"c10e3fa93d24c93ee714435b8eb320ee97de2a4c" (history) in projects: optee_os

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:c10e3fa93d24c93ee714435b8eb320ee97de2a4c (Results 1 – 2 of 2) sorted by relevance

/optee_os/core/include/kernel/
H A D	tee_ta_manager.h	c10e3fa93d24c93ee714435b8eb320ee97de2a4c Thu Aug 31 11:18:35 UTC 2023 Jens Wiklander <jens.wiklander@linaro.org> core: fix race in handling TA panic A TA context (struct tee_ta_ctx), can only be accessed and manipulated if either locked or set to busy by the current thread, or if it has no no other references. Prior to this patch this wasn't followed by tee_ta_open_session(), tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to the "panicked" field of struct tee_ta_ctx. destroy_ta_ctx_from_session() was also manipulating sessions possibly being used by other threads. So fix this by only accessing the internals of the TA context while holding the needed lock. destroy_ta_ctx_from_session() is removed, the new ts_ops callback release_state() is used instead to free what can be freed from a panicked TA context. The last session referencing the TA context will free it. Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> Tested-by: Wentao Sun <wentao.sun@amlogic.com>
/optee_os/core/kernel/
H A D	tee_ta_manager.c	c10e3fa93d24c93ee714435b8eb320ee97de2a4c Thu Aug 31 11:18:35 UTC 2023 Jens Wiklander <jens.wiklander@linaro.org> core: fix race in handling TA panic A TA context (struct tee_ta_ctx), can only be accessed and manipulated if either locked or set to busy by the current thread, or if it has no no other references. Prior to this patch this wasn't followed by tee_ta_open_session(), tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to the "panicked" field of struct tee_ta_ctx. destroy_ta_ctx_from_session() was also manipulating sessions possibly being used by other threads. So fix this by only accessing the internals of the TA context while holding the needed lock. destroy_ta_ctx_from_session() is removed, the new ts_ops callback release_state() is used instead to free what can be freed from a panicked TA context. The last session referencing the TA context will free it. Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> Tested-by: Wentao Sun <wentao.sun@amlogic.com>