diff options
Diffstat (limited to 'core/kernel')
-rw-r--r-- | core/kernel/console.c | 56 | ||||
-rw-r--r-- | core/kernel/sub.mk | 1 | ||||
-rw-r--r-- | core/kernel/tee_ta_manager.c | 59 |
3 files changed, 116 insertions, 0 deletions
diff --git a/core/kernel/console.c b/core/kernel/console.c new file mode 100644 index 0000000..2fce361 --- /dev/null +++ b/core/kernel/console.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <console.h> +#include <compiler.h> +#include <drivers/serial.h> +#include <stdlib.h> + +static struct serial_chip *serial_console __early_bss; + +void __weak console_putc(int ch) +{ + if (!serial_console) + return; + + if (ch == '\n') + serial_console->ops->putc(serial_console, '\r'); + serial_console->ops->putc(serial_console, ch); +} + +void __weak console_flush(void) +{ + if (!serial_console) + return; + + serial_console->ops->flush(serial_console); +} + +void register_serial_console(struct serial_chip *chip) +{ + serial_console = chip; +} diff --git a/core/kernel/sub.mk b/core/kernel/sub.mk index aa00ae5..963e078 100644 --- a/core/kernel/sub.mk +++ b/core/kernel/sub.mk @@ -1,4 +1,5 @@ srcs-y += assert.c +srcs-y += console.c srcs-y += tee_ta_manager.c srcs-y += tee_misc.c srcs-y += panic.c diff --git a/core/kernel/tee_ta_manager.c b/core/kernel/tee_ta_manager.c index c0c4545..a3651e5 100644 --- a/core/kernel/tee_ta_manager.c +++ b/core/kernel/tee_ta_manager.c @@ -43,6 +43,7 @@ #include <kernel/user_ta.h> #include <mm/core_mmu.h> #include <mm/core_memprot.h> +#include <mm/mobj.h> #include <mm/tee_mmu.h> #include <tee/tee_svc_cryp.h> #include <tee/tee_obj.h> @@ -277,6 +278,58 @@ static TEE_Result check_client(struct tee_ta_session *s, const TEE_Identity *id) return TEE_SUCCESS; } +/* + * Check if invocation parameters matches TA properties + * + * @s - current session handle + * @param - already identified memory references hold a valid 'mobj'. + * + * Policy: + * - All TAs can access 'non-secure' shared memory. + * - All TAs can access TEE private memory (seccpy) + * - Only SDP flagged TAs can accept SDP memory references. + */ +#ifndef CFG_SECURE_DATA_PATH +static bool check_params(struct tee_ta_session *sess __unused, + struct tee_ta_param *param __unused) +{ + /* + * When CFG_SECURE_DATA_PATH is not enabled, SDP memory references + * are rejected at OP-TEE core entry. Hence here all TAs have same + * permissions regarding memory reference parameters. + */ + return true; +} +#else +static bool check_params(struct tee_ta_session *sess, + struct tee_ta_param *param) +{ + int n; + + /* + * When CFG_SECURE_DATA_PATH is enabled, OP-TEE entry allows SHM and + * SDP memory references. Only TAs flagged SDP can access SDP memory. + */ + if (sess->ctx->flags & TA_FLAG_SECURE_DATA_PATH) + return true; + + for (n = 0; n < TEE_NUM_PARAMS; n++) { + uint32_t param_type = TEE_PARAM_TYPE_GET(param->types, n); + struct param_mem *mem = ¶m->u[n].mem; + + if (param_type != TEE_PARAM_TYPE_MEMREF_INPUT && + param_type != TEE_PARAM_TYPE_MEMREF_OUTPUT && + param_type != TEE_PARAM_TYPE_MEMREF_INOUT) + continue; + if (!mem->size) + continue; + if (mobj_is_sdp_mem(mem->mobj)) + return false; + } + return true; +} +#endif + static void set_invoke_timeout(struct tee_ta_session *sess, uint32_t cancel_req_to) { @@ -481,6 +534,9 @@ TEE_Result tee_ta_open_session(TEE_ErrorOrigin *err, return res; } + if (!check_params(s, param)) + return TEE_ERROR_BAD_PARAMETERS; + ctx = s->ctx; if (ctx->panicked) { @@ -536,6 +592,9 @@ TEE_Result tee_ta_invoke_command(TEE_ErrorOrigin *err, if (check_client(sess, clnt_id) != TEE_SUCCESS) return TEE_ERROR_BAD_PARAMETERS; /* intentional generic error */ + if (!check_params(sess, param)) + return TEE_ERROR_BAD_PARAMETERS; + if (sess->ctx->panicked) { DMSG(" Panicked !"); *err = TEE_ORIGIN_TEE; |