diff options
| -rw-r--r-- | core/tee/tee_svc.c | 13 | ||||
| -rw-r--r-- | core/tee/tee_svc_cryp.c | 9 | ||||
| -rw-r--r-- | core/tee/tee_svc_storage.c | 20 |
3 files changed, 15 insertions, 27 deletions
diff --git a/core/tee/tee_svc.c b/core/tee/tee_svc.c index 3b7b5acc..b36f6db4 100644 --- a/core/tee/tee_svc.c +++ b/core/tee/tee_svc.c @@ -795,7 +795,7 @@ TEE_Result syscall_open_ta_session(const TEE_UUID *dest, goto out_free_only; utc = to_user_ta_ctx(sess->ctx); - res = copy_from_user(uuid, dest, sizeof(TEE_UUID)); + res = copy_from_user_private(uuid, dest, sizeof(TEE_UUID)); if (res != TEE_SUCCESS) goto function_exit; @@ -819,8 +819,8 @@ TEE_Result syscall_open_ta_session(const TEE_UUID *dest, function_exit: mobj_put_wipe(mobj_param); if (res == TEE_SUCCESS) - copy_to_user(ta_sess, &s->id, sizeof(s->id)); - copy_to_user(ret_orig, &ret_o, sizeof(ret_o)); + copy_to_user_private(ta_sess, &s->id, sizeof(s->id)); + copy_to_user_private(ret_orig, &ret_o, sizeof(ret_o)); out_free_only: free_wipe(param); @@ -909,8 +909,7 @@ TEE_Result syscall_invoke_ta_command(unsigned long ta_sess, function_exit: tee_ta_put_session(called_sess); mobj_put_wipe(mobj_param); - if (ret_orig) - copy_to_user(ret_orig, &ret_o, sizeof(ret_o)); + copy_to_user_private(ret_orig, &ret_o, sizeof(ret_o)); return res; } @@ -1034,7 +1033,7 @@ TEE_Result syscall_get_time(unsigned long cat, TEE_Time *mytime) } if (res == TEE_SUCCESS || res == TEE_ERROR_OVERFLOW) { - res2 = copy_to_user(mytime, &t, sizeof(t)); + res2 = copy_to_user_private(mytime, &t, sizeof(t)); if (res2 != TEE_SUCCESS) res = res2; } @@ -1052,7 +1051,7 @@ TEE_Result syscall_set_ta_time(const TEE_Time *mytime) if (res != TEE_SUCCESS) return res; - res = copy_from_user(&t, mytime, sizeof(t)); + res = copy_from_user_private(&t, mytime, sizeof(t)); if (res != TEE_SUCCESS) return res; diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 060222e2..e0337d5c 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -901,7 +901,7 @@ TEE_Result syscall_cryp_obj_get_info(unsigned long obj, TEE_ObjectInfo *info) if (res != TEE_SUCCESS) goto exit; - res = copy_to_user(info, &o->info, sizeof(o->info)); + res = copy_to_user_private(info, &o->info, sizeof(o->info)); exit: return res; @@ -3176,8 +3176,7 @@ TEE_Result syscall_cryp_random_number_generate(void *buf, size_t blen) return res; res = tee_mmu_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, - TEE_MEMORY_ACCESS_WRITE | - TEE_MEMORY_ACCESS_ANY_OWNER, + TEE_MEMORY_ACCESS_WRITE, (uaddr_t)buf, blen); if (res != TEE_SUCCESS) return res; @@ -3480,9 +3479,7 @@ TEE_Result syscall_authenc_dec_final(unsigned long state, goto out; } - res = tee_mmu_check_access_rights(uctx, - TEE_MEMORY_ACCESS_READ | - TEE_MEMORY_ACCESS_ANY_OWNER, + res = tee_mmu_check_access_rights(uctx, TEE_MEMORY_ACCESS_READ, (uaddr_t)tag, tag_len); if (res != TEE_SUCCESS) return res; diff --git a/core/tee/tee_svc_storage.c b/core/tee/tee_svc_storage.c index bdac25f7..5c8bb050 100644 --- a/core/tee/tee_svc_storage.c +++ b/core/tee/tee_svc_storage.c @@ -740,17 +740,13 @@ TEE_Result syscall_storage_next_enum(unsigned long obj_enum, goto exit; /* check rights of the provided buffers */ - res = tee_mmu_check_access_rights(&utc->uctx, - TEE_MEMORY_ACCESS_WRITE | - TEE_MEMORY_ACCESS_ANY_OWNER, + res = tee_mmu_check_access_rights(&utc->uctx, TEE_MEMORY_ACCESS_WRITE, (uaddr_t)info, sizeof(TEE_ObjectInfo)); if (res != TEE_SUCCESS) goto exit; - res = tee_mmu_check_access_rights(&utc->uctx, - TEE_MEMORY_ACCESS_WRITE | - TEE_MEMORY_ACCESS_ANY_OWNER, + res = tee_mmu_check_access_rights(&utc->uctx, TEE_MEMORY_ACCESS_WRITE, (uaddr_t)obj_id, TEE_OBJECT_ID_MAX_LEN); if (res != TEE_SUCCESS) @@ -787,7 +783,7 @@ TEE_Result syscall_storage_next_enum(unsigned long obj_enum, memcpy(obj_id, o->pobj->obj_id, o->pobj->obj_id_len); l = o->pobj->obj_id_len; - res = copy_to_user(len, &l, sizeof(*len)); + res = copy_to_user_private(len, &l, sizeof(*len)); exit: if (o) { @@ -835,9 +831,7 @@ TEE_Result syscall_storage_obj_read(unsigned long obj, void *data, size_t len, } /* check rights of the provided buffer */ - res = tee_mmu_check_access_rights(&utc->uctx, - TEE_MEMORY_ACCESS_WRITE | - TEE_MEMORY_ACCESS_ANY_OWNER, + res = tee_mmu_check_access_rights(&utc->uctx, TEE_MEMORY_ACCESS_WRITE, (uaddr_t)data, len); if (res != TEE_SUCCESS) goto exit; @@ -859,7 +853,7 @@ TEE_Result syscall_storage_obj_read(unsigned long obj, void *data, size_t len, o->info.dataPosition += bytes; u_count = bytes; - res = copy_to_user(count, &u_count, sizeof(*count)); + res = copy_to_user_private(count, &u_count, sizeof(*count)); exit: return res; } @@ -898,9 +892,7 @@ TEE_Result syscall_storage_obj_write(unsigned long obj, void *data, size_t len) } /* check rights of the provided buffer */ - res = tee_mmu_check_access_rights(&utc->uctx, - TEE_MEMORY_ACCESS_READ | - TEE_MEMORY_ACCESS_ANY_OWNER, + res = tee_mmu_check_access_rights(&utc->uctx, TEE_MEMORY_ACCESS_READ, (uaddr_t)data, len); if (res != TEE_SUCCESS) goto exit; |