diff options
author | Ji Soo Shin <jisshin@google.com> | 2023-05-30 11:30:40 +0000 |
---|---|---|
committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2023-05-30 11:30:40 +0000 |
commit | 489e353f508a4ea20672baded8848506561c9abd (patch) | |
tree | cb8e73520e93e7f80844850a14485a0111cf0919 | |
parent | e36e7c703be8ad3c6b15d3527fc885b79d1ca7a3 (diff) | |
parent | 79cb12364033e84d0d4bd8862b29e25294fe5a38 (diff) | |
download | trusty-489e353f508a4ea20672baded8848506561c9abd.tar.gz |
Merge changes from topic "trusty-cyclic" into android14-gs-pixel-5.15
* changes:
ANDROID: trusty-ipc: correct data_source flag of struct iov_iter in filp_send_ioctl()
ANDROID: trusty: fix use-after-free
ANDROID: trusty: remove cyclic dependency
-rw-r--r-- | drivers/trusty/trusty-ipc-trace.h | 9 | ||||
-rw-r--r-- | drivers/trusty/trusty-ipc.c | 34 | ||||
-rw-r--r-- | include/linux/trusty/trusty.h | 39 |
3 files changed, 41 insertions, 41 deletions
diff --git a/drivers/trusty/trusty-ipc-trace.h b/drivers/trusty/trusty-ipc-trace.h index 9f193e2..60d6338 100644 --- a/drivers/trusty/trusty-ipc-trace.h +++ b/drivers/trusty/trusty-ipc-trace.h @@ -176,8 +176,9 @@ TRACE_EVENT(trusty_ipc_read, TRACE_EVENT(trusty_ipc_read_end, TP_PROTO(struct tipc_chan *chan, int len_or_err, - struct tipc_msg_buf *rxbuf), - TP_ARGS(chan, len_or_err, rxbuf), + trusty_shared_mem_id_t buf_id, + size_t shm_cnt), + TP_ARGS(chan, len_or_err, buf_id, shm_cnt), TP_STRUCT__entry( __field(int, len_or_err) __field(u32, chan) @@ -189,8 +190,8 @@ TRACE_EVENT(trusty_ipc_read_end, __entry->len_or_err = len_or_err; __entry->chan = chan ? chan->local : ~0U; memcpy(__entry->srv_name, chan ? chan->srv_name : "", MAX_SRV_NAME_LEN); - __entry->buf_id = rxbuf ? rxbuf->buf_id : ~0ULL; - __entry->shm_cnt = rxbuf ? rxbuf->shm_cnt : 0; + __entry->buf_id = buf_id; + __entry->shm_cnt = shm_cnt; ), TP_printk("len_or_err=%d chan=%u srv_name=%s buf_id=0x%llx shm_cnt=%zu", __entry->len_or_err, __entry->chan, __entry->srv_name, diff --git a/drivers/trusty/trusty-ipc.c b/drivers/trusty/trusty-ipc.c index af0deda..3a54663 100644 --- a/drivers/trusty/trusty-ipc.c +++ b/drivers/trusty/trusty-ipc.c @@ -185,6 +185,22 @@ static struct virtio_device *default_vdev; static DEFINE_IDR(tipc_devices); static DEFINE_MUTEX(tipc_devices_lock); +static u64 (*dma_buf_get_ffa_tag)(struct dma_buf *dma_buf) = NULL; +static int (*dma_buf_get_shared_mem_id)(struct dma_buf *dma_buf, + trusty_shared_mem_id_t *id) = NULL; + +static inline u64 trusty_dma_buf_get_ffa_tag(struct dma_buf *dma_buf) +{ + return dma_buf_get_ffa_tag ? dma_buf_get_ffa_tag(dma_buf) : 0; +} + +static int trusty_dma_buf_get_shared_mem_id(struct dma_buf *dma_buf, + trusty_shared_mem_id_t *id) +{ + return dma_buf_get_shared_mem_id ? + dma_buf_get_shared_mem_id(dma_buf, id) : -ENODATA; +} + static int _match_any(int id, void *p, void *data) { return id; @@ -1360,7 +1376,7 @@ static long filp_send_ioctl(struct file *filp, goto load_shm_args_failed; } - ret = import_iovec(READ, u64_to_user_ptr(req.iov), req.iov_cnt, + ret = import_iovec(WRITE, u64_to_user_ptr(req.iov), req.iov_cnt, ARRAY_SIZE(fast_iovs), &iov, &iter); if (ret < 0) { dev_dbg(dev, "Failed to import iovec\n"); @@ -1505,6 +1521,8 @@ static ssize_t tipc_read_iter(struct kiocb *iocb, struct iov_iter *iter) { ssize_t ret; size_t len; + trusty_shared_mem_id_t buf_id = ~0ULL; + size_t shm_cnt = 0; struct tipc_msg_buf *mb = NULL; struct file *filp = iocb->ki_filp; struct tipc_dn_chan *dn = filp->private_data; @@ -1539,6 +1557,8 @@ static ssize_t tipc_read_iter(struct kiocb *iocb, struct iov_iter *iter) mb = list_first_entry(&dn->rx_msg_queue, struct tipc_msg_buf, node); + buf_id = mb->buf_id; + shm_cnt = mb->shm_cnt; len = mb_avail_data(mb); if (len > iov_iter_count(iter)) { ret = -EMSGSIZE; @@ -1555,7 +1575,7 @@ static ssize_t tipc_read_iter(struct kiocb *iocb, struct iov_iter *iter) tipc_chan_put_rxbuf(dn->chan, mb); out: - trace_trusty_ipc_read_end(dn->chan, ret, mb); + trace_trusty_ipc_read_end(dn->chan, ret, buf_id, shm_cnt); mutex_unlock(&dn->lock); return ret; } @@ -2282,6 +2302,16 @@ static void __exit tipc_exit(void) unregister_chrdev_region(MKDEV(tipc_major, 0), MAX_DEVICES); } +void trusty_register_func_for_dma_buf( + u64 (*get_ffa_tag)(struct dma_buf *dma_buf), + int (*get_shared_mem_id)(struct dma_buf *dma_buf, + trusty_shared_mem_id_t *id)) +{ + dma_buf_get_ffa_tag = get_ffa_tag; + dma_buf_get_shared_mem_id = get_shared_mem_id; +} +EXPORT_SYMBOL_GPL(trusty_register_func_for_dma_buf); + /* We need to init this early */ subsys_initcall(tipc_init); module_exit(tipc_exit); diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 751e5c7..41680f9 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -83,41 +83,10 @@ int trusty_reclaim_memory(struct device *dev, trusty_shared_mem_id_t id, struct scatterlist *sglist, unsigned int nents); struct dma_buf; -#ifdef CONFIG_TRUSTY_DMA_BUF_FFA_TAG -u64 trusty_dma_buf_get_ffa_tag(struct dma_buf *dma_buf); -#else -static inline u64 trusty_dma_buf_get_ffa_tag(struct dma_buf *dma_buf) -{ - return 0; -} -#endif - -/* Invalid handle value is defined by FF-A spec */ -#ifdef CONFIG_TRUSTY_DMA_BUF_SHARED_MEM_ID -/** - * trusty_dma_buf_get_shared_mem_id() - Get memory ID corresponding to a dma_buf - * @dma_buf: DMA buffer - * @id: Pointer to output trusty_shared_mem_id_t - * - * Sets @id to trusty_shared_mem_id_t corresponding to the given @dma_buf. - * @dma_buf "owns" the ID, i.e. is responsible for allocating/releasing it. - * @dma_buf with an allocated @id must be in secure memory and should only be - * sent to Trusty using TRUSTY_SEND_SECURE. - * - * Return: - * * 0 - success - * * -ENODATA - @dma_buf does not own a trusty_shared_mem_id_t - * * ... - @dma_buf should not be lent or shared - */ -int trusty_dma_buf_get_shared_mem_id(struct dma_buf *dma_buf, - trusty_shared_mem_id_t *id); -#else -static inline int trusty_dma_buf_get_shared_mem_id(struct dma_buf *dma_buf, - trusty_shared_mem_id_t *id) -{ - return -ENODATA; -} -#endif +void trusty_register_func_for_dma_buf( + u64 (*get_ffa_tag)(struct dma_buf *dma_buf), + int (*get_shared_mem_id)(struct dma_buf *dma_buf, + trusty_shared_mem_id_t *id)); struct trusty_nop { struct list_head node; |