lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFA6WYPryB+9W6EGXvea07=JH8_cfHKF8a4BDEyPeqPVkzvutw@mail.gmail.com>
Date:   Thu, 25 Mar 2021 19:48:21 +0530
From:   Sumit Garg <sumit.garg@...aro.org>
To:     Jerome Forissier <jerome@...issier.org>
Cc:     Jens Wiklander <jens.wiklander@...aro.org>,
        op-tee@...ts.trustedfirmware.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] tee: optee: do not check memref size on return from
 Secure World

On Mon, 22 Mar 2021 at 16:11, Jerome Forissier via OP-TEE
<op-tee@...ts.trustedfirmware.org> wrote:
>
> When Secure World returns, it may have changed the size attribute of the
> memory references passed as [in/out] parameters. The GlobalPlatform TEE
> Internal Core API specification does not restrict the values that this
> size can take. In particular, Secure World may increase the value to be
> larger than the size of the input buffer to indicate that it needs more.
>
> Therefore, the size check in optee_from_msg_param() is incorrect and
> needs to be removed. This fixes a number of failed test cases in the
> GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09
> when OP-TEE is compiled without dynamic shared memory support
> (CFG_CORE_DYN_SHM=n).
>
> Suggested-by: Jens Wiklander <jens.wiklander@...aro.org>
> Signed-off-by: Jerome Forissier <jerome@...issier.org>
> ---
>  drivers/tee/optee/core.c | 10 ----------
>  1 file changed, 10 deletions(-)
>

Looks good to me.

Reviewed-by: Sumit Garg <sumit.garg@...aro.org>

-Sumit

> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 319a1e701163..ddb8f9ecf307 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -79,16 +79,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params,
>                                 return rc;
>                         p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;
>                         p->u.memref.shm = shm;
> -
> -                       /* Check that the memref is covered by the shm object */
> -                       if (p->u.memref.size) {
> -                               size_t o = p->u.memref.shm_offs +
> -                                          p->u.memref.size - 1;
> -
> -                               rc = tee_shm_get_pa(shm, o, NULL);
> -                               if (rc)
> -                                       return rc;
> -                       }
>                         break;
>                 case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT:
>                 case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT:
> --
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ