Looking at the TEE_Param definition:
typedef union {
struct {
void *buffer;
uint32_t size;
} memref;
struct {
uint32_t a;
uint32_t b;
} value;
} TEE_Param;
there seems to be an implicit assumption of 32-bit pointers. There
are two things going on here:
- The 'memref' struct is larger than the 'value' structure, since
the 'void *' is 8-bytes long on a 64-bit target.
- The 'size' field is a uint32_t, which causes a pointer mismatch
with a lot of API calls that are looking for a size_t.
The first is only an issue if either we are expecting this param to be
a specific size, or we expect some kind of correlation between
'buffer' and 'a', and 'size' and 'b'.
The second means that instead of being able to use
¶m[n].memref.size, it is necessary to do something like:
uint32_t local_size;
...
local_size = param[n].memref.size;
result = call(..., &local_size, ...);
param[n].memref.size = local_size;
in addition to security concerns with overflow on the size fields.
My question then, how do we want to handle this? Assuming we want to
make the TEE 64-bit compatible, what is the right answer? As well,
what do relevant standards/specs say about this type (the file right
above this definition says based on "GP TEE Internal API Specification
Version 0.11", which I have not seen).
Thanks,
David
