From fb96bdaa3aa30c7aa605b7ecf42df459b2b386e7 Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Fri, 23 Dec 2016 13:13:27 +0100 Subject: BACKPORT: tee: add tee_param_is_memref() for driver use Change-Id: I105eb7c113b68695c28123f520d8d9b07a1fcda4 Reviewed-by: Etienne Carriere Signed-off-by: Jens Wiklander (cherry picked from commit 84debcc53533f162bf11f24e6a503d227c175cbe) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index cb889afe576b..f4a0ac05ebb4 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -275,4 +275,16 @@ int tee_shm_get_id(struct tee_shm *shm); */ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id); +static inline bool tee_param_is_memref(struct tee_param *param) +{ + switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: + return true; + default: + return false; + } +} + #endif /*__TEE_DRV_H*/ -- cgit v1.2.3 From 4883df6ebbcd0537d8052f76f8803bf86468e48c Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Fri, 23 Dec 2016 13:13:34 +0100 Subject: BACKPORT: tee: add TEE_IOCTL_PARAM_ATTR_META Adds TEE_IOCTL_PARAM_ATTR_META which can be used to indicate meta parameters when communicating with user space. These meta parameters can be used by supplicant support multiple parallel requests at a time. Change-Id: Id119468872ef96c941da0dfbbabed59e55366f12 Reviewed-by: Etienne Carriere Signed-off-by: Jens Wiklander (cherry picked from commit f2aa97240c84b8f258710e297ba60048bd9c153e) Signed-off-by: Victor Chong --- include/uapi/linux/tee.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 688782e90140..267c12e7fd79 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -154,6 +154,13 @@ struct tee_ioctl_buf_data { */ #define TEE_IOCTL_PARAM_ATTR_TYPE_MASK 0xff +/* Meta parameter carrying extra information about the message. */ +#define TEE_IOCTL_PARAM_ATTR_META 0x100 + +/* Mask of all known attr bits */ +#define TEE_IOCTL_PARAM_ATTR_MASK \ + (TEE_IOCTL_PARAM_ATTR_TYPE_MASK | TEE_IOCTL_PARAM_ATTR_META) + /* * Matches TEEC_LOGIN_* in GP TEE Client API * Are only defined for GP compliant TEEs -- cgit v1.2.3 From 15bf9b9422ec766f94bbb94e23a27ef16d5bee57 Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Wed, 29 Nov 2017 14:48:25 +0200 Subject: BACKPORT: tee: flexible shared memory pool creation Makes creation of shm pools more flexible by adding new more primitive functions to allocate a shm pool. This makes it easier to add driver specific shm pool management. Change-Id: Ief7841b612e1f2ad67222f058bb6627ac9dcd41d Signed-off-by: Jens Wiklander Signed-off-by: Volodymyr Babchuk (cherry picked from commit e2aca5d8928acb9cc9a87802b02102d4f9b9b596) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 91 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index f4a0ac05ebb4..ead79b560b9d 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -149,6 +149,97 @@ int tee_device_register(struct tee_device *teedev); */ void tee_device_unregister(struct tee_device *teedev); +/** + * struct tee_shm - shared memory object + * @teedev: device used to allocate the object + * @ctx: context using the object, if NULL the context is gone + * @link link element + * @paddr: physical address of the shared memory + * @kaddr: virtual address of the shared memory + * @size: size of shared memory + * @offset: offset of buffer in user space + * @pages: locked pages from userspace + * @num_pages: number of locked pages + * @dmabuf: dmabuf used to for exporting to user space + * @flags: defined by TEE_SHM_* in tee_drv.h + * @id: unique id of a shared memory object on this device + * + * This pool is only supposed to be accessed directly from the TEE + * subsystem and from drivers that implements their own shm pool manager. + */ +struct tee_shm { + struct tee_device *teedev; + struct tee_context *ctx; + struct list_head link; + phys_addr_t paddr; + void *kaddr; + size_t size; + unsigned int offset; + struct page **pages; + size_t num_pages; + struct dma_buf *dmabuf; + u32 flags; + int id; +}; + +/** + * struct tee_shm_pool_mgr - shared memory manager + * @ops: operations + * @private_data: private data for the shared memory manager + */ +struct tee_shm_pool_mgr { + const struct tee_shm_pool_mgr_ops *ops; + void *private_data; +}; + +/** + * struct tee_shm_pool_mgr_ops - shared memory pool manager operations + * @alloc: called when allocating shared memory + * @free: called when freeing shared memory + * @destroy_poolmgr: called when destroying the pool manager + */ +struct tee_shm_pool_mgr_ops { + int (*alloc)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm, + size_t size); + void (*free)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm); + void (*destroy_poolmgr)(struct tee_shm_pool_mgr *poolmgr); +}; + +/** + * tee_shm_pool_alloc() - Create a shared memory pool from shm managers + * @priv_mgr: manager for driver private shared memory allocations + * @dmabuf_mgr: manager for dma-buf shared memory allocations + * + * Allocation with the flag TEE_SHM_DMA_BUF set will use the range supplied + * in @dmabuf, others will use the range provided by @priv. + * + * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure. + */ +struct tee_shm_pool *tee_shm_pool_alloc(struct tee_shm_pool_mgr *priv_mgr, + struct tee_shm_pool_mgr *dmabuf_mgr); + +/* + * tee_shm_pool_mgr_alloc_res_mem() - Create a shm manager for reserved + * memory + * @vaddr: Virtual address of start of pool + * @paddr: Physical address of start of pool + * @size: Size in bytes of the pool + * + * @returns pointer to a 'struct tee_shm_pool_mgr' or an ERR_PTR on failure. + */ +struct tee_shm_pool_mgr *tee_shm_pool_mgr_alloc_res_mem(unsigned long vaddr, + phys_addr_t paddr, + size_t size, + int min_alloc_order); + +/** + * tee_shm_pool_mgr_destroy() - Free a shared memory manager + */ +static inline void tee_shm_pool_mgr_destroy(struct tee_shm_pool_mgr *poolm) +{ + poolm->ops->destroy_poolmgr(poolm); +} + /** * struct tee_shm_pool_mem_info - holds information needed to create a shared * memory pool -- cgit v1.2.3 From 9b5e064b883b7a2c2cb2645d77cff59edee04b62 Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Wed, 29 Nov 2017 14:48:26 +0200 Subject: BACKPORT: tee: add register user memory Added new ioctl to allow users register own buffers as a shared memory. Change-Id: If7f52f1d7c733d1d31de791523a07748e77fa202 Signed-off-by: Volodymyr Babchuk [jw: moved tee_shm_is_registered() declaration] [jw: added space after __tee_shm_alloc() implementation] Signed-off-by: Jens Wiklander (cherry picked from commit 033ddf12bcf5326b93bd604f50a7474a434a35f9) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 47 +++++++++++++++++++++++++++++++++++++++++++++-- include/uapi/linux/tee.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index ead79b560b9d..0f9e574299b6 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -25,8 +25,12 @@ * specific TEE driver. */ -#define TEE_SHM_MAPPED 0x1 /* Memory mapped by the kernel */ -#define TEE_SHM_DMA_BUF 0x2 /* Memory with dma-buf handle */ +#define TEE_SHM_MAPPED BIT(0) /* Memory mapped by the kernel */ +#define TEE_SHM_DMA_BUF BIT(1) /* Memory with dma-buf handle */ +#define TEE_SHM_EXT_DMA_BUF BIT(2) /* Memory with dma-buf handle */ +#define TEE_SHM_REGISTER BIT(3) /* Memory registered in secure world */ +#define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */ +#define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */ struct device; struct tee_device; @@ -76,6 +80,8 @@ struct tee_param { * @cancel_req: request cancel of an ongoing invoke or open * @supp_revc: called for supplicant to get a command * @supp_send: called for supplicant to send a response + * @shm_register: register shared memory buffer in TEE + * @shm_unregister: unregister shared memory buffer in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -94,6 +100,9 @@ struct tee_driver_ops { struct tee_param *param); int (*supp_send)(struct tee_context *ctx, u32 ret, u32 num_params, struct tee_param *param); + int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm, + struct page **pages, size_t num_pages); + int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); }; /** @@ -301,6 +310,40 @@ void *tee_get_drvdata(struct tee_device *teedev); */ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags); +/** + * tee_shm_priv_alloc() - Allocate shared memory privately + * @dev: Device that allocates the shared memory + * @size: Requested size of shared memory + * + * Allocates shared memory buffer that is not associated with any client + * context. Such buffers are owned by TEE driver and used for internal calls. + * + * @returns a pointer to 'struct tee_shm' + */ +struct tee_shm *tee_shm_priv_alloc(struct tee_device *teedev, size_t size); + +/** + * tee_shm_register() - Register shared memory buffer + * @ctx: Context that registers the shared memory + * @addr: Address is userspace of the shared buffer + * @length: Length of the shared buffer + * @flags: Flags setting properties for the requested shared memory. + * + * @returns a pointer to 'struct tee_shm' + */ +struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, + size_t length, u32 flags); + +/** + * tee_shm_is_registered() - Check if shared memory object in registered in TEE + * @shm: Shared memory handle + * @returns true if object is registered in TEE + */ +static inline bool tee_shm_is_registered(struct tee_shm *shm) +{ + return shm && (shm->flags & TEE_SHM_REGISTER); +} + /** * tee_shm_free() - Free shared memory * @shm: Handle to shared memory to free diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 267c12e7fd79..4b9eb064d7e7 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -50,6 +50,7 @@ #define TEE_GEN_CAP_GP (1 << 0)/* GlobalPlatform compliant TEE */ #define TEE_GEN_CAP_PRIVILEGED (1 << 1)/* Privileged device (for supplicant) */ +#define TEE_GEN_CAP_REG_MEM (1 << 2)/* Supports registering shared memory */ /* * TEE Implementation ID @@ -339,6 +340,35 @@ struct tee_iocl_supp_send_arg { #define TEE_IOC_SUPPL_SEND _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 7, \ struct tee_ioctl_buf_data) +/** + * struct tee_ioctl_shm_register_data - Shared memory register argument + * @addr: [in] Start address of shared memory to register + * @length: [in/out] Length of shared memory to register + * @flags: [in/out] Flags to/from registration. + * @id: [out] Identifier of the shared memory + * + * The flags field should currently be zero as input. Updated by the call + * with actual flags as defined by TEE_IOCTL_SHM_* above. + * This structure is used as argument for TEE_IOC_SHM_REGISTER below. + */ +struct tee_ioctl_shm_register_data { + __u64 addr; + __u64 length; + __u32 flags; + __s32 id; +}; + +/** + * TEE_IOC_SHM_REGISTER - Register shared memory argument + * + * Registers shared memory between the user space process and secure OS. + * + * Returns a file descriptor on success or < 0 on failure + * + * The shared memory is unregisterred when the descriptor is closed. + */ +#define TEE_IOC_SHM_REGISTER _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 9, \ + struct tee_ioctl_shm_register_data) /* * Five syscalls are used when communicating with the TEE driver. * open(): opens the device associated with the driver -- cgit v1.2.3 From ba5928ca5c23ed8793288c4d19a541a8d86deb38 Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk Date: Wed, 29 Nov 2017 14:48:27 +0200 Subject: BACKPORT: tee: shm: add accessors for buffer size and page offset These two function will be needed for shared memory registration in OP-TEE Change-Id: Iccfbc063f90edd2f8a283bc0424d95e1f0874c8a Signed-off-by: Volodymyr Babchuk Signed-off-by: Jens Wiklander (cherry picked from commit b25946ad951c013c31d0a0e82d2017004bdc8fed) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 0f9e574299b6..71cd1f2841c9 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -393,6 +393,26 @@ void *tee_shm_get_va(struct tee_shm *shm, size_t offs); */ int tee_shm_get_pa(struct tee_shm *shm, size_t offs, phys_addr_t *pa); +/** + * tee_shm_get_size() - Get size of shared memory buffer + * @shm: Shared memory handle + * @returns size of shared memory + */ +static inline size_t tee_shm_get_size(struct tee_shm *shm) +{ + return shm->size; +} + +/** + * tee_shm_get_page_offset() - Get shared buffer offset from page start + * @shm: Shared memory handle + * @returns page offset of shared buffer + */ +static inline size_t tee_shm_get_page_offset(struct tee_shm *shm) +{ + return shm->offset; +} + /** * tee_shm_get_id() - Get id of a shared memory object * @shm: Shared memory handle -- cgit v1.2.3 From a06ac65fa54f4a8b904b8e9cc87021fb6a842a81 Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk Date: Wed, 29 Nov 2017 14:48:28 +0200 Subject: BACKPORT: tee: shm: add page accessor functions In order to register a shared buffer in TEE, we need accessor function that return list of pages for that buffer. Change-Id: I4078da3e7fff7e44bb6478e297250458d66dd89d Signed-off-by: Volodymyr Babchuk Signed-off-by: Jens Wiklander (cherry picked from commit e0c69ae8bfb500facebe1fa331f9400c216eaab0) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 71cd1f2841c9..80963f665db3 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -403,6 +403,19 @@ static inline size_t tee_shm_get_size(struct tee_shm *shm) return shm->size; } +/** + * tee_shm_get_pages() - Get list of pages that hold shared buffer + * @shm: Shared memory handle + * @num_pages: Number of pages will be stored there + * @returns pointer to pages array + */ +static inline struct page **tee_shm_get_pages(struct tee_shm *shm, + size_t *num_pages) +{ + *num_pages = shm->num_pages; + return shm->pages; +} + /** * tee_shm_get_page_offset() - Get shared buffer offset from page start * @shm: Shared memory handle -- cgit v1.2.3 From 17c7c494f71816b458f7fc6f90b7043d8398cad4 Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk Date: Wed, 29 Nov 2017 14:48:37 +0200 Subject: BACKPORT: tee: use reference counting for tee_context We need to ensure that tee_context is present until last shared buffer will be freed. Change-Id: I0346e266f17b06af82144290d230029d0193a3d8 Signed-off-by: Volodymyr Babchuk Signed-off-by: Jens Wiklander (cherry picked from commit 217e0250cccb9e54d457991446cd3fab413085e1) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 80963f665db3..484e5058abbd 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -17,6 +17,7 @@ #include #include +#include #include #include @@ -42,11 +43,17 @@ struct tee_shm_pool; * @teedev: pointer to this drivers struct tee_device * @list_shm: List of shared memory object owned by this context * @data: driver specific context data, managed by the driver + * @refcount: reference counter for this structure + * @releasing: flag that indicates if context is being released right now. + * It is needed to break circular dependency on context during + * shared memory release. */ struct tee_context { struct tee_device *teedev; struct list_head list_shm; void *data; + struct kref refcount; + bool releasing; }; struct tee_param_memref { -- cgit v1.2.3 From 78d437dbb108782b5c805ccbe99da8d4251329fd Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk Date: Wed, 29 Nov 2017 14:48:38 +0200 Subject: BACKPORT: tee: shm: inline tee_shm_get_id() Now, when struct tee_shm is defined in public header, we can inline small getter functions like this one. Change-Id: I9aba40c18ec448c043ab0b31849e4d6429908371 Signed-off-by: Volodymyr Babchuk Signed-off-by: Jens Wiklander (cherry picked from commit ef8e08d24ca84846ce639b835ebd2f15a943f42b) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 484e5058abbd..41bd4bded28c 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -438,7 +438,10 @@ static inline size_t tee_shm_get_page_offset(struct tee_shm *shm) * @shm: Shared memory handle * @returns id */ -int tee_shm_get_id(struct tee_shm *shm); +static inline int tee_shm_get_id(struct tee_shm *shm) +{ + return shm->id; +} /** * tee_shm_get_from_id() - Find shared memory object and increase reference -- cgit v1.2.3 From 1b8bb30b0787a91d4903c8dfd88852f24634160a Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Thu, 28 Dec 2017 10:08:00 +0100 Subject: BACKPORT: tee: add start argument to shm_register callback Adds a start argument to the shm_register callback to allow the callback to check memory type of the passed pages. Change-Id: I61457d60ca192637f8d986e2d6f8aeb153d2c484 Signed-off-by: Jens Wiklander (cherry picked from commit 95ffe4ca43877eea176d7e95aa0d38bbdc3d2903) Signed-off-by: Victor Chong --- include/linux/tee_drv.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 41bd4bded28c..a2b3dfcee0b5 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -108,7 +108,8 @@ struct tee_driver_ops { int (*supp_send)(struct tee_context *ctx, u32 ret, u32 num_params, struct tee_param *param); int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm, - struct page **pages, size_t num_pages); + struct page **pages, size_t num_pages, + unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); }; -- cgit v1.2.3 From 4b35dcb5e048cde1a68603d5ad2d8ccaf3fb1e4e Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Thu, 15 Feb 2018 16:16:57 +0100 Subject: x86: fix build warnign with 32-bit PAE I ran into a 4.9 build warning in randconfig testing, starting with the KAISER patches: arch/x86/kernel/ldt.c: In function 'alloc_ldt_struct': arch/x86/include/asm/pgtable_types.h:208:24: error: large integer implicitly truncated to unsigned type [-Werror=overflow] #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX) ^ arch/x86/kernel/ldt.c:81:6: note: in expansion of macro '__PAGE_KERNEL' __PAGE_KERNEL); ^~~~~~~~~~~~~ I originally ran into this last year when the patches were part of linux-next, and tried to work around it by using the proper 'pteval_t' types consistently, but that caused additional problems. This takes a much simpler approach, and makes the argument type of the dummy helper always 64-bit, which is wide enough for any page table layout and won't hurt since this call is just an empty stub anyway. Fixes: 8f0baadf2bea ("kaiser: merged update") Signed-off-by: Arnd Bergmann Acked-by: Kees Cook Acked-by: Hugh Dickins Signed-off-by: Greg Kroah-Hartman --- include/linux/kaiser.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/kaiser.h b/include/linux/kaiser.h index 58c55b1589d0..b56c19010480 100644 --- a/include/linux/kaiser.h +++ b/include/linux/kaiser.h @@ -32,7 +32,7 @@ static inline void kaiser_init(void) { } static inline int kaiser_add_mapping(unsigned long addr, - unsigned long size, unsigned long flags) + unsigned long size, u64 flags) { return 0; } -- cgit v1.2.3