in tee_core.c [778:819]
static int tee_ioctl_supp_send(struct tee_context *ctx,
struct tee_ioctl_buf_data __user *ubuf)
{
long rc;
struct tee_ioctl_buf_data buf;
struct tee_iocl_supp_send_arg __user *uarg;
struct tee_param *params;
u32 num_params;
u32 ret;
/* Not valid for this driver */
if (!ctx->teedev->desc->ops->supp_send)
return -EINVAL;
if (copy_from_user(&buf, ubuf, sizeof(buf)))
return -EFAULT;
if (buf.buf_len > TEE_MAX_ARG_SIZE ||
buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
return -EINVAL;
uarg = u64_to_user_ptr(buf.buf_ptr);
if (get_user(ret, &uarg->ret) ||
get_user(num_params, &uarg->num_params))
return -EFAULT;
if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
return -EINVAL;
params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
if (!params)
return -ENOMEM;
rc = params_from_supp(params, num_params, uarg->params);
if (rc)
goto out;
rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
out:
kfree(params);
return rc;
}