
- None
- };
+ fs::write(&dt_output, fdt.as_slice()).or_service_specific_exception(-1)?;
+ Some(File::open(dt_output).or_service_specific_exception(-1)?)
+ } else {
+ None
+ };
let debug_level = match config {
VirtualMachineConfig::AppConfig(config) => config.debugLevel,
@@ -554,7 +562,6 @@
memory_mib: config.memoryMib.try_into().ok().and_then(NonZeroU32::new),
cpus,
host_cpu_topology,
- task_profiles: config.taskProfiles.clone(),
console_out_fd,
console_in_fd,
log_fd,
@@ -603,16 +610,46 @@
} else {
// Additional custom features not included in CustomConfig:
// - specifying a config file;
- // - specifying extra APKs.
+ // - specifying extra APKs;
+ // - specifying an OS other than Microdroid.
match &config.payload {
Payload::ConfigPath(_) => true,
- Payload::PayloadConfig(payload_config) => !payload_config.extraApks.is_empty(),
+ Payload::PayloadConfig(payload_config) => {
+ !payload_config.extraApks.is_empty()
+ || payload_config.osName != MICRODROID_OS_NAME
+ }
}
}
}
}
}
+fn extract_vendor_hashtree_digest(config: &VirtualMachineConfig) -> Result<Option<Vec<u8>>> {
+ let VirtualMachineConfig::AppConfig(config) = config else {
+ return Ok(None);
+ };
+ let Some(custom_config) = &config.customConfig else {
+ return Ok(None);
+ };
+ let Some(file) = custom_config.vendorImage.as_ref() else {
+ return Ok(None);
+ };
+
+ let file = clone_file(file)?;
+ let size =
+ file.metadata().context("Failed to get metadata from microdroid vendor image")?.len();
+ let vbmeta = VbMetaImage::verify_reader_region(&file, 0, size)
+ .context("Failed to get vbmeta from microdroid-vendor.img")?;
+
+ for descriptor in vbmeta.descriptors()?.iter() {
+ if let vbmeta::Descriptor::Hashtree(_) = descriptor {
+ let root_digest = hex::encode(descriptor.to_hashtree()?.root_digest());
+ return Ok(Some(root_digest.as_bytes().to_vec()));
+ }
+ }
+ Err(anyhow!("No hashtree digest is extracted from microdroid vendor image"))
+}
+
fn write_zero_filler(zero_filler_path: &Path) -> Result<()> {
let file = OpenOptions::new()
.create_new(true)
@@ -782,7 +819,6 @@
if let Some(file) = custom_config.customKernelImage.as_ref() {
vm_config.kernel = Some(ParcelFileDescriptor::new(clone_file(file)?))
}
- vm_config.taskProfiles = custom_config.taskProfiles.clone();
vm_config.gdbPort = custom_config.gdbPort;
if let Some(file) = custom_config.vendorImage.as_ref() {
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 2c23441..ddd3e68 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -107,7 +107,6 @@
pub memory_mib: Option<NonZeroU32>,
pub cpus: Option<NonZeroU32>,
pub host_cpu_topology: bool,
- pub task_profiles: Vec<String>,
pub console_out_fd: Option<File>,
pub console_in_fd: Option<File>,
pub log_fd: Option<File>,
@@ -450,20 +449,20 @@
let mut vm_metric = self.vm_metric.lock().unwrap();
// Get CPU Information
- if let Ok(guest_time) = get_guest_time(pid) {
- vm_metric.cpu_guest_time = Some(guest_time);
- } else {
- error!("Failed to parse /proc/[pid]/stat");
+ match get_guest_time(pid) {
+ Ok(guest_time) => vm_metric.cpu_guest_time = Some(guest_time),
+ Err(e) => error!("Failed to get guest CPU time: {e:?}"),
}
// Get Memory Information
- if let Ok(rss) = get_rss(pid) {
- vm_metric.rss = match &vm_metric.rss {
- Some(x) => Some(Rss::extract_max(x, &rss)),
- None => Some(rss),
+ match get_rss(pid) {
+ Ok(rss) => {
+ vm_metric.rss = match &vm_metric.rss {
+ Some(x) => Some(Rss::extract_max(x, &rss)),
+ None => Some(rss),
+ }
}
- } else {
- error!("Failed to parse /proc/[pid]/smaps");
+ Err(e) => error!("Failed to get guest RSS: {}", e),
}
}
@@ -812,7 +811,11 @@
if config.host_cpu_topology {
if cfg!(virt_cpufreq) {
command.arg("--host-cpu-topology");
- command.arg("--virt-cpufreq");
+ cfg_if::cfg_if! {
+ if #[cfg(any(target_arch = "aarch64"))] {
+ command.arg("--virt-cpufreq");
+ }
+ }
} else if let Some(cpus) = get_num_cpus() {
command.arg("--cpus").arg(cpus.to_string());
} else {
@@ -820,10 +823,6 @@
}
}
- if !config.task_profiles.is_empty() {
- command.arg("--task-profiles").arg(config.task_profiles.join(","));
- }
-
if let Some(gdb_port) = config.gdb_port {
command.arg("--gdb").arg(gdb_port.to_string());
}
diff --git a/virtualizationmanager/src/dt_overlay.rs b/virtualizationmanager/src/dt_overlay.rs
index 83f7734..b39ba3a 100644
--- a/virtualizationmanager/src/dt_overlay.rs
+++ b/virtualizationmanager/src/dt_overlay.rs
@@ -31,15 +31,18 @@
/// * `dt_path` - (Optional) Path to (proc style) device tree to be included in the overlay.
/// * `untrusted_props` - Include a property in /avf/untrusted node. This node is used to specify
/// host provided properties such as `instance-id`.
+/// * `trusted_props` - Include a property in /avf node. This overwrites nodes included with
+/// `dt_path`. In pVM, pvmfw will reject if it doesn't match the value in pvmfw config.
///
-/// Example: with `create_device_tree_overlay(_, _, [("instance-id", _),])`
+/// Example: with `create_device_tree_overlay(_, _, [("instance-id", _),], [("digest", _),])`
/// ```
/// {
/// fragment@0 {
/// target-path = "/";
/// __overlay__ {
/// avf {
-/// untrusted { instance-id = [0x01 0x23 .. ] }
+/// digest = [ 0xaa 0xbb .. ]
+/// untrusted { instance-id = [ 0x01 0x23 .. ] }
/// }
/// };
/// };
@@ -50,37 +53,54 @@
buffer: &'a mut [u8],
dt_path: Option<&'a Path>,
untrusted_props: &[(&'a CStr, &'a [u8])],
+ trusted_props: &[(&'a CStr, &'a [u8])],
) -> Result<&'a mut Fdt> {
- if dt_path.is_none() && untrusted_props.is_empty() {
+ if dt_path.is_none() && untrusted_props.is_empty() && trusted_props.is_empty() {
return Err(anyhow!("Expected at least one device tree addition"));
}
let fdt =
Fdt::create_empty_tree(buffer).map_err(|e| anyhow!("Failed to create empty Fdt: {e:?}"))?;
- let mut root = fdt.root_mut().map_err(|e| anyhow!("Failed to get root: {e:?}"))?;
- let mut node =
- root.add_subnode(cstr!("fragment@0")).map_err(|e| anyhow!("Failed to fragment: {e:?}"))?;
- node.setprop(cstr!("target-path"), b"/\0")
- .map_err(|e| anyhow!("Failed to set target-path: {e:?}"))?;
- let mut node = node
+ let root = fdt.root_mut().map_err(|e| anyhow!("Failed to get root node: {e:?}"))?;
+ let mut fragment = root
+ .add_subnode(cstr!("fragment@0"))
+ .map_err(|e| anyhow!("Failed to add fragment node: {e:?}"))?;
+ fragment
+ .setprop(cstr!("target-path"), b"/\0")
+ .map_err(|e| anyhow!("Failed to set target-path property: {e:?}"))?;
+ let overlay = fragment
.add_subnode(cstr!("__overlay__"))
- .map_err(|e| anyhow!("Failed to __overlay__ node: {e:?}"))?;
+ .map_err(|e| anyhow!("Failed to add __overlay__ node: {e:?}"))?;
+ let avf =
+ overlay.add_subnode(AVF_NODE_NAME).map_err(|e| anyhow!("Failed to add avf node: {e:?}"))?;
if !untrusted_props.is_empty() {
- let mut node = node
- .add_subnode(AVF_NODE_NAME)
- .map_err(|e| anyhow!("Failed to add avf node: {e:?}"))?;
- let mut node = node
+ let mut untrusted = avf
.add_subnode(UNTRUSTED_NODE_NAME)
- .map_err(|e| anyhow!("Failed to add /avf/untrusted node: {e:?}"))?;
+ .map_err(|e| anyhow!("Failed to add untrusted node: {e:?}"))?;
for (name, value) in untrusted_props {
- node.setprop(name, value).map_err(|e| anyhow!("Failed to set property: {e:?}"))?;
+ untrusted
+ .setprop(name, value)
+ .map_err(|e| anyhow!("Failed to set untrusted property: {e:?}"))?;
}
}
+ // Read dt_path from host DT and overlay onto fdt.
if let Some(path) = dt_path {
fdt.overlay_onto(cstr!("/fragment@0/__overlay__"), path)?;
}
+
+ if !trusted_props.is_empty() {
+ let mut avf = fdt
+ .node_mut(cstr!("/fragment@0/__overlay__/avf"))
+ .map_err(|e| anyhow!("Failed to search avf node: {e:?}"))?
+ .ok_or(anyhow!("Failed to get avf node"))?;
+ for (name, value) in trusted_props {
+ avf.setprop(name, value)
+ .map_err(|e| anyhow!("Failed to set trusted property: {e:?}"))?;
+ }
+ }
+
fdt.pack().map_err(|e| anyhow!("Failed to pack DT overlay, {e:?}"))?;
Ok(fdt)
@@ -93,7 +113,7 @@
#[test]
fn empty_overlays_not_allowed() {
let mut buffer = vec![0_u8; VM_DT_OVERLAY_MAX_SIZE];
- let res = create_device_tree_overlay(&mut buffer, None, &[]);
+ let res = create_device_tree_overlay(&mut buffer, None, &[], &[]);
assert!(res.is_err());
}
@@ -103,7 +123,8 @@
let prop_name = cstr!("XOXO");
let prop_val_input = b"OXOX";
let fdt =
- create_device_tree_overlay(&mut buffer, None, &[(prop_name, prop_val_input)]).unwrap();
+ create_device_tree_overlay(&mut buffer, None, &[(prop_name, prop_val_input)], &[])
+ .unwrap();
let prop_value_dt = fdt
.node(cstr!("/fragment@0/__overlay__/avf/untrusted"))
@@ -114,4 +135,23 @@
.expect("Prop not found!");
assert_eq!(prop_value_dt, prop_val_input, "Unexpected property value");
}
+
+ #[test]
+ fn trusted_prop_test() {
+ let mut buffer = vec![0_u8; VM_DT_OVERLAY_MAX_SIZE];
+ let prop_name = cstr!("XOXOXO");
+ let prop_val_input = b"OXOXOX";
+ let fdt =
+ create_device_tree_overlay(&mut buffer, None, &[], &[(prop_name, prop_val_input)])
+ .unwrap();
+
+ let prop_value_dt = fdt
+ .node(cstr!("/fragment@0/__overlay__/avf"))
+ .unwrap()
+ .expect("/avf node doesn't exist")
+ .getprop(prop_name)
+ .unwrap()
+ .expect("Prop not found!");
+ assert_eq!(prop_value_dt, prop_val_input, "Unexpected property value");
+ }
}
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index e0bb97f..843873b 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -39,7 +39,6 @@
"libopenssl",
"librkpd_client",
"librustutils",
- "libvmclient",
"libstatslog_virtualization_rust",
"libtombstoned_client_rust",
"libvsock",
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
index 7962bc3..f7bbf55 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
@@ -23,6 +23,7 @@
interface IVirtualizationService {
const String FEATURE_DICE_CHANGES = "com.android.kvm.DICE_CHANGES";
+ const String FEATURE_LLPVM_CHANGES = "com.android.kvm.LLPVM_CHANGES";
const String FEATURE_MULTI_TENANT = "com.android.kvm.MULTI_TENANT";
const String FEATURE_REMOTE_ATTESTATION = "com.android.kvm.REMOTE_ATTESTATION";
const String FEATURE_VENDOR_MODULES = "com.android.kvm.VENDOR_MODULES";
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
index 9021055..8302a2f 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
@@ -101,11 +101,6 @@
*/
int gdbPort = 0;
- /**
- * List of task profile names to apply for the VM
- */
- String[] taskProfiles;
-
/** A disk image containing vendor specific modules. */
@nullable ParcelFileDescriptor vendorImage;
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
index 7c0ed0c..6be2833 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
@@ -60,11 +60,6 @@
@utf8InCpp String platformVersion;
/**
- * List of task profile names to apply for the VM
- */
- String[] taskProfiles;
-
- /**
* Port at which crosvm will start a gdb server to debug guest kernel.
* If set to zero, then gdb server won't be started.
*/
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index d0c5d4a..c7ae5f0 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -14,38 +14,31 @@
//! Implementation of the AIDL interface of the VirtualizationService.
-use crate::{get_calling_pid, get_calling_uid, REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME};
use crate::atom::{forward_vm_booted_atom, forward_vm_creation_atom, forward_vm_exited_atom};
-use crate::rkpvm::{request_attestation, generate_ecdsa_p256_key_pair};
use crate::remote_provisioning;
+use crate::rkpvm::{generate_ecdsa_p256_key_pair, request_attestation};
+use crate::{get_calling_pid, get_calling_uid, REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME};
use android_os_permissions_aidl::aidl::android::os::IPermissionController;
-use android_system_virtualizationcommon::aidl::android::system::virtualizationcommon::Certificate::Certificate;
-use android_system_virtualizationservice::{
- aidl::android::system::virtualizationservice::AssignableDevice::AssignableDevice,
- aidl::android::system::virtualizationservice::VirtualMachineDebugInfo::VirtualMachineDebugInfo,
- binder::ParcelFileDescriptor,
-};
-use android_system_virtualizationservice_internal::aidl::android::system::virtualizationservice_internal::{
- AtomVmBooted::AtomVmBooted,
- AtomVmCreationRequested::AtomVmCreationRequested,
- AtomVmExited::AtomVmExited,
- IBoundDevice::IBoundDevice,
- IGlobalVmContext::{BnGlobalVmContext, IGlobalVmContext},
- IVirtualizationServiceInternal::IVirtualizationServiceInternal,
- IVfioHandler::{BpVfioHandler, IVfioHandler},
- IVfioHandler::VfioDev::VfioDev,
-};
-use android_system_virtualmachineservice::aidl::android::system::virtualmachineservice::IVirtualMachineService::VM_TOMBSTONES_SERVICE_PORT;
+use android_system_virtualizationcommon::aidl::android::system::virtualizationcommon;
+use android_system_virtualizationservice::aidl::android::system::virtualizationservice;
+use android_system_virtualizationservice_internal as android_vs_internal;
+use android_system_virtualmachineservice::aidl::android::system::virtualmachineservice;
+use android_vs_internal::aidl::android::system::virtualizationservice_internal;
use anyhow::{anyhow, ensure, Context, Result};
use avflog::LogResult;
-use binder::{self, wait_for_interface, BinderFeatures, ExceptionCode, Interface, LazyServiceGuard, Status, Strong, IntoBinderResult};
-use service_vm_comm::Response;
+use binder::{
+ self, wait_for_interface, BinderFeatures, ExceptionCode, Interface, IntoBinderResult,
+ LazyServiceGuard, ParcelFileDescriptor, Status, Strong,
+};
use lazy_static::lazy_static;
use libc::VMADDR_CID_HOST;
use log::{error, info, warn};
+use nix::unistd::{chown, Uid};
+use openssl::x509::X509;
use rkpd_client::get_rkpd_attestation_key;
use rustutils::system_properties;
use serde::Deserialize;
+use service_vm_comm::Response;
use std::collections::{HashMap, HashSet};
use std::fs::{self, create_dir, remove_dir_all, remove_file, set_permissions, File, Permissions};
use std::io::{Read, Write};
@@ -54,9 +47,22 @@
use std::path::{Path, PathBuf};
use std::sync::{Arc, Mutex, Weak};
use tombstoned_client::{DebuggerdDumpType, TombstonedConnection};
+use virtualizationcommon::Certificate::Certificate;
+use virtualizationservice::{
+ AssignableDevice::AssignableDevice, VirtualMachineDebugInfo::VirtualMachineDebugInfo,
+};
+use virtualizationservice_internal::{
+ AtomVmBooted::AtomVmBooted,
+ AtomVmCreationRequested::AtomVmCreationRequested,
+ AtomVmExited::AtomVmExited,
+ IBoundDevice::IBoundDevice,
+ IGlobalVmContext::{BnGlobalVmContext, IGlobalVmContext},
+ IVfioHandler::VfioDev::VfioDev,
+ IVfioHandler::{BpVfioHandler, IVfioHandler},
+ IVirtualizationServiceInternal::IVirtualizationServiceInternal,
+};
+use virtualmachineservice::IVirtualMachineService::VM_TOMBSTONES_SERVICE_PORT;
use vsock::{VsockListener, VsockStream};
-use nix::unistd::{chown, Uid};
-use openssl::x509::X509;
/// The unique ID of a VM used (together with a port number) for vsock communication.
pub type Cid = u32;
diff --git a/virtualizationservice/src/atom.rs b/virtualizationservice/src/atom.rs
index 862646b..6e0064f 100644
--- a/virtualizationservice/src/atom.rs
+++ b/virtualizationservice/src/atom.rs
@@ -47,7 +47,6 @@
cpu_affinity: "", // deprecated
memory_mib: atom.memoryMib,
apexes: &atom.apexes,
- // TODO(seungjaeyoo) Fill information about task_profile
// TODO(seungjaeyoo) Fill information about disk_image for raw config
};
diff --git a/vm/Android.bp b/vm/Android.bp
index 04aff5e..c1d9b6b 100644
--- a/vm/Android.bp
+++ b/vm/Android.bp
@@ -12,6 +12,7 @@
rustlibs: [
"android.system.virtualizationservice-rust",
"libanyhow",
+ "libavf_features",
"libbinder_rs",
"libclap",
"libenv_logger",
diff --git a/vm/src/main.rs b/vm/src/main.rs
index de9291c..355e193 100644
--- a/vm/src/main.rs
+++ b/vm/src/main.rs
@@ -45,10 +45,6 @@
#[arg(long, default_value = "one_cpu", value_parser = parse_cpu_topology)]
cpu_topology: CpuTopology,
- /// Comma separated list of task profile names to apply to the VM
- #[arg(long)]
- task_profiles: Vec<String>,
-
/// Memory size (in MiB) of the VM. If unspecified, defaults to the value of `memory_mib`
/// in the VM config file.
#[arg(short, long)]
@@ -232,6 +228,8 @@
#[derive(Parser)]
enum Opt {
+ /// Check if the feature is enabled on device.
+ CheckFeatureEnabled { feature: String },
/// Run a virtual machine with a config in APK
RunApp {
#[command(flatten)]
@@ -304,6 +302,13 @@
virtmgr.connect().context("Failed to connect to VirtualizationService")
}
+fn command_check_feature_enabled(feature: &str) {
+ println!(
+ "Feature {feature} is {}",
+ if avf_features::is_feature_enabled(feature) { "enabled" } else { "disabled" }
+ );
+}
+
fn main() -> Result<(), Error> {
env_logger::init();
let opt = Opt::parse();
@@ -312,6 +317,10 @@
ProcessState::start_thread_pool();
match opt {
+ Opt::CheckFeatureEnabled { feature } => {
+ command_check_feature_enabled(&feature);
+ Ok(())
+ }
Opt::RunApp { config } => command_run_app(config),
Opt::RunMicrodroid { config } => command_run_microdroid(config),
Opt::Run { config } => command_run(config),
diff --git a/vm/src/run.rs b/vm/src/run.rs
index 1d2f48b..5a4a459 100644
--- a/vm/src/run.rs
+++ b/vm/src/run.rs
@@ -136,7 +136,6 @@
let custom_config = CustomConfig {
customKernelImage: None,
gdbPort: config.debug.gdb.map(u16::from).unwrap_or(0) as i32, // 0 means no gdb
- taskProfiles: config.common.task_profiles,
vendorImage: vendor,
devices: config
.microdroid
@@ -235,7 +234,6 @@
vm_config.gdbPort = gdb.get() as i32;
}
vm_config.cpuTopology = config.common.cpu_topology;
- vm_config.taskProfiles = config.common.task_profiles;
run(
get_service()?.as_ref(),
&VirtualMachineConfig::RawConfig(vm_config),
diff --git a/vm_payload/README.md b/vm_payload/README.md
index ec4dc59..419d854 100644
--- a/vm_payload/README.md
+++ b/vm_payload/README.md
@@ -9,7 +9,7 @@
available in the VM, and only 64 bit code is supported.
To create a VM and run the payload from Android see the [AVF Java
-APIs](../javalib/README.md).
+APIs](../java/framework/README.md).
## Entry point
diff --git a/vmbase/example/src/main.rs b/vmbase/example/src/main.rs
index 6f513ee..48b24be 100644
--- a/vmbase/example/src/main.rs
+++ b/vmbase/example/src/main.rs
@@ -181,7 +181,7 @@
info!("FDT successfully unpacked.");
let path = cstr!("/memory");
- let mut node = writer.node_mut(path).unwrap().unwrap();
+ let node = writer.node_mut(path).unwrap().unwrap();
let name = cstr!("child");
let mut child = node.add_subnode(name).unwrap();
info!("Created subnode '{}/{}'.", path.to_str().unwrap(), name.to_str().unwrap());