Hi Amirreza,
kernel test robot noticed the following build warnings:
[auto build test WARNING on 3be1a7a31fbda82f3604b6c31e4f390110de1b46]
url: https://github.com/intel-lab-lkp/linux/commits/Amirreza-Zarrabi/tee-allow-a-... base: 3be1a7a31fbda82f3604b6c31e4f390110de1b46 patch link: https://lore.kernel.org/r/20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-... patch subject: [PATCH v5 03/12] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF config: arm64-randconfig-r121-20250527 (https://download.01.org/0day-ci/archive/20250528/202505280721.abBn0GaE-lkp@i...) compiler: aarch64-linux-gcc (GCC) 8.5.0 reproduce: (https://download.01.org/0day-ci/archive/20250528/202505280721.abBn0GaE-lkp@i...)
If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot lkp@intel.com | Closes: https://lore.kernel.org/oe-kbuild-all/202505280721.abBn0GaE-lkp@intel.com/
sparse warnings: (new ones prefixed by >>) drivers/tee/tee_core.c:393:48: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *[noderef] uaddr @@ got void [noderef] __user * @@ drivers/tee/tee_core.c:393:48: sparse: expected void *[noderef] uaddr drivers/tee/tee_core.c:393:48: sparse: got void [noderef] __user *
drivers/tee/tee_core.c:396:56: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const [noderef] __user *addr @@ got void *[noderef] uaddr @@
drivers/tee/tee_core.c:396:56: sparse: expected void const [noderef] __user *addr drivers/tee/tee_core.c:396:56: sparse: got void *[noderef] uaddr drivers/tee/tee_core.c:785:41: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *[noderef] uaddr @@ got void [noderef] __user * @@ drivers/tee/tee_core.c:785:41: sparse: expected void *[noderef] uaddr drivers/tee/tee_core.c:785:41: sparse: got void [noderef] __user * drivers/tee/tee_core.c:788:56: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const [noderef] __user *addr @@ got void *[noderef] uaddr @@ drivers/tee/tee_core.c:788:56: sparse: expected void const [noderef] __user *addr drivers/tee/tee_core.c:788:56: sparse: got void *[noderef] uaddr drivers/tee/tee_core.c:396:46: sparse: sparse: dereference of noderef expression drivers/tee/tee_core.c:396:46: sparse: sparse: dereference of noderef expression drivers/tee/tee_core.c:677:37: sparse: sparse: dereference of noderef expression drivers/tee/tee_core.c:788:46: sparse: sparse: dereference of noderef expression drivers/tee/tee_core.c:788:46: sparse: sparse: dereference of noderef expression
vim +396 drivers/tee/tee_core.c
361 362 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 363 size_t num_params, 364 struct tee_ioctl_param __user *uparams) 365 { 366 size_t n; 367 368 for (n = 0; n < num_params; n++) { 369 struct tee_shm *shm; 370 struct tee_ioctl_param ip; 371 372 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 373 return -EFAULT; 374 375 /* All unused attribute bits has to be zero */ 376 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 377 return -EINVAL; 378 379 params[n].attr = ip.attr; 380 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 381 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 382 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 383 break; 384 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 385 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 386 params[n].u.value.a = ip.a; 387 params[n].u.value.b = ip.b; 388 params[n].u.value.c = ip.c; 389 break; 390 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: 391 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 392 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 393 params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); 394 params[n].u.ubuf.size = ip.b; 395
396 if (!access_ok(params[n].u.ubuf.uaddr,
397 params[n].u.ubuf.size)) 398 return -EFAULT; 399 400 break; 401 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 402 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 403 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 404 /* 405 * If a NULL pointer is passed to a TA in the TEE, 406 * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL 407 * indicating a NULL memory reference. 408 */ 409 if (ip.c != TEE_MEMREF_NULL) { 410 /* 411 * If we fail to get a pointer to a shared 412 * memory object (and increase the ref count) 413 * from an identifier we return an error. All 414 * pointers that has been added in params have 415 * an increased ref count. It's the callers 416 * responibility to do tee_shm_put() on all 417 * resolved pointers. 418 */ 419 shm = tee_shm_get_from_id(ctx, ip.c); 420 if (IS_ERR(shm)) 421 return PTR_ERR(shm); 422 423 /* 424 * Ensure offset + size does not overflow 425 * offset and does not overflow the size of 426 * the referred shared memory object. 427 */ 428 if ((ip.a + ip.b) < ip.a || 429 (ip.a + ip.b) > shm->size) { 430 tee_shm_put(shm); 431 return -EINVAL; 432 } 433 } else if (ctx->cap_memref_null) { 434 /* Pass NULL pointer to OP-TEE */ 435 shm = NULL; 436 } else { 437 return -EINVAL; 438 } 439 440 params[n].u.memref.shm_offs = ip.a; 441 params[n].u.memref.size = ip.b; 442 params[n].u.memref.shm = shm; 443 break; 444 default: 445 /* Unknown attribute */ 446 return -EINVAL; 447 } 448 } 449 return 0; 450 } 451