Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2459105pxj; Mon, 10 May 2021 03:34:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoumczlrWOcG+Tbb3hBZ1M8At66GBK4vevQxniNh1mjXCJV62oYuJirjk+OqFLv8bqKQ+a X-Received: by 2002:a17:907:2050:: with SMTP id pg16mr2834168ejb.255.1620642891939; Mon, 10 May 2021 03:34:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620642891; cv=none; d=google.com; s=arc-20160816; b=VYyM9V8IwaIJVM7Sqb0axNGIqc6lk1mkO8RoLo3N9ABzlD7jNG0+G5Q3XpWmjZQFXq NSW99XpDmByaoqNgOdLDBohjGiXNyAAVl4sX6aZhESF4FAEV8SiMeao2CxGRUGAlmg+g lTgks9W1cNaSTi/hMMu9JTLD4AzJT/ZmzYuMbjyeVzmn91Zii9cscBBYrjzMepGBw9zv ie4Y8JDvhFIOJkWKd2bMLy79boHBEXtO+esta49bRJ+LYoYg9OOcq050osFTD7JsmFDp y95PVU0Ef+3/hUtkb+PnVR21EfUXLLIhOou7EISZ11eMB3Sj8prSn9ye0Mbo1e5m0140 UkJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qPOZTWkncaYLraAW/bv7L3/OghyAwEojUvVmlSdQWxg=; b=GY4PdRar2NnFcr0Sx32sf4Jrw/GuJiZuJvIzjXnsrd+1Tly46S9MgmEg8g4NdNfIET Qn+b3kRqiCLkvwduidsif2Ku/b2Zcsrlbv9B8nFU6djTO+v01UA+pAdTX/4mQ0ISSF4r /wg3zKKGXymDNRTbXwkibSRvmX7CkXNTEQrOkg6TFDq64dwMWWz2GWrdOoQFzF22BMQq PiNYNCeXuYsABK4mF9F8hbZdCtLtTr33MHlD2xxDZJ5L6OnKKDNyilVjTJuiS/Nguvr8 V8nV/DXZKY4QUNv4rbCsdcED0DX1XbSI/qqkIYEW2m6/OhovL9RidQSk0MZWX0GnJc92 TxQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jw20V4gC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n26si13044151ejx.488.2021.05.10.03.34.28; Mon, 10 May 2021 03:34:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jw20V4gC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231296AbhEJKbu (ORCPT + 99 others); Mon, 10 May 2021 06:31:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:60168 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230449AbhEJK2j (ORCPT ); Mon, 10 May 2021 06:28:39 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4EBF361626; Mon, 10 May 2021 10:27:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620642423; bh=bZfn7RF/27+V4ZX/wgyqz34JcBoVJgaQhz9oGSUgOJA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jw20V4gCbmtHnKctRUnuARgrA1KG0IFBVV+qoMpnvTI3Vv3/gCl9yyivBf5HAiZk3 HEWNrSnEVr01Cc0uf/0r9PSGk0zg+cPcLWPkrvL+YIkMXNjrK/BtlkQCpiaX7j9J4+ 0ehP2EXy+vJG4kzS06wW3I4B/vrQH05Lk5xULi4E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sumit Garg , Jens Wiklander , Jerome Forissier , Sasha Levin Subject: [PATCH 5.4 053/184] tee: optee: do not check memref size on return from Secure World Date: Mon, 10 May 2021 12:19:07 +0200 Message-Id: <20210510101951.950433153@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510101950.200777181@linuxfoundation.org> References: <20210510101950.200777181@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jerome Forissier [ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ] When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Reviewed-by: Sumit Garg Suggested-by: Jens Wiklander Signed-off-by: Jerome Forissier Signed-off-by: Jens Wiklander Signed-off-by: Sasha Levin --- drivers/tee/optee/core.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index b830e0a87fba..ba6cfba589a6 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -78,16 +78,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params, return rc; p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; p->u.memref.shm = shm; - - /* Check that the memref is covered by the shm object */ - if (p->u.memref.size) { - size_t o = p->u.memref.shm_offs + - p->u.memref.size - 1; - - rc = tee_shm_get_pa(shm, o, NULL); - if (rc) - return rc; - } break; case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: -- 2.30.2