| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFA6WYOvBNcGe+4ndq-YmM6haVoH4QiM7goYw5T40mR15muQKQ@mail.gmail.com>
Date: Thu, 26 Mar 2020 14:37:29 +0530
From: Sumit Garg <sumit.garg@...aro.org>
To: Jérôme Forissier <jerome@...issier.org>
Cc: Jens Wiklander <jens.wiklander@...aro.org>,
"tee-dev @ lists . linaro . org" <tee-dev@...ts.linaro.org>,
Daniel Thompson <daniel.thompson@...aro.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [Tee-dev] [PATCH v5 2/2] tee: add private login method for kernel clients
On Thu, 26 Mar 2020 at 14:05, Jérôme Forissier <jerome@...issier.org> wrote:
>
> On Thu, Mar 26, 2020 at 8:24 AM Sumit Garg <sumit.garg@...aro.org> wrote:
>>
>> There are use-cases where user-space shouldn't be allowed to communicate
>> directly with a TEE device which is dedicated to provide a specific
>> service for a kernel client. So add a private login method for kernel
>> clients
>
>
> OK
>
>> and disallow user-space to open-session using GP implementation
>> defined login method range: (0x80000000 - 0xFFFFFFFF).
>
>
> I'm not sure this is correct, because it would prevent the client library or the TEE supplicant from using such values, although they are part of the TEE implementation; and further, nothing mandates that an implementation-defined method should not be used directly by client applications.
>
Initial implementation of this patch only put restriction for single
implementation-defined login method (TEE_IOCTL_LOGIN_REE_KERNEL) only.
But after discussion with Jens here [1], I have changed that to
restrict complete implementation-defined range. If we think to further
partition this range considering API stability then I am open to that
too.
[1] https://lore.kernel.org/patchwork/patch/1088062/
-Sumit
> --
> Jerome
>
>>
>>
>> Signed-off-by: Sumit Garg <sumit.garg@...aro.org>
>> ---
>> drivers/tee/tee_core.c | 6 ++++++
>> include/uapi/linux/tee.h | 8 ++++++++
>> 2 files changed, 14 insertions(+)
>>
>> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
>> index 37d22e3..533e7a8 100644
>> --- a/drivers/tee/tee_core.c
>> +++ b/drivers/tee/tee_core.c
>> @@ -334,6 +334,12 @@ static int tee_ioctl_open_session(struct tee_context *ctx,
>> goto out;
>> }
>>
>> + if (arg.clnt_login & TEE_IOCTL_LOGIN_MASK) {
>> + pr_debug("login method not allowed for user-space client\n");
>> + rc = -EPERM;
>> + goto out;
>> + }
>> +
>> rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
>> if (rc)
>> goto out;
>> diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
>> index 6596f3a..19172a2 100644
>> --- a/include/uapi/linux/tee.h
>> +++ b/include/uapi/linux/tee.h
>> @@ -173,6 +173,14 @@ struct tee_ioctl_buf_data {
>> #define TEE_IOCTL_LOGIN_APPLICATION 4
>> #define TEE_IOCTL_LOGIN_USER_APPLICATION 5
>> #define TEE_IOCTL_LOGIN_GROUP_APPLICATION 6
>> +/*
>> + * Disallow user-space to use GP implementation specific login
>> + * method range (0x80000000 - 0xFFFFFFFF). This range is rather
>> + * being reserved for REE kernel clients or TEE implementation.
>> + */
>> +#define TEE_IOCTL_LOGIN_MASK 0x80000000
>> +/* Private login method for REE kernel clients */
>> +#define TEE_IOCTL_LOGIN_REE_KERNEL 0x80000000
>>
>> /**
>> * struct tee_ioctl_param - parameter
>> --
>> 2.7.4
>>
>> _______________________________________________
>> Tee-dev mailing list
>> Tee-dev@...ts.linaro.org
>> https://lists.linaro.org/mailman/listinfo/tee-dev
Powered by blists - more mailing lists