Am 27.02.24 um 13:59 schrieb Ilpo Järvinen:
On Fri, 23 Feb 2024, Armin Wolf wrote:
The policy buffer is allocated using normal memory allocation
functions, so readl() should not be used on it.
Use get_unaligned_le32() instead.
Compile-tested only.
Signed-off-by: Armin Wolf <W_Armin@xxxxxx>
---
drivers/platform/x86/amd/pmf/tee-if.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c
index 16973bebf55f..3220b6580270 100644
--- a/drivers/platform/x86/amd/pmf/tee-if.c
+++ b/drivers/platform/x86/amd/pmf/tee-if.c
@@ -11,6 +11,7 @@
#include <linux/debugfs.h>
#include <linux/tee_drv.h>
#include <linux/uuid.h>
+#include <asm/unaligned.h>
#include "pmf.h"
#define MAX_TEE_PARAM 4
@@ -249,8 +250,8 @@ static int amd_pmf_start_policy_engine(struct amd_pmf_dev *dev)
u32 cookie, length;
int res;
- cookie = readl(dev->policy_buf + POLICY_COOKIE_OFFSET);
- length = readl(dev->policy_buf + POLICY_COOKIE_LEN);
+ cookie = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_OFFSET);
+ length = get_unaligned_le32(dev->policy_buf + POLICY_COOKIE_LEN);
I don't understand you need _unaligned_ here, the offsets should be dword
aligned, no?
#define POLICY_COOKIE_OFFSET 0x10
#define POLICY_COOKIE_LEN 0x14
Hi,
you are right about this.
However i just noticed that the driver does not validate that the policy buffer is big enough
before accessing the data.
I will prepare a separate patch series to address this.
Thanks,
Armin Wolf
