Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25, v6.1.24, v6.1.23, v6.1.22 |
|
#
86711330 |
| 24-Mar-2023 |
Linus Walleij <linus.walleij@linaro.org> |
tee: Pass a pointer to virt_to_page()
Like the other calls in this function virt_to_page() expects a pointer, not an integer.
However since many architectures implement virt_to_pfn() as a macro, th
tee: Pass a pointer to virt_to_page()
Like the other calls in this function virt_to_page() expects a pointer, not an integer.
However since many architectures implement virt_to_pfn() as a macro, this function becomes polymorphic and accepts both a (unsigned long) and a (void *).
Fix this up with an explicit cast.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10 |
|
#
0249a75b |
| 03-Feb-2023 |
Ira Weiny <ira.weiny@intel.com> |
tee: Remove call to get_kernel_pages()
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack:
trusted_instantiate() trusted_payload_alloc(
tee: Remove call to get_kernel_pages()
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack:
trusted_instantiate() trusted_payload_alloc() -> GFP_KERNEL <trusted key op> tee_shm_register_kernel_buf() register_shm_helper() shm_get_kernel_pages()
Where <trusted key op> is one of:
trusted_key_unseal() trusted_key_get_random() trusted_key_seal()
Because the pages can't be from highmem get_kernel_pages() boils down to a get_page() call.
Remove the get_kernel_pages() call and open code the get_page().
In case a highmem page does slip through warn on once for a kmap'ed address.
Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
c8390039 |
| 03-Feb-2023 |
Ira Weiny <ira.weiny@intel.com> |
tee: Remove vmalloc page support
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack:
trusted_instantiate() trusted_payload_alloc() -> G
tee: Remove vmalloc page support
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack:
trusted_instantiate() trusted_payload_alloc() -> GFP_KERNEL <trusted key op> tee_shm_register_kernel_buf() register_shm_helper() shm_get_kernel_pages()
Where <trusted key op> is one of:
trusted_key_unseal() trusted_key_get_random() trusted_key_seal()
Remove the vmalloc page support from shm_get_kernel_pages(). Replace with a warn on once.
Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63 |
|
#
eccd7439 |
| 22-Aug-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: fix compiler warning in tee_shm_register()
Include <linux/uaccess.h> to avoid the warning: drivers/tee/tee_shm.c: In function 'tee_shm_register': >> drivers/tee/tee_shm.c:242:14: error: impl
tee: fix compiler warning in tee_shm_register()
Include <linux/uaccess.h> to avoid the warning: drivers/tee/tee_shm.c: In function 'tee_shm_register': >> drivers/tee/tee_shm.c:242:14: error: implicit declaration of function 'access_ok' [-Werror=implicit-function-declaration] 242 | if (!access_ok((void __user *)addr, length)) | ^~~~~~~~~ cc1: some warnings being treated as errors
Fixes: 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v5.15.62 |
|
#
573ae4f1 |
| 18-Aug-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: add overflow check in register_shm_helper()
With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied
tee: add overflow check in register_shm_helper()
With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region.
This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114
Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.
Fixes: 033ddf12bcf5 ("tee: add register user memory") Cc: stable@vger.kernel.org Reported-by: Nimish Mishra <neelam.nimish@gmail.com> Reported-by: Anirban Chakraborty <ch.anirban00727@gmail.com> Reported-by: Debdeep Mukhopadhyay <debdeep.mukhopadhyay@gmail.com> Suggested-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
show more ...
|
Revision tags: v5.15.61, v5.15.60, v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38, v5.15.37, v5.15.36 |
|
#
66eb6df7 |
| 25-Apr-2022 |
Andrew Davis <afd@ti.com> |
tee: remove tee_shm_va2pa() and tee_shm_pa2va()
We should not need to index into SHMs based on absolute VA/PA. These functions are not used and this kind of usage should not be encouraged anyway. Re
tee: remove tee_shm_va2pa() and tee_shm_pa2va()
We should not need to index into SHMs based on absolute VA/PA. These functions are not used and this kind of usage should not be encouraged anyway. Remove these functions.
Signed-off-by: Andrew Davis <afd@ti.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28, v5.15.27, v5.15.26 |
|
#
3e47235e |
| 25-Feb-2022 |
Phil Chang <phil.chang@mediatek.com> |
tee: make tee_shm_register_kernel_buf vmalloc supported
In some low-memory devices, it's hard to aquire large-orders pages, this patch allowed user using scatter pages to register shm.
Signed-off-b
tee: make tee_shm_register_kernel_buf vmalloc supported
In some low-memory devices, it's hard to aquire large-orders pages, this patch allowed user using scatter pages to register shm.
Signed-off-by: Phil Chang <phil.chang@mediatek.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20 |
|
#
a45ea4ef |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: refactor TEE_SHM_* flags
Removes the redundant TEE_SHM_DMA_BUF, TEE_SHM_EXT_DMA_BUF, TEE_SHM_MAPPED and TEE_SHM_KERNEL_MAPPED flags.
TEE_SHM_REGISTER is renamed to TEE_SHM_DYNAMIC in order to
tee: refactor TEE_SHM_* flags
Removes the redundant TEE_SHM_DMA_BUF, TEE_SHM_EXT_DMA_BUF, TEE_SHM_MAPPED and TEE_SHM_KERNEL_MAPPED flags.
TEE_SHM_REGISTER is renamed to TEE_SHM_DYNAMIC in order to better match its usage.
Assigns new values to the remaining flags to void gaps.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
53e16519 |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: replace tee_shm_register()
tee_shm_register() is replaced by the previously introduced functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf().
Since there are not external cal
tee: replace tee_shm_register()
tee_shm_register() is replaced by the previously introduced functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf().
Since there are not external callers left we can remove tee_shm_register() and refactor the remains.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
056d3fed |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: add tee_shm_register_{user,kernel}_buf()
Adds the two new functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf() which should be used instead of the old tee_shm_register().
Th
tee: add tee_shm_register_{user,kernel}_buf()
Adds the two new functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf() which should be used instead of the old tee_shm_register().
This avoids having the caller supplying the flags parameter which exposes a bit more than desired of the internals of the TEE subsystem.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
5d41f1b3 |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: replace tee_shm_alloc()
tee_shm_alloc() is replaced by three new functions,
tee_shm_alloc_user_buf() - for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF
tee: replace tee_shm_alloc()
tee_shm_alloc() is replaced by three new functions,
tee_shm_alloc_user_buf() - for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF
tee_shm_alloc_kernel_buf() - for kernel mode allocations, slightly optimized compared to using the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF.
tee_shm_alloc_priv_buf() - primarily for TEE driver internal use.
This also makes the interface easier to use as we can get rid of the somewhat hard to use flags parameter.
The TEE subsystem and the TEE drivers are updated to use the new functions instead.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
d88e0493 |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: simplify shm pool handling
Replaces the shared memory pool based on two pools with a single pool. The alloc() function pointer in struct tee_shm_pool_ops gets another parameter, align. This mak
tee: simplify shm pool handling
Replaces the shared memory pool based on two pools with a single pool. The alloc() function pointer in struct tee_shm_pool_ops gets another parameter, align. This makes it possible to make less than page aligned allocations from the optional reserved shared memory pool while still making user space allocations page aligned. With in practice unchanged behaviour using only a single pool for bookkeeping.
The allocation algorithm in the static OP-TEE shared memory pool is changed from best-fit to first-fit since only the latter supports an alignment parameter. The best-fit algorithm was previously the default choice and not a conscious one.
The optee and amdtee drivers are updated as needed to work with this changed pool handling.
This also removes OPTEE_SHM_NUM_PRIV_PAGES which becomes obsolete with this change as the private pages can be mixed with the payload pages.
The OP-TEE driver changes minimum alignment for argument struct from 8 bytes to 512 bytes. A typical OP-TEE private shm allocation is 224 bytes (argument struct with 6 parameters, needed for open session). So with an alignment of 512 well waste a bit more than 50%. Before this we had a single page reserved for this so worst case usage compared to that would be 3 pages instead of 1 page. However, this worst case only occurs if there is a high pressure from multiple threads on secure world. All in all this should scale up and down better than fixed boundaries.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
#
71cc47d4 |
| 04-Feb-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: add tee_shm_alloc_user_buf()
Adds a new function tee_shm_alloc_user_buf() for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF to tee_shm_alloc().
Reviewed-b
tee: add tee_shm_alloc_user_buf()
Adds a new function tee_shm_alloc_user_buf() for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF to tee_shm_alloc().
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v5.15.19, v5.15.18, v5.15.17, v5.4.173, v5.15.16, v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8 |
|
#
dfd0743f |
| 09-Dec-2021 |
Jens Wiklander <jens.wiklander@linaro.org> |
tee: handle lookup of shm with reference count 0
Since the tee subsystem does not keep a strong reference to its idle shared memory buffers, it races with other threads that try to destroy a shared
tee: handle lookup of shm with reference count 0
Since the tee subsystem does not keep a strong reference to its idle shared memory buffers, it races with other threads that try to destroy a shared memory through a close of its dma-buf fd or by unmapping the memory.
In tee_shm_get_from_id() when a lookup in teedev->idr has been successful, it is possible that the tee_shm is in the dma-buf teardown path, but that path is blocked by the teedev mutex. Since we don't have an API to tell if the tee_shm is in the dma-buf teardown path or not we must find another way of detecting this condition.
Fix this by doing the reference counting directly on the tee_shm using a new refcount_t refcount field. dma-buf is replaced by using anon_inode_getfd() instead, this separates the life-cycle of the underlying file from the tee_shm. tee_shm_put() is updated to hold the mutex when decreasing the refcount to 0 and then remove the tee_shm from teedev->idr before releasing the mutex. This means that the tee_shm can never be found unless it has a refcount larger than 0.
Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Cc: stable@vger.kernel.org Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Lars Persson <larper@axis.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reported-by: Patrik Lantz <patrik.lantz@axis.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
Revision tags: v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3, v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12 |
|
#
16b0314a |
| 10-Oct-2021 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
dma-buf: move dma-buf symbols into the DMA_BUF module namespace
In order to better track where in the kernel the dma-buf code is used, put the symbols in the namespace DMA_BUF and modify all users o
dma-buf: move dma-buf symbols into the DMA_BUF module namespace
In order to better track where in the kernel the dma-buf code is used, put the symbols in the namespace DMA_BUF and modify all users of the symbols to properly import the namespace to not break the build at the same time.
Now the output of modinfo shows the use of these symbols, making it easier to watch for users over time:
$ modinfo drivers/misc/fastrpc.ko | grep import import_ns: DMA_BUF
Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com> Cc: David Airlie <airlied@linux.ie> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: dri-devel@lists.freedesktop.org Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Christian König <christian.koenig@amd.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Sumit Semwal <sumit.semwal@linaro.org> Acked-by: Alex Deucher <alexander.deucher@amd.com> Link: https://lore.kernel.org/r/20211010124628.17691-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
a663e6ab |
| 08-Nov-2022 |
Sumit Garg <sumit.garg@linaro.org> |
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functi
tee: Fix tee_shm_register() for kernel TEE drivers
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|