DemesneGH commented on code in PR #278:
URL:
https://github.com/apache/teaclave-trustzone-sdk/pull/278#discussion_r2781151787
##########
optee-utee/src/parameter.rs:
##########
@@ -69,27 +77,137 @@ impl<'parameter> ParamValue<'parameter> {
}
}
-pub struct ParamMemref<'parameter> {
- raw: *mut raw::Memref,
+/// A [`Parameter`] that is a reference to CA-controlled shared memory.
+///
+/// Note: The memory it points to is volatile and can contain maliciously
crafted
+/// data, so care should be taken when accessing it. For a safe api, first
check
+/// the type of the memref via [`Self::in_`], [`Self::out`], or
[`Self::inout`].
+///
+/// These will return type type-safe versions that unsure that read or write
access
+/// is only allowed based on the underlying [`ParamType`].
+///
+/// Then, call [`Self::buffer`] which returns a [`VolatileBuf`] that can be
accessed
+/// safely.
+pub struct ParamMemref<'parameter, A = NoAccess> {
+ raw: NonNull<raw::Memref>,
param_type: ParamType,
- _marker: marker::PhantomData<&'parameter mut [u8]>,
+ capacity: usize,
+ _phantom_param: marker::PhantomData<&'parameter mut [u8]>,
+ _phantom_access: marker::PhantomData<A>,
}
-impl<'parameter> ParamMemref<'parameter> {
- pub fn buffer(&mut self) -> &mut [u8] {
- unsafe { slice::from_raw_parts_mut((*self.raw).buffer as *mut u8,
(*self.raw).size) }
+impl<'parameter, A> ParamMemref<'parameter, A> {
+ // Helper function to cast access.
+ fn access<NewAccess>(
+ self,
+ expected_param_type: ParamType,
+ ) -> Result<ParamMemref<'parameter, NewAccess>, InvalidAccessErr<Self,
NewAccess>> {
+ if self.param_type != expected_param_type {
+ return Err(InvalidAccessErr {
+ param_type: self.param_type,
+ value: self,
+ _phantom: marker::PhantomData,
+ });
+ }
+
+ Ok(ParamMemref::<'parameter, NewAccess> {
+ raw: self.raw,
+ param_type: self.param_type,
+ capacity: self.capacity,
+ _phantom_param: marker::PhantomData,
+ _phantom_access: marker::PhantomData,
+ })
+ }
+
+ /// Checks that this param is a [`ParamType::MemrefInput`] and casts
access to [`Read`].
+ pub fn in_(self) -> Result<ParamMemref<'parameter, Read>,
InvalidAccessErr<Self, Read>> {
Review Comment:
I see `in` is a reserved keyword in Rust, but `in_()` is a little awkward
for user interface. How about naming as `input()`, `output()`?
##########
optee-utee/src/parameter.rs:
##########
@@ -171,6 +291,20 @@ pub enum ParamType {
MemrefInout = 7,
}
+impl Display for ParamType {
Review Comment:
Recommend using strum_macros::Display
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
