From 31fcdd93f1ee13962e1b9ffdfa402e61e1ef0df8 Mon Sep 17 00:00:00 2001 From: Pascal Brand Date: Wed, 16 Dec 2015 14:34:21 +0100 Subject: [PATCH] Move inject_entropy_with_timestamp() inside mutex protected sections inject_entropy_with_timestamp() is used to change the entropy of the RNG each time we call tee_dispatch_open_session / tee_dispatch_close_session. This is performed outside of a session context, and outside mutex protection. inject_entropy_with_timestamp() calls RPC to get the REE time. When freing the shared memory in case of concurrent TA, we may have a race condition between optee_os and the supplicant when accessing / freeing the shared memory. This patch calls inject_entropy_with_timestamp() inside the mutex protected section, when calling tee_ta_init_session(). Signed-off-by: Pascal Brand --- core/arch/arm/kernel/tee_ta_manager.c | 18 +++++++++++++++--- core/kernel/tee_dispatch.c | 20 -------------------- 2 files changed, 15 insertions(+), 23 deletions(-) diff --git a/core/arch/arm/kernel/tee_ta_manager.c b/core/arch/arm/kernel/tee_ta_manager.c index f4f76e36bae..36e9ca09a6f 100644 --- a/core/arch/arm/kernel/tee_ta_manager.c +++ b/core/arch/arm/kernel/tee_ta_manager.c @@ -1101,6 +1101,14 @@ static TEE_Result check_client(struct tee_ta_session *s, const TEE_Identity *id) return TEE_SUCCESS; } +static void inject_entropy_with_timestamp(void) +{ + TEE_Time current; + + if (tee_time_get_sys_time(¤t) == TEE_SUCCESS) + tee_prng_add_entropy((uint8_t *)¤t, sizeof(current)); +} + /*----------------------------------------------------------------------------- * Close a Trusted Application and free available resources *---------------------------------------------------------------------------*/ @@ -1354,6 +1362,13 @@ static TEE_Result tee_ta_init_session(TEE_ErrorOrigin *err, */ tee_ta_rpc_free(handle); + /* + * The occurrence of open/close session command is usually + * un-predictable, using this property to increase randomness + * of prng + */ + inject_entropy_with_timestamp(); + out: if (res == TEE_SUCCESS) { *sess = s; @@ -1365,9 +1380,6 @@ static TEE_Result tee_ta_init_session(TEE_ErrorOrigin *err, return res; } - - - TEE_Result tee_ta_open_session(TEE_ErrorOrigin *err, struct tee_ta_session **sess, struct tee_ta_session_head *open_sessions, diff --git a/core/kernel/tee_dispatch.c b/core/kernel/tee_dispatch.c index 393b2dafd0b..7b2606805a0 100644 --- a/core/kernel/tee_dispatch.c +++ b/core/kernel/tee_dispatch.c @@ -24,14 +24,11 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ - #include - #include #include #include #include -#include #include /* Sessions opened from normal world */ @@ -81,14 +78,6 @@ static TEE_Result update_clnt_id(const TEE_Identity *in, TEE_Identity *out) return TEE_SUCCESS; } -static void inject_entropy_with_timestamp(void) -{ - TEE_Time current; - - if (tee_time_get_sys_time(¤t) == TEE_SUCCESS) - tee_prng_add_entropy((uint8_t *)¤t, sizeof(current)); -} - TEE_Result tee_dispatch_open_session(struct tee_dispatch_open_session_in *in, struct tee_dispatch_open_session_out *out) { @@ -116,13 +105,6 @@ TEE_Result tee_dispatch_open_session(struct tee_dispatch_open_session_in *in, memcpy(out->params, in->params, sizeof(in->params)); update_out_param(¶m, out->params); - /* - * The occurrence of open/close session command is usually - * un-predictable, using this property to increase randomness - * of prng - */ - inject_entropy_with_timestamp(); - cleanup_return: if (res != TEE_SUCCESS) DMSG(" => Error: %x of %d", (unsigned int)res, (int)res_orig); @@ -134,8 +116,6 @@ TEE_Result tee_dispatch_open_session(struct tee_dispatch_open_session_in *in, TEE_Result tee_dispatch_close_session(struct tee_close_session_in *in) { - inject_entropy_with_timestamp(); - return tee_ta_close_session((struct tee_ta_session *)in->sess, &tee_open_sessions, NSAPP_IDENTITY); }