pvmfw: Only configure PCI if instance.img required
As some guests now implement rollback protection using other means than
instance.img (virtio-blk over virtio-pci), only conditionally initialize
the PCI bus (including issuing the corresponding MMIO_GUARD HVCs) when
actually needed. Note that the VirtIO configuration (and corresponding
MEM_SHARE HVCs) was already limited to cases accessing the instance.img.
Bug: 377276983
Test: m pvmfw_bin
Change-Id: I600870dbbae9e8722a6258e066ea714dd29ecf44
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index a87a26c..afa64e0 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs
@@ -46,11 +46,9 @@
use pvmfw_avb::verify_payload;
use pvmfw_avb::DebugLevel;
use pvmfw_embedded_key::PUBLIC_KEY;
-use vmbase::fdt::pci::{PciError, PciInfo};
use vmbase::heap;
-use vmbase::memory::{flush, init_shared_pool, SIZE_4KB};
+use vmbase::memory::{flush, SIZE_4KB};
use vmbase::rand;
-use vmbase::virtio::pci;
fn main<'a>(
untrusted_fdt: &mut Fdt,
@@ -77,8 +75,6 @@
})?;
trace!("BCC: {bcc_handover:x?}");
- let cdi_seal = bcc_handover.cdi_seal();
-
let bcc = Bcc::new(bcc_handover.bcc()).map_err(|e| {
error!("{e}");
RebootReason::InvalidBcc
@@ -102,19 +98,8 @@
}
let guest_page_size = verified_boot_data.page_size.unwrap_or(SIZE_4KB);
- let fdt_info = sanitize_device_tree(untrusted_fdt, vm_dtbo, vm_ref_dt, guest_page_size)?;
+ let _ = sanitize_device_tree(untrusted_fdt, vm_dtbo, vm_ref_dt, guest_page_size)?;
let fdt = untrusted_fdt; // DT has now been sanitized.
- let pci_info = PciInfo::from_fdt(fdt).map_err(handle_pci_error)?;
- debug!("PCI: {:#x?}", pci_info);
- // Set up PCI bus for VirtIO devices.
- let mut pci_root = pci::initialize(pci_info).map_err(|e| {
- error!("Failed to initialize PCI: {e}");
- RebootReason::InternalError
- })?;
- init_shared_pool(fdt_info.swiotlb_info.fixed_range()).map_err(|e| {
- error!("Failed to initialize shared pool: {e}");
- RebootReason::InternalError
- })?;
let next_bcc_size = guest_page_size;
let next_bcc = heap::aligned_boxed_slice(next_bcc_size, guest_page_size).ok_or_else(|| {
@@ -134,8 +119,7 @@
fdt,
&verified_boot_data,
&dice_inputs,
- &mut pci_root,
- cdi_seal,
+ bcc_handover.cdi_seal(),
instance_hash,
)?;
trace!("Got salt for instance: {salt:x?}");
@@ -222,21 +206,3 @@
.map_err(|_| RebootReason::InternalError)?;
Ok(Some(salt))
}
-
-/// Logs the given PCI error and returns the appropriate `RebootReason`.
-fn handle_pci_error(e: PciError) -> RebootReason {
- error!("{}", e);
- match e {
- PciError::FdtErrorPci(_)
- | PciError::FdtNoPci
- | PciError::FdtErrorReg(_)
- | PciError::FdtMissingReg
- | PciError::FdtRegEmpty
- | PciError::FdtRegMissingSize
- | PciError::CamWrongSize(_)
- | PciError::FdtErrorRanges(_)
- | PciError::FdtMissingRanges
- | PciError::RangeAddressMismatch { .. }
- | PciError::NoSuitableRange => RebootReason::InvalidFdt,
- }
-}
diff --git a/guest/pvmfw/src/rollback.rs b/guest/pvmfw/src/rollback.rs
index 95c0273..74b2cd8 100644
--- a/guest/pvmfw/src/rollback.rs
+++ b/guest/pvmfw/src/rollback.rs
@@ -26,7 +26,10 @@
use pvmfw_avb::Capability;
use pvmfw_avb::VerifiedBootData;
use virtio_drivers::transport::pci::bus::PciRoot;
+use vmbase::fdt::{pci::PciInfo, SwiotlbInfo};
+use vmbase::memory::init_shared_pool;
use vmbase::rand;
+use vmbase::virtio::pci;
/// Performs RBP based on the input payload, current DICE chain, and host-controlled platform.
///
@@ -38,7 +41,6 @@
fdt: &Fdt,
verified_boot_data: &VerifiedBootData,
dice_inputs: &PartialInputs,
- pci_root: &mut PciRoot,
cdi_seal: &[u8],
instance_hash: Option<Hidden>,
) -> Result<(bool, Hidden, bool), RebootReason> {
@@ -54,7 +56,7 @@
skip_rollback_protection()?;
Ok((false, instance_hash.unwrap(), false))
} else {
- perform_legacy_rollback_protection(dice_inputs, pci_root, cdi_seal, instance_hash)
+ perform_legacy_rollback_protection(fdt, dice_inputs, cdi_seal, instance_hash)
}
}
@@ -93,17 +95,18 @@
/// Performs RBP using instance.img where updates require clearing old entries, causing new CDIs.
fn perform_legacy_rollback_protection(
+ fdt: &Fdt,
dice_inputs: &PartialInputs,
- pci_root: &mut PciRoot,
cdi_seal: &[u8],
instance_hash: Option<Hidden>,
) -> Result<(bool, Hidden, bool), RebootReason> {
info!("Fallback to instance.img based rollback checks");
- let (recorded_entry, mut instance_img, header_index) = get_recorded_entry(pci_root, cdi_seal)
- .map_err(|e| {
- error!("Failed to get entry from instance.img: {e}");
- RebootReason::InternalError
- })?;
+ let mut pci_root = initialize_instance_img_device(fdt)?;
+ let (recorded_entry, mut instance_img, header_index) =
+ get_recorded_entry(&mut pci_root, cdi_seal).map_err(|e| {
+ error!("Failed to get entry from instance.img: {e}");
+ RebootReason::InternalError
+ })?;
let (new_instance, salt) = if let Some(entry) = recorded_entry {
check_dice_measurements_match_entry(dice_inputs, &entry)?;
let salt = instance_hash.unwrap_or(entry.salt);
@@ -162,3 +165,28 @@
})?;
Ok(defer_rbp.is_some())
}
+
+/// Set up PCI bus and VirtIO-blk device containing the instance.img partition.
+fn initialize_instance_img_device(fdt: &Fdt) -> Result<PciRoot, RebootReason> {
+ let pci_info = PciInfo::from_fdt(fdt).map_err(|e| {
+ error!("Failed to detect PCI from DT: {e}");
+ RebootReason::InvalidFdt
+ })?;
+ let swiotlb_range = SwiotlbInfo::new_from_fdt(fdt)
+ .map_err(|e| {
+ error!("Failed to detect swiotlb from DT: {e}");
+ RebootReason::InvalidFdt
+ })?
+ .and_then(|info| info.fixed_range());
+
+ let pci_root = pci::initialize(pci_info).map_err(|e| {
+ error!("Failed to initialize PCI: {e}");
+ RebootReason::InternalError
+ })?;
+ init_shared_pool(swiotlb_range).map_err(|e| {
+ error!("Failed to initialize shared pool: {e}");
+ RebootReason::InternalError
+ })?;
+
+ Ok(pci_root)
+}