| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Apr 2021 09:40:52 +0200
From: Jens Wiklander <jens.wiklander@...aro.org>
To: Sumit Garg <sumit.garg@...aro.org>
Cc: Jerome Forissier <jerome@...issier.org>,
OP-TEE TrustedFirmware <op-tee@...ts.trustedfirmware.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] tee: optee: do not check memref size on return from
Secure World
On Thu, Mar 25, 2021 at 3:18 PM Sumit Garg <sumit.garg@...aro.org> wrote:
>
> On Mon, 22 Mar 2021 at 16:11, Jerome Forissier via OP-TEE
> <op-tee@...ts.trustedfirmware.org> wrote:
> >
> > When Secure World returns, it may have changed the size attribute of the
> > memory references passed as [in/out] parameters. The GlobalPlatform TEE
> > Internal Core API specification does not restrict the values that this
> > size can take. In particular, Secure World may increase the value to be
> > larger than the size of the input buffer to indicate that it needs more.
> >
> > Therefore, the size check in optee_from_msg_param() is incorrect and
> > needs to be removed. This fixes a number of failed test cases in the
> > GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09
> > when OP-TEE is compiled without dynamic shared memory support
> > (CFG_CORE_DYN_SHM=n).
> >
> > Suggested-by: Jens Wiklander <jens.wiklander@...aro.org>
> > Signed-off-by: Jerome Forissier <jerome@...issier.org>
> > ---
> > drivers/tee/optee/core.c | 10 ----------
> > 1 file changed, 10 deletions(-)
> >
>
> Looks good to me.
>
> Reviewed-by: Sumit Garg <sumit.garg@...aro.org>
Thanks, I'm picking this up.
Cheers,
Jens
Powered by blists - more mailing lists