From d2d982aa66eaf6d29cf096530c837ea3bf705cbb Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Tue, 25 Jul 2017 10:16:21 +0200 Subject: [PATCH] ssflib: Fixes to Transient Object (de)allocation TO allocation and deallocation was done incorrectly. Functions TEE_AllocateTransientObject and TEE_FreeTransientObject were rewritten to work correctly. Change-Id: I717dd8e2922a5d209df61953a3c1f7c6201be870 --- TEECLib/src/teec_api.c | 2 +- ssflib/src/ssf_client.cpp | 2 +- ssflib/src/ssf_storage.cpp | 32 +++++++++++++++++++------------- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index 7a81e34..6b34a40 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -79,7 +79,7 @@ static int32_t initShm(char* path) { int fd; struct stat attr; snprintf(path, 20, "/tmp/shm%d", pathId); - + pthread_rwlock_wrlock(&file_create_lock); if (stat(path, &attr) == -1) { fd = creat(path, S_IRWXU); diff --git a/ssflib/src/ssf_client.cpp b/ssflib/src/ssf_client.cpp index b76f0c8..eb8a1f9 100644 --- a/ssflib/src/ssf_client.cpp +++ b/ssflib/src/ssf_client.cpp @@ -53,7 +53,7 @@ int32_t connecttoServer(void) { return -1; } daemonsock.sun_family = AF_UNIX; - + sock_path_len = strlen(SOCKPATH); strncpy(daemonsock.sun_path, SOCKPATH, sock_path_len+1); diff --git a/ssflib/src/ssf_storage.cpp b/ssflib/src/ssf_storage.cpp index dbb54a3..78c8ba0 100644 --- a/ssflib/src/ssf_storage.cpp +++ b/ssflib/src/ssf_storage.cpp @@ -34,7 +34,7 @@ #define PO_INTERNAL_MODULE_NAME "po_file" #define PO_STAT_INTERNAL_MODULE_NAME "po_stat" #define PI_FILE_NAME "pi_file" -#define UUID_FILE "/usr/apps/tee/TA-UUID.list" +#define UUID_FILE "/usr/lib/tastore/uuidlist.uuid" TEE_UUID ssf_sharedthisTAUUID; static TEE_UUID this_uuid; @@ -153,8 +153,10 @@ void printhex(unsigned char* buf, unsigned int size) { //////////////////////////////////////////////////////////////////////////////////// TEE_Result copy_attribute(TEE_Attribute* dest, TEE_Attribute* src) { if (!dest || !src) { + TZ_ERROR("Invalid pointers to attributes to copy\n"); return TEE_ERROR_BAD_PARAMETERS; } + dest->attributeID = src->attributeID; if (src->attributeID & TEE_ATTR_FLAG_VALUE) { dest->content.value.a = src->content.value.a; @@ -169,6 +171,7 @@ TEE_Result copy_attribute(TEE_Attribute* dest, TEE_Attribute* src) { dest->content.ref.buffer = buffer; dest->content.ref.length = src->content.ref.length; } + return TEE_SUCCESS; } @@ -188,7 +191,8 @@ TEE_Result allocate_transient_object(TransientObject* tr, uint32_t objectType, uint32_t maxObjectSize) { tr->attr.attr_number = 0; -/* switch (objectType) { + // TODO below switch requires finishing and verification + switch (objectType) { case TEE_TYPE_AES: if (maxObjectSize != 128 && maxObjectSize != 192 && maxObjectSize != 256) { @@ -262,7 +266,7 @@ TEE_Result allocate_transient_object(TransientObject* tr, uint32_t objectType, default: return TEE_ERROR_NOT_SUPPORTED; } -*/ + // Object info tr->info.objectType = objectType; tr->info.objectSize = 0; @@ -1469,19 +1473,19 @@ TEE_Result TEE_AllocateTransientObject(uint32_t objectType, PERMISSION_CHECK(PERM_STORAGE); TEE_Result rc; - - TransientObject * tr = (TransientObject*)OsaMalloc(sizeof(TransientObject)); - if (!tr) { - OsaFree(tr); + TEE_ObjectHandle obj = (TEE_ObjectHandle)OsaMalloc(sizeof(struct __TEE_ObjectHandle)); + if (!obj) { return TEE_ERROR_OUT_OF_MEMORY; } - memset(tr, 0, sizeof(TransientObject)); - rc = allocate_transient_object(tr, objectType, maxObjectSize); + + memset(obj, 0, sizeof(struct __TEE_ObjectHandle)); + rc = allocate_transient_object(&obj->tr, objectType, maxObjectSize); if (rc != TEE_SUCCESS) { - OsaFree(tr); + OsaFree(obj); return rc; } - *object = (TEE_ObjectHandle)&tr->info; + + *object = obj; return TEE_SUCCESS; } @@ -1498,7 +1502,7 @@ void TEE_FreeTransientObject(TEE_ObjectHandle object) { free_attribute(&attrs[i]); } memset(&tr->attr, 0, sizeof(tr->attr)); - OsaFree(tr); + OsaFree(object); } void TEE_ResetTransientObject(TEE_ObjectHandle object) { @@ -1533,9 +1537,9 @@ TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__); TEE_Panic(0); } + TEE_Attribute* curr_attr = &tr->attr.attr_array[tr->attr.attr_number]; for (i = 0; i < attrCount; i++) { - if (attrs[i].content.ref.length > tr->info.maxObjectSize) { TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__); TEE_Panic(0); @@ -1603,6 +1607,7 @@ TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, return TEE_ERROR_BAD_PARAMETERS; } tr->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; + return TEE_SUCCESS; } @@ -1824,6 +1829,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, } break; } + return TEE_SUCCESS; } -- 2.7.4