Tee-dev

tee-dev@lists.linaro.org

291 discussions

[PATCH] tee: shm: fix use-after-free via temporarily dropped reference

by Jens Wiklander

From: Jann Horn <jannh(a)google.com> Bump the file's refcount before moving the reference into the fd table, not afterwards. The old code could drop the file's refcount to zero for a short moment before calling get_file() via get_dma_buf(). This code can only be triggered on ARM systems that use Linaro's OP-TEE. Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- drivers/tee/tee_shm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 556960a1bab3..07d3be6f0780 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -360,9 +360,10 @@ int tee_shm_get_fd(struct tee_shm *shm) if (!(shm->flags & TEE_SHM_DMA_BUF)) return -EINVAL; + get_dma_buf(shm->dmabuf); fd = dma_buf_fd(shm->dmabuf, O_CLOEXEC); - if (fd >= 0) - get_dma_buf(shm->dmabuf); + if (fd < 0) + dma_buf_put(shm->dmabuf); return fd; } -- 2.17.0

6 years, 6 months

[PATCH] core: arm: imx: add i.MX6Q Nitrogen6x support

by Amit Singh Tomar

This patch adds support for Nitogen6x based. It is based on NXP's popular i.MX6 ARM-Cortex A9 processor[1]. 1. Build command: make PLATFORM=imx-mx6qnitrogen6x 2. Pass xtest [1] https://boundarydevices.com/product/nitrogen6x-board-imx6-arm-cortex-a9-sbc/ Signed-off-by: Amit Singh Tomar <amittomer25(a)gmail.com> --- CHANGELOG.md | 1 + README.md | 1 + core/arch/arm/plat-imx/conf.mk | 2 +- core/arch/arm/plat-imx/platform_config.h | 8 +++++--- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77cd648..49371a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -700,6 +700,7 @@ platform.  * d02: extended * hikey: extended +* imx-mx6qnitrogen6x: standard * imx-mx6qsabrelite: standard * imx-mx6qsabresd: standard * rcar-h3: standard, pass except issues [#1092][issue1092] and [#1093][issue1093] diff --git a/README.md b/README.md index e3e9a87..8a81545 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ The **Maintained?** column shows: | [NXP ls1046ardb](http://www.nxp.com/products/microcontrollers-and-processors/pow… Yes | ![Actively Maintained](documentation/images/green.svg) | | [FSL i.MX6 Quad SABRE Lite Board](https://boundarydevices.com/product/sabre-lite-imx6-sbc/) |`PLATFORM=imx-mx6qsabrelite`| Yes | ![Not maintained](documentation/images/red.svg) v2.2.0 | | [FSL i.MX6 Quad SABRE SD Board](http://www.nxp.com/products/software-and-tools/hardware-development-… |`PLATFORM=imx-mx6qsabresd`| Yes | ![Not maintained](documentation/images/red.svg) v2.2.0 | +| [NXP/FSL i.MX6 Quad Nitrogen6x Board](https://boundarydevices.com/product/nitrogen6x-board-imx6-arm-cortex… |`PLATFORM=imx-mx6qnitrogen6x`| Yes | ![Actively maintained](documentation/images/green.svg) v3.1.0 | | [FSL i.MX6 UltraLite EVK Board](http://www.freescale.com/products/arm-processors/i.mx-applications-p… |`PLATFORM=imx-mx6ulevk`| Yes | ![Actively Maintained](documentation/images/green.svg) | | [NXP i.MX7Dual SabreSD Board](http://www.nxp.com/products/software-and-tools/hardware-development-… |`PLATFORM=imx-mx7dsabresd`| Yes | ![Actively Maintained](documentation/images/green.svg) | | [NXP i.MX7Solo WaRP7 Board](http://www.nxp.com/products/developer-resources/reference-designs/wa… |`PLATFORM=imx-mx7warp7`| Yes | ![Actively Maintained](documentation/images/green.svg) | diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk index 5c9f04d..88aec52 100644 --- a/core/arch/arm/plat-imx/conf.mk +++ b/core/arch/arm/plat-imx/conf.mk @@ -3,7 +3,7 @@ PLATFORM_FLAVOR ?= mx6ulevk # Get SoC associated with the PLATFORM_FLAVOR mx6ul-flavorlist = mx6ulevk mx6ull-flavorlist = mx6ullevk -mx6q-flavorlist = mx6qsabrelite mx6qsabresd +mx6q-flavorlist = mx6qsabrelite mx6qsabresd mx6qnitrogen6x mx6sx-flavorlist = mx6sxsabreauto mx6d-flavorlist = mx6dl-flavorlist = mx6dlsabresd diff --git a/core/arch/arm/plat-imx/platform_config.h b/core/arch/arm/plat-imx/platform_config.h index 30d9947..f089108 100644 --- a/core/arch/arm/plat-imx/platform_config.h +++ b/core/arch/arm/plat-imx/platform_config.h @@ -110,7 +110,8 @@ #include <imx-regs.h> /* Board specific console UART */ -#if defined(PLATFORM_FLAVOR_mx6qsabrelite) +#if defined(PLATFORM_FLAVOR_mx6qsabrelite) || \ + defined(PLATFORM_FLAVOR_mx6qnitrogen6x) #define CONSOLE_UART_BASE UART2_BASE #endif #if defined(PLATFORM_FLAVOR_mx6qsabresd) @@ -122,8 +123,9 @@ /* Board specific RAM size */ #if defined(PLATFORM_FLAVOR_mx6qsabrelite) || \ - defined(PLATFORM_FLAVOR_mx6qsabresd) || \ - defined(PLATFORM_FLAVOR_mx6dlsabresd) + defined(PLATFORM_FLAVOR_mx6qsabresd) || \ + defined(PLATFORM_FLAVOR_mx6dlsabresd) || \ + defined(PLATFORM_FLAVOR_mx6qnitrogen6x) #define DRAM0_SIZE 0x40000000 #endif -- 1.9.1

6 years, 6 months

How much does TA know about client applications??

by Francis Akowuah

Hello, I would like to know the kind of information that a Trusted Application know about the client applications that interact with them? Is there a way for a TA to distinguish between two client applications? If the TA has no knowledge about CAs, how about the OPTEE kernel? Does the kernel know any information that can differentiate between client applications?? Thank you, Francis

6 years, 7 months

OP-TEE 3.1.0-rc1 is available for testing

by Jens Wiklander

Hello OP-TEE contributors and maintainers, We are on our way to OP-TEE release 3.1.0. I have created a release candidate tag (3.1.0-rc1) in the various OP-TEE repositories (optee_os, optee_client, optee_test, optee_examples). Please help with testing on your favorite platform and report success (Tested-by:) or issues in the "changelog" pull request [1]. [1] https://github.com/OP-TEE/optee_os/pull/2235 Thanks for your help and support, Jens OP-TEE Maintainer

6 years, 7 months

CryptoCell support in OP-TEE

by Volodymyr Babchuk

Hello, I have a question about hardware acceleration of cryptography in OP-TEE. I know that some platforms has ARM CryptoCell support. AFAIK, all documentation on this topic is closed and (in some cases) under export restrictions. So only way to use CryptoCell is to somehow obtain binary library from ARM. So, do you have any information on this topic? Is it possible to use HW accelerators in OP-TEE? What is required for this? -- WBR Volodymyr Babchuk aka lorc [+380976646013] mailto: vlad.babchuk(a)gmail.com

6 years, 7 months

[PATCH] optee: fix the dead loop problem when there is signal pending

by Zeng Tao

when the current process is doing a rpc call from optee, and if there is a signal pending on the process, it will enter dead loop if the tee-supplicant is working correctly, fix the problem by breaking out the loop when the rpc job is finished. Signed-off-by: Zeng Tao <prime.zeng(a)hisilicon.com> --- drivers/tee/optee/supp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c index b4ea067..170dedb 100644 --- a/drivers/tee/optee/supp.c +++ b/drivers/tee/optee/supp.c @@ -107,6 +107,13 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, mutex_unlock(&supp->ctx_mutex); if (interruptable) break; + + /* + * if there is signal pending, and the supplicant has finished + * the rpc job, we need to break out the loop + */ + if (try_wait_for_completion(&supp->data_from_supp)) + break; } ret = supp->ret; -- 2.7.4

6 years, 8 months

(Gen Tee Driver API in the Linux Kernel) Reopen the Topic of TEE Kernel Client API

by Thomas M Zeng

Hello TEE POCs: We came across Jens' 2015 patch: https://github.com/linaro-swg/linux/commit/b8d05a0934b2 What is the status of the kernel client API below? Is it slated to go upstream in the 4.16 or 4.17 kernel? I ask because we have use cases that, if ported to the Generic TEE interface, may require tee_shm_alloc() and friends to be available for use cases such as the Linux soc-specific kernel entropy manager requesting TEE side to provide PRNG data. The above patch would be a good starting point. For instance, we were looking at using the following two APIs from Jens' patch to open and close context objects. They will enable the clients to use "tee_shm_alloc". Cheers, -thomas

6 years, 9 months

Meltdown on optee

by Kris Kwiatkowski

Hi Guys, I see fix for Variant3/meltdown is almost there. Congrats, that's quick. Do you know of any device that officially supported and vulnerable to variant 3? Kris

6 years, 10 months

OP-TEE 3.0.0

by Jerome Forissier

Hi, We shall be releasing OP-TEE 3.0.0 soon, so if you have pending pull requests you'd like merged, please update them ASAP. Target date for the release was January 19th but we may slip a bit due to Spectre and Meltdown. As soon as the vulnerability patches are in, I'll create a -rc1 tag. Thanks, -- Jerome

6 years, 10 months

[PATCH 0/2] Fix tee: optee: add dynamic shared memory support

by Jens Wiklander

Hi, These two patches complements the previously posted patchset "tee: optee: add dynamic shared memory support" https://lwn.net/Articles/740242/ Tests are added to see that the registered shared memory cache attributes are compatible with OP-TEE in secure world. Under normal circumstances they will be compatible, but if memory has been previously mapped from a device with special page attributes it could lead to trouble. Thanks, Jens Jens Wiklander (2): tee: add start argument to shm_register callback tee: optee: check type of registered shared memory drivers/tee/optee/call.c | 50 +++++++++++++++++++++++++++++++++++---- drivers/tee/optee/optee_private.h | 6 +++-- drivers/tee/tee_shm.c | 2 +- include/linux/tee_drv.h | 3 ++- 4 files changed, 53 insertions(+), 8 deletions(-) -- 2.14.1

6 years, 10 months

← Newer
1
...
18
19
20
21
22
23
24
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev