From 63786dc212cdbd692df3e47b6429a8280554374c Mon Sep 17 00:00:00 2001 From: Vincent Mailhol Date: Thu, 16 Nov 2023 20:20:54 +0900 Subject: [PATCH] regression 1016: add a subtest for non-NULL memref of size 0 Add a subtest to assert that the implementation allows to forward non-NULL memref from a TA to another TA. Regression 1016 already contains tests related to forwarding memref between TAs. Thus extend this existing test with the subtest described above instead of writing a new one. The Global Platform specification allows this, however, at the time of writing, optee-os will panic. A fix is proposed at [1]. [1] core: tee_svc.c: allow to pass non-NULL memref of size 0 Link: https://github.com/OP-TEE/optee_os/pull/6405 Signed-off-by: Vincent Mailhol Reviewed-by: Etienne Carriere --- host/xtest/regression_1000.c | 19 +++++++++++++++ ta/os_test/include/os_test.h | 2 ++ ta/os_test/include/ta_os_test.h | 1 + ta/os_test/os_test.c | 42 +++++++++++++++++++++++++++++++++ ta/os_test/ta_entry.c | 3 +++ 5 files changed, 67 insertions(+) diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c index 54aaa7a23..f123c9050 100644 --- a/host/xtest/regression_1000.c +++ b/host/xtest/regression_1000.c @@ -1377,6 +1377,7 @@ static void xtest_tee_test_1016(ADBG_Case_t *c) TEEC_Session session = { }; TEEC_Operation op = TEEC_OPERATION_INITIALIZER; uint32_t ret_orig = 0; + int dummy = 0; if (!ADBG_EXPECT_TEEC_SUCCESS(c, xtest_teec_open_session(&session, &os_test_ta_uuid, NULL, @@ -1390,6 +1391,24 @@ static void xtest_tee_test_1016(ADBG_Case_t *c) TEEC_InvokeCommand(&session, TA_OS_TEST_CMD_TA2TA_MEMREF, &op, &ret_orig)); + op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, + TEEC_MEMREF_TEMP_INOUT, + TEEC_MEMREF_TEMP_OUTPUT, + TEEC_NONE); + + op.params[0].tmpref.buffer = &dummy; + op.params[0].tmpref.size = 0; + + op.params[1].tmpref.buffer = &dummy; + op.params[1].tmpref.size = 0; + + op.params[2].tmpref.buffer = &dummy; + op.params[2].tmpref.size = 0; + + (void)ADBG_EXPECT_TEEC_SUCCESS(c, + TEEC_InvokeCommand(&session, TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0, + &op, &ret_orig)); + TEEC_CloseSession(&session); } ADBG_CASE_DEFINE(regression, 1016, xtest_tee_test_1016, diff --git a/ta/os_test/include/os_test.h b/ta/os_test/include/os_test.h index a3defc87a..62c237852 100644 --- a/ta/os_test/include/os_test.h +++ b/ta/os_test/include/os_test.h @@ -20,6 +20,8 @@ TEE_Result ta_entry_bad_mem_access(uint32_t param_types, TEE_Param params[4]); TEE_Result ta_entry_ta2ta_memref(uint32_t param_types, TEE_Param params[4]); TEE_Result ta_entry_ta2ta_memref_mix(uint32_t param_types, TEE_Param params[4]); +TEE_Result ta_entry_ta2ta_memref_size0(uint32_t param_types, + TEE_Param params[4]); TEE_Result ta_entry_params(uint32_t param_types, TEE_Param params[4]); TEE_Result ta_entry_null_memref(uint32_t param_types, TEE_Param params[4]); TEE_Result ta_entry_call_lib(uint32_t param_types, TEE_Param params[4]); diff --git a/ta/os_test/include/ta_os_test.h b/ta/os_test/include/ta_os_test.h index 95edcd9f4..93785e2d9 100644 --- a/ta/os_test/include/ta_os_test.h +++ b/ta/os_test/include/ta_os_test.h @@ -46,5 +46,6 @@ #define TA_OS_TEST_CMD_MEMTAG_INVALID_TAG 34 #define TA_OS_TEST_CMD_MEMTAG_DOUBLE_FREE 35 #define TA_OS_TEST_CMD_MEMTAG_BUFFER_OVERRUN 36 +#define TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0 37 #endif /*TA_OS_TEST_H */ diff --git a/ta/os_test/os_test.c b/ta/os_test/os_test.c index b16bcafd9..e8b549458 100644 --- a/ta/os_test/os_test.c +++ b/ta/os_test/os_test.c @@ -1171,6 +1171,48 @@ TEE_Result ta_entry_ta2ta_memref(uint32_t param_types, TEE_Param params[4]) } #undef TA2TA_BUF_SIZE +TEE_Result ta_entry_ta2ta_memref_size0(uint32_t param_types, TEE_Param params[4]) +{ + static const TEE_UUID test_uuid = TA_OS_TEST_UUID; + TEE_TASessionHandle sess = TEE_HANDLE_NULL; + uint32_t ret_orig = 0; + TEE_Result res = TEE_ERROR_GENERIC; + + if (param_types != TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_MEMREF_INOUT, + TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_NONE)) + return TEE_ERROR_BAD_PARAMETERS; + + /* + * This test expects all memory references to be non-NULL but + * all sizes to be zero. + */ + if (!params[0].memref.buffer || params[0].memref.size || + !params[1].memref.buffer || params[1].memref.size || + !params[2].memref.buffer || params[2].memref.size) + return TEE_ERROR_BAD_PARAMETERS; + + res = TEE_OpenTASession(&test_uuid, TEE_TIMEOUT_INFINITE, 0, NULL, + &sess, &ret_orig); + if (res != TEE_SUCCESS) { + EMSG("TEE_OpenTASession failed"); + return res; + } + + /* + * TA basically does nothing. The actual test just consists + * into validating that passing non-NULL memref of size zero + * does not panic. + */ + res = TEE_InvokeTACommand(sess, TEE_TIMEOUT_INFINITE, + TA_OS_TEST_CMD_TA2TA_MEMREF_MIX, + param_types, params, &ret_orig); + + TEE_CloseTASession(sess); + return res; +} + TEE_Result ta_entry_ta2ta_memref_mix(uint32_t param_types, TEE_Param params[4]) { uint8_t *in = NULL; diff --git a/ta/os_test/ta_entry.c b/ta/os_test/ta_entry.c index 092b3570f..aaccf0ffa 100644 --- a/ta/os_test/ta_entry.c +++ b/ta/os_test/ta_entry.c @@ -92,6 +92,9 @@ TEE_Result TA_InvokeCommandEntryPoint(void *pSessionContext, case TA_OS_TEST_CMD_TA2TA_MEMREF: return ta_entry_ta2ta_memref(nParamTypes, pParams); + case TA_OS_TEST_CMD_TA2TA_MEMREF_SIZE0: + return ta_entry_ta2ta_memref_size0(nParamTypes, pParams); + case TA_OS_TEST_CMD_TA2TA_MEMREF_MIX: return ta_entry_ta2ta_memref_mix(nParamTypes, pParams);