Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.21 2025-11-21T20:27:20+00:00 2025-11-21T20:27:20+00:00 Arnd Bergmann arnd@arndb.de 2025-11-21T20:27:20+00:00 urn:sha1:fe7cdcd1bacec3a54ec94131292b5c883cec50cf QCOMTEE fixes2 for v6.18 - initialize result before use in in error path - fix uninitialized pointers with free attribute * tag 'qcomtee-fixes2-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: qcomtee: initialize result before use in release worker tee: qcomtee: fix uninitialized pointers with free attribute Signed-off-by: Arnd Bergmann <arnd@arndb.de> 2025-11-14T07:42:07+00:00 Ally Heev allyheev@gmail.com 2025-11-11T07:56:42+00:00 urn:sha1:ac5ae0a5ce22640f73677d40730a37f43df442d1 Uninitialized pointers with `__free` attribute can cause undefined behavior as the memory assigned randomly to the pointer is freed automatically when the pointer goes out of scope. qcomtee doesn't have any bugs related to this as of now, but it is better to initialize and assign pointers with `__free` attribute in one statement to ensure proper scope-based cleanup Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/ Signed-off-by: Ally Heev <allyheev@gmail.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2025-09-19T06:45:59+00:00 Dan Carpenter dan.carpenter@linaro.org 2025-09-18T09:50:26+00:00 urn:sha1:b14bb2e7821bdd133afeb5e623fd6c5a2273ecf6 Re-order these checks to check if "i" is a valid array index before using it. This prevents a potential off by one read access. Fixes: d6e290837e50 ("tee: add Qualcomm TEE driver") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2025-09-15T15:34:06+00:00 Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com 2025-09-12T04:07:49+00:00 urn:sha1:87ab676d909b192000342e6c301fcd13eaa17dbd Enable userspace to allocate shared memory with QTEE. Since QTEE handles shared memory as object, a wrapper is implemented to represent tee_shm as an object. The shared memory identifier, obtained through TEE_IOC_SHM_ALLOC, is transferred to the driver using TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT/OUTPUT. Tested-by: Neil Armstrong <neil.armstrong@linaro.org> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2025-09-15T15:34:06+00:00 Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com 2025-09-12T04:07:47+00:00 urn:sha1:d6e290837e50f73f88f31f19bd8a7213d92e6e46 Introduce qcomtee_object, which represents an object in both QTEE and the kernel. QTEE clients can invoke an instance of qcomtee_object to access QTEE services. If this invocation produces a new object in QTEE, an instance of qcomtee_object will be returned. Similarly, QTEE can request services from by issuing a callback request, which invokes an instance of qcomtee_object. Implement initial support for exporting qcomtee_object to userspace and QTEE, enabling the invocation of objects hosted in QTEE and userspace through the TEE subsystem. Tested-by: Neil Armstrong <neil.armstrong@linaro.org> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>