Break out the memref handling into a separate helper function.
No change in behavior.
Signed-off-by: Jens Wiklander <jens.wiklan...@linaro.org>
---
drivers/tee/tee_core.c | 94 ++++++++++++++++++++++++------------------
1 file changed, 54 insertions(+), 40 deletions(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 685afcaa3ea1..820e394b9054 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -353,6 +353,55 @@ tee_ioctl_shm_register(struct tee_context *ctx,
return ret;
}
+static int param_from_user_memref(struct tee_context *ctx,
+ struct tee_param_memref *memref,
+ struct tee_ioctl_param *ip)
+{
+ struct tee_shm *shm;
+
+ /*
+ * If a NULL pointer is passed to a TA in the TEE,
+ * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL
+ * indicating a NULL memory reference.
+ */
+ if (ip->c != TEE_MEMREF_NULL) {
+ /*
+ * If we fail to get a pointer to a shared
+ * memory object (and increase the ref count)
+ * from an identifier we return an error. All
+ * pointers that has been added in params have
+ * an increased ref count. It's the callers
+ * responibility to do tee_shm_put() on all
+ * resolved pointers.
+ */
+ shm = tee_shm_get_from_id(ctx, ip->c);
+ if (IS_ERR(shm))
+ return PTR_ERR(shm);
+
+ /*
+ * Ensure offset + size does not overflow
+ * offset and does not overflow the size of
+ * the referred shared memory object.
+ */
+ if ((ip->a + ip->b) < ip->a ||
+ (ip->a + ip->b) > shm->size) {
+ tee_shm_put(shm);
+ return -EINVAL;
+ }
+ } else if (ctx->cap_memref_null) {
+ /* Pass NULL pointer to OP-TEE */
+ shm = NULL;
+ } else {
+ return -EINVAL;
+ }
+
+ memref->shm_offs = ip->a;
+ memref->size = ip->b;
+ memref->shm = shm;
+
+ return 0;
+}
+
static int params_from_user(struct tee_context *ctx, struct tee_param *params,
size_t num_params,
struct tee_ioctl_param __user *uparams)
@@ -360,8 +409,8 @@ static int params_from_user(struct tee_context *ctx, struct
tee_param *params,
size_t n;
for (n = 0; n < num_params; n++) {
- struct tee_shm *shm;
struct tee_ioctl_param ip;
+ int rc;
if (copy_from_user(&ip, uparams + n, sizeof(ip)))
return -EFAULT;
@@ -384,45 +433,10 @@ static int params_from_user(struct tee_context *ctx,
struct tee_param *params,
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
- /*
- * If a NULL pointer is passed to a TA in the TEE,
- * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL
- * indicating a NULL memory reference.
- */
- if (ip.c != TEE_MEMREF_NULL) {
- /*
- * If we fail to get a pointer to a shared
- * memory object (and increase the ref count)
- * from an identifier we return an error. All
- * pointers that has been added in params have
- * an increased ref count. It's the callers
- * responibility to do tee_shm_put() on all
- * resolved pointers.
- */
- shm = tee_shm_get_from_id(ctx, ip.c);
- if (IS_ERR(shm))
- return PTR_ERR(shm);
-
- /*
- * Ensure offset + size does not overflow
- * offset and does not overflow the size of
- * the referred shared memory object.
- */
- if ((ip.a + ip.b) < ip.a ||
- (ip.a + ip.b) > shm->size) {
- tee_shm_put(shm);
- return -EINVAL;
- }
- } else if (ctx->cap_memref_null) {
- /* Pass NULL pointer to OP-TEE */
- shm = NULL;
- } else {
- return -EINVAL;
- }
-
- params[n].u.memref.shm_offs = ip.a;
- params[n].u.memref.size = ip.b;
- params[n].u.memref.shm = shm;
+ rc = param_from_user_memref(ctx, ¶ms[n].u.memref,
+ &ip);
+ if (rc)
+ return rc;
break;
default:
/* Unknown attribute */
--
2.43.0
