commit 281065d6281776ffd804090f9ce35e9c60da25d1
author Etienne Carriere <etienne.carriere@linaro.org> Fri Oct 28 15:41:33 2016 +0200
committer Etienne Carriere <etienne.carriere@linaro.org> Fri Oct 28 15:41:33 2016 +0200
tree 407e15cc00dd3a0e886eceee078d28ef722ee3d9
parent ae3dcd7e79bb5aa9e01b5152916f2cfb45ae1caa

xtest: fix against new "TA private memory definition"

TA private memory definition has changed. Memory reference received
as parameters by an TA when invoked are never "private TA memory",
they are at least shared with the client(s) in some way.

As a side effect, when a TA invokes a TA relaying a memref parameter,
the invoked TA sees memory as ANY_OWNER: it is non secure shared memory.
When a TA invoke a TA with its private memory (stack, heap, code/data)
as memref parameter, the invoked TA sees ANY_OWNER memory, mapped secure,
inside TEE reserved memory (TA RAM).

Since this change, xtest 1006 is broken.
Rename PRIVATE_PARAMS into PARAM_ACCESS tests.
Run TEE_CheckMemoryAccessRights() on several areas of the memory space.
Fix TA that see memref parameters as ANY_OWNER only memory.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu, GP tests)

ta/os_test/os_test.c

diff --git a/ta/os_test/os_test.c b/ta/os_test/os_test.c
index 1a87320..56ddabe 100644
--- a/ta/os_test/os_test.c
+++ b/ta/os_test/os_test.c
@@ -409,23 +409,65 @@
 	TEE_Param l_params[4] = { { {0} } };
 	uint8_t buf[32];
 	TEE_TASessionHandle sess = TEE_HANDLE_NULL;
+	TEE_UUID *uuid;
 
 	if (param_types !=
 	    TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, 0, 0, 0))
 		return TEE_ERROR_GENERIC;
-	res =
-	    TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
-					TEE_MEMORY_ACCESS_ANY_OWNER,
-					params[0].memref.buffer,
-					params[0].memref.size);
+
+	/* test access rights on memref parameter */
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
+					  TEE_MEMORY_ACCESS_ANY_OWNER,
+					  params[0].memref.buffer,
+					  params[0].memref.size);
 	if (res != TEE_SUCCESS)
 		return res;
+
 	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ,
 					  params[0].memref.buffer,
 					  params[0].memref.size);
 	if (res != TEE_ERROR_ACCESS_DENIED)
 		return TEE_ERROR_GENERIC;
 
+	/* test access rights on private read-only and read-write memory */
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ,
+					  (void *)&test_uuid, sizeof(test_uuid));
+	if (res != TEE_SUCCESS)
+		return res;
+
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_WRITE,
+					  (void *)&test_uuid, sizeof(test_uuid));
+	if (res == TEE_SUCCESS)
+		return TEE_ERROR_GENERIC;
+
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
+					  TEE_MEMORY_ACCESS_WRITE,
+					  &ret_orig, sizeof(ret_orig));
+	if (res != TEE_SUCCESS)
+		return res;
+
+	uuid = TEE_Malloc(sizeof(*uuid), 0);
+	if (!uuid)
+		return TEE_ERROR_OUT_OF_MEMORY;
+
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
+					  TEE_MEMORY_ACCESS_WRITE,
+					  uuid, sizeof(*uuid));
+	TEE_Free(uuid);
+	if (res != TEE_SUCCESS)
+		return res;
+
+	/* test access rights on invalid memory (at least lower 256kB) */
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ,
+					  NULL, 1);
+	if (res == TEE_SUCCESS)
+		return TEE_ERROR_GENERIC;
+
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ,
+					  (void*)(256 * 1024), 1);
+	if (res == TEE_SUCCESS)
+		return TEE_ERROR_GENERIC;
+
 	res = TEE_OpenTASession(&test_uuid, 0, 0, NULL, &sess, &ret_orig);
 	if (res != TEE_SUCCESS) {
 		EMSG("test_mem_access_right: TEE_OpenTASession failed\n");
@@ -435,7 +477,7 @@
 	l_pts = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, 0, 0, 0);
 	l_params[0].memref.buffer = buf;
 	l_params[0].memref.size = sizeof(buf);
-	res = TEE_InvokeTACommand(sess, 0, TA_OS_TEST_CMD_PRIVATE_PARAMS,
+	res = TEE_InvokeTACommand(sess, 0, TA_OS_TEST_CMD_PARAMS_ACCESS,
 				  l_pts, l_params, &ret_orig);
 	if (res != TEE_SUCCESS) {
 		EMSG("test_mem_access_right: TEE_InvokeTACommand failed\n");
@@ -798,26 +840,28 @@
 	return res;
 }
 
-TEE_Result ta_entry_private_params(uint32_t param_types, TEE_Param params[4])
+TEE_Result ta_entry_params_access_rights(uint32_t param_types, TEE_Param params[4])
 {
 	TEE_Result res;
 
 	if (param_types !=
 	    TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, 0, 0, 0))
 		return TEE_ERROR_GENERIC;
-	res =
-	    TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
-					TEE_MEMORY_ACCESS_ANY_OWNER,
-					params[0].memref.buffer,
-					params[0].memref.size);
+
+	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ |
+					  TEE_MEMORY_ACCESS_ANY_OWNER,
+					  params[0].memref.buffer,
+					  params[0].memref.size);
 	if (res != TEE_SUCCESS)
 		return res;
 
 	res = TEE_CheckMemoryAccessRights(TEE_MEMORY_ACCESS_READ,
 					  params[0].memref.buffer,
 					  params[0].memref.size);
+	if (res != TEE_ERROR_ACCESS_DENIED)
+		return TEE_ERROR_GENERIC;
 
-	return res;
+	return TEE_SUCCESS;
 }
 
 TEE_Result ta_entry_wait(uint32_t param_types, TEE_Param params[4])