Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TEE_ResetPersistentObjectEnumerator() crashed TA #1417

Closed
invhchan opened this issue Mar 15, 2017 · 3 comments
Closed

TEE_ResetPersistentObjectEnumerator() crashed TA #1417

invhchan opened this issue Mar 15, 2017 · 3 comments

Comments

@invhchan
Copy link

Hi,

With linaro version 16.06, TA is crashed when TEE_ResetPersistentObjectEnumerator() is called, is it a known issue?

Thanks,
Humane
@jforissier
Copy link
Contributor

Hi @invhchan,

No it's not. Can you try with the latest optee_os? Otherwise please give us some more details, and if possible, a test case to reproduce the issue.

@invhchan
Copy link
Author

Hi,

Using the hello world example:
https://github.com/linaro-swg/hello_world

Calling get_enumerator() at the entry point of TA would cause the crash:
TEE_Result TA_EXPORT TA_OpenSessionEntryPoint(uint32_t paramTypes,
TEE_Param params[4],
void **sessionContext)
{
TEE_ObjectEnumHandle enumerator;
UNUSED_PARAMETER(paramTypes);
UNUSED_PARAMETER(params);

enumerator = get_enumerator();
return TEE_SUCCESS;

}

#define DEFAULT_STORAGE_ID TEE_STORAGE_PRIVATE
static TEE_ObjectEnumHandle get_enumerator(void){

TEE_Result ret;
TEE_ObjectEnumHandle enumerator;

ret = TEE_AllocatePersistentObjectEnumerator(&enumerator);

if(ret != TEE_SUCCESS){
    DBG_PRINTF( "PB_TA TS TEE_AllocatePersistentObjectEnumerator failed %s\n",
                r2s(ret));
    return NULL;
}
TEE_ResetPersistentObjectEnumerator(enumerator);

ret = TEE_StartPersistentObjectEnumerator(enumerator, DEFAULT_STORAGE_ID);

if (ret != TEE_SUCCESS){
    DBG_PRINTF( "PB_TA TS TEE_StartPersistentObjectEnumerator failed %s\n",
                r2s(ret));
    TEE_FreePersistentObjectEnumerator(enumerator);
    return NULL;
}

return enumerator;

}

Error log:
MERROR: TEE-CORE: ERROR: USER-TA: TA Entry get_enumerator
^MFLOW: [0x0] TEE-CORE:trace_syscall:143: syscall #45 (syscall_storage_alloc_enum)
^MFLOW: [0x0] TEE-CORE:trace_syscall:143: syscall #47 (syscall_storage_reset_enum)
^MERROR: TEE-CORE:
^MERROR: TEE-CORE: core data-abort at address 0x50 (translation fault)
^MERROR: TEE-CORE: esr 0x96000005 ttbr0 0x10000ff092c20 ttbr1 0x00000000 cidr 0x0
^MERROR: TEE-CORE: cpu #5 cpsr 0x60000004
^MERROR: TEE-CORE: x0 0000000000000000 x1 00000000ff07b660
^MERROR: TEE-CORE: x2 000000004001464a x3 000000000007b660
^MERROR: TEE-CORE: x4 00000000ff03b198 x5 00000000400a7940
^MERROR: TEE-CORE: x6 0000000000000000 x7 0000000000000020
^MERROR: TEE-CORE: x8 000000004028fa44 x9 00000000ff090700
^MERROR: TEE-CORE: x10 00000000ff07b7e0 x11 00000000ff07b6e0
^MERROR: TEE-CORE: x12 00000000ffff9eec x13 0000000040014718
^MERROR: TEE-CORE: x14 0000000040085231 x15 0000000000000000
^MERROR: TEE-CORE: x16 00000000ff016488 x17 0000000000000000
^MERROR: TEE-CORE: x18 0000000000000000 x19 00000000ff07b660
^MERROR: TEE-CORE: x20 000000000007b660 x21 0000000000000000
^MERROR: TEE-CORE: x22 00000000000005d0 x23 00000000ff090934
^MERROR: TEE-CORE: x24 0000000000000000 x25 0000000000000000
^MERROR: TEE-CORE: x26 0000000000000000 x27 00000000ff07bb50
^MERROR: TEE-CORE: x28 00000000ff090938 x29 00000000ff090680
^MERROR: TEE-CORE: x30 00000000ff0164b0 elr 00000000ff0164d0
^MERROR: TEE-CORE: sp_el0 00000000ff090680
^MERROR: TEE-CORE: Unexpected page fault! Trap CPU
^MERROR: TEE-CORE: PANIC: tee_pager_handle_fault core/arch/arm/include/mm/tee_pager.h:133

@jforissier
Copy link
Contributor

Hi @invhchan,

Thanks for providing some test code, I can reproduce the crash. I'll look into it.

jforissier added a commit to jforissier/optee_os that referenced this issue Mar 21, 2017
@jforissier
core: syscall_storage_reset_enum() must check e->fops before using it
2312bf2 
An object enumerator that has just been allocated or reset has its fops
field set to NULL. So, syscall_storage_reset_enum() must take care of
this.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: OP-TEE#1417
@jforissier jforissier mentioned this issue Mar 21, 2017
Merged
jforissier added a commit to jforissier/optee_os that referenced this issue Mar 21, 2017
@jforissier
core: syscall_storage_reset_enum() must check e->fops before using it
28ad73f 
An object enumerator that has just been allocated or reset has its fops
field set to NULL. So, syscall_storage_reset_enum() must take care of
this.

Fixes: OP-TEE#1417
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
takuya-sakata pushed a commit to renesas-rcar/optee_os that referenced this issue Dec 22, 2017
@jforissier @takuya-sakata
core: syscall_storage_reset_enum() must check e->fops before using it
2c4b299 
An object enumerator that has just been allocated or reset has its fops
field set to NULL. So, syscall_storage_reset_enum() must take care of
this.

Fixes: OP-TEE/optee_os#1417
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jforissier @invhchan