* [PATCH AUTOSEL 6.17-5.4] tee: allow a driver to allocate a tee_device without a pool
[not found] <20251009155752.773732-1-sashal@kernel.org>
@ 2025-10-09 15:54 ` Sasha Levin via OP-TEE
0 siblings, 0 replies; only message in thread
From: Sasha Levin via OP-TEE @ 2025-10-09 15:54 UTC (permalink / raw)
To: patches, stable; +Cc: Amirreza Zarrabi, Sumit Garg, Sasha Levin, op-tee
From: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
[ Upstream commit 6dbcd5a9ab6cb6644e7d728521da1c9035ec7235 ]
A TEE driver doesn't always need to provide a pool if it doesn't
support memory sharing ioctls and can allocate memory for TEE
messages in another way. Although this is mentioned in the
documentation for tee_device_alloc(), it is not handled correctly.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
LLM Generated explanations, may be completely bogus:
YES
- The change simply drops the `|| !pool` guard in `tee_device_alloc()`
(`drivers/tee/tee_core.c:892`), which currently rejects drivers that
intentionally omit a shared-memory pool even though the API contract
and docs (`include/linux/tee_core.h:123`) have long advertised `pool`
as optional. Today that mismatch means such drivers cannot register at
all, so user-visible functionality is blocked.
- Other subsystem code already treats a missing pool as a valid state
and bails out safely: shared-memory allocators check `if
(!teedev->pool)` before dereferencing it and return an error to user
space (`drivers/tee/tee_shm.c:78`), so allowing allocation without a
pool doesn’t create new NULL dereferences or change behaviour for
drivers that do use shared memory.
- Existing in-tree TEE implementations still guard their pool setup with
`IS_ERR()` checks (e.g. OP-TEE in `drivers/tee/optee/smc_abi.c:1651`),
so a genuine failure still propagates an error instead of slipping
through; we only unblock the documented “no pool” case.
- The patch is tiny, self-contained, and doesn’t alter ioctls or data
structures, making the regression risk very low while fixing a long-
standing real bug that prevents compliant drivers from loading.
Backporting keeps the stable tree consistent with the exported TEE API
and supports downstream drivers that rely on the documented behaviour.
drivers/tee/tee_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index acc7998758ad8..133447f250657 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -889,7 +889,7 @@ struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
if (!teedesc || !teedesc->name || !teedesc->ops ||
!teedesc->ops->get_version || !teedesc->ops->open ||
- !teedesc->ops->release || !pool)
+ !teedesc->ops->release)
return ERR_PTR(-EINVAL);
teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
--
2.51.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-09 15:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20251009155752.773732-1-sashal@kernel.org>
2025-10-09 15:54 ` [PATCH AUTOSEL 6.17-5.4] tee: allow a driver to allocate a tee_device without a pool Sasha Levin via OP-TEE
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox