tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

optee: support protected memory allocation

Add support in the OP-TEE backend driver for protected memory
allocation. The support is limited to only the SMC ABI and for secure
video buffers.

OP-TEE is probed for the range of protected physical memory and a
memory pool allocator is initialized if OP-TEE have support for such
memory.

Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Jens Wiklander 0e32abef ab09dd6d

+81 -2
+5
drivers/tee/optee/Kconfig
··· 25 25 26 26 Additional documentation on kernel security risks are at 27 27 Documentation/tee/op-tee.rst. 28 + 29 + config OPTEE_STATIC_PROTMEM_POOL 30 + bool 31 + depends on HAS_IOMEM && TEE_DMABUF_HEAPS 32 + default y
+7
drivers/tee/optee/core.c
··· 56 56 return 0; 57 57 } 58 58 59 + int optee_set_dma_mask(struct optee *optee, u_int pa_width) 60 + { 61 + u64 mask = DMA_BIT_MASK(min(64, pa_width)); 62 + 63 + return dma_coerce_mask_and_coherent(&optee->teedev->dev, mask); 64 + } 65 + 59 66 static void optee_bus_scan(struct work_struct *work) 60 67 { 61 68 WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
+2
drivers/tee/optee/optee_private.h
··· 274 274 275 275 extern struct blocking_notifier_head optee_rpmb_intf_added; 276 276 277 + int optee_set_dma_mask(struct optee *optee, u_int pa_width); 278 + 277 279 int optee_notif_init(struct optee *optee, u_int max_key); 278 280 void optee_notif_uninit(struct optee *optee); 279 281 int optee_notif_wait(struct optee *optee, u_int key, u32 timeout);
+67 -2
drivers/tee/optee/smc_abi.c
··· 1583 1583 } 1584 1584 #endif 1585 1585 1586 + static struct tee_protmem_pool *static_protmem_pool_init(struct optee *optee) 1587 + { 1588 + #if IS_ENABLED(CONFIG_OPTEE_STATIC_PROTMEM_POOL) 1589 + union { 1590 + struct arm_smccc_res smccc; 1591 + struct optee_smc_get_protmem_config_result result; 1592 + } res; 1593 + struct tee_protmem_pool *pool; 1594 + void *p; 1595 + int rc; 1596 + 1597 + optee->smc.invoke_fn(OPTEE_SMC_GET_PROTMEM_CONFIG, 0, 0, 0, 0, 1598 + 0, 0, 0, &res.smccc); 1599 + if (res.result.status != OPTEE_SMC_RETURN_OK) 1600 + return ERR_PTR(-EINVAL); 1601 + 1602 + rc = optee_set_dma_mask(optee, res.result.pa_width); 1603 + if (rc) 1604 + return ERR_PTR(rc); 1605 + 1606 + /* 1607 + * Map the memory as uncached to make sure the kernel can work with 1608 + * __pfn_to_page() and friends since that's needed when passing the 1609 + * protected DMA-buf to a device. The memory should otherwise not 1610 + * be touched by the kernel since it's likely to cause an external 1611 + * abort due to the protection status. 1612 + */ 1613 + p = devm_memremap(&optee->teedev->dev, res.result.start, 1614 + res.result.size, MEMREMAP_WC); 1615 + if (IS_ERR(p)) 1616 + return p; 1617 + 1618 + pool = tee_protmem_static_pool_alloc(res.result.start, res.result.size); 1619 + if (IS_ERR(pool)) 1620 + devm_memunmap(&optee->teedev->dev, p); 1621 + 1622 + return pool; 1623 + #else 1624 + return ERR_PTR(-EINVAL); 1625 + #endif 1626 + } 1627 + 1628 + static int optee_protmem_pool_init(struct optee *optee) 1629 + { 1630 + enum tee_dma_heap_id heap_id = TEE_DMA_HEAP_SECURE_VIDEO_PLAY; 1631 + struct tee_protmem_pool *pool = ERR_PTR(-EINVAL); 1632 + int rc; 1633 + 1634 + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM)) 1635 + return 0; 1636 + 1637 + pool = static_protmem_pool_init(optee); 1638 + if (IS_ERR(pool)) 1639 + return PTR_ERR(pool); 1640 + 1641 + rc = tee_device_register_dma_heap(optee->teedev, heap_id, pool); 1642 + if (rc) 1643 + pool->ops->destroy_pool(pool); 1644 + 1645 + return rc; 1646 + } 1647 + 1586 1648 static int optee_probe(struct platform_device *pdev) 1587 1649 { 1588 1650 optee_invoke_fn *invoke_fn; ··· 1740 1678 optee = kzalloc(sizeof(*optee), GFP_KERNEL); 1741 1679 if (!optee) { 1742 1680 rc = -ENOMEM; 1743 - goto err_free_pool; 1681 + goto err_free_shm_pool; 1744 1682 } 1745 1683 1746 1684 optee->ops = &optee_ops; ··· 1813 1751 pr_info("Asynchronous notifications enabled\n"); 1814 1752 } 1815 1753 1754 + if (optee_protmem_pool_init(optee)) 1755 + pr_info("Protected memory service not available\n"); 1756 + 1816 1757 /* 1817 1758 * Ensure that there are no pre-existing shm objects before enabling 1818 1759 * the shm cache so that there's no chance of receiving an invalid ··· 1867 1802 tee_device_unregister(optee->teedev); 1868 1803 err_free_optee: 1869 1804 kfree(optee); 1870 - err_free_pool: 1805 + err_free_shm_pool: 1871 1806 tee_shm_pool_free(pool); 1872 1807 if (memremaped_shm) 1873 1808 memunmap(memremaped_shm);