mm: add sys_mm_drv_map_* functions with region check

marcinszkudlinski · henrikbrixandersen · commit 01d35752a4c9 · 2025-08-12T21:33:20.000+02:00
the commit adds sys_mm_drv_map_page_safe and sys_mm_drv_map_region_safe
functions, wrappers for sys_mm_drv_map_region and sys_mm_drv_map_region,
with additional check if a mapped region fits into given memory range

Using of those prevents collisions and/or hijacking of virtual memory

Signed-off-by: Marcin Szkudlinski &lt;marcin.szkudlinski@intel.com&gt;
diff --git a/drivers/mm/mm_drv_common.c b/drivers/mm/mm_drv_common.c
@@ -29,6 +29,37 @@
 
 struct k_spinlock sys_mm_drv_common_lock;
 
+int sys_mm_drv_map_region_safe(const struct sys_mm_drv_region *virtual_region,
+			       void *virt, uintptr_t phys, size_t size,
+			       uint32_t flags)
+{
+	uintptr_t virtual_region_start = POINTER_TO_UINT(virtual_region->addr);
+	uintptr_t virtual_region_end = virtual_region_start + virtual_region->size;
+
+	/* check if memory to be mapped is within given virtual region */
+	if ((POINTER_TO_UINT(virt) >= virtual_region_start) &&
+	    (POINTER_TO_UINT(virt) + size < virtual_region_end)) {
+		return sys_mm_drv_map_region(virt, phys, size, flags);
+	}
+
+	return -EINVAL;
+}
+
+int sys_mm_drv_map_page_safe(const struct sys_mm_drv_region *virtual_region,
+			     void *virt, uintptr_t phys, uint32_t flags)
+{
+	uintptr_t virtual_region_start = POINTER_TO_UINT(virtual_region->addr);
+	uintptr_t virtual_region_end = virtual_region_start + virtual_region->size;
+
+	/* check if memory to be mapped is within given virtual region */
+	if ((POINTER_TO_UINT(virt) >= virtual_region_start) &&
+	    (POINTER_TO_UINT(virt) + CONFIG_MM_DRV_PAGE_SIZE < virtual_region_end)) {
+		return sys_mm_drv_map_page(virt, phys, flags);
+	}
+
+	return -EINVAL;
+}
+
 bool sys_mm_drv_is_addr_array_aligned(uintptr_t *addr, size_t cnt)
 {
 	size_t idx;
diff --git a/include/zephyr/drivers/mm/system_mm.h b/include/zephyr/drivers/mm/system_mm.h
@@ -54,6 +54,18 @@ extern "C" {
 /** Reserved bits for cache modes */
 #define SYS_MM_MEM_CACHE_MASK		(BIT(3) - 1)
 
+/**
+ * @brief Represents an available memory region.
+ *
+ * A memory region that can be used by allocators. Driver defined
+ * attributes can be used to guide the proper usage of each region.
+ */
+struct sys_mm_drv_region {
+	void *addr; /**< @brief Address of the memory region */
+	size_t size; /**< @brief Size of the memory region */
+	uint32_t attr; /**< @brief Driver defined attributes of the memory region */
+};
+
 /**
  * @}
  */
@@ -109,6 +121,18 @@ extern "C" {
  */
 int sys_mm_drv_map_page(void *virt, uintptr_t phys, uint32_t flags);
 
+/**
+ * @brief Map one physical page into the virtual address space with region check
+ *
+ * This maps one physical page into the virtual address space by calling
+ * sys_mm_drv_map_page. Refer to sys_mm_drv_map_page for references
+ *
+ * Before call it performs a safety check by verifying if the mapped virtual memory page
+ * fits into a given virtual region
+ */
+int sys_mm_drv_map_page_safe(const struct sys_mm_drv_region *virtual_region,
+			     void *virt, uintptr_t phys, uint32_t flags);
+
 /**
  * @brief Map a region of physical memory into the virtual address space
  *
@@ -133,6 +157,19 @@ int sys_mm_drv_map_page(void *virt, uintptr_t phys, uint32_t flags);
 int sys_mm_drv_map_region(void *virt, uintptr_t phys,
 			  size_t size, uint32_t flags);
 
+/**
+ * @brief Map a region of physical memory into the virtual address space with region check
+ *
+ * This maps a region of physical memory into the virtual address space by calling
+ * sys_mm_drv_map_region. Refer to sys_mm_drv_map_region for references
+ *
+ * Before call it performs a safety check by verifying if the mapped virtual memory pages
+ * fit into a given virtual region
+ */
+int sys_mm_drv_map_region_safe(const struct sys_mm_drv_region *virtual_region,
+			       void *virt, uintptr_t phys, size_t size,
+			       uint32_t flags);
+
 /**
  * @brief Map an array of physical memory into the virtual address space
  *
@@ -402,18 +439,6 @@ int sys_mm_drv_update_region_flags(void *virt, size_t size, uint32_t flags);
  */
 int sys_mm_drv_page_phys_get(void *virt, uintptr_t *phys);
 
-/**
- * @brief Represents an available memory region.
- *
- * A memory region that can be used by allocators. Driver defined
- * attributes can be used to guide the proper usage of each region.
- */
-struct sys_mm_drv_region {
-	void *addr; /**< @brief Address of the memory region */
-	size_t size; /**< @brief Size of the memory region */
-	uint32_t attr; /**< @brief Driver defined attributes of the memory region */
-};
-
 /* TODO is it safe to assume no valid region has size == 0? */
 /**
  * @brief Iterates over an array of regions returned by #sys_mm_drv_query_memory_regions
