linux.git/drivers/tee, branch v6.16-rc2 Linux kernel source tree Merge tag 'tee-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers 2025-05-10T09:09:49+00:00 Arnd Bergmann arnd@arndb.de 2025-05-10T09:09:43+00:00 9477c3e68e0ada4655939b4d49fa79377f0882f3 Small TEE updates for v6.16 - Remove an unnecessary NULL check before release_firmware() in the OP-TEE driver - Prevent a size wrap in the TEE subsystem. The wrap would have been caught later in the code so no security consequences. * tag 'tee-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: Prevent size calculation wraparound on 32-bit kernels tee: optee: smc: remove unnecessary NULL check before release_firmware() Link: https://lore.kernel.org/r/20250509065114.GA4188600@rayden Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
Small TEE updates for v6.16

- Remove an unnecessary NULL check before release_firmware() in the
  OP-TEE driver
- Prevent a size wrap in the TEE subsystem. The wrap would have been caught
  later in the code so no security consequences.

* tag 'tee-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  tee: Prevent size calculation wraparound on 32-bit kernels
  tee: optee: smc: remove unnecessary NULL check before release_firmware()

Link: https://lore.kernel.org/r/20250509065114.GA4188600@rayden
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
tee: Prevent size calculation wraparound on 32-bit kernels 2025-04-30T12:57:03+00:00 Jann Horn jannh@google.com 2025-04-28T13:06:43+00:00 39bb67edcc582b3b386a9ec983da67fa8a10ec03 The current code around TEE_IOCTL_PARAM_SIZE() is a bit wrong on 32-bit kernels: Multiplying a user-provided 32-bit value with the size of a structure can wrap around on such platforms. Fix it by using saturating arithmetic for the size calculation. This has no security consequences because, in all users of TEE_IOCTL_PARAM_SIZE(), the subsequent kcalloc() implicitly checks for wrapping. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Rouven Czerwinski <rouven.czerwinski@linaro.org> 
The current code around TEE_IOCTL_PARAM_SIZE() is a bit wrong on
32-bit kernels: Multiplying a user-provided 32-bit value with the
size of a structure can wrap around on such platforms.

Fix it by using saturating arithmetic for the size calculation.

This has no security consequences because, in all users of
TEE_IOCTL_PARAM_SIZE(), the subsequent kcalloc() implicitly checks
for wrapping.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
amdtee: Sort header includes 2025-04-29T08:57:57+00:00 Mario Limonciello mario.limonciello@amd.com 2025-04-21T15:22:23+00:00 136deca59b1613c22aebfb0c8508dd02363c7142 Various headers have been added over time that are not added alphabetically and a private header is used before one of the linux/ headers. Resort the list. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Various headers have been added over time that are not added alphabetically
and a private header is used before one of the linux/ headers.

Resort the list.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
amdtee: Use pr_fmt for messages 2025-04-29T08:57:40+00:00 Mario Limonciello mario.limonciello@amd.com 2025-04-21T15:22:22+00:00 7b0323666b260faef6db1a9fbe9bcce0c9bd750f amd-tee inconsistently uses the word amd-tee in error messages. Add a `pr_fmt()` define and remove the hardcoded use of amd-tee. Also, remove the unnecessary driver init successful message because there will be a message if failed and a user can assume it was successful otherwise. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
amd-tee inconsistently uses the word amd-tee in error messages.

Add a `pr_fmt()` define and remove the hardcoded use of amd-tee.
Also, remove the unnecessary driver init successful message because
there will be a message if failed and a user can assume it was successful
otherwise.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: optee: smc: remove unnecessary NULL check before release_firmware() 2025-04-25T12:43:42+00:00 Chen Ni nichen@iscas.ac.cn 2025-04-10T07:56:35+00:00 26104d81567376b2038c4f52c90d849ee32639a9 release_firmware() checks for NULL pointers internally. Remove unneeded NULL check for fmw here. Signed-off-by: Chen Ni <nichen@iscas.ac.cn> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
release_firmware() checks for NULL pointers internally.
Remove unneeded NULL check for fmw here.

Signed-off-by: Chen Ni <nichen@iscas.ac.cn>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: optee: Fix supplicant wait loop 2025-02-14T14:17:34+00:00 Sumit Garg sumit.garg@linaro.org 2025-02-04T07:34:18+00:00 70b0d6b0a199c5a3ee6c72f5e61681ed6f759612 OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application. Allow the client process waiting in kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. Also, a normal uninterruptible wait should not have resulted in the hung-task watchdog getting triggered, but the endless loop would. This fixes issues observed during system reboot/shutdown when supplicant got hung for some reason or gets crashed/killed which lead to client getting hung in an unkillable state. It in turn lead to system being in hung up state requiring hard power off/on to recover. Fixes: 4fb0a5eb364d ("tee: add OP-TEE driver") Suggested-by: Arnd Bergmann <arnd@arndb.de> Cc: stable@vger.kernel.org Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
OP-TEE supplicant is a user-space daemon and it's possible for it
be hung or crashed or killed in the middle of processing an OP-TEE
RPC call. It becomes more complicated when there is incorrect shutdown
ordering of the supplicant process vs the OP-TEE client application which
can eventually lead to system hang-up waiting for the closure of the
client application.

Allow the client process waiting in kernel for supplicant response to
be killed rather than indefinitely waiting in an unkillable state. Also,
a normal uninterruptible wait should not have resulted in the hung-task
watchdog getting triggered, but the endless loop would.

This fixes issues observed during system reboot/shutdown when supplicant
got hung for some reason or gets crashed/killed which lead to client
getting hung in an unkillable state. It in turn lead to system being in
hung up state requiring hard power off/on to recover.

Fixes: 4fb0a5eb364d ("tee: add OP-TEE driver")
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
optee: fix format string for printing optee build_id 2024-12-17T10:22:46+00:00 Sahil Malhotra sahil.malhotra@nxp.com 2024-11-29T11:46:48+00:00 1ff7d092dce0b2273dce4b8d33fa5856679dd25b There has been a recent change in OP-TEE to print 8 and 16 character commit id for 32bit and 64bit architecture respectively. In case if commit id is starting with 0 like 04d1c612ec7beaede073b8c it is printing revision as below removing leading 0 "optee: revision 4.4 (4d1c612ec7beaed)" Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Link: https://lore.kernel.org/r/20241129114648.3048941-1-sahil.malhotra@nxp.com Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
There has been a recent change in OP-TEE to print 8 and 16 character
commit id for 32bit and 64bit architecture respectively.
In case if commit id is starting with 0 like 04d1c612ec7beaede073b8c
it is printing revision as below removing leading 0
"optee: revision 4.4 (4d1c612ec7beaed)"

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lore.kernel.org/r/20241129114648.3048941-1-sahil.malhotra@nxp.com
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Get rid of 'remove_new' relic from platform driver struct 2024-12-01T23:12:43+00:00 Linus Torvalds torvalds@linux-foundation.org 2024-12-01T23:12:43+00:00 e70140ba0d2b1a30467d4af6bcfe761327b9ec95 The continual trickle of small conversion patches is grating on me, and is really not helping. Just get rid of the 'remove_new' member function, which is just an alias for the plain 'remove', and had a comment to that effect: /* * .remove_new() is a relic from a prototype conversion of .remove(). * New drivers are supposed to implement .remove(). Once all drivers are * converted to not use .remove_new any more, it will be dropped. */ This was just a tree-wide 'sed' script that replaced '.remove_new' with '.remove', with some care taken to turn a subsequent tab into two tabs to make things line up. I did do some minimal manual whitespace adjustment for places that used spaces to line things up. Then I just removed the old (sic) .remove_new member function, and this is the end result. No more unnecessary conversion noise. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The continual trickle of small conversion patches is grating on me, and
is really not helping.  Just get rid of the 'remove_new' member
function, which is just an alias for the plain 'remove', and had a
comment to that effect:

  /*
   * .remove_new() is a relic from a prototype conversion of .remove().
   * New drivers are supposed to implement .remove(). Once all drivers are
   * converted to not use .remove_new any more, it will be dropped.
   */

This was just a tree-wide 'sed' script that replaced '.remove_new' with
'.remove', with some care taken to turn a subsequent tab into two tabs
to make things line up.

I did do some minimal manual whitespace adjustment for places that used
spaces to line things up.

Then I just removed the old (sic) .remove_new member function, and this
is the end result.  No more unnecessary conversion noise.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
optee: Fix a NULL vs IS_ERR() check 2024-09-09T10:22:06+00:00 Dan Carpenter dan.carpenter@linaro.org 2024-09-05T13:17:06+00:00 73048a832587520c6222bacbe1bc7121409d8861 The tee_shm_get_va() function never returns NULL, it returns error pointers. Update the check to match. Fixes: f0c8431568ee ("optee: probe RPMB device using RPMB subsystem") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Link: https://lore.kernel.org/r/f8c12aed-b5d1-4522-bf95-622b8569706d@stanley.mountain Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> 
The tee_shm_get_va() function never returns NULL, it returns error
pointers.  Update the check to match.

Fixes: f0c8431568ee ("optee: probe RPMB device using RPMB subsystem")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Link: https://lore.kernel.org/r/f8c12aed-b5d1-4522-bf95-622b8569706d@stanley.mountain
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
optee: add RPMB dependency 2024-09-03T12:34:45+00:00 Jens Wiklander jens.wiklander@linaro.org 2024-09-02T15:12:31+00:00 edd3183c5c5f9fe7aede49a41678556bc8bf618f Prevent build error when CONFIG_RPMB=m and CONFIG_OPTEE=y by adding a dependency to CONFIG_RPMB for CONFIG_OPTEE so the RPMB subsystem always is reachable if configured. This means that CONFIG_OPTEE automatically becomes compiled as a module if CONFIG_RPMB is compiled as a module. If CONFIG_RPMB isn't configured or is configured as built-in, CONFIG_OPTEE will remain unchanged. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202409021448.RSvcBPzt-lkp@intel.com/ Fixes: f0c8431568ee ("optee: probe RPMB device using RPMB subsystem") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Link: https://lore.kernel.org/r/20240902151231.3705204-2-jens.wiklander@linaro.org Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> 
Prevent build error when CONFIG_RPMB=m and CONFIG_OPTEE=y by adding a
dependency to CONFIG_RPMB for CONFIG_OPTEE so the RPMB subsystem always
is reachable if configured. This means that CONFIG_OPTEE automatically
becomes compiled as a module if CONFIG_RPMB is compiled as a module. If
CONFIG_RPMB isn't configured or is configured as built-in, CONFIG_OPTEE
will remain unchanged.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202409021448.RSvcBPzt-lkp@intel.com/
Fixes: f0c8431568ee ("optee: probe RPMB device using RPMB subsystem")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Link: https://lore.kernel.org/r/20240902151231.3705204-2-jens.wiklander@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>