in tee_core.c [681:730]
static int tee_ioctl_supp_recv(struct tee_context *ctx,
struct tee_ioctl_buf_data __user *ubuf)
{
int rc;
struct tee_ioctl_buf_data buf;
struct tee_iocl_supp_recv_arg __user *uarg;
struct tee_param *params;
u32 num_params;
u32 func;
if (!ctx->teedev->desc->ops->supp_recv)
return -EINVAL;
if (copy_from_user(&buf, ubuf, sizeof(buf)))
return -EFAULT;
if (buf.buf_len > TEE_MAX_ARG_SIZE ||
buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
return -EINVAL;
uarg = u64_to_user_ptr(buf.buf_ptr);
if (get_user(num_params, &uarg->num_params))
return -EFAULT;
if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
return -EINVAL;
params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
if (!params)
return -ENOMEM;
rc = params_from_user(ctx, params, num_params, uarg->params);
if (rc)
goto out;
rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
if (rc)
goto out;
if (put_user(func, &uarg->func) ||
put_user(num_params, &uarg->num_params)) {
rc = -EFAULT;
goto out;
}
rc = params_to_supp(ctx, uarg->params, num_params, params);
out:
kfree(params);
return rc;
}