| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
get_user_pages_fast() can return zero in certain error paths. We should
handle that or else it means we accidentally return ERR_PTR(0) which is
NULL instead of an error pointer. The callers are not expecting that
and will crash with a NULL dereference.
Change-Id: I8ecf03cf8ddf3b248d765dee3cf0b634e9838678
Fixes: 033ddf12bcf5 ("tee: add register user memory")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 2490cdf6435b1d3cac0dbf710cd752487c67c296)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case that shm->pages fails to allocate, the current exit
error path will try to put_page on a null shm->pages and cause
a null pointer dereference when accessing shm->pages[n]. Fix this
by only performing the put_page and kfree on shm->pages if it
is not null.
Detected by CoverityScan, CID#1463283 ("Dereference after null check")
Change-Id: I4874df9fce449834fdf9064c718c2d2517f69bc4
Fixes: 033ddf12bcf5 ("tee: add register user memory")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit c94f31b526fe658c25dd2d07c90486a85437f01c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function __tee_shm_alloc is local to the source and does
not need to be in global scope, so make it static.
Cleans up sparse warning:
symbol '__tee_shm_alloc' was not declared. Should it be static?
Change-Id: I39cc9afd601505dc7fdee1cfff1811c3582822f9
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 80ec6f5de60b6934f145b2f7e5369592bcab85f3)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
| |
Checks the memory type of the pages to be registered as shared memory.
Only normal cached memory is allowed.
Change-Id: I8fc58e3ddc0ce94da996fde852268ae7350fcbba
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit cdbcf83d29c1bf2aaa65260e74beaac1bcdc231c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
| |
Adds a start argument to the shm_register callback to allow the callback
to check memory type of the passed pages.
Change-Id: I61457d60ca192637f8d986e2d6f8aeb153d2c484
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 95ffe4ca43877eea176d7e95aa0d38bbdc3d2903)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The optee driver includes the header files in an unusual order,
with asm/pgtable.h before the linux/*.h headers. For some reason
this seems to trigger a build failure:
drivers/tee/optee/call.c: In function 'optee_fill_pages_list':
include/asm-generic/memory_model.h:64:14: error: implicit declaration of function 'page_to_section'; did you mean '__nr_to_section'? [-Werror=implicit-function-declaration]
int __sec = page_to_section(__pg); \
drivers/tee/optee/call.c:494:15: note: in expansion of macro 'page_to_phys'
optee_page = page_to_phys(*pages) +
Let's just include linux/mm.h, which will then get the other
header implicitly.
Change-Id: I01a0a0cab15f132c9e0972a6b65bbdb08487fb82
Fixes: 3bb48ba5cd60 ("tee: optee: add page list manipulation functions")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
(cherry picked from commit f681e08f671a8e68b085ba66190b8661deab4d85)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Now, when struct tee_shm is defined in public header,
we can inline small getter functions like this one.
Change-Id: I9aba40c18ec448c043ab0b31849e4d6429908371
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit ef8e08d24ca84846ce639b835ebd2f15a943f42b)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to ensure that tee_context is present until last
shared buffer will be freed.
Change-Id: I0346e266f17b06af82144290d230029d0193a3d8
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 217e0250cccb9e54d457991446cd3fab413085e1)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous patches added various features that are needed for dynamic SHM.
Dynamic SHM allows Normal World to share any buffers with OP-TEE.
While original design suggested to use pre-allocated region (usually of
1M to 2M of size), this new approach allows to use all non-secure RAM for
command buffers, RPC allocations and TA parameters.
This patch checks capability OPTEE_SMC_SEC_CAP_DYNAMIC_SHM. If it was set
by OP-TEE, then kernel part of OP-TEE will use kernel page allocator
to allocate command buffers. Also it will set TEE_GEN_CAP_REG_MEM
capability to tell userspace that it supports shared memory registration.
Change-Id: If6b54bdd2aafaa4dabe2b0b31aa3116999eef14a
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f58e236c9d665ad0af99c908de4a9b6f07e74dda)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is simple pool that uses kernel page allocator. This pool can be
used in case OP-TEE supports dynamic shared memory.
Change-Id: I816cd8ab0752915b29143f0c24e40de803975c59
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit abd135ba215c05ca84f9809e6047db25fc28b835)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
| |
Those capabilities will be used in subsequent patches.
Change-Id: Iea89d2274a83d6e7b1fd864946a97d7427501fcd
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit d885cc5e0759fc19badadddb60a64344b551469b)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With latest changes to OP-TEE we can use any buffers as a shared memory.
Thus, it is possible for supplicant to provide part of own memory
when OP-TEE asks to allocate a shared buffer.
This patch adds support for such feature into RPC handling code.
Now when OP-TEE asks supplicant to allocate shared buffer, supplicant
can use TEE_IOC_SHM_REGISTER to provide such buffer. RPC handler is
aware of this, so it will pass list of allocated pages to OP-TEE.
Change-Id: I01a9970ff377848416d002bf89936a8220354873
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: fix parenthesis alignment in free_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 53a107c812de3dd74707458aa751eb457718ff9e)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now, when client applications can register own shared buffers in OP-TEE,
we need to extend ABI for parameter passing to/from OP-TEE.
So, if OP-TEE core detects that parameter belongs to registered shared
memory, it will use corresponding parameter attribute.
Change-Id: Iac7907b49c5acc75806526951c77069ec23694cc
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 64cf9d8a672e770fed85a65b5c6767fc0aa1473b)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds ops for shm_(un)register functions in tee interface.
Client application can use these functions to (un)register an own shared
buffer in OP-TEE address space. This allows zero copy data sharing between
Normal and Secure Worlds.
Please note that while those functions were added to optee code,
it does not report to userspace that those functions are available.
OP-TEE code does not set TEE_GEN_CAP_REG_MEM flag. This flag will be
enabled only after all other features of dynamic shared memory will be
implemented in subsequent patches. Of course user can ignore presence of
TEE_GEN_CAP_REG_MEM flag and try do call those functions. This is okay,
driver will register shared buffer in OP-TEE, but any attempts to use
this shared buffer will fail.
Change-Id: I9cd17ffcf306e02f1e0017b8ef0df835847c93b8
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 06ca79179c4e00efe53cfe43456f1586f944f04f)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions will be used to pass information about shared
buffers to OP-TEE. ABI between Linux and OP-TEE is defined
in optee_msg.h and optee_smc.h.
optee_msg.h defines OPTEE_MSG_ATTR_NONCONTIG attribute
for shared memory references and describes how such references
should be passed. Note that it uses 64-bit page addresses even
on 32 bit systems. This is done to support LPAE and to unify
interface.
Change-Id: I7cdee66cfacb3d3d1243864aecac5270a9d11c96
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: replacing uint64_t with u64 in optee_fill_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 3bb48ba5cd60f9685aa8f1ccd9b14a72e237c13f)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were changes in REE<->OP-TEE ABI recently.
Now ABI allows us to pass non-contiguous memory buffers as list of
pages to OP-TEE. This can be achieved by using new parameter attribute
OPTEE_MSG_ATTR_NONCONTIG.
OP-TEE also is able to use all non-secure RAM for shared buffers. This
new capability is enabled with OPTEE_SMC_SEC_CAP_DYNAMIC_SHM flag.
This patch adds necessary definitions to the protocol definition files at
Linux side.
Change-Id: I1a709ac6195292fdd06d37f2b28b4e18b3652137
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit de5c6dfc43daa59feb824505f80fe4591f8f8f85)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added new ioctl to allow users register own buffers as a shared memory.
Change-Id: If7f52f1d7c733d1d31de791523a07748e77fa202
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: moved tee_shm_is_registered() declaration]
[jw: added space after __tee_shm_alloc() implementation]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 033ddf12bcf5326b93bd604f50a7474a434a35f9)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Makes creation of shm pools more flexible by adding new more primitive
functions to allocate a shm pool. This makes it easier to add driver
specific shm pool management.
Change-Id: Ief7841b612e1f2ad67222f058bb6627ac9dcd41d
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
(cherry picked from commit e2aca5d8928acb9cc9a87802b02102d4f9b9b596)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds support for asynchronous supplicant requests, meaning that the
supplicant can process several requests in parallel or block in a
request for some time.
Change-Id: Iec1bc41d57aa3765f0d743c03bd7f35fcc45172b
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 1647a5ac175490d7dac2e74532e85b6197fc74e9)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds TEE_IOCTL_PARAM_ATTR_META which can be used to indicate meta
parameters when communicating with user space. These meta parameters can
be used by supplicant support multiple parallel requests at a time.
Change-Id: Id119468872ef96c941da0dfbbabed59e55366f12
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f2aa97240c84b8f258710e297ba60048bd9c153e)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
| |
Change-Id: I105eb7c113b68695c28123f520d8d9b07a1fcda4
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 84debcc53533f162bf11f24e6a503d227c175cbe)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first node supplied to of_find_matching_node() has its reference
counter decreased as part of call to that function. In optee_driver_init()
after calling of_find_matching_node() it's invalid to call of_node_put() on
the supplied node again.
So remove the invalid call to of_node_put().
Change-Id: Ibc0a31192d94e79c1487d72bb1e5628206fcf408
Reported-by: Alex Shi <alex.shi@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f044113113dd95ba73916bde10e804d3cdfa2662)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the latest changes of optee_os, the interrupts' names are
changed to "native" and "foreign" interrupts.
Change-Id: I813558914d5abcd58ebb1a33c7de8f7c25858968
Signed-off-by: David Wang <david.wang@arm.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 39e6519a3f135b143dee4d4fb5ac0438e75454e2)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Mirrors the TEE_DESC_PRIVILEGED bit of struct tee_desc:flags into struct
tee_ioctl_version_data:gen_caps as TEE_GEN_CAP_PRIVILEGED in
tee_ioctl_version()
Change-Id: Iebd281e36b45181325da6b7982f045b4642e72d4
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 059cf566e123ca7eb7434285c6455d7afafb4e02)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this patch RPC sleep was uninterruptible since msleep() is
uninterruptible. Change to use msleep_interruptible() instead.
Change-Id: I3737067d936a1e405e4b8309d2ec521f4835a7b8
Signed-off-by: Tiger Yu <tigeryu99@hotmail.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit a9980e947ec97297e03d2332d6beff06f5131a98)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add const to tee_desc structures as they are only passed as an argument
to the function tee_device_alloc. This argument is of type const, so
declare these structures as const too.
Add const to tee_driver_ops structures as they are only stored in the
ops field of a tee_desc structure. This field is of type const, so
declare these structure types as const.
Change-Id: Ia9d0348f4dd5078a8a48c74739b69c0871c61bd0
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 96e72ddeec4546fda0e194298c2ee39e394a3ab7)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dma_buf_ops are not supposed to change at runtime. All functions
working with dma_buf_ops provided by <linux/dma-buf.h> work with
const dma_buf_ops. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
2026 112 0 2138 85a drivers/tee/tee_shm.o
File size After adding 'const':
text data bss dec hex filename
2138 0 0 2138 85a drivers/tee/tee_shm.o
Change-Id: I6dfa99c45bf0078d7048525fa0554bc1f607f1e9
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 53e3ca5cee24f5fafe4e9ff5fe4b230e1a1b85ed)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes the static checker warning in optee_release().
error: uninitialized symbol 'parg'.
Change-Id: I2eabb31695085cf1e96af8089ca91778bd7ce5a5
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit efb14036bd7f8914f721e1e82891d4ba617cc784)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For the moment, the tee subsystem only makes sense in combination with
the op-tee driver that depends on ARM_SMCCC, so let's hide the subsystem
from users that can't select that.
Change-Id: Ied6a479d3b14c4b9075b91adca5c18dfda9e7545
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
(cherry picked from commit e84188852a7239d7a144af12f7e5dac8fa88600b)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a OP-TEE driver which also can be compiled as a loadable module.
* Targets ARM and ARM64
* Supports using reserved memory from OP-TEE as shared memory
* Probes OP-TEE version using SMCs
* Accepts requests on privileged and unprivileged device
* Uses OPTEE message protocol version 2 to communicate with secure world
Change-Id: Iffaf30a91fff2d29dd87e61173c564271bcc7776
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
|
Initial patch for generic TEE subsystem.
This subsystem provides:
* Registration/un-registration of TEE drivers.
* Shared memory between normal world and secure world.
* Ioctl interface for interaction with user space.
* Sysfs implementation_id of TEE driver
A TEE (Trusted Execution Environment) driver is a driver that interfaces
with a trusted OS running in some secure environment, for example,
TrustZone on ARM cpus, or a separate secure co-processor etc.
The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.
This patch builds on other similar implementations trying to solve
the same problem:
* "optee_linuxdriver" by among others
Jean-michel DELORME<jean-michel.delorme@st.com> and
Emmanuel MICHEL <emmanuel.michel@st.com>
* "Generic TrustZone Driver" by Javier González <javier@javigon.com>
Change-Id: I35b763e23b706383df5013c429c510c68d7f4176
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 967c9cca2cc50569efc65945325c173cecba83bd)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
