lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241120-fix-tee_shm-refcount-upstream-v1-2-5da97f584fcd@quicinc.com>
Date: Wed, 20 Nov 2024 17:37:16 -0800
From: Amirreza Zarrabi <quic_azarrabi@...cinc.com>
To: Jens Wiklander <jens.wiklander@...aro.org>,
        Sumit Garg
	<sumit.garg@...aro.org>
CC: <op-tee@...ts.trustedfirmware.org>, <linux-kernel@...r.kernel.org>,
        <linux-arm-msm@...r.kernel.org>,
        Amirreza Zarrabi <quic_azarrabi@...cinc.com>
Subject: [PATCH RFC 2/3] tee: revert removal of linked list of struct
 tee_shm

Partially revert commit 59a135f6fb66 ("tee: remove linked list of
struct tee_shm"). Reintroduce the linked list to track all tee_shm
instances associated with a context.

Signed-off-by: Amirreza Zarrabi <quic_azarrabi@...cinc.com>
---
 drivers/tee/tee_core.c  |  1 +
 drivers/tee/tee_shm.c   | 13 +++++++++++++
 include/linux/tee_drv.h |  4 ++++
 3 files changed, 18 insertions(+)

diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index d113679b1e2d..93f3b330aec8 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -59,6 +59,7 @@ struct tee_context *teedev_open(struct tee_device *teedev)
 
 	kref_init(&ctx->refcount);
 	ctx->teedev = teedev;
+	INIT_LIST_HEAD(&ctx->list_shm);
 	rc = teedev->desc->ops->open(ctx);
 	if (rc)
 		goto err;
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index 31e032446cf5..c0164c0f4a01 100644
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -108,6 +108,10 @@ static struct tee_shm *shm_alloc_helper(struct tee_context *ctx, size_t size,
 		goto err_kfree;
 	}
 
+	mutex_lock(&teedev->mutex);
+	list_add_tail(&shm->link, &ctx->list_shm);
+	mutex_unlock(&teedev->mutex);
+
 	teedev_ctx_get(ctx);
 	return shm;
 err_kfree:
@@ -343,6 +347,10 @@ register_shm_helper(struct tee_context *ctx, struct iov_iter *iter, u32 flags,
 		goto err_put_shm_pages;
 	}
 
+	mutex_lock(&teedev->mutex);
+	list_add_tail(&shm->link, &ctx->list_shm);
+	mutex_unlock(&teedev->mutex);
+
 	return shm;
 err_put_shm_pages:
 	if (!iov_iter_is_kvec(iter))
@@ -577,6 +585,11 @@ void tee_shm_put(struct tee_shm *shm)
 		 */
 		if (shm->id >= 0)
 			idr_remove(&teedev->idr, shm->id);
+
+		/* The context owns shm may be gone already. */
+		if (shm->ctx)
+			list_del(&shm->link);
+
 		do_release = true;
 	}
 	mutex_unlock(&teedev->mutex);
diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
index 56560441b2cb..1b57cddfecc8 100644
--- a/include/linux/tee_drv.h
+++ b/include/linux/tee_drv.h
@@ -23,6 +23,7 @@ struct tee_device;
 /**
  * struct tee_context - driver specific context on file pointer data
  * @teedev:	pointer to this drivers struct tee_device
+ * @list_shm:	List of shared memory object owned by this context
  * @data:	driver specific context data, managed by the driver
  * @refcount:	reference counter for this structure
  * @releasing:  flag that indicates if context is being released right now.
@@ -38,6 +39,7 @@ struct tee_device;
  */
 struct tee_context {
 	struct tee_device *teedev;
+	struct list_head list_shm;
 	void *data;
 	struct kref refcount;
 	bool releasing;
@@ -49,6 +51,7 @@ struct tee_context {
  * struct tee_shm - shared memory object
  * @teedev:	device used to allocate the object
  * @ctx:	context using the object
+ * @link	link element
  * @paddr:	physical address of the shared memory
  * @kaddr:	virtual address of the shared memory
  * @size:	size of shared memory
@@ -66,6 +69,7 @@ struct tee_context {
 struct tee_shm {
 	struct tee_device *teedev;
 	struct tee_context *ctx;
+	struct list_head link;
 	phys_addr_t paddr;
 	void *kaddr;
 	size_t size;

-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ