Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp404498pxj; Thu, 20 May 2021 12:02:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwa/qRl84eF6aqIGLBs8AZp/ckTlKIhTDLtPLo42Q50lNOdPvGyokzvouee6WRGX+7uA2Uv X-Received: by 2002:a92:ce90:: with SMTP id r16mr7066291ilo.220.1621537356348; Thu, 20 May 2021 12:02:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621537356; cv=none; d=google.com; s=arc-20160816; b=JRbwsz022d3Qm9TF+xsiqY8Z3rYGfB/hRNOCNchnheeHkAZm4CDtn0BZ3Fa7A0yyX3 yaIXpwm3mNBt36S4RJcDWR21rQLGBk/7uf6UmtULjqrVmvoAKkDHziVG8kRX2by30Nh1 0NGX0hWc8i/EcaUvsLGll/Bi0MdzjzzR7Wt9QiitKmv9LanHenknEeHTp/45mD8c3VDL pfbrzaJA2Sf8CU9xhzIVzX47KgRc/vN7vGiEaAS9ephJQ7D3gFrUOZfolxBUxMBIrhQn e/2t4GHuyc8I31+ocqjTij7VCTbMxtRUSeN+LgmBblN4JUE/T6bJX6gp4PgjqxXPwpmc 9kng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=34JdZAVgcxZ5VQvAENOpJ2TAKDkSrANlYwjpgCDCb8I=; b=XDtKmcOeUfF1PzcE3eta8pmNPxznYmmq8kzEgC1fRmMjRc8dbRshFyOApu8jTd5Tvy KL90kyR3YY2D9bC/bO7imLeB7Zv3F9YCG2dKJ+nAta3QeHWLduYOx8kiiNdlNfW1dlxw sopURyPWP2/2RqAEzL4HA3Pj/9cly22ekoS39pXgbwWviGY2sveONj0J/YBiVP6RB7NB L0zz7bMSaISJNRvFDdOVL+lgmcdElzHIMKOM5YSjjXocXppjX9jFgVUmhE/M7SDATJMB HZD5tMhTayGigkQ0Aw2dRY/zSJajon8r3vnpi4MkWczu9bTRDqSsrSoopQma9AUWyMkN oU4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TapNsDdR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z2si3168413jat.35.2021.05.20.12.02.23; Thu, 20 May 2021 12:02:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TapNsDdR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235521AbhETK3t (ORCPT + 99 others); Thu, 20 May 2021 06:29:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:47742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234862AbhETKRU (ORCPT ); Thu, 20 May 2021 06:17:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 39920619A1; Thu, 20 May 2021 09:46:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621503976; bh=KIUAsv44XSVhl9cP5lf08lV/sYIea37rPg1fp9uDyKE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TapNsDdRZeIBA6Es3DjhvrhVnArUBVXlx0Bs72sJUrhWg4o0avtYUdg8sIuImHvRu ErXoaFkWqD0V/WR9wqWefoFub/VRxQVFwJWcnlxBWEbyfj2wysDdPxo5381L+tuBzW c/wAG5YBnJ6gnPMmRrVo5flceh9eG8cAAc4D0DKY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sumit Garg , Jens Wiklander , Jerome Forissier , Sasha Levin Subject: [PATCH 4.14 038/323] tee: optee: do not check memref size on return from Secure World Date: Thu, 20 May 2021 11:18:50 +0200 Message-Id: <20210520092121.411497213@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210520092120.115153432@linuxfoundation.org> References: <20210520092120.115153432@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jerome Forissier [ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ] When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Reviewed-by: Sumit Garg Suggested-by: Jens Wiklander Signed-off-by: Jerome Forissier Signed-off-by: Jens Wiklander Signed-off-by: Sasha Levin --- drivers/tee/optee/core.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 834884c370c5..63187b07dde0 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -86,16 +86,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params, return rc; p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; p->u.memref.shm = shm; - - /* Check that the memref is covered by the shm object */ - if (p->u.memref.size) { - size_t o = p->u.memref.shm_offs + - p->u.memref.size - 1; - - rc = tee_shm_get_pa(shm, o, NULL); - if (rc) - return rc; - } break; default: return -EINVAL; -- 2.30.2