Hello arm-soc maintainers,
Please pull this OP-TEE driver fix to unregister OP-TEE client devices
from the TEE bus when the OP-TEE driver is unloaded.
Note that this is based on the previous already merged OP-TEE driver
fix.
Thanks,
Jens
The following changes since commit 88a3856c0a8c03188db7913f4d49379432fe1f93:
tee/optee/shm_pool: fix application of sizeof to pointer (2021-09-14 07:54:56 +0200)
are available in the Git repository at:
git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix2-for-v5.15
for you to fetch changes up to 7f565d0ead264329749c0da488de9c8dfa2f18ce:
tee: optee: Fix missing devices unregister during optee_remove (2021-10-12 13:24:39 +0200)
----------------------------------------------------------------
Fix missing devices unregister during optee_remove
Unregisters OP-TEE client devices (UUIDs of some known Trusted
Applications) from the TEE bus when the OP-TEE driver is unloaded.
----------------------------------------------------------------
Sumit Garg (1):
tee: optee: Fix missing devices unregister during optee_remove
drivers/tee/optee/core.c | 3 +++
drivers/tee/optee/device.c | 22 ++++++++++++++++++++++
drivers/tee/optee/optee_private.h | 1 +
3 files changed, 26 insertions(+)
[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
OP-TEE v3.15.0 is scheduled to be released on 2021-10-15. So, now is
a good time to start testing the master branch on the various platforms
and report/fix any bugs.
The GitHub pull request for collecting Tested-by tags or any other
comments is https://github.com/OP-TEE/optee_os/pull/4880
As usual, we will create a release candidate tag one week before the
release date for final testing.
In addition to that you can find some additional information related to
releases here: https://optee.readthedocs.io/en/latest/general/releases.html
Regards,
Ruchika
Hi,
First of all, as I don't see a lot of questions being asked here, so
please feel free to direct me elsewhere with my question(s) if this is
not the proper place to do so.
In our application, we are using a custom Optee PTA to control our
display securely. Our user space application utilizes LVGL with a
custom LVGL Optee PTA driver, which allocates TEEC_SharedMemory using
TEEC_AllocateSharedMemory() for the frame buffer, which transferred as
TEEC_MEMREF_WHOLE to our custom PTA by our custom LVGL Optee-PTA
driver whenever LVGL flushes its frame buffer.
Our user space application also starts and stops several LXC containers.
We noticed that after starting any LXC container, our display freezes.
In this scenario, our custom LVGL Optee PTA driver is still pushing
newly updated frame buffer contents to our custom Optee PTA, but the
buffer received by our custom Optee PTA contains old data.
We have traced down the cause to a fork() call in lxc_start();
Replacing lxc_start() with fork() has the same effect, hence we think
the problem is caused by fork(). After fork, updates from neither the
parent nor the child appear in the buffer at our custom Optee PTA end.
We wonder if this is by design, as shared memory in combination with
fork() might be a security hazard, exposing memory shared with the
secure world to any forked process. Are we right? We really would like
to understand this.
If, instead of using TEEC_AllocateSharedMemory() and
TEEC_MEMREF_WHOLE, we use calloc() and TEEC_MEMREF_WHOLE instead, the
problem does not occur. Probably because the memory is mapped at each
use. Is this the suggested work-around?
Thank you in advance.
With kind regards,
Robert Deliën.
--
DISCLAIMER
De informatie, verzonden in of met dit e-mailbericht, is
vertrouwelijk en uitsluitend voor de geadresseerde(n) bestemd. Het gebruik
van de informatie in dit bericht, de openbaarmaking, vermenigvuldiging,
verspreiding en|of verstrekking daarvan aan derden is niet toegestaan.
Gebruik van deze informatie door anderen dan geadresseerde(n) is strikt
verboden. Aan deze informatie kunnen geen rechten worden ontleend. U wordt
verzocht bij onjuiste adressering de afzender direct te informeren door het
bericht te retourneren en het bericht uit uw computersysteem te verwijderen.
Hello arm-soc maintainers,
Please pull this small OP-TEE driver fix for the shared memory pool
handler. The fix doesn't change the generated code, but it's still relevant
since the problem obviously triggers warnings with some tools.
Thanks,
Jens
The following changes since commit 7d2a07b769330c34b4deabeed939325c77a7ec2f:
Linux 5.14 (2021-08-29 15:04:50 -0700)
are available in the Git repository at:
git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix-for-v5.15
for you to fetch changes up to 88a3856c0a8c03188db7913f4d49379432fe1f93:
tee/optee/shm_pool: fix application of sizeof to pointer (2021-09-14 07:54:56 +0200)
----------------------------------------------------------------
Fix OP-TEE shm_pool lint warning
----------------------------------------------------------------
jing yangyang (1):
tee/optee/shm_pool: fix application of sizeof to pointer
drivers/tee/optee/shm_pool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Hi all,
This adds supports for the OP-TEE driver to communicate with secure world
using FF-A [1] as transport.
There is one change to the TEE subsystem with "tee: add sec_world_id to
struct tee_shm" to add support for holding globally unique handle assigned
by the FF-A. This is a field that I believe could useful for the AMDTEE
driver too.
For communication the OP-TEE message protocol is still used, but with a new
type of memory reference, struct optee_msg_param_fmem, to carry the
information needed by FF-A. The OP-TEE driver is refactored internally with
to sets of callbacks, one for the old SMC based communication and another
set with FF-A as transport. The functions relating to the SMC based ABI
are moved to smc_abi.c while the FF-A based ABI is added in a ffa_abi.c.
There is also a difference in how the drivers are instantiated. With the
SMC based transport we have a platform driver, module_platform_driver(),
today which we're keeping as is for this configuration. In a FF-A system we
have a FF-A driver, module_ffa_driver(), instead.
The OP-TEE driver can be compiled for both targets at the same time and
it's up to runtime configuration (device tree or ACPI) to decide how it's
initialized. Note that it's only the old SMC based driver instance that
need device tree or ACPI to initialize. The FF-A based driver relies on the
FF-A bus instead.
This can be tested QEMU
The repo for SPMC at S-EL1 retrieved by
repo init -u https://github.com/jenswi-linaro/manifest.git -m
qemu_v8.xml -b ffav4_spmc
repo sync
# Then checkout the branch optee_ffa_v5 from
# git://git.linaro.org/people/jens.wiklander/linux-tee.git
# in the linux directory
To build do:
cd build
make toolchains
make all
To boot:
make run-only
Test with xtest, perhaps only with the command "xtest 1004" in case you're
not interested in too many tests.
Thanks,
Jens
[1] https://developer.arm.com/documentation/den0077/latest
v4->v5:
- Rebased on v5.14, tricky conflicts primarily between "optee: isolate smc
abi" and mostly 376e4199e327 "tee: Correct inappropriate usage of
TEE_SHM_DMA_BUF flag" but also with the other kexec fixes that went into
v5.14-rc5.
- Addressing comments from Sumit and applying
Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: isolate smc abi"
- Addressing comments from Sumit and applying
Acked-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: add FF-A support"
v3->v4:
- Made a bit more RPC code common between the SMC and FF-A ABIs as
requested by Sumit.
- Replaced module_platform_driver() with module_init()/module_exit() as
described in the commit "optee: isolate smc abi".
- Applied Sumit's R-B for the commits "tee: add sec_world_id to struct
tee_shm", "optee: simplify optee_release()", and "optee: refactor driver
with internal callbacks"
v2->v3:
- Rebased on 5.14-rc2 which now have the FF-A patches merged
- Fixed a couple bugs in optee_shm_register() and optee_shm_unregister()
which where introduced in "optee: refactor driver with internal callbacks"
in previous the version.
- Separated SMC ABI specifics into smc_abi.c to keep it separated from
the FF-A ABI functions as requested by Sumit.
- Added the FF-A specifics in ffa_abi.c
- Provided an implementation for optee_ffa_remove()
v1->v2:
- Rebased to the FF-A v7 patch
- Fixed a couple of reports from kernel test robot <lkp(a)intel.com>
Jens Wiklander (5):
tee: add sec_world_id to struct tee_shm
optee: simplify optee_release()
optee: refactor driver with internal callbacks
optee: isolate smc abi
optee: add FF-A support
drivers/tee/optee/Makefile | 7 +-
drivers/tee/optee/call.c | 445 ++--------
drivers/tee/optee/core.c | 719 ++-------------
drivers/tee/optee/ffa_abi.c | 907 +++++++++++++++++++
drivers/tee/optee/optee_ffa.h | 153 ++++
drivers/tee/optee/optee_msg.h | 27 +-
drivers/tee/optee/optee_private.h | 163 +++-
drivers/tee/optee/rpc.c | 237 +----
drivers/tee/optee/shm_pool.c | 101 ---
drivers/tee/optee/shm_pool.h | 14 -
drivers/tee/optee/smc_abi.c | 1360 +++++++++++++++++++++++++++++
include/linux/tee_drv.h | 7 +-
12 files changed, 2732 insertions(+), 1408 deletions(-)
create mode 100644 drivers/tee/optee/ffa_abi.c
create mode 100644 drivers/tee/optee/optee_ffa.h
delete mode 100644 drivers/tee/optee/shm_pool.c
delete mode 100644 drivers/tee/optee/shm_pool.h
create mode 100644 drivers/tee/optee/smc_abi.c
--
2.31.1
