user/sven/linux.git/drivers/tee, branch v6.7.9

Merge tag 'optee-supplicant-fix-for-v6.7' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/fixes

2023-12-06T15:15:26Z

OP-TEE fix for supplicant based device enumeration Adds a sysfs attribute for devices depending on supplicant services so that the user-space service can detect and detach those devices before closing the supplicant * tag 'optee-supplicant-fix-for-v6.7' of git://git.linaro.org:/people/jens.wiklander/linux-tee: tee: optee: Fix supplicant based device enumeration Link: https://lore.kernel.org/r/20231114153113.GA1310615@rayden Signed-off-by: Arnd Bergmann

tee: optee: Fix supplicant based device enumeration

2023-11-03T08:27:20Z

Currently supplicant dependent optee device enumeration only registers devices whenever tee-supplicant is invoked for the first time. But it forgets to remove devices when tee-supplicant daemon stops running and closes its context gracefully. This leads to following error for fTPM driver during reboot/shutdown: [ 73.466791] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024 Fix this by adding an attribute for supplicant dependent devices so that the user-space service can detect and detach supplicant devices before closing the supplicant: $ for dev in /sys/bus/tee/devices/*; do if [[ -f "$dev/need_supplicant" && -f "$dev/driver/unbind" ]]; \ then echo $(basename "$dev") > $dev/driver/unbind; fi done Reported-by: Jan Kiszka Closes: https://github.com/OP-TEE/optee_os/issues/6094 Fixes: 5f178bb71e3a ("optee: enable support for multi-stage bus enumeration") Signed-off-by: Sumit Garg Reviewed-by: Ilias Apalodimas Acked-by: Jerome Forissier [jw: fixed up Date documentation] Signed-off-by: Jens Wiklander

tee: make tee_class constant

2023-10-18T08:01:34Z

Now that the driver core allows for struct class to be in read-only memory, we should make all 'class' structures declared at build time placing them into read-only memory, instead of having to be dynamically allocated at runtime. Cc: Jens Wiklander Reviewed-by: Sumit Garg Link: https://lore.kernel.org/r/2023100613-lustiness-affiliate-7dcb@gregkh Signed-off-by: Greg Kroah-Hartman

Merge tag 'soc-fixes-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2023-10-12T18:52:23Z

Pull ARM SoC fixes from Arnd Bergmann: "AngeloGioacchino Del Regno is stepping in as co-maintainer for the MediaTek SoC platform and starts by sending some dts fixes for the mt8195 platform that had been pending for a while. On the ixp4xx platform, Krzysztof Halasa steps down as co-maintainer, reflecting that Linus Walleij has been handling this on his own for the past few years. Generic RISC-V kernels are now marked as incompatible with the RZ/Five platform that requires custom hacks both for managing its DMA bounce buffers and for addressing low virtual memory. Finally, there is one bugfix for the AMDTEE firmware driver to prevent a use-after-free bug" * tag 'soc-fixes-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: IXP4xx MAINTAINERS entries arm64: dts: mediatek: mt8195: Set DSU PMU status to fail arm64: dts: mediatek: fix t-phy unit name arm64: dts: mediatek: mt8195-demo: update and reorder reserved memory regions arm64: dts: mediatek: mt8195-demo: fix the memory size to 8GB MAINTAINERS: Add Angelo as MediaTek SoC co-maintainer soc: renesas: Make ARCH_R9A07G043 (riscv version) depend on NONPORTABLE tee: amdtee: fix use-after-free vulnerability in amdtee_close_session

tee: amdtee: fix use-after-free vulnerability in amdtee_close_session

2023-10-03T17:13:53Z

There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in another thread, amdtee_open_session() is called before destroy_session() has completed execution, alloc_session() may return 'sess' that will be freed up later in destroy_session() leading to use-after-free in amdtee_open_session. To fix this issue, treat decrement of sess->refcount and removal of 'sess' from session list in destroy_session() as a critical section, so that it is executed atomically. Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Cc: stable@vger.kernel.org Signed-off-by: Rijo Thomas Reviewed-by: Sumit Garg Signed-off-by: Jens Wiklander

tee: Remove unused declarations

2023-09-13T06:16:24Z

Commit 4fb0a5eb364d ("tee: add OP-TEE driver") declared but never implemented optee_supp_read()/optee_supp_write(). Commit 967c9cca2cc5 ("tee: generic TEE subsystem") never implemented tee_shm_init(). Signed-off-by: Yue Haibing Reviewed-by: Sumit Garg Signed-off-by: Jens Wiklander

Merge tag 'soc-drivers-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2023-06-29T22:22:19Z

Pull ARM SoC driver updates from Arnd Bergmann: "Nothing surprising in the SoC specific drivers, with the usual updates: - Added or improved SoC driver support for Tegra234, Exynos4121, RK3588, as well as multiple Mediatek and Qualcomm chips - SCMI firmware gains support for multiple SMC/HVC transport and version 3.2 of the protocol - Cleanups amd minor changes for the reset controller, memory controller, firmware and sram drivers - Minor changes to amd/xilinx, samsung, tegra, nxp, ti, qualcomm, amlogic and renesas SoC specific drivers" * tag 'soc-drivers-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (118 commits) dt-bindings: interrupt-controller: Convert Amlogic Meson GPIO interrupt controller binding MAINTAINERS: add PHY-related files to Amlogic SoC file list drivers: meson: secure-pwrc: always enable DMA domain tee: optee: Use kmemdup() to replace kmalloc + memcpy soc: qcom: geni-se: Do not bother about enable/disable of interrupts in secondary sequencer dt-bindings: sram: qcom,imem: document qdu1000 soc: qcom: icc-bwmon: Fix MSM8998 count unit dt-bindings: soc: qcom,rpmh-rsc: Require power-domains soc: qcom: socinfo: Add Soc ID for IPQ5300 dt-bindings: arm: qcom,ids: add SoC ID for IPQ5300 soc: qcom: Fix a IS_ERR() vs NULL bug in probe soc: qcom: socinfo: Add support for new fields in revision 19 soc: qcom: socinfo: Add support for new fields in revision 18 dt-bindings: firmware: scm: Add compatible for SDX75 soc: qcom: mdt_loader: Fix split image detection dt-bindings: memory-controllers: drop unneeded quotes soc: rockchip: dtpm: use C99 array init syntax firmware: tegra: bpmp: Add support for DRAM MRQ GSCs soc/tegra: pmc: Use devm_clk_notifier_register() soc/tegra: pmc: Simplify debugfs initialization ...

tee: optee: Use kmemdup() to replace kmalloc + memcpy

2023-06-15T06:49:55Z

Use kmemdup rather than duplicating its implementation. ./drivers/tee/optee/smc_abi.c:1542:12-19: WARNING opportunity for kmemdup. Reported-by: Abaci Robot Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=5480 Signed-off-by: Jiapeng Chong Reviewed-by: Sumit Garg Signed-off-by: Jens Wiklander

Merge tag 'amdtee-fix-for-v6.5' of https://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

2023-06-07T10:58:22Z

AMDTEE add return origin to load TA command * tag 'amdtee-fix-for-v6.5' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta' Link: https://lore.kernel.org/r/20230606075843.GA2792442@rayden Signed-off-by: Arnd Bergmann

Merge tag 'optee-async-notif-fix-for-v6.3' of https://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

2023-05-25T15:16:52Z

Fixes an uninitialized variable in OP-TEE driver * tag 'optee-async-notif-fix-for-v6.3' of https://git.linaro.org/people/jens.wiklander/linux-tee: optee: fix uninited async notif value Link: https://lore.kernel.org/r/20230421075443.GA3136581@rayden Signed-off-by: Arnd Bergmann