search

OP-TEE / optee_os

Trusted side of the TEE
Other
1.58k stars 1.07k forks source link

CFG_CORE_ASLR access address 0 #5733

Closed ZheTingLiu closed 1 year ago

ZheTingLiu commented 1 year ago

Hi,

When I enable CFG_CORE_ASLR in my platform. I encounter access address 0 then exception. I use version 3.18 and clang 12.0.0 For example, After run last ldr instruction("e121064"), it encounters exception. At this monment, register x8 is 0. After "e121054" is run, x8 will be set to 0. But address 0x0 is not belong to OPTEE memory region. Is it correct for x8 become "0" after running "ldr x8, [x8, # 1784]", then access address 0 in "e121064"

optee_os/core/mm/core_mmu.c:1338
e121028: ff 83 02 d1   sub     sp, sp, #160
e12102c: fd 7b 04 a9   stp     x29, x30, [sp, #64]
e121030: fc 6f 05 a9   stp     x28, x27, [sp, #80]
e121034: fa 67 06 a9   stp     x26, x25, [sp, #96]
e121038: f8 5f 07 a9   stp     x24, x23, [sp, #112]
e12103c: f6 57 08 a9   stp     x22, x21, [sp, #128]
e121040: f4 4f 09 a9   stp     x20, x19, [sp, #144]
e121044: fd 03 01 91   add     x29, sp, #64
e121048: e1 13 00 f9   str     x1, [sp, #32]
e12104c: a0 83 1e f8   stur    x0, [x29, #-24]
e121050: 08 03 00 d0   adrp    x8, 0xe183000 <core_init_mmu_map+0x1b0>
e121054: 08 7d 43 f9   ldr     x8, [x8, #1784]
optee_os/core/mm/core_mmu.c:1320
e121058: 16 03 00 d0   adrp    x22, 0xe183000 <core_init_mmu_map+0x1b8>
e12105c: 02 4b 80 52   mov     w2, #600
e121060: e1 03 1f 2a   mov     w1, wzr
e121064: 08 01 40 f9   ldr     x8, [x8]
jforissier commented 1 year ago

Hello @ZheTingLiu,

I can't say for sure but it looks like a relocation issue. Are you using tee.elf as the executable file for OP-TEE? tee.elf cannot be used with ASLR enabled, because ASLR implies runtime relocations, and relocation data are contained in a special meta-data area at the end of the binary. You need to use either tee.bin or the tee_*v2.bin files instead.

ZheTingLiu commented 1 year ago

Hi @jforissier

I use tee.bin. It looks like that the program doesn't run any ASLR related code. It fails at the beginning of core_init_mmu_map . It doesn't run relocate https://github.com/OP-TEE/optee_os/blob/2f18fc503e5aefbd62d209452cf698c525877486/core/arch/arm/kernel/entry_a64.S#L145-L286

Also, I have some modifications at link.mk. Is it a risk?

github-actions[bot] commented 1 year ago

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.