- OP-TEE - lists.trustedfirmware.org

About patch for ARM Spectre-BHB in OPTEE OS

by KL Huang (黃闞立)

Hi, Sir: ARM announced vulnerability about Spectre-BHB and patches are also available for Linux and TF-A. https://developer.arm.com/support/arm-security-updates/speculative-processo… May I know if OPTEE OS will have the patch in the upcoming version? Best regards, KL Huang

4 years, 3 months

2
1
0 0

[PATCH v4] rtc: optee: add RTC driver for OP-TEE RTC PTA

by Clément Léger

This drivers allows to communicate with a RTC PTA handled by OP-TEE [1]. This PTA allows to query RTC information, set/get time and set/get offset depending on the supported features. [1] https://github.com/OP-TEE/optee_os/pull/5179 Signed-off-by: Clément Léger <clement.leger(a)bootlin.com> --- Changes in v4: - Remove error prints except the ones in probe Changes in v3 (was resent as a second v2 due to a mistake); - Fix error messages to include ret value and fix wrong IOCTL names - Use 100 columns char limit Changes in v2: - Rebased over tee-shm-for-v5.18 - Switch to tee_shm_alloc_kernel_buf() - Use export_uuid() to copy uuid - Fix warnings reported by checkpatch - Free SHM in error exit path MAINTAINERS | 6 + drivers/rtc/Kconfig | 10 ++ drivers/rtc/Makefile | 1 + drivers/rtc/rtc-optee.c | 362 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 379 insertions(+) create mode 100644 drivers/rtc/rtc-optee.c diff --git a/MAINTAINERS b/MAINTAINERS index f41088418aae..b21375ad73d2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14361,6 +14361,12 @@ L: op-tee(a)lists.trustedfirmware.org S: Maintained F: drivers/char/hw_random/optee-rng.c +OP-TEE RTC DRIVER +M: Clément Léger <clement.leger(a)bootlin.com> +L: linux-rtc(a)vger.kernel.org +S: Maintained +F: drivers/rtc/rtc-optee.c + OPA-VNIC DRIVER M: Dennis Dalessandro <dennis.dalessandro(a)cornelisnetworks.com> M: Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> diff --git a/drivers/rtc/Kconfig b/drivers/rtc/Kconfig index d85a3c31347c..cba5427f79b3 100644 --- a/drivers/rtc/Kconfig +++ b/drivers/rtc/Kconfig @@ -1293,6 +1293,16 @@ config RTC_DRV_OPAL This driver can also be built as a module. If so, the module will be called rtc-opal. +config RTC_DRV_OPTEE + tristate "OP-TEE based RTC driver" + depends on OPTEE + help + Select this to get support for OP-TEE based RTC control on SoCs where + RTC are not accessible to the normal world (Linux). + + This driver can also be built as a module. If so, the module + will be called rtc-optee. + config RTC_DRV_ZYNQMP tristate "Xilinx Zynq Ultrascale+ MPSoC RTC" depends on OF && HAS_IOMEM diff --git a/drivers/rtc/Makefile b/drivers/rtc/Makefile index e92f3e943245..2d827d8261d5 100644 --- a/drivers/rtc/Makefile +++ b/drivers/rtc/Makefile @@ -115,6 +115,7 @@ obj-$(CONFIG_RTC_DRV_GAMECUBE) += rtc-gamecube.o obj-$(CONFIG_RTC_DRV_NTXEC) += rtc-ntxec.o obj-$(CONFIG_RTC_DRV_OMAP) += rtc-omap.o obj-$(CONFIG_RTC_DRV_OPAL) += rtc-opal.o +obj-$(CONFIG_RTC_DRV_OPTEE) += rtc-optee.o obj-$(CONFIG_RTC_DRV_PALMAS) += rtc-palmas.o obj-$(CONFIG_RTC_DRV_PCAP) += rtc-pcap.o obj-$(CONFIG_RTC_DRV_PCF2123) += rtc-pcf2123.o diff --git a/drivers/rtc/rtc-optee.c b/drivers/rtc/rtc-optee.c new file mode 100644 index 000000000000..9f8b5d4a8f6b --- /dev/null +++ b/drivers/rtc/rtc-optee.c @@ -0,0 +1,362 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Microchip. + */ + +#include <linux/device.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/rtc.h> +#include <linux/tee_drv.h> + +#define RTC_INFO_VERSION 0x1 + +#define TA_CMD_RTC_GET_INFO 0x0 +#define TA_CMD_RTC_GET_TIME 0x1 +#define TA_CMD_RTC_SET_TIME 0x2 +#define TA_CMD_RTC_GET_OFFSET 0x3 +#define TA_CMD_RTC_SET_OFFSET 0x4 + +#define TA_RTC_FEATURE_CORRECTION BIT(0) + +struct optee_rtc_time { + u32 tm_sec; + u32 tm_min; + u32 tm_hour; + u32 tm_mday; + u32 tm_mon; + u32 tm_year; + u32 tm_wday; +}; + +struct optee_rtc_info { + u64 version; + u64 features; + struct optee_rtc_time range_min; + struct optee_rtc_time range_max; +}; + +/** + * struct optee_rtc - OP-TEE RTC private data + * @dev: OP-TEE based RTC device. + * @ctx: OP-TEE context handler. + * @session_id: RTC TA session identifier. + * @shm: Memory pool shared with RTC device. + * @features: Bitfield of RTC features + */ +struct optee_rtc { + struct device *dev; + struct tee_context *ctx; + u32 session_id; + struct tee_shm *shm; + u64 features; +}; + +static int optee_rtc_readtime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct optee_rtc_time *optee_tm; + struct tee_param param[4] = {0}; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + /* Fill invoke cmd params */ + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) + return ret ? ret : -EPROTO; + + optee_tm = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(optee_tm)) + return PTR_ERR(optee_tm); + + if (param[0].u.memref.size != sizeof(*optee_tm)) + return -EPROTO; + + tm->tm_sec = optee_tm->tm_sec; + tm->tm_min = optee_tm->tm_min; + tm->tm_hour = optee_tm->tm_hour; + tm->tm_mday = optee_tm->tm_mday; + tm->tm_mon = optee_tm->tm_mon; + tm->tm_year = optee_tm->tm_year - 1900; + tm->tm_wday = optee_tm->tm_wday; + tm->tm_yday = rtc_year_days(tm->tm_mday, tm->tm_mon, tm->tm_year); + + return 0; +} + +static int optee_rtc_settime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_time optee_tm; + void *rtc_data; + int ret; + + optee_tm.tm_sec = tm->tm_sec; + optee_tm.tm_min = tm->tm_min; + optee_tm.tm_hour = tm->tm_hour; + optee_tm.tm_mday = tm->tm_mday; + optee_tm.tm_mon = tm->tm_mon; + optee_tm.tm_year = tm->tm_year + 1900; + optee_tm.tm_wday = tm->tm_wday; + + inv_arg.func = TA_CMD_RTC_SET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + + rtc_data = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(rtc_data)) + return PTR_ERR(rtc_data); + + memcpy(rtc_data, &optee_tm, sizeof(struct optee_rtc_time)); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) + return ret ? ret : -EPROTO; + + return 0; +} + +static int optee_rtc_readoffset(struct device *dev, long *offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_GET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) + return ret ? ret : -EPROTO; + + *offset = param[0].u.value.a; + + return 0; +} + +static int optee_rtc_setoffset(struct device *dev, long offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_SET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + param[0].u.value.a = offset; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) + return ret ? ret : -EPROTO; + + return 0; +} + +static const struct rtc_class_ops optee_rtc_ops = { + .read_time = optee_rtc_readtime, + .set_time = optee_rtc_settime, + .set_offset = optee_rtc_setoffset, + .read_offset = optee_rtc_readoffset, +}; + +static int optee_rtc_read_info(struct device *dev, struct rtc_device *rtc, + u64 *features) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_info *info; + struct optee_rtc_time *tm; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_INFO; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(*info); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) + return ret ? ret : -EPROTO; + + info = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(info)) + return PTR_ERR(info); + + if (param[0].u.memref.size != sizeof(*info)) + return -EPROTO; + + if (info->version != RTC_INFO_VERSION) + return -EPROTO; + + *features = info->features; + + tm = &info->range_min; + rtc->range_min = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec); + tm = &info->range_max; + rtc->range_max = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec); + + return 0; +} + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + if (ver->impl_id == TEE_IMPL_ID_OPTEE) + return 1; + else + return 0; +} + +static int optee_rtc_probe(struct device *dev) +{ + struct tee_client_device *rtc_device = to_tee_client_device(dev); + struct tee_ioctl_open_session_arg sess_arg; + struct optee_rtc *priv; + struct rtc_device *rtc; + struct tee_shm *shm; + int ret, err; + + memset(&sess_arg, 0, sizeof(sess_arg)); + + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + rtc = devm_rtc_allocate_device(dev); + if (IS_ERR(rtc)) + return PTR_ERR(rtc); + + /* Open context with TEE driver */ + priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL); + if (IS_ERR(priv->ctx)) + return -ENODEV; + + /* Open session with rtc Trusted App */ + export_uuid(sess_arg.uuid, &rtc_device->id.uuid); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; + + ret = tee_client_open_session(priv->ctx, &sess_arg, NULL); + if (ret < 0 || sess_arg.ret != 0) { + dev_err(dev, "tee_client_open_session failed, err: %x\n", sess_arg.ret); + err = -EINVAL; + goto out_ctx; + } + priv->session_id = sess_arg.session; + + shm = tee_shm_alloc_kernel_buf(priv->ctx, sizeof(struct optee_rtc_info)); + if (IS_ERR(shm)) { + dev_err(priv->dev, "tee_shm_alloc_kernel_buf failed\n"); + err = PTR_ERR(shm); + goto out_sess; + } + + priv->shm = shm; + priv->dev = dev; + dev_set_drvdata(dev, priv); + + rtc->ops = &optee_rtc_ops; + + err = optee_rtc_read_info(dev, rtc, &priv->features); + if (err) { + dev_err(dev, "Failed to get RTC features from OP-TEE\n"); + goto out_shm; + } + + err = devm_rtc_register_device(rtc); + if (err) + goto out_shm; + + /* + * We must clear this bit after registering because rtc_register_device + * will set it if it sees that .set_offset is provided. + */ + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + clear_bit(RTC_FEATURE_CORRECTION, rtc->features); + + return 0; + +out_shm: + tee_shm_free(priv->shm); +out_sess: + tee_client_close_session(priv->ctx, priv->session_id); +out_ctx: + tee_client_close_context(priv->ctx); + + return err; +} + +static int optee_rtc_remove(struct device *dev) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + + tee_client_close_session(priv->ctx, priv->session_id); + tee_client_close_context(priv->ctx); + + return 0; +} + +static const struct tee_client_device_id optee_rtc_id_table[] = { + {UUID_INIT(0xf389f8c8, 0x845f, 0x496c, + 0x8b, 0xbe, 0xd6, 0x4b, 0xd2, 0x4c, 0x92, 0xfd)}, + {} +}; + +MODULE_DEVICE_TABLE(tee, optee_rtc_id_table); + +static struct tee_client_driver optee_rtc_driver = { + .id_table = optee_rtc_id_table, + .driver = { + .name = "optee_rtc", + .bus = &tee_bus_type, + .probe = optee_rtc_probe, + .remove = optee_rtc_remove, + }, +}; + +static int __init optee_rtc_mod_init(void) +{ + return driver_register(&optee_rtc_driver.driver); +} + +static void __exit optee_rtc_mod_exit(void) +{ + driver_unregister(&optee_rtc_driver.driver); +} + +module_init(optee_rtc_mod_init); +module_exit(optee_rtc_mod_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Clément Léger <clement.leger(a)bootlin.com>"); +MODULE_DESCRIPTION("OP-TEE based RTC driver"); -- 2.34.1

4 years, 3 months

3
2
0 0

TrustedFirmware Code of Conduct

by Don Harbin

Hi All, Please find the link to the TrustedFirmware Community Code of Conduct here: https://developer.trustedfirmware.org/w/collaboration/community_guidelines/… Trusted Firmware has a very diverse and global developer community. It is important that we adhere to the code of conduct in all our interactions. For some of you all this may be new and for others just a gentle reminder. In either case, if you have any questions, please feel free to reach out to me directly. And thanks to you all for your contributions to the TrustedFirmware community! Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

4 years, 3 months

1
0
0 0

Linaro OP-TEE Contributions (LOC) monthly meeting - Mar 24 CANCELLED

by Ruchika Gupta

Hi, We don't have any topics for the meeting this month. Hence cancelling. Following topics related to OP-TEE will be presented in Linaro Connect Tech Day : Core Technologies <https://www.linaro.org/events/linaro-connect-tech-day-core-technologies/> on March 29. Feel free to join us there. - OP-TEE and FF-A evolution - OP-TEE Lightning Talk Regards, Ruchika (on behalf of OP-TEE team)

4 years, 3 months

1
0
0 0

[PATCH v2] rtc: optee: add RTC driver for OP-TEE RTC PTA

by Clément Léger

This drivers allows to communicate with a RTC PTA handled by OP-TEE [1]. This PTA allows to query RTC information, set/get time and set/get offset depending on the supported features. [1] https://github.com/OP-TEE/optee_os/pull/5179 Signed-off-by: Clément Léger <clement.leger(a)bootlin.com> --- Changes in v2: - Rebased over tee-shm-for-v5.18 - Switch to tee_shm_alloc_kernel_buf() - Use export_uuid() to copy uuid - Fix warnings reported by checkpatch - Free SHM in error exit path - Fix error messages to include ret value and fix wrong IOCTL names - Use 100 columns char limit MAINTAINERS | 6 + drivers/rtc/Kconfig | 10 ++ drivers/rtc/Makefile | 1 + drivers/rtc/rtc-optee.c | 386 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 403 insertions(+) create mode 100644 drivers/rtc/rtc-optee.c diff --git a/MAINTAINERS b/MAINTAINERS index f41088418aae..b21375ad73d2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14361,6 +14361,12 @@ L: op-tee(a)lists.trustedfirmware.org S: Maintained F: drivers/char/hw_random/optee-rng.c +OP-TEE RTC DRIVER +M: Clément Léger <clement.leger(a)bootlin.com> +L: linux-rtc(a)vger.kernel.org +S: Maintained +F: drivers/rtc/rtc-optee.c + OPA-VNIC DRIVER M: Dennis Dalessandro <dennis.dalessandro(a)cornelisnetworks.com> M: Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> diff --git a/drivers/rtc/Kconfig b/drivers/rtc/Kconfig index d85a3c31347c..cba5427f79b3 100644 --- a/drivers/rtc/Kconfig +++ b/drivers/rtc/Kconfig @@ -1293,6 +1293,16 @@ config RTC_DRV_OPAL This driver can also be built as a module. If so, the module will be called rtc-opal. +config RTC_DRV_OPTEE + tristate "OP-TEE based RTC driver" + depends on OPTEE + help + Select this to get support for OP-TEE based RTC control on SoCs where + RTC are not accessible to the normal world (Linux). + + This driver can also be built as a module. If so, the module + will be called rtc-optee. + config RTC_DRV_ZYNQMP tristate "Xilinx Zynq Ultrascale+ MPSoC RTC" depends on OF && HAS_IOMEM diff --git a/drivers/rtc/Makefile b/drivers/rtc/Makefile index e92f3e943245..2d827d8261d5 100644 --- a/drivers/rtc/Makefile +++ b/drivers/rtc/Makefile @@ -115,6 +115,7 @@ obj-$(CONFIG_RTC_DRV_GAMECUBE) += rtc-gamecube.o obj-$(CONFIG_RTC_DRV_NTXEC) += rtc-ntxec.o obj-$(CONFIG_RTC_DRV_OMAP) += rtc-omap.o obj-$(CONFIG_RTC_DRV_OPAL) += rtc-opal.o +obj-$(CONFIG_RTC_DRV_OPTEE) += rtc-optee.o obj-$(CONFIG_RTC_DRV_PALMAS) += rtc-palmas.o obj-$(CONFIG_RTC_DRV_PCAP) += rtc-pcap.o obj-$(CONFIG_RTC_DRV_PCF2123) += rtc-pcf2123.o diff --git a/drivers/rtc/rtc-optee.c b/drivers/rtc/rtc-optee.c new file mode 100644 index 000000000000..a2865ed17cfc --- /dev/null +++ b/drivers/rtc/rtc-optee.c @@ -0,0 +1,386 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Microchip. + */ + +#include <linux/device.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/rtc.h> +#include <linux/tee_drv.h> + +#define RTC_INFO_VERSION 0x1 + +#define TA_CMD_RTC_GET_INFO 0x0 +#define TA_CMD_RTC_GET_TIME 0x1 +#define TA_CMD_RTC_SET_TIME 0x2 +#define TA_CMD_RTC_GET_OFFSET 0x3 +#define TA_CMD_RTC_SET_OFFSET 0x4 + +#define TA_RTC_FEATURE_CORRECTION BIT(0) + +struct optee_rtc_time { + u32 tm_sec; + u32 tm_min; + u32 tm_hour; + u32 tm_mday; + u32 tm_mon; + u32 tm_year; + u32 tm_wday; +}; + +struct optee_rtc_info { + u64 version; + u64 features; + struct optee_rtc_time range_min; + struct optee_rtc_time range_max; +}; + +/** + * struct optee_rtc - OP-TEE RTC private data + * @dev: OP-TEE based RTC device. + * @ctx: OP-TEE context handler. + * @session_id: RTC TA session identifier. + * @shm: Memory pool shared with RTC device. + * @features: Bitfield of RTC features + */ +struct optee_rtc { + struct device *dev; + struct tee_context *ctx; + u32 session_id; + struct tee_shm *shm; + u64 features; +}; + +static int optee_rtc_readtime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct optee_rtc_time *optee_tm; + struct tee_param param[4] = {0}; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + /* Fill invoke cmd params */ + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_TIME invoke ret: %d, tee ret: %x\n", ret, inv_arg.ret); + return ret ? ret : -EPROTO; + } + + optee_tm = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(optee_tm)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(optee_tm); + } + + if (param[0].u.memref.size != sizeof(*optee_tm)) { + dev_err(dev, "Invalid read size from OPTEE\n"); + return -EPROTO; + } + + tm->tm_sec = optee_tm->tm_sec; + tm->tm_min = optee_tm->tm_min; + tm->tm_hour = optee_tm->tm_hour; + tm->tm_mday = optee_tm->tm_mday; + tm->tm_mon = optee_tm->tm_mon; + tm->tm_year = optee_tm->tm_year - 1900; + tm->tm_wday = optee_tm->tm_wday; + tm->tm_yday = rtc_year_days(tm->tm_mday, tm->tm_mon, tm->tm_year); + + return 0; +} + +static int optee_rtc_settime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_time optee_tm; + void *rtc_data; + int ret; + + optee_tm.tm_sec = tm->tm_sec; + optee_tm.tm_min = tm->tm_min; + optee_tm.tm_hour = tm->tm_hour; + optee_tm.tm_mday = tm->tm_mday; + optee_tm.tm_mon = tm->tm_mon; + optee_tm.tm_year = tm->tm_year + 1900; + optee_tm.tm_wday = tm->tm_wday; + + inv_arg.func = TA_CMD_RTC_SET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + + rtc_data = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(rtc_data)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(rtc_data); + } + + memcpy(rtc_data, &optee_tm, sizeof(struct optee_rtc_time)); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_SET_TIME invoke ret: %d, tee ret: %x\n", ret, inv_arg.ret); + return ret ? ret : -EPROTO; + } + + return 0; +} + +static int optee_rtc_readoffset(struct device *dev, long *offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_GET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_OFFSET invoke ret: %d, tee ret: %x\n", ret, + inv_arg.ret); + return ret ? ret : -EPROTO; + } + + *offset = param[0].u.value.a; + + return 0; +} + +static int optee_rtc_setoffset(struct device *dev, long offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_SET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + param[0].u.value.a = offset; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_SET_OFFSET invoke ret: %d, tee ret: %x\n", ret, + inv_arg.ret); + return ret ? ret : -EPROTO; + } + + return 0; +} + +static const struct rtc_class_ops optee_rtc_ops = { + .read_time = optee_rtc_readtime, + .set_time = optee_rtc_settime, + .set_offset = optee_rtc_setoffset, + .read_offset = optee_rtc_readoffset, +}; + +static int optee_rtc_read_info(struct device *dev, struct rtc_device *rtc, + u64 *features) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_info *info; + struct optee_rtc_time *tm; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_INFO; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(*info); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_INFO invoke ret: %d, tee ret: %x\n", ret, inv_arg.ret); + return -EINVAL; + } + + info = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(info)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(info); + } + + if (param[0].u.memref.size != sizeof(*info)) { + dev_err(dev, "Invalid read size from OPTEE\n"); + return -EPROTO; + } + + if (info->version != RTC_INFO_VERSION) { + dev_err(dev, "Unsupported information version %llu\n", info->version); + return -EPROTO; + } + + *features = info->features; + + tm = &info->range_min; + rtc->range_min = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec); + tm = &info->range_max; + rtc->range_max = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec); + + return 0; +} + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + if (ver->impl_id == TEE_IMPL_ID_OPTEE) + return 1; + else + return 0; +} + +static int optee_rtc_probe(struct device *dev) +{ + struct tee_client_device *rtc_device = to_tee_client_device(dev); + struct tee_ioctl_open_session_arg sess_arg; + struct optee_rtc *priv; + struct rtc_device *rtc; + struct tee_shm *shm; + int ret, err; + + memset(&sess_arg, 0, sizeof(sess_arg)); + + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + rtc = devm_rtc_allocate_device(dev); + if (IS_ERR(rtc)) + return PTR_ERR(rtc); + + /* Open context with TEE driver */ + priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL); + if (IS_ERR(priv->ctx)) + return -ENODEV; + + /* Open session with rtc Trusted App */ + export_uuid(sess_arg.uuid, &rtc_device->id.uuid); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; + + ret = tee_client_open_session(priv->ctx, &sess_arg, NULL); + if (ret < 0 || sess_arg.ret != 0) { + dev_err(dev, "tee_client_open_session failed, err: %x\n", sess_arg.ret); + err = -EINVAL; + goto out_ctx; + } + priv->session_id = sess_arg.session; + + shm = tee_shm_alloc_kernel_buf(priv->ctx, sizeof(struct optee_rtc_info)); + if (IS_ERR(shm)) { + dev_err(priv->dev, "tee_shm_alloc_kernel_buf failed\n"); + err = PTR_ERR(shm); + goto out_sess; + } + + priv->shm = shm; + priv->dev = dev; + dev_set_drvdata(dev, priv); + + rtc->ops = &optee_rtc_ops; + + err = optee_rtc_read_info(dev, rtc, &priv->features); + if (err) { + dev_err(dev, "Failed to get RTC features from OP-TEE\n"); + goto out_shm; + } + + err = devm_rtc_register_device(rtc); + if (err) + goto out_shm; + + /* + * We must clear this bit after registering because rtc_register_device + * will set it if it sees that .set_offset is provided. + */ + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + clear_bit(RTC_FEATURE_CORRECTION, rtc->features); + + return 0; + +out_shm: + tee_shm_free(priv->shm); +out_sess: + tee_client_close_session(priv->ctx, priv->session_id); +out_ctx: + tee_client_close_context(priv->ctx); + + return err; +} + +static int optee_rtc_remove(struct device *dev) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + + tee_client_close_session(priv->ctx, priv->session_id); + tee_client_close_context(priv->ctx); + + return 0; +} + +static const struct tee_client_device_id optee_rtc_id_table[] = { + {UUID_INIT(0xf389f8c8, 0x845f, 0x496c, + 0x8b, 0xbe, 0xd6, 0x4b, 0xd2, 0x4c, 0x92, 0xfd)}, + {} +}; + +MODULE_DEVICE_TABLE(tee, optee_rtc_id_table); + +static struct tee_client_driver optee_rtc_driver = { + .id_table = optee_rtc_id_table, + .driver = { + .name = "optee_rtc", + .bus = &tee_bus_type, + .probe = optee_rtc_probe, + .remove = optee_rtc_remove, + }, +}; + +static int __init optee_rtc_mod_init(void) +{ + return driver_register(&optee_rtc_driver.driver); +} + +static void __exit optee_rtc_mod_exit(void) +{ + driver_unregister(&optee_rtc_driver.driver); +} + +module_init(optee_rtc_mod_init); +module_exit(optee_rtc_mod_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Clément Léger <clement.leger(a)bootlin.com>"); +MODULE_DESCRIPTION("OP-TEE based RTC driver"); -- 2.34.1

4 years, 3 months

2
3
0 0

[PATCH v2] rtc: optee: add RTC driver for OP-TEE RTC PTA

by Clément Léger

This drivers allows to communicate with a RTC PTA handled by OP-TEE [1]. This PTA allows to query RTC information, set/get time and set/get offset depending on the supported features. [1] https://github.com/OP-TEE/optee_os/pull/5179 Signed-off-by: Clément Léger <clement.leger(a)bootlin.com> --- Changes in v2: - Rebased over tee-shm-for-v5.18 - Switch to tee_shm_alloc_kernel_buf() - Use export_uuid() to copy uuid - Fix warnings reported by checkpatch - Free SHM in error exit path MAINTAINERS | 6 + drivers/rtc/Kconfig | 10 + drivers/rtc/Makefile | 1 + drivers/rtc/rtc-optee.c | 396 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 413 insertions(+) create mode 100644 drivers/rtc/rtc-optee.c diff --git a/MAINTAINERS b/MAINTAINERS index f41088418aae..b21375ad73d2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14361,6 +14361,12 @@ L: op-tee(a)lists.trustedfirmware.org S: Maintained F: drivers/char/hw_random/optee-rng.c +OP-TEE RTC DRIVER +M: Clément Léger <clement.leger(a)bootlin.com> +L: linux-rtc(a)vger.kernel.org +S: Maintained +F: drivers/rtc/rtc-optee.c + OPA-VNIC DRIVER M: Dennis Dalessandro <dennis.dalessandro(a)cornelisnetworks.com> M: Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> diff --git a/drivers/rtc/Kconfig b/drivers/rtc/Kconfig index d85a3c31347c..b10d88db8e9c 100644 --- a/drivers/rtc/Kconfig +++ b/drivers/rtc/Kconfig @@ -1293,6 +1293,16 @@ config RTC_DRV_OPAL This driver can also be built as a module. If so, the module will be called rtc-opal. +config RTC_DRV_OPTEE + tristate "OP-TEE based RTC driver" + depends on OPTEE + help + Select this to get support for OP-TEE based RTC control on ARM SoCs + where RTC are not accessible to the normal world (Linux). + + This driver can also be built as a module. If so, the module + will be called rtc-optee. + config RTC_DRV_ZYNQMP tristate "Xilinx Zynq Ultrascale+ MPSoC RTC" depends on OF && HAS_IOMEM diff --git a/drivers/rtc/Makefile b/drivers/rtc/Makefile index e92f3e943245..2d827d8261d5 100644 --- a/drivers/rtc/Makefile +++ b/drivers/rtc/Makefile @@ -115,6 +115,7 @@ obj-$(CONFIG_RTC_DRV_GAMECUBE) += rtc-gamecube.o obj-$(CONFIG_RTC_DRV_NTXEC) += rtc-ntxec.o obj-$(CONFIG_RTC_DRV_OMAP) += rtc-omap.o obj-$(CONFIG_RTC_DRV_OPAL) += rtc-opal.o +obj-$(CONFIG_RTC_DRV_OPTEE) += rtc-optee.o obj-$(CONFIG_RTC_DRV_PALMAS) += rtc-palmas.o obj-$(CONFIG_RTC_DRV_PCAP) += rtc-pcap.o obj-$(CONFIG_RTC_DRV_PCF2123) += rtc-pcf2123.o diff --git a/drivers/rtc/rtc-optee.c b/drivers/rtc/rtc-optee.c new file mode 100644 index 000000000000..7177c9d4675a --- /dev/null +++ b/drivers/rtc/rtc-optee.c @@ -0,0 +1,396 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Microchip. + */ + +#include <linux/device.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/rtc.h> +#include <linux/tee_drv.h> + +#define RTC_INFO_VERSION 0x1 + +#define TA_CMD_RTC_GET_INFO 0x0 +#define TA_CMD_RTC_GET_TIME 0x1 +#define TA_CMD_RTC_SET_TIME 0x2 +#define TA_CMD_RTC_GET_OFFSET 0x3 +#define TA_CMD_RTC_SET_OFFSET 0x4 + +#define TA_RTC_FEATURE_CORRECTION BIT(0) + +struct optee_rtc_time { + u32 tm_sec; + u32 tm_min; + u32 tm_hour; + u32 tm_mday; + u32 tm_mon; + u32 tm_year; + u32 tm_wday; +}; + +struct optee_rtc_info { + u64 version; + u64 features; + struct optee_rtc_time range_min; + struct optee_rtc_time range_max; +}; + +/** + * struct optee_rtc - OP-TEE RTC private data + * @dev: OP-TEE based RTC device. + * @ctx: OP-TEE context handler. + * @session_id: RTC TA session identifier. + * @shm: Memory pool shared with RTC device. + * @features: Bitfield of RTC features + */ +struct optee_rtc { + struct device *dev; + struct tee_context *ctx; + u32 session_id; + struct tee_shm *shm; + u64 features; +}; + +static int optee_rtc_readtime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct optee_rtc_time *optee_tm; + struct tee_param param[4] = {0}; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + /* Fill invoke cmd params */ + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + param[0].u.memref.shm_offs = 0; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_TIME invoke err: %x\n", + inv_arg.ret); + return ret; + } + + optee_tm = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(optee_tm)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(optee_tm); + } + + if (param[0].u.memref.size != sizeof(*optee_tm)) { + dev_err(dev, "Invalid read size from OPTEE\n"); + return -EINVAL; + } + + tm->tm_sec = optee_tm->tm_sec; + tm->tm_min = optee_tm->tm_min; + tm->tm_hour = optee_tm->tm_hour; + tm->tm_mday = optee_tm->tm_mday; + tm->tm_mon = optee_tm->tm_mon; + tm->tm_year = optee_tm->tm_year - 1900; + tm->tm_wday = optee_tm->tm_wday; + tm->tm_yday = rtc_year_days(tm->tm_mday, tm->tm_mon, tm->tm_year); + + return 0; +} + +static int optee_rtc_settime(struct device *dev, struct rtc_time *tm) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_time optee_tm; + void *rtc_data; + int ret; + + optee_tm.tm_sec = tm->tm_sec; + optee_tm.tm_min = tm->tm_min; + optee_tm.tm_hour = tm->tm_hour; + optee_tm.tm_mday = tm->tm_mday; + optee_tm.tm_mon = tm->tm_mon; + optee_tm.tm_year = tm->tm_year + 1900; + optee_tm.tm_wday = tm->tm_wday; + + inv_arg.func = TA_CMD_RTC_SET_TIME; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(struct optee_rtc_time); + param[0].u.memref.shm_offs = 0; + + rtc_data = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(rtc_data)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(rtc_data); + } + + memcpy(rtc_data, &optee_tm, sizeof(struct optee_rtc_time)); + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_TIME invoke err: %x\n", + inv_arg.ret); + return ret; + } + + return 0; +} + +static int optee_rtc_readoffset(struct device *dev, long *offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_GET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_RNG_INFO invoke err: %x\n", + inv_arg.ret); + return -EINVAL; + } + + *offset = param[0].u.value.a; + + return 0; +} + +static int optee_rtc_setoffset(struct device *dev, long offset) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + int ret; + + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + return -EOPNOTSUPP; + + inv_arg.func = TA_CMD_RTC_SET_OFFSET; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + param[0].u.value.a = offset; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_RNG_INFO invoke err: %x\n", + inv_arg.ret); + return -EINVAL; + } + + return 0; +} + +static const struct rtc_class_ops optee_rtc_ops = { + .read_time = optee_rtc_readtime, + .set_time = optee_rtc_settime, + .set_offset = optee_rtc_setoffset, + .read_offset = optee_rtc_readoffset, +}; + +static int optee_rtc_read_info(struct device *dev, struct rtc_device *rtc, + u64 *features) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[4] = {0}; + struct optee_rtc_info *info; + struct optee_rtc_time *tm; + int ret; + + inv_arg.func = TA_CMD_RTC_GET_INFO; + inv_arg.session = priv->session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = priv->shm; + param[0].u.memref.size = sizeof(*info); + param[0].u.memref.shm_offs = 0; + + ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_err(dev, "TA_CMD_RTC_GET_RNG_INFO invoke err: %x\n", + inv_arg.ret); + return -EINVAL; + } + + info = tee_shm_get_va(priv->shm, 0); + if (IS_ERR(info)) { + dev_err(dev, "tee_shm_get_va failed\n"); + return PTR_ERR(info); + } + + if (param[0].u.memref.size != sizeof(*info)) { + dev_err(dev, "Invalid read size from OPTEE\n"); + return -EINVAL; + } + + if (info->version != RTC_INFO_VERSION) { + dev_err(dev, "Unsupported information version %llu\n", + info->version); + return -EINVAL; + } + + *features = info->features; + + tm = &info->range_min; + rtc->range_min = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + tm = &info->range_max; + rtc->range_max = mktime64(tm->tm_year, tm->tm_mon, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + + return 0; +} + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + if (ver->impl_id == TEE_IMPL_ID_OPTEE) + return 1; + else + return 0; +} + +static int optee_rtc_probe(struct device *dev) +{ + struct tee_client_device *rtc_device = to_tee_client_device(dev); + struct tee_ioctl_open_session_arg sess_arg; + struct optee_rtc *priv; + struct rtc_device *rtc; + struct tee_shm *shm; + int ret, err; + + memset(&sess_arg, 0, sizeof(sess_arg)); + + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + rtc = devm_rtc_allocate_device(dev); + if (IS_ERR(rtc)) + return PTR_ERR(rtc); + + /* Open context with TEE driver */ + priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL); + if (IS_ERR(priv->ctx)) + return -ENODEV; + + /* Open session with rtc Trusted App */ + export_uuid(sess_arg.uuid, &rtc_device->id.uuid); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; + sess_arg.num_params = 0; + + ret = tee_client_open_session(priv->ctx, &sess_arg, NULL); + if (ret < 0 || sess_arg.ret != 0) { + dev_err(dev, "tee_client_open_session failed, err: %x\n", + sess_arg.ret); + err = -EINVAL; + goto out_ctx; + } + priv->session_id = sess_arg.session; + + shm = tee_shm_alloc_kernel_buf(priv->ctx, + sizeof(struct optee_rtc_info)); + if (IS_ERR(shm)) { + dev_err(priv->dev, "tee_shm_alloc failed\n"); + err = PTR_ERR(shm); + goto out_sess; + } + + priv->shm = shm; + priv->dev = dev; + dev_set_drvdata(dev, priv); + + rtc->ops = &optee_rtc_ops; + + err = optee_rtc_read_info(dev, rtc, &priv->features); + if (err) { + dev_err(dev, "Failed to get RTC features from OP-TEE\n"); + goto out_shm; + } + + err = devm_rtc_register_device(rtc); + if (err) + goto out_shm; + + /* + * We must clear this bit after registering because rtc_register_device + * will set it if it sees that .set_offset is provided. + */ + if (!(priv->features & TA_RTC_FEATURE_CORRECTION)) + clear_bit(RTC_FEATURE_CORRECTION, rtc->features); + + return 0; + +out_shm: + tee_shm_free(priv->shm); +out_sess: + tee_client_close_session(priv->ctx, priv->session_id); +out_ctx: + tee_client_close_context(priv->ctx); + + return err; +} + +static int optee_rtc_remove(struct device *dev) +{ + struct optee_rtc *priv = dev_get_drvdata(dev); + + tee_client_close_session(priv->ctx, priv->session_id); + tee_client_close_context(priv->ctx); + + return 0; +} + +static const struct tee_client_device_id optee_rtc_id_table[] = { + {UUID_INIT(0xf389f8c8, 0x845f, 0x496c, + 0x8b, 0xbe, 0xd6, 0x4b, 0xd2, 0x4c, 0x92, 0xfd)}, + {} +}; + +MODULE_DEVICE_TABLE(tee, optee_rtc_id_table); + +static struct tee_client_driver optee_rtc_driver = { + .id_table = optee_rtc_id_table, + .driver = { + .name = "optee_rtc", + .bus = &tee_bus_type, + .probe = optee_rtc_probe, + .remove = optee_rtc_remove, + }, +}; + +static int __init optee_rtc_mod_init(void) +{ + return driver_register(&optee_rtc_driver.driver); +} + +static void __exit optee_rtc_mod_exit(void) +{ + driver_unregister(&optee_rtc_driver.driver); +} + +module_init(optee_rtc_mod_init); +module_exit(optee_rtc_mod_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Clément Léger <clement.leger(a)bootlin.com>"); +MODULE_DESCRIPTION("OP-TEE based RTC driver"); -- 2.34.1

4 years, 3 months

1
0
0 0

Secure Storage Applications

by Manorit Chawdhry

Hi, I have been exploring secure storage in OP-TEE for a few days and I need some help in putting some files into it. I have been trying to find some tool which could help me put any files from Linux into secure storage and retrieve them back later so that I could see secure storage in action but haven't been able to find any yet. Is there any tool which you guys might know of which helps put files in secure storage and retrieve them back later? Best Regards, Manorit

4 years, 3 months

4
5
0 0

[PATCH v4 00/10] tee: shared memory updates

by Jens Wiklander

Hi all, This patchset is a general cleanup of shared memory handling in the TEE subsystem. Until now has the in-kernel tee clients used tee_shm_alloc() and tee_shm_register() to share memory with secure world. These two function exposes via a flags parameter a bit more of the internals of the TEE subsystem than one would like. So in order to make things easier are those two functions replaced by few functions which should provide better abstraction. Two in-kernel tee clients are updated to use these new functions. The shared memory pool handling is simplified, an internal matter for the two TEE drivers OP-TEE and AMDTEE. In the v3 review it was suggested [1] to break out "optee: add driver private tee_context" and "optee: use driver internal tee_contex for some rpc" into a separate patch to fix to allow those a faster path upstream as they fix reported problems. So this patchset is now rebased on top of those patches separated. This patchset is based on [2] and is also available at [3]. Thanks, Jens [1] https://lore.kernel.org/lkml/20220125162938.838382-1-jens.wiklander@linaro.… [2] https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=fixes [3] https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=tee_shm_v4 v3->v4: * Broke out "optee: add driver private tee_context" and "optee: use driver internal tee_contex for some rpc" into a separate patch as that fixes earlier reported issues and deserves a to go into v5.17 and stable trees. * Rebased on the recent fixes for the OP-TEE driver on top of v5.17-rc2 * All patches are now reviewed by Sumit Garg + some small fixes from the last review v2->v3: * Make tee_shm_alloc_user_buf() and tee_shm_register_user_buf() internal and don't export them to the drivers. * Rename tee_shm_alloc_priv_kernel_buf() to tee_shm_alloc_priv_buf() * Adressing comments on variable names and choice of types in "tee: replace tee_shm_register()" * Adding detailed explaination on alignment in "tee: simplify shm pool handling" * Added Sumits R-B on a few of the patches v1->v2: * The commits three "tee: add tee_shm_alloc_kernel_buf()", "tpm_ftpm_tee: use tee_shm_alloc_kernel_buf()" and "firmware: tee_bnxt: use tee_shm_alloc_kernel_buf()" has been merged some time ago as part of another patchset. * Another in-kernel tee client is updated with the commit "KEYS: trusted: tee: use tee_shm_register_kernel_buf()" * tee_shm_alloc_anon_kernel_buf() is replaced with an easier to use function tee_shm_alloc_priv_kernel_buf() and tee_shm_free_anon_kernel_buf() has been dropped. * A driver internal struct tee_context is used to when doing driver internal calls to secure world. * Adds patches to replace tee_shm_register() in a similar way as how tee_shm_alloc() is replaced. * A patch is added to clean up the TEE_SHM_* flags * Fixed a warning reported by kernel test robot <lkp(a)intel.com> Jens Wiklander (10): hwrng: optee-rng: use tee_shm_alloc_kernel_buf() tee: remove unused tee_shm_pool_alloc_res_mem() tee: add tee_shm_alloc_user_buf() tee: simplify shm pool handling tee: replace tee_shm_alloc() optee: add optee_pool_op_free_helper() tee: add tee_shm_register_{user,kernel}_buf() KEYS: trusted: tee: use tee_shm_register_kernel_buf() tee: replace tee_shm_register() tee: refactor TEE_SHM_* flags drivers/char/hw_random/optee-rng.c | 6 +- drivers/tee/amdtee/shm_pool.c | 55 ++-- drivers/tee/optee/Kconfig | 8 - drivers/tee/optee/call.c | 2 +- drivers/tee/optee/core.c | 21 +- drivers/tee/optee/device.c | 5 +- drivers/tee/optee/ffa_abi.c | 63 ++--- drivers/tee/optee/optee_private.h | 7 +- drivers/tee/optee/smc_abi.c | 125 +++------ drivers/tee/tee_core.c | 5 +- drivers/tee/tee_private.h | 15 +- drivers/tee/tee_shm.c | 320 +++++++++++++++-------- drivers/tee/tee_shm_pool.c | 162 +++--------- include/linux/tee_drv.h | 138 +++------- security/keys/trusted-keys/trusted_tee.c | 23 +- 15 files changed, 388 insertions(+), 567 deletions(-) -- 2.31.1

4 years, 3 months

2
15
0 0

OP-TEE S-EL1 SPMC status

by Jelle Sels

Hi all, As part of Trusted Services project we are extending OP-TEE to be a full complaint FF-A S-EL1 SPMC. This work is still on going but some of the Trusted Services applications are already compatible. We created https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ which gives the current status of the SPMC work and can be a starting point for everyone who wants to get started with the Trusted Services or OP-TEE as a S-EL1 SPMC. Please feel free to ask any questions on the Trusted Service and the OP-TEE mailing list. https://lists.trustedfirmware.org/mailman3/lists/trusted-services.lists.tru… https://lists.trustedfirmware.org/mailman3/lists/op-tee.lists.trustedfirmwa… Regards, Jelle

4 years, 3 months

1
0
0 0

Linaro OP-TEE Contribution (LOC) monthly meeting Feb 2022

by Ruchika Gupta

Hi, OP-TEE Contributions (LOC) monthly meeting is planned for Thursday Feb 24 @16.00 (UTC). We have following on the agenda - SDP DT Configuration, Olivier Masse, NXP If you have any more topics you'd like to discuss, please let us know and we can schedule them. Meeting details: --------------- Date/time: Feb 24(a)16.00 (UTC) https://everytimezone.com/s/fef76b1b Connection details: https://www.trustedfirmware.org/meetings/ Meeting notes: http://bit.ly/loc-notes Regards, Ruchika on behalf of the Linaro OP-TEE team

4 years, 3 months

1
1
0 0

[PATCH v3] tee: make tee_shm_register_kernel_buf vmalloc supported

by Phil Chang

In some low-memory devices, it's hard to aquire large-orders pages, this patch allowed user using scatter pages to register shm. Signed-off-by: Phil Chang <phil.chang(a)mediatek.com> --- Changelog v2 -> v3: use the "n" variable to walk through "page_count" drivers/tee/optee/call.c | 2 +- drivers/tee/tee_shm.c | 37 ++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index bd49ec934060..2082e632adff 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -362,7 +362,7 @@ int optee_check_mem_type(unsigned long start, size_t num_pages) * Allow kernel address to register with OP-TEE as kernel * pages are configured as normal memory only. */ - if (virt_addr_valid(start)) + if (virt_addr_valid(start) || is_vmalloc_addr((void *)start)) return 0; mmap_read_lock(mm); diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index f31e29e8f1ca..1412adad9397 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -23,21 +23,36 @@ static void shm_put_kernel_pages(struct page **pages, size_t page_count) static int shm_get_kernel_pages(unsigned long start, size_t page_count, struct page **pages) { - struct kvec *kiov; - size_t n; int rc; + size_t n; - kiov = kcalloc(page_count, sizeof(*kiov), GFP_KERNEL); - if (!kiov) - return -ENOMEM; + if (is_vmalloc_addr((void *)start)) { + struct page *page; - for (n = 0; n < page_count; n++) { - kiov[n].iov_base = (void *)(start + n * PAGE_SIZE); - kiov[n].iov_len = PAGE_SIZE; - } + for (n = 0; n < page_count; n++) { + page = vmalloc_to_page((void *)(start + PAGE_SIZE * n)); + if (!page) + return -ENOMEM; + + get_page(page); + pages[n] = page; + } + rc = page_count; + } else { + struct kvec *kiov; - rc = get_kernel_pages(kiov, page_count, 0, pages); - kfree(kiov); + kiov = kcalloc(page_count, sizeof(*kiov), GFP_KERNEL); + if (!kiov) + return -ENOMEM; + + for (n = 0; n < page_count; n++) { + kiov[n].iov_base = (void *)(start + n * PAGE_SIZE); + kiov[n].iov_len = PAGE_SIZE; + } + + rc = get_kernel_pages(kiov, page_count, 0, pages); + kfree(kiov); + } return rc; } -- 2.25.1

4 years, 4 months

2
1
0 0

[GIT PULL] tee: shared memory updates for v5.18

by Jens Wiklander

Hello arm-soc maintainers, Please pull this TEE shared memory cleanup. Some kernel internal APIs are replaced with easier to use counter parts. The TEE shared memory pool is also simplified. Note that this pull request includes two patches which are outside the TEE subsystem: - 231b1fc5da09 ("KEYS: trusted: tee: use tee_shm_register_kernel_buf()") - e7ddab084740 ("hwrng: optee-rng: use tee_shm_alloc_kernel_buf()") Those patches are reviewed by their maintainer. I've also asked the maintainers that normally sends patches upstream for these modules if it's OK that I take these patches via my tree. As I got no answer I assume that it's OK. This pull request is on top of the patch, aceeafefff73 ("optee: use driver internal tee_context for some rpc"), I've already sent (and has since been merged) for the 5.17 kernel. That's why I'm not including it in the stat. Thanks, Jens The following changes since commit aceeafefff736057e8f93f19bbfbef26abd94604: optee: use driver internal tee_context for some rpc (2022-02-03 13:36:32 +0100) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-shm-for-v5.18 for you to fetch changes up to a45ea4efa358577c623d7353a6ba9af3c17f6ca0: tee: refactor TEE_SHM_* flags (2022-02-16 07:49:41 +0100) ---------------------------------------------------------------- TEE shared memory cleanup for v5.18 - The TEE shared memory pool based on two pools is replaced with a single somewhat more capable pool. - Replaces tee_shm_alloc() and tee_shm_register() with new functions easier to use and maintain. The TEE subsystem and the TEE drivers are updated to use the new functions instead. - The TEE based Trusted keys routines are updated to use the new simplified functions above. - The OP-TEE based rng driver is updated to use the new simplified functions above. - The TEE_SHM-flags are refactored to better match their usage ---------------------------------------------------------------- Jens Wiklander (10): hwrng: optee-rng: use tee_shm_alloc_kernel_buf() tee: remove unused tee_shm_pool_alloc_res_mem() tee: add tee_shm_alloc_user_buf() tee: simplify shm pool handling tee: replace tee_shm_alloc() optee: add optee_pool_op_free_helper() tee: add tee_shm_register_{user,kernel}_buf() KEYS: trusted: tee: use tee_shm_register_kernel_buf() tee: replace tee_shm_register() tee: refactor TEE_SHM_* flags drivers/char/hw_random/optee-rng.c | 6 +- drivers/tee/amdtee/shm_pool.c | 55 ++---- drivers/tee/optee/Kconfig | 8 - drivers/tee/optee/call.c | 2 +- drivers/tee/optee/core.c | 21 +- drivers/tee/optee/device.c | 5 +- drivers/tee/optee/ffa_abi.c | 63 ++---- drivers/tee/optee/optee_private.h | 7 +- drivers/tee/optee/smc_abi.c | 125 ++++-------- drivers/tee/tee_core.c | 5 +- drivers/tee/tee_private.h | 15 +- drivers/tee/tee_shm.c | 320 ++++++++++++++++++++----------- drivers/tee/tee_shm_pool.c | 162 ++++------------ include/linux/tee_drv.h | 138 +++---------- security/keys/trusted-keys/trusted_tee.c | 23 +-- 15 files changed, 388 insertions(+), 567 deletions(-)

4 years, 4 months

1
0
0 0

[GIT PULL] AMDTEE simplification for v5.18

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small AMDTEE driver simplification to use the LIST_HEAD() macro instead for a global variable. Note that this isn't a usual Arm driver update. This targets AMD instead, but is part of the TEE subsystem. Thanks, Jens The following changes since commit 26291c54e111ff6ba87a164d85d4a4e134b7315c: Linux 5.17-rc2 (2022-01-30 15:37:07 +0200) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/amdtee-for-v5.18 for you to fetch changes up to f7b67642dd98617dc569836cdcba041c7ff00cbb: tee: amdtee: Make use of the helper macro LIST_HEAD() (2022-02-14 10:57:55 +0100) ---------------------------------------------------------------- Small simplification in AMDTE driver ---------------------------------------------------------------- Cai Huoqing (1): tee: amdtee: Make use of the helper macro LIST_HEAD() drivers/tee/amdtee/call.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

4 years, 4 months

1
0
0 0

[PATCH] tee: make tee_shm_register_kernel_buf vmalloc supported

by Phil Chang

In some low-memory devices, it's hard to aquire large-orders pages, this patch allowed user using scatter pages to register shm. Signed-off-by: Phil Chang <phil.chang(a)mediatek.com> --- drivers/tee/optee/call.c | 2 +- drivers/tee/tee_shm.c | 40 ++++++++++++++++++++++++++++------------ 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index bd49ec934060..2082e632adff 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -362,7 +362,7 @@ int optee_check_mem_type(unsigned long start, size_t num_pages) * Allow kernel address to register with OP-TEE as kernel * pages are configured as normal memory only. */ - if (virt_addr_valid(start)) + if (virt_addr_valid(start) || is_vmalloc_addr((void *)start)) return 0; mmap_read_lock(mm); diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index f31e29e8f1ca..861403588485 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -23,22 +23,38 @@ static void shm_put_kernel_pages(struct page **pages, size_t page_count) static int shm_get_kernel_pages(unsigned long start, size_t page_count, struct page **pages) { - struct kvec *kiov; - size_t n; int rc; - kiov = kcalloc(page_count, sizeof(*kiov), GFP_KERNEL); - if (!kiov) - return -ENOMEM; - - for (n = 0; n < page_count; n++) { - kiov[n].iov_base = (void *)(start + n * PAGE_SIZE); - kiov[n].iov_len = PAGE_SIZE; + if (is_vmalloc_addr((void *)start)) { + struct page *page; + int i; + + for (i = 0; i < page_count; i++) { + page = vmalloc_to_page((void *)(start + PAGE_SIZE * i)); + if (!page) + return -ENOMEM; + + get_page(page); + pages[i] = page; + } + rc = page_count; + } else { + struct kvec *kiov; + size_t n; + + kiov = kcalloc(page_count, sizeof(*kiov), GFP_KERNEL); + if (!kiov) + return -ENOMEM; + + for (n = 0; n < page_count; n++) { + kiov[n].iov_base = (void *)(start + n * PAGE_SIZE); + kiov[n].iov_len = PAGE_SIZE; + } + + rc = get_kernel_pages(kiov, page_count, 0, pages); + kfree(kiov); } - rc = get_kernel_pages(kiov, page_count, 0, pages); - kfree(kiov); - return rc; } -- 2.25.1

4 years, 4 months

2
1
0 0

[PATCH] tee: amdtee: Make use of the helper macro LIST_HEAD()

by Cai Huoqing

Replace "struct list_head head = LIST_HEAD_INIT(head)" with "LIST_HEAD(head)" to simplify the code. Signed-off-by: Cai Huoqing <cai.huoqing(a)linux.dev> --- drivers/tee/amdtee/call.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/amdtee/call.c b/drivers/tee/amdtee/call.c index 07f36ac834c8..cec6e70f0ac9 100644 --- a/drivers/tee/amdtee/call.c +++ b/drivers/tee/amdtee/call.c @@ -122,7 +122,7 @@ static int amd_params_to_tee_params(struct tee_param *tee, u32 count, } static DEFINE_MUTEX(ta_refcount_mutex); -static struct list_head ta_list = LIST_HEAD_INIT(ta_list); +static LIST_HEAD(ta_list); static u32 get_ta_refcount(u32 ta_handle) { -- 2.25.1

4 years, 4 months

3
2
0 0

[GIT PULL] OP-TEE another fix for v5.17

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small OP-TEE driver fix taking care of a broken return code in the error path of the two probe functions in the OP-TEE driver. Please note that this pull request is on top of the previously just merged patch which introduced the problem fixed here. Thanks, Jens The following changes since commit aceeafefff736057e8f93f19bbfbef26abd94604: optee: use driver internal tee_context for some rpc (2022-02-03 13:36:32 +0100) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix2-for-v5.17 for you to fetch changes up to 40eb0dcf4114cbfff4d207890fa5a19e82da9fdc: tee: optee: fix error return code in probe function (2022-02-14 12:36:48 +0100) ---------------------------------------------------------------- OP-TEE fix error return code in probe functions ---------------------------------------------------------------- Yang Yingliang (1): tee: optee: fix error return code in probe function drivers/tee/optee/ffa_abi.c | 4 +++- drivers/tee/optee/smc_abi.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-)

4 years, 4 months

1
0
0 0

[PATCH -next] tee: optee: fix error return code in probe function

by Yang Yingliang

If teedev_open() fails, probe function need return error code. Fixes: aceeafefff73 ("optee: use driver internal tee_context for some rpc") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- drivers/tee/optee/ffa_abi.c | 4 +++- drivers/tee/optee/smc_abi.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index f2bf6c61197f..f744ab15bf2c 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -869,8 +869,10 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) optee_supp_init(&optee->supp); ffa_dev_set_drvdata(ffa_dev, optee); ctx = teedev_open(optee->teedev); - if (IS_ERR(ctx)) + if (IS_ERR(ctx)) { + rc = PTR_ERR(ctx); goto err_rhashtable_free; + } optee->ctx = ctx; rc = optee_notif_init(optee, OPTEE_DEFAULT_MAX_NOTIF_VALUE); if (rc) diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 1a55339c7072..c517d310249f 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1417,8 +1417,10 @@ static int optee_probe(struct platform_device *pdev) platform_set_drvdata(pdev, optee); ctx = teedev_open(optee->teedev); - if (IS_ERR(ctx)) + if (IS_ERR(ctx)) { + rc = PTR_ERR(ctx); goto err_supp_uninit; + } optee->ctx = ctx; rc = optee_notif_init(optee, max_notif_value); if (rc) -- 2.25.1

4 years, 4 months

2
1
0 0

[PATCH] optee: make tee_shm_register vmalloc supported

by Phil Chang

This patch allowed the tee shm use vmalloc area buffer. Signed-off-by: Phil Chang <phil.chang(a)mediatek.com> --- Hi, In some low-memory devices, it's hard to aquire large-orders pages, this pathes is allowed user use scatter pages to register shm. Thanks. drivers/tee/optee/call.c | 2 +- drivers/tee/tee_shm.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index b25cc1fac945..937bcc7df8e4 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -362,7 +362,7 @@ int optee_check_mem_type(unsigned long start, size_t num_pages) * Allow kernel address to register with OP-TEE as kernel * pages are configured as normal memory only. */ - if (virt_addr_valid(start)) + if (virt_addr_valid(start) || is_vmalloc_addr((void *)start)) return 0; mmap_read_lock(mm); diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 499fccba3d74..31d0c10485ff 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -195,6 +195,20 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, if (flags & TEE_SHM_USER_MAPPED) { rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); + } else if (is_vmalloc_addr((void *)start)) { + struct page *page; + int i; + + for (i = 0; i < num_pages; i++) { + page = vmalloc_to_page((void *)(start + PAGE_SIZE * i)); + if (!page) { + ret = ERR_PTR(-ENOMEM); + goto err; + } + get_page(page); + shm->pages[i] = page; + } + rc = num_pages; } else { struct kvec *kiov; int i; -- 2.25.1

4 years, 4 months

2
1
0 0

[GIT PULL] OP-TEE fix for v5.17

by Jens Wiklander

Hello arm-soc maintainers, Please pull this OP-TEE driver fix which decouples driver private shared memory objects from the original tee_context. This fixes the root cause of a shutdown problem where the driver would dead-lock waiting for tee-supplicant. Thanks, Jens The following changes since commit 26291c54e111ff6ba87a164d85d4a4e134b7315c: Linux 5.17-rc2 (2022-01-30 15:37:07 +0200) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix-for-v5.17 for you to fetch changes up to aceeafefff736057e8f93f19bbfbef26abd94604: optee: use driver internal tee_context for some rpc (2022-02-03 13:36:32 +0100) ---------------------------------------------------------------- OP-TEE fix shutdown problems ---------------------------------------------------------------- Jens Wiklander (1): optee: use driver internal tee_context for some rpc drivers/tee/optee/core.c | 1 + drivers/tee/optee/ffa_abi.c | 77 ++++++++++++++++++++++----------------- drivers/tee/optee/optee_private.h | 5 ++- drivers/tee/optee/smc_abi.c | 48 +++++++++--------------- 4 files changed, 64 insertions(+), 67 deletions(-)

4 years, 4 months

1
0
0 0

[PATCH] optee: use driver internal tee_contex for some rpc

by Jens Wiklander

Adds a driver private tee_context by moving the tee_context in struct optee_notif to struct optee. This tee_context was previously used when doing internal calls to secure world to deliver notification. The new driver internal tee_context is now also when allocating driver private shared memory. This decouples the shared memory object from its original tee_context. This is needed when the life time of such a memory allocation outlives the client tee_context. This patch fixes the problem described below: The addition of a shutdown hook by commit f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") introduced a kernel shutdown regression that can be triggered after running the OP-TEE xtest suites. Once the shutdown hook is called it is not possible to communicate any more with the supplicant process because the system is not scheduling task any longer. Thus if the optee driver shutdown path receives a supplicant RPC request from the OP-TEE we will deadlock the kernel's shutdown. Fixes: f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") Fixes: 217e0250cccb ("tee: use reference counting for tee_context") Reported-by: Lars Persson <larper(a)axis.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- This patch is from "optee: add driver private tee_context" and "optee: use driver internal tee_contex for some rpc" in [1] combined into one patch for easier tracking. It turned out that those two patches fixes reported problem so I'm breaking out this from the patchset in order to target it for the v5.17. [1] https://lore.kernel.org/lkml/20220125162938.838382-1-jens.wiklander@linaro.… drivers/tee/optee/core.c | 1 + drivers/tee/optee/ffa_abi.c | 77 +++++++++++++++++-------------- drivers/tee/optee/optee_private.h | 5 +- drivers/tee/optee/smc_abi.c | 48 +++++++------------ 4 files changed, 64 insertions(+), 67 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 1ca320885fad..17a6f51d3089 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -158,6 +158,7 @@ void optee_remove_common(struct optee *optee) optee_unregister_devices(); optee_notif_uninit(optee); + teedev_close_context(optee->ctx); /* * The two devices have to be unregistered before we can free the * other resources. diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 20a1b1a3d965..545f61af1248 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -424,6 +424,7 @@ static struct tee_shm_pool_mgr *optee_ffa_shm_pool_alloc_pages(void) */ static void handle_ffa_rpc_func_cmd_shm_alloc(struct tee_context *ctx, + struct optee *optee, struct optee_msg_arg *arg) { struct tee_shm *shm; @@ -439,7 +440,7 @@ static void handle_ffa_rpc_func_cmd_shm_alloc(struct tee_context *ctx, shm = optee_rpc_cmd_alloc_suppl(ctx, arg->params[0].u.value.b); break; case OPTEE_RPC_SHM_TYPE_KERNEL: - shm = tee_shm_alloc(ctx, arg->params[0].u.value.b, + shm = tee_shm_alloc(optee->ctx, arg->params[0].u.value.b, TEE_SHM_MAPPED | TEE_SHM_PRIV); break; default: @@ -493,14 +494,13 @@ static void handle_ffa_rpc_func_cmd_shm_free(struct tee_context *ctx, } static void handle_ffa_rpc_func_cmd(struct tee_context *ctx, + struct optee *optee, struct optee_msg_arg *arg) { - struct optee *optee = tee_get_drvdata(ctx->teedev); - arg->ret_origin = TEEC_ORIGIN_COMMS; switch (arg->cmd) { case OPTEE_RPC_CMD_SHM_ALLOC: - handle_ffa_rpc_func_cmd_shm_alloc(ctx, arg); + handle_ffa_rpc_func_cmd_shm_alloc(ctx, optee, arg); break; case OPTEE_RPC_CMD_SHM_FREE: handle_ffa_rpc_func_cmd_shm_free(ctx, optee, arg); @@ -510,12 +510,12 @@ static void handle_ffa_rpc_func_cmd(struct tee_context *ctx, } } -static void optee_handle_ffa_rpc(struct tee_context *ctx, u32 cmd, - struct optee_msg_arg *arg) +static void optee_handle_ffa_rpc(struct tee_context *ctx, struct optee *optee, + u32 cmd, struct optee_msg_arg *arg) { switch (cmd) { case OPTEE_FFA_YIELDING_CALL_RETURN_RPC_CMD: - handle_ffa_rpc_func_cmd(ctx, arg); + handle_ffa_rpc_func_cmd(ctx, optee, arg); break; case OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT: /* Interrupt delivered by now */ @@ -582,7 +582,7 @@ static int optee_ffa_yielding_call(struct tee_context *ctx, * above. */ cond_resched(); - optee_handle_ffa_rpc(ctx, data->data1, rpc_arg); + optee_handle_ffa_rpc(ctx, optee, data->data1, rpc_arg); cmd = OPTEE_FFA_YIELDING_CALL_RESUME; data->data0 = cmd; data->data1 = 0; @@ -793,7 +793,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) { const struct ffa_dev_ops *ffa_ops; unsigned int rpc_arg_count; + struct tee_shm_pool *pool; struct tee_device *teedev; + struct tee_context *ctx; struct optee *optee; int rc; @@ -813,12 +815,12 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) if (!optee) return -ENOMEM; - optee->pool = optee_ffa_config_dyn_shm(); - if (IS_ERR(optee->pool)) { - rc = PTR_ERR(optee->pool); - optee->pool = NULL; - goto err; + pool = optee_ffa_config_dyn_shm(); + if (IS_ERR(pool)) { + rc = PTR_ERR(pool); + goto err_free_optee; } + optee->pool = pool; optee->ops = &optee_ffa_ops; optee->ffa.ffa_dev = ffa_dev; @@ -829,7 +831,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) optee); if (IS_ERR(teedev)) { rc = PTR_ERR(teedev); - goto err; + goto err_free_pool; } optee->teedev = teedev; @@ -837,50 +839,57 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) optee); if (IS_ERR(teedev)) { rc = PTR_ERR(teedev); - goto err; + goto err_unreg_teedev; } optee->supp_teedev = teedev; rc = tee_device_register(optee->teedev); if (rc) - goto err; + goto err_unreg_supp_teedev; rc = tee_device_register(optee->supp_teedev); if (rc) - goto err; + goto err_unreg_supp_teedev; rc = rhashtable_init(&optee->ffa.global_ids, &shm_rhash_params); if (rc) - goto err; + goto err_unreg_supp_teedev; mutex_init(&optee->ffa.mutex); mutex_init(&optee->call_queue.mutex); INIT_LIST_HEAD(&optee->call_queue.waiters); optee_supp_init(&optee->supp); ffa_dev_set_drvdata(ffa_dev, optee); + ctx = teedev_open(optee->teedev); + if (IS_ERR(ctx)) + goto err_rhashtable_free; + optee->ctx = ctx; rc = optee_notif_init(optee, OPTEE_DEFAULT_MAX_NOTIF_VALUE); - if (rc) { - optee_ffa_remove(ffa_dev); - return rc; - } + if (rc) + goto err_close_ctx; rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES); - if (rc) { - optee_ffa_remove(ffa_dev); - return rc; - } + if (rc) + goto err_unregister_devices; pr_info("initialized driver\n"); return 0; -err: - /* - * tee_device_unregister() is safe to call even if the - * devices hasn't been registered with - * tee_device_register() yet. - */ + +err_unregister_devices: + optee_unregister_devices(); + optee_notif_uninit(optee); +err_close_ctx: + teedev_close_context(ctx); +err_rhashtable_free: + rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL); + optee_supp_uninit(&optee->supp); + mutex_destroy(&optee->call_queue.mutex); +err_unreg_supp_teedev: tee_device_unregister(optee->supp_teedev); +err_unreg_teedev: tee_device_unregister(optee->teedev); - if (optee->pool) - tee_shm_pool_free(optee->pool); +err_free_pool: + tee_shm_pool_free(pool); +err_free_optee: kfree(optee); return rc; } diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 46f74ab07c7e..92bc47bef95f 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -53,7 +53,6 @@ struct optee_call_queue { struct optee_notif { u_int max_key; - struct tee_context *ctx; /* Serializes access to the elements below in this struct */ spinlock_t lock; struct list_head db; @@ -134,9 +133,10 @@ struct optee_ops { /** * struct optee - main service struct * @supp_teedev: supplicant device + * @teedev: client device * @ops: internal callbacks for different ways to reach secure * world - * @teedev: client device + * @ctx: driver internal TEE context * @smc: specific to SMC ABI * @ffa: specific to FF-A ABI * @call_queue: queue of threads waiting to call @invoke_fn @@ -152,6 +152,7 @@ struct optee { struct tee_device *supp_teedev; struct tee_device *teedev; const struct optee_ops *ops; + struct tee_context *ctx; union { struct optee_smc smc; struct optee_ffa ffa; diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 449d6a72d289..bacd1a1d79ee 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -622,6 +622,7 @@ static void handle_rpc_func_cmd_shm_free(struct tee_context *ctx, } static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx, + struct optee *optee, struct optee_msg_arg *arg, struct optee_call_ctx *call_ctx) { @@ -651,7 +652,8 @@ static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx, shm = optee_rpc_cmd_alloc_suppl(ctx, sz); break; case OPTEE_RPC_SHM_TYPE_KERNEL: - shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED | TEE_SHM_PRIV); + shm = tee_shm_alloc(optee->ctx, sz, + TEE_SHM_MAPPED | TEE_SHM_PRIV); break; default: arg->ret = TEEC_ERROR_BAD_PARAMETERS; @@ -747,7 +749,7 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, switch (arg->cmd) { case OPTEE_RPC_CMD_SHM_ALLOC: free_pages_list(call_ctx); - handle_rpc_func_cmd_shm_alloc(ctx, arg, call_ctx); + handle_rpc_func_cmd_shm_alloc(ctx, optee, arg, call_ctx); break; case OPTEE_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); @@ -776,7 +778,7 @@ static void optee_handle_rpc(struct tee_context *ctx, switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) { case OPTEE_SMC_RPC_FUNC_ALLOC: - shm = tee_shm_alloc(ctx, param->a1, + shm = tee_shm_alloc(optee->ctx, param->a1, TEE_SHM_MAPPED | TEE_SHM_PRIV); if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) { reg_pair_from_64(&param->a1, &param->a2, pa); @@ -954,57 +956,34 @@ static irqreturn_t notif_irq_thread_fn(int irq, void *dev_id) { struct optee *optee = dev_id; - optee_smc_do_bottom_half(optee->notif.ctx); + optee_smc_do_bottom_half(optee->ctx); return IRQ_HANDLED; } static int optee_smc_notif_init_irq(struct optee *optee, u_int irq) { - struct tee_context *ctx; int rc; - ctx = teedev_open(optee->teedev); - if (IS_ERR(ctx)) - return PTR_ERR(ctx); - - optee->notif.ctx = ctx; rc = request_threaded_irq(irq, notif_irq_handler, notif_irq_thread_fn, 0, "optee_notification", optee); if (rc) - goto err_close_ctx; + return rc; optee->smc.notif_irq = irq; return 0; - -err_close_ctx: - teedev_close_context(optee->notif.ctx); - optee->notif.ctx = NULL; - - return rc; } static void optee_smc_notif_uninit_irq(struct optee *optee) { - if (optee->notif.ctx) { - optee_smc_stop_async_notif(optee->notif.ctx); + if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_ASYNC_NOTIF) { + optee_smc_stop_async_notif(optee->ctx); if (optee->smc.notif_irq) { free_irq(optee->smc.notif_irq, optee); irq_dispose_mapping(optee->smc.notif_irq); } - - /* - * The thread normally working with optee->notif.ctx was - * stopped with free_irq() above. - * - * Note we're not using teedev_close_context() or - * tee_client_close_context() since we have already called - * tee_device_put() while initializing to avoid a circular - * reference counting. - */ - teedev_close_context(optee->notif.ctx); } } @@ -1366,6 +1345,7 @@ static int optee_probe(struct platform_device *pdev) struct optee *optee = NULL; void *memremaped_shm = NULL; struct tee_device *teedev; + struct tee_context *ctx; u32 max_notif_value; u32 sec_caps; int rc; @@ -1446,9 +1426,13 @@ static int optee_probe(struct platform_device *pdev) optee->pool = pool; platform_set_drvdata(pdev, optee); + ctx = teedev_open(optee->teedev); + if (IS_ERR(ctx)) + goto err_supp_uninit; + optee->ctx = ctx; rc = optee_notif_init(optee, max_notif_value); if (rc) - goto err_supp_uninit; + goto err_close_ctx; if (sec_caps & OPTEE_SMC_SEC_CAP_ASYNC_NOTIF) { unsigned int irq; @@ -1496,6 +1480,8 @@ static int optee_probe(struct platform_device *pdev) optee_unregister_devices(); err_notif_uninit: optee_notif_uninit(optee); +err_close_ctx: + teedev_close_context(ctx); err_supp_uninit: optee_supp_uninit(&optee->supp); mutex_destroy(&optee->call_queue.mutex); -- 2.31.1

4 years, 4 months

2
2
0 0

OP-TEE 3.16.0 has been released

by Jens Wiklander

Hi, I'm pleased to announce that OP-TEE version 3.16.0 is now available. As usual, the list of changes can be found in the changelog [1]. A bit thank you to everyone who participated with contributions and helping out with testing the release [2]. [1] https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md [2] https://github.com/OP-TEE/optee_os/pull/5094/commits/c73f274f1ecacd7553e7ec… Regards, Jens

4 years, 4 months

2
1
0 0

[PATCH v3 00/12] tee: shared memory updates

by Jens Wiklander

Hi all, This patchset is a general cleanup of shared memory handling in the TEE subsystem. Until now has the in-kernel tee clients used tee_shm_alloc() and tee_shm_register() to share memory with secure world. These two function exposes via a flags parameter a bit more of the internals of the TEE subsystem than one would like. So in order to make things easier are those two functions replaced by few functions which should provide better abstraction. Two in-kernel tee clients are updated to use these new functions. The shared memory pool handling is simplified, an internal matter for the two TEE drivers OP-TEE and AMDTEE. An OP-TEE driver internal tee_context is added to handle shared memory allocations received via RPC, for instance the argument structure needed to make more complex RPC requests. The tee_context used when doing such a memory allocation must be kept until the memory is freed. With this we can avoid keeping a tee_context of a client around for longer than necessary. In the v1 review it was suggested [1] to allow physically non-contiguous memory allocations by the drivers. It turned out to be harder than anticipated so I'll save that for a separate patch. This patchset is also available at [2]. Thanks, Jens [1] https://lore.kernel.org/linux-arm-kernel/20210609145811.GJ4910@sequoia/ [2] https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=tee_shm_v3 v2->v3: * Make tee_shm_alloc_user_buf() and tee_shm_register_user_buf() internal and don't export them to the drivers. * Rename tee_shm_alloc_priv_kernel_buf() to tee_shm_alloc_priv_buf() * Adressing comments on variable names and choice of types in "tee: replace tee_shm_register()" * Adding detailed explaination on alignment in "tee: simplify shm pool handling" * Added Sumits R-B on a few of the patches v1->v2: * The commits three "tee: add tee_shm_alloc_kernel_buf()", "tpm_ftpm_tee: use tee_shm_alloc_kernel_buf()" and "firmware: tee_bnxt: use tee_shm_alloc_kernel_buf()" has been merged some time ago as part of another patchset. * Another in-kernel tee client is updated with the commit "KEYS: trusted: tee: use tee_shm_register_kernel_buf()" * tee_shm_alloc_anon_kernel_buf() is replaced with an easier to use function tee_shm_alloc_priv_kernel_buf() and tee_shm_free_anon_kernel_buf() has been dropped. * A driver internal struct tee_context is used to when doing driver internal calls to secure world. * Adds patches to replace tee_shm_register() in a similar way as how tee_shm_alloc() is replaced. * A patch is added to clean up the TEE_SHM_* flags * Fixed a warning reported by kernel test robot <lkp(a)intel.com> Jens Wiklander (12): hwrng: optee-rng: use tee_shm_alloc_kernel_buf() tee: remove unused tee_shm_pool_alloc_res_mem() tee: add tee_shm_alloc_user_buf() tee: simplify shm pool handling tee: replace tee_shm_alloc() optee: add driver private tee_context optee: use driver internal tee_contex for some rpc optee: add optee_pool_op_free_helper() tee: add tee_shm_register_{user,kernel}_buf() KEYS: trusted: tee: use tee_shm_register_kernel_buf() tee: replace tee_shm_register() tee: refactor TEE_SHM_* flags drivers/char/hw_random/optee-rng.c | 6 +- drivers/tee/amdtee/shm_pool.c | 55 ++-- drivers/tee/optee/Kconfig | 8 - drivers/tee/optee/call.c | 2 +- drivers/tee/optee/core.c | 22 +- drivers/tee/optee/device.c | 5 +- drivers/tee/optee/ffa_abi.c | 136 ++++------ drivers/tee/optee/optee_private.h | 12 +- drivers/tee/optee/smc_abi.c | 159 +++-------- drivers/tee/tee_core.c | 5 +- drivers/tee/tee_private.h | 15 +- drivers/tee/tee_shm.c | 320 +++++++++++++++-------- drivers/tee/tee_shm_pool.c | 162 +++--------- include/linux/tee_drv.h | 138 +++------- security/keys/trusted-keys/trusted_tee.c | 23 +- 15 files changed, 438 insertions(+), 630 deletions(-) -- 2.31.1

4 years, 4 months

2
25
0 0

[PATCH v2] optee: Do not send requests to supplicant during shutdown

by Lars Persson

The addition of a shutdown hook by commit f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") introduced a kernel shutdown regression that can be triggered after running the xtest suites. Once the shutdown hook is called it is not possible to communicate any more with the supplicant process because the system is not scheduling task any longer. Thus if the optee driver shutdown path receives a supplicant RPC request from the OP-TEE we will deadlock the kernel's shutdown. This unexpected event will in fact occur after the xtest suite has been run. It seems some cached SHM kept alive a context object which in turn kept alive a session towards a PTA or TA. Closing the session results in a socket RPC command being sent back from OP-TEE. This sequence of events is captured by a 5.15 kernel annotated with extra prints: Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8001079380 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8001CC5580 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8006308A80 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8006308B00 optee: optee_handle_rpc: a0=0XFFFF0000 a1=0XA0 a2=0X0 optee: optee_handle_rpc: a0=0XFFFF0005 a1=0XFFFFFF80 a2=0X61E6500 optee: handle_rpc_func_cmd: cmd = 0XA optee_supp_thrd_req: func=0XA Introduce a shutdown state in the optee device object to return an immediate error to all RPC requests in the shutdown path. Fixes: f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") Signed-off-by: Lars Persson <larper(a)axis.com> --- drivers/tee/optee/optee_private.h | 1 + drivers/tee/optee/smc_abi.c | 5 ++++- drivers/tee/optee/supp.c | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 46f74ab07c7e..9eb72931e11f 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -162,6 +162,7 @@ struct optee { struct tee_shm_pool *pool; unsigned int rpc_arg_count; bool scan_bus_done; + bool shutting_down; struct workqueue_struct *scan_bus_wq; struct work_struct scan_bus_work; }; diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 449d6a72d289..10af747da816 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1356,7 +1356,10 @@ static int optee_smc_remove(struct platform_device *pdev) */ static void optee_shutdown(struct platform_device *pdev) { - optee_disable_shm_cache(platform_get_drvdata(pdev)); + struct optee *optee = platform_get_drvdata(pdev); + + optee->shutting_down = true; + optee_disable_shm_cache(optee); } static int optee_probe(struct platform_device *pdev) diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c index 322a543b8c27..801b4ec659e8 100644 --- a/drivers/tee/optee/supp.c +++ b/drivers/tee/optee/supp.c @@ -83,6 +83,14 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, bool interruptable; u32 ret; + /* + * When the system is shutting down we cannot talk + * to the supplicant anymore even if we seem to have + * an open session to it. + */ + if (optee->shutting_down) + return TEEC_ERROR_COMMUNICATION; + /* * Return in case there is no supplicant available and * non-blocking request. -- 2.30.2

4 years, 4 months

4
7
0 0

Linaro OP-TEE Contribution (LOC) monthly meeting January 2022

by Ruchika Gupta

Hi, OP-TEE Contributions (LOC) monthly meeting is planned for Thursday Jan 27 @16.00 (UTC). If you have any topics you'd like to discuss, please let us know and we can schedule them. Meeting details: --------------- Date/time: January 27(a)16.00 (UTC) https://everytimezone.com/s/c3460919 Connection details: https://www.trustedfirmware.org/meetings/ Meeting notes: http://bit.ly/loc-notes Regards, Ruchika on behalf of the Linaro OP-TEE team

4 years, 4 months

1
1
0 0

[GIT PULL] OP-TEE fixes for v5.17

by Jens Wiklander

Hello arm-soc maintainers, Please pull these OP-TEE driver fixes all concerning the recent changes regarding FF-A and asynchronous notifications. Thanks, Jens The following changes since commit e783362eb54cd99b2cac8b3a9aeac942e6f6ac07: Linux 5.17-rc1 (2022-01-23 10:12:53 +0200) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fixes-for-v5.17 for you to fetch changes up to 4064c461148ab129dfe5eaeea129b4af6cf4b9b7: optee: add error checks in optee_ffa_do_call_with_arg() (2022-01-24 13:00:59 +0100) ---------------------------------------------------------------- OP-TE fixes for v5.17 - Adds error checking in optee_ffa_do_call_with_arg() - Reintroduces an accidentally lost fix for a memref size check - Uses bitmap_free() to free memory obtained with bitmap_zalloc() ---------------------------------------------------------------- Christophe JAILLET (1): optee: Use bitmap_free() to free bitmap Jens Wiklander (1): optee: add error checks in optee_ffa_do_call_with_arg() Jerome Forissier (1): tee: optee: do not check memref size on return from Secure World drivers/tee/optee/ffa_abi.c | 15 ++++++++++++--- drivers/tee/optee/notif.c | 2 +- drivers/tee/optee/smc_abi.c | 10 ---------- 3 files changed, 13 insertions(+), 14 deletions(-)

4 years, 4 months

1
0
0 0

[PATCH v2 00/12] tee: shared memory updates

by Jens Wiklander

Hi all, This patchset is a general cleanup of shared memory handling in the TEE subsystem. Until now has the in-kernel tee clients used tee_shm_alloc() and tee_shm_register() to share memory with secure world. These two function exposes via a flags parameter a bit more of the internals of the TEE subsystem than one would like. So in order to make things easier are those two functions replaced by few functions which should provide better abstraction. Two in-kernel tee clients are updated to use these new functions. The shared memory pool handling is simplified, an internal matter for the two TEE drivers OP-TEE and AMDTEE. An OP-TEE driver internal tee_context is added to handle shared memory allocations received via RPC, for instance the argument structure needed to make more complex RPC requests. The tee_context used when doing such a memory allocation must be kept until the memory is freed. With this we can avoid keeping a tee_context of a client around for longer than necessary. In the v1 review it was suggested [1] to allow physically non-contiguous memory allocations by the drivers. It turned out to be harder than anticipated so I'll save that for a separate patch. This patchset is also available at [2] and is based on the asynchronous notification patches [3] which was just merged during this merge window. Thanks, Jens [1] https://lore.kernel.org/linux-arm-kernel/20210609145811.GJ4910@sequoia/ [2] https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=tee_shm_v2 [3] https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=async_not… v1->v2: * The commits three "tee: add tee_shm_alloc_kernel_buf()", "tpm_ftpm_tee: use tee_shm_alloc_kernel_buf()" and "firmware: tee_bnxt: use tee_shm_alloc_kernel_buf()" has been merged some time ago as part of another patchset. * Another in-kernel tee client is updated with the commit "KEYS: trusted: tee: use tee_shm_register_kernel_buf()" * tee_shm_alloc_anon_kernel_buf() is replaced with an easier to use function tee_shm_alloc_priv_kernel_buf() and tee_shm_free_anon_kernel_buf() has been dropped. * A driver internal struct tee_context is used to when doing driver internal calls to secure world. * Adds patches to replace tee_shm_register() in a similar way as how tee_shm_alloc() is replaced. * A patch is added to clean up the TEE_SHM_* flags * Fixed a warning reported by kernel test robot <lkp(a)intel.com> Jens Wiklander (12): hwrng: optee-rng: use tee_shm_alloc_kernel_buf() tee: remove unused tee_shm_pool_alloc_res_mem() tee: add tee_shm_alloc_user_buf() tee: simplify shm pool handling tee: replace tee_shm_alloc() optee: add driver private tee_context optee: use driver internal tee_contex for some rpc optee: add optee_pool_op_free_helper() tee: add tee_shm_register_{user,kernel}_buf() KEYS: trusted: tee: use tee_shm_register_kernel_buf() tee: replace tee_shm_register() tee: refactor TEE_SHM_* flags drivers/char/hw_random/optee-rng.c | 6 +- drivers/tee/amdtee/shm_pool.c | 55 ++-- drivers/tee/optee/Kconfig | 8 - drivers/tee/optee/call.c | 2 +- drivers/tee/optee/core.c | 22 +- drivers/tee/optee/device.c | 5 +- drivers/tee/optee/ffa_abi.c | 136 ++++------ drivers/tee/optee/optee_private.h | 12 +- drivers/tee/optee/smc_abi.c | 155 +++-------- drivers/tee/tee_core.c | 5 +- drivers/tee/tee_private.h | 11 - drivers/tee/tee_shm.c | 322 +++++++++++++++-------- drivers/tee/tee_shm_pool.c | 162 +++--------- include/linux/tee_drv.h | 133 +++------- security/keys/trusted-keys/trusted_tee.c | 23 +- 15 files changed, 434 insertions(+), 623 deletions(-) -- 2.31.1

4 years, 5 months

3
37
0 0

[PATCH v2] optee: add error checks in optee_ffa_do_call_with_arg()

by Jens Wiklander

Adds error checking in optee_ffa_do_call_with_arg() for correctness. Fixes: 4615e5a34b95 ("optee: add FF-A support") Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- drivers/tee/optee/ffa_abi.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 20a1b1a3d965..0775759a29c0 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -619,9 +619,18 @@ static int optee_ffa_do_call_with_arg(struct tee_context *ctx, .data2 = (u32)(shm->sec_world_id >> 32), .data3 = shm->offset, }; - struct optee_msg_arg *arg = tee_shm_get_va(shm, 0); - unsigned int rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params); - struct optee_msg_arg *rpc_arg = tee_shm_get_va(shm, rpc_arg_offs); + struct optee_msg_arg *arg; + unsigned int rpc_arg_offs; + struct optee_msg_arg *rpc_arg; + + arg = tee_shm_get_va(shm, 0); + if (IS_ERR(arg)) + return PTR_ERR(arg); + + rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params); + rpc_arg = tee_shm_get_va(shm, rpc_arg_offs); + if (IS_ERR(rpc_arg)) + return PTR_ERR(rpc_arg); return optee_ffa_yielding_call(ctx, &data, rpc_arg); } -- 2.31.1

4 years, 5 months

2
2
0 0

Preparing for OP-TEE 3.16.0

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE v3.16.0 is scheduled to be released on 2022-01-28. So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comments is https://github.com/OP-TEE/optee_os/pull/5094 As usual, we will create a release candidate tag one week before the release date for final testing. In addition to that you can find some additional information related to releases here: https://optee.readthedocs.io/en/latest/general/releases.html Thanks, Jens

4 years, 5 months

1
1
0 0

[PATCH] optee: Do not send requests to supplicant during shutdown

by Lars Persson

The addition of a shutdown hook by commit f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") introduced a kernel shutdown regression that can be triggered after running the xtest suites. Once the shutdown hook is called it is not possible to communicate any more with the supplicant process because the system is not scheduling task any longer. Thus if the optee driver shutdown path receives a supplicant RPC request from the OP-TEE we will deadlock the kernel's shutdown. This unexpected event will in fact occur after the xtest suite has been run. It seems some cached SHM kept alive a context object which in turn kept alive a session towards a PTA or TA. Closing the session results in a socket RPC command being sent back from OP-TEE. This sequence of events is captured by a 5.15 kernel annotated with extra prints: Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8001079380 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8001CC5580 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8006308A80 Calling OPTEE_SMC_DISABLE_SHM_CACHE OPTEE_SMC_DISABLE_SHM_CACHE returned 0 freeing SHM ptr 0xFFFFFF8006308B00 optee: optee_handle_rpc: a0=0XFFFF0000 a1=0XA0 a2=0X0 optee: optee_handle_rpc: a0=0XFFFF0005 a1=0XFFFFFF80 a2=0X61E6500 optee: handle_rpc_func_cmd: cmd = 0XA optee_supp_thrd_req: func=0XA Introduce a shutdown state in the optee device object to return an immediate error to all RPC requests in the shutdown path. Fixes: f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot Signed-off-by: Lars Persson <larper(a)axis.com> --- drivers/tee/optee/optee_private.h | 1 + drivers/tee/optee/smc_abi.c | 5 ++++- drivers/tee/optee/supp.c | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 46f74ab07c7e..83380974ff44 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -164,6 +164,7 @@ struct optee { bool scan_bus_done; struct workqueue_struct *scan_bus_wq; struct work_struct scan_bus_work; + bool shutting_down; }; struct optee_session { diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 449d6a72d289..10af747da816 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1356,7 +1356,10 @@ static int optee_smc_remove(struct platform_device *pdev) */ static void optee_shutdown(struct platform_device *pdev) { - optee_disable_shm_cache(platform_get_drvdata(pdev)); + struct optee *optee = platform_get_drvdata(pdev); + + optee->shutting_down = true; + optee_disable_shm_cache(optee); } static int optee_probe(struct platform_device *pdev) diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c index 322a543b8c27..801b4ec659e8 100644 --- a/drivers/tee/optee/supp.c +++ b/drivers/tee/optee/supp.c @@ -83,6 +83,14 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, bool interruptable; u32 ret; + /* + * When the system is shutting down we cannot talk + * to the supplicant anymore even if we seem to have + * an open session to it. + */ + if (optee->shutting_down) + return TEEC_ERROR_COMMUNICATION; + /* * Return in case there is no supplicant available and * non-blocking request. -- 2.30.2

4 years, 5 months

3
3
0 0

[PATCH] optee: add error checks in optee_ffa_do_call_with_arg()

by Jens Wiklander

Adds error checking in optee_ffa_do_call_with_arg() for correctness. Fixes: 4615e5a34b95 ("optee: add FF-A support") Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- drivers/tee/optee/ffa_abi.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index d8c8683863aa..d88bd2e41572 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -619,9 +619,18 @@ static int optee_ffa_do_call_with_arg(struct tee_context *ctx, .data2 = (u32)(shm->sec_world_id >> 32), .data3 = shm->offset, }; - struct optee_msg_arg *arg = tee_shm_get_va(shm, 0); - unsigned int rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params); - struct optee_msg_arg *rpc_arg = tee_shm_get_va(shm, rpc_arg_offs); + struct optee_msg_arg *arg; + unsigned int rpc_arg_offs; + struct optee_msg_arg *rpc_arg; + + arg = tee_shm_get_va(shm, 0); + if (IS_ERR(arg)) + return PTR_ERR(arg); + + rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params); + rpc_arg = tee_shm_get_va(shm, rpc_arg_offs); + if (IS_ERR(arg)) + return PTR_ERR(arg); return optee_ffa_yielding_call(ctx, &data, rpc_arg); } -- 2.31.1

4 years, 5 months

2
2
0 0

[PATCH] tee: optee: do not check memref size on return from Secure World

by Jerome Forissier

Commit c650b8dc7a79 ("tee: optee: do not check memref size on return from Secure World") was mistakenly lost in commit 4602c5842f64 ("optee: refactor driver with internal callbacks"). Remove the unwanted code again. Fixes: 4602c5842f64 ("optee: refactor driver with internal callbacks") Signed-off-by: Jerome Forissier <jerome(a)forissier.org> --- drivers/tee/optee/smc_abi.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index cf2e3293567d..09e7ec673bb6 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -71,16 +71,6 @@ static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr, p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; p->u.memref.shm = shm; - /* Check that the memref is covered by the shm object */ - if (p->u.memref.size) { - size_t o = p->u.memref.shm_offs + - p->u.memref.size - 1; - - rc = tee_shm_get_pa(shm, o, NULL); - if (rc) - return rc; - } - return 0; } -- 2.32.0

4 years, 5 months

3
3
0 0

[PATCH] docs: staging/tee.rst: fix two typos found while reading

by Wang Cheng

Signed-off-by: Wang Cheng <wanngchenng(a)gmail.com> --- Documentation/staging/tee.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/staging/tee.rst b/Documentation/staging/tee.rst index 3c63d8dcd61e..498343c7ab08 100644 --- a/Documentation/staging/tee.rst +++ b/Documentation/staging/tee.rst @@ -255,7 +255,7 @@ The following picture shows a high level overview of AMD-TEE:: +--------------------------+ +---------+--------------------+ At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the -CPU to PSP mailbox regsister to submit commands to the PSP. The format of the +CPU to PSP mailbox register to submit commands to the PSP. The format of the command buffer is opaque to the ASP driver. It's role is to submit commands to the secure processor and return results to AMD-TEE driver. The interface between AMD-TEE driver and AMD Secure Processor driver can be found in [6]. @@ -290,7 +290,7 @@ cancel_req driver callback is not supported by AMD-TEE. The GlobalPlatform TEE Client API [5] can be used by the user space (client) to talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening -a session, invoking commands and clossing session with TA. +a session, invoking commands and closing session with TA. References ========== -- 2.33.1

4 years, 5 months

4
3
0 0

no TEE TA log (D/TA:) issue (github issue #5112)

by 起飞的老杨

Hello, I got problems here: I built the whole system with yotcto 3.3.3, linux kernel 5.10, optee-os 3.14, platform for rk3399 ( was working for qemu platform ). Console Configuration: U-Boot / TrustFirmware-A / optee-os: all pointed console to uart2 linux dts: chosen and secure-chosen all pointed to uart2. uart2's status and secure-status are both set to "okay" Build Configuration: optee-os: DEBUG=1 \ CFG_TEE_CORE_LOG_LEVEL=4 \ CFG_TEE_CORE_DEBUG=y \ CFG_TEE_TA_LOG_LEVEL=4 \ ... both optee-examples and my TA: DEBUG=1 \ CFG_TEE_TA_LOG_LEVEL=4 \ ... During boot I can see D/TC: logs, but no any D/TA: log is output. Some D/TC log like this: D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA xxxxx D/TC:? 0 tee_ta_close_session:512 csess 0xDDDDDD id 1 D/TC:? 0 tee_ta_close_session:531 Destroy session My TA has correct output, no crashes,or other errors Thanks.

4 years, 5 months

1
0
0 0

[PATCH] tee: combine "config" and "menu" for TEE's menuconfig

by Jan Engelhardt

Don't let TEE occupy two lines in menuconfig when practically no other (sub)menu does either. Signed-off-by: Jan Engelhardt <jengelh(a)inai.de> --- drivers/tee/Kconfig | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git drivers/tee/Kconfig drivers/tee/Kconfig index e99d840c2511..73a147202e88 100644 --- drivers/tee/Kconfig +++ drivers/tee/Kconfig @@ -1,6 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only # Generic Trusted Execution Environment Configuration -config TEE +menuconfig TEE tristate "Trusted Execution Environment support" depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD select CRYPTO @@ -13,10 +13,7 @@ config TEE if TEE -menu "TEE drivers" - source "drivers/tee/optee/Kconfig" source "drivers/tee/amdtee/Kconfig" -endmenu endif -- 2.34.1

4 years, 5 months

3
2
0 0

[PATCH] optee: Use bitmap_free() to free bitmap

by Christophe JAILLET

kfree() and bitmap_free() are the same. But using the latter is more consistent when freeing memory allocated with bitmap_zalloc(). Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> --- drivers/tee/optee/notif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/optee/notif.c b/drivers/tee/optee/notif.c index a28fa03dcd0e..05212842b0a5 100644 --- a/drivers/tee/optee/notif.c +++ b/drivers/tee/optee/notif.c @@ -121,5 +121,5 @@ int optee_notif_init(struct optee *optee, u_int max_key) void optee_notif_uninit(struct optee *optee) { - kfree(optee->notif.bitmap); + bitmap_free(optee->notif.bitmap); } -- 2.32.0

4 years, 5 months

3
2
0 0

[PATCH v3 0/2] CAAM Driver: re-factor and set proper JR status

by Andrey Zhizhikin

This V3 series covers points uncovered during the review of the previous series, one major point being that register readout should not be used for dynamic JR availability check due to its unreliability. Instead, JR should have a proper status set in FDT which indicates the availability of the ring in NS-World. This status is aligned with what BootROM code configures, and can be modified by all actors in the boot chain. Therefore, patch in V2 series that was handling the dynamic JR availability check is dropped in this series and replaced by the patch which sets proper DT status for JR nodes. Andrey Zhizhikin (2): crypto: caam - convert to use capabilities arm64: dts: imx8m: define proper status for caam jr arch/arm64/boot/dts/freescale/imx8mm.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mn.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mq.dtsi | 4 + drivers/crypto/caam/caamalg_qi.c | 2 +- drivers/crypto/caam/ctrl.c | 115 ++++++++++++++-------- drivers/crypto/caam/intern.h | 20 ++-- drivers/crypto/caam/jr.c | 19 +++- drivers/crypto/caam/regs.h | 2 - 9 files changed, 122 insertions(+), 52 deletions(-) base-commit: 04fe99a8d936d46a310ca61b8b63dc270962bf01 -- 2.25.1

4 years, 5 months

6
13
0 0

[GIT PULL] TEE and OP-TEE fixes for v5.16

by Jens Wiklander

Hello arm-soc maintainers, Please pull these TEE subsystem and OP-TEE driver fixes which by coincident all are concerning memory shared with secure world. There's one in particular nasty race fixed when a tee_shm is about to be teared down. Thanks, Jens The following changes since commit d58071a8a76d779eedab38033ae4c821c30295a5: Linux 5.16-rc3 (2021-11-28 14:09:19 -0800) are available in the Git repository at: https://git.linaro.org/people/jens.wiklander/linux-tee.git tags/fixes-for-v5.16 for you to fetch changes up to 6add87fdae9bcb1d20b4503df5bd02ce5246cc8b: optee: Suppress false positive kmemleak report in optee_handle_rpc() (2021-12-16 15:32:48 +0100) ---------------------------------------------------------------- TEE and OP-TEE fixes for v5.16 - Fixes a race when a tee_shm reaches reference count 0 and is about to be teared down - Fixes an incorrect page free bug in an error path of the OP-TEE shared memory pool handling - Suppresses a false positive kmemleak report when allocating driver private shared memory buffers for OP-TEE ---------------------------------------------------------------- Jens Wiklander (1): tee: handle lookup of shm with reference count 0 Sumit Garg (1): tee: optee: Fix incorrect page free bug Xiaolei Wang (1): optee: Suppress false positive kmemleak report in optee_handle_rpc() drivers/tee/optee/core.c | 6 +- drivers/tee/optee/smc_abi.c | 2 + drivers/tee/tee_shm.c | 174 +++++++++++++++++--------------------------- include/linux/tee_drv.h | 4 +- 4 files changed, 72 insertions(+), 114 deletions(-)

4 years, 6 months

1
0
0 0

[PATCH v2] tee: handle lookup of shm with reference count 0

by Jens Wiklander

Since the tee subsystem does not keep a strong reference to its idle shared memory buffers, it races with other threads that try to destroy a shared memory through a close of its dma-buf fd or by unmapping the memory. In tee_shm_get_from_id() when a lookup in teedev->idr has been successful, it is possible that the tee_shm is in the dma-buf teardown path, but that path is blocked by the teedev mutex. Since we don't have an API to tell if the tee_shm is in the dma-buf teardown path or not we must find another way of detecting this condition. Fix this by doing the reference counting directly on the tee_shm using a new refcount_t refcount field. dma-buf is replaced by using anon_inode_getfd() instead, this separates the life-cycle of the underlying file from the tee_shm. tee_shm_put() is updated to hold the mutex when decreasing the refcount to 0 and then remove the tee_shm from teedev->idr before releasing the mutex. This means that the tee_shm can never be found unless it has a refcount larger than 0. Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Cc: stable(a)vger.kernel.org Reviewed-by: Lars Persson <larper(a)axis.com> Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> Reported-by: Patrik Lantz <patrik.lantz(a)axis.com> Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- v1->v2 * fix copyright years in drivers/tee/tee_shm.c * update kerneldoc comment for struct tee_shm with the reference counter drivers/tee/tee_shm.c | 174 +++++++++++++++------------------------- include/linux/tee_drv.h | 4 +- 2 files changed, 68 insertions(+), 110 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 8a8deb95e918..499fccba3d74 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -1,20 +1,17 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (c) 2015-2016, Linaro Limited + * Copyright (c) 2015-2017, 2019-2021 Linaro Limited */ +#include <linux/anon_inodes.h> #include <linux/device.h> -#include <linux/dma-buf.h> -#include <linux/fdtable.h> #include <linux/idr.h> +#include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/tee_drv.h> #include <linux/uio.h> -#include <linux/module.h> #include "tee_private.h" -MODULE_IMPORT_NS(DMA_BUF); - static void release_registered_pages(struct tee_shm *shm) { if (shm->pages) { @@ -31,16 +28,8 @@ static void release_registered_pages(struct tee_shm *shm) } } -static void tee_shm_release(struct tee_shm *shm) +static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm) { - struct tee_device *teedev = shm->ctx->teedev; - - if (shm->flags & TEE_SHM_DMA_BUF) { - mutex_lock(&teedev->mutex); - idr_remove(&teedev->idr, shm->id); - mutex_unlock(&teedev->mutex); - } - if (shm->flags & TEE_SHM_POOL) { struct tee_shm_pool_mgr *poolm; @@ -67,45 +56,6 @@ static void tee_shm_release(struct tee_shm *shm) tee_device_put(teedev); } -static struct sg_table *tee_shm_op_map_dma_buf(struct dma_buf_attachment - *attach, enum dma_data_direction dir) -{ - return NULL; -} - -static void tee_shm_op_unmap_dma_buf(struct dma_buf_attachment *attach, - struct sg_table *table, - enum dma_data_direction dir) -{ -} - -static void tee_shm_op_release(struct dma_buf *dmabuf) -{ - struct tee_shm *shm = dmabuf->priv; - - tee_shm_release(shm); -} - -static int tee_shm_op_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) -{ - struct tee_shm *shm = dmabuf->priv; - size_t size = vma->vm_end - vma->vm_start; - - /* Refuse sharing shared memory provided by application */ - if (shm->flags & TEE_SHM_USER_MAPPED) - return -EINVAL; - - return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, - size, vma->vm_page_prot); -} - -static const struct dma_buf_ops tee_shm_dma_buf_ops = { - .map_dma_buf = tee_shm_op_map_dma_buf, - .unmap_dma_buf = tee_shm_op_unmap_dma_buf, - .release = tee_shm_op_release, - .mmap = tee_shm_op_mmap, -}; - struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) { struct tee_device *teedev = ctx->teedev; @@ -140,6 +90,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) goto err_dev_put; } + refcount_set(&shm->refcount, 1); shm->flags = flags | TEE_SHM_POOL; shm->ctx = ctx; if (flags & TEE_SHM_DMA_BUF) @@ -153,10 +104,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) goto err_kfree; } - if (flags & TEE_SHM_DMA_BUF) { - DEFINE_DMA_BUF_EXPORT_INFO(exp_info); - mutex_lock(&teedev->mutex); shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL); mutex_unlock(&teedev->mutex); @@ -164,28 +112,11 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) ret = ERR_PTR(shm->id); goto err_pool_free; } - - exp_info.ops = &tee_shm_dma_buf_ops; - exp_info.size = shm->size; - exp_info.flags = O_RDWR; - exp_info.priv = shm; - - shm->dmabuf = dma_buf_export(&exp_info); - if (IS_ERR(shm->dmabuf)) { - ret = ERR_CAST(shm->dmabuf); - goto err_rem; - } } teedev_ctx_get(ctx); return shm; -err_rem: - if (flags & TEE_SHM_DMA_BUF) { - mutex_lock(&teedev->mutex); - idr_remove(&teedev->idr, shm->id); - mutex_unlock(&teedev->mutex); - } err_pool_free: poolm->ops->free(poolm, shm); err_kfree: @@ -246,6 +177,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } + refcount_set(&shm->refcount, 1); shm->flags = flags | TEE_SHM_REGISTER; shm->ctx = ctx; shm->id = -1; @@ -306,22 +238,6 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } - if (flags & TEE_SHM_DMA_BUF) { - DEFINE_DMA_BUF_EXPORT_INFO(exp_info); - - exp_info.ops = &tee_shm_dma_buf_ops; - exp_info.size = shm->size; - exp_info.flags = O_RDWR; - exp_info.priv = shm; - - shm->dmabuf = dma_buf_export(&exp_info); - if (IS_ERR(shm->dmabuf)) { - ret = ERR_CAST(shm->dmabuf); - teedev->desc->ops->shm_unregister(ctx, shm); - goto err; - } - } - return shm; err: if (shm) { @@ -339,6 +255,35 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, } EXPORT_SYMBOL_GPL(tee_shm_register); +static int tee_shm_fop_release(struct inode *inode, struct file *filp) +{ + tee_shm_put(filp->private_data); + return 0; +} + +static int tee_shm_fop_mmap(struct file *filp, struct vm_area_struct *vma) +{ + struct tee_shm *shm = filp->private_data; + size_t size = vma->vm_end - vma->vm_start; + + /* Refuse sharing shared memory provided by application */ + if (shm->flags & TEE_SHM_USER_MAPPED) + return -EINVAL; + + /* check for overflowing the buffer's size */ + if (vma->vm_pgoff + vma_pages(vma) > shm->size >> PAGE_SHIFT) + return -EINVAL; + + return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, + size, vma->vm_page_prot); +} + +static const struct file_operations tee_shm_fops = { + .owner = THIS_MODULE, + .release = tee_shm_fop_release, + .mmap = tee_shm_fop_mmap, +}; + /** * tee_shm_get_fd() - Increase reference count and return file descriptor * @shm: Shared memory handle @@ -351,10 +296,11 @@ int tee_shm_get_fd(struct tee_shm *shm) if (!(shm->flags & TEE_SHM_DMA_BUF)) return -EINVAL; - get_dma_buf(shm->dmabuf); - fd = dma_buf_fd(shm->dmabuf, O_CLOEXEC); + /* matched by tee_shm_put() in tee_shm_op_release() */ + refcount_inc(&shm->refcount); + fd = anon_inode_getfd("tee_shm", &tee_shm_fops, shm, O_RDWR); if (fd < 0) - dma_buf_put(shm->dmabuf); + tee_shm_put(shm); return fd; } @@ -364,17 +310,7 @@ int tee_shm_get_fd(struct tee_shm *shm) */ void tee_shm_free(struct tee_shm *shm) { - /* - * dma_buf_put() decreases the dmabuf reference counter and will - * call tee_shm_release() when the last reference is gone. - * - * In the case of driver private memory we call tee_shm_release - * directly instead as it doesn't have a reference counter. - */ - if (shm->flags & TEE_SHM_DMA_BUF) - dma_buf_put(shm->dmabuf); - else - tee_shm_release(shm); + tee_shm_put(shm); } EXPORT_SYMBOL_GPL(tee_shm_free); @@ -481,10 +417,15 @@ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id) teedev = ctx->teedev; mutex_lock(&teedev->mutex); shm = idr_find(&teedev->idr, id); + /* + * If the tee_shm was found in the IDR it must have a refcount + * larger than 0 due to the guarantee in tee_shm_put() below. So + * it's safe to use refcount_inc(). + */ if (!shm || shm->ctx != ctx) shm = ERR_PTR(-EINVAL); - else if (shm->flags & TEE_SHM_DMA_BUF) - get_dma_buf(shm->dmabuf); + else + refcount_inc(&shm->refcount); mutex_unlock(&teedev->mutex); return shm; } @@ -496,7 +437,24 @@ EXPORT_SYMBOL_GPL(tee_shm_get_from_id); */ void tee_shm_put(struct tee_shm *shm) { - if (shm->flags & TEE_SHM_DMA_BUF) - dma_buf_put(shm->dmabuf); + struct tee_device *teedev = shm->ctx->teedev; + bool do_release = false; + + mutex_lock(&teedev->mutex); + if (refcount_dec_and_test(&shm->refcount)) { + /* + * refcount has reached 0, we must now remove it from the + * IDR before releasing the mutex. This will guarantee that + * the refcount_inc() in tee_shm_get_from_id() never starts + * from 0. + */ + if (shm->flags & TEE_SHM_DMA_BUF) + idr_remove(&teedev->idr, shm->id); + do_release = true; + } + mutex_unlock(&teedev->mutex); + + if (do_release) + tee_shm_release(teedev, shm); } EXPORT_SYMBOL_GPL(tee_shm_put); diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index a1f03461369b..cf5999626e28 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -195,7 +195,7 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, * @offset: offset of buffer in user space * @pages: locked pages from userspace * @num_pages: number of locked pages - * @dmabuf: dmabuf used to for exporting to user space + * @refcount: reference counter * @flags: defined by TEE_SHM_* in tee_drv.h * @id: unique id of a shared memory object on this device, shared * with user space @@ -214,7 +214,7 @@ struct tee_shm { unsigned int offset; struct page **pages; size_t num_pages; - struct dma_buf *dmabuf; + refcount_t refcount; u32 flags; int id; u64 sec_world_id; -- 2.31.1

4 years, 6 months

2
2
0 0

[PATCH] optee: Suppress false positive kmemleak report in optee_handle_rpc()

by Xiaolei Wang

We observed the following kmemleak report: unreferenced object 0xffff000007904500 (size 128): comm "swapper/0", pid 1, jiffies 4294892671 (age 44.036s) hex dump (first 32 bytes): 00 47 90 07 00 00 ff ff 60 00 c0 ff 00 00 00 00 .G......`....... 60 00 80 13 00 80 ff ff a0 00 00 00 00 00 00 00 `............... backtrace: [<000000004c12b1c7>] kmem_cache_alloc+0x1ac/0x2f4 [<000000005d23eb4f>] tee_shm_alloc+0x78/0x230 [<00000000794dd22c>] optee_handle_rpc+0x60/0x6f0 [<00000000d9f7c52d>] optee_do_call_with_arg+0x17c/0x1dc [<00000000c35884da>] optee_open_session+0x128/0x1ec [<000000001748f2ff>] tee_client_open_session+0x28/0x40 [<00000000aecb5389>] optee_enumerate_devices+0x84/0x2a0 [<000000003df18bf1>] optee_probe+0x674/0x6cc [<000000003a4a534a>] platform_drv_probe+0x54/0xb0 [<000000000c51ce7d>] really_probe+0xe4/0x4d0 [<000000002f04c865>] driver_probe_device+0x58/0xc0 [<00000000b485397d>] device_driver_attach+0xc0/0xd0 [<00000000c835f0df>] __driver_attach+0x84/0x124 [<000000008e5a429c>] bus_for_each_dev+0x70/0xc0 [<000000001735e8a8>] driver_attach+0x24/0x30 [<000000006d94b04f>] bus_add_driver+0x104/0x1ec This is not a memory leak because we pass the share memory pointer to secure world and would get it from secure world before releasing it. Signed-off-by: Xiaolei Wang <xiaolei.wang(a)windriver.com> --- drivers/tee/optee/smc_abi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 6196d7c3888f..cf2e3293567d 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -23,6 +23,7 @@ #include "optee_private.h" #include "optee_smc.h" #include "optee_rpc_cmd.h" +#include <linux/kmemleak.h> #define CREATE_TRACE_POINTS #include "optee_trace.h" @@ -783,6 +784,7 @@ static void optee_handle_rpc(struct tee_context *ctx, param->a4 = 0; param->a5 = 0; } + kmemleak_not_leak(shm); break; case OPTEE_SMC_RPC_FUNC_FREE: shm = reg_pair_to_ptr(param->a1, param->a2); -- 2.25.1

4 years, 6 months

9
26
0 0

[PATCH v2] tee: optee: Fix incorrect page free bug

by Sumit Garg

Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer. Fixes: ec185dd3ab25 ("optee: Fix memory leak when failing to register shm pages") Cc: stable(a)vger.kernel.org Reported-by: Patrik Lantz <patrik.lantz(a)axis.com> Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> Reviewed-by: Tyler Hicks <tyhicks(a)linux.microsoft.com> --- Changes since v1: - Added stable CC tag. - Picked up Tyler's review tag. drivers/tee/optee/core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index ab2edfcc6c70..2a66a5203d2f 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -48,10 +48,8 @@ int optee_pool_op_alloc_helper(struct tee_shm_pool_mgr *poolm, goto err; } - for (i = 0; i < nr_pages; i++) { - pages[i] = page; - page++; - } + for (i = 0; i < nr_pages; i++) + pages[i] = page + i; shm->flags |= TEE_SHM_REGISTER; rc = shm_register(shm->ctx, shm, pages, nr_pages, -- 2.25.1

4 years, 6 months

2
1
0 0

[PATCH] tee: Do not publish partially initialized shm objects

by Lars Persson

Adding a partially initialized struct tee_shm to teedev->idr makes that object reachable from userspace through TEE_IOC_OPEN_SESSION and TEE_IOC_INVOKE. We should delay the registration of the pointer in the idr until the object is fully initialized. Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Reported-by: Patrik Lantz <patrik.lantz(a)axis.com> Signed-off-by: Lars Persson <larper(a)axis.com> --- drivers/tee/tee_shm.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 8a9384a64f3e..93814ff7fde8 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -155,7 +155,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) DEFINE_DMA_BUF_EXPORT_INFO(exp_info); mutex_lock(&teedev->mutex); - shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL); + shm->id = idr_alloc(&teedev->idr, NULL, 1, 0, GFP_KERNEL); mutex_unlock(&teedev->mutex); if (shm->id < 0) { ret = ERR_PTR(shm->id); @@ -172,6 +172,12 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) ret = ERR_CAST(shm->dmabuf); goto err_rem; } + + ret = idr_replace(&teedev->idr, shm, shm->id); + if (IS_ERR(ret)) { + dma_buf_put(shm->dmabuf); + return ret; + } } teedev_ctx_get(ctx); @@ -288,7 +294,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, } mutex_lock(&teedev->mutex); - shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL); + shm->id = idr_alloc(&teedev->idr, NULL, 1, 0, GFP_KERNEL); mutex_unlock(&teedev->mutex); if (shm->id < 0) { @@ -319,6 +325,12 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, } } + ret = idr_replace(&teedev->idr, shm, shm->id); + if (IS_ERR(ret)) { + tee_shm_free(shm); + return ret; + } + return shm; err: if (shm) { -- 2.30.2

4 years, 6 months

3
5
0 0

Linaro OP-TEE Contributions (LOC) monthly meeting - Dec 23 CANCELLED

by Ruchika Gupta

Hi, In light of the holiday season we are not expecting too many joiners on Dec 23. Hence, let's cancel the LOC (Linaro OP-TEE Contribution) monthly meeting scheduled for next week. Wish you all a great holiday and a happy new year. The next scheduled meeting will be on 27th January 2022. Regards, Ruchika (On behalf of OP-TEE team)

4 years, 6 months

1
0
0 0

drivers/tee double-free of page when optee_shm_register fails

by Lars Persson

Hi Me and Patrik have been tracing a kernel memory corruption bug that is triggered when op-tee runs out of resources and returns an error from the OPTEE_MSG_CMD_REGISTER_SHM call. This is yet another fall-out from Patrik's fuzzing of the TEE subsystem. The symptoms would look like this when page debugging is enabled: BUG: Bad page state in process optee_example_h pfn:46bb0 page:(ptrval) refcount:-1 mapcount:0 mapping:00000000 index:0x0 pfn:0x46bb0 flags: 0x0(zone=0) Our reproducer runs a loop with the TEE_IOC_SHM_ALLOC until memory runs out at the optee-os end (dynamic SHM enabled). The error is 100% reproducible with such a loop. We have traced this down to what seems to be a miss in the memory ownership contract during the call to OPTEE_MSG_CMD_REGISTER_SHM. When pool_op_alloc() detects that optee_shm_register() has failed, it will free the allocated page at the very end of the function. Unfortunately that page has already been freed because OP-TEE has sent a OPTEE_RPC_CMD_SHM_FREE for this shm object before returning from OPTEE_MSG_CMD_REGISTER_SHM. This is my conclusion based on prints added to the code. I cannot write a patch for this because I am at a loss of who actually is supposed to trigger the free of the pages in this situation. Is there an API spec that makes this clear ? BR, Lars

4 years, 6 months

3
6
0 0

[PATCH] tee: optee: Fix incorrect page free bug

by Sumit Garg

Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer. Fixes: ec185dd3ab25 ("optee: Fix memory leak when failing to register shm pages") Reported-by: Patrik Lantz <patrik.lantz(a)axis.com> Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> --- drivers/tee/optee/core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index ab2edfcc6c70..2a66a5203d2f 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -48,10 +48,8 @@ int optee_pool_op_alloc_helper(struct tee_shm_pool_mgr *poolm, goto err; } - for (i = 0; i < nr_pages; i++) { - pages[i] = page; - page++; - } + for (i = 0; i < nr_pages; i++) + pages[i] = page + i; shm->flags |= TEE_SHM_REGISTER; rc = shm_register(shm->ctx, shm, pages, nr_pages, -- 2.25.1

4 years, 6 months

3
3
0 0

[PATCH] tee: handle lookup of shm with reference count 0

by Jens Wiklander

Since the tee subsystem does not keep a strong reference to its idle shared memory buffers, it races with other threads that try to destroy a shared memory through a close of its dma-buf fd or by unmapping the memory. In tee_shm_get_from_id() when a lookup in teedev->idr has been successful, it is possible that the tee_shm is in the dma-buf teardown path, but that path is blocked by the teedev mutex. Since we don't have an API to tell if the tee_shm is in the dma-buf teardown path or not we must find another way of detecting this condition. Fix this by doing the reference counting directly on the tee_shm using a new refcount_t refcount field. dma-buf is replaced by using anon_inode_getfd() instead, this separates the life-cycle of the underlying file from the tee_shm. tee_shm_put() is updated to hold the mutex when decreasing the refcount to 0 and then remove the tee_shm from teedev->idr before releasing the mutex. This means that the tee_shm can never be found unless it has a refcount larger than 0. Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Cc: stable(a)vger.kernel.org Reviewed-by: Lars Persson <larper(a)axis.com> Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> Reported-by: Patrik Lantz <patrik.lantz(a)axis.com> Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- drivers/tee/tee_shm.c | 174 +++++++++++++++------------------------- include/linux/tee_drv.h | 2 +- 2 files changed, 67 insertions(+), 109 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 8a8deb95e918..0c82cf981c46 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -1,20 +1,17 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (c) 2015-2016, Linaro Limited + * Copyright (c) 2015-2021, Linaro Limited */ +#include <linux/anon_inodes.h> #include <linux/device.h> -#include <linux/dma-buf.h> -#include <linux/fdtable.h> #include <linux/idr.h> +#include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/tee_drv.h> #include <linux/uio.h> -#include <linux/module.h> #include "tee_private.h" -MODULE_IMPORT_NS(DMA_BUF); - static void release_registered_pages(struct tee_shm *shm) { if (shm->pages) { @@ -31,16 +28,8 @@ static void release_registered_pages(struct tee_shm *shm) } } -static void tee_shm_release(struct tee_shm *shm) +static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm) { - struct tee_device *teedev = shm->ctx->teedev; - - if (shm->flags & TEE_SHM_DMA_BUF) { - mutex_lock(&teedev->mutex); - idr_remove(&teedev->idr, shm->id); - mutex_unlock(&teedev->mutex); - } - if (shm->flags & TEE_SHM_POOL) { struct tee_shm_pool_mgr *poolm; @@ -67,45 +56,6 @@ static void tee_shm_release(struct tee_shm *shm) tee_device_put(teedev); } -static struct sg_table *tee_shm_op_map_dma_buf(struct dma_buf_attachment - *attach, enum dma_data_direction dir) -{ - return NULL; -} - -static void tee_shm_op_unmap_dma_buf(struct dma_buf_attachment *attach, - struct sg_table *table, - enum dma_data_direction dir) -{ -} - -static void tee_shm_op_release(struct dma_buf *dmabuf) -{ - struct tee_shm *shm = dmabuf->priv; - - tee_shm_release(shm); -} - -static int tee_shm_op_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) -{ - struct tee_shm *shm = dmabuf->priv; - size_t size = vma->vm_end - vma->vm_start; - - /* Refuse sharing shared memory provided by application */ - if (shm->flags & TEE_SHM_USER_MAPPED) - return -EINVAL; - - return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, - size, vma->vm_page_prot); -} - -static const struct dma_buf_ops tee_shm_dma_buf_ops = { - .map_dma_buf = tee_shm_op_map_dma_buf, - .unmap_dma_buf = tee_shm_op_unmap_dma_buf, - .release = tee_shm_op_release, - .mmap = tee_shm_op_mmap, -}; - struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) { struct tee_device *teedev = ctx->teedev; @@ -140,6 +90,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) goto err_dev_put; } + refcount_set(&shm->refcount, 1); shm->flags = flags | TEE_SHM_POOL; shm->ctx = ctx; if (flags & TEE_SHM_DMA_BUF) @@ -153,10 +104,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) goto err_kfree; } - if (flags & TEE_SHM_DMA_BUF) { - DEFINE_DMA_BUF_EXPORT_INFO(exp_info); - mutex_lock(&teedev->mutex); shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL); mutex_unlock(&teedev->mutex); @@ -164,28 +112,11 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) ret = ERR_PTR(shm->id); goto err_pool_free; } - - exp_info.ops = &tee_shm_dma_buf_ops; - exp_info.size = shm->size; - exp_info.flags = O_RDWR; - exp_info.priv = shm; - - shm->dmabuf = dma_buf_export(&exp_info); - if (IS_ERR(shm->dmabuf)) { - ret = ERR_CAST(shm->dmabuf); - goto err_rem; - } } teedev_ctx_get(ctx); return shm; -err_rem: - if (flags & TEE_SHM_DMA_BUF) { - mutex_lock(&teedev->mutex); - idr_remove(&teedev->idr, shm->id); - mutex_unlock(&teedev->mutex); - } err_pool_free: poolm->ops->free(poolm, shm); err_kfree: @@ -246,6 +177,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } + refcount_set(&shm->refcount, 1); shm->flags = flags | TEE_SHM_REGISTER; shm->ctx = ctx; shm->id = -1; @@ -306,22 +238,6 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } - if (flags & TEE_SHM_DMA_BUF) { - DEFINE_DMA_BUF_EXPORT_INFO(exp_info); - - exp_info.ops = &tee_shm_dma_buf_ops; - exp_info.size = shm->size; - exp_info.flags = O_RDWR; - exp_info.priv = shm; - - shm->dmabuf = dma_buf_export(&exp_info); - if (IS_ERR(shm->dmabuf)) { - ret = ERR_CAST(shm->dmabuf); - teedev->desc->ops->shm_unregister(ctx, shm); - goto err; - } - } - return shm; err: if (shm) { @@ -339,6 +255,35 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, } EXPORT_SYMBOL_GPL(tee_shm_register); +static int tee_shm_fop_release(struct inode *inode, struct file *filp) +{ + tee_shm_put(filp->private_data); + return 0; +} + +static int tee_shm_fop_mmap(struct file *filp, struct vm_area_struct *vma) +{ + struct tee_shm *shm = filp->private_data; + size_t size = vma->vm_end - vma->vm_start; + + /* Refuse sharing shared memory provided by application */ + if (shm->flags & TEE_SHM_USER_MAPPED) + return -EINVAL; + + /* check for overflowing the buffer's size */ + if (vma->vm_pgoff + vma_pages(vma) > shm->size >> PAGE_SHIFT) + return -EINVAL; + + return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, + size, vma->vm_page_prot); +} + +static const struct file_operations tee_shm_fops = { + .owner = THIS_MODULE, + .release = tee_shm_fop_release, + .mmap = tee_shm_fop_mmap, +}; + /** * tee_shm_get_fd() - Increase reference count and return file descriptor * @shm: Shared memory handle @@ -351,10 +296,11 @@ int tee_shm_get_fd(struct tee_shm *shm) if (!(shm->flags & TEE_SHM_DMA_BUF)) return -EINVAL; - get_dma_buf(shm->dmabuf); - fd = dma_buf_fd(shm->dmabuf, O_CLOEXEC); + /* matched by tee_shm_put() in tee_shm_op_release() */ + refcount_inc(&shm->refcount); + fd = anon_inode_getfd("tee_shm", &tee_shm_fops, shm, O_RDWR); if (fd < 0) - dma_buf_put(shm->dmabuf); + tee_shm_put(shm); return fd; } @@ -364,17 +310,7 @@ int tee_shm_get_fd(struct tee_shm *shm) */ void tee_shm_free(struct tee_shm *shm) { - /* - * dma_buf_put() decreases the dmabuf reference counter and will - * call tee_shm_release() when the last reference is gone. - * - * In the case of driver private memory we call tee_shm_release - * directly instead as it doesn't have a reference counter. - */ - if (shm->flags & TEE_SHM_DMA_BUF) - dma_buf_put(shm->dmabuf); - else - tee_shm_release(shm); + tee_shm_put(shm); } EXPORT_SYMBOL_GPL(tee_shm_free); @@ -481,10 +417,15 @@ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id) teedev = ctx->teedev; mutex_lock(&teedev->mutex); shm = idr_find(&teedev->idr, id); + /* + * If the tee_shm was found in the IDR it must have a refcount + * larger than 0 due to the guarantee in tee_shm_put() below. So + * it's safe to use refcount_inc(). + */ if (!shm || shm->ctx != ctx) shm = ERR_PTR(-EINVAL); - else if (shm->flags & TEE_SHM_DMA_BUF) - get_dma_buf(shm->dmabuf); + else + refcount_inc(&shm->refcount); mutex_unlock(&teedev->mutex); return shm; } @@ -496,7 +437,24 @@ EXPORT_SYMBOL_GPL(tee_shm_get_from_id); */ void tee_shm_put(struct tee_shm *shm) { - if (shm->flags & TEE_SHM_DMA_BUF) - dma_buf_put(shm->dmabuf); + struct tee_device *teedev = shm->ctx->teedev; + bool do_release = false; + + mutex_lock(&teedev->mutex); + if (refcount_dec_and_test(&shm->refcount)) { + /* + * refcount has reached 0, we must now remove it from the + * IDR before releasing the mutex. This will guarantee that + * the refcount_inc() in tee_shm_get_from_id() never starts + * from 0. + */ + if (shm->flags & TEE_SHM_DMA_BUF) + idr_remove(&teedev->idr, shm->id); + do_release = true; + } + mutex_unlock(&teedev->mutex); + + if (do_release) + tee_shm_release(teedev, shm); } EXPORT_SYMBOL_GPL(tee_shm_put); diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index a1f03461369b..e59130eb78a1 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -214,7 +214,7 @@ struct tee_shm { unsigned int offset; struct page **pages; size_t num_pages; - struct dma_buf *dmabuf; + refcount_t refcount; u32 flags; int id; u64 sec_world_id; -- 2.31.1

4 years, 6 months

4
10
0 0

[GIT PULL] OP-TEE add async notifications for v5.17

by Jens Wiklander

Hello arm-soc maintainers, Please pull these patches which adds support for asynchronous notifications from OP-TEE in secure world to the OP-TEE driver. An edge-triggered interrupt is used to notify the the driver. These patches has been in linux-next for a few weeks already. Thanks, Jens The following changes since commit fa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf: Linux 5.16-rc1 (2021-11-14 13:56:52 -0800) are available in the Git repository at: https://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-async-notif-for-v5.17 for you to fetch changes up to b98aee466d194788bd651cb375b0e0f7e0e69865: optee: Fix NULL but dereferenced coccicheck error (2021-11-29 22:02:25 +0100) ---------------------------------------------------------------- OP-TEE Asynchronous notifications from secure world Adds support in the SMC based OP-TEE driver to receive asynchronous notifications from secure world using an edge-triggered interrupt as delivery mechanism. ---------------------------------------------------------------- Jens Wiklander (6): docs: staging/tee.rst: add a section on OP-TEE notifications dt-bindings: arm: optee: add interrupt property tee: fix put order in teedev_close_context() tee: export teedev_open() and teedev_close_context() optee: separate notification functions optee: add asynchronous notifications Yang Li (1): optee: Fix NULL but dereferenced coccicheck error .../bindings/arm/firmware/linaro,optee-tz.yaml | 8 + Documentation/staging/tee.rst | 30 +++ drivers/tee/optee/Makefile | 1 + drivers/tee/optee/core.c | 2 +- drivers/tee/optee/ffa_abi.c | 6 +- drivers/tee/optee/notif.c | 125 +++++++++++ drivers/tee/optee/optee_msg.h | 9 + drivers/tee/optee/optee_private.h | 28 ++- drivers/tee/optee/optee_rpc_cmd.h | 31 +-- drivers/tee/optee/optee_smc.h | 75 ++++++- drivers/tee/optee/rpc.c | 71 +----- drivers/tee/optee/smc_abi.c | 237 ++++++++++++++++++--- drivers/tee/tee_core.c | 10 +- include/linux/tee_drv.h | 14 ++ 14 files changed, 523 insertions(+), 124 deletions(-) create mode 100644 drivers/tee/optee/notif.c

4 years, 6 months

1
0
0 0

Re: [PATCH] optee: Suppress false positive kmemleak report in optee_handle_rpc()

by Wang, Xiaolei

-----Original Message----- From: Sumit Garg<sumit.garg(a)linaro.org> Sent: Thursday, December 9, 2021 7:41 PM To: Wang, Xiaolei<Xiaolei.Wang(a)windriver.com> Cc:jens.wiklander@linaro.org;op-tee@lists.trustedfirmware.org;linux-kernel@vger.kernel.org Subject: Re: [PATCH] optee: Suppress false positive kmemleak report in optee_handle_rpc() [Please note: This e-mail is from an EXTERNAL e-mail address] On Mon, 6 Dec 2021 at 17:35, Xiaolei Wang<xiaolei.wang(a)windriver.com> wrote: > We observed the following kmemleak report: > unreferenced object 0xffff000007904500 (size 128): > comm "swapper/0", pid 1, jiffies 4294892671 (age 44.036s) > hex dump (first 32 bytes): > 00 47 90 07 00 00 ff ff 60 00 c0 ff 00 00 00 00 .G......`....... > 60 00 80 13 00 80 ff ff a0 00 00 00 00 00 00 00 `............... > backtrace: > [<000000004c12b1c7>] kmem_cache_alloc+0x1ac/0x2f4 > [<000000005d23eb4f>] tee_shm_alloc+0x78/0x230 > [<00000000794dd22c>] optee_handle_rpc+0x60/0x6f0 > [<00000000d9f7c52d>] optee_do_call_with_arg+0x17c/0x1dc > [<00000000c35884da>] optee_open_session+0x128/0x1ec > [<000000001748f2ff>] tee_client_open_session+0x28/0x40 > [<00000000aecb5389>] optee_enumerate_devices+0x84/0x2a0 > [<000000003df18bf1>] optee_probe+0x674/0x6cc > [<000000003a4a534a>] platform_drv_probe+0x54/0xb0 > [<000000000c51ce7d>] really_probe+0xe4/0x4d0 > [<000000002f04c865>] driver_probe_device+0x58/0xc0 > [<00000000b485397d>] device_driver_attach+0xc0/0xd0 > [<00000000c835f0df>] __driver_attach+0x84/0x124 > [<000000008e5a429c>] bus_for_each_dev+0x70/0xc0 > [<000000001735e8a8>] driver_attach+0x24/0x30 > [<000000006d94b04f>] bus_add_driver+0x104/0x1ec > > This is not a memory leak because we pass the share memory pointer to > secure world and would get it from secure world before releasing it. > > IMO, we need to cross-check optee-os if it's responsible for leaking kernel memory. Hi Sumit You mean we need to check whether there is a real memory leak, if being secure world just allocates kernel memory via OPTEE_SMC_RPC_FUNC_ALLOC and until the end, there is no free it via OPTEE_SMC_RPC_FUNC_FREE, then we should judge it as a memory leak. thanks xiaolei > > > -Sumit > >> Signed-off-by: Xiaolei Wang<xiaolei.wang(a)windriver.com> >> --- >> drivers/tee/optee/smc_abi.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c >> index 6196d7c3888f..cf2e3293567d 100644 >> --- a/drivers/tee/optee/smc_abi.c >> +++ b/drivers/tee/optee/smc_abi.c >> @@ -23,6 +23,7 @@ >> #include "optee_private.h" >> #include "optee_smc.h" >> #include "optee_rpc_cmd.h" >> +#include <linux/kmemleak.h> >> #define CREATE_TRACE_POINTS >> #include "optee_trace.h" >> >> @@ -783,6 +784,7 @@ static void optee_handle_rpc(struct tee_context *ctx, >> param->a4 = 0; >> param->a5 = 0; >> } >> + kmemleak_not_leak(shm); >> break; >> case OPTEE_SMC_RPC_FUNC_FREE: >> shm = reg_pair_to_ptr(param->a1, param->a2); >> -- >> 2.25.1 >>

4 years, 6 months

1
0
0 0

Hardening OP-TEE kernel and trustlets with sanitizers

by Igor Zhbanov

Hello! Is it possible to use any compiler-based sanitizers to harden OP-TEE kernel and/or trustlets? I know, there is ASAN support in the OP-TEE kernel. But can it be used with TAs? Or some other sanitizers like UBSan? Thank you.

4 years, 6 months

1
0
0 0

Fwd: Embedded DT (CFG_EMBED_DT) with dynamic shared memory (CFG_CORE_DYN_SHM) in optee-os

by Etienne Carriere

Hello John, > From: John Linn <linnj(a)xilinx.com> > Date: Thu, Nov 18, 2021 at 10:24 PM > Subject: Embedded DT (CFG_EMBED_DT) with dynamic shared memory (CFG_CORE_DYN_SHM) in optee-os > To: op-teeATlists.trustedfirmware.org <op-teeATlists.trustedfirmware.org> > > > It appears that dynamic shared memory does not work with an embedded DT, but I'm likely missing something. I have it working fine with an external DT. > > There is a bit of interaction in kernel/boot.c with the two configuration options and my testing is not seeing it work with 3.14 and master looks the same viewing it. > > get_external_fdt() is called which does not work with the embedded DT it appears to me. Indeed the current implementation gets the main memory size from the external non-secure DTB. This memory is mainly REE memory and can tbe used as shared memory. It looks reasonable to get the same info from the embedded DTB instead but the point to discuss, IMO, is whether the memory nodes of OP-TEE secure DT relate to OP-TEE "secure memory" or to system-wide (possibly non-secure) memory. In the former case, that information could not be used to define the "non-secure shareable address ranges". Feel free to create a P-R in optee_os for that purpose (something like try with embedded_dt() then fallback to externalè_dt()), Regards, Etienne > > Any hints or advice? > > Thanks > John

4 years, 6 months

2
2
0 0

[GIT PULL] AMD-TEE fix for v5.16

by Jens Wiklander

Hello arm-soc maintainers, Please pull this AMDTEE driver fix which takes care of a bug where IS_ERR() was used instead of a NULL check for the return value from __get_free_pages(). Note that this isn't a usual Arm driver update. This targets AMD instead, but is part of the TEE subsystem. Thanks, Jens The following changes since commit d58071a8a76d779eedab38033ae4c821c30295a5: Linux 5.16-rc3 (2021-11-28 14:09:19 -0800) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/amdtee-fix-for-v5.16 for you to fetch changes up to 9d7482771fac8d8e38e763263f2ca0ca12dd22c6: tee: amdtee: fix an IS_ERR() vs NULL bug (2021-11-29 09:55:49 +0100) ---------------------------------------------------------------- AMD-TEE fix IS_ERR() bug ---------------------------------------------------------------- Dan Carpenter (1): tee: amdtee: fix an IS_ERR() vs NULL bug drivers/tee/amdtee/core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)

4 years, 6 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

OP-TEE