Thanks Jens!
I've briefly looked through tee_mm_alloc() and it does apply some shift which is 20 bit in case of TA DDR pool. So, there is no security concerns here. Only DDR size is a bit of an issue.
Thanks again, Sergey
-----Original Message----- From: Jens Wiklander [mailto:jens.wiklander@linaro.org] Sent: August-18-15 1:40 AM To: Blotsky, Sergey Cc: tee-dev@lists.linaro.org Subject: Re: [Tee-dev] Need help understanding high level design of OP-TEE Secure OS
Hi,
On Mon, Aug 17, 2015 at 02:26:36PM +0000, Blotsky, Sergey wrote:
Hi Jens,
Thanks for your response, it does help to clarify our understanding of OP-TEE.
As for the stack/heap allocation, I was referring to the following code in tee_ta_load_user_ta() function from tee_ta_manager.c:
>
/* * Allocate heap and stack */ ctx->mm_heap_stack = tee_mm_alloc(&tee_mm_sec_ddr, *heap_size + ctx->stack_size); if (!ctx->mm_heap_stack) { EMSG("Failed to allocate %zu bytes\n", *heap_size + ctx->stack_size); EMSG(" of memory for user heap and stack\n"); return TEE_ERROR_OUT_OF_MEMORY; }
>
Is this allocating TA stack/heap? It seems to me that stack/heap is allocated from tee_mm_sec_ddr buffer defined in tee_mm_unpg.c:
>
/* Physical Secure DDR pool */ tee_mm_pool_t tee_mm_sec_ddr __data; /* XXX __data is a workaround */
>
To me this looks like all stacks are allocated from the same buffer. Perhaps I'm just looking at wrong place, or this is not the actual TA stack being allocated here... It seems I'm just missing something here. Can you please help clarify this?
OK, the memory is allocated from the same buffer but it's only what's allocated for a particular TA that is mapped in the VA space for that TA. Even if we only ask for a few kB with tee_mm_alloc(), the function will reserve the smallest mappable unit (currently 1 or 2 meg).
Regards, Jens