Loading drivers/misc/qseecom.c +19 −5 Original line number Original line Diff line number Diff line Loading @@ -2985,7 +2985,11 @@ static int qseecom_send_service_cmd(struct qseecom_dev_handle *data, } } if (req.cmd_id == QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND) { if (req.cmd_id == QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND) { pr_warn("RPMB key status is 0x%x\n", resp.result); pr_warn("RPMB key status is 0x%x\n", resp.result); *(uint32_t *)req.resp_buf = resp.result; if (put_user(resp.result, (uint32_t __user *)req.resp_buf)) { ret = -EINVAL; goto exit; } ret = 0; ret = 0; } } break; break; Loading Loading @@ -6586,11 +6590,16 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, void *cmd_buf = NULL; void *cmd_buf = NULL; size_t cmd_len; size_t cmd_len; struct sglist_info *table = data->sglistinfo_ptr; struct sglist_info *table = data->sglistinfo_ptr; void *req_ptr = NULL; void *resp_ptr = NULL; ret = __qseecom_qteec_validate_msg(data, req); ret = __qseecom_qteec_validate_msg(data, req); if (ret) if (ret) return ret; return ret; req_ptr = req->req_ptr; resp_ptr = req->resp_ptr; /* find app_id & img_name from list */ /* find app_id & img_name from list */ spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); list_for_each_entry(ptr_app, &qseecom.registered_app_list_head, list_for_each_entry(ptr_app, &qseecom.registered_app_list_head, Loading @@ -6608,6 +6617,11 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, return -ENOENT; return -ENOENT; } } req->req_ptr = (void *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->req_ptr); req->resp_ptr = (void *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->resp_ptr); if ((cmd_id == QSEOS_TEE_OPEN_SESSION) || if ((cmd_id == QSEOS_TEE_OPEN_SESSION) || (cmd_id == QSEOS_TEE_REQUEST_CANCELLATION)) { (cmd_id == QSEOS_TEE_REQUEST_CANCELLATION)) { ret = __qseecom_update_qteec_req_buf( ret = __qseecom_update_qteec_req_buf( Loading @@ -6619,10 +6633,10 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, if (qseecom.qsee_version < QSEE_VERSION_40) { if (qseecom.qsee_version < QSEE_VERSION_40) { ireq.app_id = data->client.app_id; ireq.app_id = data->client.app_id; ireq.req_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, ireq.req_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->req_ptr); (uintptr_t)req_ptr); ireq.req_len = req->req_len; ireq.req_len = req->req_len; ireq.resp_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, ireq.resp_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->resp_ptr); (uintptr_t)resp_ptr); ireq.resp_len = req->resp_len; ireq.resp_len = req->resp_len; ireq.sglistinfo_ptr = (uint32_t)virt_to_phys(table); ireq.sglistinfo_ptr = (uint32_t)virt_to_phys(table); ireq.sglistinfo_len = SGLISTINFO_TABLE_SIZE; ireq.sglistinfo_len = SGLISTINFO_TABLE_SIZE; Loading @@ -6633,10 +6647,10 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, } else { } else { ireq_64bit.app_id = data->client.app_id; ireq_64bit.app_id = data->client.app_id; ireq_64bit.req_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, ireq_64bit.req_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->req_ptr); (uintptr_t)req_ptr); ireq_64bit.req_len = req->req_len; ireq_64bit.req_len = req->req_len; ireq_64bit.resp_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, ireq_64bit.resp_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->resp_ptr); (uintptr_t)resp_ptr); ireq_64bit.resp_len = req->resp_len; ireq_64bit.resp_len = req->resp_len; if ((data->client.app_arch == ELFCLASS32) && if ((data->client.app_arch == ELFCLASS32) && ((ireq_64bit.req_ptr >= ((ireq_64bit.req_ptr >= Loading Loading
drivers/misc/qseecom.c +19 −5 Original line number Original line Diff line number Diff line Loading @@ -2985,7 +2985,11 @@ static int qseecom_send_service_cmd(struct qseecom_dev_handle *data, } } if (req.cmd_id == QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND) { if (req.cmd_id == QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND) { pr_warn("RPMB key status is 0x%x\n", resp.result); pr_warn("RPMB key status is 0x%x\n", resp.result); *(uint32_t *)req.resp_buf = resp.result; if (put_user(resp.result, (uint32_t __user *)req.resp_buf)) { ret = -EINVAL; goto exit; } ret = 0; ret = 0; } } break; break; Loading Loading @@ -6586,11 +6590,16 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, void *cmd_buf = NULL; void *cmd_buf = NULL; size_t cmd_len; size_t cmd_len; struct sglist_info *table = data->sglistinfo_ptr; struct sglist_info *table = data->sglistinfo_ptr; void *req_ptr = NULL; void *resp_ptr = NULL; ret = __qseecom_qteec_validate_msg(data, req); ret = __qseecom_qteec_validate_msg(data, req); if (ret) if (ret) return ret; return ret; req_ptr = req->req_ptr; resp_ptr = req->resp_ptr; /* find app_id & img_name from list */ /* find app_id & img_name from list */ spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); list_for_each_entry(ptr_app, &qseecom.registered_app_list_head, list_for_each_entry(ptr_app, &qseecom.registered_app_list_head, Loading @@ -6608,6 +6617,11 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, return -ENOENT; return -ENOENT; } } req->req_ptr = (void *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->req_ptr); req->resp_ptr = (void *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->resp_ptr); if ((cmd_id == QSEOS_TEE_OPEN_SESSION) || if ((cmd_id == QSEOS_TEE_OPEN_SESSION) || (cmd_id == QSEOS_TEE_REQUEST_CANCELLATION)) { (cmd_id == QSEOS_TEE_REQUEST_CANCELLATION)) { ret = __qseecom_update_qteec_req_buf( ret = __qseecom_update_qteec_req_buf( Loading @@ -6619,10 +6633,10 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, if (qseecom.qsee_version < QSEE_VERSION_40) { if (qseecom.qsee_version < QSEE_VERSION_40) { ireq.app_id = data->client.app_id; ireq.app_id = data->client.app_id; ireq.req_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, ireq.req_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->req_ptr); (uintptr_t)req_ptr); ireq.req_len = req->req_len; ireq.req_len = req->req_len; ireq.resp_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, ireq.resp_ptr = (uint32_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->resp_ptr); (uintptr_t)resp_ptr); ireq.resp_len = req->resp_len; ireq.resp_len = req->resp_len; ireq.sglistinfo_ptr = (uint32_t)virt_to_phys(table); ireq.sglistinfo_ptr = (uint32_t)virt_to_phys(table); ireq.sglistinfo_len = SGLISTINFO_TABLE_SIZE; ireq.sglistinfo_len = SGLISTINFO_TABLE_SIZE; Loading @@ -6633,10 +6647,10 @@ static int __qseecom_qteec_issue_cmd(struct qseecom_dev_handle *data, } else { } else { ireq_64bit.app_id = data->client.app_id; ireq_64bit.app_id = data->client.app_id; ireq_64bit.req_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, ireq_64bit.req_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->req_ptr); (uintptr_t)req_ptr); ireq_64bit.req_len = req->req_len; ireq_64bit.req_len = req->req_len; ireq_64bit.resp_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, ireq_64bit.resp_ptr = (uint64_t)__qseecom_uvirt_to_kphys(data, (uintptr_t)req->resp_ptr); (uintptr_t)resp_ptr); ireq_64bit.resp_len = req->resp_len; ireq_64bit.resp_len = req->resp_len; if ((data->client.app_arch == ELFCLASS32) && if ((data->client.app_arch == ELFCLASS32) && ((ireq_64bit.req_ptr >= ((ireq_64bit.req_ptr >= Loading
