Page MenuHomePhabricator

Fix iovec parameter handling when calling from NS->S when TFM_LVL==1
Closed, ResolvedPublic


When non-secure code makes a call to a secure function in case of TFM_LVL==1, the iovec parameters for the function are copied on the stack of the callee secure partition. If the secure function uses more stack (~300 bytes) the parameters can be overwritten, and writing the parameters can corrupt the stack.

The iovec parameters should be copied into the stack memory allocated for the partition, but before the actual stack.

Event Timeline

matetothpal triaged this task as High priority.Jan 15 2019, 2:10 PM
matetothpal created this task.
matetothpal closed this task as Resolved.Jan 16 2019, 12:57 PM

The change for this issue had been merged