Merge "Reformat imports" into main
diff --git a/libs/libfdt/Android.bp b/libs/libfdt/Android.bp
index b5f7471..1bb5692 100644
--- a/libs/libfdt/Android.bp
+++ b/libs/libfdt/Android.bp
@@ -40,6 +40,7 @@
"libcstr",
"liblibfdt_bindgen",
"libmemoffset_nostd",
+ "libstatic_assertions",
"libzerocopy_nostd",
],
whole_static_libs: [
diff --git a/libs/libfdt/src/ctypes.rs b/libs/libfdt/src/ctypes.rs
deleted file mode 100644
index a65f8e7..0000000
--- a/libs/libfdt/src/ctypes.rs
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright 2024, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Safe zero-cost wrappers around integer values used by libfdt.
-
-use crate::result::FdtRawResult;
-use crate::{FdtError, Result};
-
-/// Wrapper guaranteed to contain a valid phandle.
-#[repr(transparent)]
-#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
-pub struct Phandle(u32);
-
-impl Phandle {
- /// Minimum valid value for device tree phandles.
- pub const MIN: Self = Self(1);
- /// Maximum valid value for device tree phandles.
- pub const MAX: Self = Self(libfdt_bindgen::FDT_MAX_PHANDLE);
-
- /// Creates a new Phandle
- pub const fn new(value: u32) -> Option<Self> {
- if Self::MIN.0 <= value && value <= Self::MAX.0 {
- Some(Self(value))
- } else {
- None
- }
- }
-}
-
-impl From<Phandle> for u32 {
- fn from(phandle: Phandle) -> u32 {
- phandle.0
- }
-}
-
-impl TryFrom<u32> for Phandle {
- type Error = FdtError;
-
- fn try_from(value: u32) -> Result<Self> {
- Self::new(value).ok_or(FdtError::BadPhandle)
- }
-}
-
-impl TryFrom<FdtRawResult> for Phandle {
- type Error = FdtError;
-
- fn try_from(res: FdtRawResult) -> Result<Self> {
- Self::new(res.try_into()?).ok_or(FdtError::BadPhandle)
- }
-}
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index a34ecbb..3339262 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -17,19 +17,19 @@
#![no_std]
-mod ctypes;
mod iterators;
mod libfdt;
mod result;
+mod safe_types;
-pub use ctypes::Phandle;
pub use iterators::{
AddressRange, CellIterator, CompatibleIterator, DescendantsIterator, MemRegIterator,
PropertyIterator, RangesIterator, Reg, RegIterator, SubnodeIterator,
};
pub use result::{FdtError, Result};
+pub use safe_types::{FdtHeader, NodeOffset, Phandle, PropOffset, StringOffset};
-use core::ffi::{c_int, c_void, CStr};
+use core::ffi::{c_void, CStr};
use core::ops::Range;
use cstr::cstr;
use libfdt::get_slice_at_ptr;
@@ -93,12 +93,12 @@
}
impl FdtPropertyStruct {
- fn from_offset(fdt: &Fdt, offset: c_int) -> Result<&Self> {
+ fn from_offset(fdt: &Fdt, offset: PropOffset) -> Result<&Self> {
Ok(fdt.get_property_by_offset(offset)?.as_ref())
}
- fn name_offset(&self) -> c_int {
- u32::from_be(self.0.nameoff).try_into().unwrap()
+ fn name_offset(&self) -> StringOffset {
+ StringOffset(u32::from_be(self.0.nameoff).try_into().unwrap())
}
fn data_len(&self) -> usize {
@@ -114,12 +114,12 @@
#[derive(Clone, Copy, Debug)]
pub struct FdtProperty<'a> {
fdt: &'a Fdt,
- offset: c_int,
+ offset: PropOffset,
property: &'a FdtPropertyStruct,
}
impl<'a> FdtProperty<'a> {
- fn new(fdt: &'a Fdt, offset: c_int) -> Result<Self> {
+ fn new(fdt: &'a Fdt, offset: PropOffset) -> Result<Self> {
let property = FdtPropertyStruct::from_offset(fdt, offset)?;
Ok(Self { fdt, offset, property })
}
@@ -147,7 +147,7 @@
#[derive(Clone, Copy, Debug)]
pub struct FdtNode<'a> {
fdt: &'a Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNode<'a> {
@@ -355,7 +355,7 @@
#[derive(Debug)]
pub struct FdtNodeMut<'a> {
fdt: &'a mut Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNodeMut<'a> {
@@ -492,6 +492,7 @@
let next_node = self.delete_and_next(Some(offset))?.unwrap();
Ok(Some((next_node, depth)))
} else {
+ self.delete_and_next(None)?;
Ok(None)
}
}
@@ -525,7 +526,7 @@
self.delete_and_next(next_offset)
}
- fn delete_and_next(self, next_offset: Option<c_int>) -> Result<Option<Self>> {
+ fn delete_and_next(self, next_offset: Option<NodeOffset>) -> Result<Option<Self>> {
if Some(self.offset) == next_offset {
return Err(FdtError::Internal);
}
@@ -668,7 +669,7 @@
///
/// NOTE: This does not support individual "/memory@XXXX" banks.
pub fn memory(&self) -> Result<MemRegIterator> {
- let node = self.node(cstr!("/memory"))?.ok_or(FdtError::NotFound)?;
+ let node = self.root()?.subnode(cstr!("memory"))?.ok_or(FdtError::NotFound)?;
if node.device_type()? != Some(cstr!("memory")) {
return Err(FdtError::BadValue);
}
@@ -682,7 +683,7 @@
/// Returns the standard /chosen node.
pub fn chosen(&self) -> Result<Option<FdtNode>> {
- self.node(cstr!("/chosen"))
+ self.root()?.subnode(cstr!("chosen"))
}
/// Returns the standard /chosen node as mutable.
@@ -692,12 +693,12 @@
/// Returns the root node of the tree.
pub fn root(&self) -> Result<FdtNode> {
- self.node(cstr!("/"))?.ok_or(FdtError::Internal)
+ Ok(FdtNode { fdt: self, offset: NodeOffset::ROOT })
}
/// Returns the standard /__symbols__ node.
pub fn symbols(&self) -> Result<Option<FdtNode>> {
- self.node(cstr!("/__symbols__"))
+ self.root()?.subnode(cstr!("__symbols__"))
}
/// Returns the standard /__symbols__ node as mutable
@@ -738,7 +739,7 @@
/// Returns the mutable root node of the tree.
pub fn root_mut(&mut self) -> Result<FdtNodeMut> {
- self.node_mut(cstr!("/"))?.ok_or(FdtError::Internal)
+ Ok(FdtNodeMut { fdt: self, offset: NodeOffset::ROOT })
}
/// Returns a mutable tree node by its full path.
@@ -748,7 +749,11 @@
Ok(offset.map(|offset| FdtNodeMut { fdt: self, offset }))
}
- fn next_node_skip_subnodes(&self, node: c_int, depth: usize) -> Result<Option<(c_int, usize)>> {
+ fn next_node_skip_subnodes(
+ &self,
+ node: NodeOffset,
+ depth: usize,
+ ) -> Result<Option<(NodeOffset, usize)>> {
let mut iter = self.next_node(node, depth)?;
while let Some((offset, next_depth)) = iter {
if next_depth <= depth {
@@ -774,13 +779,14 @@
self.buffer.as_ptr().cast()
}
- fn header(&self) -> &libfdt_bindgen::fdt_header {
- let p = self.as_ptr().cast();
+ fn header(&self) -> &FdtHeader {
+ let p = self.as_ptr().cast::<libfdt_bindgen::fdt_header>();
// SAFETY: A valid FDT (verified by constructor) must contain a valid fdt_header.
- unsafe { &*p }
+ let header = unsafe { &*p };
+ header.as_ref()
}
fn totalsize(&self) -> usize {
- u32::from_be(self.header().totalsize) as usize
+ self.header().totalsize.get().try_into().unwrap()
}
}
diff --git a/libs/libfdt/src/libfdt.rs b/libs/libfdt/src/libfdt.rs
index 1e82c9f..1af9edf 100644
--- a/libs/libfdt/src/libfdt.rs
+++ b/libs/libfdt/src/libfdt.rs
@@ -18,12 +18,12 @@
//! user-friendly higher-level types, allowing the trait to be shared between different ones,
//! adapted to their use-cases (e.g. alloc-based userspace or statically allocated no_std).
-use core::ffi::{c_int, CStr};
+use core::ffi::CStr;
use core::mem;
use core::ptr;
use crate::result::FdtRawResult;
-use crate::{FdtError, Phandle, Result};
+use crate::{FdtError, NodeOffset, Phandle, PropOffset, Result, StringOffset};
// Function names are the C function names without the `fdt_` prefix.
@@ -68,7 +68,7 @@
fn as_fdt_slice(&self) -> &[u8];
/// Safe wrapper around `fdt_path_offset_namelen()` (C function).
- fn path_offset_namelen(&self, path: &[u8]) -> Result<Option<c_int>> {
+ fn path_offset_namelen(&self, path: &[u8]) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
// *_namelen functions don't include the trailing nul terminator in 'len'.
let len = path.len().try_into().map_err(|_| FdtError::BadPath)?;
@@ -81,7 +81,7 @@
}
/// Safe wrapper around `fdt_node_offset_by_phandle()` (C function).
- fn node_offset_by_phandle(&self, phandle: Phandle) -> Result<Option<c_int>> {
+ fn node_offset_by_phandle(&self, phandle: Phandle) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
let phandle = phandle.into();
// SAFETY: Accesses are constrained to the DT totalsize.
@@ -91,8 +91,13 @@
}
/// Safe wrapper around `fdt_node_offset_by_compatible()` (C function).
- fn node_offset_by_compatible(&self, prev: c_int, compatible: &CStr) -> Result<Option<c_int>> {
+ fn node_offset_by_compatible(
+ &self,
+ prev: NodeOffset,
+ compatible: &CStr,
+ ) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let prev = prev.into();
let compatible = compatible.as_ptr();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_node_offset_by_compatible(fdt, prev, compatible) };
@@ -101,8 +106,9 @@
}
/// Safe wrapper around `fdt_next_node()` (C function).
- fn next_node(&self, node: c_int, depth: usize) -> Result<Option<(c_int, usize)>> {
+ fn next_node(&self, node: NodeOffset, depth: usize) -> Result<Option<(NodeOffset, usize)>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let mut depth = depth.try_into().unwrap();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_node(fdt, node, &mut depth) };
@@ -119,8 +125,9 @@
/// Safe wrapper around `fdt_parent_offset()` (C function).
///
/// Note that this function returns a `Err` when called on a root.
- fn parent_offset(&self, node: c_int) -> Result<c_int> {
+ fn parent_offset(&self, node: NodeOffset) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_parent_offset(fdt, node) };
@@ -131,8 +138,9 @@
///
/// Note that this function returns a `Err` when called on a node at a depth shallower than
/// the provided `depth`.
- fn supernode_atdepth_offset(&self, node: c_int, depth: usize) -> Result<c_int> {
+ fn supernode_atdepth_offset(&self, node: NodeOffset, depth: usize) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let depth = depth.try_into().unwrap();
let nodedepth = ptr::null_mut();
let ret =
@@ -143,8 +151,13 @@
}
/// Safe wrapper around `fdt_subnode_offset_namelen()` (C function).
- fn subnode_offset_namelen(&self, parent: c_int, name: &[u8]) -> Result<Option<c_int>> {
+ fn subnode_offset_namelen(
+ &self,
+ parent: NodeOffset,
+ name: &[u8],
+ ) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let parent = parent.into();
let namelen = name.len().try_into().unwrap();
let name = name.as_ptr().cast();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
@@ -153,8 +166,9 @@
FdtRawResult::from(ret).try_into()
}
/// Safe wrapper around `fdt_first_subnode()` (C function).
- fn first_subnode(&self, node: c_int) -> Result<Option<c_int>> {
+ fn first_subnode(&self, node: NodeOffset) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_subnode(fdt, node) };
@@ -162,8 +176,9 @@
}
/// Safe wrapper around `fdt_next_subnode()` (C function).
- fn next_subnode(&self, node: c_int) -> Result<Option<c_int>> {
+ fn next_subnode(&self, node: NodeOffset) -> Result<Option<NodeOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_subnode(fdt, node) };
@@ -171,8 +186,9 @@
}
/// Safe wrapper around `fdt_address_cells()` (C function).
- fn address_cells(&self, node: c_int) -> Result<usize> {
+ fn address_cells(&self, node: NodeOffset) -> Result<usize> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_address_cells(fdt, node) };
@@ -180,8 +196,9 @@
}
/// Safe wrapper around `fdt_size_cells()` (C function).
- fn size_cells(&self, node: c_int) -> Result<usize> {
+ fn size_cells(&self, node: NodeOffset) -> Result<usize> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_size_cells(fdt, node) };
@@ -189,8 +206,9 @@
}
/// Safe wrapper around `fdt_get_name()` (C function).
- fn get_name(&self, node: c_int) -> Result<&[u8]> {
+ fn get_name(&self, node: NodeOffset) -> Result<&[u8]> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let mut len = 0;
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor). On success, the
// function returns valid null terminating string and otherwise returned values are dropped.
@@ -201,8 +219,9 @@
}
/// Safe wrapper around `fdt_getprop_namelen()` (C function).
- fn getprop_namelen(&self, node: c_int, name: &[u8]) -> Result<Option<&[u8]>> {
+ fn getprop_namelen(&self, node: NodeOffset, name: &[u8]) -> Result<Option<&[u8]>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
let namelen = name.len().try_into().map_err(|_| FdtError::BadPath)?;
let name = name.as_ptr().cast();
let mut len = 0;
@@ -221,9 +240,10 @@
}
/// Safe wrapper around `fdt_get_property_by_offset()` (C function).
- fn get_property_by_offset(&self, offset: c_int) -> Result<&libfdt_bindgen::fdt_property> {
+ fn get_property_by_offset(&self, offset: PropOffset) -> Result<&libfdt_bindgen::fdt_property> {
let mut len = 0;
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let offset = offset.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let prop = unsafe { libfdt_bindgen::fdt_get_property_by_offset(fdt, offset, &mut len) };
@@ -247,8 +267,9 @@
}
/// Safe wrapper around `fdt_first_property_offset()` (C function).
- fn first_property_offset(&self, node: c_int) -> Result<Option<c_int>> {
+ fn first_property_offset(&self, node: NodeOffset) -> Result<Option<PropOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_first_property_offset(fdt, node) };
@@ -256,8 +277,9 @@
}
/// Safe wrapper around `fdt_next_property_offset()` (C function).
- fn next_property_offset(&self, prev: c_int) -> Result<Option<c_int>> {
+ fn next_property_offset(&self, prev: PropOffset) -> Result<Option<PropOffset>> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let prev = prev.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ret = unsafe { libfdt_bindgen::fdt_next_property_offset(fdt, prev) };
@@ -277,8 +299,9 @@
}
/// Safe wrapper around `fdt_string()` (C function).
- fn string(&self, offset: c_int) -> Result<&CStr> {
+ fn string(&self, offset: StringOffset) -> Result<&CStr> {
let fdt = self.as_fdt_slice().as_ptr().cast();
+ let offset = offset.into();
// SAFETY: Accesses (read-only) are constrained to the DT totalsize.
let ptr = unsafe { libfdt_bindgen::fdt_string(fdt, offset) };
let bytes =
@@ -316,8 +339,9 @@
fn as_fdt_slice_mut(&mut self) -> &mut [u8];
/// Safe wrapper around `fdt_nop_node()` (C function).
- fn nop_node(&mut self, node: c_int) -> Result<()> {
+ fn nop_node(&mut self, node: NodeOffset) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe { libfdt_bindgen::fdt_nop_node(fdt, node) };
@@ -325,8 +349,9 @@
}
/// Safe wrapper around `fdt_add_subnode_namelen()` (C function).
- fn add_subnode_namelen(&mut self, node: c_int, name: &[u8]) -> Result<c_int> {
+ fn add_subnode_namelen(&mut self, node: NodeOffset, name: &[u8]) -> Result<NodeOffset> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let namelen = name.len().try_into().unwrap();
let name = name.as_ptr().cast();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
@@ -336,8 +361,9 @@
}
/// Safe wrapper around `fdt_setprop()` (C function).
- fn setprop(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn setprop(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
@@ -349,8 +375,14 @@
}
/// Safe wrapper around `fdt_setprop_placeholder()` (C function).
- fn setprop_placeholder(&mut self, node: c_int, name: &CStr, size: usize) -> Result<&mut [u8]> {
+ fn setprop_placeholder(
+ &mut self,
+ node: NodeOffset,
+ name: &CStr,
+ size: usize,
+ ) -> Result<&mut [u8]> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = size.try_into().unwrap();
let mut data = ptr::null_mut();
@@ -364,8 +396,9 @@
}
/// Safe wrapper around `fdt_setprop_inplace()` (C function).
- fn setprop_inplace(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn setprop_inplace(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
@@ -377,8 +410,9 @@
}
/// Safe wrapper around `fdt_appendprop()` (C function).
- fn appendprop(&mut self, node: c_int, name: &CStr, value: &[u8]) -> Result<()> {
+ fn appendprop(&mut self, node: NodeOffset, name: &CStr, value: &[u8]) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
let len = value.len().try_into().map_err(|_| FdtError::BadValue)?;
let value = value.as_ptr().cast();
@@ -391,13 +425,15 @@
/// Safe wrapper around `fdt_appendprop_addrrange()` (C function).
fn appendprop_addrrange(
&mut self,
- parent: c_int,
- node: c_int,
+ parent: NodeOffset,
+ node: NodeOffset,
name: &CStr,
addr: u64,
size: u64,
) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let parent = parent.into();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor).
let ret = unsafe {
@@ -408,8 +444,9 @@
}
/// Safe wrapper around `fdt_delprop()` (C function).
- fn delprop(&mut self, node: c_int, name: &CStr) -> Result<()> {
+ fn delprop(&mut self, node: NodeOffset, name: &CStr) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor) when the
// library locates the node's property. Removing the property may shift the offsets of
@@ -421,8 +458,9 @@
}
/// Safe wrapper around `fdt_nop_property()` (C function).
- fn nop_property(&mut self, node: c_int, name: &CStr) -> Result<()> {
+ fn nop_property(&mut self, node: NodeOffset, name: &CStr) -> Result<()> {
let fdt = self.as_fdt_slice_mut().as_mut_ptr().cast();
+ let node = node.into();
let name = name.as_ptr();
// SAFETY: Accesses are constrained to the DT totalsize (validated by ctor) when the
// library locates the node's property.
diff --git a/libs/libfdt/src/safe_types.rs b/libs/libfdt/src/safe_types.rs
new file mode 100644
index 0000000..3848542
--- /dev/null
+++ b/libs/libfdt/src/safe_types.rs
@@ -0,0 +1,228 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Safe zero-cost wrappers around integer values used by libfdt.
+
+use core::ffi::c_int;
+
+use crate::result::FdtRawResult;
+use crate::{FdtError, Result};
+
+use zerocopy::byteorder::big_endian;
+use zerocopy::{FromBytes, FromZeroes};
+
+macro_rules! assert_offset_eq {
+ // TODO(stable_feature(offset_of)): mem::offset_of
+ // TODO(const_feature(assert_eq)): assert_eq!()
+ ($t:ty, $u:ty, $id:ident) => {
+ static_assertions::const_assert_eq!(
+ memoffset::offset_of!($t, $id),
+ memoffset::offset_of!($u, $id),
+ );
+ };
+}
+
+/// Thin wrapper around `libfdt_bindgen::fdt_header` for transparent endianness handling.
+#[repr(C)]
+#[derive(Debug, FromZeroes, FromBytes)]
+pub struct FdtHeader {
+ /// magic word FDT_MAGIC
+ pub magic: big_endian::U32,
+ /// total size of DT block
+ pub totalsize: big_endian::U32,
+ /// offset to structure
+ pub off_dt_struct: big_endian::U32,
+ /// offset to strings
+ pub off_dt_strings: big_endian::U32,
+ /// offset to memory reserve map
+ pub off_mem_rsvmap: big_endian::U32,
+ /// format version
+ pub version: big_endian::U32,
+ /// last compatible version
+ pub last_comp_version: big_endian::U32,
+ /* version 2 fields below */
+ /// Which physical CPU id we're booting on
+ pub boot_cpuid_phys: big_endian::U32,
+ /* version 3 fields below */
+ /// size of the strings block
+ pub size_dt_strings: big_endian::U32,
+ /* version 17 fields below */
+ /// size of the structure block
+ pub size_dt_struct: big_endian::U32,
+}
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, magic);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, totalsize);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_dt_struct);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_dt_strings);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, off_mem_rsvmap);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, version);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, last_comp_version);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, boot_cpuid_phys);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, size_dt_strings);
+assert_offset_eq!(libfdt_bindgen::fdt_header, FdtHeader, size_dt_struct);
+
+impl AsRef<FdtHeader> for libfdt_bindgen::fdt_header {
+ fn as_ref(&self) -> &FdtHeader {
+ let ptr = self as *const _ as *const _;
+ // SAFETY: Types have the same layout (u32 and U32 have the same storage) and alignment.
+ unsafe { &*ptr }
+ }
+}
+
+/// Wrapper guaranteed to contain a valid phandle.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct Phandle(u32);
+
+impl Phandle {
+ /// Minimum valid value for device tree phandles.
+ pub const MIN: Self = Self(1);
+ /// Maximum valid value for device tree phandles.
+ pub const MAX: Self = Self(libfdt_bindgen::FDT_MAX_PHANDLE);
+
+ /// Creates a new Phandle
+ pub const fn new(value: u32) -> Option<Self> {
+ if Self::MIN.0 <= value && value <= Self::MAX.0 {
+ Some(Self(value))
+ } else {
+ None
+ }
+ }
+}
+
+impl From<Phandle> for u32 {
+ fn from(phandle: Phandle) -> u32 {
+ phandle.0
+ }
+}
+
+impl TryFrom<u32> for Phandle {
+ type Error = FdtError;
+
+ fn try_from(value: u32) -> Result<Self> {
+ Self::new(value).ok_or(FdtError::BadPhandle)
+ }
+}
+
+impl TryFrom<FdtRawResult> for Phandle {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Self::new(res.try_into()?).ok_or(FdtError::BadPhandle)
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree node offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct NodeOffset(c_int);
+
+impl NodeOffset {
+ /// Offset of the root node; 0, by definition.
+ pub const ROOT: Self = Self(0);
+}
+
+impl TryFrom<FdtRawResult> for NodeOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<NodeOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<NodeOffset> for c_int {
+ fn from(offset: NodeOffset) -> Self {
+ offset.0
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree property offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct PropOffset(c_int);
+
+impl TryFrom<FdtRawResult> for PropOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<PropOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<PropOffset> for c_int {
+ fn from(offset: PropOffset) -> Self {
+ offset.0
+ }
+}
+
+/// Safe zero-cost wrapper around libfdt device tree string offsets.
+///
+/// This type should only be obtained from properly wrapped successful libfdt calls.
+#[repr(transparent)]
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub struct StringOffset(pub c_int); // TODO(ptosi): Move fdt_property wrapper here and remove pub.
+
+impl TryFrom<FdtRawResult> for StringOffset {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ Ok(Self(res.try_into()?))
+ }
+}
+
+impl TryFrom<FdtRawResult> for Option<StringOffset> {
+ type Error = FdtError;
+
+ fn try_from(res: FdtRawResult) -> Result<Self> {
+ match res.try_into() {
+ Ok(n) => Ok(Some(n)),
+ Err(FdtError::NotFound) => Ok(None),
+ Err(e) => Err(e),
+ }
+ }
+}
+
+impl From<StringOffset> for c_int {
+ fn from(offset: StringOffset) -> Self {
+ offset.0
+ }
+}
diff --git a/libs/libfdt/tests/api_test.rs b/libs/libfdt/tests/api_test.rs
index c2ddda0..8f5b76d 100644
--- a/libs/libfdt/tests/api_test.rs
+++ b/libs/libfdt/tests/api_test.rs
@@ -438,6 +438,22 @@
}
#[test]
+fn node_mut_delete_and_next_node_with_last_node() {
+ let mut data = fs::read(TEST_TREE_WITH_EMPTY_MEMORY_RANGE_PATH).unwrap();
+ let fdt = Fdt::from_mut_slice(&mut data).unwrap();
+
+ let mut iter = fdt.root_mut().unwrap().next_node(0).unwrap();
+ while let Some((node, depth)) = iter {
+ iter = node.delete_and_next_node(depth).unwrap();
+ }
+
+ let root = fdt.root().unwrap();
+ let all_descendants: Vec<_> =
+ root.descendants().map(|(node, depth)| (node.name(), depth)).collect();
+ assert!(all_descendants.is_empty(), "{all_descendants:?}");
+}
+
+#[test]
#[ignore] // Borrow checker test. Compilation success is sufficient.
fn node_name_lifetime() {
let data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index ad9b776..48b69b3 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -177,7 +177,9 @@
let mut vsock_stream = VsockStream::new(socket_device, host_addr())?;
while let ServiceVmRequest::Process(req) = vsock_stream.read_request()? {
+ info!("Received request: {}", req.name());
let response = process_request(req, bcc_handover.as_ref());
+ info!("Sending response: {}", response.name());
vsock_stream.write_response(&response)?;
vsock_stream.flush()?;
}
diff --git a/service_vm/comm/src/message.rs b/service_vm/comm/src/message.rs
index 80a9608..9f83b78 100644
--- a/service_vm/comm/src/message.rs
+++ b/service_vm/comm/src/message.rs
@@ -56,6 +56,18 @@
RequestClientVmAttestation(ClientVmAttestationParams),
}
+impl Request {
+ /// Returns the name of the request.
+ pub fn name(&self) -> &'static str {
+ match self {
+ Self::Reverse(_) => "Reverse",
+ Self::GenerateEcdsaP256KeyPair => "GenerateEcdsaP256KeyPair",
+ Self::GenerateCertificateRequest(_) => "GenerateCertificateRequest",
+ Self::RequestClientVmAttestation(_) => "RequestClientVmAttestation",
+ }
+ }
+}
+
/// Represents the params passed to `Request::RequestClientVmAttestation`.
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ClientVmAttestationParams {
@@ -98,6 +110,19 @@
Err(RequestProcessingError),
}
+impl Response {
+ /// Returns the name of the response.
+ pub fn name(&self) -> &'static str {
+ match self {
+ Self::Reverse(_) => "Reverse",
+ Self::GenerateEcdsaP256KeyPair(_) => "GenerateEcdsaP256KeyPair",
+ Self::GenerateCertificateRequest(_) => "GenerateCertificateRequest",
+ Self::RequestClientVmAttestation(_) => "RequestClientVmAttestation",
+ Self::Err(_) => "Err",
+ }
+ }
+}
+
/// Errors related to request processing.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum RequestProcessingError {