pta: attestation: exclude memory regions without VM_FLAG_READONLY

When selecting which memory region of a TA should be hashed, exclude those without VM_FLAG_READONLY in their flag field instead of requiring the absence of TEE_MATTR_UW in attr. This makes the code more consistent and fixes an issue triggered by commit 52e7b1a ("core: use user-access functions in ldelf interaction"). With that commit, an additional region is mapped read-only (i.e., no TEE_MATTR_UW) but does not have a fixed content for the TA. It can be excluded easily since it does not have the VM_FLAG_READONLY flag. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
jforissier · Jul 26, 2023 · 448aec5 · 448aec5
1 parent e4b1172
commit 448aec5
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/core/pta/attestation.c b/core/pta/attestation.c
@@ -483,10 +483,12 @@ static TEE_Result sign_buffer(uint8_t *buf, size_t buf_sz, uint8_t *nonce,
  */
 static bool is_region_valid(struct vm_region *r)
 {
-	uint32_t skip_flags = VM_FLAG_EPHEMERAL | VM_FLAG_PERMANENT |
-			      VM_FLAG_LDELF;
+	uint32_t dontwant = VM_FLAG_EPHEMERAL | VM_FLAG_PERMANENT |
+			    VM_FLAG_LDELF;
+	uint32_t want = VM_FLAG_READONLY;
 
-	return !(r->flags & skip_flags || r->attr & TEE_MATTR_UW);
+
+	return ((r->flags & want) == want && !(r->flags & dontwant));
 }
 
 /*