On Tue, Nov 08, 2022 at 04:23:01PM +0530, Sumit Garg wrote:
> Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()")
> refactored tee_shm_register() into corresponding user and kernel space
> functions named tee_shm_register_{user,kernel}_buf(). The upstream fix
> commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()")
> only applied to tee_shm_register_user_buf().
>
> But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above
> mentioned tee_shm_register() refactoring commit. Hence a direct backport
> wasn't possible and the fix has to be rather applied to
> tee_ioctl_shm_register().
>
> Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels
> but the backports for 5.10 and 5.15 stable kernels were broken as fix
> was applied to common tee_shm_register() function which broke its kernel
> space users such as trusted keys driver.
>
> Fortunately the backport for 5.10 stable kernel was incidently fixed by:
> commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So
> fix the backport for 5.15 stable kernel as well.
>
> Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()")
> Cc: stable@xxxxxxxxxxxxxxx # 5.15
> Reported-by: Sahil Malhotra <sahil.malhotra@xxxxxxx>
> Signed-off-by: Sumit Garg <sumit.garg@xxxxxxxxxx>
> ---
> drivers/tee/tee_core.c | 3 +++
> drivers/tee/tee_shm.c | 3 ---
> 2 files changed, 3 insertions(+), 3 deletions(-)
Now queued up, thanks.
greg k-h
