On Tue, Nov 08, 2022 at 04:23:01PM +0530, Sumit Garg wrote:
Commit 056d3fed3d1f ("tee: add tee_shm_register_{user,kernel}_buf()") refactored tee_shm_register() into corresponding user and kernel space functions named tee_shm_register_{user,kernel}_buf(). The upstream fix commit 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") only applied to tee_shm_register_user_buf().
But the stable kernel 4.19, 5.4, 5.10 and 5.15 don't have the above mentioned tee_shm_register() refactoring commit. Hence a direct backport wasn't possible and the fix has to be rather applied to tee_ioctl_shm_register().
Somehow the fix was correctly backported to 4.19 and 5.4 stable kernels but the backports for 5.10 and 5.15 stable kernels were broken as fix was applied to common tee_shm_register() function which broke its kernel space users such as trusted keys driver.
Fortunately the backport for 5.10 stable kernel was incidently fixed by: commit 606fe84a4185 ("tee: fix memory leak in tee_shm_register()"). So fix the backport for 5.15 stable kernel as well.
Fixes: 578c349570d2 ("tee: add overflow check in register_shm_helper()") Cc: stable@vger.kernel.org # 5.15 Reported-by: Sahil Malhotra sahil.malhotra@nxp.com Signed-off-by: Sumit Garg sumit.garg@linaro.org
drivers/tee/tee_core.c | 3 +++ drivers/tee/tee_shm.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-)
Now queued up, thanks.
greg k-h