The policy buffer is allocated using normal memory allocation
functions, so readl() should not be used on it.
Use get_unaligned_le32() instead.
Compile-tested only.
Signed-off-by: Armin Wolf <[email protected]>
---
drivers/platform/x86/amd/pmf/tee-if.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c
index 16973bebf55f..3220b6580270 100644
--- a/drivers/platform/x86/amd/pmf/tee-if.c
+++ b/drivers/platform/x86/amd/pmf/tee-if.c
@@ -11,6 +11,7 @@
#include <linux/debugfs.h>
#include <linux/tee_drv.h>
#include <linux/uuid.h>
+#include <asm/unaligned.h>
#include "pmf.h"
#define MAX_TEE_PARAM 4
@@ -249,8 +250,8 @@ static int amd_pmf_start_policy_engine(struct amd_pmf_dev *dev)
u32 cookie, length;
int res;
- cookie = readl(dev->policy_buf + POLICY_COOKIE_OFFSET);
- length = readl(dev->policy_buf + POLICY_COOKIE_LEN);
+ cookie = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_OFFSET);
+ length = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_LEN);
if (cookie != POLICY_SIGN_COOKIE || !length)
return -EINVAL;
--
2.39.2
On Fri, 23 Feb 2024, Armin Wolf wrote:
> The policy buffer is allocated using normal memory allocation
> functions, so readl() should not be used on it.
>
> Use get_unaligned_le32() instead.
>
> Compile-tested only.
>
> Signed-off-by: Armin Wolf <[email protected]>
> ---
> drivers/platform/x86/amd/pmf/tee-if.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c
> index 16973bebf55f..3220b6580270 100644
> --- a/drivers/platform/x86/amd/pmf/tee-if.c
> +++ b/drivers/platform/x86/amd/pmf/tee-if.c
> @@ -11,6 +11,7 @@
> #include <linux/debugfs.h>
> #include <linux/tee_drv.h>
> #include <linux/uuid.h>
> +#include <asm/unaligned.h>
> #include "pmf.h"
>
> #define MAX_TEE_PARAM 4
> @@ -249,8 +250,8 @@ static int amd_pmf_start_policy_engine(struct amd_pmf_dev *dev)
> u32 cookie, length;
> int res;
>
> - cookie = readl(dev->policy_buf + POLICY_COOKIE_OFFSET);
> - length = readl(dev->policy_buf + POLICY_COOKIE_LEN);
> + cookie = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_OFFSET);
> + length = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_LEN);
I don't understand you need _unaligned_ here, the offsets should be dword
aligned, no?
#define POLICY_COOKIE_OFFSET 0x10
#define POLICY_COOKIE_LEN 0x14
--
i.
Am 27.02.24 um 13:59 schrieb Ilpo Järvinen:
> On Fri, 23 Feb 2024, Armin Wolf wrote:
>
>> The policy buffer is allocated using normal memory allocation
>> functions, so readl() should not be used on it.
>>
>> Use get_unaligned_le32() instead.
>>
>> Compile-tested only.
>>
>> Signed-off-by: Armin Wolf <[email protected]>
>> ---
>> drivers/platform/x86/amd/pmf/tee-if.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c
>> index 16973bebf55f..3220b6580270 100644
>> --- a/drivers/platform/x86/amd/pmf/tee-if.c
>> +++ b/drivers/platform/x86/amd/pmf/tee-if.c
>> @@ -11,6 +11,7 @@
>> #include <linux/debugfs.h>
>> #include <linux/tee_drv.h>
>> #include <linux/uuid.h>
>> +#include <asm/unaligned.h>
>> #include "pmf.h"
>>
>> #define MAX_TEE_PARAM 4
>> @@ -249,8 +250,8 @@ static int amd_pmf_start_policy_engine(struct amd_pmf_dev *dev)
>> u32 cookie, length;
>> int res;
>>
>> - cookie = readl(dev->policy_buf + POLICY_COOKIE_OFFSET);
>> - length = readl(dev->policy_buf + POLICY_COOKIE_LEN);
>> + cookie = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_OFFSET);
>> + length = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_LEN);
> I don't understand you need _unaligned_ here, the offsets should be dword
> aligned, no?
>
> #define POLICY_COOKIE_OFFSET 0x10
> #define POLICY_COOKIE_LEN 0x14
>
Hi,
you are right about this.
However i just noticed that the driver does not validate that the policy buffer is big enough
before accessing the data.
I will prepare a separate patch series to address this.
Thanks,
Armin Wolf