commit f0af81d084c5dc561d8b71738c62e42e6ef8aa3a
author Seungjae Yoo <seungjaeyoo@google.com> Wed Jan 17 13:48:36 2024 +0900
committer Seungjae Yoo <seungjaeyoo@google.com> Thu Jan 18 10:00:20 2024 +0900
tree 7e90f0e1550cac7ed5f8292a78fba52b2ec425cd
parent 2a7e7e9a81796878e8acfcca43bc8dbc0227d927

Use VM reference DT instead of VM base DTBO in pvmfw config v1.2

Bug: 318431695
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --protected
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --protected --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Test: adb -s <Microdroid Device> shell ls /sys/firmware/devicetree/base/avf
Test: adb -s <Microdroid Device> shell cat /sys/firmware/devicetree/base/avf/vendor_hashtree_descriptor_root_digest
Change-Id: I9aaadb1c760a136f6c81cab55176676a70a81851

pvmfw/src/config.rs

diff --git a/pvmfw/src/config.rs b/pvmfw/src/config.rs
index 7b548ce..5a3d138 100644
--- a/pvmfw/src/config.rs
+++ b/pvmfw/src/config.rs
@@ -141,7 +141,7 @@
     pub bcc: &'a mut [u8],
     pub debug_policy: Option<&'a [u8]>,
     pub vm_dtbo: Option<&'a mut [u8]>,
-    pub vm_base_dtbo: Option<&'a [u8]>,
+    pub vm_ref_dt: Option<&'a [u8]>,
 }
 
 #[repr(packed)]
@@ -290,15 +290,15 @@
                 entries[i] = Some(chunk);
             }
         }
-        let [bcc, debug_policy, vm_dtbo, vm_base_dtbo] = entries;
+        let [bcc, debug_policy, vm_dtbo, vm_ref_dt] = entries;
 
         // The platform BCC has always been required.
         let bcc = bcc.unwrap();
 
         // We have no reason to mutate so drop the `mut`.
         let debug_policy = debug_policy.map(|x| &*x);
-        let vm_base_dtbo = vm_base_dtbo.map(|x| &*x);
+        let vm_ref_dt = vm_ref_dt.map(|x| &*x);
 
-        Entries { bcc, debug_policy, vm_dtbo, vm_base_dtbo }
+        Entries { bcc, debug_policy, vm_dtbo, vm_ref_dt }
     }
 }

pvmfw/src/entry.rs

diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 8eca7a1..253604b 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -88,7 +88,7 @@
         kernel: usize,
         kernel_size: usize,
         vm_dtbo: Option<&mut [u8]>,
-        vm_base_dtbo: Option<&[u8]>,
+        vm_ref_dt: Option<&[u8]>,
     ) -> Result<Self, RebootReason> {
         let fdt_size = NonZeroUsize::new(crosvm::FDT_MAX_SIZE).unwrap();
         // TODO - Only map the FDT as read-only, until we modify it right before jump_to_payload()
@@ -102,7 +102,7 @@
         // SAFETY: The tracker validated the range to be in main memory, mapped, and not overlap.
         let fdt = unsafe { slice::from_raw_parts_mut(range.start as *mut u8, range.len()) };
 
-        let info = fdt::sanitize_device_tree(fdt, vm_dtbo, vm_base_dtbo)?;
+        let info = fdt::sanitize_device_tree(fdt, vm_dtbo, vm_ref_dt)?;
         let fdt = libfdt::Fdt::from_mut_slice(fdt).map_err(|e| {
             error!("Failed to load sanitized FDT: {e}");
             RebootReason::InvalidFdt
@@ -233,7 +233,7 @@
         payload,
         payload_size,
         config_entries.vm_dtbo,
-        config_entries.vm_base_dtbo,
+        config_entries.vm_ref_dt,
     )?;
 
     // This wrapper allows main() to be blissfully ignorant of platform details.

pvmfw/src/fdt.rs

diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index 33a5055..2ea4599 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -202,7 +202,7 @@
 }
 
 /// Read candidate properties' names from DT which could be overlaid
-fn parse_vm_base_dtbo(fdt: &Fdt) -> libfdt::Result<BTreeMap<CString, Vec<u8>>> {
+fn parse_vm_ref_dt(fdt: &Fdt) -> libfdt::Result<BTreeMap<CString, Vec<u8>>> {
     let mut property_map = BTreeMap::new();
     if let Some(avf_node) = fdt.node(cstr!("/avf"))? {
         for property in avf_node.properties()? {
@@ -217,29 +217,28 @@
     Ok(property_map)
 }
 
-/// Overlay VM base DTBO into VM DT based on the props_info. Property is overlaid in vm_dt only
-/// when it exists both in vm_base_dtbo and props_info. If the values mismatch, it returns error.
-fn apply_vm_base_dtbo(
+/// Overlay VM reference DT into VM DT based on the props_info. Property is overlaid in vm_dt only
+/// when it exists both in vm_ref_dt and props_info. If the values mismatch, it returns error.
+fn validate_vm_ref_dt(
     vm_dt: &mut Fdt,
-    vm_base_dtbo: &Fdt,
+    vm_ref_dt: &Fdt,
     props_info: &BTreeMap<CString, Vec<u8>>,
 ) -> libfdt::Result<()> {
     let mut root_vm_dt = vm_dt.root_mut()?;
     let mut avf_vm_dt = root_vm_dt.add_subnode(cstr!("avf"))?;
-    // TODO(b/318431677): Validate nodes beyond /fragment@0/__overlay__/avf and use apply_overlay.
-    let avf_vm_base_dtbo =
-        vm_base_dtbo.node(cstr!("/fragment@0/__overlay__/avf"))?.ok_or(FdtError::NotFound)?;
+    // TODO(b/318431677): Validate nodes beyond /avf.
+    let avf_node = vm_ref_dt.node(cstr!("/avf"))?.ok_or(FdtError::NotFound)?;
     for (name, value) in props_info.iter() {
-        if let Some(value_in_vm_base_dtbo) = avf_vm_base_dtbo.getprop(name)? {
-            if value != value_in_vm_base_dtbo {
+        if let Some(ref_value) = avf_node.getprop(name)? {
+            if value != ref_value {
                 error!(
-                    "Property mismatches while applying overlay VM base DTBO. \
-                    Name:{:?}, Value from host as hex:{:x?}, Value from VM base DTBO as hex:{:x?}",
-                    name, value, value_in_vm_base_dtbo
+                    "Property mismatches while applying overlay VM reference DT. \
+                    Name:{:?}, Value from host as hex:{:x?}, Value from VM reference DT as hex:{:x?}",
+                    name, value, ref_value
                 );
                 return Err(FdtError::BadValue);
             }
-            avf_vm_dt.setprop(name, value_in_vm_base_dtbo)?;
+            avf_vm_dt.setprop(name, ref_value)?;
         }
     }
     Ok(())
@@ -637,7 +636,7 @@
     serial_info: SerialInfo,
     pub swiotlb_info: SwiotlbInfo,
     device_assignment: Option<DeviceAssignmentInfo>,
-    vm_base_dtbo_props_info: BTreeMap<CString, Vec<u8>>,
+    vm_ref_dt_props_info: BTreeMap<CString, Vec<u8>>,
 }
 
 impl DeviceTreeInfo {
@@ -651,7 +650,7 @@
 pub fn sanitize_device_tree(
     fdt: &mut [u8],
     vm_dtbo: Option<&mut [u8]>,
-    vm_base_dtbo: Option<&[u8]>,
+    vm_ref_dt: Option<&[u8]>,
 ) -> Result<DeviceTreeInfo, RebootReason> {
     let fdt = Fdt::from_mut_slice(fdt).map_err(|e| {
         error!("Failed to load FDT: {e}");
@@ -695,14 +694,14 @@
         }
     }
 
-    if let Some(vm_base_dtbo) = vm_base_dtbo {
-        let vm_base_dtbo = Fdt::from_slice(vm_base_dtbo).map_err(|e| {
-            error!("Failed to load VM base DTBO: {e}");
+    if let Some(vm_ref_dt) = vm_ref_dt {
+        let vm_ref_dt = Fdt::from_slice(vm_ref_dt).map_err(|e| {
+            error!("Failed to load VM reference DT: {e}");
             RebootReason::InvalidFdt
         })?;
 
-        apply_vm_base_dtbo(fdt, vm_base_dtbo, &info.vm_base_dtbo_props_info).map_err(|e| {
-            error!("Failed to apply VM base DTBO: {e}");
+        validate_vm_ref_dt(fdt, vm_ref_dt, &info.vm_ref_dt_props_info).map_err(|e| {
+            error!("Failed to apply VM reference DT: {e}");
             RebootReason::InvalidFdt
         })?;
     }
@@ -780,7 +779,7 @@
         None => None,
     };
 
-    let vm_base_dtbo_props_info = parse_vm_base_dtbo(fdt).map_err(|e| {
+    let vm_ref_dt_props_info = parse_vm_ref_dt(fdt).map_err(|e| {
         error!("Failed to read names of properties under /avf from DT: {e}");
         RebootReason::InvalidFdt
     })?;
@@ -795,7 +794,7 @@
         serial_info,
         swiotlb_info,
         device_assignment,
-        vm_base_dtbo_props_info,
+        vm_ref_dt_props_info,
     })
 }