Fix iovec parameter handling when calling from NS->S when TFM_LVL==1
Closed, ResolvedPublic

Description

When non-secure code makes a call to a secure function in case of TFM_LVL==1, the iovec parameters for the function are copied on the stack of the callee secure partition. If the secure function uses more stack (~300 bytes) the parameters can be overwritten, and writing the parameters can corrupt the stack.

Fix:
The iovec parameters should be copied into the stack memory allocated for the partition, but before the actual stack.

matetothpal triaged this task as High priority.
matetothpal closed this task as Resolved.Jan 16 2019, 12:57 PM

The change for this issue had been merged