Google Git
Sign in
android/trusty/lk/trusty/bf760c210fcc5f3b302c910b89e53f1008e42cbd^!/.
commit
bf760c210fcc5f3b302c910b89e53f1008e42cbd
[log] [tgz]
author
Andrei Homescu <ahomescu@google.com>
Thu Feb 13 05:30:26 2025 +0000
committer
Andrei Homescu <ahomescu@google.com>
Thu Feb 13 05:32:29 2025 +0000
tree
5ca51445353c4d5211e6ce7e1729438d161cf0c9
parent
d6b5562fbba8b1a0e7a8a2b62f5b21b79c8ec351 [diff]
lib: trusty: Destroy mapped iovs on device reset

The tipc virtio device has a reuse_mapped setting
where buffers mapped in from non-secure can be
reused across multiple messages to avoid unnecessary
remaps. Free any left over buffers on device reset
so we do not leak any resources.

Bug: 280887032
Change-Id: If7f6e8eb1ffc07ba1fb3b6d96b91f1d7d09ee602

diff --git a/lib/trusty/tipc_virtio_dev.c b/lib/trusty/tipc_virtio_dev.c
index fe29117..14f27d4 100644
--- a/lib/trusty/tipc_virtio_dev.c
+++ b/lib/trusty/tipc_virtio_dev.c

@@ -1096,6 +1096,10 @@
     vqueue_destroy(&dev->vqs[TIPC_VQ_RX]);
     vqueue_destroy(&dev->vqs[TIPC_VQ_TX]);
 
+    /* destroy iovs left over from reuse_mapping */
+    vqueue_unmap_list(&dev->receive_mapped);
+    vqueue_unmap_list(&dev->send_mapped);
+
     /* enter reset state */
     dev->vd.state = VDEV_STATE_RESET;
 

diff --git a/lib/trusty/vqueue.c b/lib/trusty/vqueue.c
index 5a59ac5..9192e94 100644
--- a/lib/trusty/vqueue.c
+++ b/lib/trusty/vqueue.c

@@ -434,6 +434,18 @@
     return ERR_NOT_FOUND;
 }
 
+void vqueue_unmap_list(struct vqueue_mapped_list* mapped_list) {
+    struct vqueue_mem_obj* obj;
+
+    mutex_acquire(&mapped_list->lock);
+    bst_for_every_entry_delete(&mapped_list->list, obj, struct vqueue_mem_obj,
+                               node) {
+        vmm_free_region(vmm_get_kernel_aspace(), (vaddr_t)obj->iov_base);
+        free(obj);
+    }
+    mutex_release(&mapped_list->lock);
+}
+
 static int _vqueue_add_buf_locked(struct vqueue* vq,
                                   struct vqueue_buf* buf,
                                   uint32_t len) {

diff --git a/lib/trusty/vqueue.h b/lib/trusty/vqueue.h
index 05c095f..af9c411 100644
--- a/lib/trusty/vqueue.h
+++ b/lib/trusty/vqueue.h

@@ -106,6 +106,8 @@
                        struct vqueue_mapped_list* mapped_list[],
                        int list_cnt);
 
+void vqueue_unmap_list(struct vqueue_mapped_list* mapped_list);
+
 int vqueue_add_buf(struct vqueue* vq, struct vqueue_buf* buf, uint32_t len);
 
 void vqueue_signal_avail(struct vqueue* vq);