From 9920153e109ea973834e6f3b639902960290a19b Mon Sep 17 00:00:00 2001
From: Sam Leffler <sleffler@google.com>
Date: Thu, 23 Jun 2022 03:11:43 +0000
Subject: [PATCH] kata-memory-component: add debug asserts for attached
 capabilities

Change-Id: I1ef3fa98583a7ac59269d8c3aa15c886a0d8b768
GitOrigin-RevId: 815a4358d6516986e57dc2987f3a9ade46cbffb6
---
 .../kata-memory-component/src/run.rs          | 24 +++++++++++++------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/apps/system/components/MemoryManager/kata-memory-component/src/run.rs b/apps/system/components/MemoryManager/kata-memory-component/src/run.rs
index 3761a20..4753eb0 100644
--- a/apps/system/components/MemoryManager/kata-memory-component/src/run.rs
+++ b/apps/system/components/MemoryManager/kata-memory-component/src/run.rs
@@ -92,7 +92,9 @@ pub unsafe extern "C" fn memory_alloc(
     let raw_slice = slice::from_raw_parts(c_raw_data, c_raw_data_len as usize);
     let ret_status = match postcard::from_bytes::<ObjDescBundle>(raw_slice) {
         Ok(mut bundle) => {
-            // TODO(sleffler): verify we received a CNode in MEMORY_RECV_CNODE.
+            // We must have a CNode for returning allocated objects.
+            Camkes::debug_assert_slot_cnode("memory_alloc", &recv_path);
+
             bundle.cnode = recv_path.1;
             // NB: bundle.depth should reflect the received cnode
             KATA_MEMORY.alloc(&bundle).into()
@@ -116,7 +118,9 @@ pub unsafe extern "C" fn memory_free(
     let raw_slice = slice::from_raw_parts(c_raw_data, c_raw_data_len as usize);
     let ret_status = match postcard::from_bytes::<ObjDescBundle>(raw_slice) {
         Ok(mut bundle) => {
-            // TODO(sleffler): verify we received a CNode in MEMORY_RECV_CNODE.
+            // We must have a CNode for returning allocated objects.
+            Camkes::debug_assert_slot_cnode("memory_free", &recv_path);
+
             bundle.cnode = recv_path.1;
             // NB: bundle.depth should reflect the received cnode
             KATA_MEMORY.free(&bundle).into()
@@ -132,13 +136,19 @@ pub unsafe extern "C" fn memory_free(
 pub unsafe extern "C" fn memory_stats(
     c_raw_resp_data: *mut RawMemoryStatsData,
 ) -> MemoryManagerError {
-    // TODO(sleffler): verify no cap was received
+    let recv_path = CAMKES.get_current_recv_path();
+    // NB: make sure noone clobbers the setup done in memory__init
+    CAMKES.assert_recv_path();
+
     match KATA_MEMORY.stats() {
         Ok(stats) => {
-              match postcard::to_slice(&stats, &mut (*c_raw_resp_data)[..]) {
-                  Ok(_) => MemoryManagerError::MmeSuccess,
-                  Err(_) => MemoryManagerError::MmeSerializeFailed,
-              }
+            // Verify no cap was received
+            Camkes::debug_assert_slot_empty("memory_stats", &recv_path);
+
+            match postcard::to_slice(&stats, &mut (*c_raw_resp_data)[..]) {
+                Ok(_) => MemoryManagerError::MmeSuccess,
+                Err(_) => MemoryManagerError::MmeSerializeFailed,
+            }
         }
         Err(e) => e.into(),
     }