Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f032ee5a authored by Lior Barenboim's avatar Lior Barenboim Committed by Gerrit - the friendly Code Review server
Browse files

soc: qcom: fingerprint: keep QSEE handle in kernel space 



Move the QSEE handle from user space to kernel space.
In addition, fix possible overflow when checking that
the command and response buffers fit in the shared buffer.

Change-Id: I21b1866546a2825fe348a260c60e341bbe9600ea
Signed-off-by: default avatarLior Barenboim <liorb@codeaurora.org>
Signed-off-by: default avatarBiswajit Paul <biswajitpaul@codeaurora.org>
parent d86e1731

drivers/soc/qcom/qbt1000.c

+25 −9
Original line number Diff line number Diff line
@@ -86,6 +86,7 @@ struct qbt1000_drvdata { 
	uint32_t	ssc_spi_port;

	uint32_t	ssc_spi_port_slave_index;

	struct wakeup_source w_lock;

	struct qseecom_handle *app_handle;

};

#define W_LOCK_DELAY_MS (2000)
@@ -110,7 +111,8 @@ static int get_cmd_rsp_buffers(struct qseecom_handle *hdl, 
	*cmd_len = ALIGN(*cmd_len, 64);

	*rsp_len = ALIGN(*rsp_len, 64);



	if ((*rsp_len + *cmd_len) > g_app_buf_size)

	if (((uint64_t)*rsp_len + (uint64_t)*cmd_len)

	  > (uint64_t)g_app_buf_size)

		return -ENOMEM;



	*cmd = hdl->sbuf;
@@ -790,8 +792,20 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
			goto end;

		}



		if (drvdata->app_handle) {

			dev_err(drvdata->dev, "%s: LOAD app already loaded, unloading first\n",

				__func__);

			rc = qseecom_shutdown_app(&drvdata->app_handle);

			if (rc != 0) {

				dev_err(drvdata->dev, "%s: LOAD current app failed to shutdown\n",

					  __func__);

				goto end;

			}

		}



		/* start the TZ app */

		rc = qseecom_start_app(&app_handle, app.name, app.size);

		rc = qseecom_start_app(&drvdata->app_handle,

				app.name, app.size);

		if (rc == 0) {

			g_app_buf_size = app.size;

		} else {
@@ -800,7 +814,9 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
			goto end;

		}



		/* copy the app handle to user */

		/* copy a fake app handle to user */

		app_handle = drvdata->app_handle ?

			(struct qseecom_handle *)123456 : 0;

		rc = copy_to_user((void __user *)app.app_handle, &app_handle,

			sizeof(*app.app_handle));
@@ -817,7 +833,7 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
	case QBT1000_UNLOAD_APP:

	{

		struct qbt1000_app app;

		struct qseecom_handle *app_handle;

		struct qseecom_handle *app_handle = 0;



		if (copy_from_user(&app, priv_arg,

			sizeof(app)) != 0) {
@@ -847,14 +863,14 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
		}



		/* if the app hasn't been loaded already, return err */

		if (!app_handle) {

		if (!drvdata->app_handle) {

			dev_err(drvdata->dev, "%s: App not loaded\n",

				__func__);

			rc = -EINVAL;

			goto end;

		}



		rc = qseecom_shutdown_app(&app_handle);

		rc = qseecom_shutdown_app(&drvdata->app_handle);

		if (rc != 0) {

			dev_err(drvdata->dev, "%s: App failed to shutdown\n",

				__func__);
@@ -895,7 +911,7 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
		}



		/* if the app hasn't been loaded already, return err */

		if (!tzcmd.app_handle) {

		if (!drvdata->app_handle) {

			dev_err(drvdata->dev, "%s: App not loaded\n",

				__func__);

			rc = -EINVAL;
@@ -905,7 +921,7 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
		/* init command and response buffers and align lengths */

		aligned_cmd_len = tzcmd.req_buf_len;

		aligned_rsp_len = tzcmd.rsp_buf_len;

		rc = get_cmd_rsp_buffers(tzcmd.app_handle,

		rc = get_cmd_rsp_buffers(drvdata->app_handle,

			(void **)&aligned_cmd,

			&aligned_cmd_len,

			(void **)&aligned_rsp,
@@ -930,7 +946,7 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
		}



		/* send cmd to TZ */

		rc = qseecom_send_command(tzcmd.app_handle,

		rc = qseecom_send_command(drvdata->app_handle,

			aligned_cmd,

			aligned_cmd_len,

			aligned_rsp,