[PATCH 7/9] lib: utils: Disallow non-root domains from adding M-mode regions

OpenSBI Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Himanshu Chauhan <hchauhan@ventanamicro.com>
To: opensbi@lists.infradead.org
Subject: [PATCH 7/9] lib: utils: Disallow non-root domains from adding M-mode regions
Date: Tue, 20 Dec 2022 16:16:23 +0530	[thread overview]
Message-ID: <20221220104625.80667-8-hchauhan@ventanamicro.com> (raw)
In-Reply-To: <20221220104625.80667-1-hchauhan@ventanamicro.com>

The M-mode regions can only be added by root domain. The non-root
domains shouldn't be able to add them from FDT.

Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
---
 include/sbi/sbi_domain.h   |  5 +++++
 lib/utils/fdt/fdt_domain.c | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/include/sbi/sbi_domain.h b/include/sbi/sbi_domain.h
index 955ffa3..3f5d28e 100644
--- a/include/sbi/sbi_domain.h
+++ b/include/sbi/sbi_domain.h
@@ -50,6 +50,11 @@ struct sbi_domain_memregion {
 						 SBI_DOMAIN_MEMREGION_M_WRITABLE | \
 						 SBI_DOMAIN_MEMREGION_M_EXECUTABLE)
 
+#define SBI_DOMAIN_MEMREGION_SU_RWX		(SBI_DOMAIN_MEMREGION_SU_READABLE | \
+						 SBI_DOMAIN_MEMREGION_SU_WRITABLE | \
+						 SBI_DOMAIN_MEMREGION_SU_EXECUTABLE)
+
+
 	/* Unrestricted M-mode accesses but enfoced on SU-mode */
 #define SBI_DOMAIN_MEMREGION_READABLE		(SBI_DOMAIN_MEMREGION_SU_READABLE | \
 						 SBI_DOMAIN_MEMREGION_M_RWX)
diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c
index f979343..838aeca 100644
--- a/lib/utils/fdt/fdt_domain.c
+++ b/lib/utils/fdt/fdt_domain.c
@@ -239,6 +239,20 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
 	u32 *region_count = opaque;
 	struct sbi_domain_memregion *region;
 
+	/*
+	 * Non-root domains cannot add a region with only M-mode
+	 * access permissions. M-mode regions can only be part of
+	 * root domain.
+	 *
+	 * SU permission bits can't be all zeroes and M-mode permission
+	 * bits must be all set.
+	 */
+	if (!((region_access & SBI_DOMAIN_MEMREGION_SU_ACCESS_MASK)
+	     & SBI_DOMAIN_MEMREGION_SU_RWX)
+	    && ((region_access & SBI_DOMAIN_MEMREGION_M_ACCESS_MASK)
+		& SBI_DOMAIN_MEMREGION_M_RWX))
+		return SBI_EINVAL;
+
 	/* Find next region of the domain */
 	if (FDT_DOMAIN_REGION_MAX_COUNT <= *region_count)
 		return SBI_EINVAL;
-- 
2.39.0

next prev parent reply	other threads:[~2022-12-20 10:46 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-20 10:46 [PATCH 0/9] Split region permissions into M-mode and SU-mode Himanshu Chauhan
2022-12-20 10:46 ` [PATCH 1/9] include: sbi: Fine grain the permissions for M and SU modes Himanshu Chauhan
2023-01-06 17:35   ` Anup Patel
2023-01-09  4:43     ` hchauhan
2023-01-09  5:19       ` Anup Patel
2022-12-20 10:46 ` [PATCH 2/9] lib: sbi: Use finer permission semantics for address validation Himanshu Chauhan
2023-01-06 17:38   ` Anup Patel
2022-12-20 10:46 ` [PATCH 3/9] lib: sbi: Add permissions for the firmware start till end Himanshu Chauhan
2023-01-06 17:44   ` Anup Patel
2022-12-20 10:46 ` [PATCH 4/9] lib: sbi: Use finer permission sematics to decide on PMP bits Himanshu Chauhan
2023-01-06 17:45   ` Anup Patel
2022-12-20 10:46 ` [PATCH 5/9] lib: sbi: Modify the boot time region flag prints Himanshu Chauhan
2023-01-06 17:47   ` Anup Patel
2022-12-20 10:46 ` [PATCH 6/9] lib: utils: Use SU-{R/W/X} flags for region permissions during parsing Himanshu Chauhan
2023-01-06 17:49   ` Anup Patel
2022-12-20 10:46 ` Himanshu Chauhan [this message]
2023-01-06 17:51   ` [PATCH 7/9] lib: utils: Disallow non-root domains from adding M-mode regions Anup Patel
2022-12-20 10:46 ` [PATCH 8/9] lib: utils: Add M-mode {R/W} flags to the MMIO regions Himanshu Chauhan
2023-01-06 17:52   ` Anup Patel
2022-12-20 10:46 ` [PATCH 9/9] docs: Update domain's region permissions and requirements Himanshu Chauhan
2023-01-06 17:54   ` Anup Patel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:955ffa3 dfblob:3f5d28e dfblob:f979343 dfblob:838aeca )
 OR (
bs:"[PATCH 7/9] lib: utils: Disallow non-root domains from adding M-mode regions" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221220104625.80667-8-hchauhan@ventanamicro.com \
    --to=hchauhan@ventanamicro.com \
    --cc=opensbi@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox