commit 7aca7ff041dbee2d2a8ce4de8ffc0c47b5afac18
author Pierre-Clément Tosi <ptosi@google.com> Mon Dec 12 14:04:30 2022 +0000
committer Pierre-Clément Tosi <ptosi@google.com> Tue Dec 13 10:12:38 2022 +0000
tree dbe4c398b864c385fc62e6ffd16a87414b4bd45a
parent 51c68e509148396b6465ac4efdd473c97eaed59d

pvmfw: Don't treat invalid config as legacy BCC

Only fall back to expecting a legacy BCC if we failed to read the magic
value of the received configuration data. Otherwise, abort the boot as
treating the invalid configuration data as a legacy BCC doesn't make
sense.

Bug: 262181812
Test: atest MicrodroidHostTests
Change-Id: Ib30a7895f9fe53f84712e908af55a70230feb62e

pvmfw/src/entry.rs

diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index bffc140..d307759 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -330,6 +330,12 @@
     slice::from_raw_parts_mut(base as *mut u8, size)
 }
 
+enum AppendedConfigType {
+    Valid,
+    Invalid,
+    NotFound,
+}
+
 enum AppendedPayload<'a> {
     /// Configuration data.
     Config(config::Config<'a>),
@@ -340,24 +346,32 @@
 impl<'a> AppendedPayload<'a> {
     /// SAFETY - 'data' should respect the alignment of config::Header.
     unsafe fn new(data: &'a mut [u8]) -> Option<Self> {
-        if Self::is_valid_config(data) {
-            Some(Self::Config(config::Config::new(data).unwrap()))
-        } else if cfg!(feature = "legacy") {
-            const BCC_SIZE: usize = helpers::SIZE_4KB;
-            warn!("Assuming the appended data at {:?} to be a raw BCC", data.as_ptr());
-            Some(Self::LegacyBcc(&mut data[..BCC_SIZE]))
-        } else {
-            None
+        match Self::guess_config_type(data) {
+            AppendedConfigType::Valid => Some(Self::Config(config::Config::new(data).unwrap())),
+            AppendedConfigType::NotFound if cfg!(feature = "legacy") => {
+                const BCC_SIZE: usize = helpers::SIZE_4KB;
+                warn!("Assuming the appended data at {:?} to be a raw BCC", data.as_ptr());
+                Some(Self::LegacyBcc(&mut data[..BCC_SIZE]))
+            }
+            _ => None,
         }
     }
 
-    unsafe fn is_valid_config(data: &mut [u8]) -> bool {
+    unsafe fn guess_config_type(data: &mut [u8]) -> AppendedConfigType {
         // This function is necessary to prevent the borrow checker from getting confused
         // about the ownership of data in new(); see https://users.rust-lang.org/t/78467.
         let addr = data.as_ptr();
-        config::Config::new(data)
-            .map_err(|e| warn!("Invalid configuration data at {addr:?}: {e}"))
-            .is_ok()
+        match config::Config::new(data) {
+            Err(config::Error::InvalidMagic) => {
+                warn!("No configuration data found at {addr:?}");
+                AppendedConfigType::NotFound
+            }
+            Err(e) => {
+                error!("Invalid configuration data at {addr:?}: {e}");
+                AppendedConfigType::Invalid
+            }
+            Ok(_) => AppendedConfigType::Valid,
+        }
     }
 
     #[allow(dead_code)] // TODO(b/232900974)