Bump the file's refcount before moving the reference into the fd table,
not afterwards. The old code could drop the file's refcount to zero for a
short moment before calling get_file() via get_dma_buf().
This code can only be triggered on ARM systems that use Linaro's OP-TEE.
Fixes: 967c9cca2c ("tee: generic TEE subsystem")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit bb765d1c33)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I21f905548f65e82ec8bf3c09775856a6f0fb057f
get_user_pages_fast() can return zero in certain error paths. We should
handle that or else it means we accidentally return ERR_PTR(0) which is
NULL instead of an error pointer. The callers are not expecting that
and will crash with a NULL dereference.
Change-Id: I5622affddeb1fc5e80ba6ccdbfdc77e129a2ca84
Fixes: 033ddf12bc ("tee: add register user memory")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 2490cdf643)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
In the case that shm->pages fails to allocate, the current exit
error path will try to put_page on a null shm->pages and cause
a null pointer dereference when accessing shm->pages[n]. Fix this
by only performing the put_page and kfree on shm->pages if it
is not null.
Detected by CoverityScan, CID#1463283 ("Dereference after null check")
Change-Id: I9dbf1a729d784c1c13eabe0d70c48f1f12b2e5b3
Fixes: 033ddf12bc ("tee: add register user memory")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit c94f31b526)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
The function __tee_shm_alloc is local to the source and does
not need to be in global scope, so make it static.
Cleans up sparse warning:
symbol '__tee_shm_alloc' was not declared. Should it be static?
Change-Id: I6bbd0f64c3a334f63ec6a834f43c3bc5830d7335
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 80ec6f5de6)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Checks the memory type of the pages to be registered as shared memory.
Only normal cached memory is allowed.
Change-Id: I319740ef448e7d7ce31efd2b5456972da192fce3
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit cdbcf83d29)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Adds a start argument to the shm_register callback to allow the callback
to check memory type of the passed pages.
Change-Id: Ic6062db0cfc7485adae4df949e87577f9d13e4d5
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 95ffe4ca43)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
The optee driver includes the header files in an unusual order,
with asm/pgtable.h before the linux/*.h headers. For some reason
this seems to trigger a build failure:
drivers/tee/optee/call.c: In function 'optee_fill_pages_list':
include/asm-generic/memory_model.h:64:14: error: implicit declaration of function 'page_to_section'; did you mean '__nr_to_section'? [-Werror=implicit-function-declaration]
int __sec = page_to_section(__pg); \
drivers/tee/optee/call.c:494:15: note: in expansion of macro 'page_to_phys'
optee_page = page_to_phys(*pages) +
Let's just include linux/mm.h, which will then get the other
header implicitly.
Change-Id: I89668d35f8a9a8e27e77045e1f91934bb3d8cded
Fixes: 3bb48ba5cd ("tee: optee: add page list manipulation functions")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
(cherry picked from commit f681e08f67)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Now, when struct tee_shm is defined in public header,
we can inline small getter functions like this one.
Change-Id: If5f8bd999aaf180dc6f431aa26ccabd0260a47e4
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit ef8e08d24c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
We need to ensure that tee_context is present until last
shared buffer will be freed.
Change-Id: I0f16c080e0432d425496a7ceb11d13150daff00e
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 217e0250cc)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Previous patches added various features that are needed for dynamic SHM.
Dynamic SHM allows Normal World to share any buffers with OP-TEE.
While original design suggested to use pre-allocated region (usually of
1M to 2M of size), this new approach allows to use all non-secure RAM for
command buffers, RPC allocations and TA parameters.
This patch checks capability OPTEE_SMC_SEC_CAP_DYNAMIC_SHM. If it was set
by OP-TEE, then kernel part of OP-TEE will use kernel page allocator
to allocate command buffers. Also it will set TEE_GEN_CAP_REG_MEM
capability to tell userspace that it supports shared memory registration.
Change-Id: I02b0a57e8c16d1905883b35511decb7426e76960
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f58e236c9d)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
This is simple pool that uses kernel page allocator. This pool can be
used in case OP-TEE supports dynamic shared memory.
Change-Id: Idd0b512ef577b38f61dabca60b86becf09a746cc
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit abd135ba21)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
With latest changes to OP-TEE we can use any buffers as a shared memory.
Thus, it is possible for supplicant to provide part of own memory
when OP-TEE asks to allocate a shared buffer.
This patch adds support for such feature into RPC handling code.
Now when OP-TEE asks supplicant to allocate shared buffer, supplicant
can use TEE_IOC_SHM_REGISTER to provide such buffer. RPC handler is
aware of this, so it will pass list of allocated pages to OP-TEE.
Change-Id: If7b7812ab4255ed3c1915ae16eafd5556947b936
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: fix parenthesis alignment in free_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 53a107c812)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Now, when client applications can register own shared buffers in OP-TEE,
we need to extend ABI for parameter passing to/from OP-TEE.
So, if OP-TEE core detects that parameter belongs to registered shared
memory, it will use corresponding parameter attribute.
Change-Id: I52b6b3a0092aac238b232b6d24668bbe3f3015e2
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 64cf9d8a67)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
This change adds ops for shm_(un)register functions in tee interface.
Client application can use these functions to (un)register an own shared
buffer in OP-TEE address space. This allows zero copy data sharing between
Normal and Secure Worlds.
Please note that while those functions were added to optee code,
it does not report to userspace that those functions are available.
OP-TEE code does not set TEE_GEN_CAP_REG_MEM flag. This flag will be
enabled only after all other features of dynamic shared memory will be
implemented in subsequent patches. Of course user can ignore presence of
TEE_GEN_CAP_REG_MEM flag and try do call those functions. This is okay,
driver will register shared buffer in OP-TEE, but any attempts to use
this shared buffer will fail.
Change-Id: I918fd93ff2a5e8a371f6e7fd81f45bbfaed69315
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 06ca79179c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
These functions will be used to pass information about shared
buffers to OP-TEE. ABI between Linux and OP-TEE is defined
in optee_msg.h and optee_smc.h.
optee_msg.h defines OPTEE_MSG_ATTR_NONCONTIG attribute
for shared memory references and describes how such references
should be passed. Note that it uses 64-bit page addresses even
on 32 bit systems. This is done to support LPAE and to unify
interface.
Change-Id: I9285315d48979e75c54021163f3e8c7a2772db55
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: replacing uint64_t with u64 in optee_fill_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 3bb48ba5cd)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
There were changes in REE<->OP-TEE ABI recently.
Now ABI allows us to pass non-contiguous memory buffers as list of
pages to OP-TEE. This can be achieved by using new parameter attribute
OPTEE_MSG_ATTR_NONCONTIG.
OP-TEE also is able to use all non-secure RAM for shared buffers. This
new capability is enabled with OPTEE_SMC_SEC_CAP_DYNAMIC_SHM flag.
This patch adds necessary definitions to the protocol definition files at
Linux side.
Change-Id: I9a1dbe642b4e6bf5544a579f80abb940b59723ab
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit de5c6dfc43)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Added new ioctl to allow users register own buffers as a shared memory.
Change-Id: Icd25a3601884472fd42feac8aff03bb52e4d7e87
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: moved tee_shm_is_registered() declaration]
[jw: added space after __tee_shm_alloc() implementation]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 033ddf12bc)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Makes creation of shm pools more flexible by adding new more primitive
functions to allocate a shm pool. This makes it easier to add driver
specific shm pool management.
Change-Id: I9ab51718083e0b86a47b9c56f32c57d69b43e30d
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
(cherry picked from commit e2aca5d892)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Adds support for asynchronous supplicant requests, meaning that the
supplicant can process several requests in parallel or block in a
request for some time.
Change-Id: Ifa77c329d33f6884fc7a64b3594be2b33def492c
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 1647a5ac17)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Adds TEE_IOCTL_PARAM_ATTR_META which can be used to indicate meta
parameters when communicating with user space. These meta parameters can
be used by supplicant support multiple parallel requests at a time.
Change-Id: Ie866c6119b8125c08b892b7a1a1929832b2f162c
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f2aa97240c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
The first node supplied to of_find_matching_node() has its reference
counter decreased as part of call to that function. In optee_driver_init()
after calling of_find_matching_node() it's invalid to call of_node_put() on
the supplied node again.
So remove the invalid call to of_node_put().
Change-Id: I09d0dafa710a9ef7f3550e751b06b10197c9701a
Reported-by: Alex Shi <alex.shi@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit f044113113)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
In the latest changes of optee_os, the interrupts' names are
changed to "native" and "foreign" interrupts.
Change-Id: I5d1c2e05e9556b4805e24ac3aca1486dcdb5414b
Signed-off-by: David Wang <david.wang@arm.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 39e6519a3f)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Mirrors the TEE_DESC_PRIVILEGED bit of struct tee_desc:flags into struct
tee_ioctl_version_data:gen_caps as TEE_GEN_CAP_PRIVILEGED in
tee_ioctl_version()
Change-Id: Ic3961a07812c3f89a6f3006619d89945733a71a8
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 059cf566e1)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Add const to tee_desc structures as they are only passed as an argument
to the function tee_device_alloc. This argument is of type const, so
declare these structures as const too.
Add const to tee_driver_ops structures as they are only stored in the
ops field of a tee_desc structure. This field is of type const, so
declare these structure types as const.
Change-Id: I9ffb39b85321a45fff5dae71915c4d851f4cc7ac
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 96e72ddeec)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
dma_buf_ops are not supposed to change at runtime. All functions
working with dma_buf_ops provided by <linux/dma-buf.h> work with
const dma_buf_ops. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
2026 112 0 2138 85a drivers/tee/tee_shm.o
File size After adding 'const':
text data bss dec hex filename
2138 0 0 2138 85a drivers/tee/tee_shm.o
Change-Id: I3f353e6c49c598d1f81b7e981b69542b9b87a807
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 53e3ca5cee)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Fixes the static checker warning in optee_release().
error: uninitialized symbol 'parg'.
Change-Id: I7b183f3b128b3ec6f2154195901a20bd6cf0a838
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit efb14036bd)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
For the moment, the tee subsystem only makes sense in combination with
the op-tee driver that depends on ARM_SMCCC, so let's hide the subsystem
from users that can't select that.
Change-Id: I231f4366be51bf9b4bda827c2e61b2801a132097
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
(cherry picked from commit e84188852a)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Adds a OP-TEE driver which also can be compiled as a loadable module.
* Targets ARM and ARM64
* Supports using reserved memory from OP-TEE as shared memory
* Probes OP-TEE version using SMCs
* Accepts requests on privileged and unprivileged device
* Uses OPTEE message protocol version 2 to communicate with secure world
Change-Id: Id9fc5fda759496a28855c6968fe09f4f4767a63d
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 4fb0a5eb36)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Initial patch for generic TEE subsystem.
This subsystem provides:
* Registration/un-registration of TEE drivers.
* Shared memory between normal world and secure world.
* Ioctl interface for interaction with user space.
* Sysfs implementation_id of TEE driver
A TEE (Trusted Execution Environment) driver is a driver that interfaces
with a trusted OS running in some secure environment, for example,
TrustZone on ARM cpus, or a separate secure co-processor etc.
The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.
This patch builds on other similar implementations trying to solve
the same problem:
* "optee_linuxdriver" by among others
Jean-michel DELORME<jean-michel.delorme@st.com> and
Emmanuel MICHEL <emmanuel.michel@st.com>
* "Generic TrustZone Driver" by Javier González <javier@javigon.com>
Change-Id: I2336be6189bafb63ca0f49e0a1b16ec75b4514ac
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
(cherry picked from commit 967c9cca2c)
Signed-off-by: Victor Chong <victor.chong@linaro.org>
