Merge "pvmfw: Add support for /avf/untrusted" into main
diff --git a/libs/libfdt/src/ctypes.rs b/libs/libfdt/src/ctypes.rs
index 640d447..a65f8e7 100644
--- a/libs/libfdt/src/ctypes.rs
+++ b/libs/libfdt/src/ctypes.rs
@@ -14,6 +14,7 @@
//! Safe zero-cost wrappers around integer values used by libfdt.
+use crate::result::FdtRawResult;
use crate::{FdtError, Result};
/// Wrapper guaranteed to contain a valid phandle.
@@ -50,3 +51,11 @@
Self::new(value).ok_or(FdtError::BadPhandle)
}
}
+
+impl TryFrom<FdtRawResult> for Phandle {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Self::new(res.try_into()?).ok_or(FdtError::BadPhandle)
+ }
+}
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index d254af1..a34ecbb 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -33,7 +33,6 @@
use core::ops::Range;
use cstr::cstr;
use libfdt::get_slice_at_ptr;
-use result::{fdt_err, fdt_err_expect_zero, fdt_err_or_option};
use zerocopy::AsBytes as _;
use crate::libfdt::{Libfdt, LibfdtMut};
@@ -637,40 +636,30 @@
/// Unpacks the DT to cover the whole slice it is contained in.
pub fn unpack(&mut self) -> Result<()> {
- // SAFETY: "Opens" the DT in-place (supported use-case) by updating its header and
- // internal structures to make use of the whole self.fdt slice but performs no accesses
- // outside of it and leaves the DT in a state that will be detected by other functions.
- let ret = unsafe {
- libfdt_bindgen::fdt_open_into(
- self.as_ptr(),
- self.as_mut_ptr(),
- self.capacity().try_into().map_err(|_| FdtError::Internal)?,
- )
- };
- fdt_err_expect_zero(ret)
+ self.open_into_self()
}
/// Packs the DT to take a minimum amount of memory.
///
/// Doesn't shrink the underlying memory slice.
pub fn pack(&mut self) -> Result<()> {
- // SAFETY: "Closes" the DT in-place by updating its header and relocating its structs.
- let ret = unsafe { libfdt_bindgen::fdt_pack(self.as_mut_ptr()) };
- fdt_err_expect_zero(ret)
+ LibfdtMut::pack(self)
}
/// Applies a DT overlay on the base DT.
///
/// # Safety
///
- /// On failure, the library corrupts the DT and overlay so both must be discarded.
- pub unsafe fn apply_overlay<'a>(&'a mut self, overlay: &'a mut Fdt) -> Result<&'a mut Self> {
- let ret =
- // SAFETY: Both pointers are valid because they come from references, and fdt_overlay_apply
- // doesn't keep them after it returns. It may corrupt their contents if there is an error,
- // but that's our caller's responsibility.
- unsafe { libfdt_bindgen::fdt_overlay_apply(self.as_mut_ptr(), overlay.as_mut_ptr()) };
- fdt_err_expect_zero(ret)?;
+ /// As libfdt corrupts the input DT on failure, `self` should be discarded on error:
+ ///
+ /// let fdt = fdt.apply_overlay(overlay)?;
+ ///
+ /// Furthermore, `overlay` is _always_ corrupted by libfdt and will never refer to a valid
+ /// `Fdt` after this function returns and must therefore be discarded by the caller.
+ pub unsafe fn apply_overlay<'a>(&'a mut self, overlay: &mut Fdt) -> Result<&'a mut Self> {
+ // SAFETY: Our caller will properly discard overlay and/or self as needed.
+ unsafe { self.overlay_apply(overlay) }?;
+
Ok(self)
}
@@ -785,14 +774,6 @@
self.buffer.as_ptr().cast()
}
- fn as_mut_ptr(&mut self) -> *mut c_void {
- self.buffer.as_mut_ptr().cast::<_>()
- }
-
- fn capacity(&self) -> usize {
- self.buffer.len()
- }
-
fn header(&self) -> &libfdt_bindgen::fdt_header {
let p = self.as_ptr().cast();
// SAFETY: A valid FDT (verified by constructor) must contain a valid fdt_header.
diff --git a/libs/libfdt/src/libfdt.rs b/libs/libfdt/src/libfdt.rs
index 7737718..1e82c9f 100644
--- a/libs/libfdt/src/libfdt.rs
+++ b/libs/libfdt/src/libfdt.rs
@@ -22,7 +22,8 @@
use core::mem;
use core::ptr;
-use crate::{fdt_err, fdt_err_expect_zero, fdt_err_or_option, FdtError, Phandle, Result};
+use crate::result::FdtRawResult;
+use crate::{FdtError, Phandle, Result};
// Function names are the C function names without the `fdt_` prefix.
@@ -35,7 +36,7 @@
// There will be no memory write outside of the given fdt.
let ret = unsafe { libfdt_bindgen::fdt_create_empty_tree(fdt, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_check_full()` (C function).
@@ -49,7 +50,7 @@
// calls as it expects the client code to keep track of the objects (DT, nodes, ...).
let ret = unsafe { libfdt_bindgen::fdt_check_full(fdt, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Wrapper for the read-only libfdt.h functions.
@@ -76,7 +77,7 @@
// function respects the passed number of characters.
let ret = unsafe { libfdt_bindgen::fdt_path_offset_namelen(fdt, path, len) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_node_offset_by_phandle()` (C function).
@@ -86,7 +87,7 @@
// SAFETY: Accesses are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_node_offset_by_phandle(fdt, phandle) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_node_offset_by_compatible()` (C function).
@@ -96,7 +97,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_node_offset_by_compatible(fdt, prev, compatible) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_node()` (C function).
@@ -106,7 +107,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_node(fdt, node, &mut depth) };
- match fdt_err_or_option(ret)? {
+ match FdtRawResult::from(ret).try_into()? {
Some(offset) if depth >= 0 => {
let depth = depth.try_into().unwrap();
Ok(Some((offset, depth)))
@@ -123,7 +124,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_parent_offset(fdt, node) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_supernode_atdepth_offset()` (C function).
@@ -138,7 +139,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
unsafe { libfdt_bindgen::fdt_supernode_atdepth_offset(fdt, node, depth, nodedepth) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_subnode_offset_namelen()` (C function).
@@ -149,7 +150,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_subnode_offset_namelen(fdt, parent, name, namelen) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_first_subnode()` (C function).
fn first_subnode(&self, node: c_int) -> Result<Option<c_int>> {
@@ -157,7 +158,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_subnode(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_subnode()` (C function).
@@ -166,7 +167,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_subnode(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_address_cells()` (C function).
@@ -175,7 +176,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_address_cells(fdt, node) };
- Ok(fdt_err(ret)?.try_into().unwrap())
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_size_cells()` (C function).
@@ -184,7 +185,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_size_cells(fdt, node) };
- Ok(fdt_err(ret)?.try_into().unwrap())
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_get_name()` (C function).
@@ -194,7 +195,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor). On success, the
// function returns valid null terminating string and otherwise returned values are dropped.
let name = unsafe { libfdt_bindgen::fdt_get_name(fdt, node, &mut len) };
- let len = usize::try_from(fdt_err(len)?).unwrap().checked_add(1).unwrap();
+ let len = usize::try_from(FdtRawResult::from(len))?.checked_add(1).unwrap();
get_slice_at_ptr(self.as_fdt_slice(), name.cast(), len).ok_or(FdtError::Internal)
}
@@ -210,8 +211,7 @@
// function respects the passed number of characters.
unsafe { libfdt_bindgen::fdt_getprop_namelen(fdt, node, name, namelen, &mut len) };
- if let Some(len) = fdt_err_or_option(len)? {
- let len = usize::try_from(len).unwrap();
+ if let Some(len) = FdtRawResult::from(len).try_into()? {
let bytes = get_slice_at_ptr(self.as_fdt_slice(), prop.cast(), len);
Ok(Some(bytes.ok_or(FdtError::Internal)?))
@@ -227,7 +227,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let prop = unsafe { libfdt_bindgen::fdt_get_property_by_offset(fdt, offset, &mut len) };
- let data_len = fdt_err(len)?.try_into().unwrap();
+ let data_len = FdtRawResult::from(len).try_into()?;
// TODO(stable_feature(offset_of)): mem::offset_of!(fdt_property, data).
let data_offset = memoffset::offset_of!(libfdt_bindgen::fdt_property, data);
let len = data_offset.checked_add(data_len).ok_or(FdtError::Internal)?;
@@ -252,7 +252,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_property_offset(fdt, node) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_next_property_offset()` (C function).
@@ -261,7 +261,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_property_offset(fdt, prev) };
- fdt_err_or_option(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_find_max_phandle()` (C function).
@@ -271,7 +271,7 @@
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_find_max_phandle(fdt, &mut phandle) };
- fdt_err_expect_zero(ret)?;
+ FdtRawResult::from(ret).try_into()?;
phandle.try_into()
}
@@ -286,6 +286,13 @@
CStr::from_bytes_until_nul(bytes).map_err(|_| FdtError::Internal)
}
+
+ /// Safe wrapper around `fdt_open_into()` (C function).
+ fn open_into(&self, dest: &mut [u8]) -> Result<()> {
+ let fdt = self.as_fdt_slice().as_ptr().cast();
+
+ open_into(fdt, dest)
+ }
}
/// Wrapper for the read-write libfdt.h functions.
@@ -314,7 +321,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_nop_node(fdt, node) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_add_subnode_namelen()` (C function).
@@ -325,7 +332,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_add_subnode_namelen(fdt, node, name, namelen) };
- fdt_err(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_setprop()` (C function).
@@ -338,7 +345,7 @@
// (validated by underlying libfdt).
let ret = unsafe { libfdt_bindgen::fdt_setprop(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_setprop_placeholder()` (C function).
@@ -351,7 +358,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
unsafe { libfdt_bindgen::fdt_setprop_placeholder(fdt, node, name, len, &mut data) };
- fdt_err_expect_zero(ret)?;
+ FdtRawResult::from(ret).try_into()?;
get_mut_slice_at_ptr(self.as_fdt_slice_mut(), data.cast(), size).ok_or(FdtError::Internal)
}
@@ -366,7 +373,7 @@
// (validated by underlying libfdt).
let ret = unsafe { libfdt_bindgen::fdt_setprop_inplace(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_appendprop()` (C function).
@@ -378,7 +385,7 @@
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_appendprop(fdt, node, name, value, len) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_appendprop_addrrange()` (C function).
@@ -397,7 +404,7 @@
libfdt_bindgen::fdt_appendprop_addrrange(fdt, parent, node, name, addr, size)
};
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_delprop()` (C function).
@@ -410,7 +417,7 @@
// being called when FdtNode instances are in use.
let ret = unsafe { libfdt_bindgen::fdt_delprop(fdt, node, name) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_nop_property()` (C function).
@@ -421,7 +428,49 @@
// library locates the node's property.
let ret = unsafe { libfdt_bindgen::fdt_nop_property(fdt, node, name) };
- fdt_err_expect_zero(ret)
+ FdtRawResult::from(ret).try_into()
+ }
+
+ /// Safe and aliasing-compatible wrapper around `fdt_open_into()` (C function).
+ ///
+ /// The C API allows both input (`const void*`) and output (`void *`) to point to the same
+ /// memory region but the borrow checker would reject an API such as
+ ///
+ /// self.open_into(&mut self.buffer)
+ ///
+ /// so this wrapper is provided to implement such a common aliasing case.
+ fn open_into_self(&mut self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut();
+
+ open_into(fdt.as_ptr().cast(), fdt)
+ }
+
+ /// Safe wrapper around `fdt_pack()` (C function).
+ fn pack(&mut self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ // SAFETY: Accesses (R/W) are constrained to the DT totalsize (validated by ctor).
+ let ret = unsafe { libfdt_bindgen::fdt_pack(fdt) };
+
+ FdtRawResult::from(ret).try_into()
+ }
+
+ /// Wrapper around `fdt_overlay_apply()` (C function).
+ ///
+ /// # Safety
+ ///
+ /// This function safely wraps the C function call but is unsafe because the caller must
+ ///
+ /// - discard `overlay` as a &LibfdtMut because libfdt corrupts its header before returning;
+ /// - on error, discard `self` as a &LibfdtMut for the same reason.
+ unsafe fn overlay_apply(&mut self, overlay: &mut Self) -> Result<()> {
+ let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let overlay = overlay.as_fdt_slice_mut().as_mut_ptr().cast();
+ // SAFETY: Both pointers are valid because they come from references, and fdt_overlay_apply
+ // doesn't keep them after it returns. It may corrupt their contents if there is an error,
+ // but that's our caller's responsibility.
+ let ret = unsafe { libfdt_bindgen::fdt_overlay_apply(fdt, overlay) };
+
+ FdtRawResult::from(ret).try_into()
}
}
@@ -449,6 +498,19 @@
})
}
+fn open_into(fdt: *const u8, dest: &mut [u8]) -> Result<()> {
+ let fdt = fdt.cast();
+ let len = dest.len().try_into().map_err(|_| FdtError::Internal)?;
+ let dest = dest.as_mut_ptr().cast();
+ // SAFETY: Reads the whole fdt slice (based on the validated totalsize) and, if it fits, copies
+ // it to the (properly mutable) dest buffer of size len. On success, the resulting dest
+ // contains a valid DT with the nodes and properties of the original one but of a different
+ // size, reflected in its fdt_header::totalsize.
+ let ret = unsafe { libfdt_bindgen::fdt_open_into(fdt, dest, len) };
+
+ FdtRawResult::from(ret).try_into()
+}
+
// TODO(stable_feature(pointer_is_aligned)): p.is_aligned()
fn is_aligned<T>(p: *const T) -> bool {
(p as usize) % mem::align_of::<T>() == 0
diff --git a/libs/libfdt/src/result.rs b/libs/libfdt/src/result.rs
index 9643e1e..52291ca 100644
--- a/libs/libfdt/src/result.rs
+++ b/libs/libfdt/src/result.rs
@@ -14,7 +14,7 @@
//! Rust types related to the libfdt C integer results.
-use core::ffi::c_int;
+use core::ffi::{c_int, c_uint};
use core::fmt;
use core::result;
@@ -94,46 +94,99 @@
/// Result type with FdtError enum.
pub type Result<T> = result::Result<T, FdtError>;
-pub(crate) fn fdt_err(val: c_int) -> Result<c_int> {
- if val >= 0 {
- Ok(val)
- } else {
- Err(match -val as _ {
- libfdt_bindgen::FDT_ERR_NOTFOUND => FdtError::NotFound,
- libfdt_bindgen::FDT_ERR_EXISTS => FdtError::Exists,
- libfdt_bindgen::FDT_ERR_NOSPACE => FdtError::NoSpace,
- libfdt_bindgen::FDT_ERR_BADOFFSET => FdtError::BadOffset,
- libfdt_bindgen::FDT_ERR_BADPATH => FdtError::BadPath,
- libfdt_bindgen::FDT_ERR_BADPHANDLE => FdtError::BadPhandle,
- libfdt_bindgen::FDT_ERR_BADSTATE => FdtError::BadState,
- libfdt_bindgen::FDT_ERR_TRUNCATED => FdtError::Truncated,
- libfdt_bindgen::FDT_ERR_BADMAGIC => FdtError::BadMagic,
- libfdt_bindgen::FDT_ERR_BADVERSION => FdtError::BadVersion,
- libfdt_bindgen::FDT_ERR_BADSTRUCTURE => FdtError::BadStructure,
- libfdt_bindgen::FDT_ERR_BADLAYOUT => FdtError::BadLayout,
- libfdt_bindgen::FDT_ERR_INTERNAL => FdtError::Internal,
- libfdt_bindgen::FDT_ERR_BADNCELLS => FdtError::BadNCells,
- libfdt_bindgen::FDT_ERR_BADVALUE => FdtError::BadValue,
- libfdt_bindgen::FDT_ERR_BADOVERLAY => FdtError::BadOverlay,
- libfdt_bindgen::FDT_ERR_NOPHANDLES => FdtError::NoPhandles,
- libfdt_bindgen::FDT_ERR_BADFLAGS => FdtError::BadFlags,
- libfdt_bindgen::FDT_ERR_ALIGNMENT => FdtError::Alignment,
- _ => FdtError::Unknown(val),
- })
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+pub(crate) struct FdtRawResult(c_int);
+
+impl From<c_int> for FdtRawResult {
+ fn from(value: c_int) -> Self {
+ Self(value)
}
}
-pub(crate) fn fdt_err_expect_zero(val: c_int) -> Result<()> {
- match fdt_err(val)? {
- 0 => Ok(()),
- _ => Err(FdtError::Unknown(val)),
+impl TryFrom<FdtRawResult> for c_int {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ use libfdt_bindgen::{
+ FDT_ERR_ALIGNMENT, FDT_ERR_BADFLAGS, FDT_ERR_BADLAYOUT, FDT_ERR_BADMAGIC,
+ FDT_ERR_BADNCELLS, FDT_ERR_BADOFFSET, FDT_ERR_BADOVERLAY, FDT_ERR_BADPATH,
+ FDT_ERR_BADPHANDLE, FDT_ERR_BADSTATE, FDT_ERR_BADSTRUCTURE, FDT_ERR_BADVALUE,
+ FDT_ERR_BADVERSION, FDT_ERR_EXISTS, FDT_ERR_INTERNAL, FDT_ERR_NOPHANDLES,
+ FDT_ERR_NOSPACE, FDT_ERR_NOTFOUND, FDT_ERR_TRUNCATED,
+ };
+ match res.0 {
+ x if x >= 0 => Ok(x),
+ x if x == -(FDT_ERR_NOTFOUND as c_int) => Err(FdtError::NotFound),
+ x if x == -(FDT_ERR_EXISTS as c_int) => Err(FdtError::Exists),
+ x if x == -(FDT_ERR_NOSPACE as c_int) => Err(FdtError::NoSpace),
+ x if x == -(FDT_ERR_BADOFFSET as c_int) => Err(FdtError::BadOffset),
+ x if x == -(FDT_ERR_BADPATH as c_int) => Err(FdtError::BadPath),
+ x if x == -(FDT_ERR_BADPHANDLE as c_int) => Err(FdtError::BadPhandle),
+ x if x == -(FDT_ERR_BADSTATE as c_int) => Err(FdtError::BadState),
+ x if x == -(FDT_ERR_TRUNCATED as c_int) => Err(FdtError::Truncated),
+ x if x == -(FDT_ERR_BADMAGIC as c_int) => Err(FdtError::BadMagic),
+ x if x == -(FDT_ERR_BADVERSION as c_int) => Err(FdtError::BadVersion),
+ x if x == -(FDT_ERR_BADSTRUCTURE as c_int) => Err(FdtError::BadStructure),
+ x if x == -(FDT_ERR_BADLAYOUT as c_int) => Err(FdtError::BadLayout),
+ x if x == -(FDT_ERR_INTERNAL as c_int) => Err(FdtError::Internal),
+ x if x == -(FDT_ERR_BADNCELLS as c_int) => Err(FdtError::BadNCells),
+ x if x == -(FDT_ERR_BADVALUE as c_int) => Err(FdtError::BadValue),
+ x if x == -(FDT_ERR_BADOVERLAY as c_int) => Err(FdtError::BadOverlay),
+ x if x == -(FDT_ERR_NOPHANDLES as c_int) => Err(FdtError::NoPhandles),
+ x if x == -(FDT_ERR_BADFLAGS as c_int) => Err(FdtError::BadFlags),
+ x if x == -(FDT_ERR_ALIGNMENT as c_int) => Err(FdtError::Alignment),
+ x => Err(FdtError::Unknown(x)),
+ }
}
}
-pub(crate) fn fdt_err_or_option(val: c_int) -> Result<Option<c_int>> {
- match fdt_err(val) {
- Ok(val) => Ok(Some(val)),
- Err(FdtError::NotFound) => Ok(None),
- Err(e) => Err(e),
+impl TryFrom<FdtRawResult> for Option<c_int> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl TryFrom<FdtRawResult> for c_uint {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(c_int::try_from(res)?.try_into().unwrap())
+ }
+}
+
+impl TryFrom<FdtRawResult> for usize {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(c_int::try_from(res)?.try_into().unwrap())
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<usize> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl TryFrom<FdtRawResult> for () {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into()? {
+ 0 => Ok(()),
+ n => Err(FdtError::Unknown(n)),
+ }
}
}
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index 2d52732..77cae32 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -415,8 +415,9 @@
long guestRss = 0;
long guestPss = 0;
boolean hasGuestMaps = false;
- for (ProcessUtil.SMapEntry entry :
- ProcessUtil.getProcessSmaps(vmPid, shellExecutor)) {
+ List<ProcessUtil.SMapEntry> smaps =
+ ProcessUtil.getProcessSmaps(vmPid, shellExecutor);
+ for (ProcessUtil.SMapEntry entry : smaps) {
long rss = entry.metrics.get("Rss");
long pss = entry.metrics.get("Pss");
if (entry.name.contains("crosvm_guest")) {
@@ -429,8 +430,12 @@
}
}
if (!hasGuestMaps) {
+ StringBuilder sb = new StringBuilder();
+ for (ProcessUtil.SMapEntry entry : smaps) {
+ sb.append(entry.toString());
+ }
throw new IllegalStateException(
- "found no crosvm_guest smap entry in crosvm process");
+ "found no crosvm_guest smap entry in crosvm process: " + sb);
}
mHostRss = hostRss;
mHostPss = hostPss;
diff --git a/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java b/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
index c72d91e..e058674 100644
--- a/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
+++ b/tests/helper/src/java/com/android/microdroid/test/common/ProcessUtil.java
@@ -33,13 +33,24 @@
public static class SMapEntry {
public String name;
public Map<String, Long> metrics;
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ sb.append("name: " + name + "\n");
+ metrics.forEach(
+ (k, v) -> {
+ sb.append(" " + k + ": " + v + "\n");
+ });
+ return sb.toString();
+ }
}
/** Gets metrics key and values mapping of specified process id */
public static List<SMapEntry> getProcessSmaps(int pid, Function<String, String> shellExecutor)
throws IOException {
String path = "/proc/" + pid + "/smaps";
- return parseMemoryInfo(shellExecutor.apply("cat " + path + " || true"));
+ return parseMemoryInfo(shellExecutor.apply("cat " + path));
}
/** Gets metrics key and values mapping of specified process id */
diff --git a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
index 8e11218..2c72561 100644
--- a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
+++ b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
@@ -62,6 +62,7 @@
private static final String TAG = "MicrodroidDeviceTestBase";
private final String MAX_PERFORMANCE_TASK_PROFILE = "CPUSET_SP_TOP_APP";
+ protected static final String KERNEL_VERSION = SystemProperties.get("ro.kernel.version");
protected static final Set<String> SUPPORTED_GKI_VERSIONS =
Collections.unmodifiableSet(new HashSet(Arrays.asList("android14-6.1")));
@@ -110,7 +111,7 @@
}
}
- private Context mCtx;
+ private final Context mCtx = ApplicationProvider.getApplicationContext();
private boolean mProtectedVm;
private String mGki;
@@ -165,10 +166,7 @@
}
public void prepareTestSetup(boolean protectedVm, String gki) {
- mCtx = ApplicationProvider.getApplicationContext();
- assume().withMessage("Device doesn't support AVF")
- .that(mCtx.getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK))
- .isTrue();
+ assumeFeatureVirtualizationFramework();
mProtectedVm = protectedVm;
mGki = gki;
@@ -194,6 +192,18 @@
}
}
+ protected void assumeFeatureVirtualizationFramework() {
+ assume().withMessage("Device doesn't support AVF")
+ .that(mCtx.getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK))
+ .isTrue();
+ }
+
+ protected void assumeSupportedDevice() {
+ assume().withMessage("Skip on 5.4 kernel. b/218303240")
+ .that(KERNEL_VERSION)
+ .isNotEqualTo("5.4");
+ }
+
public abstract static class VmEventListener implements VirtualMachineCallback {
private ExecutorService mExecutorService = Executors.newSingleThreadExecutor();
private OptionalLong mVcpuStartedNanoTime = OptionalLong.empty();
diff --git a/tests/hostside/Android.bp b/tests/hostside/Android.bp
index e3d9cbe..13a9925 100644
--- a/tests/hostside/Android.bp
+++ b/tests/hostside/Android.bp
@@ -37,6 +37,8 @@
"lpunpack",
"sign_virt_apex",
"simg2img",
+ "dtdiff",
+ "dtc", // for dtdiff
],
// java_test_host doesn't have data_native_libs but jni_libs can be used to put
// native modules under ./lib directory.
@@ -51,5 +53,6 @@
"liblp",
"libsparse",
"libz",
+ "libfdt", // for dtc
],
}
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 2cd4577..20b5a50 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -47,6 +47,7 @@
import com.android.tradefed.device.TestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner.TestMetrics;
import com.android.tradefed.util.CommandResult;
+import com.android.tradefed.util.CommandStatus;
import com.android.tradefed.util.FileUtil;
import com.android.tradefed.util.RunUtil;
import com.android.tradefed.util.xml.AbstractXmlParser;
@@ -985,23 +986,71 @@
@Test
public void testDeviceAssignment() throws Exception {
- assumeProtectedVm();
+ // Check for preconditions
assumeVfioPlatformSupported();
List<String> devices = getAssignableDevices();
assumeFalse("no assignable devices", devices.isEmpty());
+ String vmFdtPath = "/sys/firmware/fdt";
+ File testDir = FileUtil.createTempDir("device_assignment_test");
+ File baseFdtFile = new File(testDir, "base_fdt.dtb");
+ File fdtFile = new File(testDir, "fdt.dtb");
+
+ // Generates baseline DT
+ launchWithDeviceAssignment(/* device= */ null);
+ assertThat(mMicrodroidDevice.pullFile(vmFdtPath, baseFdtFile)).isTrue();
+ getAndroidDevice().shutdownMicrodroid(mMicrodroidDevice);
+
+ // Prepares to run dtdiff. It requires dtc.
+ File dtdiff = findTestFile("dtdiff");
+ RunUtil runner = new RunUtil();
+ String separator = System.getProperty("path.separator");
+ String path = dtdiff.getParent() + separator + System.getenv("PATH");
+ runner.setEnvVariable("PATH", path);
+
+ // Try assign devices one by one
+ for (String device : devices) {
+ assertThat(device).isNotNull();
+ launchWithDeviceAssignment(device);
+ assertThat(mMicrodroidDevice.pullFile(vmFdtPath, fdtFile)).isTrue();
+ getAndroidDevice().shutdownMicrodroid(mMicrodroidDevice);
+
+ CommandResult result =
+ runner.runTimedCmd(
+ 500,
+ dtdiff.getAbsolutePath(),
+ baseFdtFile.getPath(),
+ fdtFile.getPath());
+
+ assertWithMessage(
+ "VM's device tree hasn't changed when assigning "
+ + device
+ + ", result="
+ + result)
+ .that(result.getStatus())
+ .isNotEqualTo(CommandStatus.SUCCESS);
+ }
+
+ mMicrodroidDevice = null;
+ }
+
+ private void launchWithDeviceAssignment(String device) throws Exception {
final String configPath = "assets/" + mOs + "/vm_config.json";
- mMicrodroidDevice =
+
+ MicrodroidBuilder builder =
MicrodroidBuilder.fromDevicePath(getPathForPackage(PACKAGE_NAME), configPath)
.debugLevel("full")
.memoryMib(minMemorySize())
.cpuTopology("match_host")
- .protectedVm(true)
- .addAssignableDevice(devices.get(0))
- .build(getAndroidDevice());
+ .protectedVm(mProtectedVm);
+ if (device != null) {
+ builder.addAssignableDevice(device);
+ }
+ mMicrodroidDevice = builder.build(getAndroidDevice());
- mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT);
+ assertThat(mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT)).isTrue();
+ assertThat(mMicrodroidDevice.enableAdbRoot()).isTrue();
}
@Test
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
new file mode 100644
index 0000000..a0826c9
--- /dev/null
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.microdroid.test;
+
+import static com.google.common.truth.Truth.assertWithMessage;
+
+import android.system.virtualmachine.VirtualMachineManager;
+
+import com.android.compatibility.common.util.CddTest;
+import com.android.microdroid.test.device.MicrodroidDeviceTestBase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Test the advertised AVF capabilities include the ability to start some type of VM.
+ *
+ * <p>Tests in MicrodroidTests run on either protected or non-protected VMs, provided they are
+ * supported. If neither is they are all skipped. So we need a separate test (that doesn't call
+ * {@link #prepareTestSetup}) to make sure that at least one of these is available.
+ */
+@RunWith(JUnit4.class)
+public class MicrodroidCapabilitiesTest extends MicrodroidDeviceTestBase {
+ @Test
+ @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
+ public void supportForProtectedOrNonProtectedVms() {
+ assumeSupportedDevice();
+
+ // (There's a test for devices that don't expose the system feature over in
+ // NoMicrodroidTest.)
+ assumeFeatureVirtualizationFramework();
+
+ int capabilities = getVirtualMachineManager().getCapabilities();
+ int vmCapabilities =
+ capabilities
+ & (VirtualMachineManager.CAPABILITY_PROTECTED_VM
+ | VirtualMachineManager.CAPABILITY_NON_PROTECTED_VM);
+ assertWithMessage(
+ "A device that has FEATURE_VIRTUALIZATION_FRAMEWORK must support at least"
+ + " one of protected or non-protected VMs")
+ .that(vmCapabilities)
+ .isNotEqualTo(0);
+ }
+}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 0687a7b..070478e 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -118,8 +118,6 @@
@Rule public Timeout globalTimeout = Timeout.seconds(300);
- private static final String KERNEL_VERSION = SystemProperties.get("ro.kernel.version");
-
@Parameterized.Parameters(name = "protectedVm={0},gki={1}")
public static Collection<Object[]> params() {
List<Object[]> ret = new ArrayList<>();
@@ -2312,10 +2310,4 @@
return 0;
}
- private void assumeSupportedDevice() {
- assume()
- .withMessage("Skip on 5.4 kernel. b/218303240")
- .that(KERNEL_VERSION)
- .isNotEqualTo("5.4");
- }
}
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index 48b5cd1..c46385c 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -35,6 +35,7 @@
"libavflog",
"libbase_rust",
"libbinder_rs",
+ "libcfg_if",
"libclap",
"libcstr",
"libcommand_fds",
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 2c23441..3380df3 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -450,20 +450,20 @@
let mut vm_metric = self.vm_metric.lock().unwrap();
// Get CPU Information
- if let Ok(guest_time) = get_guest_time(pid) {
- vm_metric.cpu_guest_time = Some(guest_time);
- } else {
- error!("Failed to parse /proc/[pid]/stat");
+ match get_guest_time(pid) {
+ Ok(guest_time) => vm_metric.cpu_guest_time = Some(guest_time),
+ Err(e) => error!("Failed to get guest CPU time: {e:?}"),
}
// Get Memory Information
- if let Ok(rss) = get_rss(pid) {
- vm_metric.rss = match &vm_metric.rss {
- Some(x) => Some(Rss::extract_max(x, &rss)),
- None => Some(rss),
+ match get_rss(pid) {
+ Ok(rss) => {
+ vm_metric.rss = match &vm_metric.rss {
+ Some(x) => Some(Rss::extract_max(x, &rss)),
+ None => Some(rss),
+ }
}
- } else {
- error!("Failed to parse /proc/[pid]/smaps");
+ Err(e) => error!("Failed to get guest RSS: {}", e),
}
}
@@ -812,7 +812,11 @@
if config.host_cpu_topology {
if cfg!(virt_cpufreq) {
command.arg("--host-cpu-topology");
- command.arg("--virt-cpufreq");
+ cfg_if::cfg_if! {
+ if #[cfg(any(target_arch = "aarch64"))] {
+ command.arg("--virt-cpufreq");
+ }
+ }
} else if let Some(cpus) = get_num_cpus() {
command.arg("--cpus").arg(cpus.to_string());
} else {