Skip to content

Fix a use-after-free condition of single-instance TAs#784

Open
sangho2 wants to merge 6 commits intomainfrom
sanghle/lvbs/fix_pt_uaf
Open

Fix a use-after-free condition of single-instance TAs#784
sangho2 wants to merge 6 commits intomainfrom
sanghle/lvbs/fix_pt_uaf

Conversation

@sangho2
Copy link
Copy Markdown
Contributor

@sangho2 sangho2 commented Apr 17, 2026
edited
Loading

This PR fixes a use-after-free condition of single-instance TAs where a CPU core attempts to open a session with a single-instance TA with a cached instance in memory while another is tearing down it (due to session close, TA crash/panic, ...). This PR gets rid of such condition by re-checking whether a cached instance is valid or not. Also, this PR removes a fast pat h for single-instance TA opening which is racy with less meaningful performance benefit.

@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch from 1b2491d to 4ee95b3 Compare April 17, 2026 17:27
@sangho2 sangho2 added the must-not-merge:undergoing-restructuring Known deeper set of changes are happening on this PR before it is mergeable again label Apr 17, 2026
@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch from 4ee95b3 to 6cd446a Compare April 17, 2026 21:31
@sangho2 sangho2 removed the must-not-merge:undergoing-restructuring Known deeper set of changes are happening on this PR before it is mergeable again label Apr 17, 2026
@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch from 6cd446a to 85f20ae Compare April 17, 2026 21:41
@sangho2 sangho2 added must-not-merge:undergoing-restructuring Known deeper set of changes are happening on this PR before it is mergeable again and removed must-not-merge:undergoing-restructuring Known deeper set of changes are happening on this PR before it is mergeable again labels Apr 17, 2026
@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch 2 times, most recently from ab19e6e to 6d28883 Compare April 17, 2026 23:42
@sangho2 sangho2 marked this pull request as ready for review April 17, 2026 23:48
@sangho2 sangho2 marked this pull request as draft April 20, 2026 18:17
@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch 4 times, most recently from c00f8b5 to 13fa1bf Compare April 21, 2026 21:00
@sangho2 sangho2 force-pushed the sanghle/lvbs/fix_pt_uaf branch from 13fa1bf to e755d5e Compare April 21, 2026 21:01
@sangho2 sangho2 marked this pull request as ready for review April 21, 2026 21:02
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

🤖 SemverChecks 🤖 ⚠️ Potential breaking API changes detected ⚠️

Click for details 
--- failure constructible_struct_adds_field: externally-constructible struct adds field ---

Description:
A pub struct constructible with a struct literal has a new pub field. Existing struct literals must be updated to include the new field.
        ref: https://doc.rust-lang.org/reference/expressions/struct-expr.html
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.47.0/src/lints/constructible_struct_adds_field.ron

Failed in:
  field TaInstance.dead in /home/runner/work/litebox/litebox/litebox_shim_optee/src/session.rs:125
  field TaInstance.dead in /home/runner/work/litebox/litebox/litebox_shim_optee/src/session.rs:125

--- failure inherent_method_missing: pub method removed or renamed ---

Description:
A publicly-visible method or associated fn is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.47.0/src/lints/inherent_method_missing.ron

Failed in:
  SessionManager::get_single_instance, previously in file /home/runner/work/litebox/litebox/target/semver-checks/git-main/e218c7cc0b39b6a0402839f2d17ffb4c681921c3/litebox_shim_optee/src/session.rs:385
  SessionManager::get_single_instance, previously in file /home/runner/work/litebox/litebox/target/semver-checks/git-main/e218c7cc0b39b6a0402839f2d17ffb4c681921c3/litebox_shim_optee/src/session.rs:385

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sangho2