Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / c23426b9d7cb4e5a405bace9410487b2c8ae4f70^! / . / pvmfw / src / entry.rs
commitc23426b9d7cb4e5a405bace9410487b2c8ae4f70[log] [tgz]
authorJiyong Park <jiyong@google.com>Mon Apr 10 17:32:27 2023 +0900
committerJiyong Park <jiyong@google.com>Tue Apr 11 00:51:54 2023 +0900
tree41d6e2d333092525c6526f2fe9b43822486db27d
parent1511c643d723a9b966bf4e5afb6ba7df9394de87 [diff] [blame]
pvmfw: debug policy application failure is recoverable

If pvmfw fails to apply the debug policy, the original fdt is recovered
from the backup.

In this change also moves apply_debug_policy into modify_for_next_stage,
so that modification to the fdt after the verification is done in one
place.

Finally, error codes that are specific to debug policy are replaced with
the original errors from libfdt because the former don't give much
detail information than the other.

Bug: 275132866
Bug: 275306568
Test: forcibly modify a bit in debug_policy inside pvmfw and see if the
VM boots (without applying it). Flashing an invalid debug_policy was not
an option for the test because then ABL would reject it and doesn't pass
it to pvmfw at all.

Change-Id: I1c40967087449deb89a9698a87109fc16e588b70

diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index ffbc4a8..00f0e9b 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs

@@ -16,7 +16,6 @@
 
 use crate::config;
 use crate::crypto;
-use crate::debug_policy::{handle_debug_policy, DebugPolicyError};
 use crate::fdt;
 use crate::heap;
 use crate::helpers;
@@ -54,16 +53,6 @@
     SecretDerivationError,
 }
 
-impl From<DebugPolicyError> for RebootReason {
-    fn from(error: DebugPolicyError) -> Self {
-        match error {
-            DebugPolicyError::Fdt(_, _) => RebootReason::InvalidFdt,
-            DebugPolicyError::DebugPolicyFdt(_, _) => RebootReason::InvalidConfig,
-            DebugPolicyError::OverlaidFdt(_, _) => RebootReason::InternalError,
-        }
-    }
-}
-
 main!(start);
 
 /// Entry point for pVM firmware.
@@ -237,19 +226,11 @@
     })?;
 
     // This wrapper allows main() to be blissfully ignorant of platform details.
-    crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc_slice, &mut memory)?;
+    crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc_slice, debug_policy, &mut memory)?;
 
     helpers::flushed_zeroize(bcc_slice);
     helpers::flush(slices.fdt.as_slice());
 
-    // SAFETY - As we `?` the result, there is no risk of using a bad `slices.fdt`.
-    unsafe {
-        handle_debug_policy(slices.fdt, debug_policy).map_err(|e| {
-            error!("Unexpected error when handling debug policy: {e:?}");
-            RebootReason::from(e)
-        })?;
-    }
-
     info!("Expecting a bug making MMIO_GUARD_UNMAP return NOT_SUPPORTED on success");
     memory.mmio_unmap_all().map_err(|e| {
         error!("Failed to unshare MMIO ranges: {e}");