TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_client / 492410dcb78f07677524e1d932c86260180ea72c
commit492410dcb78f07677524e1d932c86260180ea72c[log] [tgz]
authorJerome Forissier <jerome.forissier@linaro.org>Wed Aug 10 19:06:00 2022 +0200
committerJérôme Forissier <jerome@forissier.org>Thu Aug 18 12:58:11 2022 +0200
treefebbbd78e9e6ff5ae35d3a3309596c1799f2f667
parentd59ed2d3a9635791f72f7fdc3f59ba1b8b5c960f [diff]
tee-supplicant: -d: return after TEE device is opened

This commit addresses a race condition when a kernel module using OP-TEE
is loaded immediately after tee-supplicant is started. To understand the
problem, consider that with a shell background task there is no guarantee
that the service is available to the kernel when the command returns.
So the following:

  tee-supplicant &
  modprobe <some_module>

...may fail when <some_module> invokes the kernel TEE client API (note
that kernel users do NOT wait for the supplicant to be available [1],
contrary to user space clients [1]).

This scenario was addressed by commit 66cdd5db37db ("tee-supplicant: add
daemon mode (-d)"), although the commit description did not explicitly
mention it. With '-d ' the supplicant command would open the device
before returning. Unfortunately, this was inadvertently broken by commit
523d50bdede6 ("tee-supplicant: daemonize before opening a supplicant
device").

Restore the previous behavior while still keeping the open() call in the
child process, by introducing some synchronization between the parent
and the child. A pipe is created and the parent issues a blocking read.
After successfully opening the device the child writes data to the pipe,
thus releasing the parent. If the child crashes or exits before writing
the parent is released with 0 bytes read and exits with an error status.

The daemon() call is replaced by make_daemon() which is an open-coded
version of the daemon() funcion as described in the Linux man page,
modified to deal with the IPC.

Link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tee/tee_core.c?h=v5.19#n1128
Link: [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tee/tee_core.c?h=v5.19#n117
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
1 file changed
tree: febbbd78e9e6ff5ae35d3a3309596c1799f2f667
  1. .github/
  2. libckteec/
  3. libseteec/
  4. libteec/
  5. public/
  6. scripts/
  7. tee-supplicant/
  8. .gitattributes
  9. .gitignore
  10. .travis.yml
  11. Android.mk
  12. android_flags.mk
  13. CMakeLists.txt
  14. CMakeToolchain.txt
  15. config.mk
  16. flags.mk
  17. LICENSE
  18. Makefile
  19. README.md
  20. typedefs.checkpatch
README.md

OP-TEE Client API

This git contains source code for the non-secure side implementation of the OP-TEE project making up the client library and tee-supplicant.

All official OP-TEE documentation has moved to http://optee.readthedocs.io. The information that used to be here in this git can be found under optee_client.

// OP-TEE core maintainers