OP-TE fixes for v5.17

- Adds error checking in optee_ffa_do_call_with_arg()
 - Reintroduces an accidentally lost fix for a memref size check
 - Uses bitmap_free() to free memory obtained with bitmap_zalloc()
 -----BEGIN PGP SIGNATURE-----
 
 iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAmHxH3YaHGplbnMud2lr
 bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJcfyw/+ON3pjOWqnf/1vx8i6/Ff
 ClwvvnYxTzG5KLcHLVc3mQMRMuckKSOVbudEPVNh21ShzYEG10ZiBvnamVyE90d5
 w5prGYG6VJleWKu48PdPyCBab/70alG5Uz4F9zFype4/Je95GJdzW/9Cdy2Z0/BR
 UbMsBtksE8cRoHdleHu31UdUPsnfSPGzTfJDWH3zVzuZT7cqWcQMnZNnk72K+iXH
 XR9dBVGQL04pejoWVIMy0jzvKl/7MoOtBRrlmzAXxLDWwdxSgriRfmQmA1jEumM8
 LLW8NZTMb7PBI7rkMrWDWziWfyp3N32BtRdkjzvMNHW01u2frsew92XZYK1c3qki
 OgN2rZkJ214xQpT3zMl+XtlSz5qWGA1I6N3oPe7Lr4rxbs9G2ErKn6GLMREfkXgG
 Xi5xy1wzSZg3SXan6oM2DO4cDXq2LOcubqKev8oWzhVBFzYNgnjtccsZ4KXYzp0z
 7Bhs0FrBv6z9bcFNKFXsamzJTezI8m8DhaXLiphfTctgWO6T7NwmrZnOH29YeMzh
 LfdM6cKIe7nR+w65atrlUFGzfSw4YomgLa6Z6QROSpOY4iAOOceszHZsq0VrUP7x
 uDTLzcoRFbsiJflNJ+fkI0pMLV+2DRPi07Ct/KmnRGq2uXOJyCsFmNTFcPRmSHPc
 ho57USzMvl9Loh076Rt71kA=
 =dcSW
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmICLmwACgkQmmx57+YA
 GNn7eA//dwFBYgFW7ATlLzp8lWL7mOg4Dh6vzdinyLLaKp0bPTKn0oNZxuDZE6d4
 FHw7ZDKShwlD5/NwPp9IfigErPgBOUbO1j4FlfLi3rIAqeOka3yuRllRD2tRA2+H
 dl0SI5e8QLwmGZ7pWcJcvR4xm700o45nIkPWptQPQfNcEFfHrML03tnzQvQoA3S3
 ziIK13aKDMBL/9SjLKpWq5dW6d8mkFsbE6TVrmLfwaCqBgcpqy3WC9z6WmG/wI5G
 Vio3LsV2UG+ngfmLer7gePaVgQW9UbAOM2k5pmA4Zxnkh/Q4mWSlQVMFC5wLFyha
 x4fMZkSU46YGTo1zRpLHVY8UjPvpMM6uv5hWTza/j3c3jBbkN9rvm9la9GrpXz4i
 ZPA5ehaFQ51lSQlx2g2WeZaJYuRliZiWNjrR+A4aGGIBh+4aYC+2sUvky4SyavjJ
 LTKwdyvF1RTkDGr7L+mkZLnOZqLQ9xHDIOiMkM0JqLG/xbNFSqMr9oAvh1gf37mo
 42hAtjvx6mU2la21AjCsTzEZgtDXtRJO/bRvT3/3taa3f/ehR47wzUwlMOE7vWcr
 tjHpBJ5vhlg8XwLgHPNxi+nCnAW02q1guEf/QaIxuhpdgyySQQB/NrkQmgsEUYX8
 2RaxOL3iwWjNd56M7D6M+TviUwYmm/aVcrl9adbV48pWtESeL6s=
 =9uyN
 -----END PGP SIGNATURE-----

Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

OP-TE fixes for v5.17

- Adds error checking in optee_ffa_do_call_with_arg()
- Reintroduces an accidentally lost fix for a memref size check
- Uses bitmap_free() to free memory obtained with bitmap_zalloc()

* tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  optee: add error checks in optee_ffa_do_call_with_arg()
  tee: optee: do not check memref size on return from Secure World
  optee: Use bitmap_free() to free bitmap

Link: https://lore.kernel.org/r/20220126102609.GA1516258@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
Arnd Bergmann 2022-02-08 09:48:43 +01:00
commit cc0def5b4e
3 changed files with 13 additions and 14 deletions

View File

@ -619,9 +619,18 @@ static int optee_ffa_do_call_with_arg(struct tee_context *ctx,
.data2 = (u32)(shm->sec_world_id >> 32),
.data3 = shm->offset,
};
struct optee_msg_arg *arg = tee_shm_get_va(shm, 0);
unsigned int rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);
struct optee_msg_arg *rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);
struct optee_msg_arg *arg;
unsigned int rpc_arg_offs;
struct optee_msg_arg *rpc_arg;
arg = tee_shm_get_va(shm, 0);
if (IS_ERR(arg))
return PTR_ERR(arg);
rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);
rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);
if (IS_ERR(rpc_arg))
return PTR_ERR(rpc_arg);
return optee_ffa_yielding_call(ctx, &data, rpc_arg);
}

View File

@ -121,5 +121,5 @@ int optee_notif_init(struct optee *optee, u_int max_key)
void optee_notif_uninit(struct optee *optee)
{
kfree(optee->notif.bitmap);
bitmap_free(optee->notif.bitmap);
}

View File

@ -75,16 +75,6 @@ static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr,
p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;
p->u.memref.shm = shm;
/* Check that the memref is covered by the shm object */
if (p->u.memref.size) {
size_t o = p->u.memref.shm_offs +
p->u.memref.size - 1;
rc = tee_shm_get_pa(shm, o, NULL);
if (rc)
return rc;
}
return 0;
}