This patch fixes the description of tee_get_drvdata()'s return value.
It actually returns the driver_data pointer supplied to
tee_device_alloc() since the TEE subsystem was added to the kernel.
Fixes: 967c9cca2c ("tee: generic TEE subsystem")
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
These look to be leftover from an early edition of this driver. Userspace
does not need this information. Checking all users of this that I have
access to I have verified no one is using them.
They leak internal use flags out to userspace. Even more they are not
correct anymore after a45ea4efa3. Lets drop these flags before
someone does try to use them for something and they become ABI.
Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds the two new functions tee_shm_register_user_buf() and
tee_shm_register_kernel_buf() which should be used instead of the old
tee_shm_register().
This avoids having the caller supplying the flags parameter which
exposes a bit more than desired of the internals of the TEE subsystem.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a new function tee_shm_alloc_user_buf() for user mode allocations,
replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF to
tee_shm_alloc().
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Exports the two functions teedev_open() and teedev_close_context() in
order to make it easier to create a driver internal struct tee_context.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Prior to this patch was teedev_close_context() calling tee_device_put()
before teedev_ctx_put() leading to teedev_ctx_release() accessing
ctx->teedev just after the reference counter was decreased on the
teedev. Fix this by calling teedev_ctx_put() before tee_device_put().
Fixes: 217e0250cc ("tee: use reference counting for tee_context")
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
by explicitly adding a break statement instead of letting the code fall
through to the next case.
Link: https://github.com/KSPP/linux/issues/115
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Pull crypto updates from Herbert Xu:
"API:
- Add speed testing on 1420-byte blocks for networking
Algorithms:
- Improve performance of chacha on ARM for network packets
- Improve performance of aegis128 on ARM for network packets
Drivers:
- Add support for Keem Bay OCS AES/SM4
- Add support for QAT 4xxx devices
- Enable crypto-engine retry mechanism in caam
- Enable support for crypto engine on sdm845 in qce
- Add HiSilicon PRNG driver support"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (161 commits)
crypto: qat - add capability detection logic in qat_4xxx
crypto: qat - add AES-XTS support for QAT GEN4 devices
crypto: qat - add AES-CTR support for QAT GEN4 devices
crypto: atmel-i2c - select CONFIG_BITREVERSE
crypto: hisilicon/trng - replace atomic_add_return()
crypto: keembay - Add support for Keem Bay OCS AES/SM4
dt-bindings: Add Keem Bay OCS AES bindings
crypto: aegis128 - avoid spurious references crypto_aegis128_update_simd
crypto: seed - remove trailing semicolon in macro definition
crypto: x86/poly1305 - Use TEST %reg,%reg instead of CMP $0,%reg
crypto: x86/sha512 - Use TEST %reg,%reg instead of CMP $0,%reg
crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg
crypto: cpt - Fix sparse warnings in cptpf
hwrng: ks-sa - Add dependency on IOMEM and OF
crypto: lib/blake2s - Move selftest prototype into header file
crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
crypto: ccree - rework cache parameters handling
crypto: cavium - Use dma_set_mask_and_coherent to simplify code
crypto: marvell/octeontx - Use dma_set_mask_and_coherent to simplify code
...
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.
This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure. So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.
Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.
This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1. It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The kernel TEE login method was accidentally disabled previously when
enabling a few other login methods, so fix that here.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAl+FTz4aHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJeHQA//TRf/ggtkMFB38Zl119/Z
IAOqC5BohMaqf2hdOlGsnvl3bq+RDJeJQSAXuNkWA9q5UwBbzsT5f1jQGWvEu3HP
de7L1lZM9PlC0vbB5G5LjX5P0SNwWIDRg3QSvUNoL2XUqFD28TzC6VDRIgZOXCWZ
QzkpSLb7nr0z38F41F1O84KaiA0++/IdalV+SIN4o4eMa+WtX0Sm9/0vdWFlIOGV
IrJV2GlmDQSBiRSQWUI4uzQ9MOp+NWD5gSCECMjP5Xh2m5G70HTJWAOayvAzQ3Hq
aEo/wElu4gbiCeMxUgUQTULNCNPfiEkLYivLqV4u8YAmNzF+qOWbUDUZopnwxNLU
pVl9RSFBzlF9QAyLe35BHi8lWKzmTWKLhNjII/2iB+4wpDjNhjlAUSe9RMn5qHGF
09FZ8LYV4Bi3JU/RHFTwU31IOFMSf/827j16QAVu9V3Sp732pZ7HM3MxcRlA+hMn
S4v/tHcF1zSpeBu9ab3E8qMpkaiVbhKfpenLAfQg+FISyLElGMg0JuxLR4y8Vb5O
fnp7yqaReEKv5Imsch96WJgtcFrwPpqSbkZ/lY4mVFQR8zKScyacrrYRlmupVVm0
w1WbMHTV+uG9bH+lNdrGvCnoL0B+73okGaqan2zdSljFjeITC835u5gno556H+aS
0g3o4r47gxQ1C/f7IZCOFzE=
=aCZO
-----END PGP SIGNATURE-----
Merge tag 'tee-fix-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/fixes
Reenable kernel login method for kernel TEE client API
The kernel TEE login method was accidentally disabled previously when
enabling a few other login methods, so fix that here.
* tag 'tee-fix-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee:
tee: client UUID: Skip REE kernel login method as well
Link: https://lore.kernel.org/r/20201013070918.GA3328976@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Since the addition of session's client UUID generation via commit [1],
login via REE kernel method was disallowed. So fix that via passing
nill UUID in case of TEE_IOCTL_LOGIN_REE_KERNEL method as well.
Fixes: e33bcbab16 ("tee: add support for session's client UUID generation") [1]
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Uses cdev_device_add() instead of the cdev_add() device_add()
combination.
Initializes dev->groups instead of direct calls to sysfs_create_group()
and friends.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAl9kdqUaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJcnsBAAysa3ggeat7K/Y8Sw9Ewh
J5Kxbvn3BQ0DXOlOtrQIuNcRr4kSmJWCPJ8E0IxiB2q01QLldOFqwE0zOKDmWYb9
eGe/CuDlbFM2vbaTrPfXX6uhCjWd5VexF2K11oJc9TuH5u/ZEycGIO+/BRE7u758
YY5puPwP82wbDesR+sDg7/115aRJ36fQFwWMm4LRCd8fLtrFgB6RSngdBxLr+Ue7
Bya9+fmHsBhlUCBOvxCoFOy/PLMruYzJwXg0IFt+V7SDS+1KPErdn6TTCIeWeWbX
oYPn07bChU5/pdAi6gch9y5WUesG7mRnN8m58A3G3Cg6WFr4RZKJqIFYLb3R+z26
RCLWmhf3ldqF/a3KW/UBuTXRwFZB0WnxuAhBgptkvYAxyC2/qEfjTnXdXLiIP+2F
0HWtEaPU1rkZWLHEjsw3H8hVLGcwBNSTS8k6qtDI17pLoWFQ794u9OrRiMhtiOlz
wcdhzWjSkQcFL3Wiq3I+eYmzIMtnRVqFbisEBMR5iB+0fYznEtIKNJHassivsdxf
7njcHo+jQ0ayEOIft/v+Ob13U8fIrC3dVdPVDNSE5rzH2FcTL9eEqSfdhaqicoLv
7OqfmCOZQ7b9uvbPWV2ils3BKF679g5iRcrqQr6193V8TxRNIlScuqWTsBVzd+Vd
Q4ecnuA/1BA1j2bz5uB8ZP8=
=Knzl
-----END PGP SIGNATURE-----
Merge tag 'tee-dev-cleanup-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/drivers
Simplify tee_device_register() and friends
Uses cdev_device_add() instead of the cdev_add() device_add()
combination.
Initializes dev->groups instead of direct calls to sysfs_create_group()
and friends.
* tag 'tee-dev-cleanup-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee:
tee: avoid explicit sysfs_create/delete_group by initialising dev->groups
tee: replace cdev_add + device_add with cdev_device_add
Link: https://lore.kernel.org/r/20200918144130.GB1219771@jade
Signed-off-by: Olof Johansson <olof@lixom.net>
If the dev->groups is initialised, the sysfs group is created as part
of device_add call. There is no need to call sysfs_create/delete_group
explicitly.
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Commit 233ed09d7f ("chardev: add helper function to register char devs
with a struct device") added a helper function 'cdev_device_add'.
Make use of cdev_device_add in tee_device_register to replace cdev_add
and device_add. Since cdev_device_add takes care of setting the
kobj->parent, drop explicit initialisation in tee_device_alloc.
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
TEE Client introduce a new capability "TEE_GEN_CAP_MEMREF_NULL"
to handle the support of the shared memory buffer with a NULL pointer.
This capability depends on TEE Capabilities and driver support.
Driver and TEE exchange capabilities at driver initialization.
Signed-off-by: Michael Whitfield <michael.whitfield@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
function is also used in the optee driver.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAl66eh4aHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJeZ5w/+O2C1ixl3tt40mVjCFkpT
TCKy4lJXQWXegYZ7epJAImRM82ogVoOItEhOtrSmodnENJLVgH8TUBuPiTwh4kb6
sSQ2zEPoOvA+3HtnnPaxZKuttMvL9MMvAoNH8Mg6ZEaBxG0r6zqiff8vPtfGlM/r
BSy/vH0rxYo1qX4twUHu6GSVWJLC2aSm/eO6BWri5kGHPgR1QOjeXXmotecx9h/b
6cxxRa6FG8nuXuqemMfdtk2j2PMsp639ziTD8cKKR7ncsiUqGtbvonRbeOOBTrHL
aimLgGtIe7hgObspVrH9pvh9ZpTjH34ffQatfAnZROkWKxWhdab9RbrycoFsVRWq
hc62KfuSA3zFHMx4/q0QIiE0TYXnrIjmHziIBKjQs1w3ZdjcQl2OB1guE20xuhWd
LCDZEV2E954113DOQ4kCV9Yh5psDJ0jhjAZrrAdRMX6JZuZ3jzr5hA0BDtSOjKLs
PqQ2TUI+95YZVLI7QdqBCf9Z3HXlI9a3TwOCVzDYy1m0InvzHXwHD6DhdobNhd+J
rQEKvMog5hhe/C3W9agl8Hi2BXNLsepcwUBRx6CsyaZMXBBUxbPeWR6ZnqlRAkYS
FyNbC82yoOYtOYdnOLHwIarr65uGhO5PFY/g5o6k2vuu2WeI7tr9wlGMgBbBb2wT
EnGClHSHcOkmsYyJJ6TX2sw=
=dx75
-----END PGP SIGNATURE-----
Merge tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers
Adds utility function in TEE subsystem for client UUID generation. This
function is also used in the optee driver.
* tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee:
tee: optee: Add support for session login client UUID generation
tee: add support for session's client UUID generation
Link: https://lore.kernel.org/r/20200512131243.GA10028@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
TEE Client API defines that from user space only information needed for
specified login operations is group identifier for group based logins.
REE kernel is expected to formulate trustworthy client UUID and pass that
to TEE environment. REE kernel is required to verify that provided group
identifier for group based logins matches calling processes group
memberships.
TEE specification only defines that the information passed from REE
environment to TEE environment is encoded into on UUID.
In order to guarantee trustworthiness of client UUID user space is not
allowed to freely pass client UUID.
UUIDv5 form is used encode variable amount of information needed for
different login types.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
[jw: remove unused variable application_id]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
There are use-cases where user-space shouldn't be allowed to communicate
directly with a TEE device which is dedicated to provide a specific
service for a kernel client. So add a private login method for kernel
clients and disallow user-space to open-session using GP implementation
defined login method range: (0x80000000 - 0xBFFFFFFF).
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The .ioctl and .compat_ioctl file operations have the same prototype so
they can both point to the same function, which works great almost all
the time when all the commands are compatible.
One exception is the s390 architecture, where a compat pointer is only
31 bit wide, and converting it into a 64-bit pointer requires calling
compat_ptr(). Most drivers here will never run in s390, but since we now
have a generic helper for it, it's easy enough to use it consistently.
I double-checked all these drivers to ensure that all ioctl arguments
are used as pointers or are ignored, but are not interpreted as integer
values.
Acked-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: David Sterba <dsterba@suse.com>
Acked-by: Darren Hart (VMware) <dvhart@infradead.org>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Based on 1 normalized pattern(s):
this software is licensed under the terms of the gnu general public
license version 2 as published by the free software foundation and
may be copied distributed and modified under those terms this
program is distributed in the hope that it will be useful but
without any warranty without even the implied warranty of
merchantability or fitness for a particular purpose see the gnu
general public license for more details
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 285 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexios Zavras <alexios.zavras@intel.com>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141900.642774971@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- dual license for optee_msg.h and optee_smc.h
Generic
- add cancellation support to client interface
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEEcK3MsDvGvFp6zV9ztbC4QZeP7NMFAlx32w8aHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQtbC4QZeP7NNr9g//czpqt3B7e2pUF46+rjLF
MZZAQwJw1KGjAH8YcUXXWlRI6HRIWKRMohZp4ixC4Xe/OQOpl7grwcWg6j69yI+k
EWdV/SJf6yKmxf9MwgMmh7U2bijIvQAYNd11ODZL+PZfetDLJ6U8kcNlrAGLFTAP
MtxM+wXcmnIT/CHD0wz8hH2B8ApYTCv4E5vkPXSfZEQ2mUU7Lns0MeUzXs74zPQU
yJgCMZnLA2JFJ3xhdi1e2gdyI4NGtAomHAQ9oIzD6rO1OU1H51L2+yFHK1G+eu6I
uMy/bSF0RBJfM0NN9k1XPssHtgg7JrJ6kHZh9Z2knuCi0KUf75bdZE1qC+9N9uu9
9+Qpt6IyxsRPwCgtVuKNl4KEIsxwGALG0oUwe9sBPIL1dOqZtc/bPDNME7LTAoN5
0JWxbz0YLgNKPpkIUfs48vzVrRqHhVBbZ/SuXmOLx9w+3wY/V1xH8pHmsqKJ/0b6
rdWXByt4Vv4YTYXVUz7ChS0ax+ZrDqocxvPFATRYXCNVlE/in/GHmR+QJkpEZnN9
IXhvvYyv582NVYBRAVf7DZBrUIgKT8SnT66PWhiCiP2z0rK5a3CFohV6Vdl/aqyE
1hppXuREuCbxdRTRu563yJL+v4MBfzItRp7v5xW/R8dAMPVtUMIlUyn11a4DGeWz
WYgNf9Po3M2JT7GEvNA2VKA=
=h0Es
-----END PGP SIGNATURE-----
Merge tag 'tee-misc-for-v5.1' of https://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers
OP-TEE driver
- dual license for optee_msg.h and optee_smc.h
Generic
- add cancellation support to client interface
* tag 'tee-misc-for-v5.1' of https://git.linaro.org/people/jens.wiklander/linux-tee:
tee: optee: update optee_msg.h and optee_smc.h to dual license
tee: add cancellation support to client interface
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Add support of cancellation request to the TEE kernel internal
client interface. Can be used by software TPM drivers, that leverage
TEE under the hood (for instance TPM2.0 mobile profile), for requesting
cancellation of time-consuming operations (RSA key-pair generation etc.).
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Add check for valid ctx pointer and then only dereference ctx to
configure supp_nowait flag.
Fixes: 42bf4152d8 ("tee: add supp_nowait flag in tee_context struct")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Introduce a generic TEE bus driver concept for TEE based kernel drivers
which would like to communicate with TEE based devices/services. Also
add support in module device table for these new TEE based devices.
In this TEE bus concept, devices/services are identified via Universally
Unique Identifier (UUID) and drivers register a table of device UUIDs
which they can support.
So this TEE bus framework registers following apis:
- match(): Iterates over the driver UUID table to find a corresponding
match for device UUID. If a match is found, then this particular device
is probed via corresponding probe api registered by the driver. This
process happens whenever a device or a driver is registered with TEE
bus.
- uevent(): Notifies user-space (udev) whenever a new device is registered
on this bus for auto-loading of modularized drivers.
Also this framework allows for device enumeration to be specific to
corresponding TEE implementation like OP-TEE etc.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Bhupesh Sharma <bhsharma@redhat.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
This flag indicates that requests in this context should not wait for
tee-supplicant daemon to be started if not present and just return
with an error code. It is needed for requests which should be
non-blocking in nature like ones arising from TEE based kernel drivers
or any in kernel api that uses TEE internal client interface.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a kernel internal TEE client interface to be used by other drivers.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Zeng Tao <prime.zeng@hisilicon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
This change prevents userland from referencing TEE shared memory
outside the area initially allocated by its owner. Prior this change an
application could not reference or access memory it did not own but
it could reference memory not explicitly allocated by owner but still
allocated to the owner due to the memory allocation granule.
Reported-by: Alexandre Jutras <alexandre.jutras@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The privileged dev id range is [TEE_NUM_DEVICES / 2, TEE_NUM_DEVICES).
The non-privileged dev id range is [0, TEE_NUM_DEVICES / 2).
So when finding a slot for them, need to use different max value.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
subsystem as a whole and in OP-TEE in particular.
Global Platform TEE specification [1] allows client applications
to register part of own memory as a shared buffer between
application and TEE. This allows fast zero-copy communication between
TEE and REE. But current implementation of TEE in Linux does not support
this feature.
Also, current implementation of OP-TEE transport uses fixed size
pre-shared buffer for all communications with OP-TEE OS. This is okay
in the most use cases. But this prevents use of OP-TEE in virtualized
environments, because:
a) We can't share the same buffer between different virtual machines
b) Physically contiguous memory as seen by VM can be non-contiguous
in reality (and as seen by OP-TEE OS) due to second stage of
MMU translation.
c) Size of this pre-shared buffer is limited.
So, first part of this pull request adds generic register/unregister
interface to tee subsystem. The second part adds necessary features into
OP-TEE driver, so it can use not only static pre-shared buffer, but
whole RAM to communicate with OP-TEE OS.
This change is backwards compatible allowing older secure world or
user space to work with newer kernels and vice versa.
[1] https://www.globalplatform.org/specificationsdevice.asp
-----BEGIN PGP SIGNATURE-----
iQI3BAABCgAhBQJaM8X7GhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw
uEGXj+zThYsQAMPsMwvV977gLCnFxSZuIh1qnK5sXabpe4ITVOaUaxyCIoKAcROX
exFdo1l+4UrOaEA9o06IROnHczCEz7IvGcPVYCB13tHwyfPsuicrdM0b/hm2Mehx
MGYDsm3ZjnUTcZxGMNHYvCunNi84Rt1yOC8Mdx4kPhCI8ZCDqb9pV/Bb5wNLnkXS
lXP/+EAkF0ECj88JUhgunkvL96QyK/PROCNUMWansB1RwglvyWy7IS/r03BW9Cpi
4Mtiywmj/KZO9To4LvWhPiX5xvdxe+VxXUD6BW9hVVOxmXGSTEwr9YYr0f7qWH5q
HeTLzkOsRQ+uHkaSLZOJ1HkIsP0sYQ7tR6OaipAEMJIN87ktGr45uuxaMnJCV1Z/
tiKkGKJq9VISa7LA0Fv3nLhfYo8/jHiV/dV77FTreHhWimtVl3aiIkon+P/VSA7W
Qstkq/v+djZXSmJ+dAcaRdukufWLUB4xhl27isnmaVjToFUHJH36wM9smtgXFygv
DL8+5UBgsWPOlpJkIsTD/dwiQK+CeG4/SASgfe5DV7GVh+Z+71E2V40UQ9JoUROa
Y33tPFWg07gG3cHAZYugKG2ucf4Yy3GXh5xZnjIq0Ye1U3/TnbK543V1y2N45vx0
xBWJFFh2blKD04QPynBFqKPKNc5d//OgeK3m4PBTYk2GoGIvnc5YxPTq
=3iwl
-----END PGP SIGNATURE-----
Merge tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers
Pull "tee dynamic shm for v4.16" from Jens Wiklander:
This pull request enables dynamic shared memory support in the TEE
subsystem as a whole and in OP-TEE in particular.
Global Platform TEE specification [1] allows client applications
to register part of own memory as a shared buffer between
application and TEE. This allows fast zero-copy communication between
TEE and REE. But current implementation of TEE in Linux does not support
this feature.
Also, current implementation of OP-TEE transport uses fixed size
pre-shared buffer for all communications with OP-TEE OS. This is okay
in the most use cases. But this prevents use of OP-TEE in virtualized
environments, because:
a) We can't share the same buffer between different virtual machines
b) Physically contiguous memory as seen by VM can be non-contiguous
in reality (and as seen by OP-TEE OS) due to second stage of
MMU translation.
c) Size of this pre-shared buffer is limited.
So, first part of this pull request adds generic register/unregister
interface to tee subsystem. The second part adds necessary features into
OP-TEE driver, so it can use not only static pre-shared buffer, but
whole RAM to communicate with OP-TEE OS.
This change is backwards compatible allowing older secure world or
user space to work with newer kernels and vice versa.
[1] https://www.globalplatform.org/specificationsdevice.asp
* tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee:
tee: shm: inline tee_shm_get_id()
tee: use reference counting for tee_context
tee: optee: enable dynamic SHM support
tee: optee: add optee-specific shared pool implementation
tee: optee: store OP-TEE capabilities in private data
tee: optee: add registered buffers handling into RPC calls
tee: optee: add registered shared parameters handling
tee: optee: add shared buffer registration functions
tee: optee: add page list manipulation functions
tee: optee: Update protocol definitions
tee: shm: add page accessor functions
tee: shm: add accessors for buffer size and page offset
tee: add register user memory
tee: flexible shared memory pool creation
We need to ensure that tee_context is present until last
shared buffer will be freed.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Added new ioctl to allow users register own buffers as a shared memory.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: moved tee_shm_is_registered() declaration]
[jw: added space after __tee_shm_alloc() implementation]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds TEE_IOCTL_PARAM_ATTR_META which can be used to indicate meta
parameters when communicating with user space. These meta parameters can
be used by supplicant support multiple parallel requests at a time.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Mirrors the TEE_DESC_PRIVILEGED bit of struct tee_desc:flags into struct
tee_ioctl_version_data:gen_caps as TEE_GEN_CAP_PRIVILEGED in
tee_ioctl_version()
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Initial patch for generic TEE subsystem.
This subsystem provides:
* Registration/un-registration of TEE drivers.
* Shared memory between normal world and secure world.
* Ioctl interface for interaction with user space.
* Sysfs implementation_id of TEE driver
A TEE (Trusted Execution Environment) driver is a driver that interfaces
with a trusted OS running in some secure environment, for example,
TrustZone on ARM cpus, or a separate secure co-processor etc.
The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.
This patch builds on other similar implementations trying to solve
the same problem:
* "optee_linuxdriver" by among others
Jean-michel DELORME<jean-michel.delorme@st.com> and
Emmanuel MICHEL <emmanuel.michel@st.com>
* "Generic TrustZone Driver" by Javier González <javier@javigon.com>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>