Closed Machiry closed 8 years ago
jenswi-linaro
commented
8 years ago Yes, you're right. Storing struct tee_shm in struct tee_context is the way to go. Storing the pid would probably not be that easy, what happens during fork for instance?
Machiry
commented
8 years ago I agree. Storing pid is unnecessarily cumbersome.
jenswi-linaro
commented
8 years ago Please have a look at #17
Shared memory ids are stored in struct tee_device, which is common to all clients connected to tee driver. A potentially malicious user space client can hijack shared memory allocated to another user space client by spoofing id.
Although, ids are created using idr_alloc, it is better to either store pid's in struct tee_shm (so that we can verify when referred) or store struct tee_shm in struct tee_context for every user space client (while searching for ids we use the tee_shm from tee_context, this way there is no need to do additional pid checking).