From: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com
[ Upstream commit 6dbcd5a9ab6cb6644e7d728521da1c9035ec7235 ]
A TEE driver doesn't always need to provide a pool if it doesn't support memory sharing ioctls and can allocate memory for TEE messages in another way. Although this is mentioned in the documentation for tee_device_alloc(), it is not handled correctly.
Reviewed-by: Sumit Garg sumit.garg@oss.qualcomm.com Signed-off-by: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com Signed-off-by: Jens Wiklander jens.wiklander@linaro.org Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
YES - The change simply drops the `|| !pool` guard in `tee_device_alloc()` (`drivers/tee/tee_core.c:892`), which currently rejects drivers that intentionally omit a shared-memory pool even though the API contract and docs (`include/linux/tee_core.h:123`) have long advertised `pool` as optional. Today that mismatch means such drivers cannot register at all, so user-visible functionality is blocked. - Other subsystem code already treats a missing pool as a valid state and bails out safely: shared-memory allocators check `if (!teedev->pool)` before dereferencing it and return an error to user space (`drivers/tee/tee_shm.c:78`), so allowing allocation without a pool doesn’t create new NULL dereferences or change behaviour for drivers that do use shared memory. - Existing in-tree TEE implementations still guard their pool setup with `IS_ERR()` checks (e.g. OP-TEE in `drivers/tee/optee/smc_abi.c:1651`), so a genuine failure still propagates an error instead of slipping through; we only unblock the documented “no pool” case. - The patch is tiny, self-contained, and doesn’t alter ioctls or data structures, making the regression risk very low while fixing a long- standing real bug that prevents compliant drivers from loading. Backporting keeps the stable tree consistent with the exported TEE API and supports downstream drivers that rely on the documented behaviour.
drivers/tee/tee_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index acc7998758ad8..133447f250657 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -889,7 +889,7 @@ struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
if (!teedesc || !teedesc->name || !teedesc->ops || !teedesc->ops->get_version || !teedesc->ops->open || - !teedesc->ops->release || !pool) + !teedesc->ops->release) return ERR_PTR(-EINVAL);
teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);