Skip to content

Commit

Permalink
regression 1016: add a subtest for non-NULL memref of size 0
Browse files Browse the repository at this point in the history
Add a subtest to assert that the implementation allows to forward
non-NULL memref from a TA to another TA.

Regression 1016 already contains tests related to forwarding memref
between TAs. Thus extend this existing test with the subtest described
above instead of writing a new one.

The Global Platform specification allows this, however, at the time of
writing, optee-os will panic. A fix is proposed at [1].

[1] core: tee_svc.c: allow to pass non-NULL memref of size 0
Link: OP-TEE/optee_os#6405

Signed-off-by: Vincent Mailhol <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Reviewed-by: Jens Wiklander <[email protected]>
  • Loading branch information
vincent-mailhol committed Nov 20, 2023
1 parent a704d90 commit 3aea377
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 0 deletions.
19 changes: 19 additions & 0 deletions host/xtest/regression_1000.c
Original file line number Diff line number Diff line change
Expand Up @@ -1377,6 +1377,7 @@ static void xtest_tee_test_1016(ADBG_Case_t *c)
TEEC_Session session = { };
TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
uint32_t ret_orig = 0;
int dummy = 0;

if (!ADBG_EXPECT_TEEC_SUCCESS(c,
xtest_teec_open_session(&session, &os_test_ta_uuid, NULL,
Expand All @@ -1390,6 +1391,24 @@ static void xtest_tee_test_1016(ADBG_Case_t *c)
TEEC_InvokeCommand(&session, TA_OS_TEST_CMD_TA2TA_MEMREF, &op,
&ret_orig));

op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
TEEC_MEMREF_TEMP_INOUT,
TEEC_MEMREF_TEMP_OUTPUT,
TEEC_NONE);

op.params[0].tmpref.buffer = &dummy;
op.params[0].tmpref.size = 0;

op.params[1].tmpref.buffer = &dummy;
op.params[1].tmpref.size = 0;

op.params[2].tmpref.buffer = &dummy;
op.params[2].tmpref.size = 0;

(void)ADBG_EXPECT_TEEC_SUCCESS(c,
TEEC_InvokeCommand(&session, TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0,
&op, &ret_orig));

TEEC_CloseSession(&session);
}
ADBG_CASE_DEFINE(regression, 1016, xtest_tee_test_1016,
Expand Down
2 changes: 2 additions & 0 deletions ta/os_test/include/os_test.h
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ TEE_Result ta_entry_bad_mem_access(uint32_t param_types, TEE_Param params[4]);
TEE_Result ta_entry_ta2ta_memref(uint32_t param_types, TEE_Param params[4]);
TEE_Result ta_entry_ta2ta_memref_mix(uint32_t param_types,
TEE_Param params[4]);
TEE_Result ta_entry_ta2ta_memref_size0(uint32_t param_types,
TEE_Param params[4]);
TEE_Result ta_entry_params(uint32_t param_types, TEE_Param params[4]);
TEE_Result ta_entry_null_memref(uint32_t param_types, TEE_Param params[4]);
TEE_Result ta_entry_call_lib(uint32_t param_types, TEE_Param params[4]);
Expand Down
1 change: 1 addition & 0 deletions ta/os_test/include/ta_os_test.h
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,6 @@
#define TA_OS_TEST_CMD_MEMTAG_INVALID_TAG 34
#define TA_OS_TEST_CMD_MEMTAG_DOUBLE_FREE 35
#define TA_OS_TEST_CMD_MEMTAG_BUFFER_OVERRUN 36
#define TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0 37

#endif /*TA_OS_TEST_H */
42 changes: 42 additions & 0 deletions ta/os_test/os_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -1171,6 +1171,48 @@ TEE_Result ta_entry_ta2ta_memref(uint32_t param_types, TEE_Param params[4])
}
#undef TA2TA_BUF_SIZE

TEE_Result ta_entry_ta2ta_memref_size0(uint32_t param_types, TEE_Param params[4])
{
static const TEE_UUID test_uuid = TA_OS_TEST_UUID;
TEE_TASessionHandle sess = TEE_HANDLE_NULL;
uint32_t ret_orig = 0;
TEE_Result res = TEE_ERROR_GENERIC;

if (param_types != TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
TEE_PARAM_TYPE_MEMREF_INOUT,
TEE_PARAM_TYPE_MEMREF_OUTPUT,
TEE_PARAM_TYPE_NONE))
return TEE_ERROR_BAD_PARAMETERS;

/*
* This test expects all memory references to be non-NULL but
* all sizes to be zero.
*/
if (!params[0].memref.buffer || params[0].memref.size ||
!params[1].memref.buffer || params[1].memref.size ||
!params[2].memref.buffer || params[2].memref.size)
return TEE_ERROR_BAD_PARAMETERS;

res = TEE_OpenTASession(&test_uuid, TEE_TIMEOUT_INFINITE, 0, NULL,
&sess, &ret_orig);
if (res != TEE_SUCCESS) {
EMSG("TEE_OpenTASession failed");
return res;
}

/*
* TA basically does nothing. The actual test just consists
* into validating that passing non-NULL memref of size zero
* does not panic.
*/
res = TEE_InvokeTACommand(sess, TEE_TIMEOUT_INFINITE,
TA_OS_TEST_CMD_TA2TA_MEMREF_MIX,
param_types, params, &ret_orig);

TEE_CloseTASession(sess);
return res;
}

TEE_Result ta_entry_ta2ta_memref_mix(uint32_t param_types, TEE_Param params[4])
{
uint8_t *in = NULL;
Expand Down
3 changes: 3 additions & 0 deletions ta/os_test/ta_entry.c
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ TEE_Result TA_InvokeCommandEntryPoint(void *pSessionContext,
case TA_OS_TEST_CMD_TA2TA_MEMREF:
return ta_entry_ta2ta_memref(nParamTypes, pParams);

case TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0:
return ta_entry_ta2ta_memref_size0(nParamTypes, pParams);

case TA_OS_TEST_CMD_TA2TA_MEMREF_MIX:
return ta_entry_ta2ta_memref_mix(nParamTypes, pParams);

Expand Down

0 comments on commit 3aea377

Please sign in to comment.