From patchwork Wed Nov 8 12:47:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Wiklander X-Patchwork-Id: 118250 Delivered-To: patches@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5242578qgn; Wed, 8 Nov 2017 04:48:02 -0800 (PST) X-Received: by 10.46.101.4 with SMTP id z4mr200398ljb.42.1510145282511; Wed, 08 Nov 2017 04:48:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510145282; cv=none; d=google.com; s=arc-20160816; b=q7SJ0EQjKinz8BHofPEm/j1DOU9ECL2ZZzlB4AX+aNSfheruqrOenZ1PaYNWd7JAto PaQt6If65RLXvBz2qt7N+ymG9X9Fa3iTAd1kBYOlFyOnoN103QCXO7btYXSdQfwFgJnJ +gWLkXTSEFHL0o1oLKmWuS1sw7WqDP3Ykb9KG8zW/Htj2lpyVGumjvrC4uevfx8i3/Uo rNapThia1v3bKX9BhC+bjITzXRqOjzhiMOIh+cLQz1wBRX2JHU4lXXNU+7IPKd9LpqW4 Juv+Ejw0BB/0uzxKMFkgMdnWMhIhSOWhTo3SRYMc3tdy4HcQKj/E66YshBlyZWQW0FPh Mikg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=mSo6yKgh7N0IqFVDF75e/sjQ7W6F2AlEX4kmNsHCRrs=; b=lx/UGf1+rsFooR3JEWUDC7Ni/MVIzDJciQOUgxxXwEudMNQ0h1srawb+0BDtG1lx78 ZNIuJgLeXmgdguAHTfr82vuL1judaOH1lMaXW9+p9NcnL4s5lBK3ifDGDdaziiHuO4rR q/JHiPbvQWFkJ+O970CFioH0HFHtuTcn1COsXQvN3jf/xJCRL/pZZm11LiUmIkrNkI1/ 4IPrfksHdGHusIx09HdOUqHZtvo+N3rPAjBrqVizqA5hT8KXY0JpkKh4MC9aXFNpk5Sw LsJPa0PXpFMKCmNgbbWR01Dc9GQuOf86ALQ1R4+7pAckZaTKRqhlAfYPw7FRYR4SQRYF sD9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=L6AKUPBH; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id b16sor680034lfe.21.2017.11.08.04.48.02 for (Google Transport Security); Wed, 08 Nov 2017 04:48:02 -0800 (PST) Received-SPF: pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=L6AKUPBH; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mSo6yKgh7N0IqFVDF75e/sjQ7W6F2AlEX4kmNsHCRrs=; b=L6AKUPBHhl87tDswWMVb5ZNoZkUWw6a9X4UQ8IkuTclobe7K3+7TvJEuYnE1yRVWiy 12blcGNpaumr4mAtoUOCwDDzXjXec5PwiIRgqgQOFbaaevFF6WwFBhcCMtQzP8ce+GzY FNwYrvMgJGHEYaBgyQtNle4JtdwqMmh540t0A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mSo6yKgh7N0IqFVDF75e/sjQ7W6F2AlEX4kmNsHCRrs=; b=W0RwGyQb2fhONjIJ/yRhsog1S4EfhLPVjDrqn5ezV+vReFS0zUsZAIPhPPHNNYShoy SPuPdSVJFb7qg+/sQ2Q5PifY89cqQr3IUt2hPcFubtJSDeoSWBM/t2O9vfCZbKibrjlW oX4DDFBGTzXiiz2tPPahFVzeMriQpTlno0gZi5q4+pQNlHYD0fC+nWWrvvVg//Q/qqkQ Fq0pTKLxYeTCvhm9tdtKCkh/fVvnMYygBQu6fm4o3/wYdwF92d5ZJVOE0phxZym8y3T6 ZK53u0tQAwjRuxxCi2IE9rc9lN9NuC+R5Wldvym55j5roY2WOg3U7bYzCDSgIRMeba5l Stnw== X-Gm-Message-State: AJaThX4WB5AqkBLsBoHHPX3cmVMkftZzFRk6ZXhNJzSeYI2+6efYD2aW f7v8z2gBzUuymrDO0fCLvclsjeYEl488Xg== X-Google-Smtp-Source: AGs4zMbuILQ4yUblqAmmOPUBzJbdMKW5Z5eDubYbqHgyktLASjVQqsZfXxhimtci5it93QfCGLf4sA== X-Received: by 10.25.42.84 with SMTP id f81mr160750lfl.258.1510145282163; Wed, 08 Nov 2017 04:48:02 -0800 (PST) Return-Path: Received: from jax.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id x7sm658479lff.91.2017.11.08.04.48.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Nov 2017 04:48:01 -0800 (PST) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org Cc: Jens Wiklander Subject: [PATCH 1/3] tee: add tee_param_is_memref() for driver use Date: Wed, 8 Nov 2017 13:47:50 +0100 Message-Id: <1510145272-14842-2-git-send-email-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> References: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere Signed-off-by: Jens Wiklander --- drivers/tee/tee_core.c | 16 ++-------------- include/linux/tee_drv.h | 12 ++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) -- 2.7.4 diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 58a5009eacc3..c78104589e42 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -221,18 +221,6 @@ static int params_to_user(struct tee_ioctl_param __user *uparams, return 0; } -static bool param_is_memref(struct tee_param *param) -{ - switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { - case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: - case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: - case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: - return true; - default: - return false; - } -} - static int tee_ioctl_open_session(struct tee_context *ctx, struct tee_ioctl_buf_data __user *ubuf) { @@ -296,7 +284,7 @@ static int tee_ioctl_open_session(struct tee_context *ctx, if (params) { /* Decrease ref count for all valid shared memory pointers */ for (n = 0; n < arg.num_params; n++) - if (param_is_memref(params + n) && + if (tee_param_is_memref(params + n) && params[n].u.memref.shm) tee_shm_put(params[n].u.memref.shm); kfree(params); @@ -358,7 +346,7 @@ static int tee_ioctl_invoke(struct tee_context *ctx, if (params) { /* Decrease ref count for all valid shared memory pointers */ for (n = 0; n < arg.num_params; n++) - if (param_is_memref(params + n) && + if (tee_param_is_memref(params + n) && params[n].u.memref.shm) tee_shm_put(params[n].u.memref.shm); kfree(params); diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index cb889afe576b..f4a0ac05ebb4 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -275,4 +275,16 @@ int tee_shm_get_id(struct tee_shm *shm); */ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id); +static inline bool tee_param_is_memref(struct tee_param *param) +{ + switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: + return true; + default: + return false; + } +} + #endif /*__TEE_DRV_H*/ From patchwork Wed Nov 8 12:47:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Wiklander X-Patchwork-Id: 118251 Delivered-To: patches@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5242602qgn; Wed, 8 Nov 2017 04:48:03 -0800 (PST) X-Received: by 10.46.43.69 with SMTP id q66mr194234lje.104.1510145283847; Wed, 08 Nov 2017 04:48:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510145283; cv=none; d=google.com; s=arc-20160816; b=XyF83UsT900NUZVxBOB4D/Ap90T2ihlVLh5RuySxQ/uqAbZ85oLGWdy6fctWh30VSh 0KC0lvriwUx8viSVWW4wum+JpgxOmIl4GnPE9drBCk4prRi7IYlZzeqarhlEt/4dFJjR p73mczEoHi0zAcIJAJm6LbtqVw5+P7lmAeNaqgNWbFGxqVRrTyWDDh51wxml8jU3qKjB QzCAWfxpYolyVLeHjAthjigf5urRF4978BrkKLoIr8eCk0LnhonkjNW48V4KqlxI2hea 9vtNVcDKxkVMfzq25k8+fcQB+zt3bHw/iJJPBTgzPUaDzUNtpzSp/SzYfKnKhFkw93b5 WYnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=ykIrWsbzHRtB9yN7jykoSPMPKWQypeiKJLlvSxF+1mk=; b=b4sJjlArPdlGJJfishvqitSylBSePoxRUxA3IfQ8YZuzr8ypS6ni52ZfroZFi7cYjg roUa4lDhQOSglhaJFXfy5gYYE3oR16+Lk5jcxyvZwpAJ2k40eQpOVhMMbEBV5qcsbv42 TwEOcJb8sXrNXLGglEBjUHdy6jW2zY5Vh2v/enAOPelziJ4X2pqKcdw9O/9M3sLQSpyB vRkE8K24fyyZFknD+PfZxI31L+xqHQrcWq1UTILFLWLlCr889ZJMrONiWnOLzxtYsd8o r0D0wnXuG/wVtNz7/Iz4uAhQorIffGcRuXlMeY5Vn6Ba6VV56GPSu3KZrT+oo1a6wpf3 VwgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gNKgH/1q; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id e73sor146587lfi.105.2017.11.08.04.48.03 for (Google Transport Security); Wed, 08 Nov 2017 04:48:03 -0800 (PST) Received-SPF: pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gNKgH/1q; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ykIrWsbzHRtB9yN7jykoSPMPKWQypeiKJLlvSxF+1mk=; b=gNKgH/1qh5UyqAZwgvow8LnumZAtmD1wfHjIH69XnLf/ermgaRzPnt0f4xu1g2UUDm O46f2ng0e1NlBwPEaI+IqmTb5xY4+/4D8nib/7bpP/HLV89H15vyUVNU2JaGRv3h8qc4 yvQ9/wrTUp23fObYkAFb/gzZVFdLm5aYBkJmQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ykIrWsbzHRtB9yN7jykoSPMPKWQypeiKJLlvSxF+1mk=; b=oKIeDkKMf9HqtkIfZhiv5Um78kSbujgDlUC64S/K8y548ZvIaua1fVCZyIpZSzcnjb rvnsrcJBDaDeULA2i/Dh60H5f/GxPJ2RUUvhcsdPWbOLGGGNq59TeA38ttIa1KQqg2Sn h4iTexuhFx4HlGClEEEJ4dFnLX62EYHlBxFG+iqOB0/QT0yVsM6gtB16Pt0tkV/8b+eU eFRZkRZ42MnVpMSMoEMmbWQI4PNyu/dZoSPEsM6nY8YsZuHiqW+MP1pBfDcP+cBfdOpN txNjeosEN95AzLS/1Akx1BuXrHDHCpQVOpmwBKzi7Fm3O2pnsPy/QO8mqZOP9zAlNbH2 kiFA== X-Gm-Message-State: AJaThX6Tan4S0DCmw9/amFoW0s0TU7a/TIfNdfvbm5BEr+AnxTkbTlu6 P7jSYV6S8VjfmSBaTyitdB+O4j3X X-Google-Smtp-Source: ABhQp+RKcbrmaxOBbPOMSrT+obfneMzijImwDJDLxik3+Rp558d5E/AWBbHHYGb21FhITd+K//M/TQ== X-Received: by 10.25.20.167 with SMTP id 39mr132153lfu.261.1510145283480; Wed, 08 Nov 2017 04:48:03 -0800 (PST) Return-Path: Received: from jax.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id x7sm658479lff.91.2017.11.08.04.48.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Nov 2017 04:48:02 -0800 (PST) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org Cc: Jens Wiklander Subject: [PATCH 2/3] tee: add TEE_IOCTL_PARAM_ATTR_META Date: Wed, 8 Nov 2017 13:47:51 +0100 Message-Id: <1510145272-14842-3-git-send-email-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> References: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> Adds TEE_IOCTL_PARAM_ATTR_META which can be used to indicate meta parameters when communicating with user space. These meta parameters can be used by supplicant support multiple parallel requests at a time. Reviewed-by: Etienne Carriere Signed-off-by: Jens Wiklander --- drivers/tee/optee/supp.c | 25 +++++++++++++++++++++++++ drivers/tee/tee_core.c | 16 ++++++++++------ include/uapi/linux/tee.h | 7 +++++++ 3 files changed, 42 insertions(+), 6 deletions(-) -- 2.7.4 diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c index b4ea0678a436..56aa8b929b8c 100644 --- a/drivers/tee/optee/supp.c +++ b/drivers/tee/optee/supp.c @@ -119,6 +119,27 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, return ret; } +static int supp_check_recv_params(size_t num_params, struct tee_param *params) +{ + size_t n; + + /* + * If there's memrefs we need to decrease those as they where + * increased earlier and we'll even refuse to accept any below. + */ + for (n = 0; n < num_params; n++) + if (tee_param_is_memref(params + n) && params[n].u.memref.shm) + tee_shm_put(params[n].u.memref.shm); + + /* + * We only expect parameters as TEE_IOCTL_PARAM_ATTR_TYPE_NONE (0). + */ + for (n = 0; n < num_params; n++) + if (params[n].attr) + return -EINVAL; + return 0; +} + /** * optee_supp_recv() - receive request for supplicant * @ctx: context receiving the request @@ -137,6 +158,10 @@ int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, struct optee_supp *supp = &optee->supp; int rc; + rc = supp_check_recv_params(*num_params, param); + if (rc) + return rc; + /* * In case two threads in one supplicant is calling this function * simultaneously we need to protect the data with a mutex which diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index c78104589e42..4d0ce606f0fc 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -152,11 +152,11 @@ static int params_from_user(struct tee_context *ctx, struct tee_param *params, return -EFAULT; /* All unused attribute bits has to be zero */ - if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) + if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) return -EINVAL; params[n].attr = ip.attr; - switch (ip.attr) { + switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: break; @@ -394,8 +394,8 @@ static int params_to_supp(struct tee_context *ctx, struct tee_ioctl_param ip; struct tee_param *p = params + n; - ip.attr = p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK; - switch (p->attr) { + ip.attr = p->attr; + switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: ip.a = p->u.value.a; @@ -459,6 +459,10 @@ static int tee_ioctl_supp_recv(struct tee_context *ctx, if (!params) return -ENOMEM; + rc = params_from_user(ctx, params, num_params, uarg->params); + if (rc) + goto out; + rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); if (rc) goto out; @@ -488,11 +492,11 @@ static int params_from_supp(struct tee_param *params, size_t num_params, return -EFAULT; /* All unused attribute bits has to be zero */ - if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) + if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) return -EINVAL; p->attr = ip.attr; - switch (ip.attr) { + switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: /* Only out and in/out values can be updated */ diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 688782e90140..267c12e7fd79 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -154,6 +154,13 @@ struct tee_ioctl_buf_data { */ #define TEE_IOCTL_PARAM_ATTR_TYPE_MASK 0xff +/* Meta parameter carrying extra information about the message. */ +#define TEE_IOCTL_PARAM_ATTR_META 0x100 + +/* Mask of all known attr bits */ +#define TEE_IOCTL_PARAM_ATTR_MASK \ + (TEE_IOCTL_PARAM_ATTR_TYPE_MASK | TEE_IOCTL_PARAM_ATTR_META) + /* * Matches TEEC_LOGIN_* in GP TEE Client API * Are only defined for GP compliant TEEs From patchwork Wed Nov 8 12:47:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Wiklander X-Patchwork-Id: 118252 Delivered-To: patches@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5242641qgn; Wed, 8 Nov 2017 04:48:05 -0800 (PST) X-Received: by 10.25.205.198 with SMTP id d189mr149301lfg.48.1510145285624; Wed, 08 Nov 2017 04:48:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510145285; cv=none; d=google.com; s=arc-20160816; b=DAlxhx1FgteCYnLjAjZ4lf/RBE1thoFMflDp9d2vAgq+YIxBokgmjxYFZHX/kM/f6L x+0rsTmhp7N0bDP6eLQLMoXSrCJkZBOutbS1o5f71ryIwgZfBaUakXeKNr7YftrrBKDj H/OtVdPsyGB6amkqPucbmRYYH17LFmWk2rYo7rnfai+S5MlU+7oTj0x6fhXlO+gnp8Zi Yp5myEOoTMytafTPTPOrzDw3sTt8+xtddgLzCh1Cgfcu0Kft39DlV0eJdv/E+EM39MvE KyLFWNsO8/sMvkCGpJFarEcl5xNH1CTYV6xjMReU1INUOeFLe4OiTKU34Vuzq7gA3lbo QVVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=aUGSgOxhPndiXyXXEb71Ne8KHU4JNUGowD7ZoxYSn2o=; b=VTYtUvQlsv4LO0tOOVYKfohDmDeFmJoaZOGCsBsFRJMb2e4vpe4+uOHKIqfA4U6G+c Ce8kF825SDqkessgY7OIYRI4DGev8X93N++9wOirjTylBqSqW9f/OD7QK/4xkqiTAWIs XH8rgMEmkeVAIIx30aNP0LRuq5p2fzp24p7pgHjNrpYQzLrluQ4lNIyqRPhXVRwefALO dqRv3p3mF6HwIjreWp7uM9YGIJZ/BaCmm/asKPnQhN+Cd1xQMswJQteCBZK0nO9hOpyc e4xhP4qcufeLOFre8p+sro4ma6lb4R/3jul/y20adc06bbXxdFvYdqpRT7OLwbO3mUrw yEXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PtINkCKF; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 77sor657155ljj.75.2017.11.08.04.48.05 for (Google Transport Security); Wed, 08 Nov 2017 04:48:05 -0800 (PST) Received-SPF: pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PtINkCKF; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=aUGSgOxhPndiXyXXEb71Ne8KHU4JNUGowD7ZoxYSn2o=; b=PtINkCKF6CkEwaDw2DARaaGe0eErjNSORounAJkktrmKyW/yehV8ciSjZzTEagbfYR 9Gdfrce4hDOjMI03BufUZHOjOm3sO+YZnrynKpLfSqd9WCXzY9nGAHsc5/zGzl+yv9TA z3lE+Emhu8FcCvJ/pmi++lLF5+59d5lXW9hdM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=aUGSgOxhPndiXyXXEb71Ne8KHU4JNUGowD7ZoxYSn2o=; b=UhKVA9P0CqEanq4RavUbIJc4/x2qdFWWQiSyMzNQDgLoRhMgMsU6150f6bqjv0KsK9 3Y7oJUG2SnvYUYcxmrxP7g5ZJ+D3AOZD4ZFv2ynu2PRLLvQv/nSLTUBRmFIrzfxC2yUE ZWS/ppMRrhPqsLhmkxs4uYSp94LNm2225u8KwNTueVJWba1XM9Bv9mck3Kb331TcXSF8 7C61Gu/9ubrXNKoe+iPVpHe4+WFt9sW1ls5kbqgO0TUJ5FPbicz/wGbLZW1qWLK/AbOp lrR17avJn/tlBwZTw7ubcw3ahNjckmxdxiqNrFPcvxFyCtTWnEUW5o9U7PFetn+seMpj 2sRA== X-Gm-Message-State: AJaThX5YXS5EfAeUpJgklvLcX8Gcf4B/IM52UCwOha4B4SHhan+K9Kf/ 92GCquR+fCw+FyrR06764c1ewVvX X-Google-Smtp-Source: ABhQp+SAGW4YcgKJ6YGHC81yMASxV+v4UZfpTpp8jvuU1KsITkm/ACv7X5T//7+bF6A1OWP/3ndE7g== X-Received: by 10.46.4.29 with SMTP id 29mr220517lje.82.1510145285000; Wed, 08 Nov 2017 04:48:05 -0800 (PST) Return-Path: Received: from jax.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id x7sm658479lff.91.2017.11.08.04.48.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Nov 2017 04:48:04 -0800 (PST) From: Jens Wiklander To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org Cc: Jens Wiklander Subject: [PATCH 3/3] optee: support asynchronous supplicant requests Date: Wed, 8 Nov 2017 13:47:52 +0100 Message-Id: <1510145272-14842-4-git-send-email-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> References: <1510145272-14842-1-git-send-email-jens.wiklander@linaro.org> Adds support for asynchronous supplicant requests, meaning that the supplicant can process several requests in parallel or block in a request for some time. Acked-by: Etienne Carriere Tested-by: Etienne Carriere (b2260 pager=y/n) Signed-off-by: Jens Wiklander --- drivers/tee/optee/core.c | 11 +- drivers/tee/optee/optee_private.h | 43 ++--- drivers/tee/optee/rpc.c | 4 +- drivers/tee/optee/supp.c | 358 +++++++++++++++++++++++--------------- 4 files changed, 243 insertions(+), 173 deletions(-) -- 2.7.4 diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 7952357df9c8..b7492da92567 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -187,12 +187,12 @@ static int optee_open(struct tee_context *ctx) if (teedev == optee->supp_teedev) { bool busy = true; - mutex_lock(&optee->supp.ctx_mutex); + mutex_lock(&optee->supp.mutex); if (!optee->supp.ctx) { busy = false; optee->supp.ctx = ctx; } - mutex_unlock(&optee->supp.ctx_mutex); + mutex_unlock(&optee->supp.mutex); if (busy) { kfree(ctxdata); return -EBUSY; @@ -252,11 +252,8 @@ static void optee_release(struct tee_context *ctx) ctx->data = NULL; - if (teedev == optee->supp_teedev) { - mutex_lock(&optee->supp.ctx_mutex); - optee->supp.ctx = NULL; - mutex_unlock(&optee->supp.ctx_mutex); - } + if (teedev == optee->supp_teedev) + optee_supp_release(&optee->supp); } static const struct tee_driver_ops optee_ops = { diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index c374cd594314..3e7da187acbe 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -53,36 +53,24 @@ struct optee_wait_queue { * @ctx the context of current connected supplicant. * if !NULL the supplicant device is available for use, * else busy - * @ctx_mutex: held while accessing @ctx - * @func: supplicant function id to call - * @ret: call return value - * @num_params: number of elements in @param - * @param: parameters for @func - * @req_posted: if true, a request has been posted to the supplicant - * @supp_next_send: if true, next step is for supplicant to send response - * @thrd_mutex: held by the thread doing a request to supplicant - * @supp_mutex: held by supplicant while operating on this struct - * @data_to_supp: supplicant is waiting on this for next request - * @data_from_supp: requesting thread is waiting on this to get the result + * @mutex: held while accessing content of this struct + * @req_id: current request id if supplicant is doing synchronous + * communication, else -1 + * @reqs: queued request not yet retrieved by supplicant + * @idr: IDR holding all requests currently being processed + * by supplicant + * @reqs_c: completion used by supplicant when waiting for a + * request to be queued. */ struct optee_supp { + /* Serializes access to this struct */ + struct mutex mutex; struct tee_context *ctx; - /* Serializes access of ctx */ - struct mutex ctx_mutex; - - u32 func; - u32 ret; - size_t num_params; - struct tee_param *param; - - bool req_posted; - bool supp_next_send; - /* Serializes access to this struct for requesting thread */ - struct mutex thrd_mutex; - /* Serializes access to this struct for supplicant threads */ - struct mutex supp_mutex; - struct completion data_to_supp; - struct completion data_from_supp; + + int req_id; + struct list_head reqs; + struct idr idr; + struct completion reqs_c; }; /** @@ -142,6 +130,7 @@ int optee_supp_read(struct tee_context *ctx, void __user *buf, size_t len); int optee_supp_write(struct tee_context *ctx, void __user *buf, size_t len); void optee_supp_init(struct optee_supp *supp); void optee_supp_uninit(struct optee_supp *supp); +void optee_supp_release(struct optee_supp *supp); int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, struct tee_param *param); diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index cef417f4f4d2..c6df4317ca9f 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -192,10 +192,10 @@ static struct tee_shm *cmd_alloc_suppl(struct tee_context *ctx, size_t sz) if (ret) return ERR_PTR(-ENOMEM); - mutex_lock(&optee->supp.ctx_mutex); + mutex_lock(&optee->supp.mutex); /* Increases count as secure world doesn't have a reference */ shm = tee_shm_get_from_id(optee->supp.ctx, param.u.value.c); - mutex_unlock(&optee->supp.ctx_mutex); + mutex_unlock(&optee->supp.mutex); return shm; } diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c index 56aa8b929b8c..df35fc01fd3e 100644 --- a/drivers/tee/optee/supp.c +++ b/drivers/tee/optee/supp.c @@ -16,21 +16,61 @@ #include #include "optee_private.h" +struct optee_supp_req { + struct list_head link; + + bool busy; + u32 func; + u32 ret; + size_t num_params; + struct tee_param *param; + + struct completion c; +}; + void optee_supp_init(struct optee_supp *supp) { memset(supp, 0, sizeof(*supp)); - mutex_init(&supp->ctx_mutex); - mutex_init(&supp->thrd_mutex); - mutex_init(&supp->supp_mutex); - init_completion(&supp->data_to_supp); - init_completion(&supp->data_from_supp); + mutex_init(&supp->mutex); + init_completion(&supp->reqs_c); + idr_init(&supp->idr); + INIT_LIST_HEAD(&supp->reqs); + supp->req_id = -1; } void optee_supp_uninit(struct optee_supp *supp) { - mutex_destroy(&supp->ctx_mutex); - mutex_destroy(&supp->thrd_mutex); - mutex_destroy(&supp->supp_mutex); + mutex_destroy(&supp->mutex); + idr_destroy(&supp->idr); +} + +void optee_supp_release(struct optee_supp *supp) +{ + int id; + struct optee_supp_req *req; + struct optee_supp_req *req_tmp; + + mutex_lock(&supp->mutex); + + /* Abort all request retrieved by supplicant */ + idr_for_each_entry(&supp->idr, req, id) { + req->busy = false; + idr_remove(&supp->idr, id); + req->ret = TEEC_ERROR_COMMUNICATION; + complete(&req->c); + } + + /* Abort all queued requests */ + list_for_each_entry_safe(req, req_tmp, &supp->reqs, link) { + list_del(&req->link); + req->ret = TEEC_ERROR_COMMUNICATION; + complete(&req->c); + } + + supp->ctx = NULL; + supp->req_id = -1; + + mutex_unlock(&supp->mutex); } /** @@ -44,53 +84,42 @@ void optee_supp_uninit(struct optee_supp *supp) */ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, struct tee_param *param) + { - bool interruptable; struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_supp *supp = &optee->supp; + struct optee_supp_req *req = kzalloc(sizeof(*req), GFP_KERNEL); + bool interruptable; u32 ret; - /* - * Other threads blocks here until we've copied our answer from - * supplicant. - */ - while (mutex_lock_interruptible(&supp->thrd_mutex)) { - /* See comment below on when the RPC can be interrupted. */ - mutex_lock(&supp->ctx_mutex); - interruptable = !supp->ctx; - mutex_unlock(&supp->ctx_mutex); - if (interruptable) - return TEEC_ERROR_COMMUNICATION; - } + if (!req) + return TEEC_ERROR_OUT_OF_MEMORY; - /* - * We have exclusive access now since the supplicant at this - * point is either doing a - * wait_for_completion_interruptible(&supp->data_to_supp) or is in - * userspace still about to do the ioctl() to enter - * optee_supp_recv() below. - */ + init_completion(&req->c); + req->func = func; + req->num_params = num_params; + req->param = param; - supp->func = func; - supp->num_params = num_params; - supp->param = param; - supp->req_posted = true; + /* Insert the request in the request list */ + mutex_lock(&supp->mutex); + list_add_tail(&req->link, &supp->reqs); + mutex_unlock(&supp->mutex); - /* Let supplicant get the data */ - complete(&supp->data_to_supp); + /* Tell an eventual waiter there's a new request */ + complete(&supp->reqs_c); /* * Wait for supplicant to process and return result, once we've - * returned from wait_for_completion(data_from_supp) we have + * returned from wait_for_completion(&req->c) successfully we have * exclusive access again. */ - while (wait_for_completion_interruptible(&supp->data_from_supp)) { - mutex_lock(&supp->ctx_mutex); + while (wait_for_completion_interruptible(&req->c)) { + mutex_lock(&supp->mutex); interruptable = !supp->ctx; if (interruptable) { /* * There's no supplicant available and since the - * supp->ctx_mutex currently is held none can + * supp->mutex currently is held none can * become available until the mutex released * again. * @@ -101,28 +130,65 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, * will serve all requests in a timely manner and * interrupting then wouldn't make sense. */ - supp->ret = TEEC_ERROR_COMMUNICATION; - init_completion(&supp->data_to_supp); + interruptable = !req->busy; + if (!req->busy) + list_del(&req->link); } - mutex_unlock(&supp->ctx_mutex); - if (interruptable) + mutex_unlock(&supp->mutex); + + if (interruptable) { + req->ret = TEEC_ERROR_COMMUNICATION; break; + } } - ret = supp->ret; - supp->param = NULL; - supp->req_posted = false; - - /* We're done, let someone else talk to the supplicant now. */ - mutex_unlock(&supp->thrd_mutex); + ret = req->ret; + kfree(req); return ret; } -static int supp_check_recv_params(size_t num_params, struct tee_param *params) +static struct optee_supp_req *supp_pop_entry(struct optee_supp *supp, + int num_params, int *id) +{ + struct optee_supp_req *req; + + if (supp->req_id != -1) { + /* + * Supplicant should not mix synchronous and asnynchronous + * requests. + */ + return ERR_PTR(-EINVAL); + } + + if (list_empty(&supp->reqs)) + return NULL; + + req = list_first_entry(&supp->reqs, struct optee_supp_req, link); + + if (num_params < req->num_params) { + /* Not enough room for parameters */ + return ERR_PTR(-EINVAL); + } + + *id = idr_alloc(&supp->idr, req, 1, 0, GFP_KERNEL); + if (*id < 0) + return ERR_PTR(-ENOMEM); + + list_del(&req->link); + req->busy = true; + + return req; +} + +static int supp_check_recv_params(size_t num_params, struct tee_param *params, + size_t *num_meta) { size_t n; + if (!num_params) + return -EINVAL; + /* * If there's memrefs we need to decrease those as they where * increased earlier and we'll even refuse to accept any below. @@ -132,11 +198,20 @@ static int supp_check_recv_params(size_t num_params, struct tee_param *params) tee_shm_put(params[n].u.memref.shm); /* - * We only expect parameters as TEE_IOCTL_PARAM_ATTR_TYPE_NONE (0). + * We only expect parameters as TEE_IOCTL_PARAM_ATTR_TYPE_NONE with + * or without the TEE_IOCTL_PARAM_ATTR_META bit set. */ for (n = 0; n < num_params; n++) - if (params[n].attr) + if (params[n].attr && + params[n].attr != TEE_IOCTL_PARAM_ATTR_META) return -EINVAL; + + /* At most we'll need one meta parameter so no need to check for more */ + if (params->attr == TEE_IOCTL_PARAM_ATTR_META) + *num_meta = 1; + else + *num_meta = 0; + return 0; } @@ -156,69 +231,99 @@ int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, struct tee_device *teedev = ctx->teedev; struct optee *optee = tee_get_drvdata(teedev); struct optee_supp *supp = &optee->supp; + struct optee_supp_req *req = NULL; + int id; + size_t num_meta; int rc; - rc = supp_check_recv_params(*num_params, param); + rc = supp_check_recv_params(*num_params, param, &num_meta); if (rc) return rc; - /* - * In case two threads in one supplicant is calling this function - * simultaneously we need to protect the data with a mutex which - * we'll release before returning. - */ - mutex_lock(&supp->supp_mutex); + while (true) { + mutex_lock(&supp->mutex); + req = supp_pop_entry(supp, *num_params - num_meta, &id); + mutex_unlock(&supp->mutex); + + if (req) { + if (IS_ERR(req)) + return PTR_ERR(req); + break; + } - if (supp->supp_next_send) { /* - * optee_supp_recv() has been called again without - * a optee_supp_send() in between. Supplicant has - * probably been restarted before it was able to - * write back last result. Abort last request and - * wait for a new. + * If we didn't get a request we'll block in + * wait_for_completion() to avoid needless spinning. + * + * This is where supplicant will be hanging most of + * the time, let's make this interruptable so we + * can easily restart supplicant if needed. */ - if (supp->req_posted) { - supp->ret = TEEC_ERROR_COMMUNICATION; - supp->supp_next_send = false; - complete(&supp->data_from_supp); - } + if (wait_for_completion_interruptible(&supp->reqs_c)) + return -ERESTARTSYS; } - /* - * This is where supplicant will be hanging most of the - * time, let's make this interruptable so we can easily - * restart supplicant if needed. - */ - if (wait_for_completion_interruptible(&supp->data_to_supp)) { - rc = -ERESTARTSYS; - goto out; + if (num_meta) { + /* + * tee-supplicant support meta parameters -> requsts can be + * processed asynchronously. + */ + param->attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT | + TEE_IOCTL_PARAM_ATTR_META; + param->u.value.a = id; + param->u.value.b = 0; + param->u.value.c = 0; + } else { + mutex_lock(&supp->mutex); + supp->req_id = id; + mutex_unlock(&supp->mutex); } - /* We have exlusive access to the data */ + *func = req->func; + *num_params = req->num_params + num_meta; + memcpy(param + num_meta, req->param, + sizeof(struct tee_param) * req->num_params); - if (*num_params < supp->num_params) { - /* - * Not enough room for parameters, tell supplicant - * it failed and abort last request. - */ - supp->ret = TEEC_ERROR_COMMUNICATION; - rc = -EINVAL; - complete(&supp->data_from_supp); - goto out; + return 0; +} + +static struct optee_supp_req *supp_pop_req(struct optee_supp *supp, + size_t num_params, + struct tee_param *param, + size_t *num_meta) +{ + struct optee_supp_req *req; + int id; + size_t nm; + const u32 attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT | + TEE_IOCTL_PARAM_ATTR_META; + + if (!num_params) + return ERR_PTR(-EINVAL); + + if (supp->req_id == -1) { + if (param->attr != attr) + return ERR_PTR(-EINVAL); + id = param->u.value.a; + nm = 1; + } else { + id = supp->req_id; + nm = 0; } - *func = supp->func; - *num_params = supp->num_params; - memcpy(param, supp->param, - sizeof(struct tee_param) * supp->num_params); + req = idr_find(&supp->idr, id); + if (!req) + return ERR_PTR(-ENOENT); + + if ((num_params - nm) != req->num_params) + return ERR_PTR(-EINVAL); - /* Allow optee_supp_send() below to do its work */ - supp->supp_next_send = true; + req->busy = false; + idr_remove(&supp->idr, id); + supp->req_id = -1; + *num_meta = nm; - rc = 0; -out: - mutex_unlock(&supp->supp_mutex); - return rc; + return req; } /** @@ -236,63 +341,42 @@ int optee_supp_send(struct tee_context *ctx, u32 ret, u32 num_params, struct tee_device *teedev = ctx->teedev; struct optee *optee = tee_get_drvdata(teedev); struct optee_supp *supp = &optee->supp; + struct optee_supp_req *req; size_t n; - int rc = 0; + size_t num_meta; - /* - * We still have exclusive access to the data since that's how we - * left it when returning from optee_supp_read(). - */ + mutex_lock(&supp->mutex); + req = supp_pop_req(supp, num_params, param, &num_meta); + mutex_unlock(&supp->mutex); - /* See comment on mutex in optee_supp_read() above */ - mutex_lock(&supp->supp_mutex); - - if (!supp->supp_next_send) { - /* - * Something strange is going on, supplicant shouldn't - * enter optee_supp_send() in this state - */ - rc = -ENOENT; - goto out; - } - - if (num_params != supp->num_params) { - /* - * Something is wrong, let supplicant restart. Next call to - * optee_supp_recv() will give an error to the requesting - * thread and release it. - */ - rc = -EINVAL; - goto out; + if (IS_ERR(req)) { + /* Something is wrong, let supplicant restart. */ + return PTR_ERR(req); } /* Update out and in/out parameters */ - for (n = 0; n < num_params; n++) { - struct tee_param *p = supp->param + n; + for (n = 0; n < req->num_params; n++) { + struct tee_param *p = req->param + n; - switch (p->attr) { + switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: - p->u.value.a = param[n].u.value.a; - p->u.value.b = param[n].u.value.b; - p->u.value.c = param[n].u.value.c; + p->u.value.a = param[n + num_meta].u.value.a; + p->u.value.b = param[n + num_meta].u.value.b; + p->u.value.c = param[n + num_meta].u.value.c; break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: - p->u.memref.size = param[n].u.memref.size; + p->u.memref.size = param[n + num_meta].u.memref.size; break; default: break; } } - supp->ret = ret; - - /* Allow optee_supp_recv() above to do its work */ - supp->supp_next_send = false; + req->ret = ret; /* Let the requesting thread continue */ - complete(&supp->data_from_supp); -out: - mutex_unlock(&supp->supp_mutex); - return rc; + complete(&req->c); + + return 0; }