Searched hist:"2429722 ff689295f09976b60c14da6edff94963f" (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/arch/arm/kernel/ |
| H A D | virtualization.c | 2429722ff689295f09976b60c14da6edff94963f Thu Dec 19 04:14:44 UTC 2024 Yuvraj Sakshith <ysakshith@gmail.com> core: arm: guest ID test for notif and VM creation
Block normal world from calling OPTEE_SMC_VM_CREATED with reserved
hypervisor client-id (0) as VMID parameter.
Normal world calls OPTEE_SMC_VM_CREATED with guest VMID in a1 and
HYP_CLNT_ID in a7. This eventually leads to copying of __data_start
to __data_end from the default partition to the guest's MMU partition.
Everything goes well until normal world passes HYP_CLNT_ID into a1 which
goes unchecked in OPTEE. When the "second VM" is created from normal
world, the first VM's MMU partition's __data_start is copied into
the new VM's MMU partition which eventually breaks the bpool freelist
pointers.
This can deliberately be used by normal world to put OP-TEE into panic.
Set guest ID when NOTIF_EVENT_STARTED is called preventing assetion
failure in get_notif_data().
Fixes: d237e616e155 ("core: make generic notifications virtualization-aware")
Signed-off-by: Yuvraj Sakshith <ysakshith@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
|