From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14AC0E56F for ; Fri, 4 Apr 2025 14:32:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777150; cv=none; b=CCCEOKoa6iWs5OpqouBGdJ7zWjN6JRyPnjnNBNrx/Odkih9Frao2AOF4dY/th0AOUT9HuvUuU9ZhYnKPYQdau4kr+3ShT+CDFjyIv9o4sqihTR2sVSOpaOMU2RAi4Os0mqX3QHEPypnNq2P4Zd9B/OJlf5b+uAokTeZjuhtEt74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777150; c=relaxed/simple; bh=vCWwdAowEJBs6cvWQ7lIUrdUovkUmMtp1i6POol9XM0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JAVbVQ4Ui+ErJEDrgb1bpsy3lUMkQg8NjSHWYDiSRK2eHKbzshChkPOCppPh9G70xhyE4ua7wKt1sDK4yGI53NPvsi/TKph1XYG9FZbQ7Dm91ssnIUeYkD/vzdEiH85hOGhyO5P3j9xm+A2lrcPoRbwBiL7Q5Uu0aa6wGZ9Jf58= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=TANzxv2G; arc=none smtp.client-ip=209.85.208.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="TANzxv2G" Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5e5e22e6ed2so3068659a12.3 for ; Fri, 04 Apr 2025 07:32:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777146; x=1744381946; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5ItVLbwXh6klaFZ4DOTZKuJkyifurR/QGuqAr/eTlGU=; b=TANzxv2GpPZdEhyiGGh5EWl/HyKKguDIWKIdX2iwWSvO2Ym4qqksdaIrYC6zLd0iKq P5Y17KooDw72t/1B7eJtYFtosX558iA1zYX46ZV87r4ccylThz54uisq6gxG22vLlq9l Kxrqg5Ljt95fF7xS6I0ZKLGs+td2IOYoNF7xBW2WrLdft0fQssekmsBB0dCbuLHCRLcO l3DYcwS07HcEnpHHJtyceryLrKwGItTCIIyap7wFcOQMyc9ZzNGHeI5Kkg49y8azTs3J aiuDhAWeWR0MVUZUdPKcaJOHGTCVK0LcJTTCwBujhwQbBh4m35OxMko9gZfUYH8DJUF2 CrLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777146; x=1744381946; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5ItVLbwXh6klaFZ4DOTZKuJkyifurR/QGuqAr/eTlGU=; b=F88QOqhGMb2OQgYJ5o6iPB7cWhI9UpdwbQ7ixgNhPhF/m6AjPAyZsKxl13meo8iFtS HESpeXTgBB9fBHXO3elmx6ggo12MZzcQ+vCw5k+d63OH78v06IObHafOdmoEwC11+qBS 04CommbybI24bFYYX/gx6JF3m/CjHXD7W9U4M7ThOI25k8Z/Mythxi8G3fKgkTtoqdT6 IhHMAGpX4Wkp5a8PcWoySE+qsCpv5iyfPNt+gxeTPKd4K3aVursI+Ss1O1yy6vGMXzjm al8iKciUun+DGpZ59KH+O6T6y8QiPigQmV2R71LTStayTEYanp9bcZjOlTLeZ/DsjCbo zozA== X-Gm-Message-State: AOJu0YzI/B3ulX5QLNzuLrzZErne2QdTjIBYDfAoiECAgMMpwrH8KMQc 4+fqJdNKoYHjKgZncIHbkkuF1U7er3hfnI58PUWMQTo0zfh4s7y/FicCAV6ZkDIswDgICi6hIMk 3pp0= X-Gm-Gg: ASbGnctgq37ASstWL9e0qATfg7zHvE+j41UzUqC7hkGyHFB+OIW8qAZXuq1LgmX1ued uPdgOzOVlIdepxKGQZUz+CWGK87q/2aS8oFt1Qie7R+4m0Ex4N70DWC9Y34gc6sQjK8roytH4Aa r+7vsaFIgrB9iOa1npqF0OXSayvH/bpNi2qZDkR9cnJqyZupCV6uN5GcVavjOJkGoRKXY129d4A bep3f4QS9KNXSXmhKO1cxuxbIJh97fU28ys/m3f116YUL8mhFOVIKboy40SWcUXFMve5B5DyB1f TG/bvLcpUNXLE20bgJrnDBSiykI2dQAcxMWsr7phVhoNG7XjKFJFmQlIv2BBuizRJ5YW3oPCPAA QDJNOuP8XC8HguO+qlg+F7g== X-Google-Smtp-Source: AGHT+IHJ/1I/ptH3pCVDAQfcdNx5KHUGy5Tb2VN4inalxBPszr0OVkQ817HOYwXzW+KxBXdP3/CVtg== X-Received: by 2002:a05:6402:234e:b0:5e7:b081:aa7c with SMTP id 4fb4d7f45d1cf-5f0b5ebbc4emr2568089a12.12.1743777145883; Fri, 04 Apr 2025 07:32:25 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:25 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 01/11] tee: tee_device_alloc(): copy dma_mask from parent device Date: Fri, 4 Apr 2025 16:31:24 +0200 Message-ID: <20250404143215.2281034-2-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a parent device is supplied to tee_device_alloc(), copy the dma_mask field into the new device. This avoids future warnings when mapping a DMA-buf for the device. Signed-off-by: Jens Wiklander Reviewed-by: Sumit Garg --- drivers/tee/tee_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index d113679b1e2d..685afcaa3ea1 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -922,6 +922,8 @@ struct tee_device *tee_device_alloc(const struct tee_de= sc *teedesc, teedev->dev.class =3D &tee_class; teedev->dev.release =3D tee_release_device; teedev->dev.parent =3D dev; + if (dev) + teedev->dev.dma_mask =3D dev->dma_mask; =20 teedev->dev.devt =3D MKDEV(MAJOR(tee_devt), teedev->id); =20 --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADF7D1F417E for ; Fri, 4 Apr 2025 14:32:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777152; cv=none; b=Ljwdq4KMeFWwa7F+cAM3uFBOEj9duueI2ELMvlA1d7xDyr4E4uY31EarlmMoZBQjJmAXt8sjiMc1oAr3I1VP9xa/EnNu4hQIJvItzdrULBAR3k9tbtSTz9Ta8pQcoIoixIy0EKOFj72rlCRUIrD/TkQxm8ADVp1DiEp34vjWWLg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777152; c=relaxed/simple; bh=ClljJjvyTa+hIt59esq/vRhRnkjP2r10upW6mdBKOtM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=r3PYx841MCB3xfkRhh8swjOwZ1xvQwpv9Gj0/plGuvQnubl+aTQJzeMZkPPcs0qackbmbJw/LsmdHSjs91Cuc5mHNVD2jUWedXcWgkMmudCvRezlkKxNfWuYG9Vki962U9V3OL18pg7ggqk+HfXJ8rxKJoa6saxFPwtvYBF+6ic= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=hkJKGOjU; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="hkJKGOjU" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5e5e22e6ed2so3068738a12.3 for ; Fri, 04 Apr 2025 07:32:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777148; x=1744381948; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5X2I1MlNrc8OtxTMPdYsTmJ1JjM0sba198ISiH4P8wU=; b=hkJKGOjUH8FmaNaRqHIO++NhZGecEuF+oSre4s82U6omng+MowgS6q/I0lP7tWOQhi jPJEVNIVD35zcmtLLfPlLvC1COXGxjLPp1bJtSy5zI5A91n3R4mFpiuAeLhIyrjn+oyk iP2u8HCf4B94hRBc+az+hw1CfSJZ8+mF2P9egqBTUzh7Y5yxoWz8ktY/tqfjn1MuahDV ayynLxfdI7I085tMQXl+hNNWxLHPxZoHed+WM+xjK7JbsR0oIKv4TrN0GTQ+ED8PS/tc 41rchPIevMIbASVElaE9NlNsBy8jTL7tCpqvCPEzIYdd3j3aWxOeZkMNZRO7JGfq1b5r JGKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777148; x=1744381948; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5X2I1MlNrc8OtxTMPdYsTmJ1JjM0sba198ISiH4P8wU=; b=QNTxxR1ZakAjGCMDXfshKzOKBRGJolL7X+isMp9A22CMya/uM2R5KQqcAe2xYrEGHQ XusyHQF+B1+g340snaYavinjJHvgpDQzunsW4R73ckbDfbvMHpRuovhTVAnJzu+mv7vo CcWS3SXerQYlQwc7K03BvDGZ8fJLmEVqg3K4S81uwuOSRrIW54033z9L7JKJEdwLzFJP b39OaGyEzq0b6JM7f4h9GiG8BTsy/X4uCxH0/zLUxpIRb9adoGyszUjvs2Er8XRatFph L3adBAVA3yrVhehgxYl8+EHoLaeDLelmfr1Acvf6of71Gv1+TsuZz9JD6N2AZ71yBs2e 26Pg== X-Gm-Message-State: AOJu0YzzZMg3+YNDgDfNuKAv9j428gxBmVd0/zUxRI1OBDsOndCyhaNr PKsaLWW9jnW6KfhFKtY5ETKNfvhNCgyiQlTG4/NYGLUk6Jk22pcTqenxyy7Wgb00y47RXjd8NwU /wZo= X-Gm-Gg: ASbGncv8Rzbtrik/OU9miKq+ELVipxq+GT5kLZpFC8b4tYObkCWshvtUN2G3/fAjYGr P+FLkAmlkGPfSy2Xaa8dMztkyUFdhqKEl+KPWeNrHQz6xAAnDDILORVtbsBS0RfCbtilQKQxMB8 meigxxPr+4yvAOcFTuez0v7jg+p++agOYgdZtnFt5HltMese+u51gY36IBKRRE0gTD7jJTYJVzK KYugXTZUdFGD5/Rwj7VizLPRAK43eNmPmZJJpnSNNkXTq6wwDqZQDw0+lrmaMUneHHeiU7iurqo yeyl+lP42kekEN0+dfTa49R5HjsuOx3s83CqFfUnwbmv5dzGckJyv2ruE0jgzQuI3yEUX/zlDbl WQMWEGhIqtxE4K6zoT7M0Fg== X-Google-Smtp-Source: AGHT+IFkJLuZYKHkFqitQEQ3Yg1FLEq81E4C9if1/VM+Yaec4v2BrToG7RwujiSsE0q6nDmGLkPdOA== X-Received: by 2002:a05:6402:4415:b0:5e5:e396:3f6e with SMTP id 4fb4d7f45d1cf-5f0b661aaebmr2120030a12.26.1743777148470; Fri, 04 Apr 2025 07:32:28 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:27 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 02/11] optee: pass parent device to tee_device_alloc() Date: Fri, 4 Apr 2025 16:31:25 +0200 Message-ID: <20250404143215.2281034-3-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During probing of the OP-TEE driver, pass the parent device to tee_device_alloc() so the dma_mask of the new devices can be updated accordingly. Signed-off-by: Jens Wiklander Reviewed-by: Sumit Garg --- drivers/tee/optee/ffa_abi.c | 8 ++++---- drivers/tee/optee/smc_abi.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index f3af5666bb11..4ca1d5161b82 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -914,16 +914,16 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) (sec_caps & OPTEE_FFA_SEC_CAP_RPMB_PROBE)) optee->in_kernel_rpmb_routing =3D true; =20 - teedev =3D tee_device_alloc(&optee_ffa_clnt_desc, NULL, optee->pool, - optee); + teedev =3D tee_device_alloc(&optee_ffa_clnt_desc, &ffa_dev->dev, + optee->pool, optee); if (IS_ERR(teedev)) { rc =3D PTR_ERR(teedev); goto err_free_pool; } optee->teedev =3D teedev; =20 - teedev =3D tee_device_alloc(&optee_ffa_supp_desc, NULL, optee->pool, - optee); + teedev =3D tee_device_alloc(&optee_ffa_supp_desc, &ffa_dev->dev, + optee->pool, optee); if (IS_ERR(teedev)) { rc =3D PTR_ERR(teedev); goto err_unreg_teedev; diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index f0c3ac1103bb..165fadd9abc9 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1691,14 +1691,14 @@ static int optee_probe(struct platform_device *pdev) (sec_caps & OPTEE_SMC_SEC_CAP_RPMB_PROBE)) optee->in_kernel_rpmb_routing =3D true; =20 - teedev =3D tee_device_alloc(&optee_clnt_desc, NULL, pool, optee); + teedev =3D tee_device_alloc(&optee_clnt_desc, &pdev->dev, pool, optee); if (IS_ERR(teedev)) { rc =3D PTR_ERR(teedev); goto err_free_optee; } optee->teedev =3D teedev; =20 - teedev =3D tee_device_alloc(&optee_supp_desc, NULL, pool, optee); + teedev =3D tee_device_alloc(&optee_supp_desc, &pdev->dev, pool, optee); if (IS_ERR(teedev)) { rc =3D PTR_ERR(teedev); goto err_unreg_teedev; --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC8C11F4630 for ; Fri, 4 Apr 2025 14:32:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777155; cv=none; b=h1D2p6CVPOqLqfKM3On5mtyKdqp4FflHgOyfMhj2LEme5AyZtWYPCSgoCUA2zJC34FAAHL/Zjw1A8lWUpvG1gBwhTaXOQzzlZBB/NYHGhRE3sN5fay9KiQFFXImGNeZPSpzIkiuWCt0uOQscssMqyTBrq7J0b/1SWPmCy2c6QKo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777155; c=relaxed/simple; bh=+8DfPloRk/O2wbK0yr6MftUtkn5813LmLNGOT0rjEEQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f0bYYzNFjZskAE1ZuEw4He9+LMcblnx1J4acm4ZgwgxtIsyUllqeFB2RRypatv9K+sMU7GY5995xadCX9pf+NAR6DkJhoVqnedb/M5Ny+7j9RMFP/uiaSwFgTL3ISBx+Y0gMh9O9BGUFDlHrF3R0YQv7VYJuTAnJOS0CL7mLURw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=fTAygcNK; arc=none smtp.client-ip=209.85.208.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="fTAygcNK" Received: by mail-ed1-f46.google.com with SMTP id 4fb4d7f45d1cf-5e61da95244so3655270a12.2 for ; Fri, 04 Apr 2025 07:32:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777150; x=1744381950; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tnKwjJ1FVLv4umx37hI66Bb7z/WCUlz7TSg/JWGf0qo=; b=fTAygcNKH208LA3naF+qV/PWh25TmqRSLCLWTfVN8C2SV6HJRWbIeRk0rabNrClQR/ doMqWGYxp2KNf/Nywzm/O/obCP2jfB/eWEArxcywpddKYouI4nNpzc6lyIO8VHTUzevR QntqH1EkK8YVKQ2aUgXy9ylMy1vbQ8if1T9/3cWCwWuSjKT0EdmPp7jYzs1HsZrAENgX x6S0K26++olySF+akR5mOLtCCPDxLLwe+axmyJ4vud0ovvU2inEIrfdDNpbTcSl8QGTp 1Ws5jIZJSJ7hhQTXpCmCwzCaIn0GnJ+qAjgEtGIQSFZrVkf//D2nBB6qG7AGsNRPCPOQ Wnnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777150; x=1744381950; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tnKwjJ1FVLv4umx37hI66Bb7z/WCUlz7TSg/JWGf0qo=; b=lGeq0pl4sS/GGB8Inf+XEUXvneTZaoui0wR5XIJpgo5qkf2gkwOw0EVbRbTzgeHdaf ba9ubsH0VQA0f7SDDrJMyIDMQ7SwiVPeJE2ez/YqIgYe51cnVppnaeBqYPPiAzvhVeMY tDwnhj048lprvJESoJ0mEVaIZ1k1i5qzKt8SEaDb06gX+r39xa4pjFHsN5FC4eN03u8v L8NLLUWM8fuLnv/FiAHPoZ6DhzixCB+fVxpMcKIyJ+Wtss3czpDNJHEVy7jJEm7t51fI 3zOG8NgziXWZNJ2o+rnTD61JYxl1vjAAmQQLoDjLLiu6P8xToJU51eiI5/0KIWgg2k2q rJow== X-Gm-Message-State: AOJu0YyeIrh6Sa+DAwg6OnCyyNj4nQyeSvEjwnrACzybNybMqpjMbw4c BKPzc2GgEnysJ4BcHKzGmTyMqsolHuTCqs3RXeNj5C59t1tT2sD6+pD7rUVhFwA+cYhj8yk6BZv zLoU= X-Gm-Gg: ASbGncvmjCzXgEVfYfaaIlG32SucrnnzwOLrwLXgGmhTksYPLzvkafiv2D61bCgf5aG uTSP7gm07xIPvczOtz3m5vLZItB/CXeU5DKHAFX8tVESWOtBE3iQhBWYsm8LigB7WVf2L3a27mZ cCIJs3eVa1EYo8r4ymKFmioPRrTJW3Pi/J4QSySzMEKrwwIjok7UmbHTFgVJLD4R7QDPgPmA2cC x0xiYzNIeC9RZvzbU2zwagWOvyLV3SfErLp+Z+dohw3MFyxMTFL0ScMOSx5LSvDuZalw1qL2NkZ RiRl+cTHnRGXhrQlOZoLkNC+xr94jw0TQwBKaBMHFd5bx4zmCGl+9IzDfuZC54uBp5M/VPR+WKQ O0FzSU9J66VCd9/IRMrc2oA== X-Google-Smtp-Source: AGHT+IFEAnVFrVjfr36d1giO+EGoBdAR1GXaalGBXW6UinaiYENsuFNEXqCgnVviYRCmRoOpBYYuSw== X-Received: by 2002:a05:6402:2709:b0:5e1:8604:9a2d with SMTP id 4fb4d7f45d1cf-5f0b3b65912mr3036010a12.4.1743777150382; Fri, 04 Apr 2025 07:32:30 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:29 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 03/11] optee: account for direction while converting parameters Date: Fri, 4 Apr 2025 16:31:26 +0200 Message-ID: <20250404143215.2281034-4-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The OP-TEE backend driver has two internal function pointers to convert between the subsystem type struct tee_param and the OP-TEE type struct optee_msg_param. The conversion is done from one of the types to the other, which is then involved in some operation and finally converted back to the original type. When converting to prepare the parameters for the operation, all fields must be taken into account, but then converting back, it's enough to update only out-values and out-sizes. So, an update_out parameter is added to the conversion functions to tell if all or only some fields must be copied. This is needed in a later patch where it might get confusing when converting back in from_msg_param() callback since an allocated restricted SHM can be using the sec_world_id of the used restricted memory pool and that doesn't translate back well. Signed-off-by: Jens Wiklander --- drivers/tee/optee/call.c | 10 ++-- drivers/tee/optee/ffa_abi.c | 43 +++++++++++++---- drivers/tee/optee/optee_private.h | 42 +++++++++++------ drivers/tee/optee/rpc.c | 31 +++++++++---- drivers/tee/optee/smc_abi.c | 76 +++++++++++++++++++++++-------- 5 files changed, 144 insertions(+), 58 deletions(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index 16eb953e14bb..f1533b894726 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -400,7 +400,8 @@ int optee_open_session(struct tee_context *ctx, export_uuid(msg_arg->params[1].u.octets, &client_uuid); =20 rc =3D optee->ops->to_msg_param(optee, msg_arg->params + 2, - arg->num_params, param); + arg->num_params, param, + false /*!update_out*/); if (rc) goto out; =20 @@ -427,7 +428,8 @@ int optee_open_session(struct tee_context *ctx, } =20 if (optee->ops->from_msg_param(optee, param, arg->num_params, - msg_arg->params + 2)) { + msg_arg->params + 2, + true /*update_out*/)) { arg->ret =3D TEEC_ERROR_COMMUNICATION; arg->ret_origin =3D TEEC_ORIGIN_COMMS; /* Close session again to avoid leakage */ @@ -541,7 +543,7 @@ int optee_invoke_func(struct tee_context *ctx, struct t= ee_ioctl_invoke_arg *arg, msg_arg->cancel_id =3D arg->cancel_id; =20 rc =3D optee->ops->to_msg_param(optee, msg_arg->params, arg->num_params, - param); + param, false /*!update_out*/); if (rc) goto out; =20 @@ -551,7 +553,7 @@ int optee_invoke_func(struct tee_context *ctx, struct t= ee_ioctl_invoke_arg *arg, } =20 if (optee->ops->from_msg_param(optee, param, arg->num_params, - msg_arg->params)) { + msg_arg->params, true /*update_out*/)) { msg_arg->ret =3D TEEC_ERROR_COMMUNICATION; msg_arg->ret_origin =3D TEEC_ORIGIN_COMMS; } diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 4ca1d5161b82..e4b08cd195f3 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -122,15 +122,21 @@ static int optee_shm_rem_ffa_handle(struct optee *opt= ee, u64 global_id) */ =20 static void from_msg_param_ffa_mem(struct optee *optee, struct tee_param *= p, - u32 attr, const struct optee_msg_param *mp) + u32 attr, const struct optee_msg_param *mp, + bool update_out) { struct tee_shm *shm =3D NULL; u64 offs_high =3D 0; u64 offs_low =3D 0; =20 + if (update_out) { + if (attr =3D=3D OPTEE_MSG_ATTR_TYPE_FMEM_INPUT) + return; + goto out; + } + p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - OPTEE_MSG_ATTR_TYPE_FMEM_INPUT; - p->u.memref.size =3D mp->u.fmem.size; =20 if (mp->u.fmem.global_id !=3D OPTEE_MSG_FMEM_INVALID_GLOBAL_ID) shm =3D optee_shm_from_ffa_handle(optee, mp->u.fmem.global_id); @@ -141,6 +147,8 @@ static void from_msg_param_ffa_mem(struct optee *optee,= struct tee_param *p, offs_high =3D mp->u.fmem.offs_high; } p->u.memref.shm_offs =3D offs_low | offs_high << 32; +out: + p->u.memref.size =3D mp->u.fmem.size; } =20 /** @@ -150,12 +158,14 @@ static void from_msg_param_ffa_mem(struct optee *opte= e, struct tee_param *p, * @params: subsystem internal parameter representation * @num_params: number of elements in the parameter arrays * @msg_params: OPTEE_MSG parameters + * @update_out: update parameter for output only * * Returns 0 on success or <0 on failure */ static int optee_ffa_from_msg_param(struct optee *optee, struct tee_param *params, size_t num_params, - const struct optee_msg_param *msg_params) + const struct optee_msg_param *msg_params, + bool update_out) { size_t n; =20 @@ -166,18 +176,20 @@ static int optee_ffa_from_msg_param(struct optee *opt= ee, =20 switch (attr) { case OPTEE_MSG_ATTR_TYPE_NONE: + if (update_out) + break; p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&p->u, 0, sizeof(p->u)); break; case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: - optee_from_msg_param_value(p, attr, mp); + optee_from_msg_param_value(p, attr, mp, update_out); break; case OPTEE_MSG_ATTR_TYPE_FMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_FMEM_OUTPUT: case OPTEE_MSG_ATTR_TYPE_FMEM_INOUT: - from_msg_param_ffa_mem(optee, p, attr, mp); + from_msg_param_ffa_mem(optee, p, attr, mp, update_out); break; default: return -EINVAL; @@ -188,10 +200,16 @@ static int optee_ffa_from_msg_param(struct optee *opt= ee, } =20 static int to_msg_param_ffa_mem(struct optee_msg_param *mp, - const struct tee_param *p) + const struct tee_param *p, bool update_out) { struct tee_shm *shm =3D p->u.memref.shm; =20 + if (update_out) { + if (p->attr =3D=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT) + return 0; + goto out; + } + mp->attr =3D OPTEE_MSG_ATTR_TYPE_FMEM_INPUT + p->attr - TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; =20 @@ -211,6 +229,7 @@ static int to_msg_param_ffa_mem(struct optee_msg_param = *mp, memset(&mp->u, 0, sizeof(mp->u)); mp->u.fmem.global_id =3D OPTEE_MSG_FMEM_INVALID_GLOBAL_ID; } +out: mp->u.fmem.size =3D p->u.memref.size; =20 return 0; @@ -222,13 +241,15 @@ static int to_msg_param_ffa_mem(struct optee_msg_para= m *mp, * @optee: main service struct * @msg_params: OPTEE_MSG parameters * @num_params: number of elements in the parameter arrays - * @params: subsystem itnernal parameter representation + * @params: subsystem internal parameter representation + * @update_out: update parameter for output only * Returns 0 on success or <0 on failure */ static int optee_ffa_to_msg_param(struct optee *optee, struct optee_msg_param *msg_params, size_t num_params, - const struct tee_param *params) + const struct tee_param *params, + bool update_out) { size_t n; =20 @@ -238,18 +259,20 @@ static int optee_ffa_to_msg_param(struct optee *optee, =20 switch (p->attr) { case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: + if (update_out) + break; mp->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&mp->u, 0, sizeof(mp->u)); break; case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: - optee_to_msg_param_value(mp, p); + optee_to_msg_param_value(mp, p, update_out); break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: - if (to_msg_param_ffa_mem(mp, p)) + if (to_msg_param_ffa_mem(mp, p, update_out)) return -EINVAL; break; default: diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_pr= ivate.h index dc0f355ef72a..20eda508dbac 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -185,10 +185,12 @@ struct optee_ops { bool system_thread); int (*to_msg_param)(struct optee *optee, struct optee_msg_param *msg_params, - size_t num_params, const struct tee_param *params); + size_t num_params, const struct tee_param *params, + bool update_out); int (*from_msg_param)(struct optee *optee, struct tee_param *params, size_t num_params, - const struct optee_msg_param *msg_params); + const struct optee_msg_param *msg_params, + bool update_out); }; =20 /** @@ -316,23 +318,35 @@ void optee_release(struct tee_context *ctx); void optee_release_supp(struct tee_context *ctx); =20 static inline void optee_from_msg_param_value(struct tee_param *p, u32 att= r, - const struct optee_msg_param *mp) + const struct optee_msg_param *mp, + bool update_out) { - p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT + - attr - OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; - p->u.value.a =3D mp->u.value.a; - p->u.value.b =3D mp->u.value.b; - p->u.value.c =3D mp->u.value.c; + if (!update_out) + p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT + + attr - OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; + + if (attr =3D=3D OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT || + attr =3D=3D OPTEE_MSG_ATTR_TYPE_VALUE_INOUT || !update_out) { + p->u.value.a =3D mp->u.value.a; + p->u.value.b =3D mp->u.value.b; + p->u.value.c =3D mp->u.value.c; + } } =20 static inline void optee_to_msg_param_value(struct optee_msg_param *mp, - const struct tee_param *p) + const struct tee_param *p, + bool update_out) { - mp->attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + p->attr - - TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; - mp->u.value.a =3D p->u.value.a; - mp->u.value.b =3D p->u.value.b; - mp->u.value.c =3D p->u.value.c; + if (!update_out) + mp->attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + p->attr - + TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + + if (p->attr =3D=3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT || + p->attr =3D=3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT || !update_out) { + mp->u.value.a =3D p->u.value.a; + mp->u.value.b =3D p->u.value.b; + mp->u.value.c =3D p->u.value.c; + } } =20 void optee_cq_init(struct optee_call_queue *cq, int thread_count); diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index ebbbd42b0e3e..580e6b9b0606 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -63,7 +63,7 @@ static void handle_rpc_func_cmd_i2c_transfer(struct tee_c= ontext *ctx, } =20 if (optee->ops->from_msg_param(optee, params, arg->num_params, - arg->params)) + arg->params, false /*!update_out*/)) goto bad; =20 for (i =3D 0; i < arg->num_params; i++) { @@ -107,7 +107,8 @@ static void handle_rpc_func_cmd_i2c_transfer(struct tee= _context *ctx, } else { params[3].u.value.a =3D msg.len; if (optee->ops->to_msg_param(optee, arg->params, - arg->num_params, params)) + arg->num_params, params, + true /*update_out*/)) arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; else arg->ret =3D TEEC_SUCCESS; @@ -188,6 +189,7 @@ static void handle_rpc_func_cmd_wait(struct optee_msg_a= rg *arg) static void handle_rpc_supp_cmd(struct tee_context *ctx, struct optee *opt= ee, struct optee_msg_arg *arg) { + bool update_out =3D false; struct tee_param *params; =20 arg->ret_origin =3D TEEC_ORIGIN_COMMS; @@ -200,15 +202,21 @@ static void handle_rpc_supp_cmd(struct tee_context *c= tx, struct optee *optee, } =20 if (optee->ops->from_msg_param(optee, params, arg->num_params, - arg->params)) { + arg->params, update_out)) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; goto out; } =20 arg->ret =3D optee_supp_thrd_req(ctx, arg->cmd, arg->num_params, params); =20 + /* + * Special treatment for OPTEE_RPC_CMD_SHM_ALLOC since input is a + * value type, but the output is a memref type. + */ + if (arg->cmd !=3D OPTEE_RPC_CMD_SHM_ALLOC) + update_out =3D true; if (optee->ops->to_msg_param(optee, arg->params, arg->num_params, - params)) + params, update_out)) arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; out: kfree(params); @@ -270,7 +278,7 @@ static void handle_rpc_func_rpmb_probe_reset(struct tee= _context *ctx, =20 if (arg->num_params !=3D ARRAY_SIZE(params) || optee->ops->from_msg_param(optee, params, arg->num_params, - arg->params) || + arg->params, false /*!update_out*/) || params[0].attr !=3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; return; @@ -280,7 +288,8 @@ static void handle_rpc_func_rpmb_probe_reset(struct tee= _context *ctx, params[0].u.value.b =3D 0; params[0].u.value.c =3D 0; if (optee->ops->to_msg_param(optee, arg->params, - arg->num_params, params)) { + arg->num_params, params, + true /*update_out*/)) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; return; } @@ -324,7 +333,7 @@ static void handle_rpc_func_rpmb_probe_next(struct tee_= context *ctx, =20 if (arg->num_params !=3D ARRAY_SIZE(params) || optee->ops->from_msg_param(optee, params, arg->num_params, - arg->params) || + arg->params, false /*!update_out*/) || params[0].attr !=3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT || params[1].attr !=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; @@ -358,7 +367,8 @@ static void handle_rpc_func_rpmb_probe_next(struct tee_= context *ctx, params[0].u.value.b =3D rdev->descr.capacity; params[0].u.value.c =3D rdev->descr.reliable_wr_count; if (optee->ops->to_msg_param(optee, arg->params, - arg->num_params, params)) { + arg->num_params, params, + true /*update_out*/)) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; return; } @@ -384,7 +394,7 @@ static void handle_rpc_func_rpmb_frames(struct tee_cont= ext *ctx, =20 if (arg->num_params !=3D ARRAY_SIZE(params) || optee->ops->from_msg_param(optee, params, arg->num_params, - arg->params) || + arg->params, false /*!update_out*/) || params[0].attr !=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT || params[1].attr !=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; @@ -401,7 +411,8 @@ static void handle_rpc_func_rpmb_frames(struct tee_cont= ext *ctx, goto out; } if (optee->ops->to_msg_param(optee, arg->params, - arg->num_params, params)) { + arg->num_params, params, + true /*update_out*/)) { arg->ret =3D TEEC_ERROR_BAD_PARAMETERS; goto out; } diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 165fadd9abc9..cfdae266548b 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -81,20 +81,26 @@ static int optee_cpuhp_disable_pcpu_irq(unsigned int cp= u) */ =20 static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr, - const struct optee_msg_param *mp) + const struct optee_msg_param *mp, + bool update_out) { struct tee_shm *shm; phys_addr_t pa; int rc; =20 + if (update_out) { + if (attr =3D=3D OPTEE_MSG_ATTR_TYPE_TMEM_INPUT) + return 0; + goto out; + } + p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; - p->u.memref.size =3D mp->u.tmem.size; shm =3D (struct tee_shm *)(unsigned long)mp->u.tmem.shm_ref; if (!shm) { p->u.memref.shm_offs =3D 0; p->u.memref.shm =3D NULL; - return 0; + goto out; } =20 rc =3D tee_shm_get_pa(shm, 0, &pa); @@ -103,18 +109,25 @@ static int from_msg_param_tmp_mem(struct tee_param *p= , u32 attr, =20 p->u.memref.shm_offs =3D mp->u.tmem.buf_ptr - pa; p->u.memref.shm =3D shm; - +out: + p->u.memref.size =3D mp->u.tmem.size; return 0; } =20 static void from_msg_param_reg_mem(struct tee_param *p, u32 attr, - const struct optee_msg_param *mp) + const struct optee_msg_param *mp, + bool update_out) { struct tee_shm *shm; =20 + if (update_out) { + if (attr =3D=3D OPTEE_MSG_ATTR_TYPE_RMEM_INPUT) + return; + goto out; + } + p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; - p->u.memref.size =3D mp->u.rmem.size; shm =3D (struct tee_shm *)(unsigned long)mp->u.rmem.shm_ref; =20 if (shm) { @@ -124,6 +137,8 @@ static void from_msg_param_reg_mem(struct tee_param *p,= u32 attr, p->u.memref.shm_offs =3D 0; p->u.memref.shm =3D NULL; } +out: + p->u.memref.size =3D mp->u.rmem.size; } =20 /** @@ -133,11 +148,13 @@ static void from_msg_param_reg_mem(struct tee_param *= p, u32 attr, * @params: subsystem internal parameter representation * @num_params: number of elements in the parameter arrays * @msg_params: OPTEE_MSG parameters + * @update_out: update parameter for output only * Returns 0 on success or <0 on failure */ static int optee_from_msg_param(struct optee *optee, struct tee_param *par= ams, size_t num_params, - const struct optee_msg_param *msg_params) + const struct optee_msg_param *msg_params, + bool update_out) { int rc; size_t n; @@ -149,25 +166,27 @@ static int optee_from_msg_param(struct optee *optee, = struct tee_param *params, =20 switch (attr) { case OPTEE_MSG_ATTR_TYPE_NONE: + if (update_out) + break; p->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&p->u, 0, sizeof(p->u)); break; case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: - optee_from_msg_param_value(p, attr, mp); + optee_from_msg_param_value(p, attr, mp, update_out); break; case OPTEE_MSG_ATTR_TYPE_TMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT: case OPTEE_MSG_ATTR_TYPE_TMEM_INOUT: - rc =3D from_msg_param_tmp_mem(p, attr, mp); + rc =3D from_msg_param_tmp_mem(p, attr, mp, update_out); if (rc) return rc; break; case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_INOUT: - from_msg_param_reg_mem(p, attr, mp); + from_msg_param_reg_mem(p, attr, mp, update_out); break; =20 default: @@ -178,20 +197,25 @@ static int optee_from_msg_param(struct optee *optee, = struct tee_param *params, } =20 static int to_msg_param_tmp_mem(struct optee_msg_param *mp, - const struct tee_param *p) + const struct tee_param *p, bool update_out) { int rc; phys_addr_t pa; =20 + if (update_out) { + if (p->attr =3D=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT) + return 0; + goto out; + } + mp->attr =3D OPTEE_MSG_ATTR_TYPE_TMEM_INPUT + p->attr - TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; =20 mp->u.tmem.shm_ref =3D (unsigned long)p->u.memref.shm; - mp->u.tmem.size =3D p->u.memref.size; =20 if (!p->u.memref.shm) { mp->u.tmem.buf_ptr =3D 0; - return 0; + goto out; } =20 rc =3D tee_shm_get_pa(p->u.memref.shm, p->u.memref.shm_offs, &pa); @@ -201,19 +225,27 @@ static int to_msg_param_tmp_mem(struct optee_msg_para= m *mp, mp->u.tmem.buf_ptr =3D pa; mp->attr |=3D OPTEE_MSG_ATTR_CACHE_PREDEFINED << OPTEE_MSG_ATTR_CACHE_SHIFT; - +out: + mp->u.tmem.size =3D p->u.memref.size; return 0; } =20 static int to_msg_param_reg_mem(struct optee_msg_param *mp, - const struct tee_param *p) + const struct tee_param *p, bool update_out) { + if (update_out) { + if (p->attr =3D=3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT) + return 0; + goto out; + } + mp->attr =3D OPTEE_MSG_ATTR_TYPE_RMEM_INPUT + p->attr - TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; =20 mp->u.rmem.shm_ref =3D (unsigned long)p->u.memref.shm; - mp->u.rmem.size =3D p->u.memref.size; mp->u.rmem.offs =3D p->u.memref.shm_offs; +out: + mp->u.rmem.size =3D p->u.memref.size; return 0; } =20 @@ -223,11 +255,13 @@ static int to_msg_param_reg_mem(struct optee_msg_para= m *mp, * @msg_params: OPTEE_MSG parameters * @num_params: number of elements in the parameter arrays * @params: subsystem itnernal parameter representation + * @update_out: update parameter for output only * Returns 0 on success or <0 on failure */ static int optee_to_msg_param(struct optee *optee, struct optee_msg_param *msg_params, - size_t num_params, const struct tee_param *params) + size_t num_params, const struct tee_param *params, + bool update_out) { int rc; size_t n; @@ -238,21 +272,23 @@ static int optee_to_msg_param(struct optee *optee, =20 switch (p->attr) { case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: + if (update_out) + break; mp->attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&mp->u, 0, sizeof(mp->u)); break; case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: - optee_to_msg_param_value(mp, p); + optee_to_msg_param_value(mp, p, update_out); break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: if (tee_shm_is_dynamic(p->u.memref.shm)) - rc =3D to_msg_param_reg_mem(mp, p); + rc =3D to_msg_param_reg_mem(mp, p, update_out); else - rc =3D to_msg_param_tmp_mem(mp, p); + rc =3D to_msg_param_tmp_mem(mp, p, update_out); if (rc) return rc; break; --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD16C1F461F for ; Fri, 4 Apr 2025 14:32:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777156; cv=none; b=Uiqzq7BITKf3eBSb7BpRPJS1EzOMwsNMCzlI4+tm0wBlUcBo0wHfjeG2GQwIeYbCMxu+HXoZD4bFf648NyoIy9SW8PelipLoA3bXDkPqcvDYexbE0zA2AXk6I/1KFDE7y3pJy9heomCz6i+Tuf1gGYB6hWNVwgAEnc3TclzsGY8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777156; c=relaxed/simple; bh=J/vGrQPDjVe+uwrTCWeU9j3vHoj0JNyreXqhx89i14o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZP418Lfida/GDWr6heX1TmvIbr1zJO5tBuakuFPA7cAsK+vmCvZw2hJoF9KbbMHaDL1uZWkZgEzUk27+382KymlQGh+AXJlxa5RuKW2ldN9b9sXAV/agBR6tGOaXPuMzIRc0o0h1HTy6dtHYKqlrPkOK34bAgq96MFRQ4oIlUoc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=dQ3LW4Do; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="dQ3LW4Do" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5e6c18e2c7dso4076924a12.3 for ; Fri, 04 Apr 2025 07:32:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777152; x=1744381952; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=F6BjtAt9Fs9/6s/sgyteem8A9dvJCTVhv9ApDG/Ww5o=; b=dQ3LW4DoHQHpL0Go85ybqWUcjVDu6o3E68xZf24kP1lJMSNWUJQG+KAF9nk0W/WzK+ pX25fe0iFHRcVz+qIggxRb508WNatjh//sfCRUVPpSDOzUZ7OrE2e8k2+iPnieo6fhSz wFmV8CJp+fhAeW/JahdmIK2jgCb/5YBc3/wgTBrg0XlWIlu1bt1tmWli6hGllZ6HmOQ3 5zAe7Icb+okSaI66YWl9oivw7zcVtRWziTixhF56/qgZeSS7EEUNLIihFZUj9Opx5mzc 9226YMZz0uLxea3KChA+R8psyk/j6Cuxlxu0Li7k2ueslpDmdgxV5TKFbavVZjl8AFsx 7e6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777152; x=1744381952; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F6BjtAt9Fs9/6s/sgyteem8A9dvJCTVhv9ApDG/Ww5o=; b=gM06EyQQqjnwKkXlZpVR7mPrcQrmpGC/7NOv4kZuHoz6zVVbauOkdtGxE1OXR/G8NS VzSBmSHuvGnSWzawhOn9lTse/62abzSA9fz/PSFHQVBreZoQpdVRk22fKKy0YGsdIZuE gdthknkrV3Ibvq0WkV0Ua4wLqnJcKkzODj1l+hXQOQAuGgg1fBK4qAF1rx8Iu7/waVVQ DKT0SpyNyDoq1J+tJbawb8NEBp645tn234Tr4n6BpGs0Zn4HN9dGhTaT3oo+DFDC8BLh y1Jp/7k7TfYYgHyGKpPQFSRJN0umpqGgrnketYGDejK5ZQsbBaMNHKpg274tJ1l/tLEf jIuA== X-Gm-Message-State: AOJu0Yxh5EmtL06+Kg6HfaApiDa71w676UV7iMcyOj4A7N1xCmQtWVFM Kf2W4i1l0s18iuWBO8mwNlLukC6BLHTKB+VYHJBjROMSOL4tUgj4J6d4gyuVhbbUROyZpl1EtU8 fH/I= X-Gm-Gg: ASbGncsa3DCNvNXsXhIzqmiG4j70WphtMgboJEIVmLeTDDwb2F9e6rQkfFsahXcIvQQ uFh4Eg7qoWRBGA4Hp8XSRB/F/7aeifF7fyKY5zelVcBIWzUWJMH1N9a5RLZlzBBz2+frvBRrQPk 1rqxGT4TlHrj/6YrNN65G00t4RR/vpFEfP7O4j+vXvJVsmLkBrjEVdboTZMD+egPa0irglM7ssb MvSMdlBk33yNkKWQnzv9bkHdZQgqiaXG3akh2V9Ft4FDwXFZtgL4P/3lteUP3XexEPwBqQi1IiT 7XXx0V9/Lfy2t3jl5eQG87CrcovNwAXrPDNq9fNl9IkRYoNAm6j9yF5ZU08wI/qbbNa0AO+HCax T/rRbArle9LTvjxMi6nNWDQYYzDk4Jotl X-Google-Smtp-Source: AGHT+IE/s4grzJamKNkRm0AL6bHJZwn2CiadFSE8M1OzjktZeW8BdCogb4CFp6YqnkovQ4cWd1r8Ug== X-Received: by 2002:a05:6402:380c:b0:5f0:8551:9790 with SMTP id 4fb4d7f45d1cf-5f0b3bcd2c0mr2480914a12.16.1743777152260; Fri, 04 Apr 2025 07:32:32 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:31 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 04/11] optee: sync secure world ABI headers Date: Fri, 4 Apr 2025 16:31:27 +0200 Message-ID: <20250404143215.2281034-5-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Update the header files describing the secure world ABI, both with and without FF-A. The ABI is extended to deal with protected memory, but as usual backward compatible. Signed-off-by: Jens Wiklander --- drivers/tee/optee/optee_ffa.h | 27 +++++++++--- drivers/tee/optee/optee_msg.h | 83 ++++++++++++++++++++++++++++++----- drivers/tee/optee/optee_smc.h | 71 +++++++++++++++++++++++++++++- 3 files changed, 163 insertions(+), 18 deletions(-) diff --git a/drivers/tee/optee/optee_ffa.h b/drivers/tee/optee/optee_ffa.h index 257735ae5b56..cc257e7956a3 100644 --- a/drivers/tee/optee/optee_ffa.h +++ b/drivers/tee/optee/optee_ffa.h @@ -81,7 +81,7 @@ * as the second MSG arg struct for * OPTEE_FFA_YIELDING_CALL_WITH_ARG. * Bit[31:8]: Reserved (MBZ) - * w5: Bitfield of secure world capabilities OPTEE_FFA_SEC_CAP_* below, + * w5: Bitfield of OP-TEE capabilities OPTEE_FFA_SEC_CAP_* * w6: The maximum secure world notification number * w7: Not used (MBZ) */ @@ -94,6 +94,8 @@ #define OPTEE_FFA_SEC_CAP_ASYNC_NOTIF BIT(1) /* OP-TEE supports probing for RPMB device if needed */ #define OPTEE_FFA_SEC_CAP_RPMB_PROBE BIT(2) +/* OP-TEE supports Protected Memory for secure data path */ +#define OPTEE_FFA_SEC_CAP_PROTMEM BIT(3) =20 #define OPTEE_FFA_EXCHANGE_CAPABILITIES OPTEE_FFA_BLOCKING_CALL(2) =20 @@ -108,7 +110,7 @@ * * Return register usage: * w3: Error code, 0 on success - * w4-w7: Note used (MBZ) + * w4-w7: Not used (MBZ) */ #define OPTEE_FFA_UNREGISTER_SHM OPTEE_FFA_BLOCKING_CALL(3) =20 @@ -119,16 +121,31 @@ * Call register usage: * w3: Service ID, OPTEE_FFA_ENABLE_ASYNC_NOTIF * w4: Notification value to request bottom half processing, should be - * less than OPTEE_FFA_MAX_ASYNC_NOTIF_VALUE. + * less than OPTEE_FFA_MAX_ASYNC_NOTIF_VALUE * w5-w7: Not used (MBZ) * * Return register usage: * w3: Error code, 0 on success - * w4-w7: Note used (MBZ) + * w4-w7: Not used (MBZ) */ #define OPTEE_FFA_ENABLE_ASYNC_NOTIF OPTEE_FFA_BLOCKING_CALL(5) =20 -#define OPTEE_FFA_MAX_ASYNC_NOTIF_VALUE 64 +#define OPTEE_FFA_MAX_ASYNC_NOTIF_VALUE 64 + +/* + * Release Protected memory + * + * Call register usage: + * w3: Service ID, OPTEE_FFA_RECLAIM_PROTMEM + * w4: Shared memory handle, lower bits + * w5: Shared memory handle, higher bits + * w6-w7: Not used (MBZ) + * + * Return register usage: + * w3: Error code, 0 on success + * w4-w7: Note used (MBZ) + */ +#define OPTEE_FFA_RELEASE_PROTMEM OPTEE_FFA_BLOCKING_CALL(8) =20 /* * Call with struct optee_msg_arg as argument in the supplied shared memory diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index e8840a82b983..22d71d6f110d 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -133,13 +133,13 @@ struct optee_msg_param_rmem { }; =20 /** - * struct optee_msg_param_fmem - ffa memory reference parameter + * struct optee_msg_param_fmem - FF-A memory reference parameter * @offs_lower: Lower bits of offset into shared memory reference * @offs_upper: Upper bits of offset into shared memory reference * @internal_offs: Internal offset into the first page of shared memory * reference * @size: Size of the buffer - * @global_id: Global identifier of Shared memory + * @global_id: Global identifier of the shared memory */ struct optee_msg_param_fmem { u32 offs_low; @@ -165,7 +165,7 @@ struct optee_msg_param_value { * @attr: attributes * @tmem: parameter by temporary memory reference * @rmem: parameter by registered memory reference - * @fmem: parameter by ffa registered memory reference + * @fmem: parameter by FF-A registered memory reference * @value: parameter by opaque value * @octets: parameter by octet string * @@ -296,6 +296,18 @@ struct optee_msg_arg { */ #define OPTEE_MSG_FUNCID_GET_OS_REVISION 0x0001 =20 +/* + * Values used in OPTEE_MSG_CMD_LEND_PROTMEM below + * OPTEE_MSG_PROTMEM_RESERVED Reserved + * OPTEE_MSG_PROTMEM_SECURE_VIDEO_PLAY Secure Video Playback + * OPTEE_MSG_PROTMEM_TRUSTED_UI Trused UI + * OPTEE_MSG_PROTMEM_SECURE_VIDEO_RECORD Secure Video Recording + */ +#define OPTEE_MSG_PROTMEM_RESERVED 0 +#define OPTEE_MSG_PROTMEM_SECURE_VIDEO_PLAY 1 +#define OPTEE_MSG_PROTMEM_TRUSTED_UI 2 +#define OPTEE_MSG_PROTMEM_SECURE_VIDEO_RECORD 3 + /* * Do a secure call with struct optee_msg_arg as argument * The OPTEE_MSG_CMD_* below defines what goes in struct optee_msg_arg::cmd @@ -337,15 +349,62 @@ struct optee_msg_arg { * OPTEE_MSG_CMD_STOP_ASYNC_NOTIF informs secure world that from now is * normal world unable to process asynchronous notifications. Typically * used when the driver is shut down. + * + * OPTEE_MSG_CMD_LEND_PROTMEM lends protected memory. The passed normal + * physical memory is protected from normal world access. The memory + * should be unmapped prior to this call since it becomes inaccessible + * during the request. + * Parameters are passed as: + * [in] param[0].attr OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + * [in] param[0].u.value.a OPTEE_MSG_PROTMEM_* defined above + * [in] param[1].attr OPTEE_MSG_ATTR_TYPE_TMEM_INPUT + * [in] param[1].u.tmem.buf_ptr physical address + * [in] param[1].u.tmem.size size + * [in] param[1].u.tmem.shm_ref holds protected memory reference + * + * OPTEE_MSG_CMD_RECLAIM_PROTMEM reclaims a previously lent protected + * memory reference. The physical memory is accessible by the normal world + * after this function has return and can be mapped again. The information + * is passed as: + * [in] param[0].attr OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + * [in] param[0].u.value.a holds protected memory cookie + * + * OPTEE_MSG_CMD_GET_PROTMEM_CONFIG get configuration for a specific + * protected memory use case. Parameters are passed as: + * [in] param[0].attr OPTEE_MSG_ATTR_TYPE_VALUE_INOUT + * [in] param[0].value.a OPTEE_MSG_PROTMEM_* + * [in] param[1].attr OPTEE_MSG_ATTR_TYPE_{R,F}MEM_OUTPUT + * [in] param[1].u.{r,f}mem Buffer or NULL + * [in] param[1].u.{r,f}mem.size Provided size of buffer or 0 for query + * output for the protected use case: + * [out] param[0].value.a Minimal size of protected memory + * [out] param[0].value.b Required alignment of size and start of + * protected memory + * [out] param[1].{r,f}mem.size Size of output data + * [out] param[1].{r,f}mem If non-NULL, contains an array of + * uint16_t holding endpoints that + * must be included when lending + * memory for this use case + * + * OPTEE_MSG_CMD_ASSIGN_PROTMEM assigns use-case to protected memory + * previously lent using the FFA_LEND framework ABI. Parameters are passed + * as: + * [in] param[0].attr OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + * [in] param[0].u.value.a holds protected memory cookie + * [in] param[0].u.value.b OPTEE_MSG_PROTMEM_* defined above */ -#define OPTEE_MSG_CMD_OPEN_SESSION 0 -#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 -#define OPTEE_MSG_CMD_CLOSE_SESSION 2 -#define OPTEE_MSG_CMD_CANCEL 3 -#define OPTEE_MSG_CMD_REGISTER_SHM 4 -#define OPTEE_MSG_CMD_UNREGISTER_SHM 5 -#define OPTEE_MSG_CMD_DO_BOTTOM_HALF 6 -#define OPTEE_MSG_CMD_STOP_ASYNC_NOTIF 7 -#define OPTEE_MSG_FUNCID_CALL_WITH_ARG 0x0004 +#define OPTEE_MSG_CMD_OPEN_SESSION 0 +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 +#define OPTEE_MSG_CMD_CANCEL 3 +#define OPTEE_MSG_CMD_REGISTER_SHM 4 +#define OPTEE_MSG_CMD_UNREGISTER_SHM 5 +#define OPTEE_MSG_CMD_DO_BOTTOM_HALF 6 +#define OPTEE_MSG_CMD_STOP_ASYNC_NOTIF 7 +#define OPTEE_MSG_CMD_LEND_PROTMEM 8 +#define OPTEE_MSG_CMD_RECLAIM_PROTMEM 9 +#define OPTEE_MSG_CMD_GET_PROTMEM_CONFIG 10 +#define OPTEE_MSG_CMD_ASSIGN_PROTMEM 11 +#define OPTEE_MSG_FUNCID_CALL_WITH_ARG 0x0004 =20 #endif /* _OPTEE_MSG_H */ diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 879426300821..b17e81f464a3 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -264,7 +264,6 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM BIT(0) /* Secure world can communicate via previously unregistered shared memory = */ #define OPTEE_SMC_SEC_CAP_UNREGISTERED_SHM BIT(1) - /* * Secure world supports commands "register/unregister shared memory", * secure world accepts command buffers located in any parts of non-secure= RAM @@ -280,6 +279,10 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) /* Secure world supports probing for RPMB device if needed */ #define OPTEE_SMC_SEC_CAP_RPMB_PROBE BIT(7) +/* Secure world supports protected memory */ +#define OPTEE_SMC_SEC_CAP_PROTMEM BIT(8) +/* Secure world supports dynamic protected memory */ +#define OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM BIT(9) =20 #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -451,6 +454,72 @@ struct optee_smc_disable_shm_cache_result { =20 /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* + * Get protected memory config + * + * Returns the protected memory config. + * + * Call register usage: + * a0 SMC Function ID, OPTEE_SMC_GET_PROTMEM_CONFIG + * a2-6 Not used, must be zero + * a7 Hypervisor Client ID register + * + * Have config return register usage: + * a0 OPTEE_SMC_RETURN_OK + * a1 Physical address of start of protected memory + * a2 Size of protected memory + * a3 Not used + * a4-7 Preserved + * + * Not available register usage: + * a0 OPTEE_SMC_RETURN_ENOTAVAIL + * a1-3 Not used + * a4-7 Preserved + */ +#define OPTEE_SMC_FUNCID_GET_PROTMEM_CONFIG 20 +#define OPTEE_SMC_GET_PROTMEM_CONFIG \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_GET_PROTMEM_CONFIG) + +struct optee_smc_get_protmem_config_result { + unsigned long status; + unsigned long start; + unsigned long size; + unsigned long flags; +}; + +/* + * Get dynamic protected memory config + * + * Returns the dynamic protected memory config. + * + * Call register usage: + * a0 SMC Function ID, OPTEE_SMC_GET_DYN_SHM_CONFIG + * a2-6 Not used, must be zero + * a7 Hypervisor Client ID register + * + * Have config return register usage: + * a0 OPTEE_SMC_RETURN_OK + * a1 Minamal size of protected memory + * a2 Required alignment of size and start of registered protected memory + * a3 Not used + * a4-7 Preserved + * + * Not available register usage: + * a0 OPTEE_SMC_RETURN_ENOTAVAIL + * a1-3 Not used + * a4-7 Preserved + */ + +#define OPTEE_SMC_FUNCID_GET_DYN_PROTMEM_CONFIG 21 +#define OPTEE_SMC_GET_DYN_PROTMEM_CONFIG \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_GET_DYN_PROTMEM_CONFIG) + +struct optee_smc_get_dyn_protmem_config_result { + unsigned long status; + unsigned long size; + unsigned long align; + unsigned long flags; +}; =20 /* * Resume from RPC (for example after processing a foreign interrupt) --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95F5A1F4E48 for ; Fri, 4 Apr 2025 14:32:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777159; cv=none; b=VaT5mqmNaQjuDLsD7PQ18o4awr0ALwwc6YNcY749izr7Mxdgg7qWr/0UGwhtq+ru3wy1i1KjKd2nJq77u3xd0LMwUjKOP9VlmnieO/M2YYHesXTTfelO9v8B9ecEfjjjzhMhmowi7qWQ3GVyp7YoRwFBV6jsTQUlY6Ysv4R0Oxg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777159; c=relaxed/simple; bh=lNdVj5wX6n1SUH86k6y731Yqsb8ZStR7+Kxb8Ijb92E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bJCxCPVbz95CtzAPEyTz5NyGXqEScO/j/p29YKUy8WEvx7ZZxOjAcZud+jKlrQcgw2OrtnQlyQ9uQwsLxwTw1zVLU6RAeLkJRT6SHNzNYlfrtAbtcGmPYFwSU/s8YIX6SYaIrsGVqMjln9LJe8tBwq8qbHsDdzkOqJ+o50s7LGQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=Kjf0lt1h; arc=none smtp.client-ip=209.85.208.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="Kjf0lt1h" Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5e6167d0536so3809321a12.1 for ; Fri, 04 Apr 2025 07:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777154; x=1744381954; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gMFLY8tgBdm5YQSIAMEFl5qHyQny8N65Ba6fpys5Ync=; b=Kjf0lt1hrqitL51H/uiB8hnutz00lUL2VdUoRgFqngPYiHEfv4e4lg2yMagKxcefOz dJNTKm+Q3+HF5qb1J7yJEnMEk/5UEMw8x6MJsoul03pYJFolz67HQ98MZPTobmF3+/J4 jP+WLAaDJzjiIoQE1HS8JESLQ0rY7gnQH1dTEX+v6LIwBoFYxvgvwyQkUim8eJEzQxrx Tfb/NKUaJ/u3tF36NtToOYzlxraKo/otS34LpOWTM5AgjfTGx4rxpvnlKa1A1f5sSlaP PX112y7JbVy5t8x2OAAM/GArSTE5f0PPVNVs6wi9xMzzRufCyKPneVOWyZJuqJiiVame SrKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777154; x=1744381954; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gMFLY8tgBdm5YQSIAMEFl5qHyQny8N65Ba6fpys5Ync=; b=HPUh8KlgmRsog4gg6MB+f/X8pCipxNC02rNmO0svxZN0OuEAjtCWgXvJi0mKzu39YM XsNgphYLKP38gfVZMFg5bmf4xWLKwJuZMyoiH/xeX1ZNQdZRS9N7IDDz9MaFBNV9SWZG vkR1t1FBGW1c5Lm/viB8vRXoIiAxpoDXBuLibXVXXxaRAS4e+qwu6tZfDpGwGZ6SGDWe ZPxDfj6rclAmWzETkEcXOwPfBAr7Czj7MGcnohR8DBfX2FPLm7zp0VLK+Y7TBbKWgCfF 8qBQ74zmKjbaGQ5J374cTDgV+JNNIQIFBr0Jxpy6/uxNpIM3gUiliuS0tDVdj2OyqllA uvqQ== X-Gm-Message-State: AOJu0Yxu8tOQXXFCXSQN7mXWIJODwwEaLzGi/eTiLsKr39yY6flyst++ eaN5HSvOPeLxMMXFTEzeQux+QOrzeJZ/tqbMJVkpGTYlV729RLWvDznE36d+2g3+B3/5YnPLan1 W0us= X-Gm-Gg: ASbGncsGhoLWrDY1U//qB9Cn17BFtbbi+qXjfIRzTsS6MmeXteUlrWL839QHtV8ThmI iEq+ny1STAO80J8vQc1BNnMTiENFw1VXXeY8MZCbWjn1it6ZEcdJk59IHLTuQ7TzUNIrXS9RROQ 2Rn8TF0MHLlDfoo0i4k7MInTZrvEErkFaTFi4bQ+22kIJx2mQdyz8E3YRMWIkIphj1Y6iqBL6Gk 4s7l2YJCa2/p/knV+vLEW/+EWsZV5xBWwyw8Q+UvgsMZTFxPfxeYpLg296iuqX5biEgDTXsK8A2 AZGBczmI9aX00pc5l0TnEMT2FBTCsH0dTJgxi5/NGagta4FUikNYV/LLGppmwDxfvWQKox1azT+ I0TyS8gBzk2sJBZOZaPewFw== X-Google-Smtp-Source: AGHT+IEe0eUi4d09I1zqDHqCTm/+uQ1O2y6bi+XUr0swpeiaUM56qZ0J21lL3kmxfrVyM2yJ4tHYEw== X-Received: by 2002:a05:6402:1ece:b0:5e5:c5f5:f4b with SMTP id 4fb4d7f45d1cf-5f0b3e3658cmr3112378a12.22.1743777154258; Fri, 04 Apr 2025 07:32:34 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:33 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 05/11] tee: implement protected DMA-heap Date: Fri, 4 Apr 2025 16:31:28 +0200 Message-ID: <20250404143215.2281034-6-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Implement DMA heap for protected DMA-buf allocation in the TEE subsystem. Restricted memory refers to memory buffers behind a hardware enforced firewall. It is not accessible to the kernel during normal circumstances but rather only accessible to certain hardware IPs or CPUs executing in higher or differently privileged mode than the kernel itself. This interface allows to allocate and manage such protected memory buffers via interaction with a TEE implementation. The protected memory is allocated for a specific use-case, like Secure Video Playback, Trusted UI, or Secure Video Recording where certain hardware devices can access the memory. The DMA-heaps are enabled explicitly by the TEE backend driver. The TEE backend drivers needs to implement protected memory pool to manage the protected memory. Signed-off-by: Jens Wiklander --- drivers/tee/Kconfig | 5 + drivers/tee/Makefile | 1 + drivers/tee/tee_heap.c | 469 ++++++++++++++++++++++++++++++++++++++ drivers/tee/tee_private.h | 6 + include/linux/tee_core.h | 65 ++++++ 5 files changed, 546 insertions(+) create mode 100644 drivers/tee/tee_heap.c diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index 61b507c18780..084bd794374d 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -11,6 +11,11 @@ menuconfig TEE This implements a generic interface towards a Trusted Execution Environment (TEE). =20 +config TEE_DMABUF_HEAP + bool + depends on TEE =3D y && DMABUF_HEAPS + default y + if TEE =20 source "drivers/tee/optee/Kconfig" diff --git a/drivers/tee/Makefile b/drivers/tee/Makefile index 5488cba30bd2..949a6a79fb06 100644 --- a/drivers/tee/Makefile +++ b/drivers/tee/Makefile @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_TEE) +=3D tee.o tee-objs +=3D tee_core.o +tee-objs +=3D tee_heap.o tee-objs +=3D tee_shm.o tee-objs +=3D tee_shm_pool.o obj-$(CONFIG_OPTEE) +=3D optee/ diff --git a/drivers/tee/tee_heap.c b/drivers/tee/tee_heap.c new file mode 100644 index 000000000000..83693ddb2767 --- /dev/null +++ b/drivers/tee/tee_heap.c @@ -0,0 +1,469 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2025, Linaro Limited + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "tee_private.h" + +struct tee_dma_heap { + struct dma_heap *heap; + enum tee_dma_heap_id id; + struct tee_protmem_pool *pool; + struct tee_device *teedev; + /* Protects pool and teedev above */ + struct mutex mu; +}; + +struct tee_heap_buffer { + struct tee_protmem_pool *pool; + struct tee_device *teedev; + size_t size; + size_t offs; + struct sg_table table; +}; + +struct tee_heap_attachment { + struct sg_table table; + struct device *dev; +}; + +struct tee_protmem_static_pool { + struct tee_protmem_pool pool; + struct gen_pool *gen_pool; + phys_addr_t pa_base; +}; + +#if IS_ENABLED(CONFIG_TEE_DMABUF_HEAP) +static DEFINE_XARRAY_ALLOC(tee_dma_heap); + +static int copy_sg_table(struct sg_table *dst, struct sg_table *src) +{ + struct scatterlist *dst_sg; + struct scatterlist *src_sg; + int ret; + int i; + + ret =3D sg_alloc_table(dst, src->orig_nents, GFP_KERNEL); + if (ret) + return ret; + + dst_sg =3D dst->sgl; + for_each_sgtable_sg(src, src_sg, i) { + sg_set_page(dst_sg, sg_page(src_sg), src_sg->length, + src_sg->offset); + dst_sg =3D sg_next(dst_sg); + } + + return 0; +} + +static int tee_heap_attach(struct dma_buf *dmabuf, + struct dma_buf_attachment *attachment) +{ + struct tee_heap_buffer *buf =3D dmabuf->priv; + struct tee_heap_attachment *a; + int ret; + + a =3D kzalloc(sizeof(*a), GFP_KERNEL); + if (!a) + return -ENOMEM; + + ret =3D copy_sg_table(&a->table, &buf->table); + if (ret) { + kfree(a); + return ret; + } + + a->dev =3D attachment->dev; + attachment->priv =3D a; + + return 0; +} + +static void tee_heap_detach(struct dma_buf *dmabuf, + struct dma_buf_attachment *attachment) +{ + struct tee_heap_attachment *a =3D attachment->priv; + + sg_free_table(&a->table); + kfree(a); +} + +static struct sg_table * +tee_heap_map_dma_buf(struct dma_buf_attachment *attachment, + enum dma_data_direction direction) +{ + struct tee_heap_attachment *a =3D attachment->priv; + int ret; + + ret =3D dma_map_sgtable(attachment->dev, &a->table, direction, + DMA_ATTR_SKIP_CPU_SYNC); + if (ret) + return ERR_PTR(ret); + + return &a->table; +} + +static void tee_heap_unmap_dma_buf(struct dma_buf_attachment *attachment, + struct sg_table *table, + enum dma_data_direction direction) +{ + struct tee_heap_attachment *a =3D attachment->priv; + + WARN_ON(&a->table !=3D table); + + dma_unmap_sgtable(attachment->dev, table, direction, + DMA_ATTR_SKIP_CPU_SYNC); +} + +static void tee_heap_buf_free(struct dma_buf *dmabuf) +{ + struct tee_heap_buffer *buf =3D dmabuf->priv; + struct tee_device *teedev =3D buf->teedev; + + buf->pool->ops->free(buf->pool, &buf->table); + tee_device_put(teedev); +} + +static const struct dma_buf_ops tee_heap_buf_ops =3D { + .attach =3D tee_heap_attach, + .detach =3D tee_heap_detach, + .map_dma_buf =3D tee_heap_map_dma_buf, + .unmap_dma_buf =3D tee_heap_unmap_dma_buf, + .release =3D tee_heap_buf_free, +}; + +static struct dma_buf *tee_dma_heap_alloc(struct dma_heap *heap, + unsigned long len, u32 fd_flags, + u64 heap_flags) +{ + struct tee_dma_heap *h =3D dma_heap_get_drvdata(heap); + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); + struct tee_device *teedev =3D NULL; + struct tee_heap_buffer *buf; + struct tee_protmem_pool *pool; + struct dma_buf *dmabuf; + int rc; + + mutex_lock(&h->mu); + if (tee_device_get(h->teedev)) { + teedev =3D h->teedev; + pool =3D h->pool; + } + mutex_unlock(&h->mu); + + if (!teedev) + return ERR_PTR(-EINVAL); + + buf =3D kzalloc(sizeof(*buf), GFP_KERNEL); + if (!buf) { + dmabuf =3D ERR_PTR(-ENOMEM); + goto err; + } + buf->size =3D len; + buf->pool =3D pool; + buf->teedev =3D teedev; + + rc =3D pool->ops->alloc(pool, &buf->table, len, &buf->offs); + if (rc) { + dmabuf =3D ERR_PTR(rc); + goto err_kfree; + } + + exp_info.ops =3D &tee_heap_buf_ops; + exp_info.size =3D len; + exp_info.priv =3D buf; + exp_info.flags =3D fd_flags; + dmabuf =3D dma_buf_export(&exp_info); + if (IS_ERR(dmabuf)) + goto err_protmem_free; + + return dmabuf; + +err_protmem_free: + pool->ops->free(pool, &buf->table); +err_kfree: + kfree(buf); +err: + tee_device_put(h->teedev); + return dmabuf; +} + +static const struct dma_heap_ops tee_dma_heap_ops =3D { + .allocate =3D tee_dma_heap_alloc, +}; + +static const char *heap_id_2_name(enum tee_dma_heap_id id) +{ + switch (id) { + case TEE_DMA_HEAP_SECURE_VIDEO_PLAY: + return "protected,secure-video"; + case TEE_DMA_HEAP_TRUSTED_UI: + return "protected,trusted-ui"; + case TEE_DMA_HEAP_SECURE_VIDEO_RECORD: + return "protected,secure-video-record"; + default: + return NULL; + } +} + +static int alloc_dma_heap(struct tee_device *teedev, enum tee_dma_heap_id = id, + struct tee_protmem_pool *pool) +{ + struct dma_heap_export_info exp_info =3D { + .ops =3D &tee_dma_heap_ops, + .name =3D heap_id_2_name(id), + }; + struct tee_dma_heap *h; + int rc; + + if (!exp_info.name) + return -EINVAL; + + if (xa_reserve(&tee_dma_heap, id, GFP_KERNEL)) { + if (!xa_load(&tee_dma_heap, id)) + return -EEXIST; + return -ENOMEM; + } + + h =3D kzalloc(sizeof(*h), GFP_KERNEL); + if (!h) + return -ENOMEM; + h->id =3D id; + h->teedev =3D teedev; + h->pool =3D pool; + mutex_init(&h->mu); + + exp_info.priv =3D h; + h->heap =3D dma_heap_add(&exp_info); + if (IS_ERR(h->heap)) { + rc =3D PTR_ERR(h->heap); + kfree(h); + + return rc; + } + + /* "can't fail" due to the call to xa_reserve() above */ + return WARN(xa_store(&tee_dma_heap, id, h, GFP_KERNEL), + "xa_store() failed"); +} + +int tee_device_register_dma_heap(struct tee_device *teedev, + enum tee_dma_heap_id id, + struct tee_protmem_pool *pool) +{ + struct tee_dma_heap *h; + int rc; + + h =3D xa_load(&tee_dma_heap, id); + if (h) { + mutex_lock(&h->mu); + if (h->teedev) { + rc =3D -EBUSY; + } else { + h->teedev =3D teedev; + h->pool =3D pool; + rc =3D 0; + } + mutex_unlock(&h->mu); + } else { + rc =3D alloc_dma_heap(teedev, id, pool); + } + + if (rc) + dev_err(&teedev->dev, "can't register DMA heap id %d (%s)\n", + id, heap_id_2_name(id)); + + return rc; +} + +void tee_device_unregister_all_dma_heaps(struct tee_device *teedev) +{ + struct tee_protmem_pool *pool; + struct tee_dma_heap *h; + u_long i; + + xa_for_each(&tee_dma_heap, i, h) { + if (h) { + pool =3D NULL; + mutex_lock(&h->mu); + if (h->teedev =3D=3D teedev) { + pool =3D h->pool; + h->teedev =3D NULL; + h->pool =3D NULL; + } + mutex_unlock(&h->mu); + if (pool) + pool->ops->destroy_pool(pool); + } + } +} +EXPORT_SYMBOL_GPL(tee_device_unregister_all_dma_heaps); + +int tee_heap_update_from_dma_buf(struct tee_device *teedev, + struct dma_buf *dmabuf, size_t *offset, + struct tee_shm *shm, + struct tee_shm **parent_shm) +{ + struct tee_heap_buffer *buf; + int rc; + + /* The DMA-buf must be from our heap */ + if (dmabuf->ops !=3D &tee_heap_buf_ops) + return -EINVAL; + + buf =3D dmabuf->priv; + /* The buffer must be from the same teedev */ + if (buf->teedev !=3D teedev) + return -EINVAL; + + shm->size =3D buf->size; + + rc =3D buf->pool->ops->update_shm(buf->pool, &buf->table, buf->offs, shm, + parent_shm); + if (!rc && *parent_shm) + *offset =3D buf->offs; + + return rc; +} +#else +int tee_device_register_dma_heap(struct tee_device *teedev __always_unused, + enum tee_dma_heap_id id __always_unused, + struct tee_protmem_pool *pool __always_unused) +{ + return -EINVAL; +} +EXPORT_SYMBOL_GPL(tee_device_register_dma_heap); + +void +tee_device_unregister_all_dma_heaps(struct tee_device *teedev __always_unu= sed) +{ +} +EXPORT_SYMBOL_GPL(tee_device_unregister_all_dma_heaps); + +int tee_heap_update_from_dma_buf(struct tee_device *teedev __always_unused, + struct dma_buf *dmabuf __always_unused, + size_t *offset __always_unused, + struct tee_shm *shm __always_unused, + struct tee_shm **parent_shm __always_unused) +{ + return -EINVAL; +} +#endif + +static struct tee_protmem_static_pool * +to_protmem_static_pool(struct tee_protmem_pool *pool) +{ + return container_of(pool, struct tee_protmem_static_pool, pool); +} + +static int protmem_pool_op_static_alloc(struct tee_protmem_pool *pool, + struct sg_table *sgt, size_t size, + size_t *offs) +{ + struct tee_protmem_static_pool *stp =3D to_protmem_static_pool(pool); + phys_addr_t pa; + int ret; + + pa =3D gen_pool_alloc(stp->gen_pool, size); + if (!pa) + return -ENOMEM; + + ret =3D sg_alloc_table(sgt, 1, GFP_KERNEL); + if (ret) { + gen_pool_free(stp->gen_pool, pa, size); + return ret; + } + + sg_set_page(sgt->sgl, phys_to_page(pa), size, 0); + *offs =3D pa - stp->pa_base; + + return 0; +} + +static void protmem_pool_op_static_free(struct tee_protmem_pool *pool, + struct sg_table *sgt) +{ + struct tee_protmem_static_pool *stp =3D to_protmem_static_pool(pool); + struct scatterlist *sg; + int i; + + for_each_sgtable_sg(sgt, sg, i) + gen_pool_free(stp->gen_pool, sg_phys(sg), sg->length); + sg_free_table(sgt); +} + +static int protmem_pool_op_static_update_shm(struct tee_protmem_pool *pool, + struct sg_table *sgt, size_t offs, + struct tee_shm *shm, + struct tee_shm **parent_shm) +{ + struct tee_protmem_static_pool *stp =3D to_protmem_static_pool(pool); + + shm->paddr =3D stp->pa_base + offs; + *parent_shm =3D NULL; + + return 0; +} + +static void protmem_pool_op_static_destroy_pool(struct tee_protmem_pool *p= ool) +{ + struct tee_protmem_static_pool *stp =3D to_protmem_static_pool(pool); + + gen_pool_destroy(stp->gen_pool); + kfree(stp); +} + +static struct tee_protmem_pool_ops protmem_pool_ops_static =3D { + .alloc =3D protmem_pool_op_static_alloc, + .free =3D protmem_pool_op_static_free, + .update_shm =3D protmem_pool_op_static_update_shm, + .destroy_pool =3D protmem_pool_op_static_destroy_pool, +}; + +struct tee_protmem_pool *tee_protmem_static_pool_alloc(phys_addr_t paddr, + size_t size) +{ + const size_t page_mask =3D PAGE_SIZE - 1; + struct tee_protmem_static_pool *stp; + int rc; + + /* Check it's page aligned */ + if ((paddr | size) & page_mask) + return ERR_PTR(-EINVAL); + + stp =3D kzalloc(sizeof(*stp), GFP_KERNEL); + if (!stp) + return ERR_PTR(-ENOMEM); + + stp->gen_pool =3D gen_pool_create(PAGE_SHIFT, -1); + if (!stp->gen_pool) { + rc =3D -ENOMEM; + goto err_free; + } + + rc =3D gen_pool_add(stp->gen_pool, paddr, size, -1); + if (rc) + goto err_free_pool; + + stp->pool.ops =3D &protmem_pool_ops_static; + stp->pa_base =3D paddr; + return &stp->pool; + +err_free_pool: + gen_pool_destroy(stp->gen_pool); +err_free: + kfree(stp); + + return ERR_PTR(rc); +} +EXPORT_SYMBOL_GPL(tee_protmem_static_pool_alloc); diff --git a/drivers/tee/tee_private.h b/drivers/tee/tee_private.h index 9bc50605227c..6c6ff5d5eed2 100644 --- a/drivers/tee/tee_private.h +++ b/drivers/tee/tee_private.h @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -24,4 +25,9 @@ struct tee_shm *tee_shm_alloc_user_buf(struct tee_context= *ctx, size_t size); struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, unsigned long addr, size_t length); =20 +int tee_heap_update_from_dma_buf(struct tee_device *teedev, + struct dma_buf *dmabuf, size_t *offset, + struct tee_shm *shm, + struct tee_shm **parent_shm); + #endif /*TEE_PRIVATE_H*/ diff --git a/include/linux/tee_core.h b/include/linux/tee_core.h index a38494d6b5f4..b8b99c97e00c 100644 --- a/include/linux/tee_core.h +++ b/include/linux/tee_core.h @@ -8,9 +8,11 @@ =20 #include #include +#include #include #include #include +#include #include #include #include @@ -30,6 +32,12 @@ #define TEE_DEVICE_FLAG_REGISTERED 0x1 #define TEE_MAX_DEV_NAME_LEN 32 =20 +enum tee_dma_heap_id { + TEE_DMA_HEAP_SECURE_VIDEO_PLAY =3D 1, + TEE_DMA_HEAP_TRUSTED_UI, + TEE_DMA_HEAP_SECURE_VIDEO_RECORD, +}; + /** * struct tee_device - TEE Device representation * @name: name of device @@ -116,6 +124,36 @@ struct tee_desc { u32 flags; }; =20 +/** + * struct tee_protmem_pool - protected memory pool + * @ops: operations + * + * This is an abstract interface where this struct is expected to be + * embedded in another struct specific to the implementation. + */ +struct tee_protmem_pool { + const struct tee_protmem_pool_ops *ops; +}; + +/** + * struct tee_protmem_pool_ops - protected memory pool operations + * @alloc: called when allocating protected memory + * @free: called when freeing protected memory + * @update_shm: called when registering a dma-buf to update the @shm + * with physical address of the buffer or to return the + * @parent_shm of the memory pool + * @destroy_pool: called when destroying the pool + */ +struct tee_protmem_pool_ops { + int (*alloc)(struct tee_protmem_pool *pool, struct sg_table *sgt, + size_t size, size_t *offs); + void (*free)(struct tee_protmem_pool *pool, struct sg_table *sgt); + int (*update_shm)(struct tee_protmem_pool *pool, struct sg_table *sgt, + size_t offs, struct tee_shm *shm, + struct tee_shm **parent_shm); + void (*destroy_pool)(struct tee_protmem_pool *pool); +}; + /** * tee_device_alloc() - Allocate a new struct tee_device instance * @teedesc: Descriptor for this driver @@ -154,6 +192,11 @@ int tee_device_register(struct tee_device *teedev); */ void tee_device_unregister(struct tee_device *teedev); =20 +int tee_device_register_dma_heap(struct tee_device *teedev, + enum tee_dma_heap_id id, + struct tee_protmem_pool *pool); +void tee_device_unregister_all_dma_heaps(struct tee_device *teedev); + /** * tee_device_set_dev_groups() - Set device attribute groups * @teedev: Device to register @@ -229,6 +272,28 @@ static inline void tee_shm_pool_free(struct tee_shm_po= ol *pool) pool->ops->destroy_pool(pool); } =20 +/** + * tee_protmem_static_pool_alloc() - Create a protected memory manager + * @paddr: Physical address of start of pool + * @size: Size in bytes of the pool + * + * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure. + */ +struct tee_protmem_pool *tee_protmem_static_pool_alloc(phys_addr_t paddr, + size_t size); + +/** + * tee_protmem_pool_free() - Free a protected memory pool + * @pool: The protected memory pool to free + * + * There must be no remaining protected memory allocated from this pool + * when this function is called. + */ +static inline void tee_protmem_pool_free(struct tee_protmem_pool *pool) +{ + pool->ops->destroy_pool(pool); +} + /** * tee_get_drvdata() - Return driver_data pointer * @returns the driver_data pointer supplied to tee_register(). --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68F071F543F for ; Fri, 4 Apr 2025 14:32:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777160; cv=none; b=hDpE4tvpsq47LUMsx0tHgPN4tIqmEdaDLxYzYLH4l1VpePyzJu2qn+xqyr7r4Gex3WCh/DjRm0dhzhX+HZpNdoDJgAez8nyYS/YwG7IdXvm3Pz4c6qbo6YsvPk+/JhD3qBb4nSN9C666N/mA2x4UTP2r+uB3mPx0Fl5SAugkf48= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777160; c=relaxed/simple; bh=J9LDfo6gNpW71xs4AHsdLctBmBSEcjpZaBz793nPpSU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=b3JAhKXuPiyhhHIOAZexUZJS6oSLxNqpUqhv6WvFqUeSVoClHJTXXR4MTN786c5hIDsHPVks06ybpWsrHaBJNk1maZfSSlBtMDG9RZjdi2TsY1HadK10A25phMOiVZWaF1OXBDLxQkKtsVipIUw5JHkedqufob5m6cKL0mbJe/I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=B/ANd/Gf; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="B/ANd/Gf" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5efe8d9eb12so3151340a12.1 for ; Fri, 04 Apr 2025 07:32:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777156; x=1744381956; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fs7nqD12lkBPC3o5IKJmDFRrEPWNWVuJ0deEV/XnG9g=; b=B/ANd/Gf0Lo/F5CiDFD0vSztnIai2+87oiCr8rJIm5HAd8QScznnPEgoAhBpxMyZv2 dpPdY1NhNO1SLX0OMsBxZqPmNwWG3CVLnuV736NbfkZVh4p2b5or3SgsTC3V5YLQi+82 LCDtt0vlsEsHBR7qZgEZBtdTeTwWFMLemYokzUO81+cSZQKWToA6beJ2tp6ejsQwSCgv RWjW/4au1X57IA7/72AH1Wrj6Hl/0TSHanG7DISHIubuOPA4HMUIlP+lAIYPW3KIJlGk naXNk+WVUg70ScQXTBgosemQOsCeUaEeNfWzKMkiw2/zcdNKAdi4+ypY1UbZiyAmacGw g6Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777156; x=1744381956; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fs7nqD12lkBPC3o5IKJmDFRrEPWNWVuJ0deEV/XnG9g=; b=aLNEwlttHt5CXGme6WeORHfdpeLCfXg9aEpGneM0kOdc6ySnWSt5YKnXyct5HXXjPo uDCjIKUk0bqc3OpxU4Tihsrel0PU9W0OTrVNwImVw+CSNyclt1wnbrMLdaO3ovy2F2Oi 1DAcPnui3AJyKtRtrjEOpiITBQxU/ojRzu32mad8TeUdjEgIVtT0RWyXz1EF1AeZQ0ib SWXf+s1XN/PAian7LYW6rlN7IEtPDxWNKcytWR7Qim8HZZtFBGZq5sWRzDZkqG1FKCO9 bOCQs3FSlOZtONL+FBHj6+YVuAp1iFcpNdkNfmwpfhdMBZfr77vS9x0j+vPvTj8zEjCS nNBg== X-Gm-Message-State: AOJu0YwekQAPpPxBryrSmzddWeAgPy7D3ktz0J5XQDLO0LM2K896cfl8 53MZeNDuNKZcuPYWcP50zB9eIieGnxnJf9Nwux+b2cApqus0w/AjUHvJM1/GkUvFxOnkfX02+Jo LD5I= X-Gm-Gg: ASbGncvnoYRh/bPYga5LrquwrNb+SE8zf08voaVD0y+Bz6tPpXJj2tEEkbpNWeFzI+O nGbs/foj276D0GqiMVUjoSoJT+xgrg9kjRW3V9GYiqf7Y4R5cnSdemW9XHOGvK2rK2OfdLJ4ets ufBGRA9P+PUqdDXiSKYwXi5irVzrKsGiA7T1HqfrF7lMJkdpMJ60u5vgxB/6wkZ3dOG0lI/ynST /YgW+F7VLb7WOM6hhtUQCorZvJjxGcqRo6aJxYcfrUYJHb/eB6HGDKqSwD6ULkGgfZmKyw42qSN GZReUIvgoGL1k+/I8gJ0aXWw+Bzw6DYU9/ZCebenTTexXl4UdgK965KYIMB8e+S1/JX5nvTsLWv qrFPUD/qExTzrVJBFgNPEaw== X-Google-Smtp-Source: AGHT+IFs+Hyg3/qgGfM04VQJy6hexkwcypVkkd955EopjzAxNOwVqKRSb29t6l7fEI6wJVCNyo9dwQ== X-Received: by 2002:a05:6402:42c7:b0:5ec:958b:6f5a with SMTP id 4fb4d7f45d1cf-5f0b4711e42mr2859878a12.28.1743777156026; Fri, 04 Apr 2025 07:32:36 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:35 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 06/11] tee: refactor params_from_user() Date: Fri, 4 Apr 2025 16:31:29 +0200 Message-ID: <20250404143215.2281034-7-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Break out the memref handling into a separate helper function. No change in behavior. Signed-off-by: Jens Wiklander --- drivers/tee/tee_core.c | 94 ++++++++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 40 deletions(-) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 685afcaa3ea1..820e394b9054 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -353,6 +353,55 @@ tee_ioctl_shm_register(struct tee_context *ctx, return ret; } =20 +static int param_from_user_memref(struct tee_context *ctx, + struct tee_param_memref *memref, + struct tee_ioctl_param *ip) +{ + struct tee_shm *shm; + + /* + * If a NULL pointer is passed to a TA in the TEE, + * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL + * indicating a NULL memory reference. + */ + if (ip->c !=3D TEE_MEMREF_NULL) { + /* + * If we fail to get a pointer to a shared + * memory object (and increase the ref count) + * from an identifier we return an error. All + * pointers that has been added in params have + * an increased ref count. It's the callers + * responibility to do tee_shm_put() on all + * resolved pointers. + */ + shm =3D tee_shm_get_from_id(ctx, ip->c); + if (IS_ERR(shm)) + return PTR_ERR(shm); + + /* + * Ensure offset + size does not overflow + * offset and does not overflow the size of + * the referred shared memory object. + */ + if ((ip->a + ip->b) < ip->a || + (ip->a + ip->b) > shm->size) { + tee_shm_put(shm); + return -EINVAL; + } + } else if (ctx->cap_memref_null) { + /* Pass NULL pointer to OP-TEE */ + shm =3D NULL; + } else { + return -EINVAL; + } + + memref->shm_offs =3D ip->a; + memref->size =3D ip->b; + memref->shm =3D shm; + + return 0; +} + static int params_from_user(struct tee_context *ctx, struct tee_param *par= ams, size_t num_params, struct tee_ioctl_param __user *uparams) @@ -360,8 +409,8 @@ static int params_from_user(struct tee_context *ctx, st= ruct tee_param *params, size_t n; =20 for (n =3D 0; n < num_params; n++) { - struct tee_shm *shm; struct tee_ioctl_param ip; + int rc; =20 if (copy_from_user(&ip, uparams + n, sizeof(ip))) return -EFAULT; @@ -384,45 +433,10 @@ static int params_from_user(struct tee_context *ctx, = struct tee_param *params, case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: - /* - * If a NULL pointer is passed to a TA in the TEE, - * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL - * indicating a NULL memory reference. - */ - if (ip.c !=3D TEE_MEMREF_NULL) { - /* - * If we fail to get a pointer to a shared - * memory object (and increase the ref count) - * from an identifier we return an error. All - * pointers that has been added in params have - * an increased ref count. It's the callers - * responibility to do tee_shm_put() on all - * resolved pointers. - */ - shm =3D tee_shm_get_from_id(ctx, ip.c); - if (IS_ERR(shm)) - return PTR_ERR(shm); - - /* - * Ensure offset + size does not overflow - * offset and does not overflow the size of - * the referred shared memory object. - */ - if ((ip.a + ip.b) < ip.a || - (ip.a + ip.b) > shm->size) { - tee_shm_put(shm); - return -EINVAL; - } - } else if (ctx->cap_memref_null) { - /* Pass NULL pointer to OP-TEE */ - shm =3D NULL; - } else { - return -EINVAL; - } - - params[n].u.memref.shm_offs =3D ip.a; - params[n].u.memref.size =3D ip.b; - params[n].u.memref.shm =3D shm; + rc =3D param_from_user_memref(ctx, ¶ms[n].u.memref, + &ip); + if (rc) + return rc; break; default: /* Unknown attribute */ --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 569091F585A for ; Fri, 4 Apr 2025 14:32:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777163; cv=none; b=EOyRq9kp2H91cFVTyDvX2xpH/EVnuxn8zeTAm3Ypw5t0r70X4DjnVOy47LY3ke74AtcUv/uIxVr5l0vbKICQW61xvwuYFEEbnWgyHH1QgXSl05PDiMnmLepXkYNveaEpcFXaJYYrjHL3m93NNY/BEekdQnxRHfOGU97jMzTvVBg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777163; c=relaxed/simple; bh=kF2e1CZhkSDWxhTxuP4SxISTmTR6meXI+CiNRlV/0u8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bzvh2eDxqrXghygqQQZYlLwOg/srAqHpXkuA15D2bDf+V21w+qnKPOaZxl2NZ26elkMcSmFkW+FGz7sysEADM8DRJ/7LnvprrDznESHSpre2NsNjekJmUQUdNK/vSpuT3XhhSik+4mwumLon+a2/kQDlLHvG4K6+lGUZsgo+RQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=x//Alrzf; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="x//Alrzf" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5e6167d0536so3809436a12.1 for ; Fri, 04 Apr 2025 07:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777158; x=1744381958; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JWI5/wfw2XIY92V5DOFxDxh9wk7+UmuAY5M2ulODp2o=; b=x//Alrzfuq5h62Ckuhqxez6W/oumpsN3Lap1beakYSbVU2APB2IPec+RnelTl+ntIM kr33K6bhvv7KkDrL2VzX1p95BhlmCts4Qoz/S2jGqHbQ30ElAyabDR0o8QDmZYiTh8vc mNl9i99Jz5LegmVJm3gdy6/Swn0PNG/dZAJPbPN2fwmHSyoaplVau7nB6LsOS3A5Ndqe PEfotWhYGWEleECKQwkGzpgdT6WWSytdGxpzSpIW0q+n0UPljw3GZW8HA+Kimsu1GEPv RGxRmKKFLUKY386kqkoOopJWWl3xzjxJ5p+L0g64dqMo5QyhPfRyWQgkKrs2ZGTWQulP DrlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777158; x=1744381958; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JWI5/wfw2XIY92V5DOFxDxh9wk7+UmuAY5M2ulODp2o=; b=ffOSAeaa6cRtrph2gh0WZA/IHKtExeEKl9QBzxiTaqi/lrQvtfC4SI6lQlZLTUpP4c /Boy3VkaPglT76F6NEvsyeQ+iHzRPKZtuUk6CNn1Z9aTbfn9lbJOmTX/yAaKxpdkEGXk f9QLQ03cGXNFP36X3rR62fHBzPGkhPEQPa58KBQ6ok3t0g5/KpDNz2NzmKRg3URcUGLQ VIH3c52CvSnEhaDgAL9a2ToTLE42ffymlyeQLNNgPHFa78QQu5SNWQ21FJ8H3OizURHp fAaUNbpjYFZf458uNHUTrc1dXzEpzTv453k7nFxpkLtKTLRHgHTf7RsXvz+4oQbSVjDN Sz0A== X-Gm-Message-State: AOJu0Yx6SHdAT2nrqA+EiYM0ecfrApyKXPROaNhWyCWq6Y/cDDGKjheM ULcj8y0R8wasWk8LDLNBkEv0Xk1HoWA48N/AvNZjJgK0Vj18xW33q7sxBuAom7MFgTQV0UNTAOo ucQo= X-Gm-Gg: ASbGnctkB4oN1P+d38INshv2BXkBOT4OH1IZOuf+h6FXi8+y7pahvDy6Wz+4z5XgXqj kEwKSoBBpAorT9EieP9ZO99i+dtqi5eXURRcitJik2Kos8+tRA6vDLaaBggsf1bIiWPay8vP9VD AYtevKX9mVo7TY85dT4t7orYZHy3ImtCiOOxT8opsECA0usD9dn5uU0rgU55T85Lilfgaxl6QRh gb7Wn2JqYZreTQQxVAkuRiJoX6eku9zsES6/QGxdLGfjBqzGecifG5VTwIJ4bOwuftxWd0vSLJu 3olk3TvzAzu1R0eFGxkNKMr5exUJlKidpze598Yo6U3vlPnheJaFdLDxuh7SHD8+0TV0LeDBRhK yNQY1n2CbqX5TwFBrDP8ktw== X-Google-Smtp-Source: AGHT+IEkj6B8aYCauBjQUycfpo6dEovhSrl8tra6E+j4TxdWtkdhXZHtgmBSixMkQtlIRWUpbXrT0Q== X-Received: by 2002:a05:6402:2811:b0:5e5:e836:71f3 with SMTP id 4fb4d7f45d1cf-5f0b4702134mr2810933a12.29.1743777157959; Fri, 04 Apr 2025 07:32:37 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:37 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Etienne Carriere , Jens Wiklander Subject: [PATCH v7 07/11] tee: new ioctl to a register tee_shm from a dmabuf file descriptor Date: Fri, 4 Apr 2025 16:31:30 +0200 Message-ID: <20250404143215.2281034-8-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Etienne Carriere Add a userspace API to create a tee_shm object that refers to a dmabuf reference. Userspace registers the dmabuf file descriptor as in a tee_shm object. The registration is completed with a tee_shm returned file descriptor. Userspace is free to close the dmabuf file descriptor after it has been registered since all the resources are now held via the new tee_shm object. Closing the tee_shm file descriptor will eventually release all resources used by the tee_shm object when all references are released. The new IOCTL, TEE_IOC_SHM_REGISTER_FD, supports dmabuf references to physically contiguous memory buffers. Dmabuf references acquired from the TEE DMA-heap can be used as protected memory for Secure Video Path and such use cases. It depends on the TEE and the TEE driver if dmabuf references acquired by other means can be used. A new tee_shm flag is added to identify tee_shm objects built from a registered dmabuf, TEE_SHM_DMA_BUF. Signed-off-by: Etienne Carriere Signed-off-by: Olivier Masse Signed-off-by: Jens Wiklander --- drivers/tee/tee_core.c | 63 +++++++++++++++++++++- drivers/tee/tee_private.h | 10 ++++ drivers/tee/tee_shm.c | 111 ++++++++++++++++++++++++++++++++++++-- include/linux/tee_core.h | 1 + include/linux/tee_drv.h | 10 ++++ include/uapi/linux/tee.h | 31 +++++++++++ 6 files changed, 221 insertions(+), 5 deletions(-) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 820e394b9054..d26612ac060b 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -353,11 +353,49 @@ tee_ioctl_shm_register(struct tee_context *ctx, return ret; } =20 +static int +tee_ioctl_shm_register_fd(struct tee_context *ctx, + struct tee_ioctl_shm_register_fd_data __user *udata) +{ + struct tee_ioctl_shm_register_fd_data data; + struct tee_shm *shm; + long ret; + + if (copy_from_user(&data, udata, sizeof(data))) + return -EFAULT; + + /* Currently no input flags are supported */ + if (data.flags) + return -EINVAL; + + shm =3D tee_shm_register_fd(ctx, data.fd); + if (IS_ERR(shm)) + return -EINVAL; + + data.id =3D shm->id; + data.flags =3D shm->flags; + data.size =3D shm->size; + + if (copy_to_user(udata, &data, sizeof(data))) + ret =3D -EFAULT; + else + ret =3D tee_shm_get_fd(shm); + + /* + * When user space closes the file descriptor the shared memory + * should be freed or if tee_shm_get_fd() failed then it will + * be freed immediately. + */ + tee_shm_put(shm); + return ret; +} + static int param_from_user_memref(struct tee_context *ctx, struct tee_param_memref *memref, struct tee_ioctl_param *ip) { struct tee_shm *shm; + size_t offs =3D 0; =20 /* * If a NULL pointer is passed to a TA in the TEE, @@ -388,6 +426,26 @@ static int param_from_user_memref(struct tee_context *= ctx, tee_shm_put(shm); return -EINVAL; } + + if (shm->flags & TEE_SHM_DMA_BUF) { + struct tee_shm_dmabuf_ref *ref; + + ref =3D container_of(shm, struct tee_shm_dmabuf_ref, shm); + if (ref->parent_shm) { + /* + * The shm already has one reference to + * ref->parent_shm so we are clear of 0. + * We're getting another reference since + * this shm will be used in the parameter + * list instead of the shm we got with + * tee_shm_get_from_id() above. + */ + refcount_inc(&ref->parent_shm->refcount); + tee_shm_put(shm); + shm =3D ref->parent_shm; + offs =3D ref->offset; + } + } } else if (ctx->cap_memref_null) { /* Pass NULL pointer to OP-TEE */ shm =3D NULL; @@ -395,7 +453,7 @@ static int param_from_user_memref(struct tee_context *c= tx, return -EINVAL; } =20 - memref->shm_offs =3D ip->a; + memref->shm_offs =3D ip->a + offs; memref->size =3D ip->b; memref->shm =3D shm; =20 @@ -841,6 +899,8 @@ static long tee_ioctl(struct file *filp, unsigned int c= md, unsigned long arg) return tee_ioctl_shm_alloc(ctx, uarg); case TEE_IOC_SHM_REGISTER: return tee_ioctl_shm_register(ctx, uarg); + case TEE_IOC_SHM_REGISTER_FD: + return tee_ioctl_shm_register_fd(ctx, uarg); case TEE_IOC_OPEN_SESSION: return tee_ioctl_open_session(ctx, uarg); case TEE_IOC_INVOKE: @@ -1302,3 +1362,4 @@ MODULE_AUTHOR("Linaro"); MODULE_DESCRIPTION("TEE Driver"); MODULE_VERSION("1.0"); MODULE_LICENSE("GPL v2"); +MODULE_IMPORT_NS("DMA_BUF"); diff --git a/drivers/tee/tee_private.h b/drivers/tee/tee_private.h index 6c6ff5d5eed2..308467705da6 100644 --- a/drivers/tee/tee_private.h +++ b/drivers/tee/tee_private.h @@ -13,6 +13,16 @@ #include #include =20 +/* extra references appended to shm object for registered shared memory */ +struct tee_shm_dmabuf_ref { + struct tee_shm shm; + size_t offset; + struct dma_buf *dmabuf; + struct dma_buf_attachment *attach; + struct sg_table *sgt; + struct tee_shm *parent_shm; +}; + int tee_shm_get_fd(struct tee_shm *shm); =20 bool tee_device_get(struct tee_device *teedev); diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index daf6e5cfd59a..e1ed52ee0a16 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -4,6 +4,7 @@ */ #include #include +#include #include #include #include @@ -45,7 +46,23 @@ static void release_registered_pages(struct tee_shm *shm) =20 static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm) { - if (shm->flags & TEE_SHM_POOL) { + struct tee_shm *parent_shm =3D NULL; + void *p =3D shm; + + if (shm->flags & TEE_SHM_DMA_BUF) { + struct tee_shm_dmabuf_ref *ref; + + ref =3D container_of(shm, struct tee_shm_dmabuf_ref, shm); + parent_shm =3D ref->parent_shm; + p =3D ref; + if (ref->attach) { + dma_buf_unmap_attachment(ref->attach, ref->sgt, + DMA_BIDIRECTIONAL); + + dma_buf_detach(ref->dmabuf, ref->attach); + } + dma_buf_put(ref->dmabuf); + } else if (shm->flags & TEE_SHM_POOL) { teedev->pool->ops->free(teedev->pool, shm); } else if (shm->flags & TEE_SHM_DYNAMIC) { int rc =3D teedev->desc->ops->shm_unregister(shm->ctx, shm); @@ -57,9 +74,10 @@ static void tee_shm_release(struct tee_device *teedev, s= truct tee_shm *shm) release_registered_pages(shm); } =20 - teedev_ctx_put(shm->ctx); + if (shm->ctx) + teedev_ctx_put(shm->ctx); =20 - kfree(shm); + kfree(p); =20 tee_device_put(teedev); } @@ -169,7 +187,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct tee_conte= xt *ctx, size_t size) * tee_client_invoke_func(). The memory allocated is later freed with a * call to tee_shm_free(). * - * @returns a pointer to 'struct tee_shm' + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on failu= re */ struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx, size_t s= ize) { @@ -179,6 +197,91 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_co= ntext *ctx, size_t size) } EXPORT_SYMBOL_GPL(tee_shm_alloc_kernel_buf); =20 +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd) +{ + struct tee_shm_dmabuf_ref *ref; + int rc; + + if (!tee_device_get(ctx->teedev)) + return ERR_PTR(-EINVAL); + + teedev_ctx_get(ctx); + + ref =3D kzalloc(sizeof(*ref), GFP_KERNEL); + if (!ref) { + rc =3D -ENOMEM; + goto err_put_tee; + } + + refcount_set(&ref->shm.refcount, 1); + ref->shm.ctx =3D ctx; + ref->shm.id =3D -1; + ref->shm.flags =3D TEE_SHM_DMA_BUF; + + ref->dmabuf =3D dma_buf_get(fd); + if (IS_ERR(ref->dmabuf)) { + rc =3D PTR_ERR(ref->dmabuf); + goto err_kfree_ref; + } + + rc =3D tee_heap_update_from_dma_buf(ctx->teedev, ref->dmabuf, + &ref->offset, &ref->shm, + &ref->parent_shm); + if (!rc) + goto out; + if (rc !=3D -EINVAL) + goto err_put_dmabuf; + + ref->attach =3D dma_buf_attach(ref->dmabuf, &ctx->teedev->dev); + if (IS_ERR(ref->attach)) { + rc =3D PTR_ERR(ref->attach); + goto err_put_dmabuf; + } + + ref->sgt =3D dma_buf_map_attachment(ref->attach, DMA_BIDIRECTIONAL); + if (IS_ERR(ref->sgt)) { + rc =3D PTR_ERR(ref->sgt); + goto err_detach; + } + + if (sg_nents(ref->sgt->sgl) !=3D 1) { + rc =3D -EINVAL; + goto err_unmap_attachement; + } + + ref->shm.paddr =3D page_to_phys(sg_page(ref->sgt->sgl)); + ref->shm.size =3D ref->sgt->sgl->length; + +out: + mutex_lock(&ref->shm.ctx->teedev->mutex); + ref->shm.id =3D idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm, + 1, 0, GFP_KERNEL); + mutex_unlock(&ref->shm.ctx->teedev->mutex); + if (ref->shm.id < 0) { + rc =3D ref->shm.id; + if (ref->attach) + goto err_unmap_attachement; + goto err_put_dmabuf; + } + + return &ref->shm; + +err_unmap_attachement: + dma_buf_unmap_attachment(ref->attach, ref->sgt, DMA_BIDIRECTIONAL); +err_detach: + dma_buf_detach(ref->dmabuf, ref->attach); +err_put_dmabuf: + dma_buf_put(ref->dmabuf); +err_kfree_ref: + kfree(ref); +err_put_tee: + teedev_ctx_put(ctx); + tee_device_put(ctx->teedev); + + return ERR_PTR(rc); +} +EXPORT_SYMBOL_GPL(tee_shm_register_fd); + /** * tee_shm_alloc_priv_buf() - Allocate shared memory for a privately shared * kernel buffer diff --git a/include/linux/tee_core.h b/include/linux/tee_core.h index b8b99c97e00c..02c07f661349 100644 --- a/include/linux/tee_core.h +++ b/include/linux/tee_core.h @@ -28,6 +28,7 @@ #define TEE_SHM_USER_MAPPED BIT(1) /* Memory mapped in user space */ #define TEE_SHM_POOL BIT(2) /* Memory allocated from pool */ #define TEE_SHM_PRIV BIT(3) /* Memory private to TEE driver */ +#define TEE_SHM_DMA_BUF BIT(4) /* Memory with dma-buf handle */ =20 #define TEE_DEVICE_FLAG_REGISTERED 0x1 #define TEE_MAX_DEV_NAME_LEN 32 diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index a54c203000ed..824f1251de60 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -116,6 +116,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_co= ntext *ctx, size_t size); struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx, void *addr, size_t length); =20 +/** + * tee_shm_register_fd() - Register shared memory from file descriptor + * + * @ctx: Context that allocates the shared memory + * @fd: Shared memory file descriptor reference + * + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on failu= re + */ +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd); + /** * tee_shm_free() - Free shared memory * @shm: Handle to shared memory to free diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index d0430bee8292..8ec5f46fbfbe 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -118,6 +118,37 @@ struct tee_ioctl_shm_alloc_data { #define TEE_IOC_SHM_ALLOC _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1, \ struct tee_ioctl_shm_alloc_data) =20 +/** + * struct tee_ioctl_shm_register_fd_data - Shared memory registering argum= ent + * @fd: [in] File descriptor identifying dmabuf reference + * @size: [out] Size of referenced memory + * @flags: [in] Flags to/from allocation. + * @id: [out] Identifier of the shared memory + * + * The flags field should currently be zero as input. Updated by the call + * with actual flags as defined by TEE_IOCTL_SHM_* above. + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD below. + */ +struct tee_ioctl_shm_register_fd_data { + __s64 fd; + __u64 size; + __u32 flags; + __s32 id; +}; + +/** + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file descript= or + * + * Returns a file descriptor on success or < 0 on failure + * + * The returned file descriptor refers to the shared memory object in the + * kernel. The supplied file deccriptor can be closed if it's not needed + * for other purposes. The shared memory is freed when the descriptor is + * closed. + */ +#define TEE_IOC_SHM_REGISTER_FD _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 8, \ + struct tee_ioctl_shm_register_fd_data) + /** * struct tee_ioctl_buf_data - Variable sized buffer * @buf_ptr: [in] A __user pointer to a buffer --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 112D61F63F9 for ; Fri, 4 Apr 2025 14:32:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777164; cv=none; b=eJWVKtca1s0qHLl14WCnqLm0Dk94/+6jWfkI3+PWXQ2j7X4qB8M/2Az0vBJlevE+ChaEJSdGzwxvOvfXuEWZ8MIYY5aNlILguSi9nS/jpeowgwgxqUkpBRsMY0iQJRCSFqYIKno47aiwvmlW9UGNgEaOgKzw/dW2EQZG1LsNBvY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777164; c=relaxed/simple; bh=xG7dDLH1e0rQUKhUFoCzwJryvj15+cMd+PzwYNxveo0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=i/SaXFG/hE17TIWalfwsXPkVMtNzaqFojb94dkcDY74c25cmhugxos9/aobvTBHGr2o4Kp0JCJJ13Vwn5tR9orhdvzU13LWyFR5r0QA3xBrpWeoaSFItOOF1IjJZbY57awdlDsupvWLxDOzstpMFO6k5GLiVqFMKhl+373QN8zI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=H2KKHIJ8; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="H2KKHIJ8" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5f0c8448f99so1201075a12.1 for ; Fri, 04 Apr 2025 07:32:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777160; x=1744381960; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q5qo2YyNIySD0VmMNIZFqRKusBLbWYGLyvGHeWkP+bg=; b=H2KKHIJ8GZ4lIK7F4o0fYlnnmuc5jCTkCIRY3H7+iGwmo0IA+C3vmobn2jhDgu3e/d s8b9gJ5wDkYppcb0CUF6EmkE2ReNDHdLOqwTfZ2aprjwf6cNA5Y6R+U1Ce/IxFbe7Kba 8ivG8jICKerIhFOegus6Ir0tqlclCxic/YxXklRFZeXNvfIa2tx92yKZ5yEDzG605dB7 fgUINLRvfitf2uln9fZMK2KI10YjEMGfHSbiRjTNGqfDrxu1rxfqu0gklw0zBsY9Aiti YBcNGjW0YfF1sWFfGhU4OLkGaGTQ4RDBWE4Dr2lcGEDCLWSiQSTDG/Jdhl5JrTBusDOM 54ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777160; x=1744381960; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q5qo2YyNIySD0VmMNIZFqRKusBLbWYGLyvGHeWkP+bg=; b=M/zyNUejzCTzlO+fUyHOEEL/UAYKFzIJnk2e4nQbsdAr0/xo0jD3FJfMt7lNSfFK9/ FcNtk2IVj/gA6XTM3rLYyB8LxrQx6j751IkRkQdjhp4R2tEG2whh0MkuodTIGAnD72tc 5ZeC8wdehMvbg6naenH1VMzzhwkIKG6I2lzyhm3Kh5RSKqx4I7Fin8lygL+V4iSFTrLM yHc9GTFykDZqFn6oRhj8GNCEWIG0kwhoL4Qq4UFy3kVu3SmV8vuItYcXIJKt6fF/QZW1 gARDQfHB1rx573ZBhHU9JwkO0JcX/0XzcCzCwFdo64w46SNBv23mBMOhKgBMo2UNkEgq 3WZQ== X-Gm-Message-State: AOJu0YwFVM4Cjq4FwIyD9jdQrGd2xw4ty0nFuEIyUR9IHtEDhtQpa5UQ HdPHpuCs6XpBp0QSFQICtHUNXngFU36TqxddeQtKkPV662XE19rnijcspXNJ4T8ga3Se985Oj85 7Hfg= X-Gm-Gg: ASbGncszKspVeKFedI4rUfIga4gYx5biOyCv2ad5YoFnlQGClJBPnvAx1rU9JESJPIp 8n20A6jU9mUKUTTlNKvcM09lKmbZ5ttMMrIgH873yPtzbXVHJn9snXGJ7oJ1qTdh6HmF6oYHeEB +kyntMKp4cgJQOF8uTcPGeUZCzx/32epKdcg2943WoAM5vyeTMFv8Ls2Wj6tAjwwBduXnbSATo7 80LQnGv3vz/059XUIcMeZIp4mfxR22QCsI42uLf/N8pDhoZPbKKTY+AGDwS19uGhzYeOCuX58uS lif1STZ37OIvbDW5nb5utqYvx2SJ7C6U/vugIA8XDA7zf1b0ZcTjh59w0neqiWQQk+afsZ/QbNH d08Un1Hf3t1xwURJQTOUdqA== X-Google-Smtp-Source: AGHT+IEM2hKGK5BPtUOQZ2C93jlWGXwVhi6Jdx1BijC2kUctXxlRef+Ez6JQ6wrB5PbeK6VU5VkWDQ== X-Received: by 2002:a05:6402:2347:b0:5e4:be64:b562 with SMTP id 4fb4d7f45d1cf-5f0b3b658ecmr2441621a12.1.1743777159861; Fri, 04 Apr 2025 07:32:39 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:39 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 08/11] tee: add tee_shm_alloc_cma_phys_mem() Date: Fri, 4 Apr 2025 16:31:31 +0200 Message-ID: <20250404143215.2281034-9-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add tee_shm_alloc_cma_phys_mem() to allocate a physical memory using from the default CMA pool. The memory is represented by a tee_shm object using the new flag TEE_SHM_CMA_BUF to identify it as physical memory from CMA. Signed-off-by: Jens Wiklander --- drivers/tee/Kconfig | 5 ++++ drivers/tee/tee_shm.c | 55 ++++++++++++++++++++++++++++++++++++++-- include/linux/tee_core.h | 4 +++ 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index 084bd794374d..53514cccd1c9 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -16,6 +16,11 @@ config TEE_DMABUF_HEAP depends on TEE =3D y && DMABUF_HEAPS default y =20 +config TEE_CMA + bool + depends on TEE =3D y && CMA + default y + if TEE =20 source "drivers/tee/optee/Kconfig" diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index e1ed52ee0a16..d6b310b4a5fc 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -3,8 +3,11 @@ * Copyright (c) 2015-2017, 2019-2021 Linaro Limited */ #include +#include #include #include +#include +#include #include #include #include @@ -13,7 +16,6 @@ #include #include #include -#include #include "tee_private.h" =20 static void shm_put_kernel_pages(struct page **pages, size_t page_count) @@ -49,7 +51,14 @@ static void tee_shm_release(struct tee_device *teedev, s= truct tee_shm *shm) struct tee_shm *parent_shm =3D NULL; void *p =3D shm; =20 - if (shm->flags & TEE_SHM_DMA_BUF) { + if (shm->flags & TEE_SHM_CMA_BUF) { +#if IS_ENABLED(CONFIG_TEE_CMA) + struct page *page =3D phys_to_page(shm->paddr); + struct cma *cma =3D dev_get_cma_area(&shm->ctx->teedev->dev); + + cma_release(cma, page, shm->size / PAGE_SIZE); +#endif + } else if (shm->flags & TEE_SHM_DMA_BUF) { struct tee_shm_dmabuf_ref *ref; =20 ref =3D container_of(shm, struct tee_shm_dmabuf_ref, shm); @@ -306,6 +315,48 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_cont= ext *ctx, size_t size) } EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf); =20 +struct tee_shm *tee_shm_alloc_cma_phys_mem(struct tee_context *ctx, + size_t page_count, size_t align) +{ +#if IS_ENABLED(CONFIG_TEE_CMA) + struct tee_device *teedev =3D ctx->teedev; + struct cma *cma =3D dev_get_cma_area(&teedev->dev); + struct tee_shm *shm; + struct page *page; + + if (!tee_device_get(teedev)) + return ERR_PTR(-EINVAL); + + page =3D cma_alloc(cma, page_count, align, true/*no_warn*/); + if (!page) + goto err_put_teedev; + + shm =3D kzalloc(sizeof(*shm), GFP_KERNEL); + if (!shm) + goto err_cma_crelease; + + refcount_set(&shm->refcount, 1); + shm->ctx =3D ctx; + shm->paddr =3D page_to_phys(page); + shm->size =3D page_count * PAGE_SIZE; + shm->flags =3D TEE_SHM_CMA_BUF; + + teedev_ctx_get(ctx); + + return shm; + +err_cma_crelease: + cma_release(cma, page, page_count); +err_put_teedev: + tee_device_put(teedev); + + return ERR_PTR(-ENOMEM); +#else + return ERR_PTR(-EINVAL); +#endif +} +EXPORT_SYMBOL_GPL(tee_shm_alloc_cma_phys_mem); + int tee_dyn_shm_alloc_helper(struct tee_shm *shm, size_t size, size_t alig= n, int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm, diff --git a/include/linux/tee_core.h b/include/linux/tee_core.h index 02c07f661349..3a4e1b00fcc7 100644 --- a/include/linux/tee_core.h +++ b/include/linux/tee_core.h @@ -29,6 +29,7 @@ #define TEE_SHM_POOL BIT(2) /* Memory allocated from pool */ #define TEE_SHM_PRIV BIT(3) /* Memory private to TEE driver */ #define TEE_SHM_DMA_BUF BIT(4) /* Memory with dma-buf handle */ +#define TEE_SHM_CMA_BUF BIT(5) /* CMA allocated memory */ =20 #define TEE_DEVICE_FLAG_REGISTERED 0x1 #define TEE_MAX_DEV_NAME_LEN 32 @@ -310,6 +311,9 @@ void *tee_get_drvdata(struct tee_device *teedev); */ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t siz= e); =20 +struct tee_shm *tee_shm_alloc_cma_phys_mem(struct tee_context *ctx, + size_t page_count, size_t align); + int tee_dyn_shm_alloc_helper(struct tee_shm *shm, size_t size, size_t alig= n, int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm, --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 281711F76C0 for ; Fri, 4 Apr 2025 14:32:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777165; cv=none; b=ROscclXO6x+JEzPmpOEj/i33YsSfcNjNyt/7dsRJMEJEA8+1FqFB7mjeNh179ysjhVpkwkLO3J/x28R32i6HjuUrXNNrTn9jaoCC+X4ELEg4hA3LqHWNthXUeFQViosYDrYcxEj/u1LFLpcGtydpnR/hCSI0N2vXHbHdFwYz39s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777165; c=relaxed/simple; bh=zrFJZPMQUAiOjSEiHKHv7pGInMwAQy09WYmg9hEUSrs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Oq+ZD8nPDFx2ws9AngtXk44LArghUwN9vv6KGcTViHEuJjfRmPqAzEObLijE7nS/UPDqbdLz6r7hWT23QSTLXL4eElIxkYnMs/vb0KSsRf7X7AeWueLekww7CKsqmqV9sKOdxZmRlmQ/WAtXlMjldlMFVqwebP5qp1T1Rv17RUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=rrGQLYVa; arc=none smtp.client-ip=209.85.208.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="rrGQLYVa" Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5e66407963fso4036131a12.2 for ; Fri, 04 Apr 2025 07:32:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777162; x=1744381962; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qqVUo9839x0Dz2BO0CX+S7eZwnYbMhFJhNNlz9OFNHU=; b=rrGQLYVa44eJrFGWp34Bq9/yY5Aa1Vob9zzUba4Qk7m6QzmnHj8vGcuckHqAtFLTnc WoBVEAxbos6KOTP9X0LxxR5Mhk5l+yM9CWs3KrcQBWeV5Ptf1kZuwTH4AFyHhEJjOGVM KaEb24xZTMvfBdez5ZTk8zIOdYZABJYr1h6YUcONlfOeNz2FXg1Qez/qaRh18An7p7JX wojOaWKHJ5fGuWeUna44dNDvrltENpyVxyku+pXiq6k4NNhk8Lfjx/9FUptRusbYRbHV tJSOphQgA+DQnpZZnZBJ5mqxhYq34cxZvwQYgd8KZ5LdFlKK8I9f1PKwNSs3hpJ9IJRj MwGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777162; x=1744381962; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qqVUo9839x0Dz2BO0CX+S7eZwnYbMhFJhNNlz9OFNHU=; b=rXLMb9Sg/IffUU+F1NbnZHHhIXXZZWyR1oo22dM/2inngrxc7HV2Ixr0aPOF3GedKV 171RWIIuhbZp75+UqloFjNUDKMcB2SRujFxJg0ZS4sY13w5ORaE88UCjaaqK1vsb35dB CEH7svMGR9f8ekHbolYslh/fZxMw6et3czIrHU3QNyKMUxyEgd0c+eXlMwYvKC/bsV/A untEQTr4LmiLF/c9O9gUuk8jV6+Ej1muAx2AMQjgVwlsM88y0UZ/aNUNL5Ufb74ySLPt dujcgQbI+Uy669NLNw2ZJGCOgMAvGZ9PS3ihVDvDau4tA+7ohmM6Y1BaloclZysITQ+/ XB2Q== X-Gm-Message-State: AOJu0YwOY/b7XBda5EXQNTZdQ88A/GvDGmS2uRQRIA8opEwe1u6BS1PJ sGEXaO7Y8ArhpAGM0nwQ05HpFzvi9UKWZ4oG+/8vPZAXKgI7gHq2gsTvQB6wrB6jCl25nPnDp+M 7F8c= X-Gm-Gg: ASbGnctqzh3j1GWt1nlddGhe3h3TmtRbuz5IaVmNY2fZp1h7VK9EiYqtg02tqcHNo/R uGDIvJco/u8IpbIWxlB+zM7uLGzKHsqzvz2wEJl41wZCQJ8yJ9yIRX5E0kP3cR6wDav+RMeV8Wc 5c0BH363hbmxafy8hNPiZjVnKDr0ASoLg0dHQTjCL66qRkCrDHHD0iJulX7DAhtadjA2jrurGgT xUJdX+J6qQUYGVaiRqHWefbl9P4eiUA+gbPRI9SvOLGvSTuOXyMIxY5l6zemBkKM13cQ0JJLEq6 W86edf/IIwF6GEGgRhjXfuI5aq1oNiz+uxiGN/nJV7Fq6WtoxF2G093yXEX4UhFmb9EgCKFpV5n m+SbdERPAUBGZIXg6KCeR8w== X-Google-Smtp-Source: AGHT+IGI4VswEXbkr8wvPcpZqZzKqeC9kMo0saIbDftZfl+T9cBHd+BN83SFjwOfSSTztOoIdlkUdw== X-Received: by 2002:a05:6402:5cb:b0:5ec:cc28:1a78 with SMTP id 4fb4d7f45d1cf-5f0b657a59dmr2556677a12.20.1743777161950; Fri, 04 Apr 2025 07:32:41 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:41 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 09/11] optee: support protected memory allocation Date: Fri, 4 Apr 2025 16:31:32 +0200 Message-ID: <20250404143215.2281034-10-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support in the OP-TEE backend driver for protected memory allocation. The support is limited to only the SMC ABI and for secure video buffers. OP-TEE is probed for the range of protected physical memory and a memory pool allocator is initialized if OP-TEE have support for such memory. Signed-off-by: Jens Wiklander --- drivers/tee/optee/core.c | 1 + drivers/tee/optee/smc_abi.c | 44 +++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index c75fddc83576..c7fd8040480e 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -181,6 +181,7 @@ void optee_remove_common(struct optee *optee) tee_device_unregister(optee->supp_teedev); tee_device_unregister(optee->teedev); =20 + tee_device_unregister_all_dma_heaps(optee->teedev); tee_shm_pool_free(optee->pool); optee_supp_uninit(&optee->supp); mutex_destroy(&optee->call_queue.mutex); diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index cfdae266548b..c10b38b23586 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1620,6 +1620,41 @@ static inline int optee_load_fw(struct platform_devi= ce *pdev, } #endif =20 +static int optee_rstmem_pool_init(struct optee *optee) +{ + enum tee_dma_heap_id heap_id =3D TEE_DMA_HEAP_SECURE_VIDEO_PLAY; + struct tee_protmem_pool *pool; + int rc; + + if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM) { + union { + struct arm_smccc_res smccc; + struct optee_smc_get_protmem_config_result result; + } res; + + optee->smc.invoke_fn(OPTEE_SMC_GET_PROTMEM_CONFIG, 0, 0, 0, 0, + 0, 0, 0, &res.smccc); + if (res.result.status !=3D OPTEE_SMC_RETURN_OK) { + pr_err("Secure Data Path service not available\n"); + return 0; + } + + pool =3D tee_protmem_static_pool_alloc(res.result.start, + res.result.size); + if (IS_ERR(pool)) + return PTR_ERR(pool); + + rc =3D tee_device_register_dma_heap(optee->teedev, heap_id, pool); + if (rc) + goto err; + } + + return 0; +err: + pool->ops->destroy_pool(pool); + return rc; +} + static int optee_probe(struct platform_device *pdev) { optee_invoke_fn *invoke_fn; @@ -1715,7 +1750,7 @@ static int optee_probe(struct platform_device *pdev) optee =3D kzalloc(sizeof(*optee), GFP_KERNEL); if (!optee) { rc =3D -ENOMEM; - goto err_free_pool; + goto err_free_shm_pool; } =20 optee->ops =3D &optee_ops; @@ -1788,6 +1823,10 @@ static int optee_probe(struct platform_device *pdev) pr_info("Asynchronous notifications enabled\n"); } =20 + rc =3D optee_rstmem_pool_init(optee); + if (rc) + goto err_notif_uninit; + /* * Ensure that there are no pre-existing shm objects before enabling * the shm cache so that there's no chance of receiving an invalid @@ -1823,6 +1862,7 @@ static int optee_probe(struct platform_device *pdev) optee_disable_shm_cache(optee); optee_smc_notif_uninit_irq(optee); optee_unregister_devices(); + tee_device_unregister_all_dma_heaps(optee->teedev); err_notif_uninit: optee_notif_uninit(optee); err_close_ctx: @@ -1839,7 +1879,7 @@ static int optee_probe(struct platform_device *pdev) tee_device_unregister(optee->teedev); err_free_optee: kfree(optee); -err_free_pool: +err_free_shm_pool: tee_shm_pool_free(pool); if (memremaped_shm) memunmap(memremaped_shm); --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 189681F873C for ; Fri, 4 Apr 2025 14:32:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777168; cv=none; b=f8Sr1tD5Pc1YHcnK6RF5g6yLRaZwttttd/xwRqA68WZuSf1tAP1gJzi4a6aKBfMEdCuBztbXqjhEIH70rDorVoymG2Q/Ajj8q7OyKU6SVWqPmfM1o2tjib/0tENsAWRXO/2kz2AOvMi84I69vf/tpbHgWCahlk4JkN2XaPLIW1k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777168; c=relaxed/simple; bh=JN8yfUXJdVQtiPqJs/D4MenG1Cpyg/C7HYweDbk427c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NsYCe6SRK3K4ulvmXcByxoRSbeCKfy6co1x4hwE51gHFdm44HvIuHmO8UaasGg9Wiq+DtJLG/qpCwMPvXavIpQQgKZIx54lB/FlEwulm7qlUeVgpcq5z/KeZeluSZZGM34HSz8pyb0g3VyQp6xsQ0vwhnqrUQ4ge27V4soop+1c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=ZHgj9TRe; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="ZHgj9TRe" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5e5c9662131so3446485a12.3 for ; Fri, 04 Apr 2025 07:32:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777164; x=1744381964; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zftogUH8wrVhS+ppxIzLQgaqNYiWDbaDEKbm5R6PXVo=; b=ZHgj9TReDqXZT+5sEW9r4zE3NzoM4ok0g2JC0bKBUZnMnawqt+rVBtSw1x00Ld5OFn +N8X3eGfkvpEroU85gcCjSsXkfoeM8e+VK90bwl9EnjB0+fOCqxsCI6MzDRqeNBltoXU LnERT3pnMv+xwMFLRHBt4xWG7vEyI7y4kWMr2ppxuFUP19dnK9aXvTkmnSCWuHXwb3ej vXE2dUivvmo7h4TuJntBy74Og4cXClRHn8Pom1nigyAAOReRBMLlDlZ/ttL5+mqp7aIl fdXopOhxDukC2VJryJtR/GVOJb1CWIOTGLbXqNzNmIjDlNs0rFYPw/IResCO7zZLKeA1 UVwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777164; x=1744381964; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zftogUH8wrVhS+ppxIzLQgaqNYiWDbaDEKbm5R6PXVo=; b=GLa6l1Uuj0Lh+R7vxdH353sq126A7EKfXgSf4Or9s24zcaWguRrQn3+aeVskkHpS9z iEmd1449qS6ZRhLWOlOV+Q+pAl3gZBON7n9jW8SKz49ePCJNRbKE1CzPlCOOwEHVYzek yc8FKuJTh9XHR3LOb8zEQUHqnwcrlyWmJ1Z6RS09FpfO0Um6ZcpvSEJBRHMxlxL1Ed+Y 1fAZqdEdwU1kxSAGtn2Yh0sC8pN8GusQ2/n8WrxBcEtz73XhgRbDUQZuEJ0QjNxsfFuc 8+BKI6TS6fEOCAyyvwLRerG/Li4/4BvNWPR8AjuDp+jxs1NEw8UgfPYaZ1Lo9ffxoFmV yTdw== X-Gm-Message-State: AOJu0YzXMBmQ0gMAZbxDt+lKT5813IEqOWeJph2sPfanWWaKjv84wZJf spG/n5+7Ccx6GJwvdZnye9BE6dpMdFaDsbeK+fHm0nx8Zy7sUVwB8OJqJKdMohHOpoaSXddzqOV hOEA= X-Gm-Gg: ASbGncsExHKUpGj5kfadzvfL89aCpIoW3MYU/ZuboIFEDqiUbURNypMEjHKyVqXXtKg 17U67FWLsPEf7eLuHIPVh3HFjQqp1Lf2jhwSVOnMPV2mZxM0iHbuN/TbW59Kd2J/lxkjqo7GSUg xiGwX0gkiZyguVtAFWhI1dnFkfAd0RP1tKmvqRpmXlNT6l5B295/KpIKPBybirYwhnbMbKCBtkL CcxEAN0nhmGU2tyOJSW/Q0FplI5WH6kHTevzZgfgg80hMEEPyu9B2ZUlMqxtDfCf0TLDQ91JPmZ Pr8674bKHIi1kPfGUQVcszwEnOtCD5A6kjyf1E0f3qYg2EAWTsGQ7NqggqAMPeSEVcMtdc0cteo 9nlhmqA99LNZPEZNRaIyaxQ== X-Google-Smtp-Source: AGHT+IFjGhwgHZOVgOI2F03Goqk+5N163rrNp4qt5sJZVhpDmuR+V3ybcqRsEzSx49PUhVBHLk7XOA== X-Received: by 2002:a05:6402:3593:b0:5dc:c531:e5c0 with SMTP id 4fb4d7f45d1cf-5f0b6606169mr2834359a12.27.1743777163798; Fri, 04 Apr 2025 07:32:43 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:43 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 10/11] optee: FF-A: dynamic protected memory allocation Date: Fri, 4 Apr 2025 16:31:33 +0200 Message-ID: <20250404143215.2281034-11-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support in the OP-TEE backend driver dynamic protected memory allocation with FF-A. The protected memory pools for dynamically allocated protected memory are instantiated when requested by user-space. This instantiation can fail if OP-TEE doesn't support the requested use-case of protected memory. Restricted memory pools based on a static carveout or dynamic allocation can coexist for different use-cases. We use only dynamic allocation with FF-A. Signed-off-by: Jens Wiklander --- drivers/tee/optee/Makefile | 1 + drivers/tee/optee/ffa_abi.c | 144 ++++++++++++- drivers/tee/optee/optee_private.h | 13 +- drivers/tee/optee/protmem.c | 330 ++++++++++++++++++++++++++++++ 4 files changed, 485 insertions(+), 3 deletions(-) create mode 100644 drivers/tee/optee/protmem.c diff --git a/drivers/tee/optee/Makefile b/drivers/tee/optee/Makefile index a6eff388d300..ad7049c1c107 100644 --- a/drivers/tee/optee/Makefile +++ b/drivers/tee/optee/Makefile @@ -4,6 +4,7 @@ optee-objs +=3D core.o optee-objs +=3D call.o optee-objs +=3D notif.o optee-objs +=3D rpc.o +optee-objs +=3D protmem.o optee-objs +=3D supp.o optee-objs +=3D device.o optee-objs +=3D smc_abi.o diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index e4b08cd195f3..98cb0e9094eb 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -672,6 +672,124 @@ static int optee_ffa_do_call_with_arg(struct tee_cont= ext *ctx, return optee_ffa_yielding_call(ctx, &data, rpc_arg, system_thread); } =20 +static int do_call_lend_protmem(struct optee *optee, u64 cookie, u32 use_c= ase) +{ + struct optee_shm_arg_entry *entry; + struct optee_msg_arg *msg_arg; + struct tee_shm *shm; + u_int offs; + int rc; + + msg_arg =3D optee_get_msg_arg(optee->ctx, 1, &entry, &shm, &offs); + if (IS_ERR(msg_arg)) + return PTR_ERR(msg_arg); + + msg_arg->cmd =3D OPTEE_MSG_CMD_ASSIGN_PROTMEM; + msg_arg->params[0].attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; + msg_arg->params[0].u.value.a =3D cookie; + msg_arg->params[0].u.value.b =3D use_case; + + rc =3D optee->ops->do_call_with_arg(optee->ctx, shm, offs, false); + if (rc) + goto out; + if (msg_arg->ret !=3D TEEC_SUCCESS) { + rc =3D -EINVAL; + goto out; + } + +out: + optee_free_msg_arg(optee->ctx, entry, offs); + return rc; +} + +static int optee_ffa_lend_protmem(struct optee *optee, struct tee_shm *pro= tmem, + u16 *end_points, unsigned int ep_count, + u32 use_case) +{ + struct ffa_device *ffa_dev =3D optee->ffa.ffa_dev; + const struct ffa_mem_ops *mem_ops =3D ffa_dev->ops->mem_ops; + const struct ffa_msg_ops *msg_ops =3D ffa_dev->ops->msg_ops; + struct ffa_send_direct_data data; + struct ffa_mem_region_attributes *mem_attr; + struct ffa_mem_ops_args args =3D { + .use_txbuf =3D true, + .tag =3D use_case, + }; + struct page *page; + struct scatterlist sgl; + unsigned int n; + int rc; + + mem_attr =3D kcalloc(ep_count, sizeof(*mem_attr), GFP_KERNEL); + for (n =3D 0; n < ep_count; n++) { + mem_attr[n].receiver =3D end_points[n]; + mem_attr[n].attrs =3D FFA_MEM_RW; + } + args.attrs =3D mem_attr; + args.nattrs =3D ep_count; + + page =3D phys_to_page(protmem->paddr); + sg_init_table(&sgl, 1); + sg_set_page(&sgl, page, protmem->size, 0); + + args.sg =3D &sgl; + rc =3D mem_ops->memory_lend(&args); + kfree(mem_attr); + if (rc) + return rc; + + rc =3D do_call_lend_protmem(optee, args.g_handle, use_case); + if (rc) + goto err_reclaim; + + rc =3D optee_shm_add_ffa_handle(optee, protmem, args.g_handle); + if (rc) + goto err_unreg; + + protmem->sec_world_id =3D args.g_handle; + + return 0; + +err_unreg: + data =3D (struct ffa_send_direct_data){ + .data0 =3D OPTEE_FFA_RELEASE_PROTMEM, + .data1 =3D (u32)args.g_handle, + .data2 =3D (u32)(args.g_handle >> 32), + }; + msg_ops->sync_send_receive(ffa_dev, &data); +err_reclaim: + mem_ops->memory_reclaim(args.g_handle, 0); + return rc; +} + +static int optee_ffa_reclaim_protmem(struct optee *optee, + struct tee_shm *protmem) +{ + struct ffa_device *ffa_dev =3D optee->ffa.ffa_dev; + const struct ffa_msg_ops *msg_ops =3D ffa_dev->ops->msg_ops; + const struct ffa_mem_ops *mem_ops =3D ffa_dev->ops->mem_ops; + u64 global_handle =3D protmem->sec_world_id; + struct ffa_send_direct_data data =3D { + .data0 =3D OPTEE_FFA_RELEASE_PROTMEM, + .data1 =3D (u32)global_handle, + .data2 =3D (u32)(global_handle >> 32) + }; + int rc; + + optee_shm_rem_ffa_handle(optee, global_handle); + protmem->sec_world_id =3D 0; + + rc =3D msg_ops->sync_send_receive(ffa_dev, &data); + if (rc) + pr_err("Release SHM id 0x%llx rc %d\n", global_handle, rc); + + rc =3D mem_ops->memory_reclaim(global_handle, 0); + if (rc) + pr_err("mem_reclaim: 0x%llx %d", global_handle, rc); + + return rc; +} + /* * 6. Driver initialization * @@ -833,6 +951,8 @@ static const struct optee_ops optee_ffa_ops =3D { .do_call_with_arg =3D optee_ffa_do_call_with_arg, .to_msg_param =3D optee_ffa_to_msg_param, .from_msg_param =3D optee_ffa_from_msg_param, + .lend_protmem =3D optee_ffa_lend_protmem, + .reclaim_protmem =3D optee_ffa_reclaim_protmem, }; =20 static void optee_ffa_remove(struct ffa_device *ffa_dev) @@ -941,7 +1061,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) optee->pool, optee); if (IS_ERR(teedev)) { rc =3D PTR_ERR(teedev); - goto err_free_pool; + goto err_free_shm_pool; } optee->teedev =3D teedev; =20 @@ -988,6 +1108,24 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) rc); } =20 + if (IS_ENABLED(CONFIG_TEE_CMA) && + (sec_caps & OPTEE_FFA_SEC_CAP_PROTMEM)) { + enum tee_dma_heap_id id =3D TEE_DMA_HEAP_SECURE_VIDEO_PLAY; + struct tee_protmem_pool *pool; + + pool =3D optee_protmem_alloc_cma_pool(optee, id); + if (IS_ERR(pool)) { + rc =3D PTR_ERR(pool); + goto err_notif_uninit; + } + + rc =3D tee_device_register_dma_heap(optee->teedev, id, pool); + if (rc) { + pool->ops->destroy_pool(pool); + goto err_notif_uninit; + } + } + rc =3D optee_enumerate_devices(PTA_CMD_GET_DEVICES); if (rc) goto err_unregister_devices; @@ -1001,6 +1139,8 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) =20 err_unregister_devices: optee_unregister_devices(); + tee_device_unregister_all_dma_heaps(optee->teedev); +err_notif_uninit: if (optee->ffa.bottom_half_value !=3D U32_MAX) notif_ops->notify_relinquish(ffa_dev, optee->ffa.bottom_half_value); @@ -1018,7 +1158,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev) tee_device_unregister(optee->supp_teedev); err_unreg_teedev: tee_device_unregister(optee->teedev); -err_free_pool: +err_free_shm_pool: tee_shm_pool_free(pool); err_free_optee: kfree(optee); diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_pr= ivate.h index 20eda508dbac..7c53433f6562 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -174,9 +174,14 @@ struct optee; * @do_call_with_arg: enters OP-TEE in secure world * @to_msg_param: converts from struct tee_param to OPTEE_MSG parameters * @from_msg_param: converts from OPTEE_MSG parameters to struct tee_param + * @lend_protmem: lends physically contiguous memory as restricted + * memory, inaccessible by the kernel + * @reclaim_protmem: reclaims restricted memory previously lent with + * @lend_protmem() and makes it accessible by the + * kernel again * * These OPs are only supposed to be used internally in the OP-TEE driver - * as a way of abstracting the different methogs of entering OP-TEE in + * as a way of abstracting the different methods of entering OP-TEE in * secure world. */ struct optee_ops { @@ -191,6 +196,10 @@ struct optee_ops { size_t num_params, const struct optee_msg_param *msg_params, bool update_out); + int (*lend_protmem)(struct optee *optee, struct tee_shm *protmem, + u16 *end_points, unsigned int ep_count, + u32 use_case); + int (*reclaim_protmem)(struct optee *optee, struct tee_shm *protmem); }; =20 /** @@ -285,6 +294,8 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 fu= nc, size_t num_params, void optee_supp_init(struct optee_supp *supp); void optee_supp_uninit(struct optee_supp *supp); void optee_supp_release(struct optee_supp *supp); +struct tee_protmem_pool *optee_protmem_alloc_cma_pool(struct optee *optee, + enum tee_dma_heap_id id); =20 int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, struct tee_param *param); diff --git a/drivers/tee/optee/protmem.c b/drivers/tee/optee/protmem.c new file mode 100644 index 000000000000..a9a2d20bff30 --- /dev/null +++ b/drivers/tee/optee/protmem.c @@ -0,0 +1,330 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2025, Linaro Limited + */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include "optee_private.h" + +struct optee_protmem_cma_pool { + struct tee_protmem_pool pool; + struct gen_pool *gen_pool; + struct optee *optee; + size_t page_count; + u16 *end_points; + u_int end_point_count; + u_int align; + refcount_t refcount; + u32 use_case; + struct tee_shm *protmem; + /* Protects when initializing and tearing down this struct */ + struct mutex mutex; +}; + +static struct optee_protmem_cma_pool * +to_protmem_cma_pool(struct tee_protmem_pool *pool) +{ + return container_of(pool, struct optee_protmem_cma_pool, pool); +} + +static int init_cma_protmem(struct optee_protmem_cma_pool *rp) +{ + int rc; + + rp->protmem =3D tee_shm_alloc_cma_phys_mem(rp->optee->ctx, rp->page_count, + rp->align); + if (IS_ERR(rp->protmem)) { + rc =3D PTR_ERR(rp->protmem); + goto err_null_protmem; + } + + /* + * TODO unmap the memory range since the physical memory will + * become inaccesible after the lend_protmem() call. + */ + rc =3D rp->optee->ops->lend_protmem(rp->optee, rp->protmem, + rp->end_points, + rp->end_point_count, rp->use_case); + if (rc) + goto err_put_shm; + rp->protmem->flags |=3D TEE_SHM_DYNAMIC; + + rp->gen_pool =3D gen_pool_create(PAGE_SHIFT, -1); + if (!rp->gen_pool) { + rc =3D -ENOMEM; + goto err_reclaim; + } + + rc =3D gen_pool_add(rp->gen_pool, rp->protmem->paddr, + rp->protmem->size, -1); + if (rc) + goto err_free_pool; + + refcount_set(&rp->refcount, 1); + return 0; + +err_free_pool: + gen_pool_destroy(rp->gen_pool); + rp->gen_pool =3D NULL; +err_reclaim: + rp->optee->ops->reclaim_protmem(rp->optee, rp->protmem); +err_put_shm: + tee_shm_put(rp->protmem); +err_null_protmem: + rp->protmem =3D NULL; + return rc; +} + +static int get_cma_protmem(struct optee_protmem_cma_pool *rp) +{ + int rc =3D 0; + + if (!refcount_inc_not_zero(&rp->refcount)) { + mutex_lock(&rp->mutex); + if (rp->gen_pool) { + /* + * Another thread has already initialized the pool + * before us, or the pool was just about to be torn + * down. Either way we only need to increase the + * refcount and we're done. + */ + refcount_inc(&rp->refcount); + } else { + rc =3D init_cma_protmem(rp); + } + mutex_unlock(&rp->mutex); + } + + return rc; +} + +static void release_cma_protmem(struct optee_protmem_cma_pool *rp) +{ + gen_pool_destroy(rp->gen_pool); + rp->gen_pool =3D NULL; + + rp->optee->ops->reclaim_protmem(rp->optee, rp->protmem); + rp->protmem->flags &=3D ~TEE_SHM_DYNAMIC; + + WARN(refcount_read(&rp->protmem->refcount) !=3D 1, "Unexpected refcount"); + tee_shm_put(rp->protmem); + rp->protmem =3D NULL; +} + +static void put_cma_protmem(struct optee_protmem_cma_pool *rp) +{ + if (refcount_dec_and_test(&rp->refcount)) { + mutex_lock(&rp->mutex); + if (rp->gen_pool) + release_cma_protmem(rp); + mutex_unlock(&rp->mutex); + } +} + +static int protmem_pool_op_cma_alloc(struct tee_protmem_pool *pool, + struct sg_table *sgt, size_t size, + size_t *offs) +{ + struct optee_protmem_cma_pool *rp =3D to_protmem_cma_pool(pool); + size_t sz =3D ALIGN(size, PAGE_SIZE); + phys_addr_t pa; + int rc; + + rc =3D get_cma_protmem(rp); + if (rc) + return rc; + + pa =3D gen_pool_alloc(rp->gen_pool, sz); + if (!pa) { + rc =3D -ENOMEM; + goto err_put; + } + + rc =3D sg_alloc_table(sgt, 1, GFP_KERNEL); + if (rc) + goto err_free; + + sg_set_page(sgt->sgl, phys_to_page(pa), size, 0); + *offs =3D pa - rp->protmem->paddr; + + return 0; +err_free: + gen_pool_free(rp->gen_pool, pa, size); +err_put: + put_cma_protmem(rp); + + return rc; +} + +static void protmem_pool_op_cma_free(struct tee_protmem_pool *pool, + struct sg_table *sgt) +{ + struct optee_protmem_cma_pool *rp =3D to_protmem_cma_pool(pool); + struct scatterlist *sg; + int i; + + for_each_sgtable_sg(sgt, sg, i) + gen_pool_free(rp->gen_pool, sg_phys(sg), sg->length); + sg_free_table(sgt); + put_cma_protmem(rp); +} + +static int protmem_pool_op_cma_update_shm(struct tee_protmem_pool *pool, + struct sg_table *sgt, size_t offs, + struct tee_shm *shm, + struct tee_shm **parent_shm) +{ + struct optee_protmem_cma_pool *rp =3D to_protmem_cma_pool(pool); + + *parent_shm =3D rp->protmem; + + return 0; +} + +static void pool_op_cma_destroy_pool(struct tee_protmem_pool *pool) +{ + struct optee_protmem_cma_pool *rp =3D to_protmem_cma_pool(pool); + + mutex_destroy(&rp->mutex); + kfree(rp); +} + +static struct tee_protmem_pool_ops protmem_pool_ops_cma =3D { + .alloc =3D protmem_pool_op_cma_alloc, + .free =3D protmem_pool_op_cma_free, + .update_shm =3D protmem_pool_op_cma_update_shm, + .destroy_pool =3D pool_op_cma_destroy_pool, +}; + +static int get_protmem_config(struct optee *optee, u32 use_case, + size_t *min_size, u_int *min_align, + u16 *end_points, u_int *ep_count) +{ + struct tee_param params[2] =3D { + [0] =3D { + .attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT, + .u.value.a =3D use_case, + }, + [1] =3D { + .attr =3D TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT, + }, + }; + struct optee_shm_arg_entry *entry; + struct tee_shm *shm_param =3D NULL; + struct optee_msg_arg *msg_arg; + struct tee_shm *shm; + u_int offs; + int rc; + + if (end_points && *ep_count) { + params[1].u.memref.size =3D *ep_count * sizeof(*end_points); + shm_param =3D tee_shm_alloc_priv_buf(optee->ctx, + params[1].u.memref.size); + if (IS_ERR(shm_param)) + return PTR_ERR(shm_param); + params[1].u.memref.shm =3D shm_param; + } + + msg_arg =3D optee_get_msg_arg(optee->ctx, ARRAY_SIZE(params), &entry, + &shm, &offs); + if (IS_ERR(msg_arg)) { + rc =3D PTR_ERR(msg_arg); + goto out_free_shm; + } + msg_arg->cmd =3D OPTEE_MSG_CMD_GET_PROTMEM_CONFIG; + + rc =3D optee->ops->to_msg_param(optee, msg_arg->params, + ARRAY_SIZE(params), params, + false /*!update_out*/); + if (rc) + goto out_free_msg; + + rc =3D optee->ops->do_call_with_arg(optee->ctx, shm, offs, false); + if (rc) + goto out_free_msg; + if (msg_arg->ret && msg_arg->ret !=3D TEEC_ERROR_SHORT_BUFFER) { + rc =3D -EINVAL; + goto out_free_msg; + } + + rc =3D optee->ops->from_msg_param(optee, params, ARRAY_SIZE(params), + msg_arg->params, true /*update_out*/); + if (rc) + goto out_free_msg; + + if (!msg_arg->ret && end_points && + *ep_count < params[1].u.memref.size / sizeof(u16)) { + rc =3D -EINVAL; + goto out_free_msg; + } + + *min_size =3D params[0].u.value.a; + *min_align =3D params[0].u.value.b; + *ep_count =3D params[1].u.memref.size / sizeof(u16); + + if (msg_arg->ret =3D=3D TEEC_ERROR_SHORT_BUFFER) { + rc =3D -ENOSPC; + goto out_free_msg; + } + + if (end_points) + memcpy(end_points, tee_shm_get_va(shm_param, 0), + params[1].u.memref.size); + +out_free_msg: + optee_free_msg_arg(optee->ctx, entry, offs); +out_free_shm: + if (shm_param) + tee_shm_free(shm_param); + return rc; +} + +struct tee_protmem_pool *optee_protmem_alloc_cma_pool(struct optee *optee, + enum tee_dma_heap_id id) +{ + struct optee_protmem_cma_pool *rp; + u32 use_case =3D id; + size_t min_size; + int rc; + + rp =3D kzalloc(sizeof(*rp), GFP_KERNEL); + if (!rp) + return ERR_PTR(-ENOMEM); + rp->use_case =3D use_case; + + rc =3D get_protmem_config(optee, use_case, &min_size, &rp->align, NULL, + &rp->end_point_count); + if (rc) { + if (rc !=3D -ENOSPC) + goto err; + rp->end_points =3D kcalloc(rp->end_point_count, + sizeof(*rp->end_points), GFP_KERNEL); + if (!rp->end_points) { + rc =3D -ENOMEM; + goto err; + } + rc =3D get_protmem_config(optee, use_case, &min_size, &rp->align, + rp->end_points, &rp->end_point_count); + if (rc) + goto err_kfree_eps; + } + + rp->pool.ops =3D &protmem_pool_ops_cma; + rp->optee =3D optee; + rp->page_count =3D min_size / PAGE_SIZE; + mutex_init(&rp->mutex); + + return &rp->pool; + +err_kfree_eps: + kfree(rp->end_points); +err: + kfree(rp); + return ERR_PTR(rc); +} --=20 2.43.0 From nobody Sun Feb 8 09:26:55 2026 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE19A1F8ACA for ; Fri, 4 Apr 2025 14:32:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777169; cv=none; b=hdZ0aYVrYtX/nkbweDuEUnwXmnMy7rCk6k/9YzVEk9vsu6bUGp7ZRRzwGJfbSuIDoofpi9rjMrTapq5XIsUVZZ061ztfYGH2j33BUBFsYMtHmjA1oOVIDNk/rYmJ9Vyxu6BVY1JSfImy7Xow5wFqE+woy/xA9Y5MXRy5QCD7JWc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743777169; c=relaxed/simple; bh=xHB8JHjf/tOVUigrC/8AjwRmS/VCkvn1T1vcXrDlRsY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=V98XQ3KHPizzmW5BU2bIO5cZISXPgVjXW79x53BohAEBuuMMreQoZ2gc7yV3YqUlIXQUF96++mPHD9H/FVxZQh40s9JVlGDqdigqCIJ3VoMuVtjikEeO8xuScuF6TwAa3MPQSFW/KwfXuccwGrTlH8t9eG5MUsCFRnz29B6s6YE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=uriEuaJZ; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="uriEuaJZ" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5e5e34f4e89so4138248a12.1 for ; Fri, 04 Apr 2025 07:32:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1743777166; x=1744381966; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vPfYhkbEaDQyvItBPqD6f0Sef9tTAM/sN3gZBFbfI4Q=; b=uriEuaJZdUPLjwZtsi8S67HcDJT5KNCorcdh+Irh2AqfN3nQCxuvcwpQ4vv3XLWQwr olQu31GvYq2O2wOYfQuFfZcmcf88iGKcQAhnb2oq9hjOHHWgahWHnNDhLWvGgO0MeJ2r xQI7jwM6UPAoNXSNuus2OLHdx6kb5rb4exyjwySGEVfvm7F4mganKYgB5/xTLRJmJ3hP une0Rr3/6qbt6ad2FhVTv6M3HVhdZjIE7etVXJEyuuaO1GJ1XS+rKdb/E4zJpdsJT7OS a94nWa0o5vn7QsTeAuo6ao9uxIwVUa/qLuT+nbOZrdFhAlBRln+97JXAWoKh/Kj/orzz /rLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743777166; x=1744381966; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vPfYhkbEaDQyvItBPqD6f0Sef9tTAM/sN3gZBFbfI4Q=; b=tDQ6kXhFJwciz+MG8XgGV8nzhIKXb3woZUwiGfegH34bDjYQL9mMSqPND6JWUJIQpG p/0kSFALBqUt+CubUn7mXf70HgB4d8gkSVbhlLl3ons1qvdBH2JNIP/HURa5s8+XfMLi /2odHES5hOuxjumroWXNggk1c73CeKZoudvDVSpq8gMKLCIw+dssXd15H1SmJE18zi3+ T23PIjtGEO3/kE29FOlfHCIK7kbUDjbdQYeunQUJzScv91qjEx0j3Vf0Q4/M0p07v52g 8OfXAd114Z6htfiNE7jaUAPmC3SPugJy7UR3A8ia3vpnfKD5VSI4sDF0ZolY5FRk+O7C kw8A== X-Gm-Message-State: AOJu0Yz6rvqgMq5VVdsJFj7hu0ZkZLDowBTxMdfzkf0lKVDFINV21vlc uhyHDvZZfqf6azvjjeM7705iIVh4Xo/z3C4eWYtYotk2+YBy3gm/+FHZpAwYizQ4u/Ksh+9UTyr 6mVE= X-Gm-Gg: ASbGncuw8eIi/sho13esNqlV0mpKJcLBApg35tHcCRhgiel5IttxOu1mWU89roQ93xh A510+0eTScjzEH1E9IKBdmmFHrrLeprOXQSgOYvSOgPKyQU5ru0Hfu9FH20LIOsHLdWUZuJuEoA Cfuf5xPkw7Hv/16LLmGjqR3lQ8pERSLPSt4WzjMmhLNqEPa6zuvM7n5JYeUrv1x3GcWHEaPV33m qZESYuQXduzZCBqdPx2JHZNv/NG/BNLTSu7fLodvPEJOXj2FQK/7Wv94HDyimxl/5PdePzlrilg aVUgubhqFn0yQn/Q4t2FFigoKGz+H0djb0EQvPnkvUfTuPMT+wzzJVPo4sLtov9SvdUMCL2I6FU 6NAol6w4Fegt9a2phKFA8sg== X-Google-Smtp-Source: AGHT+IExyXHbOf2taNxw2yz+3CcX0NYoBCdJtwB6sr0Vv5nuFXnktNWKFMtHaLzI32Tb9SdvBjUavw== X-Received: by 2002:a05:6402:380c:b0:5f0:8551:9790 with SMTP id 4fb4d7f45d1cf-5f0b3bcd2c0mr2481680a12.16.1743777165747; Fri, 04 Apr 2025 07:32:45 -0700 (PDT) Received: from rayden.urgonet (h-98-128-140-123.A175.priv.bahnhof.se. [98.128.140.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5f087f0a0f3sm2567450a12.43.2025.04.04.07.32.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Apr 2025 07:32:45 -0700 (PDT) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, op-tee@lists.trustedfirmware.org, linux-arm-kernel@lists.infradead.org Cc: Olivier Masse , Thierry Reding , Yong Wu , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T . J . Mercier" , =?UTF-8?q?Christian=20K=C3=B6nig?= , Sumit Garg , Matthias Brugger , AngeloGioacchino Del Regno , azarrabi@qti.qualcomm.com, Simona Vetter , Daniel Stone , Jens Wiklander Subject: [PATCH v7 11/11] optee: smc abi: dynamic protected memory allocation Date: Fri, 4 Apr 2025 16:31:34 +0200 Message-ID: <20250404143215.2281034-12-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250404143215.2281034-1-jens.wiklander@linaro.org> References: <20250404143215.2281034-1-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support in the OP-TEE backend driver for dynamic protected memory allocation using the SMC ABI. Signed-off-by: Jens Wiklander --- drivers/tee/optee/smc_abi.c | 102 ++++++++++++++++++++++++++++++------ 1 file changed, 85 insertions(+), 17 deletions(-) diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index c10b38b23586..dd9887826590 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -1001,6 +1001,70 @@ static int optee_smc_do_call_with_arg(struct tee_con= text *ctx, return rc; } =20 +static int optee_smc_lend_protmem(struct optee *optee, struct tee_shm *pro= tmem, + u16 *end_points, unsigned int ep_count, + u32 use_case) +{ + struct optee_shm_arg_entry *entry; + struct optee_msg_arg *msg_arg; + struct tee_shm *shm; + u_int offs; + int rc; + + msg_arg =3D optee_get_msg_arg(optee->ctx, 2, &entry, &shm, &offs); + if (IS_ERR(msg_arg)) + return PTR_ERR(msg_arg); + + msg_arg->cmd =3D OPTEE_MSG_CMD_LEND_PROTMEM; + msg_arg->params[0].attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; + msg_arg->params[0].u.value.a =3D use_case; + msg_arg->params[1].attr =3D OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; + msg_arg->params[1].u.tmem.buf_ptr =3D protmem->paddr; + msg_arg->params[1].u.tmem.size =3D protmem->size; + msg_arg->params[1].u.tmem.shm_ref =3D (u_long)protmem; + + rc =3D optee->ops->do_call_with_arg(optee->ctx, shm, offs, false); + if (rc) + goto out; + if (msg_arg->ret !=3D TEEC_SUCCESS) { + rc =3D -EINVAL; + goto out; + } + protmem->sec_world_id =3D (u_long)protmem; + +out: + optee_free_msg_arg(optee->ctx, entry, offs); + return rc; +} + +static int optee_smc_reclaim_protmem(struct optee *optee, + struct tee_shm *protmem) +{ + struct optee_shm_arg_entry *entry; + struct optee_msg_arg *msg_arg; + struct tee_shm *shm; + u_int offs; + int rc; + + msg_arg =3D optee_get_msg_arg(optee->ctx, 1, &entry, &shm, &offs); + if (IS_ERR(msg_arg)) + return PTR_ERR(msg_arg); + + msg_arg->cmd =3D OPTEE_MSG_CMD_RECLAIM_PROTMEM; + msg_arg->params[0].attr =3D OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; + msg_arg->params[0].u.rmem.shm_ref =3D (u_long)protmem; + + rc =3D optee->ops->do_call_with_arg(optee->ctx, shm, offs, false); + if (rc) + goto out; + if (msg_arg->ret !=3D TEEC_SUCCESS) + rc =3D -EINVAL; + +out: + optee_free_msg_arg(optee->ctx, entry, offs); + return rc; +} + /* * 5. Asynchronous notification */ @@ -1252,6 +1316,8 @@ static const struct optee_ops optee_ops =3D { .do_call_with_arg =3D optee_smc_do_call_with_arg, .to_msg_param =3D optee_to_msg_param, .from_msg_param =3D optee_from_msg_param, + .lend_protmem =3D optee_smc_lend_protmem, + .reclaim_protmem =3D optee_smc_reclaim_protmem, }; =20 static int enable_async_notif(optee_invoke_fn *invoke_fn) @@ -1620,13 +1686,16 @@ static inline int optee_load_fw(struct platform_dev= ice *pdev, } #endif =20 -static int optee_rstmem_pool_init(struct optee *optee) +static int optee_protmem_pool_init(struct optee *optee) { + bool protm =3D optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM; + bool dyn_protm =3D optee->smc.sec_caps & + OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM; enum tee_dma_heap_id heap_id =3D TEE_DMA_HEAP_SECURE_VIDEO_PLAY; - struct tee_protmem_pool *pool; - int rc; + struct tee_protmem_pool *pool =3D ERR_PTR(-EINVAL); + int rc =3D -EINVAL; =20 - if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM) { + if (protm) { union { struct arm_smccc_res smccc; struct optee_smc_get_protmem_config_result result; @@ -1634,25 +1703,24 @@ static int optee_rstmem_pool_init(struct optee *opt= ee) =20 optee->smc.invoke_fn(OPTEE_SMC_GET_PROTMEM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc); - if (res.result.status !=3D OPTEE_SMC_RETURN_OK) { - pr_err("Secure Data Path service not available\n"); - return 0; - } + if (res.result.status =3D=3D OPTEE_SMC_RETURN_OK) + pool =3D tee_protmem_static_pool_alloc(res.result.start, + res.result.size); + } =20 - pool =3D tee_protmem_static_pool_alloc(res.result.start, - res.result.size); - if (IS_ERR(pool)) - return PTR_ERR(pool); + if (dyn_protm && IS_ERR(pool)) + pool =3D optee_protmem_alloc_cma_pool(optee, heap_id); =20 + if (!IS_ERR(pool)) { rc =3D tee_device_register_dma_heap(optee->teedev, heap_id, pool); if (rc) - goto err; + pool->ops->destroy_pool(pool); } =20 + if (rc && (protm || dyn_protm)) + pr_info("Protected memory service not available\n"); + return 0; -err: - pool->ops->destroy_pool(pool); - return rc; } =20 static int optee_probe(struct platform_device *pdev) @@ -1823,7 +1891,7 @@ static int optee_probe(struct platform_device *pdev) pr_info("Asynchronous notifications enabled\n"); } =20 - rc =3D optee_rstmem_pool_init(optee); + rc =3D optee_protmem_pool_init(optee); if (rc) goto err_notif_uninit; =20 --=20 2.43.0