commit afdd73c0ccc70caf20ead0a2116950007fb4c15e
author Pierre-Clément Tosi <ptosi@google.com> Tue May 02 13:19:29 2023 +0000
committer Pierre-Clément Tosi <ptosi@google.com> Tue May 09 13:28:47 2023 +0000
tree 041db72ea63fc48c4f0092723509ef3de5f30faf
parent dec58e9aaf2552e7c47f864fa8e71a0e49a53ce1

pvmfw: apply_debug_policy: Improve failure path

As the function already makes an internal backup of the debug_policy,
turn the parameter into a shareable reference and pass the backup to
fdt_apply_overlay instead of the original DTBO. This removes the need to
do any work to restore the overlay on failure.

Avoid confusing logs such as

    [ERROR] Failed to apply debug policy: The requested node or property does not exist. Recovering...
    [INFO] Debug policy applied.

by returning a bool letting the caller know if DP was properly applied.

Report failure to apply DP as warnings instead of info! or error!.

Bug: 280425124
Test: atest MicrodroidHostTests
Change-Id: Ib5979b07c7978edd94dd90537faefebd25620b19
Merged-In: Ib5979b07c7978edd94dd90537faefebd25620b19

pvmfw/src/fdt.rs

diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index 70916ac..b3ce483 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -41,6 +41,7 @@
 use log::debug;
 use log::error;
 use log::info;
+use log::warn;
 use tinyvec::ArrayVec;
 
 /// Extract from /config the address range containing the pre-loaded kernel. Absence of /config is
@@ -729,8 +730,9 @@
     set_or_clear_chosen_flag(fdt, cstr!("avf,new-instance"), new_instance)?;
 
     if let Some(debug_policy) = debug_policy {
-        apply_debug_policy(fdt, debug_policy)?;
-        info!("Debug policy applied.");
+        if apply_debug_policy(fdt, debug_policy)? {
+            info!("Debug policy applied.");
+        }
     } else {
         info!("No debug policy found.");
     }
@@ -774,27 +776,31 @@
     Ok(())
 }
 
-fn apply_debug_policy(fdt: &mut Fdt, debug_policy: &mut [u8]) -> libfdt::Result<()> {
+/// Apply the debug policy overlay to the guest DT.
+///
+/// Returns Ok(true) on success, Ok(false) on recovered failure and Err(_) on corruption of the DT.
+fn apply_debug_policy(fdt: &mut Fdt, debug_policy: &[u8]) -> libfdt::Result<bool> {
     let backup_fdt = Vec::from(fdt.as_slice());
 
-    let overlay = match Fdt::from_mut_slice(debug_policy) {
+    let mut debug_policy = Vec::from(debug_policy);
+    let overlay = match Fdt::from_mut_slice(debug_policy.as_mut_slice()) {
         Ok(overlay) => overlay,
         Err(e) => {
-            info!("Corrupted debug policy found: {e}. Not applying.");
-            return Ok(());
+            warn!("Corrupted debug policy found: {e}. Not applying.");
+            return Ok(false);
         }
     };
-    let backup_overlay = Vec::from(overlay.as_slice());
 
-    // SAFETY - on failure, the corrupted fdts are discarded and are restored using the backups.
+    // SAFETY - on failure, the corrupted DT is restored using the backup.
     if let Err(e) = unsafe { fdt.apply_overlay(overlay) } {
-        error!("Failed to apply debug policy: {e}. Recovering...");
+        warn!("Failed to apply debug policy: {e}. Recovering...");
         fdt.copy_from_slice(backup_fdt.as_slice())?;
-        overlay.copy_from_slice(backup_overlay.as_slice())?;
         // A successful restoration is considered success because an invalid debug policy
         // shouldn't DOS the pvmfw
+        Ok(false)
+    } else {
+        Ok(true)
     }
-    Ok(())
 }
 
 fn read_common_debug_policy(fdt: &Fdt, debug_feature_name: &CStr) -> libfdt::Result<bool> {