From 85daf48c40fd9ecd26f630f96eb0e3bc62dc0ff8 Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Wed, 25 Mar 2020 11:37:03 +0100
Subject: core: check writeable in tee_svc_copy_param()

Check that the callee_params are writeable too in tee_svc_copy_param()
as they will be updated in tee_svc_update_out_param() in case one of the
parameters is an "out" parameter. To keep it simple always require
callee_params to be writeable.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/tee/tee_svc.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'core/tee')

diff --git a/core/tee/tee_svc.c b/core/tee/tee_svc.c
index 5f86fceb..fd334535 100644
--- a/core/tee/tee_svc.c
+++ b/core/tee/tee_svc.c
@@ -583,6 +583,7 @@ static TEE_Result tee_svc_copy_param(struct tee_ta_session *sess,
 		memset(param, 0, sizeof(*param));
 	} else {
 		uint32_t flags = TEE_MEMORY_ACCESS_READ |
+				 TEE_MEMORY_ACCESS_WRITE |
 				 TEE_MEMORY_ACCESS_ANY_OWNER;
 
 		res = tee_mmu_check_access_rights(&utc->uctx, flags,
-- 
cgit v1.2.3