| #
eb4a988a |
| 14-Jul-2023 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: add user buffer to tee_invoke_supp_plugin_rpc()
Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of
core: add user buffer to tee_invoke_supp_plugin_rpc()
Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of
core memory. tee_invoke_supp_plugin_rpc() can still take a core memory
buffer as an argument if needed.
PTA_SYSTEM_SUPP_PLUGIN_INVOKE in the system PTA is updated to pass the
memref as a user memory buffer instead of a core memory buffer.
This fixes a direct privileged memory access to user space memory.
Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| #
9c4aaf67 |
| 11-Jan-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: make mobj_get_va() more secure
Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.
core: make mobj_get_va() more secure
Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
f97ae380 |
| 08-Dec-2020 |
Aleksandr Anisimov <a.anisimov@omprussia.ru> |
core: add a new RPC as an interface to tee-supplicant plugins
Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup proces
core: add a new RPC as an interface to tee-supplicant plugins
Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup process
using libdl.
It makes it easy to:
- add new features in the supplicant that aren't needed in upstream,
e.g. Rich OS specific services;
- sync upstream version with own fork;
This patch adds a new RPC - 'OPTEE_RPC_CMD_SUPP_PLUGIN' as an unified
interface between OP-TEE and any plugins. Kernel code can use it
to call for execution of some command in plugins.
Every plugin has own name based on UUID.
OP-TEE has access to plugins by it.
See definition of protocol for the plugin RPC command
in 'core/include/optee_rpc_cmd.h' file.
Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|