Skip to content
Snippets Groups Projects
Commit 9c9091a2 authored by Biswajit Paul's avatar Biswajit Paul Committed by Richard Chang
Browse files

qseecom: support whitelist memory for qseecom_send_modfd_cmd 


qseecom_send_modfd_cmd converts ION buffer's virtual address to
scatter gather(SG) list and then sends them to TA by populating
SG list into message buffer. As the physical memory address in
SG list is used directly by TA, this allows a malicious TA to
access/corrupt arbitrary physical memory and may lead to the
process gaining kernel/root privileges. Thus, make changes to
have the QSEEComm driver passing a list of whitelist buffers
that is allowed to be mapped by TA, and the QSEE kernel, in turn,
should add checks to the register_shared_buffer syscall to make
sure the shared buffers an application is mapping falls within
one of these whitelist buffers.

Bug: 31268796
CRs-fixed: 1021945
Change-Id: I776ead0030cad167afcf41ab985db7151a42d126
Signed-off-by: default avatarZhen Kong <zkong@codeaurora.org>
Signed-off-by: default avatarBiswajit Paul <biswajitpaul@codeaurora.org>
parent 5ef89e83
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment