Re: [PATCH v2 6/8] tee: add Qualcomm TEE driver

From: kernel test robot
Date: Mon Feb 03 2025 - 07:45:40 EST

Hi Amirreza,

kernel test robot noticed the following build warnings:

[auto build test WARNING on dab2734f8e9ecba609d66d1dd087a392a7774c04]

url: https://github.com/intel-lab-lkp/linux/commits/Amirreza-Zarrabi/tee-allow-a-driver-to-allocate-a-tee_device-without-a-pool/20250203-104846
base: dab2734f8e9ecba609d66d1dd087a392a7774c04
patch link: https://lore.kernel.org/r/20250202-qcom-tee-using-tee-ss-without-mem-obj-v2-6-297eacd0d34f%40quicinc.com
patch subject: [PATCH v2 6/8] tee: add Qualcomm TEE driver
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20250203/202502032035.o5DxD10H-lkp@xxxxxxxxx/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250203/202502032035.o5DxD10H-lkp@xxxxxxxxx/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-kbuild-all/202502032035.o5DxD10H-lkp@xxxxxxxxx/

All warnings (new ones prefixed by >>):

drivers/tee/qcomtee/call.c: In function 'qcomtee_object_invoke':
drivers/tee/qcomtee/call.c:419:16: error: cleanup argument not a function
419 | struct qcomtee_object_invoke_ctx *oic __free(kfree) = NULL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/tee/qcomtee/call.c:421:16: error: cleanup argument not a function
421 | struct qcomtee_arg *u __free(kfree) = NULL;
| ^~~~~~~~~~~
drivers/tee/qcomtee/call.c:439:15: error: implicit declaration of function 'kzalloc' [-Werror=implicit-function-declaration]
439 | oic = kzalloc(sizeof(*oic), GFP_KERNEL);
| ^~~~~~~
>> drivers/tee/qcomtee/call.c:439:13: warning: assignment to 'struct qcomtee_object_invoke_ctx *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
439 | oic = kzalloc(sizeof(*oic), GFP_KERNEL);
| ^
drivers/tee/qcomtee/call.c:444:13: error: implicit declaration of function 'kcalloc' [-Werror=implicit-function-declaration]
444 | u = kcalloc(arg->num_params + 1, sizeof(*u), GFP_KERNEL);
| ^~~~~~~
>> drivers/tee/qcomtee/call.c:444:11: warning: assignment to 'struct qcomtee_arg *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
444 | u = kcalloc(arg->num_params + 1, sizeof(*u), GFP_KERNEL);
| ^
drivers/tee/qcomtee/call.c: In function 'qcomtee_open':
drivers/tee/qcomtee/call.c:584:16: error: cleanup argument not a function
584 | struct qcomtee_context_data *ctxdata __free(kfree) = NULL;
| ^~~~~~~~~~~~~~~~~~~~
>> drivers/tee/qcomtee/call.c:586:17: warning: assignment to 'struct qcomtee_context_data *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
586 | ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL);
| ^
drivers/tee/qcomtee/call.c: In function 'qcomtee_release':
drivers/tee/qcomtee/call.c:623:9: error: implicit declaration of function 'kfree' [-Werror=implicit-function-declaration]
623 | kfree(ctxdata);
| ^~~~~
drivers/tee/qcomtee/call.c: In function 'qcomtee_probe':
drivers/tee/qcomtee/call.c:655:16: error: cleanup argument not a function
655 | struct qcomtee *qcomtee __free(kfree) = NULL;
| ^~~~~~~
>> drivers/tee/qcomtee/call.c:659:17: warning: assignment to 'struct qcomtee *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
659 | qcomtee = kzalloc(sizeof(*qcomtee), GFP_KERNEL);
| ^
cc1: some warnings being treated as errors
--
drivers/tee/qcomtee/core.c: In function 'qcomtee_object_alloc':
drivers/tee/qcomtee/core.c:51:18: error: implicit declaration of function 'kzalloc' [-Werror=implicit-function-declaration]
51 | object = kzalloc(sizeof(*object), GFP_KERNEL);
| ^~~~~~~
>> drivers/tee/qcomtee/core.c:51:16: warning: assignment to 'struct qcomtee_object *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
51 | object = kzalloc(sizeof(*object), GFP_KERNEL);
| ^
drivers/tee/qcomtee/core.c: In function 'qcomtee_object_free':
drivers/tee/qcomtee/core.c:62:9: error: implicit declaration of function 'kfree' [-Werror=implicit-function-declaration]
62 | kfree(object->name);
| ^~~~~
drivers/tee/qcomtee/core.c: In function 'qcomtee_object_user_init':
drivers/tee/qcomtee/core.c:249:17: warning: function 'qcomtee_object_user_init' might be a candidate for 'gnu_printf' format attribute [-Wsuggest-attribute=format]
249 | object->name = kvasprintf_const(GFP_KERNEL, fmt, ap);
| ^~~~~~
drivers/tee/qcomtee/core.c: In function 'qcomtee_prepare_msg':
drivers/tee/qcomtee/core.c:378:26: error: implicit declaration of function 'copy_from_user' [-Werror=implicit-function-declaration]
378 | else if (copy_from_user(ptr, u[i].b.uaddr, u[i].b.size))
| ^~~~~~~~~~~~~~
drivers/tee/qcomtee/core.c: In function 'qcomtee_update_args':
drivers/tee/qcomtee/core.c:458:26: error: implicit declaration of function 'copy_to_user' [-Werror=implicit-function-declaration]
458 | else if (copy_to_user(u[i].b.uaddr, ptr, u[i].b.size))
| ^~~~~~~~~~~~
cc1: some warnings being treated as errors
--
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_requests_destroy':
drivers/tee/qcomtee/user_obj.c:238:25: error: implicit declaration of function 'kfree' [-Werror=implicit-function-declaration]
238 | kfree(ureq);
| ^~~~~
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_user_object_dispatch':
drivers/tee/qcomtee/user_obj.c:252:16: error: cleanup argument not a function
252 | struct qcomtee_ureq *ureq __free(kfree) = NULL;
| ^~~~~~~~~~~~
drivers/tee/qcomtee/user_obj.c:255:16: error: implicit declaration of function 'kzalloc' [-Werror=implicit-function-declaration]
255 | ureq = kzalloc(sizeof(*ureq), GFP_KERNEL);
| ^~~~~~~
>> drivers/tee/qcomtee/user_obj.c:255:14: warning: assignment to 'struct qcomtee_ureq *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
255 | ureq = kzalloc(sizeof(*ureq), GFP_KERNEL);
| ^
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_user_object_release':
drivers/tee/qcomtee/user_obj.c:352:14: warning: assignment to 'struct qcomtee_ureq *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
352 | ureq = kzalloc(sizeof(*ureq), GFP_KERNEL);
| ^
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_user_param_to_object':
drivers/tee/qcomtee/user_obj.c:394:16: error: cleanup argument not a function
394 | struct qcomtee_user_object *user_object __free(kfree) = NULL;
| ^~~~~~~~~~~~~~~~~~~
>> drivers/tee/qcomtee/user_obj.c:398:21: warning: assignment to 'struct qcomtee_user_object *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
398 | user_object = kzalloc(sizeof(*user_object), GFP_KERNEL);
| ^
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_cb_params_from_args':
drivers/tee/qcomtee/user_obj.c:484:29: error: implicit declaration of function 'copy_to_user' [-Werror=implicit-function-declaration]
484 | if (copy_to_user(params[i].u.ubuf.uaddr, u[i].b.addr,
| ^~~~~~~~~~~~
drivers/tee/qcomtee/user_obj.c: In function 'qcomtee_cb_params_to_args':
drivers/tee/qcomtee/user_obj.c:561:29: error: implicit declaration of function 'copy_from_user' [-Werror=implicit-function-declaration]
561 | if (copy_from_user(u[i].b.addr, params[i].u.ubuf.uaddr,
| ^~~~~~~~~~~~~~
cc1: some warnings being treated as errors


vim +439 drivers/tee/qcomtee/call.c

406
407 /**
408 * qcomtee_object_invoke() - Invoke a QTEE object.
409 * @ctx: TEE context.
410 * @arg: ioctl arguments.
411 * @params: parameters for the object.
412 *
413 * Return: On success, returns 0; on failure, returns < 0.
414 */
415 static int qcomtee_object_invoke(struct tee_context *ctx,
416 struct tee_ioctl_object_invoke_arg *arg,
417 struct tee_param *params)
418 {
> 419 struct qcomtee_object_invoke_ctx *oic __free(kfree) = NULL;
420 struct qcomtee_context_data *ctxdata = ctx->data;
421 struct qcomtee_arg *u __free(kfree) = NULL;
422 struct qcomtee_object *object;
423 int i, ret, result;
424
425 if (qcomtee_params_check(params, arg->num_params))
426 return -EINVAL;
427
428 /* First, handle reserved operations: */
429 if (arg->op == QCOMTEE_OBJREF_OP_RELEASE) {
430 del_qtee_object(arg->object, ctxdata);
431
432 return 0;
433 } else if (arg->op > QCOMTEE_OBJREF_OP_MIN) {
434 return -EINVAL;
435 }
436
437 /* Otherwise, invoke a QTEE object: */
438
> 439 oic = kzalloc(sizeof(*oic), GFP_KERNEL);
440 if (!oic)
441 return -ENOMEM;
442
443 /* +1 for ending QCOMTEE_ARG_TYPE_INV. */
> 444 u = kcalloc(arg->num_params + 1, sizeof(*u), GFP_KERNEL);
445 if (!u)
446 return -ENOMEM;
447
448 /* Get an object to invoke. */
449 if (arg->object == TEE_OBJREF_NULL) {
450 /* Use ROOT if TEE_OBJREF_NULL is invoked. */
451 if (qcomtee_root_object_check(arg->op, params, arg->num_params))
452 return -EINVAL;
453
454 object = ROOT_QCOMTEE_OBJECT;
455 } else if (find_qtee_object(&object, arg->object, ctxdata)) {
456 return -EINVAL;
457 }
458
459 ret = qcomtee_params_to_args(u, params, arg->num_params, ctx);
460 if (ret)
461 goto out;
462
463 ret = qcomtee_object_do_invoke(oic, object, arg->op, u, &result);
464 if (ret) {
465 qcomtee_arg_for_each_input_object(i, u) {
466 qcomtee_user_object_set_notify(u[i].o, false);
467 qcomtee_object_put(u[i].o);
468 }
469
470 goto out;
471 }
472
473 if (!result) {
474 /* Assume service is UNAVAIL if unable to process the result. */
475 if (qcomtee_params_from_args(params, u, arg->num_params, ctx))
476 result = QCOMTEE_MSG_ERROR_UNAVAIL;
477 } else {
478 /*
479 * qcomtee_params_to_args() gets a copy of IO for the driver to
480 * make sure they do not get released while in the middle of
481 * invocation. On success (!result), qcomtee_params_from_args()
482 * puts them.
483 */
484 qcomtee_arg_for_each_input_object(i, u)
485 qcomtee_object_put(u[i].o);
486 }
487
488 arg->ret = result;
489 out:
490 qcomtee_object_put(object);
491
492 return ret;
493 }
494
495 /**
496 * qcomtee_supp_recv() - Wait for a request for the supplicant.
497 * @ctx: TEE context.
498 * @op: requested operation on the object.
499 * @num_params: number of elements in the parameter array.
500 * @params: parameters for @op.
501 *
502 * The first parameter is a meta %TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT.
503 * On input, it provides a user buffer. This buffer is used for parameters of
504 * type %TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT in qcomtee_cb_params_from_args().
505 * On output, the object ID and request ID are stored in the meta parameter.
506 *
507 * @num_params is updated to the number of parameters that actually exist
508 * in @params on return.
509 *
510 * Return: On success, returns 0; on failure, returns < 0.
511 */
512 static int qcomtee_supp_recv(struct tee_context *ctx, u32 *op, u32 *num_params,
513 struct tee_param *params)
514 {
515 struct qcomtee_user_object_request_data data;
516 void __user *uaddr;
517 size_t ubuf_size;
518 int i, ret;
519
520 if (!*num_params)
521 return -EINVAL;
522
523 /* We expect the first parameter to be an INOUT + meta parameter. */
524 if (params->attr !=
525 (TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT | TEE_IOCTL_PARAM_ATTR_META))
526 return -EINVAL;
527
528 /* Other parameters are none. */
529 for (i = 1; i < *num_params; i++)
530 if (params[i].attr)
531 return -EINVAL;
532
533 if (!IS_ALIGNED(params->u.value.a, 8))
534 return -EINVAL;
535
536 /* User buffer and size from meta parameter. */
537 uaddr = u64_to_user_ptr(params->u.value.a);
538 ubuf_size = params->u.value.b;
539 /* Process TEE parameters. +/-1 to ignore the meta parameter. */
540 ret = qcomtee_user_object_select(ctx, params + 1, *num_params - 1,
541 uaddr, ubuf_size, &data);
542 if (ret)
543 return ret;
544
545 params->u.value.a = data.object_id;
546 params->u.value.b = data.id;
547 params->u.value.c = 0;
548 *op = data.op;
549 *num_params = data.np + 1;
550
551 return 0;
552 }
553
554 /**
555 * qcomtee_supp_send() - Submit a response for a request.
556 * @ctx: TEE context.
557 * @errno: return value for the request.
558 * @num_params: number of elements in the parameter array.
559 * @params: returned parameters.
560 *
561 * The first parameter is a meta %TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT.
562 * It specifies the request ID this response belongs to.
563 *
564 * Return: On success, returns 0; on failure, returns < 0.
565 */
566 static int qcomtee_supp_send(struct tee_context *ctx, u32 errno, u32 num_params,
567 struct tee_param *params)
568 {
569 if (!num_params)
570 return -EINVAL;
571
572 /* We expect the first parameter to be an OUTPUT + meta parameter. */
573 if (params->attr != (TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT |
574 TEE_IOCTL_PARAM_ATTR_META))
575 return -EINVAL;
576
577 /* Process TEE parameters. +/-1 to ignore the meta parameter. */
578 return qcomtee_user_object_submit(ctx, params + 1, num_params - 1,
579 params->u.value.a, errno);
580 }
581
582 static int qcomtee_open(struct tee_context *ctx)
583 {
584 struct qcomtee_context_data *ctxdata __free(kfree) = NULL;
585
> 586 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL);
587 if (!ctxdata)
588 return -ENOMEM;
589
590 idr_init(&ctxdata->qtee_objects_idr);
591 spin_lock_init(&ctxdata->qtee_lock);
592 idr_init(&ctxdata->reqs_idr);
593 INIT_LIST_HEAD(&ctxdata->reqs_list);
594 mutex_init(&ctxdata->reqs_lock);
595 init_completion(&ctxdata->req_c);
596
597 ctx->data = no_free_ptr(ctxdata);
598
599 return 0;
600 }
601
602 /* This is called when the user closes the context. */
603 static void qcomtee_close_context(struct tee_context *ctx)
604 {
605 struct qcomtee_context_data *ctxdata = ctx->data;
606 struct qcomtee_object *object;
607 int id;
608
609 /* Process QUEUED or PROCESSING requests. */
610 qcomtee_requests_destroy(ctxdata);
611 /* Release QTEE objects. */
612 idr_for_each_entry(&ctxdata->qtee_objects_idr, object, id)
613 qcomtee_object_put(object);
614 }
615
616 /* This is called when the final reference to the context goes away. */
617 static void qcomtee_release(struct tee_context *ctx)
618 {
619 struct qcomtee_context_data *ctxdata = ctx->data;
620
621 idr_destroy(&ctxdata->qtee_objects_idr);
622 idr_destroy(&ctxdata->reqs_idr);
> 623 kfree(ctxdata);
624 }
625

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki