From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2584283FD7 for ; Thu, 18 Sep 2025 09:50:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758189034; cv=none; b=G2nLukZACFGCLi+l3RwiiLtlujAXrNaOi/ecdoM86UiuNB28TYHKnzjBc4oKC1InnRz0VCdOriZt2iPFoYiwnmU2KJ76csWB18+Nt+Bn/Wax5vh5UNEVYlF5VhZvZVlN0CxBc/EOi5uqY896wwV0xJxpEmDIdD7nPD1faTjpG7c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758189034; c=relaxed/simple; bh=qHLJX/TtpVtJetIsYqyBWRD9Yy9lM9oH0njdixetFrQ=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=o1CVT4kBSVzzwDfRPgms3DeRIXxpUP3kRD0LFB3R7GmhXngbuiSu/5jfcE/9pgbxug7l88HMOxewEpJePI+B6BTganz0vszVBWjpbFrp1oja/53t+IXufCsCuXZkPK2q1MF2fesQgPjW1TfojSdowsvZKRYFPQ0GQoaa84lP3yQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=cm3gFDaL; arc=none smtp.client-ip=209.85.221.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="cm3gFDaL" Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-3ebf23c0d27so470077f8f.0 for ; Thu, 18 Sep 2025 02:50:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1758189030; x=1758793830; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=eQwKqTQzxVu8vPTkPS6AVCaGBlFPjm0mxCJ88MPBe7I=; b=cm3gFDaL0oJjGb4Xa0O12OWm/ZzkJJkpTchRc9XSNEEJ5168AitPEYTZ9qx2o+JwZd 7RBIwOka/wkQCsAlYtbCIIBftfAlh0vey9KBFPKllUZ/Z1aLPei0elc78W3zC+1zWBgS /j+Ypdpr/gxDpgzQ6q/MN3ii18TXCQWm4dIz5Zzz9eZ0jX5FallIpoNldIIJH60RfYug N0yH0DFaOeTGPnv70Jq8USf8GQF+fU3zuQhjXbZgcaZobO7oxMoQnZDblht5HHk3RzpO GGDO1IuNZ3V0Cd9OOOOxTTbmO6u7vAypoos5ojI65P2QQENXYRoVV7Dytm1N/Nk6ExE/ mmUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758189030; x=1758793830; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eQwKqTQzxVu8vPTkPS6AVCaGBlFPjm0mxCJ88MPBe7I=; b=NZ7wt2ym/20p6zQKNI2YAFej4HD5w+sHTSGGaAyK562miqrWF8obevjEKm4pFb4WcQ TjjD11z2VUJkkUPHXEdIki+B94uceq4FLXkuGEaUX4oJc8oGDIuwalop1mOR4j1Sl3VB o5rtHCBGIwi8qlnyKeOsG8lGaysJ7krvXvzHF9Ru3IVDz0Esy/bF8aZPsSqZbHRvAvWB tQPPjbssOlc2btH6C01fvTEZcFkIDKqjlrlJF8OG1MW6AEEqfxDlN0W7m5chV8mcpcbW L7PVYxfnXTxmn9K1i5dO9gsUnGIokFExFId3OqHtJ3AoDLTseDV91osEeEHF11oVhRKD WEtg== X-Forwarded-Encrypted: i=1; AJvYcCWzA4fY3E2UeouJPaM33zPjORNNpbz5vhMh57LHueLA2DfEiY2RfSYSTh0GlDiGboVgGiTB+pvJ7aRGiDjet9Q=@vger.kernel.org X-Gm-Message-State: AOJu0Yyo7UGA6CWyiIXt/2QdwU0rzLGY0mDfL1GAcNrSFuK+W8RLNQB6 pxdcAJARLiZ2LkphnNzOS2uA5IZ9ji082uCMYcKbf9dbTfyKT0IZ6Mg1P2h8CEVjnRQ= X-Gm-Gg: ASbGncu3vITFHdaIzEOe6/VZaNwhGpJb+/VLCJfuefUS+XpIlKa/3Z1EpkLxzcO70EP uQkzQ3EVzu3S6/gePmzK829r952kP6B/WBb5aW20R6aG2KiUEKdzrp3IMJvkfvwt/JV8Ua+yIVb /+kZhSiL13zlYWGlJrHGB0V6lhx6NrSuPK+d8Yn/Wr42MThWEOqdBdGLZAB7RKzAXZ3Si03aKB5 b4wzQJNvpMvDJUCkKhD85OIW4zcD17q/ZvNrpsvx0NkluOswXW3Ulg0qzbXIideN0MF4MQ1N3vH 5/z4adIVUcH4pkyHB39jdxgeYn8uWYV1v45t9hTv5d/vCUFB3hld6ZAvawxaNxFs16fm340rdtX +LrWVS0mdGRo35SSys9tyivGP5xHE3xKWxkyF5UKcuBZlNw== X-Google-Smtp-Source: AGHT+IGoCMIZSYVGVdr+LonBDIWcYYTv19TLhpipu3kLj9HY+JsSF6G9ZNs6lLtq6lsBFQeD0PjV6w== X-Received: by 2002:a05:6000:1a8e:b0:3e7:ff70:1b41 with SMTP id ffacd0b85a97d-3ecdf9c9fc7mr4630089f8f.25.1758189030108; Thu, 18 Sep 2025 02:50:30 -0700 (PDT) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3ee0fbc7107sm3078259f8f.30.2025.09.18.02.50.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Sep 2025 02:50:29 -0700 (PDT) Date: Thu, 18 Sep 2025 12:50:26 +0300 From: Dan Carpenter To: Amirreza Zarrabi Cc: Jens Wiklander , Sumit Garg , linux-arm-msm@vger.kernel.org, op-tee@lists.trustedfirmware.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH next] tee: qcom: prevent potential off by one read Message-ID: Precedence: bulk X-Mailing-List: kernel-janitors@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: git-send-email haha only kidding Re-order these checks to check if "i" is a valid array index before using it. This prevents a potential off by one read access. Fixes: d6e290837e50 ("tee: add Qualcomm TEE driver") Signed-off-by: Dan Carpenter --- drivers/tee/qcomtee/call.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/qcomtee/call.c b/drivers/tee/qcomtee/call.c index cc17a48d0ab7..ac134452cc9c 100644 --- a/drivers/tee/qcomtee/call.c +++ b/drivers/tee/qcomtee/call.c @@ -308,7 +308,7 @@ static int qcomtee_params_from_args(struct tee_param *params, } /* Release any IO and OO objects not processed. */ - for (; u[i].type && i < num_params; i++) { + for (; i < num_params && u[i].type; i++) { if (u[i].type == QCOMTEE_ARG_TYPE_OO || u[i].type == QCOMTEE_ARG_TYPE_IO) qcomtee_object_put(u[i].o); -- 2.51.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.trustedfirmware.org (lists.trustedfirmware.org [18.214.241.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DFD47CAC597 for ; Thu, 18 Sep 2025 09:50:46 +0000 (UTC) Received: from lists.trustedfirmware.org (localhost [127.0.0.1]) by lists.trustedfirmware.org (Postfix) with ESMTP id 1BEA143198 for ; Thu, 18 Sep 2025 09:50:46 +0000 (UTC) Authentication-Results: lists.trustedfirmware.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=DCHpwJYU; dkim-atps=neutral Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by lists.trustedfirmware.org (Postfix) with ESMTPS id 4CCA640B18 for ; Thu, 18 Sep 2025 09:50:31 +0000 (UTC) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-3ece0e4c5faso781738f8f.1 for ; Thu, 18 Sep 2025 02:50:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1758189030; x=1758793830; darn=lists.trustedfirmware.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=eQwKqTQzxVu8vPTkPS6AVCaGBlFPjm0mxCJ88MPBe7I=; b=DCHpwJYUIuzpX+0E6GUC2NjQRv4PhDA4+Gy1O6pesaF+5UtEIbmLfmn+2AmbeRz0Kf 3JGFhFIMqJCDtHhqb1vOAZdTgkd3+bQ6VIQ742E3V0R+Q03vcuSB+zNvGN/AXK2rrnvo xglqYawmhOSNnHsOTnNQbky7LfSWQT5FckKH3vRvvRZrlYvs3g9mqbQTCLnG17R85/iN KscOlqhylS49sP5epck59CQLiKVNSbX9X0TIuXVCWGyIvnwRnQq8w+KcNSLiZQKnIaIG v6AGN36/jND+4eL31J66dMmMQqxH2jRbFy1b58WgxaCmwtZj8IgSJzTDPU6oRjyt2NWm bo/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758189030; x=1758793830; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eQwKqTQzxVu8vPTkPS6AVCaGBlFPjm0mxCJ88MPBe7I=; b=BbvJUTA35V50ja6DzCV1pljrUTG1WO/kyhBViSaL43N5YmZvG7Rza58HPUsFU+HpRu 1msQux11tugcH9I490tti4KZ/FD6f1njyxOnDoSgjvTyy5cKEjMp4+YWcHukk2CBLd+W lvefA5zoJsOWjOtHt9A3211g5lNatHckU5OctXZUKB4Fhqg1CTyOlc2MzppTcXNyywdm TCCjijrTWPmL6VZ2+hDs49hu04uoqHrzNKgm8+yytw5C84HC+R2Fh3ukXSMLHq34jlRs uN9CDUEcAi7mnWA/p3FDLgk7JEUC+yaCib9+9V2Tr8yda4uH5ddmZcZ3Mi/L3QXM7ZVM meCw== X-Forwarded-Encrypted: i=1; AJvYcCV9bcw0NywgqYMM5mMLXF6nFapeW9tbBynZ7RHZq3kUCMbgPYFLdVpCwUD2DXOMYyg94FcEwvE=@lists.trustedfirmware.org X-Gm-Message-State: AOJu0YxSvz46KOeffyI38iOufL7TScuFBm/f3LHpaiU4LekJIGfrlgtQ 8IJ6MKJ6qidXGysUfW0kElXQ+SkHwA9hjBuQl9RetiZyesEfh+gbzDxc8jsX4exuvvo9Dg== X-Gm-Gg: ASbGncvbvN8ath0n/xfgqQteq9FdLM7C7MQsgJkSuKdLGVb9YCNkFskCcXoz+SdAhoM R6OXbXnXfuKAF/HA3GsTwQToSODLNCrXAr9NwLyBC+U7kZq19IkIrXPph/YY8n3ZlGfH7a0wmgD y6LBNW+a3R45a/CBxut3HCUHOPpLnjbf8fdnPZiz/vsZ0i21fXM0hjw0dEHpvEI62gqsJbXakQW p32A4YU9sClxeWT3THoHEMui/LZ73h3DHVEdYyVEAOZA1cdHogVVKXs/0SHaQFM5rfDO93LzoG9 R+lLK31wNBokcWQ1cPKS295++0Yggnoire8yWlvkRc/52evIrKsHPjgYqre21DOWR8ludR/eHhz FZ/4ezAoajJjFKC2v+ENsLkTfQgsuwfAf1bglG5tNcl1Xiw== X-Google-Smtp-Source: AGHT+IGoCMIZSYVGVdr+LonBDIWcYYTv19TLhpipu3kLj9HY+JsSF6G9ZNs6lLtq6lsBFQeD0PjV6w== X-Received: by 2002:a05:6000:1a8e:b0:3e7:ff70:1b41 with SMTP id ffacd0b85a97d-3ecdf9c9fc7mr4630089f8f.25.1758189030108; Thu, 18 Sep 2025 02:50:30 -0700 (PDT) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3ee0fbc7107sm3078259f8f.30.2025.09.18.02.50.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Sep 2025 02:50:29 -0700 (PDT) Date: Thu, 18 Sep 2025 12:50:26 +0300 From: Dan Carpenter To: Amirreza Zarrabi Subject: [PATCH next] tee: qcom: prevent potential off by one read Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-Rspamd-Queue-Id: 4CCA640B18 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.99 / 15.00]; BAYES_HAM(-3.00)[100.00%]; DMARC_POLICY_ALLOW(-0.50)[linaro.org,none]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; R_DKIM_ALLOW(-0.20)[linaro.org:s=google]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.221.50:from]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[op-tee@lists.trustedfirmware.org]; RCVD_COUNT_TWO(0.00)[2]; RECEIVED_HELO_LOCALHOST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.221.50:from]; NEURAL_HAM(-0.00)[-1.000]; DKIM_TRACE(0.00)[linaro.org:+] X-Rspamd-Action: no action X-Rspamd-Server: lists.trustedfirmware.org Message-ID-Hash: EQAAJ7KY6L5QHTTKSVR34SRQCEEMVRVV X-Message-ID-Hash: EQAAJ7KY6L5QHTTKSVR34SRQCEEMVRVV X-MailFrom: dan.carpenter@linaro.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-op-tee.lists.trustedfirmware.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Sumit Garg , linux-arm-msm@vger.kernel.org, op-tee@lists.trustedfirmware.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org X-Mailman-Version: 3.3.5 Precedence: list List-Id: Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Re-order these checks to check if "i" is a valid array index before using it. This prevents a potential off by one read access. Fixes: d6e290837e50 ("tee: add Qualcomm TEE driver") Signed-off-by: Dan Carpenter --- drivers/tee/qcomtee/call.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/qcomtee/call.c b/drivers/tee/qcomtee/call.c index cc17a48d0ab7..ac134452cc9c 100644 --- a/drivers/tee/qcomtee/call.c +++ b/drivers/tee/qcomtee/call.c @@ -308,7 +308,7 @@ static int qcomtee_params_from_args(struct tee_param *params, } /* Release any IO and OO objects not processed. */ - for (; u[i].type && i < num_params; i++) { + for (; i < num_params && u[i].type; i++) { if (u[i].type == QCOMTEE_ARG_TYPE_OO || u[i].type == QCOMTEE_ARG_TYPE_IO) qcomtee_object_put(u[i].o); -- 2.51.0