/** * tee_ta_verify_param() - check that the 4 "params" match security */ TEE_Result tee_ta_verify_param(struct tee_ta_session *sess, struct tee_ta_param *param) { tee_paddr_t p; size_t l; int n; for (n = 0; n < TEE_NUM_PARAMS; n++) { switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_OUTPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: case TEE_PARAM_TYPE_MEMREF_INPUT: if (param->param_attr[n] & TEE_MATTR_VIRTUAL) { p = virt_to_phys( param->params[n].memref.buffer); if (!p) return TEE_ERROR_SECURITY; } else { p = (tee_paddr_t)param->params[n].memref.buffer; } l = param->params[n].memref.size; if (core_pbuf_is(CORE_MEM_NSEC_SHM, p, l)) break; if ((sess->ctx->flags & TA_FLAG_UNSAFE_NW_PARAMS) && core_pbuf_is(CORE_MEM_MULTPURPOSE, p, l)) break; if ((sess->clnt_id.login == TEE_LOGIN_TRUSTED_APP) && core_pbuf_is(CORE_MEM_TA_RAM, p, l)) break; return TEE_ERROR_SECURITY; default: break; } } return TEE_SUCCESS; }
/* test attributes of target virtual buffer (in core mapping) */ bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) { uint32_t p; /* Empty buffers complies with anything */ if (len == 0) return true; if (core_va2pa((void *)vbuf, &p)) return false; return core_pbuf_is(attr, (tee_paddr_t)p, len); }
/* test attributes of target virtual buffer (in core mapping) */ bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) { paddr_t p; /* Empty buffers complies with anything */ if (len == 0) return true; p = virt_to_phys((void *)vbuf); if (!p) return false; return core_pbuf_is(attr, p, len); }
TEE_Result tee_set_l2cc_mutex(paddr_t *mutex) { uint32_t addr; void *va; if (l2cc_mutex_va != NULL) return TEE_ERROR_BAD_PARAMETERS; addr = *mutex; if (core_pbuf_is(CORE_MEM_NSEC_SHM, addr, MUTEX_SZ) == false) return TEE_ERROR_BAD_PARAMETERS; va = phys_to_virt(addr, MEM_AREA_NSEC_SHM); if (!va) return TEE_ERROR_BAD_PARAMETERS; l2cc_mutex_pa = addr; l2cc_mutex_va = va; return TEE_SUCCESS; }