blob: 055b57c2df81159cb0556e16b96b22e8d280ce95 [file] [log] [blame]
// Copyright 2017 The Fuchsia Authors
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file or at
#include <fbl/ref_ptr.h>
#include <kernel/range_check.h>
#include <object/process_dispatcher.h>
#include <object/resource_dispatcher.h>
#include <object/resource.h>
#include <zircon/syscalls/resource.h>
#include <trace.h>
#define LOCAL_TRACE 0
// TODO(ZX-2419): Take another look at validation and consider returning
// dispatchers or move validation into the parent dispatcher itself.
// Check if the resource referenced by |handle| is of kind |kind|, or ZX_RSRC_KIND_ROOT.
// Possible errors:
// ++ ZX_ERR_ACCESS_DENIED: |handle| is not the right |kind| of handle.
// ++ ZX_ERR_WRONG_TYPE: |handle| is not a valid handle.
zx_status_t validate_resource(zx_handle_t handle, uint32_t kind) {
auto up = ProcessDispatcher::GetCurrent();
fbl::RefPtr<ResourceDispatcher> resource;
auto status = up->GetDispatcher(handle, &resource);
if (status != ZX_OK) {
return status;
auto res_kind = resource->get_kind();
if (res_kind == kind || res_kind == ZX_RSRC_KIND_ROOT) {
return ZX_OK;
zx_status_t validate_ranged_resource(fbl::RefPtr<ResourceDispatcher> resource,
uint32_t kind,
uintptr_t base,
size_t size) {
// Root gets access to everything and has no region to match against
if (resource->get_kind() == ZX_RSRC_KIND_ROOT) {
return ZX_OK;
if (resource->get_kind() != kind) {
uint64_t rbase = resource->get_base();
size_t rsize = resource->get_size();
// In the specific case of MMIO, everything is rounded to PAGE_SIZE units
// because it's the smallest unit we can operate at with the MMU.
if (resource->get_kind() == ZX_RSRC_KIND_MMIO) {
const uint64_t aligned_rbase = ROUNDDOWN(rbase, PAGE_SIZE);
rsize = PAGE_ALIGN((rbase - aligned_rbase) + rsize);
rbase = aligned_rbase;
LTRACEF("req [base %#lx size %#lx] and resource [base %#lx size %#lx]\n", base, size, rbase, rsize);
// Check for intersection and make sure the requested base+size fits within
// the resource's address space allocation.
uintptr_t ibase;
size_t isize;
if (!GetIntersect(base, size, rbase, rsize, &ibase, &isize) ||
isize != size ||
ibase != base) {
return ZX_OK;
// Check if the resource referenced by |handle| is of kind |kind|, or ZX_RSRC_KIND_ROOT. If
// |kind| matches the resource's kind, then range validation between |base| and |size| will
// be made against the resource's backing address space allocation.
// Possible errors:
// ++ ZX_ERR_ACCESS_DENIED: |handle| is not a valid handle.
// ++ ZX_ERR_WRONG_TYPE: |handle| is not a valid resource handle, or |kind| is invalid for
// the request.
// ++ ZX_ERR_OUT_OF_RANGE: The range specified by |base| and |Len| is not granted by this
// resource.
zx_status_t validate_ranged_resource(zx_handle_t handle, uint32_t kind, uintptr_t base,
size_t size) {
auto up = ProcessDispatcher::GetCurrent();
fbl::RefPtr<ResourceDispatcher> resource;
auto status = up->GetDispatcher(handle, &resource);
if (status != ZX_OK) {
return status;
return validate_ranged_resource(resource, kind, base, size);