TEE QTEE fixes for v6.18

- Adds ARCH_QCOM dependency for the QTEE driver - Fixing return values for copy_from_user() failures - Guarding against potential off by one read -----BEGIN PGP SIGNATURE----- iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjfv58aHGplbnMud2lr bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H6uxA/+NFregDoinXbAYFzEjoTM g2tVAEe/6+1XWN37DngvWvV4ndnbq49n9EYqR4mWRz1KH5sCmTjpzolOpLvLmKd3 woZeqPP6gpbmiKQQ08cK34axhfi0xAPAK9B9qiat5ARBN1CoT0E+OLp4u9B4RX7/ zf2jU8PI2JrqqbABmUIkfqbHgP5Hh9TIzE3RH4oI/wLQl+F2goKBx+p2X8BEqmlw xRpD4nKMk8Hui/oIDwe9BJ5AzVb4hG/PY9O9UQRaW/WCifcIyWYWbE3cnnN1YtmO yRcGlalBa/wpRQR94pUUyrb1qhbb/PcdSa46SQ2nL8yQ1C11+kr6BEW1KTV6RRBU guKK8D41ZLSUKDVvtiJD7nszhwrGdHafw/V9Kqu9KGbhba3gUJhClpDRS/1boyZ8 UlDpWz4GAQ6Ky1QZrq7yPJ2qrrTq6GVDPVRt7DLqnupkF9ASa5Ii96IEqK4IZZB5 5VRlpFLTKdPjmxvBvAtcvBp3ryOG2JOlwCkUlzfAmjeHdNY7duaNHy+XxwqzhiLY KREZD7c3H3ghJbrC6UY+anBRsP0uIAn1C3wDTNgprVTsjF6IZOy82ZJmUqxT+yU5 QEgXjGj9g1LvydujhPfQ0O+t8D5h0guEbw4iHSHCAL7fYL0iK1ua3+52sQXbs79L vJu6+0DSqUdju5wlgta0kao= =z/ma -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjyRB0ACgkQmmx57+YA GNmszQ/7BEPFQZmUCW26t8krpaE4MBJpJNsXT3GG3CMK2fmu/rdUf2iB0cXbEi9S XYwNng5qYPw1BcqbJR4PbUDpOa6td5Byucq6h+A2dDnBqiguOwtC8rpi1kz2y6Gx N0laWR8UUYd7Oh9aFZheX0ye01GzHXsNYZTuCqSE1XIpzVLFJFYHYSVFE/YEhQ+5 YjDQebJVpgGlacdHZy/UywwPQqUiL67WrGFhwyvep1iAxQh8gltVPfBNqnD9QzdC zKIWL/XmlPHXxDsbB1ZvD8pYkPIZh3pqd+8kpkQzElEErJYLHpHTcHbNQxGzsUxC 9A5mlexBIQUg5hyFMzoulFwb44JCEa59SoSbXKDzbHZAkQwKPztg4TGTMdsbuXQv Lyr+3fJ1fO1O44OXFcLh6WpKmaFna9kyVcbsW9FSRU5RWYOerfBgyk6NlQ8vSn6U IDPXccpxbvG2jWMWdW/H5YtJ3WJjue5gm/wKN3K2Mzwimj57AHQEHvTxc9zzSYD4 A3yNdgcfwIipLVWFNqY+HDpKDzjaay0GEaGgNLEj/syuK0GfaRm9sKeS05B3weOb kipNi6jf/0ZEg3vl5tMBA687Y+cx0J4VuS5cCMwoExpl0RzZCriXA0uMfOE7ovdp b8134JCTLxhSdONUX2jK9mAXNOK0ovmwjuWqaVvlNb4w0YCQPAw= =G+xF -----END PGP SIGNATURE----- Merge tag 'tee-qcomtee-fixes-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into arm/fixes TEE QTEE fixes for v6.18 - Adds ARCH_QCOM dependency for the QTEE driver - Fixing return values for copy_from_user() failures - Guarding against potential off by one read * tag 'tee-qcomtee-fixes-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: QCOMTEE should depend on ARCH_QCOM tee: qcom: return -EFAULT instead of -EINVAL if copy_from_user() fails tee: qcom: prevent potential off by one read
2025-10-17 15:26:23 +02:00 · 2025-10-17 15:26:23 +02:00 · 1d4e7d9f6b
parent 3a86608788 3b63efa21b
commit 1d4e7d9f6b
3 changed files with 3 additions and 2 deletions
--- a/drivers/tee/qcomtee/Kconfig
+++ b/drivers/tee/qcomtee/Kconfig
@ -2,6 +2,7 @@
 # Qualcomm Trusted Execution Environment Configuration
 config QCOMTEE
 	tristate "Qualcomm TEE Support"
+	depends on ARCH_QCOM || COMPILE_TEST
 	depends on !CPU_BIG_ENDIAN
 	select QCOM_SCM
 	select QCOM_TZMEM_MODE_SHMBRIDGE
--- a/drivers/tee/qcomtee/call.c
+++ b/drivers/tee/qcomtee/call.c
@ -308,7 +308,7 @@ static int qcomtee_params_from_args(struct tee_param *params,
 	}

 	/* Release any IO and OO objects not processed. */
-	for (; u[i].type && i < num_params; i++) {
+	for (; i < num_params && u[i].type; i++) {
 		if (u[i].type == QCOMTEE_ARG_TYPE_OO ||
 		    u[i].type == QCOMTEE_ARG_TYPE_IO)
 			qcomtee_object_put(u[i].o);
--- a/drivers/tee/qcomtee/core.c
+++ b/drivers/tee/qcomtee/core.c
@ -424,7 +424,7 @@ static int qcomtee_prepare_msg(struct qcomtee_object_invoke_ctx *oic,
 		if (!(u[i].flags & QCOMTEE_ARG_FLAGS_UADDR))
 			memcpy(msgptr, u[i].b.addr, u[i].b.size);
 		else if (copy_from_user(msgptr, u[i].b.uaddr, u[i].b.size))
-			return -EINVAL;
+			return -EFAULT;

 		offset += qcomtee_msg_offset_align(u[i].b.size);
 		ib++;