- initialize result before use in in error path
- fix uninitialized pointers with free attribute
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmka6uoaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H625hAAkeOfInc+UE3Y7KAuQ/o4
hbZE1wEQVJmCu1X7ugMowR7PWkntgOotUQPvGzgo8041UFpHCKSX+0y3yKud92yh
imiy7Gx9OxKYHUEC8J7SIuZpqJ2x87NPpLafA3+qLcYBAguY/aibpfhbDi9oi2qk
VZwisQuz5Gc5K2WJ5WUgj9Hxh9AlQQ6K8/oFl9QDZZv1H3GSYgiQJbVOJDVwjGir
4Ttm5b1NKMd8Jpa+sFkHOwQgOSvWujcUBRA+osopkz3JRRohgUrFQ+ShDc4/+ioe
NaQr6tJEiuBHihkSexPVyKRO7WyrIB/g33K5vB1GVwx/9MD8rWm/gU69jIMQn9PL
sNt6AMZx4A8MTL56slM9d9GYHQelFSS4alXgQW4C+iVzVcRMp0fiwDbxoe2Q7goy
MNX2Ic+ffYJJNkkBFye+udlmdH9Wqzz+NqIyb/9AEDx8TA1Fvl6sd19P+JedWH2q
dnbYVt4/N4l/8YJrh/T8/kJwvFheOC1Y5nlugf3wImcZgY3T9hhDOjYxMaCbZyCS
hcYzbylrMgzz2VP51xuClvI5OILKCA9fqR7nxVJo1a6fVTrT24jDELzE/hCkkPRS
Hra1yd/ZflIysuut7B8Yb2m0eSDhcyVtuf/kTFBndzduyxYq7Zza3J/UvrQUCHKy
0aACyNlFB4amfaRFfWHc21I=
=+IKZ
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmkgyywACgkQmmx57+YA
GNmIMw/9F1n6uAP0J0uVGLiDKSvxwN93oIYSoR3ToW/W4NUa67kJ/ScTO/ac+Mze
C2XAb4tY7rW3Ts34GWcW7G5sbV96HW8h81x9LsYGDdyNOzaLgESgvmsaObLH5RkY
K4DhgIyBTSpZf3QAqOd47BI2IkgHgcnjoyrCYMdC1b/wjrScwyvBxC7hbxS8Z4nu
mD2Cfdj/l41P09miemeLCXIcOHRJShtVRzZdszTmKqi3YEESAYSw57OKfE4flcuR
NhxLRwnZfetvuqW6wqNZBeoRLgTenpG5Qj2nPxJXpXG+gVw8EMvo87U/oq3bYNgu
+04EjN2Ulc3BPuupfq5K4x3Pmf0olkDJ/qyaeUc//R6ouwH/4hQvqRWUewhJ+1MF
wbfj/fPfOlhqPa5TiwwGWC9XK0ovq7bdcbEsVkJXJ7b4Do16zWa57dIS+heN4A/Z
UlXBvjEWgYd0H9+AGkWii3iFFy86FGRxflGYDfti6iRMeo3h+RbiNx3w8KbOgLg2
il6ne2TLvLg1pFqm67suPDXfyRRIKmkvIZtEyH8cdXmJ2zKYcrfoskd2Q9nd5bZE
Bzy0KrO18mXNTjcnd3ht+6hkYcAcQFetk6DgU7aKg0WDNOeWFPlnxr7BBASVSZjI
oiCcLW8GqCqJubMBjydso3q85AW8ig5phRCxuTP3kEbZPb71hMU=
=r+Hg
-----END PGP SIGNATURE-----
Merge tag 'qcomtee-fixes2-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into arm/fixes
QCOMTEE fixes2 for v6.18
- initialize result before use in in error path
- fix uninitialized pointers with free attribute
* tag 'qcomtee-fixes2-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
tee: qcomtee: initialize result before use in release worker
tee: qcomtee: fix uninitialized pointers with free attribute
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Initialize result to 0 so the error path doesn't read it
uninitialized when the invoke fails. Fixes a Smatch warning.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/op-tee/7c1e0de2-7d42-4c6b-92fe-0e4fe5d650b5@oss.qualcomm.com/
Fixes: d6e290837e ("tee: add Qualcomm TEE driver")
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Uninitialized pointers with `__free` attribute can cause undefined
behavior as the memory assigned randomly to the pointer is freed
automatically when the pointer goes out of scope.
qcomtee doesn't have any bugs related to this as of now, but
it is better to initialize and assign pointers with `__free`
attribute in one statement to ensure proper scope-based cleanup
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/
Signed-off-by: Ally Heev <allyheev@gmail.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
- Adds ARCH_QCOM dependency for the QTEE driver
- Fixing return values for copy_from_user() failures
- Guarding against potential off by one read
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjfv58aHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H6uxA/+NFregDoinXbAYFzEjoTM
g2tVAEe/6+1XWN37DngvWvV4ndnbq49n9EYqR4mWRz1KH5sCmTjpzolOpLvLmKd3
woZeqPP6gpbmiKQQ08cK34axhfi0xAPAK9B9qiat5ARBN1CoT0E+OLp4u9B4RX7/
zf2jU8PI2JrqqbABmUIkfqbHgP5Hh9TIzE3RH4oI/wLQl+F2goKBx+p2X8BEqmlw
xRpD4nKMk8Hui/oIDwe9BJ5AzVb4hG/PY9O9UQRaW/WCifcIyWYWbE3cnnN1YtmO
yRcGlalBa/wpRQR94pUUyrb1qhbb/PcdSa46SQ2nL8yQ1C11+kr6BEW1KTV6RRBU
guKK8D41ZLSUKDVvtiJD7nszhwrGdHafw/V9Kqu9KGbhba3gUJhClpDRS/1boyZ8
UlDpWz4GAQ6Ky1QZrq7yPJ2qrrTq6GVDPVRt7DLqnupkF9ASa5Ii96IEqK4IZZB5
5VRlpFLTKdPjmxvBvAtcvBp3ryOG2JOlwCkUlzfAmjeHdNY7duaNHy+XxwqzhiLY
KREZD7c3H3ghJbrC6UY+anBRsP0uIAn1C3wDTNgprVTsjF6IZOy82ZJmUqxT+yU5
QEgXjGj9g1LvydujhPfQ0O+t8D5h0guEbw4iHSHCAL7fYL0iK1ua3+52sQXbs79L
vJu6+0DSqUdju5wlgta0kao=
=z/ma
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjyRB0ACgkQmmx57+YA
GNmszQ/7BEPFQZmUCW26t8krpaE4MBJpJNsXT3GG3CMK2fmu/rdUf2iB0cXbEi9S
XYwNng5qYPw1BcqbJR4PbUDpOa6td5Byucq6h+A2dDnBqiguOwtC8rpi1kz2y6Gx
N0laWR8UUYd7Oh9aFZheX0ye01GzHXsNYZTuCqSE1XIpzVLFJFYHYSVFE/YEhQ+5
YjDQebJVpgGlacdHZy/UywwPQqUiL67WrGFhwyvep1iAxQh8gltVPfBNqnD9QzdC
zKIWL/XmlPHXxDsbB1ZvD8pYkPIZh3pqd+8kpkQzElEErJYLHpHTcHbNQxGzsUxC
9A5mlexBIQUg5hyFMzoulFwb44JCEa59SoSbXKDzbHZAkQwKPztg4TGTMdsbuXQv
Lyr+3fJ1fO1O44OXFcLh6WpKmaFna9kyVcbsW9FSRU5RWYOerfBgyk6NlQ8vSn6U
IDPXccpxbvG2jWMWdW/H5YtJ3WJjue5gm/wKN3K2Mzwimj57AHQEHvTxc9zzSYD4
A3yNdgcfwIipLVWFNqY+HDpKDzjaay0GEaGgNLEj/syuK0GfaRm9sKeS05B3weOb
kipNi6jf/0ZEg3vl5tMBA687Y+cx0J4VuS5cCMwoExpl0RzZCriXA0uMfOE7ovdp
b8134JCTLxhSdONUX2jK9mAXNOK0ovmwjuWqaVvlNb4w0YCQPAw=
=G+xF
-----END PGP SIGNATURE-----
Merge tag 'tee-qcomtee-fixes-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into arm/fixes
TEE QTEE fixes for v6.18
- Adds ARCH_QCOM dependency for the QTEE driver
- Fixing return values for copy_from_user() failures
- Guarding against potential off by one read
* tag 'tee-qcomtee-fixes-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
tee: QCOMTEE should depend on ARCH_QCOM
tee: qcom: return -EFAULT instead of -EINVAL if copy_from_user() fails
tee: qcom: prevent potential off by one read
The Qualcomm Trusted Execution Environment (QTEE) is only available on
Qualcomm SoCs. Hence add a dependency on ARCH_QCOM, to prevent asking
the user about this driver when configuring a kernel without Qualcomm
platform support.
Fixes: d6e290837e ("tee: add Qualcomm TEE driver")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Lots of platform specific updates for Qualcomm SoCs, including a
new TEE subsystem driver for the Qualcomm QTEE firmware interface.
Added support for the Apple A11 SoC in drivers that are shared with the
M1/M2 series, among more updates for those.
Smaller platform specific driver updates for Renesas, ASpeed, Broadcom,
Nvidia, Mediatek, Amlogic, TI, Allwinner, and Freescale SoCs.
Driver updates in the cache controller, memory controller and reset
controller subsystems.
SCMI firmware updates to add more features and improve robustness.
This includes support for having multiple SCMI providers in a single
system.
TEE subsystem support for protected DMA-bufs, allowing hardware to
access memory areas that managed by the kernel but remain inaccessible
from the CPU in EL1/EL0.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjdpaoACgkQmmx57+YA
GNnBXA//QgmFXYGG7QfB825mt0orKZxpfpLcwvqO7hkWgbXtl7Gokw2lGYN6bwLu
zvY4MQ/bVoZ8R5uTVmuaSHBRsttSen8mBf+V0vzsBM/DRRVxvIN/7TESrY3J7Dtx
J5syHKIBiUtdkDebWWC6jIElczIBItsd03Ln4Xjjt8Vas5YOO4n44zFrPo+FwlN/
I6D2K86AiNZTtUCDMtB6VfJ6YtjYBWcWnJm7FXw/vE8FAXdZUnNWnZ8hbdQ5GaME
JZGepUhONaOMUoGNZNaDGw511RdPhYzPjj9rCsIx2qdsRO9/4tJ8ccpW2aUMYh8c
nA6w8Hj8jCwco6aYYrDUDV9uRtURDrmyJgTJBNLU05e/L+MuJ3IZNlzHFWlsxIAE
vhyTdmg/P04ClQyixCl67IH/66F/0smX9C+1761LrD7GTdfR92KPl5W6q+DPBg/x
yf+s2p3+f7ItV5XobKOrbf3w0xazeDb5o/EK8BufMx9vSe9bpzJ0gOf0CmNXEpyZ
owAhbh6wXX1YwPcyA9LHv6gthyJwc/3fLu49ggMZP2rU01ccKOYn9H0cr7C8NVmy
wEpJR0lp5aSw2oRkPkxB6sFmUohcpr8/OXGGJuvCXkYsUY1BEup4lewvbIWK4WoE
c84kbbaHsjgFhe3IRlQw3G4KLYQT3jRtF7fH+gPx556BcI6K+lg=
=mcZR
-----END PGP SIGNATURE-----
Merge tag 'soc-drivers-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull SoC driver updates from Arnd Bergmann:
"Lots of platform specific updates for Qualcomm SoCs, including a new
TEE subsystem driver for the Qualcomm QTEE firmware interface.
Added support for the Apple A11 SoC in drivers that are shared with
the M1/M2 series, among more updates for those.
Smaller platform specific driver updates for Renesas, ASpeed,
Broadcom, Nvidia, Mediatek, Amlogic, TI, Allwinner, and Freescale
SoCs.
Driver updates in the cache controller, memory controller and reset
controller subsystems.
SCMI firmware updates to add more features and improve robustness.
This includes support for having multiple SCMI providers in a single
system.
TEE subsystem support for protected DMA-bufs, allowing hardware to
access memory areas that managed by the kernel but remain inaccessible
from the CPU in EL1/EL0"
* tag 'soc-drivers-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (139 commits)
soc/fsl/qbman: Use for_each_online_cpu() instead of for_each_cpu()
soc: fsl: qe: Drop legacy-of-mm-gpiochip.h header from GPIO driver
soc: fsl: qe: Change GPIO driver to a proper platform driver
tee: fix register_shm_helper()
pmdomain: apple: Add "apple,t8103-pmgr-pwrstate"
dt-bindings: spmi: Add Apple A11 and T2 compatible
serial: qcom-geni: Load UART qup Firmware from linux side
spi: geni-qcom: Load spi qup Firmware from linux side
i2c: qcom-geni: Load i2c qup Firmware from linux side
soc: qcom: geni-se: Add support to load QUP SE Firmware via Linux subsystem
soc: qcom: geni-se: Cleanup register defines and update copyright
dt-bindings: qcom: se-common: Add QUP Peripheral-specific properties for I2C, SPI, and SERIAL bus
Documentation: tee: Add Qualcomm TEE driver
tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl
tee: qcom: add primordial object
tee: add Qualcomm TEE driver
tee: increase TEE_MAX_ARG_SIZE to 4096
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF
tee: add close_context to TEE driver operation
...
This introduces a Trusted Execution Environment (TEE) driver for
Qualcomm TEE (QTEE).
QTEE enables Trusted Applications (TAs) and services to run securely. It
uses an object-based interface, where each service is an object with
sets of operations.
Kernel and userspace services are also available to QTEE through a
similar approach. QTEE makes callback requests that are converted into
object invocations. These objects can represent services within the
kernel or userspace process.
We extend the TEE subsystem to understand object parameters and an ioctl
call so client can invoke objects in QTEE:
- TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_*
- TEE_IOC_OBJECT_INVOKE
The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are
used for invoking services in the userspace process by QTEE.
The TEE backend driver uses the QTEE Transport Message to communicate
with QTEE. Interactions through the object INVOKE interface are
translated into QTEE messages. Likewise, object invocations from QTEE
for userspace objects are converted into SEND/RECV ioctl calls to
supplicants.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjIS8AaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H4Wzg/+KnIx5XCYpj1QmL2H8vz5
dkqB5+QEHfaUIKxUrbk7X/Gow7ZTO8IuDPaiWPSIaGhOosio7fr9J6SdGWySSvBw
qXazPLgRP7tvhhUA8H1zGO6J9GSGIGENtzRyeK9QzglmkBQcoK9fLRH7StGiwFdP
f3NKPIx3YZKKL5+I4Xe8J0jvLZmiJW59cSj7m1sfDbPobuLLEKff4VFd4NSv8ufc
JKpxlxwa3xCtpjNsDJFNlpRwtO0YvF10V3xlDtRGZQs7Gq/dbOA48koA0EqZtTc9
Yhigl+F4gjleQcrpVT2QM7qJt8fdmuR77FI67YQCmr1cqY1pT/gT3l3Fri0Ok3XU
Yl+EBI32QLFTjJeGvoEehaEhhpJsWJaLDNDgOV9gDJfZoJK3UgYVjUFwWlVF8Xju
6iplkDBGpexogjDXoBo8vZEP+/EGwr+cGhWvokLymZCe8R8tfmbA4KkU1mhxo3ma
eHleGKKghC78xQzUc7gwt0pVJm4FY+uoCzbdV/S/i5j5Kn6l4un5lkUOzXH6D7lj
HBLExWqL8nxc7mC0Zxtvcd58FiVbLgjEmgMQEGOTliuO8/BXxKU1OJeyNGd4D9vz
8F2vwBSgyCcrpkx1MmDC2NxYPzUOQ58ct6z07UxlpUCcBgCXlnrRBMjX1k8CwJpn
BkiizW+aj53HRTQlWlBZLp0=
=+Jqo
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjTDEkACgkQmmx57+YA
GNk5ww//TTwhmt8/XMNbozvUHYvz2/BsJJ9jVlFZUp9nuf7nVkDESGiNAvj439Fy
xSwnFKjplRxDwLWixsi92QSF60VfhTm3pQ7ggsga/5IoHr+R2l0L2aMzkZUl4jKX
y6pCg9A/FE1D87AfOh4dzuagddkwzOf1CEcJlE95t7NH9uome3QdsIzmc7/yg/MV
01xq+30YaSRNbGxiQkmIqChU8bJBFqaH+ygPWZVyAX0gzk9nQHhzNgvbsi8v0Otv
iFNO3/VF7uzsv2Q8Qx0unIBq6kJIxhHC3K3M1TXHJKRtax8N/8M6UVVkdfshes5+
reg0CIsOEQ9FqevyabEkirtiwvCF61knmhkKJjCnysd+18PCzLjxnNEVtY+tUomH
sFI++U5MLuybfCAx4jqjW9dEUrLNiGF8sbJTkQ4ToBjRJR1YihT9aBHeoH7OCKfb
izS03PlJqDAK7qGH7PTjabi/YmYujizxVrh29CsP3Lk0FfB5m2h2dsX1gr9Z9V5d
hq0z8nAsh6UJt26Nfq2+hhMaC4AiBn4foc+YaCx/Z8pf9pejzEu/NxRNox05LZem
EThVNRF1zTtI+0SCHGDAwV3Tuj/uuvrOl9FkcdPbP0kFErsW8b5zwZWIDvzqc2FT
L39E/C91Ptoe9ZpmCAfnyzKcfI6FeEfXwtMsLcagHsm6pcVbfyc=
=BBL5
-----END PGP SIGNATURE-----
Merge tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers
Add Qualcomm TEE driver (QTEE)
This introduces a Trusted Execution Environment (TEE) driver for
Qualcomm TEE (QTEE).
QTEE enables Trusted Applications (TAs) and services to run securely. It
uses an object-based interface, where each service is an object with
sets of operations.
Kernel and userspace services are also available to QTEE through a
similar approach. QTEE makes callback requests that are converted into
object invocations. These objects can represent services within the
kernel or userspace process.
We extend the TEE subsystem to understand object parameters and an ioctl
call so client can invoke objects in QTEE:
- TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_*
- TEE_IOC_OBJECT_INVOKE
The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are
used for invoking services in the userspace process by QTEE.
The TEE backend driver uses the QTEE Transport Message to communicate
with QTEE. Interactions through the object INVOKE interface are
translated into QTEE messages. Likewise, object invocations from QTEE
for userspace objects are converted into SEND/RECV ioctl calls to
supplicants.
* tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
Documentation: tee: Add Qualcomm TEE driver
tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl
tee: qcom: add primordial object
tee: add Qualcomm TEE driver
tee: increase TEE_MAX_ARG_SIZE to 4096
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF
tee: add close_context to TEE driver operation
tee: allow a driver to allocate a tee_device without a pool
Link: https://lore.kernel.org/r/20250915174957.GA2040478@rayden
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
In register_shm_helper(), fix incorrect error handling for a call to
iov_iter_extract_pages(). A case is missing for when
iov_iter_extract_pages() only got some pages and return a number larger
than 0, but not the requested amount.
This fixes a possible NULL pointer dereference following a bad input from
ioctl(TEE_IOC_SHM_REGISTER) where parts of the buffer isn't mapped.
Cc: stable@vger.kernel.org
Reported-by: Masami Ichikawa <masami256@gmail.com>
Closes: https://lore.kernel.org/op-tee/CACOXgS-Bo2W72Nj1_44c7bntyNYOavnTjJAvUbEiQfq=u9W+-g@mail.gmail.com/
Tested-by: Masami Ichikawa <masami256@gmail.com>
Fixes: 7bdee41575 ("tee: Use iov_iter to better support shared buffer registration")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
If copy_from_user() fails, the correct error code is -EFAULT, not
-EINVAL.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Re-order these checks to check if "i" is a valid array index before using
it. This prevents a potential off by one read access.
Fixes: d6e290837e ("tee: add Qualcomm TEE driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Enable userspace to allocate shared memory with QTEE. Since
QTEE handles shared memory as object, a wrapper is implemented
to represent tee_shm as an object. The shared memory identifier,
obtained through TEE_IOC_SHM_ALLOC, is transferred to the driver using
TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT/OUTPUT.
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
After booting, the kernel provides a static object known as the
primordial object. This object is utilized by QTEE for native
kernel services such as yield or privileged operations.
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Introduce qcomtee_object, which represents an object in both QTEE and
the kernel. QTEE clients can invoke an instance of qcomtee_object to
access QTEE services. If this invocation produces a new object in QTEE,
an instance of qcomtee_object will be returned.
Similarly, QTEE can request services from by issuing a callback
request, which invokes an instance of qcomtee_object.
Implement initial support for exporting qcomtee_object to userspace
and QTEE, enabling the invocation of objects hosted in QTEE and userspace
through the TEE subsystem.
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The TEE subsystem allows session-based access to trusted services,
requiring a session to be established to receive a service. This
is not suitable for an environment that represents services as objects.
An object supports various operations that a client can invoke,
potentially generating a result or a new object that can be invoked
independently of the original object.
Add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT/OUTPUT/INOUT to represent an
object. Objects may reside in either TEE or userspace. To invoke an
object in TEE, introduce a new ioctl. Use the existing SUPPL_RECV and
SUPPL_SEND to invoke an object in userspace.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
For drivers that can transfer data to the TEE without using shared
memory from client, it is necessary to receive the user address
directly, bypassing any processing by the TEE subsystem. Introduce
TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent
userspace buffers.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The tee_context can be used to manage TEE user resources, including
those allocated by the driver for the TEE on behalf of the user.
The release() callback is invoked only when all resources, such as
tee_shm, are released and there are no references to the tee_context.
When a user closes the device file, the driver should notify the
TEE to release any resources it may hold and drop the context
references. To achieve this, a close_context() callback is
introduced to initiate resource release in the TEE driver when
the device file is closed.
Relocate teedev_ctx_get, teedev_ctx_put, tee_device_get, and
tee_device_get functions to tee_core.h to make them accessible
outside the TEE subsystem.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Harshal Dev <quic_hdev@quicinc.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
A TEE driver doesn't always need to provide a pool if it doesn't
support memory sharing ioctls and can allocate memory for TEE
messages in another way. Although this is mentioned in the
documentation for tee_device_alloc(), it is not handled correctly.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE
subsystem.
- The DMA-heap uses a protected memory pool provided by the backend TEE
driver, allowing it to choose how to allocate the protected physical
memory.
- Three use-cases (Secure Video Playback, Trusted UI, and Secure Video
Recording) have been identified so far to serve as examples of what
can be expected.
- The use-cases have predefined DMA-heap names,
"protected,secure-video", "protected,trusted-ui", and
"protected,secure-video-record". The backend driver registers protected
memory pools for the use-cases it supports.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjD5vIaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H7nMQ//afmnhAZKFnHjCfhSuk8e
u7mOCcL32+SY2R2i/OSvXzLNo6zAfpqKPjyBT5h/DEYK+bAgHSNeCNCgmmxvrKkg
3Zptyi4+kW+XPcUvAY4yT82JwhpZoR2YTnmGjDQzhLBcIlHRDHUmVblK7XUkBHUV
YrCqc6HicqcqCKZT8ZWTWa/K1lfe0xvQWOJYVFN8yF867ThHimyp7XJglEsRjUUQ
ygPLRZHZmMNq3Paoz3WQk4v4RDEC+VNVS8DxAvYvN75dSAn7b0v72i2Y64Ox+0BO
2RQcN+PTeHCvGBng3r6PP8gW/nbPQhtu0pCAkARK8xWkTUamWP5H/DvhgzdgO45T
em9F+K4NnWtep9VtfE1dYLoe4ktyyqjmojaE+izCXOX/xtQ2V9xKyDHuPZccmLXV
p9/fXLSyVEy2NUD9W4x6tkfNdnLMINLfPJzNRT8VCFqu9ebc+ldq3Gg1zCoHaFWx
VaOQ9KtelfuNcRLauFy2f5mXkkzf7GKMTgvj636WZBk5fqCCnMF55JJhucV2hD28
I5vKJkfLGDPAXaEuPJut86MZ2bXXEVxhT9i05hb2qVSGocfPuLqwdrOYYJ253wL7
xUmVxWnwEMMK+JKfiMOOW5wdPxrzee6idUBUWZe3y3xqXkTnwFY8KP/CsXV2a7SE
Zsm9/kcU2N7xBzHwocvCUys=
=l0SR
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjIH7kACgkQmmx57+YA
GNl8kg/9Gy9WbDLCvfu6CKOT5g7Z58jF0z1RetGA92684rCDW3hZuyiAy3nHp3h5
aSkGpJd8hcbJ6S89de7XXY4u0cvFzW8bxX9Zsb7XlKilGdzR5aNs02AHqeJ1BHkV
UcVH+zTB/qrg5JIH68RBD2CLDr7ScnlCa/1IgjU0rIuyilPDC/hsoGjazHV9mG0u
s9ieaHedVgzruNPtAy7MZyJyehuhgGTZh8mJ6O+AN8qWVSu0EIDYNVaT3dZiG0M+
M1N7C2Hxe0RMWd95+xotnz+o/3ifuqkK5BdsuomZT5X4A2oR7rxYb3En+Wsq7/aq
7x4Gdn+8W4eULKepr3l0wLQYVKCYKxbm1R7rKnfYFDOJFZwOyH/h9H56ouO2bekE
h2MsgV7lhKmMhrcAGIN9OsIz9DdPqj4n+z6lqyrCvSsWXGcKtTyTONsrzS3eKTv9
GdfpIkG9pPSlJFH1sO8OegRsolAkxUOx5P/PgdSmiGazKhnBtmFHlXXn+X56fcia
kdwNEBZxiynOkGZjgvqtQWYYr2yXD2YOp00eQHI9rzj8tL38zM49aSO8DlG41rhT
BK5Q1Qsr+dyCpb0/AUdz71LCAz4cKfIYGRavOpZXoNMi+9/+k+2/natLBOA4jetr
wDp3LH8av435LRj/g87zI8n9d7G1NMHaRWJZzOfXquFdTlH3kYk=
=z4o4
-----END PGP SIGNATURE-----
Merge tag 'tee-prot-dma-buf-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers
TEE protected DMA-bufs for v6.18
- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE
subsystem.
- The DMA-heap uses a protected memory pool provided by the backend TEE
driver, allowing it to choose how to allocate the protected physical
memory.
- Three use-cases (Secure Video Playback, Trusted UI, and Secure Video
Recording) have been identified so far to serve as examples of what
can be expected.
- The use-cases have predefined DMA-heap names,
"protected,secure-video", "protected,trusted-ui", and
"protected,secure-video-record". The backend driver registers protected
memory pools for the use-cases it supports.
* tag 'tee-prot-dma-buf-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
optee: smc abi: dynamic protected memory allocation
optee: FF-A: dynamic protected memory allocation
optee: support protected memory allocation
tee: add tee_shm_alloc_dma_mem()
tee: new ioctl to a register tee_shm from a dmabuf file descriptor
tee: refactor params_from_user()
tee: implement protected DMA-heap
dma-buf: dma-heap: export declared functions
optee: sync secure world ABI headers
Link: https://lore.kernel.org/r/20250912101752.GA1453408@rayden
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Add support in the OP-TEE backend driver for dynamic protected memory
allocation using the SMC ABI.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Add support in the OP-TEE backend driver dynamic protected memory
allocation with FF-A.
The protected memory pools for dynamically allocated protected memory
are instantiated when requested by user-space. This instantiation can
fail if OP-TEE doesn't support the requested use-case of protected
memory.
Restricted memory pools based on a static carveout or dynamic allocation
can coexist for different use-cases. We use only dynamic allocation with
FF-A.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Add support in the OP-TEE backend driver for protected memory
allocation. The support is limited to only the SMC ABI and for secure
video buffers.
OP-TEE is probed for the range of protected physical memory and a
memory pool allocator is initialized if OP-TEE have support for such
memory.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Add tee_shm_alloc_dma_mem() to allocate DMA memory. The memory is
represented by a tee_shm object using the new flag TEE_SHM_DMA_MEM to
identify it as DMA memory. The allocated memory will later be lent to
the TEE to be used as protected memory.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Add a userspace API to create a tee_shm object that refers to a dmabuf
reference.
Userspace registers the dmabuf file descriptor as in a tee_shm object.
The registration is completed with a tee_shm returned file descriptor.
Userspace is free to close the dmabuf file descriptor after it has been
registered since all the resources are now held via the new tee_shm
object.
Closing the tee_shm file descriptor will eventually release all
resources used by the tee_shm object when all references are released.
The new IOCTL, TEE_IOC_SHM_REGISTER_FD, supports dmabuf references to
physically contiguous memory buffers. Dmabuf references acquired from
the TEE DMA-heap can be used as protected memory for Secure Video Path
and such use cases. It depends on the TEE and the TEE driver if dmabuf
references acquired by other means can be used.
A new tee_shm flag is added to identify tee_shm objects built from a
registered dmabuf, TEE_SHM_DMA_BUF.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Break out the memref handling into a separate helper function.
No change in behavior.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Implement DMA heap for protected DMA-buf allocation in the TEE
subsystem.
Protected memory refers to memory buffers behind a hardware enforced
firewall. It is not accessible to the kernel during normal circumstances
but rather only accessible to certain hardware IPs or CPUs executing in
higher or differently privileged mode than the kernel itself. This
interface allows to allocate and manage such protected memory buffers
via interaction with a TEE implementation.
The protected memory is allocated for a specific use-case, like Secure
Video Playback, Trusted UI, or Secure Video Recording where certain
hardware devices can access the memory.
The DMA-heaps are enabled explicitly by the TEE backend driver. The TEE
backend drivers needs to implement protected memory pool to manage the
protected memory.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Update the header files describing the secure world ABI, both with and
without FF-A. The ABI is extended to deal with protected memory, but as
usual backward compatible.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Change uuid_v5() to return void, since it can no longer fail.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Replace scnprintf() with sysfs_emit() while formatting buffer that is
passed to userspace as per the recommendation in
Documentation/filesystems/sysfs.rst. sysfs _show() callbacks should use
sysfs_emit() or sysfs_emit_at() while returning values to the userspace.
This change does not impact functionality, but aligns with sysfs
interface usage guidelines for the tee driver.
Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixing a sleep in atomic context in the FF-A notification callback by
adding a work queue to process in a non-atomic context.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmhRB1kaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H5+SBAArMFHmtc56NAVWO1CKbV1
Hd9qszBXhWRYz4ahkvmC++/fOlSXKDz0YQJfKf6co32ZA8DIzgZ5QP8/YU6fJRJP
OR+3J1qRBGD5DgdD/50fflwfE3MDLSAnSvsIxn2hhpDslnoBsg9EdUi+rxHUfSGv
hmD6DlOvfMXGT/srFC0OxYpqKPK2wrDNxiX8b7OSd+w+QJDT5bJIO8c7ZMbyz429
t9mdqOtBqrgEy+eosVhyPoBjzU2f7pbcOPHENu6AkopZbdBCTntGloTKs4B3HXGz
aXYyIHpFEQIalY/3A1fkSbhEcA0NmvF33RbFcv1zz2XwxJJ18pA6Rdd2dH8nNbyb
wXxhyzP3qAi6lBCvh985eMdejqiTcYdZLDxv3v0Xf+F5nI92TSMUuo3mRr8m0sey
GD3dpM4RiN5WbzTXr97IlnVCDkAh/o6C6GO0chDRCjwUkgRa2ZKiBhKYs1uXUKaY
9CpRbFMbo49RKOjlKdTcVDOk+Yw6b8U1AsCMbW3g6rAlDm1OOQG5CrTeUYc6TOX5
bnt8BgTU8PKsjDjJbO6ch4tTIbs3leNTh+lVnTxU6762qI8UHA1bpdLJGXMNQTCn
gbJOFYcD49o3jZeBsx0MwX/gzHiGV9+9XztGFiBZeODYToBy4f8iEI0nTUX4cUNy
3yvUCYWf10yex5msSUBp++w=
=EN3j
-----END PGP SIGNATURE-----
Merge tag 'optee-fix-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into arm/fixes
A fix in the OP-TEE driver for v6.16
Fixing a sleep in atomic context in the FF-A notification callback by
adding a work queue to process in a non-atomic context.
* tag 'optee-fix-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
optee: ffa: fix sleep in atomic context
- Remove an unnecessary NULL check before release_firmware() in the
OP-TEE driver
- Prevent a size wrap in the TEE subsystem. The wrap would have been caught
later in the code so no security consequences.
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmgdpWMaHGplbnMud2lr
bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H49ERAA5G3mxeo6rWBuUgADEo4y
k1PfsVmlKVCwpXts8qTyIQ+CQdsfwXF8hFZCJFg686yncOY4H3FvsAJjsJU7c68L
0LaW96Goq2WR8GHvMF7kkA/cofX0Vms2WDEw1D9qlFFNZChZ/cIcpyCei1LHh4M+
qxsAUCILbs6sGwOVf06UvNEh1UM82HV1De54uMdilxQoyqGlL4iqSxyP46VqT8zr
8dhAcBJjOlkzaSiceWUo+JQwNaKuPzGOu4KswUEF6Hi5hrRoZBmfjL0NmwsbxqAD
AcmFss3OWVv9TCJuxqCjfS/yMbi+Xh9xI6Hu4/aBGD80ulfZjgGaaykFi1rbQlKW
gzjcaSqIoW4Sz/1Oi2JDtoXj7nX8j4SNDw1KB6L/7EymFQ7YkfxFwOuKcCtGLQin
5iK2nQpto0yK1wCV6w51syTkPBTKvMKXqhu6QpKYUg2huplXaGcaEriTS8HxMTb1
SKAFoI4db3LiCZn1Z9Wza3e6AVgXRprUspIEVL7168JCOicolZU7tgCsQ/p+5fCp
ZjoYVFyp2MmGcirTBxF9G0rN5IihCxWLtuCsjI1kUmKQpXaXVHCbd+aZ/HBQ8Ucu
J77xukgz03uAX9suu1wwZ+BiOfgS91VYuk95CODQcd0i8wpNUHUgDSqr+Av86v0k
SHNLaPWAxExrquradxnRJ3w=
=7Y5x
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmgfF90ACgkQYKtH/8kJ
UicYIhAAkMOmV8js1PGdbQuotEc33tb1+ViSp6NmYFfcgrRnyUph4clyJXvXGIj5
KUAwAkf1tAwZXJXfflyQJ02EseVD1lNWW67N99W8Ic+fzpsS7it2lN8yn8FHptGH
DDo3JSzRaphq0xm9/duG0oCcYVBYCuFDouJ32pJHoFkaBI5cNuh0Yve5Z0Oua9sb
yv1ADuuzS43uZHy6+FCSVPv0ydPNtEvMrPE2oabhu1HbLAxzWbg7Rr0ah7cO4fig
Sx8Q/JDLwFnAM/W4G2s1BzMW8U5dfBV749+26YPqPUGlIvYCH/DJQx0ip+r5xH2+
wcelHZc/d9GZ3H5BTHxzuSvHScOQ7b9PwXD9cryGTAr+zd+02w5z/M3BiCeE5VA7
VwfssQDLiLwaYGXKjmwEZ4r+UZB9q/QaVNmOCoi+XuVlIKNLrfFmmH1CUwnISU67
db0SHVSNU9Nn3MNQB+037OMiL0KrnXfdfpd554G7pfZAHbAmc9y7i7P9/njfqjc9
QW2hIsz5IdoUBqm2Mm49S2CEfpuGq1/iAr04nCEf5gNhTqcT9AXtDfCm5x8jfLBY
+06WeqGHzFH9HLBBVFyCRxKwh09LdU73Km+GW+eFwaMs0bzyL9+NMwf8aNuve1Zv
DzGAVZHQUBhjba1Hzw48V1WMDq2LGtXzMuIFyFGKX2XpiYZq4jk=
=sEK2
-----END PGP SIGNATURE-----
Merge tag 'tee-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers
Small TEE updates for v6.16
- Remove an unnecessary NULL check before release_firmware() in the
OP-TEE driver
- Prevent a size wrap in the TEE subsystem. The wrap would have been caught
later in the code so no security consequences.
* tag 'tee-for-v6.16' of https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
tee: Prevent size calculation wraparound on 32-bit kernels
tee: optee: smc: remove unnecessary NULL check before release_firmware()
Link: https://lore.kernel.org/r/20250509065114.GA4188600@rayden
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The current code around TEE_IOCTL_PARAM_SIZE() is a bit wrong on
32-bit kernels: Multiplying a user-provided 32-bit value with the
size of a structure can wrap around on such platforms.
Fix it by using saturating arithmetic for the size calculation.
This has no security consequences because, in all users of
TEE_IOCTL_PARAM_SIZE(), the subsequent kcalloc() implicitly checks
for wrapping.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Various headers have been added over time that are not added alphabetically
and a private header is used before one of the linux/ headers.
Resort the list.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
amd-tee inconsistently uses the word amd-tee in error messages.
Add a `pr_fmt()` define and remove the hardcoded use of amd-tee.
Also, remove the unnecessary driver init successful message because
there will be a message if failed and a user can assume it was successful
otherwise.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
OP-TEE supplicant is a user-space daemon and it's possible for it
be hung or crashed or killed in the middle of processing an OP-TEE
RPC call. It becomes more complicated when there is incorrect shutdown
ordering of the supplicant process vs the OP-TEE client application which
can eventually lead to system hang-up waiting for the closure of the
client application.
Allow the client process waiting in kernel for supplicant response to
be killed rather than indefinitely waiting in an unkillable state. Also,
a normal uninterruptible wait should not have resulted in the hung-task
watchdog getting triggered, but the endless loop would.
This fixes issues observed during system reboot/shutdown when supplicant
got hung for some reason or gets crashed/killed which lead to client
getting hung in an unkillable state. It in turn lead to system being in
hung up state requiring hard power off/on to recover.
Fixes: 4fb0a5eb36 ("tee: add OP-TEE driver")
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
There has been a recent change in OP-TEE to print 8 and 16 character
commit id for 32bit and 64bit architecture respectively.
In case if commit id is starting with 0 like 04d1c612ec7beaede073b8c
it is printing revision as below removing leading 0
"optee: revision 4.4 (4d1c612ec7beaed)"
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lore.kernel.org/r/20241129114648.3048941-1-sahil.malhotra@nxp.com
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The continual trickle of small conversion patches is grating on me, and
is really not helping. Just get rid of the 'remove_new' member
function, which is just an alias for the plain 'remove', and had a
comment to that effect:
/*
* .remove_new() is a relic from a prototype conversion of .remove().
* New drivers are supposed to implement .remove(). Once all drivers are
* converted to not use .remove_new any more, it will be dropped.
*/
This was just a tree-wide 'sed' script that replaced '.remove_new' with
'.remove', with some care taken to turn a subsequent tab into two tabs
to make things line up.
I did do some minimal manual whitespace adjustment for places that used
spaces to line things up.
Then I just removed the old (sic) .remove_new member function, and this
is the end result. No more unnecessary conversion noise.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The tee_shm_get_va() function never returns NULL, it returns error
pointers. Update the check to match.
Fixes: f0c8431568 ("optee: probe RPMB device using RPMB subsystem")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Link: https://lore.kernel.org/r/f8c12aed-b5d1-4522-bf95-622b8569706d@stanley.mountain
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Prevent build error when CONFIG_RPMB=m and CONFIG_OPTEE=y by adding a
dependency to CONFIG_RPMB for CONFIG_OPTEE so the RPMB subsystem always
is reachable if configured. This means that CONFIG_OPTEE automatically
becomes compiled as a module if CONFIG_RPMB is compiled as a module. If
CONFIG_RPMB isn't configured or is configured as built-in, CONFIG_OPTEE
will remain unchanged.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202409021448.RSvcBPzt-lkp@intel.com/
Fixes: f0c8431568 ("optee: probe RPMB device using RPMB subsystem")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Link: https://lore.kernel.org/r/20240902151231.3705204-2-jens.wiklander@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
use an RPMB device via the RPMB subsystem instead of passing the RPMB
frames via tee-supplicant in user space. A fallback mechanism is kept to
route RPMB frames via tee-supplicant if the RPMB subsystem isn't
available.
The OP-TEE RPC ABI is extended to support iterating over all RPMB
devices until one is found with the expected RPMB key already
programmed.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Manuel Traut <manut@mecka.net>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lore.kernel.org/r/20240814153558.708365-5-jens.wiklander@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Add tee_device_set_dev_groups() to TEE drivers to supply driver specific
attribute groups. The class specific attributes are from now on added
via the tee_class, which currently only consist of implementation_id.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lore.kernel.org/r/20240814153558.708365-4-jens.wiklander@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Here is the big set of driver core changes for 6.11-rc1.
Lots of stuff in here, with not a huge diffstat, but apis are evolving
which required lots of files to be touched. Highlights of the changes
in here are:
- platform remove callback api final fixups (Uwe took many releases to
get here, finally!)
- Rust bindings for basic firmware apis and initial driver-core
interactions. It's not all that useful for a "write a whole driver
in rust" type of thing, but the firmware bindings do help out the
phy rust drivers, and the driver core bindings give a solid base on
which others can start their work. There is still a long way to go
here before we have a multitude of rust drivers being added, but
it's a great first step.
- driver core const api changes. This reached across all bus types,
and there are some fix-ups for some not-common bus types that
linux-next and 0-day testing shook out. This work is being done to
help make the rust bindings more safe, as well as the C code, moving
toward the end-goal of allowing us to put driver structures into
read-only memory. We aren't there yet, but are getting closer.
- minor devres cleanups and fixes found by code inspection
- arch_topology minor changes
- other minor driver core cleanups
All of these have been in linux-next for a very long time with no
reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZqH+aQ8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymoOQCfVBdLcBjEDAGh3L8qHRGMPy4rV2EAoL/r+zKm
cJEYtJpGtWX6aAtugm9E
=ZyJV
-----END PGP SIGNATURE-----
Merge tag 'driver-core-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core updates from Greg KH:
"Here is the big set of driver core changes for 6.11-rc1.
Lots of stuff in here, with not a huge diffstat, but apis are evolving
which required lots of files to be touched. Highlights of the changes
in here are:
- platform remove callback api final fixups (Uwe took many releases
to get here, finally!)
- Rust bindings for basic firmware apis and initial driver-core
interactions.
It's not all that useful for a "write a whole driver in rust" type
of thing, but the firmware bindings do help out the phy rust
drivers, and the driver core bindings give a solid base on which
others can start their work.
There is still a long way to go here before we have a multitude of
rust drivers being added, but it's a great first step.
- driver core const api changes.
This reached across all bus types, and there are some fix-ups for
some not-common bus types that linux-next and 0-day testing shook
out.
This work is being done to help make the rust bindings more safe,
as well as the C code, moving toward the end-goal of allowing us to
put driver structures into read-only memory. We aren't there yet,
but are getting closer.
- minor devres cleanups and fixes found by code inspection
- arch_topology minor changes
- other minor driver core cleanups
All of these have been in linux-next for a very long time with no
reported problems"
* tag 'driver-core-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (55 commits)
ARM: sa1100: make match function take a const pointer
sysfs/cpu: Make crash_hotplug attribute world-readable
dio: Have dio_bus_match() callback take a const *
zorro: make match function take a const pointer
driver core: module: make module_[add|remove]_driver take a const *
driver core: make driver_find_device() take a const *
driver core: make driver_[create|remove]_file take a const *
firmware_loader: fix soundness issue in `request_internal`
firmware_loader: annotate doctests as `no_run`
devres: Correct code style for functions that return a pointer type
devres: Initialize an uninitialized struct member
devres: Fix memory leakage caused by driver API devm_free_percpu()
devres: Fix devm_krealloc() wasting memory
driver core: platform: Switch to use kmemdup_array()
driver core: have match() callback in struct bus_type take a const *
MAINTAINERS: add Rust device abstractions to DRIVER CORE
device: rust: improve safety comments
MAINTAINERS: add Danilo as FIRMWARE LOADER maintainer
MAINTAINERS: add Rust FW abstractions to FIRMWARE LOADER
firmware: rust: improve safety comments
...
The updates to the mediatek, allwinner, ti, tegra, microchip, stm32,
samsung, imx, zynq and amlogic platoforms are farily small maintenance
changes, either addressing minor mistakes or enabling additional hardware.
The qualcomm platform changes add a number of features and are larger
than the other ones combined, introducing the use of linux/cleanup.h
across several drivers, adding support for Snapdragon X1E and other
SoCs in platform drivers, a new "protection domain mapper" driver, and a
"shared memory bridge" driver.
The cznic "turris omnia" router based on Marvell Armada gets a platform
driver that talks to the board specific microcontroller.
The reset and cache subsystems get a few minor updates to SoC specific
drivers, while the ff-a, scmi and optee firmware drivers get some
code refactoring and new features.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmaVTTUACgkQYKtH/8kJ
UiegixAAqGfwUtwk2GGZJlEGjUjT4cqrwCTLhNlaNfgN/dZxjk1XBTKvtp2mVDi2
lJN8TNqa0Csw8XZYPgHi0s1ppmwQl07Unpbc9tUeS4tAeIuputDe+ia0UtQx3Mkd
GTAKJO6VzLeCnDxB4757OURZO9wYlPdZycQbnSKDyfBIapFuZwozmbAc7BuFGvBv
2Zt5lca531EJuM5wg25f+F/8XSxZIqjMA6/PTGNCYig1bx5AM2tCWK2xN+BL+dxn
YVLuRZT7lSgpwivg9OHzJ49g9WeJB7RArnSDg1Ac7sNfC8476UC17BAH4rF7QSTP
q2GBP2VOdRJA9mJkavtLhE/1LPDJuYTM+nt1xq7jzG2MKN7yLjX0LMrMgKsk0pXZ
T2qQh7+4MA9lwlpGEwDruMajTJahbMgiAUcSivLsr18LrifAnKVHBDTRmRwNiRX2
T3/zk90kenJX1NOkc4SrdLd5iCyq0oSN+fukdh3UMgJLnAzaWOe5mKAMF7eefeog
rMH276W8JwbbmIC4R2aQm6TL7IWBtaCaHuLqYOiTjooir31OgwW4Mztd7okU4v4I
rOGhV0zJTSVXT+a4O2jOooWppS9xE45/F2DSigSvZjEiahZ0L4feaOrHui5PVVlW
wmFmobCq6Y0Mjspdk64O1tbUWJ17CmRK1WDrUUk0VgmLy9gn6A8=
=ChcR
-----END PGP SIGNATURE-----
Merge tag 'soc-drivers-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull SoC driver updates from Arnd Bergmann:
"The updates to the mediatek, allwinner, ti, tegra, microchip, stm32,
samsung, imx, zynq and amlogic platoforms are fairly small maintenance
changes, either addressing minor mistakes or enabling additional
hardware.
The qualcomm platform changes add a number of features and are larger
than the other ones combined, introducing the use of linux/cleanup.h
across several drivers, adding support for Snapdragon X1E and other
SoCs in platform drivers, a new "protection domain mapper" driver, and
a "shared memory bridge" driver.
The cznic "turris omnia" router based on Marvell Armada gets a
platform driver that talks to the board specific microcontroller.
The reset and cache subsystems get a few minor updates to SoC specific
drivers, while the ff-a, scmi and optee firmware drivers get some code
refactoring and new features"
* tag 'soc-drivers-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (122 commits)
firmware: turris-mox-rwtm: Initialize completion before mailbox
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Do not complete if there are no waiters
MAINTAINERS: drop riscv list from cache controllers
platform: cznic: turris-omnia-mcu: fix Kconfig dependencies
bus: sunxi-rsb: Constify struct regmap_bus
soc: sunxi: sram: Constify struct regmap_config
platform: cznic: turris-omnia-mcu: Depend on WATCHDOG
platform: cznic: turris-omnia-mcu: Depend on OF
soc: samsung: exynos-pmu: add support for PMU_ALIVE non atomic registers
arm64: stm32: enable scmi regulator for stm32
firmware: qcom: tzmem: blacklist more platforms for SHM Bridge
soc: qcom: wcnss: simplify with cleanup.h
soc: qcom: pdr: simplify with cleanup.h
soc: qcom: ocmem: simplify with cleanup.h
soc: qcom: mdt_loader: simplify with cleanup.h
soc: qcom: llcc: simplify with cleanup.h
firmware: qcom: tzmem: simplify returning pointer without cleanup
soc: qcom: socinfo: Add PM6350 PMIC
arm64: dts: renesas: rz-smarc: Replace fixed regulator for USB VBUS
...
Arnd Bergmann