commit 8331612946b76114ed5b5cf66ce460e2683557ee
author Jiyong Park <jiyong@google.com> Tue Mar 21 09:39:39 2023 +0900
committer Jiyong Park <jiyong@google.com> Tue Mar 21 14:58:09 2023 +0900
tree d000e6aec41ce7f3bb7bfa70848d8a1e7e9e5ca4
parent b87f330440773513371644387db7616ac3c208f5

Call the DT sanitize routine ealier

... before data from it is used.

Bug: 249054080
Test: TH

Change-Id: I2a416a74c4b85e9662848e1c9389b0109dbe3108

pvmfw/src/entry.rs

diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 106a4ef..89f2637 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -109,6 +109,7 @@
             RebootReason::InvalidFdt
         })?;
 
+        fdt::sanitize_device_tree(fdt)?;
         debug!("Fdt passed validation!");
 
         let memory_range = fdt

pvmfw/src/fdt.rs

diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index f56d6e0..a794b42 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -26,6 +26,7 @@
 use libfdt::CellIterator;
 use libfdt::Fdt;
 use libfdt::FdtError;
+use log::debug;
 use log::error;
 use tinyvec::ArrayVec;
 
@@ -436,7 +437,7 @@
 
 #[derive(Debug)]
 #[allow(dead_code)] // TODO: remove this
-pub struct DeviceTreeInfo {
+struct DeviceTreeInfo {
     memory_size: NonZeroUsize,
     num_cpu: NonZeroUsize,
     pci_info: PciInfo,
@@ -448,7 +449,16 @@
     const RAM_BASE_ADDR: u64 = 0x8000_0000;
 }
 
-pub fn parse_device_tree(fdt: &libfdt::Fdt) -> Result<DeviceTreeInfo, RebootReason> {
+pub fn sanitize_device_tree(fdt: &mut libfdt::Fdt) -> Result<(), RebootReason> {
+    let info = parse_device_tree(fdt)?;
+    debug!("Device tree info: {:?}", info);
+
+    // TODO: replace fdt with the template DT
+    // TODO: patch the replaced fdt using info
+    Ok(())
+}
+
+fn parse_device_tree(fdt: &libfdt::Fdt) -> Result<DeviceTreeInfo, RebootReason> {
     Ok(DeviceTreeInfo {
         memory_size: parse_memory_node(fdt)?,
         num_cpu: parse_cpu_nodes(fdt)?,

pvmfw/src/main.rs

diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index e1ecac4..577ad6e 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -45,7 +45,6 @@
 use crate::dice::PartialInputs;
 use crate::entry::RebootReason;
 use crate::fdt::modify_for_next_stage;
-use crate::fdt::parse_device_tree;
 use crate::helpers::flush;
 use crate::helpers::GUEST_PAGE_SIZE;
 use crate::instance::get_or_generate_instance_salt;
@@ -84,11 +83,6 @@
     })?;
     trace!("BCC: {bcc_handover:x?}");
 
-    // This parsing step includes validation. So this effectively ensures that the DT can't be
-    // abused by the host to attack pvmfw in pci::initialize below.
-    let device_tree_info = parse_device_tree(fdt)?;
-    debug!("Device tree info: {:?}", device_tree_info);
-
     // Set up PCI bus for VirtIO devices.
     let pci_info = PciInfo::from_fdt(fdt).map_err(handle_pci_error)?;
     debug!("PCI: {:#x?}", pci_info);