class FakeMapRange

We create a fake_map_vmar_ when the allocated buffers are secure, as part of minimizing the

code differences between non-secure memory and secure memory. The CodecBuffer::buffer_base()

will return the fake_map_addr_, and data pointers can still be meaningful in terms of their

distance from buffer_base() of their buffer (depending on CodecAdapter implementation). We

only create one vmar since we don't really need one per buffer. Doing this also robustly

detects any CodecAdapter code that's trying to directly access buffer contents despite the

buffer being secure memory (without the read getting stuck, and without aarch64 speculative

execution potentially creating spurious faults IIUC). We never actaully map a secure buffer

VMO, but we do fake it using these fields.

TODO(dustingreen): Depending on the cost in kernel vaddr range tracking resources, if it

becomes safe to just map a secure VMO (in the sense that faults would work and only occur if

actually touched), we could get rid of this fake map stuff and just let the secure VMOs be

mapped. They'd still not actually be touched unless there's a bug, so hopefully page table

resources wouldn't be consumed (except transiently in faulting if there's a bug in a

CodecAdapter where it tries to directly touch a secure VMO via buffer_base()). This fake map

stuff is a workaround due to not being able to set uncached policy on contig VMOs to mitigate

spurious faults via cached mapping / writes that seem to complete instead of faulting + reads

from secure VMO mapping getting stuck instead of getting a process-visible fault.