1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. 4 */ 5 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 8 #include <linux/slab.h> 9 #include <linux/uaccess.h> 10 11 #include "qcomtee.h" 12 13 /** 14 * DOC: User Objects aka Supplicants 15 * 16 * Any userspace process with access to the TEE device file can behave as a 17 * supplicant by creating a user object. Any TEE parameter of type OBJREF with 18 * %QCOMTEE_OBJREF_FLAG_USER flag set is considered a user object. 19 * 20 * A supplicant uses qcomtee_user_object_select() (i.e. TEE_IOC_SUPPL_RECV) to 21 * receive a QTEE user object request and qcomtee_user_object_submit() 22 * (i.e. TEE_IOC_SUPPL_SEND) to submit a response. QTEE expects to receive the 23 * response, including OB and OO in a specific order in the message; parameters 24 * submitted with qcomtee_user_object_submit() should maintain this order. 25 */ 26 27 /** 28 * struct qcomtee_user_object - User object. 29 * @object: &struct qcomtee_object representing the user object. 30 * @ctx: context for which the user object is defined. 31 * @object_id: object ID in @ctx. 32 * @notify: notify on release. 33 * 34 * Any object managed in userspace is represented by this struct. 35 * If @notify is set, a notification message is sent back to userspace 36 * upon release. 37 */ 38 struct qcomtee_user_object { 39 struct qcomtee_object object; 40 struct tee_context *ctx; 41 u64 object_id; 42 bool notify; 43 }; 44 45 #define to_qcomtee_user_object(o) \ 46 container_of((o), struct qcomtee_user_object, object) 47 48 static struct qcomtee_object_operations qcomtee_user_object_ops; 49 50 /* Is it a user object? */ 51 int is_qcomtee_user_object(struct qcomtee_object *object) 52 { 53 return object != NULL_QCOMTEE_OBJECT && 54 typeof_qcomtee_object(object) == QCOMTEE_OBJECT_TYPE_CB && 55 object->ops == &qcomtee_user_object_ops; 56 } 57 58 /* Set the user object's 'notify on release' flag. */ 59 void qcomtee_user_object_set_notify(struct qcomtee_object *object, bool notify) 60 { 61 if (is_qcomtee_user_object(object)) 62 to_qcomtee_user_object(object)->notify = notify; 63 } 64 65 /* Supplicant Requests: */ 66 67 /** 68 * enum qcomtee_req_state - Current state of request. 69 * @QCOMTEE_REQ_QUEUED: Request is waiting for supplicant. 70 * @QCOMTEE_REQ_PROCESSING: Request has been picked by the supplicant. 71 * @QCOMTEE_REQ_PROCESSED: Response has been submitted for the request. 72 */ 73 enum qcomtee_req_state { 74 QCOMTEE_REQ_QUEUED = 1, 75 QCOMTEE_REQ_PROCESSING, 76 QCOMTEE_REQ_PROCESSED, 77 }; 78 79 /* User requests sent to supplicants. */ 80 struct qcomtee_ureq { 81 enum qcomtee_req_state state; 82 83 /* User Request: */ 84 int req_id; 85 u64 object_id; 86 u32 op; 87 struct qcomtee_arg *args; 88 int errno; 89 90 struct list_head node; 91 struct completion c; /* Completion for whoever wait. */ 92 }; 93 94 /* 95 * Placeholder for a PROCESSING request in qcomtee_context.reqs_idr. 96 * 97 * If the thread that calls qcomtee_object_invoke() dies and the supplicant 98 * is processing the request, replace the entry in qcomtee_context.reqs_idr 99 * with empty_ureq. This ensures that (1) the req_id remains busy and is not 100 * reused, and (2) the supplicant fails to submit the response and performs 101 * the necessary rollback. 102 */ 103 static struct qcomtee_ureq empty_ureq = { .state = QCOMTEE_REQ_PROCESSING }; 104 105 /* Enqueue a user request for a context and assign a request ID. */ 106 static int ureq_enqueue(struct qcomtee_context_data *ctxdata, 107 struct qcomtee_ureq *ureq) 108 { 109 int ret; 110 111 guard(mutex)(&ctxdata->reqs_lock); 112 /* Supplicant is dying. */ 113 if (ctxdata->released) 114 return -ENODEV; 115 116 /* Allocate an ID and queue the request. */ 117 ret = idr_alloc(&ctxdata->reqs_idr, ureq, 0, 0, GFP_KERNEL); 118 if (ret < 0) 119 return ret; 120 121 ureq->req_id = ret; 122 ureq->state = QCOMTEE_REQ_QUEUED; 123 list_add_tail(&ureq->node, &ctxdata->reqs_list); 124 125 return 0; 126 } 127 128 /** 129 * ureq_dequeue() - Dequeue a user request from a context. 130 * @ctxdata: context data for a context to dequeue the request. 131 * @req_id: ID of the request to be dequeued. 132 * 133 * It dequeues a user request and releases its request ID. 134 * 135 * Context: The caller should hold &qcomtee_context_data->reqs_lock. 136 * Return: Returns the user request associated with this ID; otherwise, NULL. 137 */ 138 static struct qcomtee_ureq *ureq_dequeue(struct qcomtee_context_data *ctxdata, 139 int req_id) 140 { 141 struct qcomtee_ureq *ureq; 142 143 ureq = idr_remove(&ctxdata->reqs_idr, req_id); 144 if (ureq == &empty_ureq || !ureq) 145 return NULL; 146 147 list_del(&ureq->node); 148 149 return ureq; 150 } 151 152 /** 153 * ureq_select() - Select the next request in a context. 154 * @ctxdata: context data for a context to pop a request. 155 * @ubuf_size: size of the available buffer for UBUF parameters. 156 * @num_params: number of entries for the TEE parameter array. 157 * 158 * It checks if @num_params is large enough to fit the next request arguments. 159 * It checks if @ubuf_size is large enough to fit IB buffer arguments. 160 * 161 * Context: The caller should hold &qcomtee_context_data->reqs_lock. 162 * Return: On success, returns a request; 163 * on failure, returns NULL and ERR_PTR. 164 */ 165 static struct qcomtee_ureq *ureq_select(struct qcomtee_context_data *ctxdata, 166 size_t ubuf_size, int num_params) 167 { 168 struct qcomtee_ureq *req, *ureq = NULL; 169 struct qcomtee_arg *u; 170 int i; 171 172 /* Find the a queued request. */ 173 list_for_each_entry(req, &ctxdata->reqs_list, node) { 174 if (req->state == QCOMTEE_REQ_QUEUED) { 175 ureq = req; 176 break; 177 } 178 } 179 180 if (!ureq) 181 return NULL; 182 183 u = ureq->args; 184 /* (1) Is there enough TEE parameters? */ 185 if (num_params < qcomtee_args_len(u)) 186 return ERR_PTR(-EINVAL); 187 /* (2) Is there enough space to pass input buffers? */ 188 qcomtee_arg_for_each_input_buffer(i, u) { 189 ubuf_size = size_sub(ubuf_size, u[i].b.size); 190 if (ubuf_size == SIZE_MAX) 191 return ERR_PTR(-EINVAL); 192 193 ubuf_size = round_down(ubuf_size, 8); 194 } 195 196 return ureq; 197 } 198 199 /* Gets called when the user closes the device. */ 200 void qcomtee_requests_destroy(struct qcomtee_context_data *ctxdata) 201 { 202 struct qcomtee_ureq *req, *ureq; 203 204 guard(mutex)(&ctxdata->reqs_lock); 205 /* So ureq_enqueue() refuses new requests from QTEE. */ 206 ctxdata->released = true; 207 /* ureqs in reqs_list are in QUEUED or PROCESSING (!= empty_ureq) state. */ 208 list_for_each_entry_safe(ureq, req, &ctxdata->reqs_list, node) { 209 ureq_dequeue(ctxdata, ureq->req_id); 210 211 if (ureq->op != QCOMTEE_MSG_OBJECT_OP_RELEASE) { 212 ureq->state = QCOMTEE_REQ_PROCESSED; 213 ureq->errno = -ENODEV; 214 215 complete(&ureq->c); 216 } else { 217 kfree(ureq); 218 } 219 } 220 } 221 222 /* User Object API. */ 223 224 /* User object dispatcher. */ 225 static int qcomtee_user_object_dispatch(struct qcomtee_object_invoke_ctx *oic, 226 struct qcomtee_object *object, u32 op, 227 struct qcomtee_arg *args) 228 { 229 struct qcomtee_user_object *uo = to_qcomtee_user_object(object); 230 struct qcomtee_context_data *ctxdata = uo->ctx->data; 231 struct qcomtee_ureq *ureq __free(kfree) = NULL; 232 int errno; 233 234 ureq = kzalloc(sizeof(*ureq), GFP_KERNEL); 235 if (!ureq) 236 return -ENOMEM; 237 238 init_completion(&ureq->c); 239 ureq->object_id = uo->object_id; 240 ureq->op = op; 241 ureq->args = args; 242 243 /* Queue the request. */ 244 if (ureq_enqueue(ctxdata, ureq)) 245 return -ENODEV; 246 /* Wakeup supplicant to process it. */ 247 complete(&ctxdata->req_c); 248 249 /* 250 * Wait for the supplicant to process the request. Wait as KILLABLE 251 * in case the supplicant and invoke thread are both running from the 252 * same process, the supplicant crashes, or the shutdown sequence 253 * starts with supplicant dies first; otherwise, it stuck indefinitely. 254 * 255 * If the supplicant processes long-running requests, also use 256 * TASK_FREEZABLE to allow the device to safely suspend if needed. 257 */ 258 if (!wait_for_completion_state(&ureq->c, 259 TASK_KILLABLE | TASK_FREEZABLE)) { 260 errno = ureq->errno; 261 if (!errno) 262 oic->data = no_free_ptr(ureq); 263 } else { 264 enum qcomtee_req_state prev_state; 265 266 errno = -ENODEV; 267 268 scoped_guard(mutex, &ctxdata->reqs_lock) { 269 prev_state = ureq->state; 270 /* Replace with empty_ureq to keep req_id reserved. */ 271 if (prev_state == QCOMTEE_REQ_PROCESSING) { 272 list_del(&ureq->node); 273 idr_replace(&ctxdata->reqs_idr, 274 &empty_ureq, ureq->req_id); 275 276 /* Remove as supplicant has never seen this request. */ 277 } else if (prev_state == QCOMTEE_REQ_QUEUED) { 278 ureq_dequeue(ctxdata, ureq->req_id); 279 } 280 } 281 282 /* Supplicant did some work, do not discard it. */ 283 if (prev_state == QCOMTEE_REQ_PROCESSED) { 284 errno = ureq->errno; 285 if (!errno) 286 oic->data = no_free_ptr(ureq); 287 } 288 } 289 290 return errno; 291 } 292 293 /* Gets called after submitting the dispatcher response. */ 294 static void qcomtee_user_object_notify(struct qcomtee_object_invoke_ctx *oic, 295 struct qcomtee_object *unused_object, 296 int err) 297 { 298 struct qcomtee_ureq *ureq = oic->data; 299 struct qcomtee_arg *u = ureq->args; 300 int i; 301 302 /* 303 * If err, there was a transport issue, and QTEE did not receive the 304 * response for the dispatcher. Release the callback object created for 305 * QTEE, in addition to the copies of objects kept for the drivers. 306 */ 307 qcomtee_arg_for_each_output_object(i, u) { 308 if (err && 309 (typeof_qcomtee_object(u[i].o) == QCOMTEE_OBJECT_TYPE_CB)) 310 qcomtee_object_put(u[i].o); 311 qcomtee_object_put(u[i].o); 312 } 313 314 kfree(ureq); 315 } 316 317 static void qcomtee_user_object_release(struct qcomtee_object *object) 318 { 319 struct qcomtee_user_object *uo = to_qcomtee_user_object(object); 320 struct qcomtee_context_data *ctxdata = uo->ctx->data; 321 struct qcomtee_ureq *ureq; 322 323 /* RELEASE does not require any argument. */ 324 static struct qcomtee_arg args[] = { { .type = QCOMTEE_ARG_TYPE_INV } }; 325 326 if (!uo->notify) 327 goto out_no_notify; 328 329 ureq = kzalloc(sizeof(*ureq), GFP_KERNEL); 330 if (!ureq) 331 goto out_no_notify; 332 333 /* QUEUE a release request: */ 334 ureq->object_id = uo->object_id; 335 ureq->op = QCOMTEE_MSG_OBJECT_OP_RELEASE; 336 ureq->args = args; 337 if (ureq_enqueue(ctxdata, ureq)) { 338 kfree(ureq); 339 /* Ignore the notification if it cannot be queued. */ 340 goto out_no_notify; 341 } 342 343 complete(&ctxdata->req_c); 344 345 out_no_notify: 346 teedev_ctx_put(uo->ctx); 347 kfree(uo); 348 } 349 350 static struct qcomtee_object_operations qcomtee_user_object_ops = { 351 .release = qcomtee_user_object_release, 352 .notify = qcomtee_user_object_notify, 353 .dispatch = qcomtee_user_object_dispatch, 354 }; 355 356 /** 357 * qcomtee_user_param_to_object() - OBJREF parameter to &struct qcomtee_object. 358 * @object: object returned. 359 * @param: TEE parameter. 360 * @ctx: context in which the conversion should happen. 361 * 362 * @param is an OBJREF with %QCOMTEE_OBJREF_FLAG_USER flags. 363 * 364 * Return: On success, returns 0; on failure, returns < 0. 365 */ 366 int qcomtee_user_param_to_object(struct qcomtee_object **object, 367 struct tee_param *param, 368 struct tee_context *ctx) 369 { 370 struct qcomtee_user_object *user_object __free(kfree) = NULL; 371 int err; 372 373 user_object = kzalloc(sizeof(*user_object), GFP_KERNEL); 374 if (!user_object) 375 return -ENOMEM; 376 377 user_object->ctx = ctx; 378 user_object->object_id = param->u.objref.id; 379 /* By default, always notify userspace upon release. */ 380 user_object->notify = true; 381 err = qcomtee_object_user_init(&user_object->object, 382 QCOMTEE_OBJECT_TYPE_CB, 383 &qcomtee_user_object_ops, "uo-%llu", 384 param->u.objref.id); 385 if (err) 386 return err; 387 /* Matching teedev_ctx_put() is in qcomtee_user_object_release(). */ 388 teedev_ctx_get(ctx); 389 390 *object = &no_free_ptr(user_object)->object; 391 392 return 0; 393 } 394 395 /* Reverse what qcomtee_user_param_to_object() does. */ 396 int qcomtee_user_param_from_object(struct tee_param *param, 397 struct qcomtee_object *object, 398 struct tee_context *ctx) 399 { 400 struct qcomtee_user_object *uo; 401 402 uo = to_qcomtee_user_object(object); 403 /* Ensure the object is in the same context as the caller. */ 404 if (uo->ctx != ctx) 405 return -EINVAL; 406 407 param->u.objref.id = uo->object_id; 408 param->u.objref.flags = QCOMTEE_OBJREF_FLAG_USER; 409 410 /* User objects are valid in userspace; do not keep a copy. */ 411 qcomtee_object_put(object); 412 413 return 0; 414 } 415 416 /** 417 * qcomtee_cb_params_from_args() - Convert QTEE arguments to TEE parameters. 418 * @params: TEE parameters. 419 * @u: QTEE arguments. 420 * @num_params: number of elements in the parameter array. 421 * @ubuf_addr: user buffer for arguments of type %QCOMTEE_ARG_TYPE_IB. 422 * @ubuf_size: size of the user buffer. 423 * @ctx: context in which the conversion should happen. 424 * 425 * It expects @params to have enough entries for @u. Entries in @params are of 426 * %TEE_IOCTL_PARAM_ATTR_TYPE_NONE. 427 * 428 * Return: On success, returns the number of input parameters; 429 * on failure, returns < 0. 430 */ 431 static int qcomtee_cb_params_from_args(struct tee_param *params, 432 struct qcomtee_arg *u, int num_params, 433 void __user *ubuf_addr, size_t ubuf_size, 434 struct tee_context *ctx) 435 { 436 int i, np; 437 void __user *uaddr; 438 439 qcomtee_arg_for_each(i, u) { 440 switch (u[i].type) { 441 case QCOMTEE_ARG_TYPE_IB: 442 params[i].attr = TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT; 443 444 /* Underflow already checked in ureq_select(). */ 445 ubuf_size = round_down(ubuf_size - u[i].b.size, 8); 446 uaddr = (void __user *)(ubuf_addr + ubuf_size); 447 448 params[i].u.ubuf.uaddr = uaddr; 449 params[i].u.ubuf.size = u[i].b.size; 450 if (copy_to_user(params[i].u.ubuf.uaddr, u[i].b.addr, 451 u[i].b.size)) 452 goto out_failed; 453 454 break; 455 case QCOMTEE_ARG_TYPE_OB: 456 params[i].attr = TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT; 457 /* Let the user knows the maximum size QTEE expects. */ 458 params[i].u.ubuf.size = u[i].b.size; 459 460 break; 461 case QCOMTEE_ARG_TYPE_IO: 462 params[i].attr = TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT; 463 if (qcomtee_objref_from_arg(¶ms[i], &u[i], ctx)) 464 goto out_failed; 465 466 break; 467 case QCOMTEE_ARG_TYPE_OO: 468 params[i].attr = 469 TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT; 470 471 break; 472 default: /* Never get here! */ 473 goto out_failed; 474 } 475 } 476 477 return i; 478 479 out_failed: 480 /* Undo qcomtee_objref_from_arg(). */ 481 for (np = i; np >= 0; np--) { 482 if (params[np].attr == TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT) 483 qcomtee_context_del_qtee_object(¶ms[np], ctx); 484 } 485 486 /* Release any IO objects not processed. */ 487 for (; u[i].type; i++) { 488 if (u[i].type == QCOMTEE_ARG_TYPE_IO) 489 qcomtee_object_put(u[i].o); 490 } 491 492 return -EINVAL; 493 } 494 495 /** 496 * qcomtee_cb_params_to_args() - Convert TEE parameters to QTEE arguments. 497 * @u: QTEE arguments. 498 * @params: TEE parameters. 499 * @num_params: number of elements in the parameter array. 500 * @ctx: context in which the conversion should happen. 501 * 502 * Return: On success, returns 0; on failure, returns < 0. 503 */ 504 static int qcomtee_cb_params_to_args(struct qcomtee_arg *u, 505 struct tee_param *params, int num_params, 506 struct tee_context *ctx) 507 { 508 int i; 509 510 qcomtee_arg_for_each(i, u) { 511 switch (u[i].type) { 512 case QCOMTEE_ARG_TYPE_IB: 513 if (params[i].attr != 514 TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT) 515 goto out_failed; 516 517 break; 518 case QCOMTEE_ARG_TYPE_OB: 519 if (params[i].attr != 520 TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT) 521 goto out_failed; 522 523 /* Client can not send more data than requested. */ 524 if (params[i].u.ubuf.size > u[i].b.size) 525 goto out_failed; 526 527 if (copy_from_user(u[i].b.addr, params[i].u.ubuf.uaddr, 528 params[i].u.ubuf.size)) 529 goto out_failed; 530 531 u[i].b.size = params[i].u.ubuf.size; 532 533 break; 534 case QCOMTEE_ARG_TYPE_IO: 535 if (params[i].attr != 536 TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT) 537 goto out_failed; 538 539 break; 540 case QCOMTEE_ARG_TYPE_OO: 541 if (params[i].attr != 542 TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT) 543 goto out_failed; 544 545 if (qcomtee_objref_to_arg(&u[i], ¶ms[i], ctx)) 546 goto out_failed; 547 548 break; 549 default: /* Never get here! */ 550 goto out_failed; 551 } 552 } 553 554 return 0; 555 556 out_failed: 557 /* Undo qcomtee_objref_to_arg(). */ 558 for (i--; i >= 0; i--) { 559 if (u[i].type != QCOMTEE_ARG_TYPE_OO) 560 continue; 561 562 qcomtee_user_object_set_notify(u[i].o, false); 563 if (typeof_qcomtee_object(u[i].o) == QCOMTEE_OBJECT_TYPE_CB) 564 qcomtee_object_put(u[i].o); 565 566 qcomtee_object_put(u[i].o); 567 } 568 569 return -EINVAL; 570 } 571 572 /** 573 * qcomtee_user_object_select() - Select a request for a user object. 574 * @ctx: context to look for a user object. 575 * @params: parameters for @op. 576 * @num_params: number of elements in the parameter array. 577 * @uaddr: user buffer for output UBUF parameters. 578 * @size: size of user buffer @uaddr. 579 * @data: information for the selected request. 580 * 581 * @params is filled along with @data for the selected request. 582 * 583 * Return: On success, returns 0; on failure, returns < 0. 584 */ 585 int qcomtee_user_object_select(struct tee_context *ctx, 586 struct tee_param *params, int num_params, 587 void __user *uaddr, size_t size, 588 struct qcomtee_user_object_request_data *data) 589 { 590 struct qcomtee_context_data *ctxdata = ctx->data; 591 struct qcomtee_ureq *ureq; 592 int ret; 593 594 /* 595 * Hold the reqs_lock not only for ureq_select() and updating the ureq 596 * state to PROCESSING but for the entire duration of ureq access. 597 * This prevents qcomtee_user_object_dispatch() from freeing 598 * ureq while it is still in use, if client dies. 599 */ 600 601 while (1) { 602 scoped_guard(mutex, &ctxdata->reqs_lock) { 603 ureq = ureq_select(ctxdata, size, num_params); 604 if (!ureq) 605 goto wait_for_request; 606 607 if (IS_ERR(ureq)) 608 return PTR_ERR(ureq); 609 610 /* Processing the request 'QUEUED -> PROCESSING'. */ 611 ureq->state = QCOMTEE_REQ_PROCESSING; 612 /* ''Prepare user request:'' */ 613 data->id = ureq->req_id; 614 data->object_id = ureq->object_id; 615 data->op = ureq->op; 616 ret = qcomtee_cb_params_from_args(params, ureq->args, 617 num_params, uaddr, 618 size, ctx); 619 if (ret >= 0) 620 goto done_request; 621 622 /* Something is wrong with the request: */ 623 ureq_dequeue(ctxdata, data->id); 624 /* Send error to QTEE. */ 625 ureq->state = QCOMTEE_REQ_PROCESSED; 626 ureq->errno = ret; 627 628 complete(&ureq->c); 629 } 630 631 continue; 632 wait_for_request: 633 /* Wait for a new QUEUED request. */ 634 if (wait_for_completion_interruptible(&ctxdata->req_c)) 635 return -ERESTARTSYS; 636 } 637 638 done_request: 639 /* No one is waiting for the response. */ 640 if (data->op == QCOMTEE_MSG_OBJECT_OP_RELEASE) { 641 scoped_guard(mutex, &ctxdata->reqs_lock) 642 ureq_dequeue(ctxdata, data->id); 643 kfree(ureq); 644 } 645 646 data->np = ret; 647 648 return 0; 649 } 650 651 /** 652 * qcomtee_user_object_submit() - Submit a response for a user object. 653 * @ctx: context to look for a user object. 654 * @params: returned parameters. 655 * @num_params: number of elements in the parameter array. 656 * @req_id: request ID for the response. 657 * @errno: result of user object invocation. 658 * 659 * Return: On success, returns 0; on failure, returns < 0. 660 */ 661 int qcomtee_user_object_submit(struct tee_context *ctx, 662 struct tee_param *params, int num_params, 663 int req_id, int errno) 664 { 665 struct qcomtee_context_data *ctxdata = ctx->data; 666 struct qcomtee_ureq *ureq; 667 668 /* See comments for reqs_lock in qcomtee_user_object_select(). */ 669 guard(mutex)(&ctxdata->reqs_lock); 670 671 ureq = ureq_dequeue(ctxdata, req_id); 672 if (!ureq) 673 return -EINVAL; 674 675 ureq->state = QCOMTEE_REQ_PROCESSED; 676 677 if (!errno) 678 ureq->errno = qcomtee_cb_params_to_args(ureq->args, params, 679 num_params, ctx); 680 else 681 ureq->errno = errno; 682 /* Return errno if qcomtee_cb_params_to_args() failed; otherwise 0. */ 683 if (!errno && ureq->errno) 684 errno = ureq->errno; 685 else 686 errno = 0; 687 688 /* Send result to QTEE. */ 689 complete(&ureq->c); 690 691 return errno; 692 } 693