Граф коммитов

30 Коммитов

Автор SHA1 Сообщение Дата
Jens Wiklander 492eb7afe8 tee: handle lookup of shm with reference count 0
commit dfd0743f1d upstream.

Since the tee subsystem does not keep a strong reference to its idle
shared memory buffers, it races with other threads that try to destroy a
shared memory through a close of its dma-buf fd or by unmapping the
memory.

In tee_shm_get_from_id() when a lookup in teedev->idr has been
successful, it is possible that the tee_shm is in the dma-buf teardown
path, but that path is blocked by the teedev mutex. Since we don't have
an API to tell if the tee_shm is in the dma-buf teardown path or not we
must find another way of detecting this condition.

Fix this by doing the reference counting directly on the tee_shm using a
new refcount_t refcount field. dma-buf is replaced by using
anon_inode_getfd() instead, this separates the life-cycle of the
underlying file from the tee_shm. tee_shm_put() is updated to hold the
mutex when decreasing the refcount to 0 and then remove the tee_shm from
teedev->idr before releasing the mutex. This means that the tee_shm can
never be found unless it has a refcount larger than 0.

Fixes: 967c9cca2c ("tee: generic TEE subsystem")
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Lars Persson <larper@axis.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reported-by: Patrik Lantz <patrik.lantz@axis.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-29 12:28:54 +01:00
Sumit Garg 376e4199e3 tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
Currently TEE_SHM_DMA_BUF flag has been inappropriately used to not
register shared memory allocated for private usage by underlying TEE
driver: OP-TEE in this case. So rather add a new flag as TEE_SHM_PRIV
that can be utilized by underlying TEE drivers for private allocation
and usage of shared memory.

With this corrected, allow tee_shm_alloc_kernel_buf() to allocate a
shared memory region without the backing of dma-buf.

Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Co-developed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2021-07-21 07:55:50 +02:00
Jens Wiklander dc7019b7d0 tee: add tee_shm_alloc_kernel_buf()
Adds a new function tee_shm_alloc_kernel_buf() to allocate shared memory
from a kernel driver. This function can later be made more lightweight
by unnecessary dma-buf export.

Cc: stable@vger.kernel.org
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2021-07-21 07:55:44 +02:00
John Hubbard 4300cd6374 tee: convert get_user_pages() --> pin_user_pages()
This code was using get_user_pages*(), in a "Case 2" scenario
(DMA/RDMA), using the categorization from [1]. That means that it's
time to convert the get_user_pages*() + put_page() calls to
pin_user_pages*() + unpin_user_pages() calls.

Factor out a new, small release_registered_pages() function, in
order to consolidate the logic for discerning between
TEE_SHM_USER_MAPPED and TEE_SHM_KERNEL_MAPPED pages. This also
absorbs the kfree() call that is also required there.

There is some helpful background in [2]: basically, this is a small
part of fixing a long-standing disconnect between pinning pages, and
file systems' use of those pages.

[1] Documentation/core-api/pin_user_pages.rst

[2] "Explicit pinning of user-space pages":
    https://lwn.net/Articles/807108/

Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: tee-dev@lists.linaro.org
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-08-25 11:01:06 +02:00
Arnd Bergmann 6d83d800b2 tee: remove unnecessary NULL check in tee_shm_alloc()
-----BEGIN PGP SIGNATURE-----
 
 iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAl6wUeAaHGplbnMud2lr
 bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJf6tBAAsbutLZ+40T5GTLyFRRvU
 24xT5U7lqGeUqgvNf4KPj5oS7SsjxgyPFaH7g/NPmOUvEBrIE3uT/YSFW4NnPTpH
 YxJN1zF2fRIvAHueEWJDjhjXHGMXeLV0hQCDiREZTf/+H85SqafydwQtMMef/1VL
 FuZn80xjc5rwZ4f9AkLQ+etT/Ou9oRj22NLYAqMgexMqTzXK0FBjeIoGK3Kc558/
 eqKNG7B3vPxud4QxeRwmpdeTptKyjEEg7QPGgYis0fj1cgy0St4aXPMf1jp+chUk
 sMO8ptEJte/GJ17gamK6IY6s7tKA3PhFX7iqP1panKMVSJpyZ2yXNSe+o7irvckn
 s/kj+bcqyGD67DPqaBWJ0lfq5W3F3lfEytOq4ToY2XhGiiFav/TgI0UQbtT3hwxk
 zjPMeo9F5o6sJkJar3gPdA86CnbQr/f6xUZPpUcY+cB8yoHHMjwVRyr6mjlgv2zG
 vgu/w1N5l+InTYiWrKVIAHzhp0kRlbocbSWt+Pnt9ir5y4DilUZ6m9Gc+IzRO9Yc
 XJXiJ1hK2RmUuEdO1KEmYJlODUcH8IFBLjccd3O3Nq0wpv5K4WGj7wGeDf2V+QUg
 8GYbS19cnLjMC1rIoxhNlQlOOAXcStr6lqTyHTr0UDSouxbh3pZ5fxD5rUWDfl0J
 JyWj/2RbsWBEi2zAOl96Dik=
 =Ap1I
 -----END PGP SIGNATURE-----

Merge tag 'tee-smatch-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers

tee: remove unnecessary NULL check in tee_shm_alloc()

* tag 'tee-smatch-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: remove unnecessary NULL check in tee_shm_alloc()

Link: https://lore.kernel.org/r/20200504181333.GA11018@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2020-05-25 16:56:33 +02:00
Sumit Garg 2a6ba3f794 tee: enable support to register kernel memory
Enable support to register kernel memory reference with TEE. This change
will allow TEE bus drivers to register memory references.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-04-20 15:49:56 +02:00
Dan Carpenter 1115899e7a tee: remove unnecessary NULL check in tee_shm_alloc()
Smatch complains that "ctx" isn't checked consistently:

    drivers/tee/tee_shm.c:164 tee_shm_alloc()
    warn: variable dereferenced before check 'ctx' (see line 95)

I audited the callers and "ctx" can't be NULL so the check can be
removed.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-04-20 13:12:01 +02:00
Jens Wiklander 758ecf13a4 tee: tee_shm_op_mmap(): use TEE_SHM_USER_MAPPED
tee_shm_op_mmap() uses the TEE_SHM_USER_MAPPED flag instead of the
TEE_SHM_REGISTER flag to tell if a shared memory object is originating
from registered user space memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-02-28 13:37:42 +01:00
Jens Wiklander 5271b2011e tee: remove redundant teedev in struct tee_shm
The ctx element in struct tee_shm is always valid. So remove the now
redundant teedev element.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-02-28 13:37:42 +01:00
Jens Wiklander f1bbacedb0 tee: don't assign shm id for private shms
Private shared memory object must not be referenced from user space. To
guarantee that, don't assign an id to shared memory objects which are
driver private.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-02-28 13:37:42 +01:00
Jens Wiklander c180f9bbe2 tee: remove unused tee_shm_priv_alloc()
tee_shm_priv_alloc() isn't useful in the current state and it's also not
not used so remove it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-02-28 13:37:42 +01:00
Jens Wiklander 59a135f6fb tee: remove linked list of struct tee_shm
Removes list_shm from struct tee_context since the linked list isn't used
any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-02-28 13:37:42 +01:00
Daniel Vetter 42aa7c6eb3 drm/tee_shm: Drop dma_buf_k(unmap) support
There's no in-tree users anymore.

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: tee-dev@lists.linaro.org
Link: https://patchwork.freedesktop.org/patch/msgid/20191118103536.17675-13-daniel.vetter@ffwll.ch
2019-11-25 22:36:25 +01:00
Andrey Konovalov 78063a9dd9 tee/shm: untag user pointers in tee_shm_register
This patch is a part of a series that extends kernel ABI to allow to pass
tagged user pointers (with the top byte set to something else other than
0x00) as syscall arguments.

tee_shm_register()->optee_shm_unregister()->check_mem_type() uses provided
user pointers for vma lookups (via __check_mem_type()), which can only by
done with untagged pointers.

Untag user pointers in this function.

Link: http://lkml.kernel.org/r/4b993f33196b3566ac81285ff8453219e2079b45.1563904656.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Felix Kuehling <Felix.Kuehling@amd.com>
Cc: Khalid Aziz <khalid.aziz@oracle.com>
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-09-25 17:51:41 -07:00
Thomas Gleixner 9c92ab6191 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
Based on 1 normalized pattern(s):

  this software is licensed under the terms of the gnu general public
  license version 2 as published by the free software foundation and
  may be copied distributed and modified under those terms this
  program is distributed in the hope that it will be useful but
  without any warranty without even the implied warranty of
  merchantability or fitness for a particular purpose see the gnu
  general public license for more details

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 285 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexios Zavras <alexios.zavras@intel.com>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141900.642774971@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-05 17:36:37 +02:00
Ira Weiny 73b0140bf0 mm/gup: change GUP fast to use flags rather than a write 'bool'
To facilitate additional options to get_user_pages_fast() change the
singular write parameter to be gup_flags.

This patch does not change any functionality.  New functionality will
follow in subsequent patches.

Some of the get_user_pages_fast() call sites were unchanged because they
already passed FOLL_WRITE or 0 for the write parameter.

NOTE: It was suggested to change the ordering of the get_user_pages_fast()
arguments to ensure that callers were converted.  This breaks the current
GUP call site convention of having the returned pages be the final
parameter.  So the suggestion was rejected.

Link: http://lkml.kernel.org/r/20190328084422.29911-4-ira.weiny@intel.com
Link: http://lkml.kernel.org/r/20190317183438.2057-4-ira.weiny@intel.com
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Mike Marshall <hubcap@omnibond.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Hogan <jhogan@kernel.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Rich Felker <dalias@libc.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-05-14 09:47:46 -07:00
Dave Airlie f4366e44ef drm-misc-next for 4.19:
Cross-subsystem Changes:
 - fix compile breakage on ION due to the dma-buf cleanups (Christian König)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbK4N3AAoJEEN0HIUfOBk00S0P/ikY6Xvkbjs4m6BkpFpuAguy
 n5biz7PgEc8xFsp7hs3rcax0U8cd/spJEOdvxhur18+RiEXwlT+9l2cn+7l++DjR
 uQ+bNHLlKSzX4weoj+MT/9U3gQmaOeVw8h2A8y0Un2fnM9Y+FWGR2PR75+Zl0Tl9
 Zfbj2Zzx84lg0YEoX+HUBcgBEZ3jAPED3Wax7oEgNo0gAXHSTPQxSeHPgr6U3jxn
 NwcawNd5huZhMJ8KyiieTs7DXrlPjHl/wU7ogjQLOVQN0xh26GlZMX5AAkJTIu21
 5trTNhV/EdKunbBJzt+RFQDslyFFwfSZM1DAuICbjrY10Hmuzkki7+MDxBprJMRj
 N9fkJqQUrot2XDisauCvCJ2QUKOVhTqwODx6iU7uvJa/kbCgTY/gY/yZHJ46DCTQ
 IVMUmoqxqA6eHrT7dyL2pvH5q6is5XjsrP8ehJ9m4zlcZDfRn7JwExY5kLKIEWtW
 vXBGatF4heZZznNuoo02TRLmiSZnfsYLdr1b1vpnxGvWiDL4FdQr7CIntRiw/qhy
 aj7dP+XaQoPAewkiK77FGLb44zgHtGvWQC/6L6+d20+X4/EoruMOesvoH8lCsL2c
 Ov3D9kORyjHQTNwW4BT6DdJRnnwdMuwlppT+z4jq51WoDIfwEn8lFZe1goRvn8o0
 GvR2rUgq259pFn9tnsEu
 =qsFF
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-next-2018-06-21' of git://anongit.freedesktop.org/drm/drm-misc into drm-next

drm-misc-next for 4.19:

UAPI Changes:
- Add writeback connector (Brian Starkey/Liviu Dudau)
- Add "content type" property to HDMI connectors (Stanislav Lisovskiy)

Cross-subsystem Changes:
- some devicetree Docs update
- fix compile breakage on ION due to the dma-buf cleanups (Christian König)

Core Changes:
- Reject over-sized allocation requests early (Chris Wilson)
- gem-fb-helper: Always do implicit sync (Daniel Vetter)
- dma-buf cleanups (Christian König)

Driver Changes:
- Fixes for the otm8009a panel driver (Philippe Cornu)
- Add Innolux TV123WAM panel driver support (Sandeep Panda)
- Move GEM BO to drm_framebuffer in few drivers (Daniel Stone)
- i915 pinning improvements (Chris Wilson)
- Stop consulting plane->fb/crtc in a few drivers (Ville Syrjälä)

Signed-off-by: Dave Airlie <airlied@redhat.com>

Link: https://patchwork.freedesktop.org/patch/msgid/20180621105428.GA20795@juma
2018-06-22 12:58:08 +10:00
Christian König f664a52695 dma-buf: remove kmap_atomic interface
Neither used nor correctly implemented anywhere. Just completely remove
the interface.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: https://patchwork.freedesktop.org/patch/226645/
2018-06-20 15:59:34 +02:00
Jann Horn bb765d1c33 tee: shm: fix use-after-free via temporarily dropped reference
Bump the file's refcount before moving the reference into the fd table,
not afterwards. The old code could drop the file's refcount to zero for a
short moment before calling get_file() via get_dma_buf().

This code can only be triggered on ARM systems that use Linaro's OP-TEE.

Fixes: 967c9cca2c ("tee: generic TEE subsystem")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-05-07 11:50:25 +02:00
Dan Carpenter 2490cdf643 tee: shm: Potential NULL dereference calling tee_shm_register()
get_user_pages_fast() can return zero in certain error paths.  We should
handle that or else it means we accidentally return ERR_PTR(0) which is
NULL instead of an error pointer.  The callers are not expecting that
and will crash with a NULL dereference.

Fixes: 033ddf12bc ("tee: add register user memory")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-01-09 14:34:00 +01:00
Colin Ian King c94f31b526 tee: shm: don't put_page on null shm->pages
In the case that shm->pages fails to allocate, the current exit
error path will try to put_page on a null shm->pages and cause
a null pointer dereference when accessing shm->pages[n]. Fix this
by only performing the put_page and kfree on shm->pages if it
is not null.

Detected by CoverityScan, CID#1463283 ("Dereference after null check")

Fixes: 033ddf12bc ("tee: add register user memory")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-28 22:20:10 +01:00
Colin Ian King 80ec6f5de6 tee: shm: make function __tee_shm_alloc static
The function __tee_shm_alloc is local to the source and does
not need to be in global scope, so make it static.

Cleans up sparse warning:
symbol '__tee_shm_alloc' was not declared. Should it be static?

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-28 22:19:57 +01:00
Jens Wiklander 95ffe4ca43 tee: add start argument to shm_register callback
Adds a start argument to the shm_register callback to allow the callback
to check memory type of the passed pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-28 10:08:00 +01:00
Volodymyr Babchuk ef8e08d24c tee: shm: inline tee_shm_get_id()
Now, when struct tee_shm is defined in public header,
we can inline small getter functions like this one.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:36:21 +01:00
Volodymyr Babchuk 217e0250cc tee: use reference counting for tee_context
We need to ensure that tee_context is present until last
shared buffer will be freed.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:36:18 +01:00
Jens Wiklander 033ddf12bc tee: add register user memory
Added new ioctl to allow users register own buffers as a shared memory.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: moved tee_shm_is_registered() declaration]
[jw: added space after __tee_shm_alloc() implementation]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:32:20 +01:00
Jens Wiklander e2aca5d892 tee: flexible shared memory pool creation
Makes creation of shm pools more flexible by adding new more primitive
functions to allocate a shm pool. This makes it easier to add driver
specific shm pool management.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
2017-12-15 12:37:29 +01:00
Arvind Yadav 53e3ca5cee tee: tee_shm: Constify dma_buf_ops structures.
dma_buf_ops are not supposed to change at runtime. All functions
working with dma_buf_ops provided by <linux/dma-buf.h> work with
const dma_buf_ops. So mark the non-const structs as const.

File size before:
   text	   data	    bss	    dec	    hex	filename
   2026	    112	      0	   2138	    85a	drivers/tee/tee_shm.o

File size After adding 'const':
   text	   data	    bss	    dec	    hex	filename
   2138	      0	      0	   2138	    85a	drivers/tee/tee_shm.o

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-08-04 10:30:27 +02:00
Linus Torvalds a2d9214c73 TEE driver infrastructure and OP-TEE drivers
This branch introduces a generic TEE framework in the kernel, to handle
 trusted environemtns (security coprocessor or software implementations
 such as OP-TEE/TrustZone). I'm sending it separately from the other
 arm-soc driver changes to give it a little more visibility, once
 the subsystem is merged, we will likely keep this in the arm₋soc
 drivers branch or have the maintainers submit pull requests directly,
 depending on the patch volume.
 
 I have reviewed earlier versions in the past, and have reviewed
 the latest version in person during Linaro Connect BUD17.
 
 Here is my overall assessment of the subsystem:
 
 * There is clearly demand for this, both for the generic
   infrastructure and the specific OP-TEE implementation.
 
 * The code has gone through a large number of reviews,
   and the review comments have all been addressed, but
   the reviews were not coming up with serious issues any more
   and nobody volunteered to vouch for the quality.
 
 * The user space ioctl interface is sufficient to work with the
   OP-TEE driver, and it should in principle work with other
   TEE implementations that follow the GlobalPlatform[1] standards,
   but it might need to be extended in minor ways depending on
   specific requirements of future TEE implementations
 
 * The main downside of the API to me is how the user space
   is tied to the TEE implementation in hardware or firmware,
   but uses a generic way to communicate with it. This seems
   to be an inherent problem with what it is trying to do,
   and I could not come up with any better solution than what
   is implemented here.
 
 For a detailed history of the patch series, see
 https://lkml.org/lkml/2017/3/10/1277
 
 Conflicts: needs a fixup after the drm tree was merged, see
 https://patchwork.kernel.org/patch/9691679/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAWRIRzWCrR//JCVInAQLKUhAAiJaBqb4uv5wDWKw8MVV5BbFjq6po/eMK
 r3lgwyBGoRnrYiXo0z2eYNqpHsmNIGrL21qYMzaBGhVeaOOVPZT4q3zH+Se9Oo+J
 HHZZ4J6Q9kDIUy9WkM7ybHVj3C0kQIn7H+/6zi2L97tMQJMZHI0jCSgDa6XPqHzh
 G/vqVx5jlaFj6SvkLR0L0yWTe0wXTHoyObSCWsM/nV8AiTNhMD3kcTEOm0XHcAJB
 k8ei/Pw2INOFZu1B0xpoRkWoAo6YKMcxQp9kiMkcEhChPIkNK+8+npYJ3fiogsii
 BVTXC9Km2jmUfQ21Pegd2XbqzNGU1rJSdHGTyK2Oax+0J+C8xElGMs8U9tqXPqun
 fWkSp0dl7Sk0f9Yhc8JBD1Tsbuo0H+TsMtQ6RNvlxLiNHE/5/bZBCeylvtoUyI+m
 NcvP0x5QeBmkitz7zhYpjaSv5HjZG3PPO3pfaz0Stmen5ZM8DWB1TaS1Nn9MigHt
 RGXlafc6dKybQQBLWDwStv7IkqDRYte+7pwmx+QFCRWj8+uFtTCDPLyaDUTwlErL
 n4ztUL1RWiq48S+yJDJURM4mLpEMnJFFF4tiiHH8eUe2JE+CXwGxkT6BG62W71Oy
 RosiJ84LmdoHRyHx6xmqpoDcL1WG57IgWt05SRUkQatA/ealGX88gguGEAWsPL0h
 cnKPYkiYfug=
 =VzpB
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-tee' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull TEE driver infrastructure and OP-TEE drivers from Arnd Bergmann:
 "This introduces a generic TEE framework in the kernel, to handle
  trusted environemtns (security coprocessor or software implementations
  such as OP-TEE/TrustZone). I'm sending it separately from the other
  arm-soc driver changes to give it a little more visibility, once the
  subsystem is merged, we will likely keep this in the arm₋soc drivers
  branch or have the maintainers submit pull requests directly,
  depending on the patch volume.

  I have reviewed earlier versions in the past, and have reviewed the
  latest version in person during Linaro Connect BUD17.

  Here is my overall assessment of the subsystem:

   - There is clearly demand for this, both for the generic
     infrastructure and the specific OP-TEE implementation.

   - The code has gone through a large number of reviews, and the review
     comments have all been addressed, but the reviews were not coming
     up with serious issues any more and nobody volunteered to vouch for
     the quality.

   - The user space ioctl interface is sufficient to work with the
     OP-TEE driver, and it should in principle work with other TEE
     implementations that follow the GlobalPlatform[1] standards, but it
     might need to be extended in minor ways depending on specific
     requirements of future TEE implementations

   - The main downside of the API to me is how the user space is tied to
     the TEE implementation in hardware or firmware, but uses a generic
     way to communicate with it. This seems to be an inherent problem
     with what it is trying to do, and I could not come up with any
     better solution than what is implemented here.

  For a detailed history of the patch series, see

    https://lkml.org/lkml/2017/3/10/1277"

* tag 'armsoc-tee' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  arm64: dt: hikey: Add optee node
  Documentation: tee subsystem and op-tee driver
  tee: add OP-TEE driver
  tee: generic TEE subsystem
  dt/bindings: add bindings for optee
2017-05-10 11:20:09 -07:00
Jens Wiklander 967c9cca2c tee: generic TEE subsystem
Initial patch for generic TEE subsystem.
This subsystem provides:
* Registration/un-registration of TEE drivers.
* Shared memory between normal world and secure world.
* Ioctl interface for interaction with user space.
* Sysfs implementation_id of TEE driver

A TEE (Trusted Execution Environment) driver is a driver that interfaces
with a trusted OS running in some secure environment, for example,
TrustZone on ARM cpus, or a separate secure co-processor etc.

The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.

This patch builds on other similar implementations trying to solve
the same problem:
* "optee_linuxdriver" by among others
  Jean-michel DELORME<jean-michel.delorme@st.com> and
  Emmanuel MICHEL <emmanuel.michel@st.com>
* "Generic TrustZone Driver" by Javier González <javier@javigon.com>

Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-03-09 15:42:33 +01:00