From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v1 02/14] tee: add register user memory
Date: Fri, 29 Sep 2017 11:53:11 +0100 [thread overview]
Message-ID: <20170929105311.GC5781@leverpostej> (raw)
In-Reply-To: <1506621851-6929-3-git-send-email-volodymyr_babchuk@epam.com>
On Thu, Sep 28, 2017 at 09:03:59PM +0300, Volodymyr Babchuk wrote:
> +static int
> +tee_ioctl_shm_register(struct tee_context *ctx,
> + struct tee_ioctl_shm_register_data __user *udata)
> +{
> + long ret;
> + struct tee_ioctl_shm_register_data data;
> + struct tee_shm *shm;
> +
> + if (copy_from_user(&data, udata, sizeof(data)))
> + return -EFAULT;
> +
> + /* Currently no input flags are supported */
> + if (data.flags)
> + return -EINVAL;
> +
> + shm = tee_shm_register(ctx, data.addr, data.length,
> + TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
> + if (IS_ERR(shm))
> + return PTR_ERR(shm);
> +
> + data.id = shm->id;
> + data.flags = shm->flags;
> + data.length = shm->size;
> +
> + if (copy_to_user(udata, &data, sizeof(data)))
> + ret = -EFAULT;
> + else
> + ret = tee_shm_get_fd(shm);
Why do you need both the fd and an id? That seems redundant.
[...]
> +struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
> + size_t length, u32 flags)
> +{
> + struct tee_device *teedev = ctx->teedev;
> + const u32 req_flags = TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED;
> + struct tee_shm *shm;
> + void *ret;
> + int rc;
> + int num_pages;
> + unsigned long start;
> +
> + if (flags != req_flags) {
> + dev_err(teedev->dev.parent, "invliad shm flags %#x", flags);
> + return ERR_PTR(-EINVAL);
> + }
> +
> + if (!tee_device_get(teedev))
> + return ERR_PTR(-EINVAL);
> +
> + if (!teedev->desc->ops->shm_register ||
> + !teedev->desc->ops->shm_unregister) {
> + dev_err(teedev->dev.parent,
> + "register shared memory unspported by device");
I don't think this should be a dev_err. The user requested something
that the device did not support, but that's not a device-side error.
A user may legitmiately do this to probe whether the TEE supports
registering memory.
> + tee_device_put(teedev);
> + return ERR_PTR(-EINVAL);
Perhaps EOPNOTSUPP?
> + }
> +
> + shm = kzalloc(sizeof(*shm), GFP_KERNEL);
> + if (!shm) {
> + ret = ERR_PTR(-ENOMEM);
> + goto err;
> + }
> +
> + shm->flags = flags | TEE_SHM_REGISTER;
> + shm->teedev = teedev;
> + shm->ctx = ctx;
> + shm->id = -1;
> + start = rounddown(addr, PAGE_SIZE);
> + shm->offset = addr - start;
> + shm->size = length;
> + num_pages = (roundup(addr + length, PAGE_SIZE) - start) / PAGE_SIZE;
Why not mandate that the user passes a buffer which has a start and end
aligned to PAGE_SIZE?
Otherwise, the buffer is size is silently upgraded without the user's
knowledge, which seems likely to result in bugs.
> + shm->pages = kcalloc(num_pages, sizeof(struct page), GFP_KERNEL);
I think you mean sizeof(struct page *) here.
Generally, for:
lhs = some_alloc(sizeof(x))
... it's preferred that x is *lhs, so as to keep the types in sync. e.g.
shm->pages = kcalloc(num_pages, sizeof(*shm->pages), GFP_KERNEL);
> + if (!shm->pages) {
> + ret = ERR_PTR(-ENOMEM);
> + goto err;
> + }
> +
> + rc = get_user_pages_fast(start, num_pages, 1, shm->pages);
> + if (rc > 0)
> + shm->num_pages = rc;
> + if (rc != num_pages) {
> + if (rc > 0)
> + rc = -ENOMEM;
> + ret = ERR_PTR(rc);
> + goto err;
> + }
> +
> + mutex_lock(&teedev->mutex);
> + shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL);
> + mutex_unlock(&teedev->mutex);
AFAICT, idr_alloc() can fail, so I beleive you're missing a sanity check
on the return value here.
THanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Cc: linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org,
Jens Wiklander <jens.wiklander@linaro.org>,
Volodymyr Babchuk <vlad.babchuk@gmail.com>
Subject: Re: [PATCH v1 02/14] tee: add register user memory
Date: Fri, 29 Sep 2017 11:53:11 +0100 [thread overview]
Message-ID: <20170929105311.GC5781@leverpostej> (raw)
In-Reply-To: <1506621851-6929-3-git-send-email-volodymyr_babchuk@epam.com>
On Thu, Sep 28, 2017 at 09:03:59PM +0300, Volodymyr Babchuk wrote:
> +static int
> +tee_ioctl_shm_register(struct tee_context *ctx,
> + struct tee_ioctl_shm_register_data __user *udata)
> +{
> + long ret;
> + struct tee_ioctl_shm_register_data data;
> + struct tee_shm *shm;
> +
> + if (copy_from_user(&data, udata, sizeof(data)))
> + return -EFAULT;
> +
> + /* Currently no input flags are supported */
> + if (data.flags)
> + return -EINVAL;
> +
> + shm = tee_shm_register(ctx, data.addr, data.length,
> + TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
> + if (IS_ERR(shm))
> + return PTR_ERR(shm);
> +
> + data.id = shm->id;
> + data.flags = shm->flags;
> + data.length = shm->size;
> +
> + if (copy_to_user(udata, &data, sizeof(data)))
> + ret = -EFAULT;
> + else
> + ret = tee_shm_get_fd(shm);
Why do you need both the fd and an id? That seems redundant.
[...]
> +struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
> + size_t length, u32 flags)
> +{
> + struct tee_device *teedev = ctx->teedev;
> + const u32 req_flags = TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED;
> + struct tee_shm *shm;
> + void *ret;
> + int rc;
> + int num_pages;
> + unsigned long start;
> +
> + if (flags != req_flags) {
> + dev_err(teedev->dev.parent, "invliad shm flags %#x", flags);
> + return ERR_PTR(-EINVAL);
> + }
> +
> + if (!tee_device_get(teedev))
> + return ERR_PTR(-EINVAL);
> +
> + if (!teedev->desc->ops->shm_register ||
> + !teedev->desc->ops->shm_unregister) {
> + dev_err(teedev->dev.parent,
> + "register shared memory unspported by device");
I don't think this should be a dev_err. The user requested something
that the device did not support, but that's not a device-side error.
A user may legitmiately do this to probe whether the TEE supports
registering memory.
> + tee_device_put(teedev);
> + return ERR_PTR(-EINVAL);
Perhaps EOPNOTSUPP?
> + }
> +
> + shm = kzalloc(sizeof(*shm), GFP_KERNEL);
> + if (!shm) {
> + ret = ERR_PTR(-ENOMEM);
> + goto err;
> + }
> +
> + shm->flags = flags | TEE_SHM_REGISTER;
> + shm->teedev = teedev;
> + shm->ctx = ctx;
> + shm->id = -1;
> + start = rounddown(addr, PAGE_SIZE);
> + shm->offset = addr - start;
> + shm->size = length;
> + num_pages = (roundup(addr + length, PAGE_SIZE) - start) / PAGE_SIZE;
Why not mandate that the user passes a buffer which has a start and end
aligned to PAGE_SIZE?
Otherwise, the buffer is size is silently upgraded without the user's
knowledge, which seems likely to result in bugs.
> + shm->pages = kcalloc(num_pages, sizeof(struct page), GFP_KERNEL);
I think you mean sizeof(struct page *) here.
Generally, for:
lhs = some_alloc(sizeof(x))
... it's preferred that x is *lhs, so as to keep the types in sync. e.g.
shm->pages = kcalloc(num_pages, sizeof(*shm->pages), GFP_KERNEL);
> + if (!shm->pages) {
> + ret = ERR_PTR(-ENOMEM);
> + goto err;
> + }
> +
> + rc = get_user_pages_fast(start, num_pages, 1, shm->pages);
> + if (rc > 0)
> + shm->num_pages = rc;
> + if (rc != num_pages) {
> + if (rc > 0)
> + rc = -ENOMEM;
> + ret = ERR_PTR(rc);
> + goto err;
> + }
> +
> + mutex_lock(&teedev->mutex);
> + shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL);
> + mutex_unlock(&teedev->mutex);
AFAICT, idr_alloc() can fail, so I beleive you're missing a sanity check
on the return value here.
THanks,
Mark.
next prev parent reply other threads:[~2017-09-29 10:53 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-28 18:03 [PATCH v1 00/14] tee: optee: add dynamic shared memory support Volodymyr Babchuk
2017-09-28 18:03 ` Volodymyr Babchuk
2017-09-28 18:03 ` [PATCH v1 01/14] tee: flexible shared memory pool creation Volodymyr Babchuk
2017-09-28 18:03 ` Volodymyr Babchuk
2017-09-28 18:03 ` [PATCH v1 02/14] tee: add register user memory Volodymyr Babchuk
2017-09-28 18:03 ` Volodymyr Babchuk
2017-09-29 10:53 ` Mark Rutland [this message]
2017-09-29 10:53 ` Mark Rutland
2017-09-29 15:19 ` Volodymyr Babchuk
2017-09-29 15:19 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 03/14] tee: shm: add accessors for buffer size and page offset Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 04/14] tee: shm: add page accessor functions Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 22:14 ` Yury Norov
2017-09-28 22:14 ` Yury Norov
2017-09-29 10:17 ` Volodymyr Babchuk
2017-09-29 10:17 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 05/14] tee: optee: Update protocol definitions Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 06/14] tee: optee: add page list manipulation functions Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-29 0:23 ` Yury Norov
2017-09-29 0:23 ` Yury Norov
2017-09-29 10:34 ` Volodymyr Babchuk
2017-09-29 10:34 ` Volodymyr Babchuk
2017-09-29 16:23 ` Yury Norov
2017-09-29 16:23 ` Yury Norov
2017-09-29 13:00 ` Mark Rutland
2017-09-29 13:00 ` Mark Rutland
2017-09-28 18:04 ` [PATCH v1 07/14] tee: optee: add shared buffer registration functions Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-29 13:06 ` Mark Rutland
2017-09-29 13:06 ` Mark Rutland
2017-09-29 15:37 ` Volodymyr Babchuk
2017-09-29 15:37 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 08/14] tee: optee: add registered shared parameters handling Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 09/14] tee: optee: add registered buffers handling into RPC calls Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 10/14] tee: optee: store OP-TEE capabilities in private data Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 11/14] tee: optee: add optee-specific shared pool implementation Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 12/14] tee: optee: enable dynamic SHM support Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-10-03 16:06 ` [Tee-dev] " Stuart Yoder
2017-10-03 16:06 ` Stuart Yoder
2017-10-04 11:49 ` Jens Wiklander
2017-10-04 11:49 ` Jens Wiklander
2017-09-28 18:04 ` [PATCH v1 13/14] tee: use reference counting for tee_context Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-28 18:04 ` [PATCH v1 14/14] tee: shm: inline tee_shm getter functions Volodymyr Babchuk
2017-09-28 18:04 ` Volodymyr Babchuk
2017-09-29 0:50 ` Yury Norov
2017-09-29 0:50 ` Yury Norov
2017-09-29 10:31 ` [PATCH v1 00/14] tee: optee: add dynamic shared memory support Mark Rutland
2017-09-29 10:31 ` Mark Rutland
2017-09-29 10:51 ` Volodymyr Babchuk
2017-09-29 10:51 ` Volodymyr Babchuk
2017-10-03 16:05 ` [Tee-dev] " Stuart Yoder
2017-10-03 16:05 ` Stuart Yoder
2017-10-04 17:23 ` Volodymyr Babchuk
2017-10-04 17:23 ` Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 01/14] tee: flexible shared memory pool creation Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 02/14] tee: add register user memory Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 03/14] tee: shm: add accessors for buffer size and page offset Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 04/14] tee: shm: add page accessor functions Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 05/14] tee: optee: Update protocol definitions Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 06/14] tee: optee: add page list manipulation functions Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 07/14] tee: optee: add shared buffer registration functions Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 08/14] tee: optee: add registered shared parameters handling Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 09/14] tee: optee: add registered buffers handling into RPC calls Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 10/14] tee: optee: store OP-TEE capabilities in private data Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 11/14] tee: optee: add optee-specific shared pool implementation Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 12/14] tee: optee: enable dynamic SHM support Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 13/14] tee: use reference counting for tee_context Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:32 ` [PATCH v1 14/14] tee: shm: inline tee_shm_get_id() Volodymyr Babchuk
2017-10-13 19:32 ` Volodymyr Babchuk
2017-10-13 19:40 ` [PATCH v1 00/14] tee: optee: add dynamic shared memory support Volodymyr Babchuk
2017-10-13 19:40 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 " Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 01/14] tee: flexible shared memory pool creation Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 02/14] tee: add register user memory Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 03/14] tee: shm: add accessors for buffer size and page offset Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 04/14] tee: shm: add page accessor functions Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 05/14] tee: optee: Update protocol definitions Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 06/14] tee: optee: add page list manipulation functions Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 07/14] tee: optee: add shared buffer registration functions Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 08/14] tee: optee: add registered shared parameters handling Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 09/14] tee: optee: add registered buffers handling into RPC calls Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 10/14] tee: optee: store OP-TEE capabilities in private data Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 11/14] tee: optee: add optee-specific shared pool implementation Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 12/14] tee: optee: enable dynamic SHM support Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 13/14] tee: use reference counting for tee_context Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-11-29 12:48 ` [RESEND PATCH v2 14/14] tee: shm: inline tee_shm_get_id() Volodymyr Babchuk
2017-11-29 12:48 ` Volodymyr Babchuk
2017-12-06 14:32 ` [RESEND PATCH v2 00/14] tee: optee: add dynamic shared memory support Jens Wiklander
2017-12-06 14:32 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170929105311.GC5781@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.