diff options
author | Cedric Neveux <cedric.neveux@nxp.com> | 2020-04-07 09:42:27 +0200 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2020-04-07 14:27:48 +0200 |
commit | ee3e1c543ee5e81af4ed3307de7dd3383f4085ce (patch) | |
tree | 652289265e1ac07fabf9e1ebec9483f82546b3be /core/tee | |
parent | 2288b0710bbb11dd45a4bdcd87eacae5d1851c2e (diff) |
core: utee_param_to_param(): set mobj to NULL when NULL memrefs of size 0
Set the tee_ta_param mobj to NULL if user parameter is a NULL memrefs
of size 0.
When mobj pointer is NULL, it also identify the last parameter of the list.
Fixes: 9d2e798360b5 ("core: TEE capability for null sized memrefs support")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'core/tee')
-rw-r--r-- | core/tee/tee_svc.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/core/tee/tee_svc.c b/core/tee/tee_svc.c index fd334535..78b6a23f 100644 --- a/core/tee/tee_svc.c +++ b/core/tee/tee_svc.c @@ -514,9 +514,19 @@ static TEE_Result utee_param_to_param(struct user_ta_ctx *utc, flags |= TEE_MEMORY_ACCESS_WRITE; /*FALLTHROUGH*/ case TEE_PARAM_TYPE_MEMREF_INPUT: - p->u[n].mem.mobj = &mobj_virt; p->u[n].mem.offs = a; p->u[n].mem.size = b; + + if (!p->u[n].mem.offs) { + /* Allow NULL memrefs if of size 0 */ + if (p->u[n].mem.size) + return TEE_ERROR_BAD_PARAMETERS; + p->u[n].mem.mobj = NULL; + break; + } + + p->u[n].mem.mobj = &mobj_virt; + if (tee_mmu_check_access_rights(&utc->uctx, flags, a, b)) return TEE_ERROR_ACCESS_DENIED; |