Tee-dev May 2020

tee-dev@lists.linaro.org

22 participants
23 discussions

[PATCHv4 0/3] optee: register drivers on optee bus

by Maxim Uvarov

v4: - sysfs entry is optee-ta-uuid (Jerome Forissier, Sumit Garg) - added Documentation/ABI/testing/sysfs-bus-optee-devices (Greg Kroah-Hartman) v3: - support tee-suppicant restart (Jens Wiklander) - description and comments (Jarkko Sakkinen) - do not name optee drivers by index in sysfs (Sumit Garg) v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Maxim Uvarov (3): optee: do drivers initialization before and after tee-supplicant run optee: use uuid for sysfs driver entry tpm_ftpm_tee: register driver on TEE bus .../ABI/testing/sysfs-bus-optee-devices | 8 +++ MAINTAINERS | 2 + drivers/char/tpm/tpm_ftpm_tee.c | 70 ++++++++++++++++--- drivers/tee/optee/core.c | 28 +++++++- drivers/tee/optee/device.c | 23 +++--- drivers/tee/optee/optee_private.h | 10 ++- 6 files changed, 118 insertions(+), 23 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-bus-optee-devices -- 2.17.1

4 years, 6 months

[PATCH v2] tee: convert get_user_pages() --> pin_user_pages()

by John Hubbard

This code was using get_user_pages*(), in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Cc: Jens Wiklander <jens.wiklander(a)linaro.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: tee-dev(a)lists.linaro.org Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> --- Hi, This fixes the typo ("convert convert") in the subject line, but otherwise no changes. thanks, John Hubbard NVIDIA drivers/tee/tee_shm.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index bd679b72bd05..7dffc42d8d5a 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -31,16 +31,13 @@ static void tee_shm_release(struct tee_shm *shm) poolm->ops->free(poolm, shm); } else if (shm->flags & TEE_SHM_REGISTER) { - size_t n; int rc = teedev->desc->ops->shm_unregister(shm->ctx, shm); if (rc) dev_err(teedev->dev.parent, "unregister shm %p failed: %d", shm, rc); - for (n = 0; n < shm->num_pages; n++) - put_page(shm->pages[n]); - + unpin_user_pages(shm->pages, shm->num_pages); kfree(shm->pages); } @@ -226,7 +223,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } - rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); + rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); if (rc > 0) shm->num_pages = rc; if (rc != num_pages) { @@ -271,16 +268,13 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, return shm; err: if (shm) { - size_t n; - if (shm->id >= 0) { mutex_lock(&teedev->mutex); idr_remove(&teedev->idr, shm->id); mutex_unlock(&teedev->mutex); } if (shm->pages) { - for (n = 0; n < shm->num_pages; n++) - put_page(shm->pages[n]); + unpin_user_pages(shm->pages, shm->num_pages); kfree(shm->pages); } } -- 2.26.2

4 years, 6 months

OP-TEE 3.9.0 has been released

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi, FYI, I have just finalized the OP-TEE 3.9.0 release (changelog [1]). As always, thank you to everyone who contributed to OP-TEE and participated in testing this release [2]. [1] https://github.com/OP-TEE/optee_os/blob/3.9.0/CHANGELOG.md [2] https://github.com/OP-TEE/optee_os/commit/af141c61fe7a2430f3b4bb89661d84141… Regards, Jens

4 years, 6 months

[PATCH 0/2] optee: register drivers on optee bus

by Maxim Uvarov

Hello, This patchset fixes issues with probing() tee, optee and optee driver if they were compiled into kernel, built as modules or any mixed combination. These changes require optee-os changes which already were merged. Main corresponding commits are: https://github.com/OP-TEE/optee_os/commit/9389d8030ef198c9d7b8ab7ea8e877e0a… https://github.com/OP-TEE/optee_os/commit/bc5921cdab538c8ae48422f5ffd600f1c… optee_enumerate_devices() which discovers Trusted Applications on tee bus is split up on 2 changes. Do probe of drivers which do not require userspace support of tee-supplicant and stage two to run drivers with support of tee-supplicant only after tee supplicant run. Best regards, Maxim. Maxim Uvarov (2): optee: do drivers initialization before and after tee-supplicant run tpm_ftpm_tee: register driver on tee bus drivers/char/tpm/tpm_ftpm_tee.c | 69 ++++++++++++++++++++++++++----- drivers/tee/optee/core.c | 25 +++++++++-- drivers/tee/optee/device.c | 17 +++++--- drivers/tee/optee/optee_private.h | 8 +++- 4 files changed, 99 insertions(+), 20 deletions(-) -- 2.17.1

4 years, 6 months

[PATCH] tee: convert convert get_user_pages() --> pin_user_pages()

by John Hubbard

This code was using get_user_pages*(), in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Cc: Jens Wiklander <jens.wiklander(a)linaro.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: tee-dev(a)lists.linaro.org Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> --- Note that I have only compile-tested this patch, although that does also include cross-compiling for a few other arches. thanks, John Hubbard NVIDIA drivers/tee/tee_shm.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index bd679b72bd05..7dffc42d8d5a 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -31,16 +31,13 @@ static void tee_shm_release(struct tee_shm *shm) poolm->ops->free(poolm, shm); } else if (shm->flags & TEE_SHM_REGISTER) { - size_t n; int rc = teedev->desc->ops->shm_unregister(shm->ctx, shm); if (rc) dev_err(teedev->dev.parent, "unregister shm %p failed: %d", shm, rc); - for (n = 0; n < shm->num_pages; n++) - put_page(shm->pages[n]); - + unpin_user_pages(shm->pages, shm->num_pages); kfree(shm->pages); } @@ -226,7 +223,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } - rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); + rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); if (rc > 0) shm->num_pages = rc; if (rc != num_pages) { @@ -271,16 +268,13 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, return shm; err: if (shm) { - size_t n; - if (shm->id >= 0) { mutex_lock(&teedev->mutex); idr_remove(&teedev->idr, shm->id); mutex_unlock(&teedev->mutex); } if (shm->pages) { - for (n = 0; n < shm->num_pages; n++) - put_page(shm->pages[n]); + unpin_user_pages(shm->pages, shm->num_pages); kfree(shm->pages); } } -- 2.26.2

4 years, 6 months

Re: [Tee-dev] [PATCH] optee: don't fail on unsuccessful device enumeration

by Jens Wiklander

Hi Volodymyr, On Wed, May 13, 2020 at 2:36 AM Volodymyr Babchuk <vlad.babchuk(a)gmail.com> wrote: > > optee_enumerate_devices() can fail for multiple of reasons. For > example, I encountered issue when Xen OP-TEE mediator NACKed > PTA_CMD_GET_DEVICES call. This should not result in driver > initialization error because this is an optional feature. > > Thus, it is better to print warning, instead of termination driver > initialization. > > Signed-off-by: Volodymyr Babchuk <vlad.babchuk(a)gmail.com> > --- Looks good. Didn't apply directly at latest, but the conflict was easy enough to resolve. I'll pick up this in a day unless someone objects. I'll add a Fixes: c3fa24af9244 ("tee: optee: add TEE bus device enumeration support") Line. Thanks, Jens > > resend: fixed email in s-o-b tag. Sorry for the noise > > drivers/tee/optee/core.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c > index 34409c916882..a053930032f2 100644 > --- a/drivers/tee/optee/core.c > +++ b/drivers/tee/optee/core.c > @@ -728,10 +728,8 @@ static int __init optee_driver_init(void) > return PTR_ERR(optee); > > rc = optee_enumerate_devices(); > - if (rc) { > - optee_remove(optee); > - return rc; > - } > + if (rc) > + pr_warn("can't enumerate optee devices: %d\n", rc); > > pr_info("initialized driver\n"); > > -- > 2.26.2 >

4 years, 6 months

Preparing for OP-TEE 3.9.0

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, We're about to make another OP-TEE release, namely: 3.9.0. Target is Friday, May 22th which leaves us almost 3 weeks to finalize the release. Please start testing your favorite platform(s) and report any issue in this pull request [1]. I will create a release candidate tag one week before the release date, at which point we will do some more testing and I will collect Tested-by tags in the same pull request. [1] https://github.com/OP-TEE/optee_os/pull/3833 Thanks! Regards, Jens

4 years, 6 months

[GIT PULL] tee subsystem client uuid for v5.8

by Jens Wiklander

Hello arm-soc maintainers, Please pull these patches enabling Global Platform client UUID generation for the OP-TEE driver. Thanks, Jens The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936: Linux 5.7-rc2 (2020-04-19 14:35:30 -0700) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/tee-login-for-5.8 for you to fetch changes up to c5b4312bea5d5e5e3d4f0af640e2ef8a1c1bb167: tee: optee: Add support for session login client UUID generation (2020-05-11 14:11:33 +0200) ---------------------------------------------------------------- Adds utility function in TEE subsystem for client UUID generation. This function is also used in the optee driver. ---------------------------------------------------------------- Vesa Jääskeläinen (2): tee: add support for session's client UUID generation tee: optee: Add support for session login client UUID generation drivers/tee/Kconfig | 1 + drivers/tee/optee/call.c | 6 +- drivers/tee/tee_core.c | 152 +++++++++++++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 16 +++++ 4 files changed, 174 insertions(+), 1 deletion(-)

4 years, 6 months

Re: [Tee-dev] [PATCH v2 0/3] tee: add support for session's client UUID generation

by Jens Wiklander

On Thu, Apr 30, 2020 at 03:37:08PM +0300, Vesa Jääskeläinen wrote: > TEE Client API defines that from user space only information needed for > specified login operations is group identifier for group based logins. > > REE kernel is expected to formulate trustworthy client UUID and pass that > to TEE environment. REE kernel is required to verify that provided group > identifier for group based logins matches calling processes group > memberships. > > TEE specification only defines that the information passed from REE > environment to TEE environment is encoded into on UUID. > > In order to guarantee trustworthiness of client UUID user space is not > allowed to freely pass client UUID. > > Vesa Jääskeläinen (3): > tee: add support for session's client UUID generation > tee: optee: Add support for session login client UUID generation I'm picking up these two patches. > [RFC] tee: add support for app id for client UUID generation I'm waiting with this patch until we've reached some conclusion. Thanks, Jens > > drivers/tee/Kconfig | 1 + > drivers/tee/optee/call.c | 6 +- > drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++ > include/linux/tee_drv.h | 16 +++ > 4 files changed, 233 insertions(+), 1 deletion(-) > > -- > 2.17.1 > > Changes v1->v2: > > * Changed goto labels to be more logical > * Capture error if formatted string for UUIDv5 does not fit into buffer > > Notes: > > This patcheset has been designed so that it can be iteratively intergrated > meaning that the application ID (RFC patch) part can be left for later when > there is agreed solution for that. > > TEE specification leaves Linux behavior undefined. It does not define any > UUID value for name space. UUID in here is randomly generated with uuidgen > tool. > > I have also include amdtee people as this method probably should also be > applied in there. > > Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as > latter is deprecated old list. > > Original issue in OP-TEE OS tracker: > https://github.com/OP-TEE/optee_os/issues/3642 > > Related reviews and demonstration for the concept: > https://github.com/linaro-swg/linux/pull/74 > https://github.com/OP-TEE/optee_client/pull/195 > https://github.com/OP-TEE/optee_test/pull/406

4 years, 6 months

[RFC] mm/gup.c: Updated return value of {get|pin}_user_pages_fast()

by Souptick Joarder

Currently {get|pin}_user_pages_fast() have 3 return value 0, -errno and no of pinned pages. The only case where these two functions will return 0, is for nr_pages <= 0, which doesn't find a valid use case. But if at all any, then a -ERRNO will be returned instead of 0, which means {get|pin}_user_pages_fast() will have 2 return values -errno & no of pinned pages. Update all the callers which deals with return value 0 accordingly. Signed-off-by: Souptick Joarder <jrdr.linux(a)gmail.com> --- arch/ia64/kernel/err_inject.c | 2 +- drivers/platform/goldfish/goldfish_pipe.c | 2 +- drivers/staging/gasket/gasket_page_table.c | 4 ++-- drivers/tee/tee_shm.c | 2 +- mm/gup.c | 6 +++--- net/rds/rdma.c | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c index 8b5b8e6b..fd72218 100644 --- a/arch/ia64/kernel/err_inject.c +++ b/arch/ia64/kernel/err_inject.c @@ -143,7 +143,7 @@ static DEVICE_ATTR(name, 0644, show_##name, store_##name) int ret; ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL); - if (ret<=0) { + if (ret < 0) { #ifdef ERR_INJ_DEBUG printk("Virtual address %lx is not existing.\n",virt_addr); #endif diff --git a/drivers/platform/goldfish/goldfish_pipe.c b/drivers/platform/goldfish/goldfish_pipe.c index 1ab207e..831449d 100644 --- a/drivers/platform/goldfish/goldfish_pipe.c +++ b/drivers/platform/goldfish/goldfish_pipe.c @@ -277,7 +277,7 @@ static int goldfish_pin_pages(unsigned long first_page, ret = pin_user_pages_fast(first_page, requested_pages, !is_write ? FOLL_WRITE : 0, pages); - if (ret <= 0) + if (ret < 0) return -EFAULT; if (ret < requested_pages) *iter_last_page_size = PAGE_SIZE; diff --git a/drivers/staging/gasket/gasket_page_table.c b/drivers/staging/gasket/gasket_page_table.c index f6d7157..1d08e1d 100644 --- a/drivers/staging/gasket/gasket_page_table.c +++ b/drivers/staging/gasket/gasket_page_table.c @@ -489,11 +489,11 @@ static int gasket_perform_mapping(struct gasket_page_table *pg_tbl, ret = get_user_pages_fast(page_addr - offset, 1, FOLL_WRITE, &page); - if (ret <= 0) { + if (ret < 0) { dev_err(pg_tbl->device, "get user pages failed for addr=0x%lx, offset=0x%lx [ret=%d]\n", page_addr, offset, ret); - return ret ? ret : -ENOMEM; + return ret; } ++pg_tbl->num_active_pages; diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index bd679b7..2706a1f 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -230,7 +230,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, if (rc > 0) shm->num_pages = rc; if (rc != num_pages) { - if (rc >= 0) + if (rc > 0) rc = -ENOMEM; ret = ERR_PTR(rc); goto err; diff --git a/mm/gup.c b/mm/gup.c index 50681f0..8d293ed 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2760,7 +2760,7 @@ static int internal_get_user_pages_fast(unsigned long start, int nr_pages, end = start + len; if (end <= start) - return 0; + return -EINVAL; if (unlikely(!access_ok((void __user *)start, len))) return -EFAULT; @@ -2805,8 +2805,8 @@ static int internal_get_user_pages_fast(unsigned long start, int nr_pages, * calling get_user_pages(). * * Returns number of pages pinned. This may be fewer than the number requested. - * If nr_pages is 0 or negative, returns 0. If no pages were pinned, returns - * -errno. + * If nr_pages is 0 or negative, returns -errno. If no pages were pinned, + * returns -errno. */ int get_user_pages_fast(unsigned long start, int nr_pages, unsigned int gup_flags, struct page **pages) diff --git a/net/rds/rdma.c b/net/rds/rdma.c index a7ae118..44b96e6 100644 --- a/net/rds/rdma.c +++ b/net/rds/rdma.c @@ -161,7 +161,7 @@ static int rds_pin_pages(unsigned long user_addr, unsigned int nr_pages, gup_flags |= FOLL_WRITE; ret = pin_user_pages_fast(user_addr, nr_pages, gup_flags, pages); - if (ret >= 0 && ret < nr_pages) { + if (ret > 0 && ret < nr_pages) { unpin_user_pages(pages, ret); ret = -EFAULT; } -- 1.9.1

4 years, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev May 2020