March 2021 - OP-TEE - lists.trustedfirmware.org

[PATCH 000/141] Fix fall-through warnings for Clang

by Gustavo A. R. Silva

Hi all, This series aims to fix almost all remaining fall-through warnings in order to enable -Wimplicit-fallthrough for Clang. In preparation to enable -Wimplicit-fallthrough for Clang, explicitly add multiple break/goto/return/fallthrough statements instead of just letting the code fall through to the next case. Notice that in order to enable -Wimplicit-fallthrough for Clang, this change[1] is meant to be reverted at some point. So, this patch helps to move in that direction. Something important to mention is that there is currently a discrepancy between GCC and Clang when dealing with switch fall-through to empty case statements or to cases that only contain a break/continue/return statement[2][3][4]. Now that the -Wimplicit-fallthrough option has been globally enabled[5], any compiler should really warn on missing either a fallthrough annotation or any of the other case-terminating statements (break/continue/return/ goto) when falling through to the next case statement. Making exceptions to this introduces variation in case handling which may continue to lead to bugs, misunderstandings, and a general lack of robustness. The point of enabling options like -Wimplicit-fallthrough is to prevent human error and aid developers in spotting bugs before their code is even built/ submitted/committed, therefore eliminating classes of bugs. So, in order to really accomplish this, we should, and can, move in the direction of addressing any error-prone scenarios and get rid of the unintentional fallthrough bug-class in the kernel, entirely, even if there is some minor redundancy. Better to have explicit case-ending statements than continue to have exceptions where one must guess as to the right result. The compiler will eliminate any actual redundancy. Note that there is already a patch in mainline that addresses almost 40,000 of these issues[6]. I'm happy to carry this whole series in my own tree if people are OK with it. :) [1] commit e2079e93f562c ("kbuild: Do not enable -Wimplicit-fallthrough for clang for now") [2] ClangBuiltLinux#636 [3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91432 [4] https://godbolt.org/z/xgkvIh [5] commit a035d552a93b ("Makefile: Globally enable fall-through warning") [6] commit 4169e889e588 ("include: jhash/signal: Fix fall-through warnings for Clang") Thanks! Gustavo A. R. Silva (141): afs: Fix fall-through warnings for Clang ASoC: codecs: Fix fall-through warnings for Clang cifs: Fix fall-through warnings for Clang drm/amdgpu: Fix fall-through warnings for Clang drm/radeon: Fix fall-through warnings for Clang gfs2: Fix fall-through warnings for Clang gpio: Fix fall-through warnings for Clang IB/hfi1: Fix fall-through warnings for Clang igb: Fix fall-through warnings for Clang ima: Fix fall-through warnings for Clang ipv4: Fix fall-through warnings for Clang ixgbe: Fix fall-through warnings for Clang media: dvb-frontends: Fix fall-through warnings for Clang media: usb: dvb-usb-v2: Fix fall-through warnings for Clang netfilter: Fix fall-through warnings for Clang nfsd: Fix fall-through warnings for Clang nfs: Fix fall-through warnings for Clang qed: Fix fall-through warnings for Clang qlcnic: Fix fall-through warnings for Clang scsi: aic7xxx: Fix fall-through warnings for Clang scsi: aic94xx: Fix fall-through warnings for Clang scsi: bfa: Fix fall-through warnings for Clang staging: rtl8723bs: core: Fix fall-through warnings for Clang staging: vt6655: Fix fall-through warnings for Clang bnxt_en: Fix fall-through warnings for Clang ceph: Fix fall-through warnings for Clang drbd: Fix fall-through warnings for Clang drm/amd/display: Fix fall-through warnings for Clang e1000: Fix fall-through warnings for Clang ext2: Fix fall-through warnings for Clang ext4: Fix fall-through warnings for Clang floppy: Fix fall-through warnings for Clang fm10k: Fix fall-through warnings for Clang IB/mlx4: Fix fall-through warnings for Clang IB/qedr: Fix fall-through warnings for Clang ice: Fix fall-through warnings for Clang Input: pcspkr - Fix fall-through warnings for Clang isofs: Fix fall-through warnings for Clang ixgbevf: Fix fall-through warnings for Clang kprobes/x86: Fix fall-through warnings for Clang mm: Fix fall-through warnings for Clang net: 3c509: Fix fall-through warnings for Clang net: cassini: Fix fall-through warnings for Clang net/mlx4: Fix fall-through warnings for Clang net: mscc: ocelot: Fix fall-through warnings for Clang netxen_nic: Fix fall-through warnings for Clang nfp: Fix fall-through warnings for Clang perf/x86: Fix fall-through warnings for Clang pinctrl: Fix fall-through warnings for Clang RDMA/mlx5: Fix fall-through warnings for Clang reiserfs: Fix fall-through warnings for Clang security: keys: Fix fall-through warnings for Clang selinux: Fix fall-through warnings for Clang target: Fix fall-through warnings for Clang uprobes/x86: Fix fall-through warnings for Clang vxge: Fix fall-through warnings for Clang watchdog: Fix fall-through warnings for Clang xen-blkfront: Fix fall-through warnings for Clang regulator: as3722: Fix fall-through warnings for Clang habanalabs: Fix fall-through warnings for Clang tee: Fix fall-through warnings for Clang HID: usbhid: Fix fall-through warnings for Clang HID: input: Fix fall-through warnings for Clang ACPI: Fix fall-through warnings for Clang airo: Fix fall-through warnings for Clang ALSA: hdspm: Fix fall-through warnings for Clang ALSA: pcsp: Fix fall-through warnings for Clang ALSA: sb: Fix fall-through warnings for Clang ath5k: Fix fall-through warnings for Clang atm: fore200e: Fix fall-through warnings for Clang braille_console: Fix fall-through warnings for Clang can: peak_usb: Fix fall-through warnings for Clang carl9170: Fix fall-through warnings for Clang cfg80211: Fix fall-through warnings for Clang crypto: ccree - Fix fall-through warnings for Clang decnet: Fix fall-through warnings for Clang dm raid: Fix fall-through warnings for Clang drm/amd/pm: Fix fall-through warnings for Clang drm: Fix fall-through warnings for Clang drm/i915/gem: Fix fall-through warnings for Clang drm/nouveau/clk: Fix fall-through warnings for Clang drm/nouveau: Fix fall-through warnings for Clang drm/nouveau/therm: Fix fall-through warnings for Clang drm/via: Fix fall-through warnings for Clang firewire: core: Fix fall-through warnings for Clang hwmon: (corsair-cpro) Fix fall-through warnings for Clang hwmon: (max6621) Fix fall-through warnings for Clang i3c: master: cdns: Fix fall-through warnings for Clang ide: Fix fall-through warnings for Clang iio: adc: cpcap: Fix fall-through warnings for Clang iwlwifi: iwl-drv: Fix fall-through warnings for Clang libata: Fix fall-through warnings for Clang mac80211: Fix fall-through warnings for Clang media: atomisp: Fix fall-through warnings for Clang media: dvb_frontend: Fix fall-through warnings for Clang media: rcar_jpu: Fix fall-through warnings for Clang media: saa7134: Fix fall-through warnings for Clang mmc: sdhci-of-arasan: Fix fall-through warnings for Clang mt76: mt7615: Fix fall-through warnings for Clang mtd: cfi: Fix fall-through warnings for Clang mtd: mtdchar: Fix fall-through warnings for Clang mtd: onenand: Fix fall-through warnings for Clang mtd: rawnand: fsmc: Fix fall-through warnings for Clang mtd: rawnand: stm32_fmc2: Fix fall-through warnings for Clang net: ax25: Fix fall-through warnings for Clang net: bridge: Fix fall-through warnings for Clang net: core: Fix fall-through warnings for Clang netfilter: ipt_REJECT: Fix fall-through warnings for Clang net: netrom: Fix fall-through warnings for Clang net/packet: Fix fall-through warnings for Clang net: plip: Fix fall-through warnings for Clang net: rose: Fix fall-through warnings for Clang nl80211: Fix fall-through warnings for Clang phy: qcom-usb-hs: Fix fall-through warnings for Clang rds: Fix fall-through warnings for Clang rt2x00: Fix fall-through warnings for Clang rtl8xxxu: Fix fall-through warnings for Clang rtw88: Fix fall-through warnings for Clang rxrpc: Fix fall-through warnings for Clang scsi: aacraid: Fix fall-through warnings for Clang scsi: aha1740: Fix fall-through warnings for Clang scsi: csiostor: Fix fall-through warnings for Clang scsi: lpfc: Fix fall-through warnings for Clang scsi: stex: Fix fall-through warnings for Clang sctp: Fix fall-through warnings for Clang slimbus: messaging: Fix fall-through warnings for Clang staging: qlge: Fix fall-through warnings for Clang staging: vt6656: Fix fall-through warnings for Clang SUNRPC: Fix fall-through warnings for Clang tipc: Fix fall-through warnings for Clang tpm: Fix fall-through warnings for Clang ubi: Fix fall-through warnings for Clang usb: Fix fall-through warnings for Clang video: fbdev: lxfb_ops: Fix fall-through warnings for Clang video: fbdev: pm2fb: Fix fall-through warnings for Clang virtio_net: Fix fall-through warnings for Clang wcn36xx: Fix fall-through warnings for Clang xen/manage: Fix fall-through warnings for Clang xfrm: Fix fall-through warnings for Clang zd1201: Fix fall-through warnings for Clang Input: libps2 - Fix fall-through warnings for Clang arch/x86/events/core.c | 2 +- arch/x86/kernel/kprobes/core.c | 1 + arch/x86/kernel/uprobes.c | 2 ++ drivers/accessibility/braille/braille_console.c | 1 + drivers/acpi/sbshc.c | 1 + drivers/ata/libata-eh.c | 1 + drivers/atm/fore200e.c | 1 + drivers/block/drbd/drbd_receiver.c | 1 + drivers/block/drbd/drbd_req.c | 1 + drivers/block/floppy.c | 1 + drivers/block/xen-blkfront.c | 1 + drivers/char/tpm/eventlog/tpm1.c | 1 + drivers/crypto/ccree/cc_cipher.c | 3 +++ drivers/firewire/core-topology.c | 1 + drivers/gpio/gpio-ath79.c | 1 + drivers/gpio/gpiolib-acpi.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 + drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 1 + drivers/gpu/drm/amd/amdgpu/vi.c | 1 + drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 1 + drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 2 ++ drivers/gpu/drm/amd/display/dc/core/dc_link.c | 1 + drivers/gpu/drm/amd/pm/powerplay/si_dpm.c | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/polaris10_smumgr.c | 1 + drivers/gpu/drm/drm_bufs.c | 1 + drivers/gpu/drm/i915/gem/i915_gem_shrinker.c | 1 + drivers/gpu/drm/nouveau/nouveau_bo.c | 1 + drivers/gpu/drm/nouveau/nouveau_connector.c | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c | 1 + drivers/gpu/drm/radeon/ci_dpm.c | 2 +- drivers/gpu/drm/radeon/r300.c | 1 + drivers/gpu/drm/radeon/si_dpm.c | 2 +- drivers/gpu/drm/via/via_irq.c | 1 + drivers/hid/hid-input.c | 1 + drivers/hid/usbhid/hid-core.c | 2 ++ drivers/hwmon/corsair-cpro.c | 1 + drivers/hwmon/max6621.c | 2 +- drivers/i3c/master/i3c-master-cdns.c | 2 ++ drivers/ide/siimage.c | 1 + drivers/iio/adc/cpcap-adc.c | 1 + drivers/infiniband/hw/hfi1/qp.c | 1 + drivers/infiniband/hw/hfi1/tid_rdma.c | 5 +++++ drivers/infiniband/hw/mlx4/mad.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 1 + drivers/infiniband/hw/qedr/main.c | 1 + drivers/input/misc/pcspkr.c | 1 + drivers/input/serio/libps2.c | 2 +- drivers/md/dm-raid.c | 1 + drivers/media/dvb-core/dvb_frontend.c | 1 + drivers/media/dvb-frontends/cx24120.c | 1 + drivers/media/dvb-frontends/dib0090.c | 2 ++ drivers/media/dvb-frontends/drxk_hard.c | 1 + drivers/media/dvb-frontends/m88rs2000.c | 1 + drivers/media/pci/saa7134/saa7134-tvaudio.c | 1 + drivers/media/platform/rcar_jpu.c | 1 + drivers/media/usb/dvb-usb-v2/af9015.c | 1 + drivers/media/usb/dvb-usb-v2/lmedm04.c | 1 + drivers/misc/habanalabs/gaudi/gaudi.c | 1 + drivers/mmc/host/sdhci-of-arasan.c | 4 ++++ drivers/mtd/chips/cfi_cmdset_0001.c | 1 + drivers/mtd/chips/cfi_cmdset_0002.c | 2 ++ drivers/mtd/chips/cfi_cmdset_0020.c | 2 ++ drivers/mtd/mtdchar.c | 1 + drivers/mtd/nand/onenand/onenand_samsung.c | 1 + drivers/mtd/nand/raw/fsmc_nand.c | 1 + drivers/mtd/nand/raw/stm32_fmc2_nand.c | 2 ++ drivers/mtd/ubi/build.c | 1 + drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 ++ drivers/net/ethernet/3com/3c509.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 1 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 1 + drivers/net/ethernet/intel/fm10k/fm10k_mbx.c | 2 ++ drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 1 + drivers/net/ethernet/intel/igb/e1000_phy.c | 1 + drivers/net/ethernet/intel/igb/igb_ethtool.c | 1 + drivers/net/ethernet/intel/igb/igb_ptp.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 2 ++ drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_lib.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 1 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 1 + drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/neterion/vxge/vxge-config.c | 1 + drivers/net/ethernet/netronome/nfp/nfp_net_repr.c | 1 + drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c | 1 + drivers/net/ethernet/qlogic/qed/qed_l2.c | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 1 + drivers/net/ethernet/sun/cassini.c | 1 + drivers/net/plip/plip.c | 2 ++ drivers/net/virtio_net.c | 1 + drivers/net/wireless/ath/ath5k/mac80211-ops.c | 1 + drivers/net/wireless/ath/carl9170/tx.c | 1 + drivers/net/wireless/ath/wcn36xx/smd.c | 2 +- drivers/net/wireless/cisco/airo.c | 1 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 1 + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 8 ++++---- drivers/net/wireless/realtek/rtw88/fw.c | 2 +- drivers/net/wireless/zydas/zd1201.c | 2 +- drivers/phy/qualcomm/phy-qcom-usb-hs.c | 1 + drivers/pinctrl/renesas/pinctrl-rza1.c | 1 + drivers/regulator/as3722-regulator.c | 3 ++- drivers/scsi/aacraid/commsup.c | 1 + drivers/scsi/aha1740.c | 1 + drivers/scsi/aic7xxx/aic79xx_core.c | 4 +++- drivers/scsi/aic7xxx/aic7xxx_core.c | 4 ++-- drivers/scsi/aic94xx/aic94xx_scb.c | 2 ++ drivers/scsi/aic94xx/aic94xx_task.c | 2 ++ drivers/scsi/bfa/bfa_fcs_lport.c | 2 +- drivers/scsi/bfa/bfa_ioc.c | 6 ++++-- drivers/scsi/csiostor/csio_wr.c | 1 + drivers/scsi/lpfc/lpfc_bsg.c | 1 + drivers/scsi/stex.c | 1 + drivers/slimbus/messaging.c | 1 + drivers/staging/media/atomisp/pci/runtime/isys/src/rx.c | 1 + drivers/staging/qlge/qlge_main.c | 1 + drivers/staging/rtl8723bs/core/rtw_cmd.c | 1 + drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 1 + drivers/staging/rtl8723bs/core/rtw_wlan_util.c | 1 + drivers/staging/vt6655/device_main.c | 1 + drivers/staging/vt6655/rxtx.c | 2 ++ drivers/staging/vt6656/main_usb.c | 1 + drivers/target/target_core_iblock.c | 1 + drivers/target/target_core_pr.c | 1 + drivers/tee/tee_core.c | 1 + drivers/usb/gadget/function/f_fs.c | 2 ++ drivers/usb/gadget/function/f_loopback.c | 2 +- drivers/usb/gadget/function/f_sourcesink.c | 1 + drivers/usb/gadget/udc/dummy_hcd.c | 2 ++ drivers/usb/host/fotg210-hcd.c | 2 +- drivers/usb/host/isp116x-hcd.c | 1 + drivers/usb/host/max3421-hcd.c | 1 + drivers/usb/host/oxu210hp-hcd.c | 1 + drivers/usb/misc/yurex.c | 1 + drivers/usb/musb/tusb6010.c | 1 + drivers/usb/storage/ene_ub6250.c | 1 + drivers/usb/storage/uas.c | 1 + drivers/video/fbdev/geode/lxfb_ops.c | 1 + drivers/video/fbdev/pm2fb.c | 1 + drivers/watchdog/machzwd.c | 1 + drivers/xen/manage.c | 1 + fs/afs/cmservice.c | 5 +++++ fs/afs/fsclient.c | 4 ++++ fs/afs/vlclient.c | 1 + fs/ceph/dir.c | 2 ++ fs/cifs/inode.c | 1 + fs/cifs/sess.c | 1 + fs/cifs/smbdirect.c | 1 + fs/ext2/inode.c | 1 + fs/ext4/super.c | 1 + fs/gfs2/inode.c | 2 ++ fs/gfs2/recovery.c | 1 + fs/isofs/rock.c | 1 + fs/nfs/nfs3acl.c | 1 + fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 2 ++ fs/nfs/nfs4state.c | 1 + fs/nfs/pnfs.c | 2 ++ fs/nfsd/nfs4state.c | 1 + fs/nfsd/nfsctl.c | 1 + fs/reiserfs/namei.c | 1 + mm/mm_init.c | 1 + mm/vmscan.c | 1 + net/ax25/af_ax25.c | 1 + net/bridge/br_input.c | 1 + net/core/dev.c | 1 + net/decnet/dn_route.c | 2 +- net/ipv4/ah4.c | 1 + net/ipv4/esp4.c | 1 + net/ipv4/fib_semantics.c | 1 + net/ipv4/ip_vti.c | 1 + net/ipv4/ipcomp.c | 1 + net/ipv4/netfilter/ipt_REJECT.c | 1 + net/mac80211/cfg.c | 2 ++ net/netfilter/nf_conntrack_proto_dccp.c | 1 + net/netfilter/nf_tables_api.c | 1 + net/netfilter/nft_ct.c | 1 + net/netrom/nr_route.c | 4 ++++ net/packet/af_packet.c | 1 + net/rds/tcp_connect.c | 1 + net/rds/threads.c | 2 ++ net/rose/rose_route.c | 2 ++ net/rxrpc/af_rxrpc.c | 1 + net/sctp/input.c | 3 ++- net/sunrpc/rpc_pipe.c | 1 + net/sunrpc/xprtsock.c | 1 + net/tipc/link.c | 1 + net/wireless/nl80211.c | 1 + net/wireless/util.c | 1 + net/xfrm/xfrm_interface.c | 1 + security/integrity/ima/ima_main.c | 1 + security/integrity/ima/ima_policy.c | 2 ++ security/keys/process_keys.c | 1 + security/selinux/hooks.c | 1 + sound/drivers/pcsp/pcsp_input.c | 1 + sound/isa/sb/sb8_main.c | 1 + sound/pci/rme9652/hdspm.c | 1 + sound/soc/codecs/adav80x.c | 1 + sound/soc/codecs/arizona.c | 1 + sound/soc/codecs/cs42l52.c | 1 + sound/soc/codecs/cs42l56.c | 1 + sound/soc/codecs/cs47l92.c | 1 + sound/soc/codecs/wm8962.c | 1 + 209 files changed, 264 insertions(+), 26 deletions(-) -- 2.27.0

3 years, 6 months

21
73
0 0

[PATCH v2 0/2] optee: fix OOM seen due to tee_shm_free()

by Allen Pais

From: Allen Pais <apais(a)linux.microsoft.com> The following out of memory errors are seen on kexec reboot from the optee core. [ 0.368428] tee_bnxt_fw optee-clnt0: tee_shm_alloc failed [ 0.368461] tee_bnxt_fw: probe of optee-clnt0 failed with error -22 tee_shm_release() is not invoked on dma shm buffer. Implement .shutdown() in optee core as well as bnxt firmware driver to handle the release of the buffers correctly. More info: https://github.com/OP-TEE/optee_os/issues/3637 v2: keep the .shutdown() method simple. [Jens Wiklander] Allen Pais (2): optee: fix tee out of memory failure seen during kexec reboot firmware: tee_bnxt: implement shutdown method to handle kexec reboots drivers/firmware/broadcom/tee_bnxt_fw.c | 9 +++++++++ drivers/tee/optee/core.c | 20 ++++++++++++++++++++ 2 files changed, 29 insertions(+) -- 2.25.1

3 years, 6 months

4
27
0 0

[PATCH v9 0/4] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This patch-set has been tested with OP-TEE based early TA which is already merged in upstream [1]. [1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d… Changes in v9: 1. Rebased to latest tpmdd/master. 2. Defined pr_fmt() and removed redundant tags. 3. Patch #2: incorporated misc. comments. 4. Patch #3: incorporated doc changes from Elaine and misc. comments from Randy. 5. Patch #4: reverted to separate maintainer entry as per request from Jarkko. 6. Added Jarkko's Tested-by: tag on patch #2. Changes in v8: 1. Added static calls support instead of indirect calls. 2. Documented trusted keys source module parameter. 3. Refined patch #1 commit message discription. 4. Addressed misc. comments on patch #2. 5. Added myself as Trusted Keys co-maintainer instead. 6. Rebased to latest tpmdd master. Changes in v7: 1. Added a trusted.source module parameter in order to enforce user's choice in case a particular platform posses both TPM and TEE. 2. Refine commit description for patch #1. Changes in v6: 1. Revert back to dynamic detection of trust source. 2. Drop author mention from trusted_core.c and trusted_tpm1.c files. 3. Rebased to latest tpmdd/master. Changes in v5: 1. Drop dynamic detection of trust source and use compile time flags instead. 2. Rename trusted_common.c -> trusted_core.c. 3. Rename callback: cleanup() -> exit(). 4. Drop "tk" acronym. 5. Other misc. comments. 6. Added review tags for patch #3 and #4. Changes in v4: 1. Pushed independent TEE features separately: - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 2. Updated trusted-encrypted doc with TEE as a new trust source. 3. Rebased onto latest tpmdd/master. Changes in v3: 1. Update patch #2 to support registration of multiple kernel pages. 2. Incoporate dependency patch #4 in this patch-set: https://patchwork.kernel.org/patch/11091435/ Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (4): KEYS: trusted: Add generic trusted keys framework KEYS: trusted: Introduce TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source MAINTAINERS: Add entry for TEE based Trusted Keys .../admin-guide/kernel-parameters.txt | 12 + .../security/keys/trusted-encrypted.rst | 171 ++++++-- MAINTAINERS | 8 + include/keys/trusted-type.h | 53 +++ include/keys/trusted_tee.h | 16 + include/keys/trusted_tpm.h | 29 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 358 +++++++++++++++++ security/keys/trusted-keys/trusted_tee.c | 317 +++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 366 ++++-------------- 10 files changed, 981 insertions(+), 351 deletions(-) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_core.c create mode 100644 security/keys/trusted-keys/trusted_tee.c -- 2.25.1

3 years, 7 months

3
20
0 0

[PATCH] tee: optee: fix build error caused by recent optee tracepoints feature

by Jisheng Zhang

If build kernel without "O=dir", below error will be seen: In file included from drivers/tee/optee/optee_trace.h:67, from drivers/tee/optee/call.c:18: ./include/trace/define_trace.h:95:42: fatal error: ./optee_trace.h: No such file or directory 95 | #include TRACE_INCLUDE(TRACE_INCLUDE_FILE) | ^ compilation terminated. Fix it by adding below line to Makefile: CFLAGS_call.o := -I$(src) Tested with and without "O=dir", both can build successfully. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> --- drivers/tee/optee/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tee/optee/Makefile b/drivers/tee/optee/Makefile index 56263ae3b1d7..3aa33ea9e6a6 100644 --- a/drivers/tee/optee/Makefile +++ b/drivers/tee/optee/Makefile @@ -6,3 +6,6 @@ optee-objs += rpc.o optee-objs += supp.o optee-objs += shm_pool.o optee-objs += device.o + +# for tracing framework to find optee_trace.h +CFLAGS_call.o := -I$(src) -- 2.31.0

3 years, 7 months

3
5
0 0

[PATCH] tee: amdtee: unload TA only when its refcount becomes 0

by Rijo Thomas

Same Trusted Application (TA) can be loaded in multiple TEE contexts. If it is a single instance TA, the TA should not get unloaded from AMD Secure Processor, while it is still in use in another TEE context. Therefore reference count TA and unload it when the count becomes zero. Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Reviewed-by: Devaraj Rangasamy <Devaraj.Rangasamy(a)amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas(a)amd.com> --- drivers/tee/amdtee/amdtee_private.h | 13 +++++ drivers/tee/amdtee/call.c | 73 +++++++++++++++++++++++++++-- drivers/tee/amdtee/core.c | 15 +++--- 3 files changed, 92 insertions(+), 9 deletions(-) diff --git a/drivers/tee/amdtee/amdtee_private.h b/drivers/tee/amdtee/amdtee_private.h index 337c8d82f74e..6d0f7062bb87 100644 --- a/drivers/tee/amdtee/amdtee_private.h +++ b/drivers/tee/amdtee/amdtee_private.h @@ -21,6 +21,7 @@ #define TEEC_SUCCESS 0x00000000 #define TEEC_ERROR_GENERIC 0xFFFF0000 #define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C #define TEEC_ERROR_COMMUNICATION 0xFFFF000E #define TEEC_ORIGIN_COMMS 0x00000002 @@ -93,6 +94,18 @@ struct amdtee_shm_data { u32 buf_id; }; +/** + * struct amdtee_ta_data - Keeps track of all TAs loaded in AMD Secure + * Processor + * @ta_handle: Handle to TA loaded in TEE + * @refcount: Reference count for the loaded TA + */ +struct amdtee_ta_data { + struct list_head list_node; + u32 ta_handle; + u32 refcount; +}; + #define LOWER_TWO_BYTE_MASK 0x0000FFFF /** diff --git a/drivers/tee/amdtee/call.c b/drivers/tee/amdtee/call.c index 096dd4d92d39..e10601417ea3 100644 --- a/drivers/tee/amdtee/call.c +++ b/drivers/tee/amdtee/call.c @@ -121,15 +121,69 @@ static int amd_params_to_tee_params(struct tee_param *tee, u32 count, return ret; } +static DEFINE_MUTEX(ta_refcount_mutex); +static struct list_head ta_list = LIST_HEAD_INIT(ta_list); + +static u32 get_ta_refcount(u32 ta_handle) +{ + struct amdtee_ta_data *ta_data; + u32 count = 0; + + /* Caller must hold a mutex */ + list_for_each_entry(ta_data, &ta_list, list_node) + if (ta_data->ta_handle == ta_handle) + return ++ta_data->refcount; + + ta_data = kzalloc(sizeof(*ta_data), GFP_KERNEL); + if (ta_data) { + ta_data->ta_handle = ta_handle; + ta_data->refcount = 1; + count = ta_data->refcount; + list_add(&ta_data->list_node, &ta_list); + } + + return count; +} + +static u32 put_ta_refcount(u32 ta_handle) +{ + struct amdtee_ta_data *ta_data; + u32 count = 0; + + /* Caller must hold a mutex */ + list_for_each_entry(ta_data, &ta_list, list_node) + if (ta_data->ta_handle == ta_handle) { + count = --ta_data->refcount; + if (count == 0) { + list_del(&ta_data->list_node); + kfree(ta_data); + break; + } + } + + return count; +} + int handle_unload_ta(u32 ta_handle) { struct tee_cmd_unload_ta cmd = {0}; - u32 status; + u32 status, count; int ret; if (!ta_handle) return -EINVAL; + mutex_lock(&ta_refcount_mutex); + + count = put_ta_refcount(ta_handle); + + if (count) { + pr_debug("unload ta: not unloading %u count %u\n", + ta_handle, count); + ret = -EBUSY; + goto unlock; + } + cmd.ta_handle = ta_handle; ret = psp_tee_process_cmd(TEE_CMD_ID_UNLOAD_TA, (void *)&cmd, @@ -137,8 +191,12 @@ int handle_unload_ta(u32 ta_handle) if (!ret && status != 0) { pr_err("unload ta: status = 0x%x\n", status); ret = -EBUSY; + } else { + pr_debug("unloaded ta handle %u\n", ta_handle); } +unlock: + mutex_unlock(&ta_refcount_mutex); return ret; } @@ -357,14 +415,23 @@ int handle_load_ta(void *data, u32 size, struct tee_ioctl_open_session_arg *arg) cmd.low_addr = lower_32_bits(blob); cmd.size = size; + mutex_lock(&ta_refcount_mutex); + ret = psp_tee_process_cmd(TEE_CMD_ID_LOAD_TA, (void *)&cmd, sizeof(cmd), &arg->ret); if (ret) { arg->ret_origin = TEEC_ORIGIN_COMMS; arg->ret = TEEC_ERROR_COMMUNICATION; - } else { - set_session_id(cmd.ta_handle, 0, &arg->session); + } else if (arg->ret == TEEC_SUCCESS) { + ret = get_ta_refcount(cmd.ta_handle); + if (!ret) { + arg->ret_origin = TEEC_ORIGIN_COMMS; + arg->ret = TEEC_ERROR_OUT_OF_MEMORY; + } else { + set_session_id(cmd.ta_handle, 0, &arg->session); + } } + mutex_unlock(&ta_refcount_mutex); pr_debug("load TA: TA handle = 0x%x, RO = 0x%x, ret = 0x%x\n", cmd.ta_handle, arg->ret_origin, arg->ret); diff --git a/drivers/tee/amdtee/core.c b/drivers/tee/amdtee/core.c index 8a6a8f30bb42..da6b88e80dc0 100644 --- a/drivers/tee/amdtee/core.c +++ b/drivers/tee/amdtee/core.c @@ -59,10 +59,9 @@ static void release_session(struct amdtee_session *sess) continue; handle_close_session(sess->ta_handle, sess->session_info[i]); + handle_unload_ta(sess->ta_handle); } - /* Unload Trusted Application once all sessions are closed */ - handle_unload_ta(sess->ta_handle); kfree(sess); } @@ -224,8 +223,6 @@ static void destroy_session(struct kref *ref) struct amdtee_session *sess = container_of(ref, struct amdtee_session, refcount); - /* Unload the TA from TEE */ - handle_unload_ta(sess->ta_handle); mutex_lock(&session_list_mutex); list_del(&sess->list_node); mutex_unlock(&session_list_mutex); @@ -238,7 +235,7 @@ int amdtee_open_session(struct tee_context *ctx, { struct amdtee_context_data *ctxdata = ctx->data; struct amdtee_session *sess = NULL; - u32 session_info; + u32 session_info, ta_handle; size_t ta_size; int rc, i; void *ta; @@ -259,11 +256,14 @@ int amdtee_open_session(struct tee_context *ctx, if (arg->ret != TEEC_SUCCESS) goto out; + ta_handle = get_ta_handle(arg->session); + mutex_lock(&session_list_mutex); sess = alloc_session(ctxdata, arg->session); mutex_unlock(&session_list_mutex); if (!sess) { + handle_unload_ta(ta_handle); rc = -ENOMEM; goto out; } @@ -277,6 +277,7 @@ int amdtee_open_session(struct tee_context *ctx, if (i >= TEE_NUM_SESSIONS) { pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); + handle_unload_ta(ta_handle); kref_put(&sess->refcount, destroy_session); rc = -ENOMEM; goto out; @@ -289,12 +290,13 @@ int amdtee_open_session(struct tee_context *ctx, spin_lock(&sess->lock); clear_bit(i, sess->sess_mask); spin_unlock(&sess->lock); + handle_unload_ta(ta_handle); kref_put(&sess->refcount, destroy_session); goto out; } sess->session_info[i] = session_info; - set_session_id(sess->ta_handle, i, &arg->session); + set_session_id(ta_handle, i, &arg->session); out: free_pages((u64)ta, get_order(ta_size)); return rc; @@ -329,6 +331,7 @@ int amdtee_close_session(struct tee_context *ctx, u32 session) /* Close the session */ handle_close_session(ta_handle, session_info); + handle_unload_ta(ta_handle); kref_put(&sess->refcount, destroy_session); -- 2.17.1

3 years, 7 months

2
2
0 0

[GIT PULL] OP-TEE memref size check for v5.13

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small patch for the OP-TEE driver to remove the invalid size check of outgoing memref parameters. This code path is only activated for a certain configuration of OP-TEE in secure world (CFG_CORE_DYN_SHM=n) so this problem isn't always visible. Thanks, Jens The following changes since commit a38fd8748464831584a19438cbb3082b5a2dab15: Linux 5.12-rc2 (2021-03-05 17:33:41 -0800) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/optee-memref-size-for-v5.13 for you to fetch changes up to c650b8dc7a7910eb25af0aac1720f778b29e679d: tee: optee: do not check memref size on return from Secure World (2021-03-30 10:44:50 +0200) ---------------------------------------------------------------- OP-TEE skip check of returned memref size ---------------------------------------------------------------- Jerome Forissier (1): tee: optee: do not check memref size on return from Secure World drivers/tee/optee/core.c | 10 ---------- 1 file changed, 10 deletions(-)

3 years, 7 months

2
1
0 0

[GIT PULL] OP-TEE tracepoints fix for v5.13

by Jens Wiklander

Hello arm-soc maintainers, The previous pull request for OP-TEE tracepoints introduced a build error when building whithout O=..., apparently many regression builds uses that option. Please pull this small fix for the build error. Thanks, Jens The following changes since commit 0101947dbcc3204f08fb5b69a21dbd4b1535cad6: tee: optee: add invoke_fn tracepoints (2021-03-15 12:04:01 +0100) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/optee-tracepoints-fix-for-v5.13 for you to fetch changes up to 7ccdcaace80810175bd20b2ece856b42edd43991: tee: optee: fix build error caused by recent optee tracepoints feature (2021-03-30 09:33:33 +0200) ---------------------------------------------------------------- Fixes build error for recently added OP-TEE tracepoints ---------------------------------------------------------------- Jisheng Zhang (1): tee: optee: fix build error caused by recent optee tracepoints feature drivers/tee/optee/Makefile | 3 +++ 1 file changed, 3 insertions(+)

3 years, 7 months

2
3
0 0

Re: [PATCH 1/1] tee: optee: do not check memref size on return from Secure World

by Sumit Garg

On Mon, 22 Mar 2021 at 16:11, Jerome Forissier via OP-TEE <op-tee(a)lists.trustedfirmware.org> wrote: > > When Secure World returns, it may have changed the size attribute of the > memory references passed as [in/out] parameters. The GlobalPlatform TEE > Internal Core API specification does not restrict the values that this > size can take. In particular, Secure World may increase the value to be > larger than the size of the input buffer to indicate that it needs more. > > Therefore, the size check in optee_from_msg_param() is incorrect and > needs to be removed. This fixes a number of failed test cases in the > GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 > when OP-TEE is compiled without dynamic shared memory support > (CFG_CORE_DYN_SHM=n). > > Suggested-by: Jens Wiklander <jens.wiklander(a)linaro.org> > Signed-off-by: Jerome Forissier <jerome(a)forissier.org> > --- > drivers/tee/optee/core.c | 10 ---------- > 1 file changed, 10 deletions(-) > Looks good to me. Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> -Sumit > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c > index 319a1e701163..ddb8f9ecf307 100644 > --- a/drivers/tee/optee/core.c > +++ b/drivers/tee/optee/core.c > @@ -79,16 +79,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params, > return rc; > p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; > p->u.memref.shm = shm; > - > - /* Check that the memref is covered by the shm object */ > - if (p->u.memref.size) { > - size_t o = p->u.memref.shm_offs + > - p->u.memref.size - 1; > - > - rc = tee_shm_get_pa(shm, o, NULL); > - if (rc) > - return rc; > - } > break; > case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: > case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: > -- > 2.25.1 >

3 years, 7 months

2
1
0 0

Build breakage in next-20210330 due to optee_trace.h

by Pratyush Yadav

Hi, I recently rebased a dev branch on top of next-20210330 (4143e05b7b17) and I notice a build error from the optee driver: In file included from drivers/tee/optee/call.c:18: In file included from drivers/tee/optee/optee_trace.h:67: ./include/trace/define_trace.h:95:10: fatal error: './optee_trace.h' file not found #include TRACE_INCLUDE(TRACE_INCLUDE_FILE) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./include/trace/define_trace.h:90:32: note: expanded from macro 'TRACE_INCLUDE' # define TRACE_INCLUDE(system) __TRACE_INCLUDE(system) ^~~~~~~~~~~~~~~~~~~~~~~ ./include/trace/define_trace.h:87:34: note: expanded from macro '__TRACE_INCLUDE' # define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./include/linux/stringify.h:10:27: note: expanded from macro '__stringify' #define __stringify(x...) __stringify_1(x) ^~~~~~~~~~~~~~~~ ./include/linux/stringify.h:9:29: note: expanded from macro '__stringify_1' #define __stringify_1(x...) #x ^~ <scratch space>:135:1: note: expanded from here "./optee_trace.h" ^~~~~~~~~~~~~~~~~ 1 error generated. The config is attached. I am building using clang. $ clang --version clang version 11.1.0 Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/bin -- Regards, Pratyush Yadav

3 years, 7 months

2
1
0 0

RE: [TF-A] Firmware FuSa workshop

by Miklos Balint

To += op-tee(a)lists.trustedfirmware.org<mailto:op-tee@lists.trustedfirmware.org> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of François Ozog via TF-A Sent: 26 March 2021 19:08 To: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Cc: tf-a(a)lists.trustedfirmware.org; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; Ilias Apalodimas <ilias.apalodimas(a)linaro.org> Subject: Re: [TF-A] Firmware FuSa workshop Le ven. 26 mars 2021 à 18:42, Heinrich Schuchardt <xypron.glpk(a)gmx.de<mailto:xypron.glpk@gmx.de>> a écrit : On 26.03.21 16:05, François Ozog wrote: > Hi, > > > Linaro is conducting an opportunity assessment to make OP-TEE ready for > functional safety sensitive environments. The goal is to present a plan to > Linaro members by the end of July 2021. > > The scope of the research is somewhat bigger because we can’t think of > OP-TEE without thinking of Trusted Firmware and Hafnium. The plan will > though not address those (unless we recognize we have to). We don’t think > U-Boot shall be part of the picture but we are welcoming contradictory > points of views. Hello François, Some boards boot via SPL->TF-A->U-Boot. Here U-Boot's SPL is relevant for OP-TEE's security. U-Boot can save variables via OP-TEE (implemented by Ilias). In this case OP-TEE has an implication on secure boot. I fully understand that these scenarios are not in the focus of the workshop. it may if companies have this particular flow in mind for safety certification. Our goal is not to make all boot flows safety ready but to identify which ones we need to consider. And the workshop may help in this identification. Best regards Heinrich > > We are organizing a 2 hours workshop on April 15th 9am CET to mostly hear > about use cases and ideas about Long Term Support requirements . We will > present the state of the research. > > The first use case is booting a safety certified type-1 hypervisor (open > source or commercial is irrelevant). > > But we know there are many more: please be ready to contribute. > > We think of more radical use cases: a safety payload is actually loaded as > a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device > backends. In other words, Trust Zone hosts both safety and security worlds > , EL3 being the « software root of trust » pivot world. In those cases, > some cores never go out of secure state… > > > Agenda (to be refined) > > - > > Vision > - > > State of the research > <https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88B…> > - > > Use cases discussion > - > > What is the right scope? > - > > “Who do what” discussion (LTS, archiving...) > - > > Safety personnel (Linaro and contractors) discussion > - > > Other considerations from participants? > - > > Community organizations and funding? > - > > Closing and next steps > > > Should you want to participate and have not yet received an invite, please > contact me directly. > > Cordially, > > François-Frédéric > > PS: Please reach out should you want another date with a time compatible > with more time zones. This alternate date is not guaranteed though. > > -- [https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&ex…] François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group T: +33.67221.6485 francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org> | Skype: ffozog

3 years, 7 months

1
0
0 0

2024

2023

2022

2021

2020

OP-TEE March 2021