- OP-TEE - lists.trustedfirmware.org

OP-TEE Contributions Forum, monthly meeting March 24

by Jens Wiklander

Hi, Tomorrow, Tuesday, it's time for another LOC monthly meeting. For time and connection details, see the calendar at https://www.trustedfirmware.org/meetings/ - OP-TEE version 4.10.0 to be released April 17 - Marco Felsch is working on initial Kconfig support: https://github.com/OP-TEE/optee_os/pull/7714 + How to configure? Vanilla "make defconfig" and friends? Should we support passing "CFG_XXX=y" on the command line for convenience? In a one-step or two-step operation? + Integration with the build git: Do we need a way to ensure the active configuration matches what the build git expects? + Is it possible to make a seamless transition (with no visible external changes) when building OP-TEE? If so, do we want it? Any other topics? Cheers, Jens

2 weeks, 1 day

1
0
0 0

[PATCH] tee: optee: fix kernel-doc warnings

by Rodrigo Zaiden

Fix kernel-doc issues in optee_private.h and optee_msg.h: - Add missing documentation for struct members: optee_msg_param_value, optee_msg_param, optee_msg_arg, optee, and optee_ffa; - Ensure member descriptions follow the order of declaration; - Use consistent formatting (lowercase descriptions and ':' after member names); - Adjust indentation for better alignment; This resolves kernel-doc warnings such as missing member descriptions and incorrect prototype documentation. No functional changes. Signed-off-by: Rodrigo Zaiden <rodrigoffzz(a)gmail.com> --- drivers/tee/optee/optee_msg.h | 50 +++++++------ drivers/tee/optee/optee_private.h | 120 ++++++++++++++++-------------- 2 files changed, 92 insertions(+), 78 deletions(-) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 838e1d4a22f0..7d9b12e71c03 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -103,9 +103,9 @@ /** * struct optee_msg_param_tmem - temporary memory reference parameter - * @buf_ptr: Address of the buffer - * @size: Size of the buffer - * @shm_ref: Temporary shared memory reference, pointer to a struct tee_shm + * @buf_ptr: address of the buffer + * @size: size of the buffer + * @shm_ref: temporary shared memory reference, pointer to a struct tee_shm * * Secure and normal world communicates pointers as physical address * instead of the virtual address. This is because secure and normal world @@ -122,9 +122,9 @@ struct optee_msg_param_tmem { /** * struct optee_msg_param_rmem - registered memory reference parameter - * @offs: Offset into shared memory reference - * @size: Size of the buffer - * @shm_ref: Shared memory reference, pointer to a struct tee_shm + * @offs: offset into shared memory reference + * @size: size of the buffer + * @shm_ref: shared memory reference, pointer to a struct tee_shm */ struct optee_msg_param_rmem { u64 offs; @@ -134,12 +134,12 @@ struct optee_msg_param_rmem { /** * struct optee_msg_param_fmem - FF-A memory reference parameter - * @offs_lower: Lower bits of offset into shared memory reference - * @offs_upper: Upper bits of offset into shared memory reference - * @internal_offs: Internal offset into the first page of shared memory - * reference - * @size: Size of the buffer - * @global_id: Global identifier of the shared memory + * @offs_low: lower bits of offset into shared memory reference + * @offs_high: higher bits of offset into shared memory reference + * @internal_offs: internal offset into the first page of shared memory + * reference + * @size: size of the buffer + * @global_id: global identifier of the shared memory */ struct optee_msg_param_fmem { u32 offs_low; @@ -151,6 +151,9 @@ struct optee_msg_param_fmem { /** * struct optee_msg_param_value - opaque value parameter + * @a: first opaque value + * @b: second opaque value + * @c: third opaque value * * Value parameters are passed unchecked between normal and secure world. */ @@ -168,6 +171,7 @@ struct optee_msg_param_value { * @fmem: parameter by FF-A registered memory reference * @value: parameter by opaque value * @octets: parameter by octet string + * @u: union holding OP-TEE msg parameter * * @attr & OPTEE_MSG_ATTR_TYPE_MASK indicates if tmem, rmem or value is used in * the union. OPTEE_MSG_ATTR_TYPE_VALUE_* indicates value or octets, @@ -189,16 +193,18 @@ struct optee_msg_param { /** * struct optee_msg_arg - call argument - * @cmd: Command, one of OPTEE_MSG_CMD_* or OPTEE_MSG_RPC_CMD_* - * @func: Trusted Application function, specific to the Trusted Application, - * used if cmd == OPTEE_MSG_CMD_INVOKE_COMMAND - * @session: In parameter for all OPTEE_MSG_CMD_* except - * OPTEE_MSG_CMD_OPEN_SESSION where it's an output parameter instead - * @cancel_id: Cancellation id, a unique value to identify this request - * @ret: return value - * @ret_origin: origin of the return value - * @num_params: number of parameters supplied to the OS Command - * @params: the parameters supplied to the OS Command + * @cmd: command, one of OPTEE_MSG_CMD_* or OPTEE_MSG_RPC_CMD_* + * @func: Trusted Application function, specific to the Trusted + * Application, used if cmd == OPTEE_MSG_CMD_INVOKE_COMMAND + * @session: in parameter for all OPTEE_MSG_CMD_* except + * OPTEE_MSG_CMD_OPEN_SESSION where it's an output parameter + * instead + * @cancel_id: cancellation id, a unique value to identify this request + * @pad: padding for alignment + * @ret: return value + * @ret_origin: origin of the return value + * @num_params: number of parameters supplied to the OS Command + * @params: the parameters supplied to the OS Command * * All normal calls to Trusted OS uses this struct. If cmd requires further * information than what these fields hold it can be passed as a parameter diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index acd3051c4879..aefe1e6f5689 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -47,11 +47,11 @@ typedef void (optee_invoke_fn)(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, struct arm_smccc_res *); -/* +/** * struct optee_call_waiter - TEE entry may need to wait for a free TEE thread - * @list_node Reference in waiters list - * @c Waiting completion reference - * @sys_thread True if waiter belongs to a system thread + * @list_node: reference in waiters list + * @c: waiting completion reference + * @sys_thread: true if waiter belongs to a system thread */ struct optee_call_waiter { struct list_head list_node; @@ -59,13 +59,13 @@ struct optee_call_waiter { bool sys_thread; }; -/* +/** * struct optee_call_queue - OP-TEE call queue management - * @mutex Serializes access to this struct - * @waiters List of threads waiting to enter OP-TEE - * @total_thread_count Overall number of thread context in OP-TEE or 0 - * @free_thread_count Number of threads context free in OP-TEE - * @sys_thread_req_count Number of registered system thread sessions + * @mutex: serializes access to this struct + * @waiters: list of threads waiting to enter OP-TEE + * @total_thread_count: overall number of thread context in OP-TEE or 0 + * @free_thread_count: number of threads context free in OP-TEE + * @sys_thread_req_count: number of registered system thread sessions */ struct optee_call_queue { /* Serializes access to this struct */ @@ -96,17 +96,17 @@ struct optee_shm_arg_cache { /** * struct optee_supp - supplicant synchronization struct - * @ctx the context of current connected supplicant. - * if !NULL the supplicant device is available for use, - * else busy - * @mutex: held while accessing content of this struct - * @req_id: current request id if supplicant is doing synchronous - * communication, else -1 - * @reqs: queued request not yet retrieved by supplicant - * @idr: IDR holding all requests currently being processed - * by supplicant - * @reqs_c: completion used by supplicant when waiting for a - * request to be queued. + * @mutex: held while accessing content of this struct + * @ctx: the context of current connected supplicant. + * if !NULL the supplicant device is available for use, + * else busy + * @req_id: current request id if supplicant is doing synchronous + * communication, else -1 + * @reqs: queued request not yet retrieved by supplicant + * @idr: IDR holding all requests currently being processed + * by supplicant + * @reqs_c: completion used by supplicant when waiting for a + * request to be queued. */ struct optee_supp { /* Serializes access to this struct */ @@ -119,25 +119,25 @@ struct optee_supp { struct completion reqs_c; }; -/* +/** * struct optee_pcpu - per cpu notif private struct passed to work functions - * @optee optee device reference + * @optee: optee device reference */ struct optee_pcpu { struct optee *optee; }; -/* +/** * struct optee_smc - optee smc communication struct - * @invoke_fn handler function to invoke secure monitor - * @memremaped_shm virtual address of memory in shared memory pool + * @invoke_fn: handler function to invoke secure monitor + * @memremaped_shm: virtual address of memory in shared memory pool * @sec_caps: secure world capabilities defined by * OPTEE_SMC_SEC_CAP_* in optee_smc.h - * @notif_irq interrupt used as async notification by OP-TEE or 0 - * @optee_pcpu per_cpu optee instance for per cpu work or NULL - * @notif_pcpu_wq workqueue for per cpu asynchronous notification or NULL - * @notif_pcpu_work work for per cpu asynchronous notification - * @notif_cpuhp_state CPU hotplug state assigned for pcpu interrupt management + * @notif_irq: interrupt used as async notification by OP-TEE or 0 + * @optee_pcpu: per_cpu optee instance for per cpu work or NULL + * @notif_pcpu_wq: workqueue for per cpu asynchronous notification or NULL + * @notif_pcpu_work: work for per cpu asynchronous notification + * @notif_cpuhp_state: CPU hotplug state assigned for pcpu interrupt management */ struct optee_smc { optee_invoke_fn *invoke_fn; @@ -151,13 +151,15 @@ struct optee_smc { }; /** - * struct optee_ffa_data - FFA communication struct - * @ffa_dev FFA device, contains the destination id, the id of + * struct optee_ffa - FFA communication struct + * @ffa_dev: FFA device, contains the destination id, the id of * OP-TEE in secure world - * @bottom_half_value Notification ID used for bottom half signalling or + * @bottom_half_value: notification ID used for bottom half signalling or * U32_MAX if unused - * @mutex Serializes access to @global_ids - * @global_ids FF-A shared memory global handle translation + * @mutex: serializes access to @global_ids + * @global_ids: FF-A shared memory global handle translation + * @notif_wq: workqueue for FF-A asynchronous notification + * @notif_work: work for FF-A asynchronous notification */ struct optee_ffa { struct ffa_device *ffa_dev; @@ -222,26 +224,32 @@ struct optee_ops { /** * struct optee - main service struct - * @supp_teedev: supplicant device - * @teedev: client device - * @ops: internal callbacks for different ways to reach secure - * world - * @ctx: driver internal TEE context - * @smc: specific to SMC ABI - * @ffa: specific to FF-A ABI - * @call_queue: queue of threads waiting to call @invoke_fn - * @notif: notification synchronization struct - * @supp: supplicant synchronization struct for RPC to supplicant - * @pool: shared memory pool - * @mutex: mutex protecting @rpmb_dev - * @rpmb_dev: current RPMB device or NULL - * @rpmb_scan_bus_done flag if device registation of RPMB dependent devices - * was already done - * @rpmb_scan_bus_work workq to for an RPMB device and to scan optee bus - * and register RPMB dependent optee drivers - * @rpc_param_count: If > 0 number of RPC parameters to make room for - * @scan_bus_done flag if device registation was already done. - * @scan_bus_work workq to scan optee bus and register optee drivers + * @supp_teedev: supplicant device + * @teedev: client device + * @ops: internal callbacks for different ways to reach + * secure world + * @ctx: driver internal TEE context + * @smc: specific to SMC ABI + * @ffa: specific to FF-A ABI + * @shm_arg_cache: shared memory cache argument + * @call_queue: queue of threads waiting to call @invoke_fn + * @notif: notification synchronization struct + * @supp: supplicant synchronization struct for RPC to + * supplicant + * @pool: shared memory pool + * @rpmb_dev_mutex: mutex protecting @rpmb_dev + * @rpmb_dev: current RPMB device or NULL + * @rpmb_intf: RPMB notifier block + * @rpc_param_count: if > 0 number of RPC parameters to make room for + * @scan_bus_done: flag if device registation was already done + * @rpmb_scan_bus_done: flag if device registation of RPMB dependent + * devices was already done + * @in_kernel_rpmb_routing: flag if OP-TEE supports in-kernel RPMB routing + * @scan_bus_work: workq to scan optee bus and register optee + * drivers + * @rpmb_scan_bus_work: workq to for an RPMB device and to scan optee + * bus and register RPMB dependent optee drivers + * @revision: OP-TEE OS revision */ struct optee { struct tee_device *supp_teedev; -- 2.43.0

2 weeks, 2 days

1
0
0 0

[PATCH v21 0/6] Introduction of a remoteproc tee to load signed firmware

by Arnaud Pouliquen

Main updates from version V20[4]: -------------------------------- To address Rob’s concern on v20concerning resource declaration under the tee node, the device tree is now structured as follows,replacing the child-parent hierarchy with a phandle: firmware { tee_rproc: optee-rproc { compatible = "80a4c275-0a47-4905-8285-1486a9771a08"; }; }; m4: m4@0 { compatible = "st,stm32mp1-m4-tee"; reg = <0 0>; mboxes = <&ipcc 0>, <&ipcc 1>, <&ipcc 2>; mbox-names = "vq0", "vq1", "shutdown"; memory-region = <&vdev0vring0>, <&m_ipc_shm>, <&mcuram2>, <&vdev0vring1>, <&vdev0buffer>, <&retram>; interrupt-parent = <&exti>; interrupts = <68 1>; rproc-tee-phandle = <&tee_rproc 0>; st,auto-boot; wakeup-source; status = "okay"; }; As a consequence, this version: - Updates the device tree and bindings to: - Change the compatible property from "rproc-service-80a4c275-0a47-4905-8285-1486a9771a08" to "80a4c275-0a47-4905-8285-1486a9771a08". - Use the rproc-tee-phandle to avoid the parent-child hierarchy. - Updates stm32_rproc_tee.c and remoteproc_tee.c to adapt to the new bindings. - Updates remoteproc_tee.c to compute the device tree compatible string from the TEE UUID. Main updates from version V19[3]: -------------------------------- The devicetree is now structured as follows: firmware { optee { compatible = "linaro,optee-tz"; method = "smc"; #address-cells = <1>; #size-cells = <0>; rproc-service@0 { compatible = "rproc-service-80a4c275-0a47-4905-8285-1486a9771a08"; reg = <0>; #address-cells = <1>; #size-cells = <0>; status = "okay"; m4: m4@0 { compatible = "st,stm32mp15-m4-tee"; reg = <0>; mboxes = <&ipcc 0>, <&ipcc 1>, <&ipcc 2>; mbox-names = "vq0", "vq1", "shutdown"; memory-region = <&vdev0vring0>, <&m_ipc_shm>, <&mcuram2>, <&vdev0vring1>, <&vdev0buffer>, <&retram>; interrupt-parent = <&exti>; interrupts = <68 1>; status = "okay"; }; }; }; }; As a consequence, this version: - Introduces a new stm32_rproc_tee.c remoteproc driver. Instead of further complicating the existing stm32_rproc.c driver, a dedicated TEE-based driver is added. Both drivers are intended to also support the STM32MP2x Cortex-M33 remote processor in a next step. - Reworks the bindings: - Drop the st,stm32-rproc.yaml updates that were introduced in previous revisions. - Add remoteproc-tee.yaml for the "rproc-service-80a4c275-0a47-4905-8285-1486a9771a08" compatible. - Add st,stm32-rproc-tee.yaml for the "st,stm32mp15-m4-tee" compatible. - Reworks the probing sequence: The m4@0 device is now probed by the remoteproc-tee driver, which itself is instantiated by the TEE (OP-TEE) bus. Main updates from version V18[2]: -------------------------------- - rework documentation for the release_fw ops - rework function documentation in remoteproc_tee.c - replace spinlock by mutex and generalize usage in remoteproc_tee.c Main updates from version V17[1]: -------------------------------- - Fix: warning: EXPORT_SYMBOL() is used, but #include <linux/export.h> is missing More details are available in each patch commit message. [1] https://lore.kernel.org/linux-remoteproc/20250613091650.2337411-1-arnaud.po… [2] https://lore.kernel.org/linux-remoteproc/20250616075530.4106090-1-arnaud.po… [3] https://lore.kernel.org/linux-devicetree/20250625094028.758016-1-arnaud.pou… [3] https://lore.kernel.org/linux-remoteproc/20251217153917.3998544-1-arnaud.po… Tested-on: --------- commit 1f318b96cc84 ("Linux 7.0-rc3") Description of the feature: -------------------------- This series proposes the implementation of a remoteproc tee driver to communicate with a TEE trusted application responsible for authenticating and loading the remoteproc firmware image in an Arm secure context. 1) Principle: The remoteproc tee driver provides services to communicate with the OP-TEE trusted application running on the Trusted Execution Context (TEE). The trusted application in TEE manages the remote processor lifecycle: - authenticating and loading firmware images, - isolating and securing the remote processor memories, - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33), - managing the start and stop of the firmware by the TEE. 2) Format of the signed image: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc… 3) OP-TEE trusted application API: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_rem… 4) OP-TEE signature script Refer to: https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py Example of usage: sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem 5) Impact on User space Application No sysfs impact. The user only needs to provide the signed firmware image instead of the ELF image. For more information about the implementation, a presentation is available here (note that the format of the signed image has evolved between the presentation and the integration in OP-TEE). https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds Arnaud Pouliquen (6): dt-bindings: firmware: Add TEE remoteproc service binding dt-bindings: remoteproc: Add STM32 TEE-controlled rproc binding remoteproc: core: Introduce rproc_pa_to_va helper remoteproc: Introduce optional release_fw operation remoteproc: Add TEE support remoteproc: stm32: Add TEE-controlled STM32 driver .../bindings/remoteproc/remoteproc-tee.yaml | 36 + .../remoteproc/st,stm32-rproc-tee.yaml | 108 +++ drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 3 +- drivers/remoteproc/remoteproc_core.c | 52 ++ drivers/remoteproc/remoteproc_internal.h | 6 + drivers/remoteproc/remoteproc_tee.c | 810 ++++++++++++++++++ drivers/remoteproc/stm32_rproc_tee.c | 537 ++++++++++++ include/linux/remoteproc.h | 6 + include/linux/remoteproc_tee.h | 91 ++ 10 files changed, 1658 insertions(+), 1 deletion(-) create mode 100644 Documentation/devicetree/bindings/remoteproc/remoteproc-tee.yaml create mode 100644 Documentation/devicetree/bindings/remoteproc/st,stm32-rproc-tee.yaml create mode 100644 drivers/remoteproc/remoteproc_tee.c create mode 100644 drivers/remoteproc/stm32_rproc_tee.c create mode 100644 include/linux/remoteproc_tee.h base-commit: 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681 -- 2.43.0

2 weeks, 4 days

3
12
0 0

[GIT PULL] OP-TEE fix for 7.0

by Jens Wiklander

Hello arm-soc maintainers, Please pull this patch fixing a use-after-free race in the OP-TEE driver where a client exiting prematurely could free a request still being processed by the supplicant. Thanks, Jens The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f: Linux 7.0-rc1 (2026-02-22 13:18:59 -0800) are available in the Git repository at: gitolite.kernel.org:pub/scm/linux/kernel/git/jenswi/linux-tee tags/optee-fix-for-v7.0 for you to fetch changes up to 387a926ee166814611acecb960207fe2f3c4fd3e: tee: optee: prevent use-after-free when the client exits before the supplicant (2026-03-02 14:36:50 +0100) ---------------------------------------------------------------- OP-TEE fix for v7.0 Fix a use-after-free race between client and supplicant by serializing request access with the supplicant mutex. ---------------------------------------------------------------- Amirreza Zarrabi (1): tee: optee: prevent use-after-free when the client exits before the supplicant drivers/tee/optee/supp.c | 107 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 74 insertions(+), 33 deletions(-)

3 weeks, 1 day

1
0
0 0

[PATCH] optee: Check return value of tee_shm_get_va()

by Chen Ni

The function tee_shm_get_va() can return an error pointer if the shared memory is not properly mapped or if the offset is invalid. Without this check, passing the error pointer to subsequent memory operations could lead to a kernel panic. Add a check for IS_ERR() on the return value of tee_shm_get_va(). Fixes: f0c8431568ee ("optee: probe RPMB device using RPMB subsystem") Signed-off-by: Chen Ni <nichen(a)iscas.ac.cn> --- drivers/tee/optee/rpc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index b0ed4cb49452..32f7742c094c 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -393,6 +393,11 @@ static void handle_rpc_func_rpmb_frames(struct tee_context *ctx, params[0].u.memref.shm_offs); p1 = tee_shm_get_va(params[1].u.memref.shm, params[1].u.memref.shm_offs); + if (IS_ERR(p0) || IS_ERR(p1)) { + arg->ret = TEEC_ERROR_BAD_PARAMETERS; + goto out; + } + if (rpmb_route_frames(rdev, p0, params[0].u.memref.size, p1, params[1].u.memref.size)) { arg->ret = TEEC_ERROR_BAD_PARAMETERS; -- 2.25.1

3 weeks, 2 days

4
4
0 0

[PATCH] tee: clean up tee_core.h kernel-doc

by Randy Dunlap

Use the correct struct member name and function parameter name in kernel-doc comments. Move a macro that was between a struct's documentation and its declaration. These eliminate the following kernel-doc warnings: Warning: include/linux/tee_core.h:73 struct member 'c_no_users' not described in 'tee_device' Warning: include/linux/tee_core.h:132 #define TEE_DESC_PRIVILEGED 0x1; error: Cannot parse struct or union! Warning: include/linux/tee_core.h:257 function parameter 'connection_data' not described in 'tee_session_calc_client_uuid' Warning: include/linux/tee_core.h:320 function parameter 'teedev' not described in 'tee_get_drvdata' Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> --- Cc: Jens Wiklander <jens.wiklander(a)linaro.org> Cc: Sumit Garg <sumit.garg(a)kernel.org> Cc: op-tee(a)lists.trustedfirmware.org include/linux/tee_core.h | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) --- linux-next-20260309.orig/include/linux/tee_core.h +++ linux-next-20260309/include/linux/tee_core.h @@ -50,7 +50,7 @@ enum tee_dma_heap_id { * @dev: embedded basic device structure * @cdev: embedded cdev * @num_users: number of active users of this device - * @c_no_user: completion used when unregistering the device + * @c_no_users: completion used when unregistering the device * @mutex: mutex protecting @num_users and @idr * @idr: register of user space shared memory objects allocated or * registered on this device @@ -132,6 +132,7 @@ struct tee_driver_ops { /* Size for TEE revision string buffer used by get_tee_revision(). */ #define TEE_REVISION_STR_SIZE 128 +#define TEE_DESC_PRIVILEGED 0x1 /** * struct tee_desc - Describes the TEE driver to the subsystem * @name: name of driver @@ -139,7 +140,6 @@ struct tee_driver_ops { * @owner: module providing the driver * @flags: Extra properties of driver, defined by TEE_DESC_* below */ -#define TEE_DESC_PRIVILEGED 0x1 struct tee_desc { const char *name; const struct tee_driver_ops *ops; @@ -187,7 +187,7 @@ struct tee_protmem_pool_ops { * Allocates a new struct tee_device instance. The device is * removed by tee_device_unregister(). * - * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure + * @returns: a pointer to a 'struct tee_device' or an ERR_PTR on failure */ struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, struct device *dev, @@ -201,7 +201,7 @@ struct tee_device *tee_device_alloc(cons * tee_device_unregister() need to be called to remove the @teedev if * this function fails. * - * @returns < 0 on failure + * @returns: < 0 on failure */ int tee_device_register(struct tee_device *teedev); @@ -254,14 +254,14 @@ void tee_device_set_dev_groups(struct te * tee_session_calc_client_uuid() - Calculates client UUID for session * @uuid: Resulting UUID * @connection_method: Connection method for session (TEE_IOCTL_LOGIN_*) - * @connectuon_data: Connection data for opening session + * @connection_data: Connection data for opening session * * Based on connection method calculates UUIDv5 based client UUID. * * For group based logins verifies that calling process has specified * credentials. * - * @return < 0 on failure + * @returns: < 0 on failure */ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, const u8 connection_data[TEE_IOCTL_UUID_LEN]); @@ -295,7 +295,7 @@ struct tee_shm_pool_ops { * @paddr: Physical address of start of pool * @size: Size in bytes of the pool * - * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure. + * @returns: pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure. */ struct tee_shm_pool *tee_shm_pool_alloc_res_mem(unsigned long vaddr, phys_addr_t paddr, size_t size, @@ -318,14 +318,16 @@ static inline void tee_shm_pool_free(str * @paddr: Physical address of start of pool * @size: Size in bytes of the pool * - * @returns pointer to a 'struct tee_protmem_pool' or an ERR_PTR on failure. + * @returns: pointer to a 'struct tee_protmem_pool' or an ERR_PTR on failure. */ struct tee_protmem_pool *tee_protmem_static_pool_alloc(phys_addr_t paddr, size_t size); /** * tee_get_drvdata() - Return driver_data pointer - * @returns the driver_data pointer supplied to tee_register(). + * @teedev: Pointer to the tee_device + * + * @returns: the driver_data pointer supplied to tee_register(). */ void *tee_get_drvdata(struct tee_device *teedev); @@ -334,7 +336,7 @@ void *tee_get_drvdata(struct tee_device * TEE driver * @ctx: The TEE context for shared memory allocation * @size: Shared memory allocation size - * @returns a pointer to 'struct tee_shm' on success or an ERR_PTR on failure + * @returns: a pointer to 'struct tee_shm' on success or an ERR_PTR on failure */ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size); @@ -354,7 +356,7 @@ void tee_dyn_shm_free_helper(struct tee_ /** * tee_shm_is_dynamic() - Check if shared memory object is of the dynamic kind * @shm: Shared memory handle - * @returns true if object is dynamic shared memory + * @returns: true if object is dynamic shared memory */ static inline bool tee_shm_is_dynamic(struct tee_shm *shm) { @@ -370,7 +372,7 @@ void tee_shm_put(struct tee_shm *shm); /** * tee_shm_get_id() - Get id of a shared memory object * @shm: Shared memory handle - * @returns id + * @returns: id */ static inline int tee_shm_get_id(struct tee_shm *shm) { @@ -382,7 +384,7 @@ static inline int tee_shm_get_id(struct * count * @ctx: Context owning the shared memory * @id: Id of shared memory object - * @returns a pointer to 'struct tee_shm' on success or an ERR_PTR on failure + * @returns: a pointer to 'struct tee_shm' on success or an ERR_PTR on failure */ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id); @@ -402,7 +404,7 @@ static inline bool tee_param_is_memref(s * teedev_open() - Open a struct tee_device * @teedev: Device to open * - * @return a pointer to struct tee_context on success or an ERR_PTR on failure. + * @returns: pointer to struct tee_context on success or an ERR_PTR on failure. */ struct tee_context *teedev_open(struct tee_device *teedev);

3 weeks, 4 days

3
2
0 0

[PATCH v4] arm64: defconfig: Enable QCOMTEE module for QTEE-enabled Qualcomm SoCs

by Harshal Dev

All Qualcomm SoCs starting from SM8650 provide access to the Qualcomm Trusted Execution Environment (QTEE) through the SMCInvoke interface, implemented by the QCOMTEE driver. QTEE runs in the Secure World domain on ARM64 CPUs and exposes secure services to Linux running in the Normal World domain. This change enables the QCOMTEE driver as a module to support communication with QTEE. QCOMTEE has been tested on a Qualcomm RB3Gen2 board by loading and executing a Trusted Application via tests hosted at github.com/qualcomm/minkipc. Signed-off-by: Harshal Dev <harshal.dev(a)oss.qualcomm.com> --- Changes in v4: - Updated the commit message as per discussion to clarify the following: - Why we are enabling QCOMTEE for all arm64 boards. - From which Qualcomm SoC onwards the driver is applicable. - What functionality the driver provides. - How the functionality has been tested and on which board. - Link to v3: https://lore.kernel.org/r/20251208-qcom_qcomtee_defconfig-v3-1-b50dcf8ab45e… Changes in v3: - Updated the commit message to reflect the supported Qualcomm platforms. - Link to v2: https://lore.kernel.org/r/20251205-qcom_qcomtee_defconfig-v2-1-c92560b0346e… Changes in v2: - Updated CONFIG_QCOMTEE flag to 'm' since QCOMTEE can be built as a module. - Link to v1: https://lore.kernel.org/r/20251202-qcom_qcomtee_defconfig-v1-1-11bfe40a8ea4… --- arch/arm64/configs/defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index cdb7d69e3b24..e952d24bef77 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -1789,6 +1789,7 @@ CONFIG_FPGA_MGR_ZYNQMP_FPGA=m CONFIG_FPGA_MGR_VERSAL_FPGA=m CONFIG_TEE=y CONFIG_OPTEE=y +CONFIG_QCOMTEE=m CONFIG_MUX_GPIO=m CONFIG_MUX_MMIO=y CONFIG_SLIMBUS=m --- base-commit: 47b7b5e32bb7264b51b89186043e1ada4090b558 change-id: 20251202-qcom_qcomtee_defconfig-8dc0fed1411b Best regards, -- Harshal Dev <harshal.dev(a)oss.qualcomm.com>

3 weeks, 5 days

6
12
0 0

[RFT PATCH v2] tee: shm: Remove refcounting of kernel pages

by Sumit Garg

From: Matthew Wilcox <willy(a)infradead.org> Earlier TEE subsystem assumed to refcount all the memory pages to be shared with TEE implementation to be refcounted. However, the slab allocations within the kernel don't allow refcounting kernel pages. It is rather better to trust the kernel clients to not free pages while being shared with TEE implementation. Hence, remove refcounting of kernel pages from register_shm_helper() API. Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page") Reported-by: Marco Felsch <m.felsch(a)pengutronix.de> Reported-by: Sven Püschel <s.pueschel(a)pengutronix.de> Signed-off-by: Matthew Wilcox <willy(a)infradead.org> Co-developed-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> Signed-off-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> --- Changes in v2: - Attribute Matthew as the author of this patch. - Fix check for user pages. drivers/tee/tee_shm.c | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 4a47de4bb2e5..898707ca21a8 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -23,29 +23,11 @@ struct tee_shm_dma_mem { struct page *page; }; -static void shm_put_kernel_pages(struct page **pages, size_t page_count) -{ - size_t n; - - for (n = 0; n < page_count; n++) - put_page(pages[n]); -} - -static void shm_get_kernel_pages(struct page **pages, size_t page_count) -{ - size_t n; - - for (n = 0; n < page_count; n++) - get_page(pages[n]); -} - static void release_registered_pages(struct tee_shm *shm) { if (shm->pages) { if (shm->flags & TEE_SHM_USER_MAPPED) unpin_user_pages(shm->pages, shm->num_pages); - else - shm_put_kernel_pages(shm->pages, shm->num_pages); kfree(shm->pages); } @@ -477,13 +459,6 @@ register_shm_helper(struct tee_context *ctx, struct iov_iter *iter, u32 flags, goto err_put_shm_pages; } - /* - * iov_iter_extract_kvec_pages does not get reference on the pages, - * get a reference on them. - */ - if (iov_iter_is_kvec(iter)) - shm_get_kernel_pages(shm->pages, num_pages); - shm->offset = off; shm->size = len; shm->num_pages = num_pages; @@ -499,8 +474,6 @@ register_shm_helper(struct tee_context *ctx, struct iov_iter *iter, u32 flags, err_put_shm_pages: if (!iov_iter_is_kvec(iter)) unpin_user_pages(shm->pages, shm->num_pages); - else - shm_put_kernel_pages(shm->pages, shm->num_pages); err_free_shm_pages: kfree(shm->pages); err_free_shm: -- 2.51.0

3 weeks, 6 days

3
2
0 0

[PATCH 0/3] OP-TEE/OP-TEE drivers: simplify context matches

by Rouven Czerwinski via B4 Relay

Both the OP-TEE core and some OP-TEE drivers use an if/else expression to check a boolean which can instead be returned directly. Implement this change. --- Rouven Czerwinski (3): optee: simplify OP-TEE context match hwrng: optee - simplify OP-TEE context match rtc: optee: simplify OP-TEE context match drivers/char/hw_random/optee-rng.c | 5 +---- drivers/rtc/rtc-optee.c | 5 +---- drivers/tee/optee/device.c | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) --- base-commit: 63804fed149a6750ffd28610c5c1c98cce6bd377 change-id: 20260126-optee-simplify-context-match-d5b3467bfacc Best regards, -- Rouven Czerwinski <rouven.czerwinski(a)linaro.org>

1 month

6
8
0 0

Re: [PATCH v5] tee: optee: prevent use-after-free when the client exits before the supplicant

by Yuanjia Yeh

Hi all, We can reproduce the reported use-after-free issue on our platform via an overnight reboot test The verifications are listed as the following - With v2 + Michael Wu's patch: Issue resolved. - With v4: Race condition observation and already report to Amir - With v5: Race fixed. Stable in our tests, including: xtest + reboot loop (300 cycles) continuous reboot test (1000 cycles) No regressions observed with v5. If there are no other concerns, we recommend adopting v5. If needed, please add the following tag: Tested-by: Ox Yeh <ox.yeh(a)mediatek.com> Yuanjia Yeh

1 month

3
3
0 0

2026

2025

2024

2023

2022

2021

2020

OP-TEE