Unverified Commit cc0def5b authored by Arnd Bergmann's avatar Arnd Bergmann
Browse files

Merge tag 'optee-fixes-for-v5.17' of... 

Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

OP-TE fixes for v5.17

- Adds error checking in optee_ffa_do_call_with_arg()
- Reintroduces an accidentally lost fix for a memref size check
- Uses bitmap_free() to free memory obtained with bitmap_zalloc()

* tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  optee: add error checks in optee_ffa_do_call_with_arg()
  tee: optee: do not check memref size on return from Secure World
  optee: Use bitmap_free() to free bitmap

Link: https://lore.kernel.org/r/20220126102609.GA1516258@jade


Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
parents 78b390bd 4064c461

drivers/tee/optee/ffa_abi.c

+12 −3
Original line number Diff line number Diff line
@@ -619,9 +619,18 @@ static int optee_ffa_do_call_with_arg(struct tee_context *ctx, 
		.data2 = (u32)(shm->sec_world_id >> 32),

		.data3 = shm->offset,

	};

	struct optee_msg_arg *arg = tee_shm_get_va(shm, 0);

	unsigned int rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);

	struct optee_msg_arg *rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);

	struct optee_msg_arg *arg;

	unsigned int rpc_arg_offs;

	struct optee_msg_arg *rpc_arg;



	arg = tee_shm_get_va(shm, 0);

	if (IS_ERR(arg))

		return PTR_ERR(arg);



	rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);

	rpc_arg = tee_shm_get_va(shm, rpc_arg_offs);

	if (IS_ERR(rpc_arg))

		return PTR_ERR(rpc_arg);



	return optee_ffa_yielding_call(ctx, &data, rpc_arg);

}

drivers/tee/optee/notif.c

+1 −1
Original line number Diff line number Diff line
@@ -121,5 +121,5 @@ int optee_notif_init(struct optee *optee, u_int max_key) 


void optee_notif_uninit(struct optee *optee)

{

	kfree(optee->notif.bitmap);

	bitmap_free(optee->notif.bitmap);

}

drivers/tee/optee/smc_abi.c

+0 −10
Original line number Diff line number Diff line
@@ -75,16 +75,6 @@ static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr, 
	p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;

	p->u.memref.shm = shm;



	/* Check that the memref is covered by the shm object */

	if (p->u.memref.size) {

		size_t o = p->u.memref.shm_offs +

			   p->u.memref.size - 1;



		rc = tee_shm_get_pa(shm, o, NULL);

		if (rc)

			return rc;

	}



	return 0;

}