On Sun, Aug 21, 2022 at 12:00 AM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
> The patch below does not apply to the 5.4-stable tree.
Yeah, there's some major re-org made by commit 53e16519c2ec ("tee:
replace tee_shm_register()") and related in this area in v5.18.
I think you need to just add that
if (!access_ok((void __user *)data.addr, data.length))
return -EFAULT;
to tee_ioctl_shm_register() just before the call to tee_shm_register().
It's where it checks "data.flags" too:
/* Currently no input flags are supported */
if (data.flags)
return -EINVAL;
so it lines up with that whole "check ioctl arguments in the memory
block we just copied".
But Jens should probably double-check that.
Linus
