linux.git/drivers/tee, branch master Linux kernel source tree tee: shm: Remove refcounting of kernel pages 2026-03-03T08:03:04+00:00 Matthew Wilcox willy@infradead.org 2026-02-20T08:49:59+00:00 08d9a4580f71120be3c5b221af32dca00a48ceb0 Earlier TEE subsystem assumed to refcount all the memory pages to be shared with TEE implementation to be refcounted. However, the slab allocations within the kernel don't allow refcounting kernel pages. It is rather better to trust the kernel clients to not free pages while being shared with TEE implementation. Hence, remove refcounting of kernel pages from register_shm_helper() API. Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page") Reported-by: Marco Felsch <m.felsch@pengutronix.de> Reported-by: Sven Püschel <s.pueschel@pengutronix.de> Signed-off-by: Matthew Wilcox <willy@infradead.org> Co-developed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Tested-by: Sven Püschel <s.pueschel@pengutronix.de> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Earlier TEE subsystem assumed to refcount all the memory pages to be
shared with TEE implementation to be refcounted. However, the slab
allocations within the kernel don't allow refcounting kernel pages.

It is rather better to trust the kernel clients to not free pages while
being shared with TEE implementation. Hence, remove refcounting of kernel
pages from register_shm_helper() API.

Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page")
Reported-by: Marco Felsch <m.felsch@pengutronix.de>
Reported-by: Sven Püschel <s.pueschel@pengutronix.de>
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Co-developed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Sven Püschel <s.pueschel@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22T16:26:33+00:00 Kees Cook kees@kernel.org 2026-02-22T07:46:04+00:00 189f164e573e18d9f8876dbd3ad8fcbe11f93037 Conversion performed via this Coccinelle script: // SPDX-License-Identifier: GPL-2.0-only // Options: --include-headers-for-types --all-includes --include-headers --keep-comments virtual patch @gfp depends on patch && !(file in "tools") && !(file in "samples")@ identifier ALLOC = {kmalloc_obj,kmalloc_objs,kmalloc_flex, kzalloc_obj,kzalloc_objs,kzalloc_flex, kvmalloc_obj,kvmalloc_objs,kvmalloc_flex, kvzalloc_obj,kvzalloc_objs,kvzalloc_flex}; @@ ALLOC(... - , GFP_KERNEL ) $ make coccicheck MODE=patch COCCI=gfp.cocci Build and boot tested x86_64 with Fedora 42's GCC and Clang: Linux version 6.19.0+ (user@host) (gcc (GCC) 15.2.1 20260123 (Red Hat 15.2.1-7), GNU ld version 2.44-12.fc42) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Linux version 6.19.0+ (user@host) (clang version 20.1.8 (Fedora 20.1.8-4.fc42), LLD 20.1.8) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Signed-off-by: Kees Cook <kees@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Conversion performed via this Coccinelle script:

  // SPDX-License-Identifier: GPL-2.0-only
  // Options: --include-headers-for-types --all-includes --include-headers --keep-comments
  virtual patch

  @gfp depends on patch && !(file in "tools") && !(file in "samples")@
  identifier ALLOC = {kmalloc_obj,kmalloc_objs,kmalloc_flex,
 		    kzalloc_obj,kzalloc_objs,kzalloc_flex,
		    kvmalloc_obj,kvmalloc_objs,kvmalloc_flex,
		    kvzalloc_obj,kvzalloc_objs,kvzalloc_flex};
  @@

  	ALLOC(...
  -		, GFP_KERNEL
  	)

  $ make coccicheck MODE=patch COCCI=gfp.cocci

Build and boot tested x86_64 with Fedora 42's GCC and Clang:

Linux version 6.19.0+ (user@host) (gcc (GCC) 15.2.1 20260123 (Red Hat 15.2.1-7), GNU ld version 2.44-12.fc42) #1 SMP PREEMPT_DYNAMIC 1970-01-01
Linux version 6.19.0+ (user@host) (clang version 20.1.8 (Fedora 20.1.8-4.fc42), LLD 20.1.8) #1 SMP PREEMPT_DYNAMIC 1970-01-01

Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-22T04:03:00+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T04:03:00+00:00 32a92f8c89326985e05dce8b22d3f0aa07a3e1bd This converts some of the visually simpler cases that have been split over multiple lines. I only did the ones that are easy to verify the resulting diff by having just that final GFP_KERNEL argument on the next line. Somebody should probably do a proper coccinelle script for this, but for me the trivial script actually resulted in an assertion failure in the middle of the script. I probably had made it a bit _too_ trivial. So after fighting that far a while I decided to just do some of the syntactically simpler cases with variations of the previous 'sed' scripts. The more syntactically complex multi-line cases would mostly really want whitespace cleanup anyway. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This converts some of the visually simpler cases that have been split
over multiple lines.  I only did the ones that are easy to verify the
resulting diff by having just that final GFP_KERNEL argument on the next
line.

Somebody should probably do a proper coccinelle script for this, but for
me the trivial script actually resulted in an assertion failure in the
middle of the script.  I probably had made it a bit _too_ trivial.

So after fighting that far a while I decided to just do some of the
syntactically simpler cases with variations of the previous 'sed'
scripts.

The more syntactically complex multi-line cases would mostly really want
whitespace cleanup anyway.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This was done entirely with mindless brute force, using

    git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' |
        xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/'

to convert the new alloc_obj() users that had a simple GFP_KERNEL
argument to just drop that argument.

Note that due to the extreme simplicity of the scripting, any slightly
more complex cases spread over multiple lines would not be triggered:
they definitely exist, but this covers the vast bulk of the cases, and
the resulting diff is also then easier to check automatically.

For the same reason the 'flex' versions will be done as a separate
conversion.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:

Single allocations:	kmalloc(sizeof(TYPE), ...)
are replaced with:	kmalloc_obj(TYPE, ...)

Array allocations:	kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with:	kmalloc_objs(TYPE, COUNT, ...)

Flex array allocations:	kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with:	kmalloc_flex(*PTR, FAM, COUNT, ...)

(where TYPE may also be *VAR)

The resulting allocations no longer return "void *", instead returning
"TYPE *".

Signed-off-by: Kees Cook <kees@kernel.org>
Merge tag 'tee-sysfs-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers 2026-01-21T15:30:52+00:00 Arnd Bergmann arnd@arndb.de 2026-01-21T15:30:51+00:00 ee5dde7ed6ab1b7efc26e3bdd534554d2242a14d TEE sysfs for 6.20 - Add an optional generic sysfs attribute for TEE revision - Implement revision reporting for OP-TEE using both SMC and FF-A ABIs * tag 'tee-sysfs-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: optee: store OS revision for TEE core tee: add revision sysfs attribute Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
TEE sysfs for 6.20

- Add an optional generic sysfs attribute for TEE revision
- Implement revision reporting for OP-TEE using both SMC and FF-A ABIs

* tag 'tee-sysfs-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  tee: optee: store OS revision for TEE core
  tee: add revision sysfs attribute

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Merge tag 'amdtee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers 2026-01-21T15:29:54+00:00 Arnd Bergmann arnd@arndb.de 2026-01-21T15:29:53+00:00 4b45c2f3f88c1be871f6e74efcf1606e476e0f0b AMDTEE update for 6.20 Remove unused return variables * tag 'amdtee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: amdtee: Remove unused return variables Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
AMDTEE update for 6.20

Remove unused return variables

* tag 'amdtee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  tee: amdtee: Remove unused return variables

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Merge tag 'tee-bus-callback-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers 2026-01-21T15:28:23+00:00 Arnd Bergmann arnd@arndb.de 2026-01-21T15:28:23+00:00 e6bea2f5534d5c68ea48f840ef84296062961ede TEE bus callback for 6.20 - Move from generic device_driver to TEE bus-specific callbacks - Add module_tee_client_driver() and registration helpers to reduce boilerplate - Convert several client drivers (TPM, KEYS, firmware, EFI, hwrng, and RTC) - Update documentation and fix kernel-doc warnings * tag 'tee-bus-callback-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tpm/tpm_ftpm_tee: Fix kdoc after function renames tpm/tpm_ftpm_tee: Make use of tee bus methods tpm/tpm_ftpm_tee: Make use of tee specific driver registration KEYS: trusted: Make use of tee bus methods KEYS: trusted: Migrate to use tee specific driver registration function firmware: tee_bnxt: Make use of tee bus methods firmware: tee_bnxt: Make use of module_tee_client_driver() firmware: arm_scmi: Make use of tee bus methods firmware: arm_scmi: optee: Make use of module_tee_client_driver() efi: stmm: Make use of tee bus methods efi: stmm: Make use of module_tee_client_driver() hwrng: optee - Make use of tee bus methods hwrng: optee - Make use of module_tee_client_driver() rtc: optee: Make use of tee bus methods rtc: optee: Migrate to use tee specific driver registration function tee: Adapt documentation to cover recent additions tee: Add probe, remove and shutdown bus callbacks to tee_client_driver tee: Add some helpers to reduce boilerplate for tee client drivers Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
TEE bus callback for 6.20

- Move from generic device_driver to TEE bus-specific callbacks
- Add module_tee_client_driver() and registration helpers to reduce
  boilerplate
- Convert several client drivers (TPM, KEYS, firmware, EFI, hwrng,
  and RTC)
- Update documentation and fix kernel-doc warnings

* tag 'tee-bus-callback-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  tpm/tpm_ftpm_tee: Fix kdoc after function renames
  tpm/tpm_ftpm_tee: Make use of tee bus methods
  tpm/tpm_ftpm_tee: Make use of tee specific driver registration
  KEYS: trusted: Make use of tee bus methods
  KEYS: trusted: Migrate to use tee specific driver registration function
  firmware: tee_bnxt: Make use of tee bus methods
  firmware: tee_bnxt: Make use of module_tee_client_driver()
  firmware: arm_scmi: Make use of tee bus methods
  firmware: arm_scmi: optee: Make use of module_tee_client_driver()
  efi: stmm: Make use of tee bus methods
  efi: stmm: Make use of module_tee_client_driver()
  hwrng: optee - Make use of tee bus methods
  hwrng: optee - Make use of module_tee_client_driver()
  rtc: optee: Make use of tee bus methods
  rtc: optee: Migrate to use tee specific driver registration function
  tee: Adapt documentation to cover recent additions
  tee: Add probe, remove and shutdown bus callbacks to tee_client_driver
  tee: Add some helpers to reduce boilerplate for tee client drivers

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Merge tag 'optee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers 2026-01-21T15:27:27+00:00 Arnd Bergmann arnd@arndb.de 2026-01-21T15:27:26+00:00 08b67ff20fc6f1f9955ac71f790147e3a6bb4c07 OP-TEE update for 6.20 - A micro optimization by making a local array static const - Update OP-TEE mailing list as moderated - Update an outdated comment for cmd_alloc_suppl() * tag 'optee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: optee: make read-only array attr static const MAINTAINERS: Mark the OP-TEE mailing list moderated optee: update outdated comment Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
OP-TEE update for 6.20

- A micro optimization by making a local array static const
- Update OP-TEE mailing list as moderated
- Update an outdated comment for cmd_alloc_suppl()

* tag 'optee-update-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  optee: make read-only array attr static const
  MAINTAINERS: Mark the OP-TEE mailing list moderated
  optee: update outdated comment

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
optee: make read-only array attr static const 2026-01-16T09:35:05+00:00 Colin Ian King coking@nvidia.com 2026-01-09T15:44:42+00:00 94ea7063fae835e800768d3b0507f0994ef03878 Don't populate the read-only array attr on the stack at run time, instead make it static const. Signed-off-by: Colin Ian King <coking@nvidia.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Don't populate the read-only array attr on the stack at run
time, instead make it static const.

Signed-off-by: Colin Ian King <coking@nvidia.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>