Unexpected behavior may lead to dirf.db corruption #7037
Comments
|
Allowing to blindly reset REE_FS secure storage could lead to some rollback protection issue IMHO. When using REE_FS secure storage, we expect the filesystem in the non-secure OS has some protection against power loss and like, like some journaling support. |
|
Thank you for your explanation. diff --git a/core/tee/tee_ree_fs.c b/core/tee/tee_ree_fs.c
index 0b14640e2..ced7bd116 100644
--- a/core/tee/tee_ree_fs.c
+++ b/core/tee/tee_ree_fs.c
@@ -9,6 +9,7 @@
#include <kernel/nv_counter.h>
#include <kernel/panic.h>
#include <kernel/thread.h>
+#include <kernel/delay.h>
#include <kernel/user_access.h>
#include <mempool.h>
#include <mm/core_memprot.h>
@@ -440,6 +441,10 @@ static TEE_Result ree_fs_open_primitive(bool create, uint8_t *hash,
else
res = tee_fs_rpcc_open_dfh(OPTEE_RPC_CMD_FS, dfh, &fdp->fd);
+ if (create && !dfh) {
+ EMSG("After creating dirf.db in REE FS, delay and power off");
+ mdelay(10000);
+ }
if (res != TEE_SUCCESS)
goto out;I think that this case cannot be covered by the filesystem in the non-secure OS. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When accessing dirf.db, if there is an unexpected operation during the process, such as a sudden power outage, it may lead to dirf.db corruption. The next time, OP-TEE try to open the corrupted dirf.db, it would receive the error code TEE_ERROR_CORRUPT_OBJECT. In such cases, can OP-TEE automatically reset dirf.db?
That is to say, can we also add a case for TEE_ERROR_CORRUPT_OBJECT at line 551, allowing it to be rebuilt just like TEE_ERROR_ITEM_NOT_FOUND?"
optee_os/core/tee/tee_ree_fs.c
Lines 551 to 569 in 55a4d83
The text was updated successfully, but these errors were encountered: