"99164a05ff515a077ff0f3e1550838d24623665b" (history) in projects: optee_os

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:"99164 a05ff515a077ff0f3e1550838d24623665b" (Results 1 – 3 of 3) sorted by relevance

/optee_os/core/include/kernel/
H A D	tee_ta_manager.h	99164a05ff515a077ff0f3e1550838d24623665b Mon Feb 04 14:56:42 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> core: do not use virtual addresses as session identifier Session context virtual address is returned to the REE in entry_open_session(); it is then used back in entry_close_session() and entry_invoke_command(). Sharing virtual addresses with the REE leads to virtual memory addresses disclosure that could be leveraged to defeat ASLR (if/when implemented) and/or mount an attack. Similarly, syscall_open_ta_session() returns a session ID directly derived from the session virtual address to the caller TA. This commit introduces a 32-bit identifier field in struct tee_ta_session. The ID is generated when the session is created, starting from the id of the last session in the queue, and counting up until a number that is not used in the session queue is found. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.1] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
/optee_os/core/kernel/
H A D	tee_ta_manager.c	99164a05ff515a077ff0f3e1550838d24623665b Mon Feb 04 14:56:42 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> core: do not use virtual addresses as session identifier Session context virtual address is returned to the REE in entry_open_session(); it is then used back in entry_close_session() and entry_invoke_command(). Sharing virtual addresses with the REE leads to virtual memory addresses disclosure that could be leveraged to defeat ASLR (if/when implemented) and/or mount an attack. Similarly, syscall_open_ta_session() returns a session ID directly derived from the session virtual address to the caller TA. This commit introduces a 32-bit identifier field in struct tee_ta_session. The ID is generated when the session is created, starting from the id of the last session in the queue, and counting up until a number that is not used in the session queue is found. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.1] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
/optee_os/core/tee/
H A D	tee_svc.c	99164a05ff515a077ff0f3e1550838d24623665b Mon Feb 04 14:56:42 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> core: do not use virtual addresses as session identifier Session context virtual address is returned to the REE in entry_open_session(); it is then used back in entry_close_session() and entry_invoke_command(). Sharing virtual addresses with the REE leads to virtual memory addresses disclosure that could be leveraged to defeat ASLR (if/when implemented) and/or mount an attack. Similarly, syscall_open_ta_session() returns a session ID directly derived from the session virtual address to the caller TA. This commit introduces a 32-bit identifier field in struct tee_ta_session. The ID is generated when the session is created, starting from the id of the last session in the queue, and counting up until a number that is not used in the session queue is found. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.1] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org>