iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

Browse Source 
OP-TE fixes for v5.17

- Adds error checking in optee_ffa_do_call_with_arg()
- Reintroduces an accidentally lost fix for a memref size check
- Uses bitmap_free() to free memory obtained with bitmap_zalloc()

* tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  optee: add error checks in optee_ffa_do_call_with_arg()
  tee: optee: do not check memref size on return from Secure World
  optee: Use bitmap_free() to free bitmap

Link: https://lore.kernel.org/r/20220126102609.GA1516258@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
Arnd Bergmann
2022-02-08 09:48:43 +01:00
parent 78b390bd56 4064c46114
commit cc0def5b4e
3 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
drivers/tee/optee/ffa_abi.c
View File

@ -619,9 +619,18 @@ static int optee_ffa_do_call_with_arg(struct tee_context *ctx,
.data2 = (u32)(shm->sec_world_id >> 32),
.data3 = shm->offset,
};
struct optee_msg_arg *arg = tee_shm_get_va(shm, 0);
unsigned int rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);
struct optee_msg_arg *rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);
struct optee_msg_arg *arg;
unsigned int rpc_arg_offs;
struct optee_msg_arg *rpc_arg;
arg = tee_shm_get_va(shm, 0);
if (IS_ERR(arg))
return PTR_ERR(arg);
rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);
rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);
if (IS_ERR(rpc_arg))
return PTR_ERR(rpc_arg);
return optee_ffa_yielding_call(ctx, &data, rpc_arg);
}

2
drivers/tee/optee/notif.c
View File

@ -121,5 +121,5 @@ int optee_notif_init(struct optee *optee, u_int max_key)
void optee_notif_uninit(struct optee *optee)
{
kfree(optee->notif.bitmap);
bitmap_free(optee->notif.bitmap);
}

10
drivers/tee/optee/smc_abi.c
View File

@ -75,16 +75,6 @@ static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr,
p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;
p->u.memref.shm = shm;
/* Check that the memref is covered by the shm object */
if (p->u.memref.size) {
size_t o = p->u.memref.shm_offs +
p->u.memref.size - 1;
rc = tee_shm_get_pa(shm, o, NULL);
if (rc)
return rc;
}
return 0;
}