DemesneGH commented on issue #273: URL: https://github.com/apache/teaclave-trustzone-sdk/issues/273#issuecomment-3838850782
> I would think that the _only_ safe mechanism here is to copy the buffer into the TA's stack or heap, so maybe the API should be reworked to expose a volatile pointer with a safe function to copy it into a slice? For the "copy into slice": Due to the memory limitations of TAs, always copying the memory doesn't make much sense. Maybe the user can choose to copy it the first time they get a slice? Or we can provide a wrapper function in the SDK to return a copied slice. For the "volatile pointer": I agree with you. We could use `ptr::read_volatile` to access the memref to prevent the compiler from optimizing out repeated reads, ensuring that we always fetch the latest data from the shared memory. > In addition to that, I can't figure out if optee always guarantees the pointer passed in as a param would always point to someplace _outside_ the TA. AFAIK OP-TEE OS checks the memref during memory mapping in https://github.com/OP-TEE/optee_os/blob/master/core/mm/mobj_dyn_shm.c#L378. This is an important security primitive, and I believe OP-TEE OS should ensure this check. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
