2018-05-07 12:49:07

by Jens Wiklander

[permalink] [raw]
Subject: [GIT PULL] tee driver fixes for v4.17

Hello arm-soc maintainers,

Please pull these tee driver fixes. Of particular interest is a fix for a
use-after-free issue. There's also a fix making sure that memory references
are kept within the used shm object.

Thanks,
Jens

The following changes since commit 75bc37fefc4471e718ba8e651aa74673d4e0a9eb:

Linux 4.17-rc4 (2018-05-06 16:57:38 -1000)

are available in the Git repository at:

git://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/tee-drv-fixes-for-4.17

for you to fetch changes up to ab9d3db5b320a052452b9cd035599ee3c84bbee9:

tee: check shm references are consistent in offset/size (2018-05-07 11:51:03 +0200)

----------------------------------------------------------------
Small fixes for tee subsystem

* Fixes for use-after-free via temporarily dropped reference
* Checks that passed shm references are consistent in offset/size
with regards to the shm object

----------------------------------------------------------------
Etienne Carriere (1):
tee: check shm references are consistent in offset/size

Jann Horn (1):
tee: shm: fix use-after-free via temporarily dropped reference

drivers/tee/tee_core.c | 11 +++++++++++
drivers/tee/tee_shm.c | 5 +++--
2 files changed, 14 insertions(+), 2 deletions(-)


2018-05-14 08:17:43

by Olof Johansson

[permalink] [raw]
Subject: Re: [GIT PULL] tee driver fixes for v4.17

On Mon, May 07, 2018 at 02:47:31PM +0200, Jens Wiklander wrote:
> Hello arm-soc maintainers,
>
> Please pull these tee driver fixes. Of particular interest is a fix for a
> use-after-free issue. There's also a fix making sure that memory references
> are kept within the used shm object.
>
> Thanks,
> Jens
>
> The following changes since commit 75bc37fefc4471e718ba8e651aa74673d4e0a9eb:
>
> Linux 4.17-rc4 (2018-05-06 16:57:38 -1000)
>
> are available in the Git repository at:
>
> git://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/tee-drv-fixes-for-4.17
>
> for you to fetch changes up to ab9d3db5b320a052452b9cd035599ee3c84bbee9:
>
> tee: check shm references are consistent in offset/size (2018-05-07 11:51:03 +0200)
>
> ----------------------------------------------------------------
> Small fixes for tee subsystem
>
> * Fixes for use-after-free via temporarily dropped reference
> * Checks that passed shm references are consistent in offset/size
> with regards to the shm object

Merged, thanks!


-Olof