From d1c8aa7f66572b9884b3f101d12d1ac569883fcd Mon Sep 17 00:00:00 2001 From: Dinesh K Garg Date: Tue, 9 May 2017 15:16:04 -0700 Subject: [PATCH] msm: mink: Avoid handling output params if TZ op returns an err Invoke operation is processed at couple of places in trusted env; in TZ kernel and/or in TZ apps. If TZ kernel returns an error, SMCInvoke driver does not process output params and returns appropriate err to userspace. However, if error is returned from trusted apps, SMCInvoke still processes output params and returns error to userspace. Now, SMCInvoke driver will not process output params if trusted app returns an error. Userspace is also expected to follow the same rule. Change-Id: Ic58e37ba714d4b384e3fa9206419c69ddd852b4a Signed-off-by: Dinesh K Garg --- drivers/soc/qcom/smcinvoke.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/soc/qcom/smcinvoke.c b/drivers/soc/qcom/smcinvoke.c index 99ae24735f05..f69ff47ae0f7 100644 --- a/drivers/soc/qcom/smcinvoke.c +++ b/drivers/soc/qcom/smcinvoke.c @@ -429,10 +429,17 @@ long smcinvoke_ioctl(struct file *filp, unsigned cmd, unsigned long arg) if (ret) goto out; - ret = marshal_out(in_msg, inmsg_size, &req, args_buf); + /* + * if invoke op results in an err, no need to marshal_out and + * copy args buf to user space + */ + if (!req.result) { + ret = marshal_out(in_msg, inmsg_size, &req, args_buf); - ret |= copy_to_user((void __user *)(uintptr_t)(req.args), + ret |= copy_to_user( + (void __user *)(uintptr_t)(req.args), args_buf, nr_args * req.argsize); + } ret |= copy_to_user((void __user *)arg, &req, sizeof(req)); if (ret) goto out;