tee: system session · tjh.dev/kernel@a9214a8

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

tee: system session

Adds kernel client API function tee_client_system_session() for a client
to request a system service entry in TEE context.

This feature is needed to prevent a system deadlock when several TEE
client applications invoke TEE, consuming all TEE thread contexts
available in the secure world. The deadlock can happen in the OP-TEE
driver for example if all these TEE threads issue an RPC call from TEE
to Linux OS to access an eMMC RPMB partition (TEE secure storage) which
device clock or regulator controller is accessed through an OP-TEE SCMI
services. In that case, Linux SCMI driver must reach OP-TEE SCMI service
without waiting until one of the consumed TEE threads is freed.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Co-developed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

authored by

Etienne Carriere and committed by

Jens Wiklander 2 years ago a9214a88 077798da

+24

2 changed files

expand all

drivers

tee

tee_core.c

include

linux

tee_drv.h

drivers/tee/tee_core.c

··· 1173 1173 } 1174 1174 EXPORT_SYMBOL_GPL(tee_client_close_session); 1175 1175 1176 + int tee_client_system_session(struct tee_context *ctx, u32 session) 1177 + { 1178 + if (!ctx->teedev->desc->ops->system_session) 1179 + return -EINVAL; 1180 + return ctx->teedev->desc->ops->system_session(ctx, session); 1181 + } 1182 + EXPORT_SYMBOL_GPL(tee_client_system_session); 1183 + 1176 1184 int tee_client_invoke_func(struct tee_context *ctx, 1177 1185 struct tee_ioctl_invoke_arg *arg, 1178 1186 struct tee_param *param)

+16

include/linux/tee_drv.h

··· 84 84 * @release: release this open file 85 85 * @open_session: open a new session 86 86 * @close_session: close a session 87 + * @system_session: declare session as a system session 87 88 * @invoke_func: invoke a trusted function 88 89 * @cancel_req: request cancel of an ongoing invoke or open 89 90 * @supp_recv: called for supplicant to get a command ··· 101 100 struct tee_ioctl_open_session_arg *arg, 102 101 struct tee_param *param); 103 102 int (*close_session)(struct tee_context *ctx, u32 session); 103 + int (*system_session)(struct tee_context *ctx, u32 session); 104 104 int (*invoke_func)(struct tee_context *ctx, 105 105 struct tee_ioctl_invoke_arg *arg, 106 106 struct tee_param *param); ··· 430 428 * valid after this function has returned. 431 429 */ 432 430 int tee_client_close_session(struct tee_context *ctx, u32 session); 431 + 432 + /** 433 + * tee_client_system_session() - Declare session as a system session 434 + * @ctx: TEE Context 435 + * @session: Session id 436 + * 437 + * This function requests TEE to provision an entry context ready to use for 438 + * that session only. The provisioned entry context is used for command 439 + * invocation and session closure, not for command cancelling requests. 440 + * TEE releases the provisioned context upon session closure. 441 + * 442 + * Return < 0 on error else 0 if an entry context has been provisioned. 443 + */ 444 + int tee_client_system_session(struct tee_context *ctx, u32 session); 433 445 434 446 /** 435 447 * tee_client_invoke_func() - Invoke a function in a Trusted Application