tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

tee: refactor params_from_user()

Break out the memref handling into a separate helper function.
No change in behavior.

Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Jens Wiklander fdf631ac c924c65f

+54 -40
+54 -40
drivers/tee/tee_core.c
··· 354 354 return ret; 355 355 } 356 356 357 + static int param_from_user_memref(struct tee_context *ctx, 358 + struct tee_param_memref *memref, 359 + struct tee_ioctl_param *ip) 360 + { 361 + struct tee_shm *shm; 362 + 363 + /* 364 + * If a NULL pointer is passed to a TA in the TEE, 365 + * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL 366 + * indicating a NULL memory reference. 367 + */ 368 + if (ip->c != TEE_MEMREF_NULL) { 369 + /* 370 + * If we fail to get a pointer to a shared 371 + * memory object (and increase the ref count) 372 + * from an identifier we return an error. All 373 + * pointers that has been added in params have 374 + * an increased ref count. It's the callers 375 + * responibility to do tee_shm_put() on all 376 + * resolved pointers. 377 + */ 378 + shm = tee_shm_get_from_id(ctx, ip->c); 379 + if (IS_ERR(shm)) 380 + return PTR_ERR(shm); 381 + 382 + /* 383 + * Ensure offset + size does not overflow 384 + * offset and does not overflow the size of 385 + * the referred shared memory object. 386 + */ 387 + if ((ip->a + ip->b) < ip->a || 388 + (ip->a + ip->b) > shm->size) { 389 + tee_shm_put(shm); 390 + return -EINVAL; 391 + } 392 + } else if (ctx->cap_memref_null) { 393 + /* Pass NULL pointer to OP-TEE */ 394 + shm = NULL; 395 + } else { 396 + return -EINVAL; 397 + } 398 + 399 + memref->shm_offs = ip->a; 400 + memref->size = ip->b; 401 + memref->shm = shm; 402 + 403 + return 0; 404 + } 405 + 357 406 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 358 407 size_t num_params, 359 408 struct tee_ioctl_param __user *uparams) ··· 410 361 size_t n; 411 362 412 363 for (n = 0; n < num_params; n++) { 413 - struct tee_shm *shm; 414 364 struct tee_ioctl_param ip; 365 + int rc; 415 366 416 367 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 417 368 return -EFAULT; ··· 434 385 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 435 386 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 436 387 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 437 - /* 438 - * If a NULL pointer is passed to a TA in the TEE, 439 - * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL 440 - * indicating a NULL memory reference. 441 - */ 442 - if (ip.c != TEE_MEMREF_NULL) { 443 - /* 444 - * If we fail to get a pointer to a shared 445 - * memory object (and increase the ref count) 446 - * from an identifier we return an error. All 447 - * pointers that has been added in params have 448 - * an increased ref count. It's the callers 449 - * responibility to do tee_shm_put() on all 450 - * resolved pointers. 451 - */ 452 - shm = tee_shm_get_from_id(ctx, ip.c); 453 - if (IS_ERR(shm)) 454 - return PTR_ERR(shm); 455 - 456 - /* 457 - * Ensure offset + size does not overflow 458 - * offset and does not overflow the size of 459 - * the referred shared memory object. 460 - */ 461 - if ((ip.a + ip.b) < ip.a || 462 - (ip.a + ip.b) > shm->size) { 463 - tee_shm_put(shm); 464 - return -EINVAL; 465 - } 466 - } else if (ctx->cap_memref_null) { 467 - /* Pass NULL pointer to OP-TEE */ 468 - shm = NULL; 469 - } else { 470 - return -EINVAL; 471 - } 472 - 473 - params[n].u.memref.shm_offs = ip.a; 474 - params[n].u.memref.size = ip.b; 475 - params[n].u.memref.shm = shm; 388 + rc = param_from_user_memref(ctx, &params[n].u.memref, 389 + &ip); 390 + if (rc) 391 + return rc; 476 392 break; 477 393 default: 478 394 /* Unknown attribute */