Tee-dev

tee-dev@lists.linaro.org

291 discussions

[PATCH 0/5] arch/arm: optee: fix TODOs and remove "experimental" status

by Volodymyr Babchuk

Hello, This patch series fixes various unfinished items in the OP-TEE mediator. Mostly this is about limiting resources that guest can consume. This includes both memory and time - how many buffers guest can share with OP-TEE (this uses Xen memory) and when mediator should preempt itself, to make sure that guest does not stress scheduling. Apart from this, there were one case, when mediator's actions might lead to memory leak in a good-behaving guest. To fix this issue I had to extend mediator logic, so now it can issue RPC requests to guest in the same way, as OP-TEE does this. This is useful feature, because it allows to preempt mediator during long operations. So, in the future it will be possible to remove shared buffer size limitation, because mediator can preempt self during buffer translation. This patch series can be pulled from [1]. [1] https://github.com/lorc/xen/tree/optee3_v1 Volodymyr Babchuk (5): xen/arm: optee: impose limit on shared buffer size xen/arm: optee: check for preemption while freeing shared buffers xen/arm: optee: limit number of shared buffers xen/arm: optee: handle share buffer translation error xen/arm: optee: remove experimental status xen/arch/arm/Kconfig | 2 +- xen/arch/arm/tee/Kconfig | 2 +- xen/arch/arm/tee/optee.c | 237 ++++++++++++++++++++++++++++++--------- 3 files changed, 184 insertions(+), 57 deletions(-) -- 2.22.0

5 years, 2 months

[PATCH] firmware: broadcom: add OP-TEE based BNXT f/w manager

by Sheetal Tigadoli

From: Vikas Gupta <vikas.gupta(a)broadcom.com> This driver registers on TEE bus to interact with OP-TEE based BNXT firmware management modules Signed-off-by: Vikas Gupta <vikas.gupta(a)broadcom.com> Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli(a)broadcom.com> --- drivers/firmware/broadcom/Kconfig | 8 + drivers/firmware/broadcom/Makefile | 1 + drivers/firmware/broadcom/tee_bnxt_fw.c | 447 ++++++++++++++++++++++++++ include/linux/firmware/broadcom/tee_bnxt_fw.h | 17 + 4 files changed, 473 insertions(+) create mode 100644 drivers/firmware/broadcom/tee_bnxt_fw.c create mode 100644 include/linux/firmware/broadcom/tee_bnxt_fw.h diff --git a/drivers/firmware/broadcom/Kconfig b/drivers/firmware/broadcom/Kconfig index 6468082..a846a21 100644 --- a/drivers/firmware/broadcom/Kconfig +++ b/drivers/firmware/broadcom/Kconfig @@ -22,3 +22,11 @@ config BCM47XX_SPROM In case of SoC devices SPROM content is stored on a flash used by bootloader firmware CFE. This driver provides method to ssb and bcma drivers to read SPROM on SoC. + +config TEE_BNXT_FW + bool "Broadcom BNXT firmware manager" + depends on ARCH_BCM_IPROC && OPTEE + default ARCH_BCM_IPROC + help + This module help to manage firmware on Broadcom BNXT device. The module + registers on tee bus and invoke calls to manage firmware on BNXT device. diff --git a/drivers/firmware/broadcom/Makefile b/drivers/firmware/broadcom/Makefile index 72c7fdc..17c5061 100644 --- a/drivers/firmware/broadcom/Makefile +++ b/drivers/firmware/broadcom/Makefile @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_BCM47XX_NVRAM) += bcm47xx_nvram.o obj-$(CONFIG_BCM47XX_SPROM) += bcm47xx_sprom.o +obj-$(CONFIG_TEE_BNXT_FW) += tee_bnxt_fw.o diff --git a/drivers/firmware/broadcom/tee_bnxt_fw.c b/drivers/firmware/broadcom/tee_bnxt_fw.c new file mode 100644 index 00000000..89a48fd --- /dev/null +++ b/drivers/firmware/broadcom/tee_bnxt_fw.c @@ -0,0 +1,447 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright 2019 Broadcom. + */ + +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/slab.h> +#include <linux/tee_drv.h> +#include <linux/uuid.h> + +#include <linux/firmware/broadcom/tee_bnxt_fw.h> + +#define DRIVER_NAME "tee-bnxt-fw" + +#define MAX_SHM_MEM_SZ SZ_4M + +#define MAX_TEE_PARAM_ARRY_MEMB 4 + +enum ta_cmd { +/* + * TA_CMD_BNXT_FASTBOOT - boot bnxt device by copying f/w into sram + * + * param[0] unused + * param[1] unused + * param[2] unused + * param[3] unused + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_ITEM_NOT_FOUND - Corrupt f/w image found on memory + */ + TA_CMD_BNXT_FASTBOOT = 0, + +/* + * TA_CMD_BNXT_HEALTH_STATUS - to check health of bnxt device + * + * param[0] (out value) - value.a: health status + * param[1] unused + * param[2] unused + * param[3] unused + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ + TA_CMD_BNXT_HEALTH_STATUS, + +/* + * TA_CMD_BNXT_HANDSHAKE - to check bnxt device is booted + * + * param[0] (in value) - value.a: max timeout value + * param[0] (out value) - value.a: boot status + * param[1] unused + * param[2] unused + * param[3] unused + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ + TA_CMD_BNXT_HANDSHAKE, + +/* + * TA_CMD_BNXT_COPY_COREDUMP - copy the core dump into shm + * + * param[0] (in value) - value.a: offset at which data to be copied from + * value.b: size of the data + * param[1] unused + * param[2] unused + * param[3] unused + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + * TEE_ERROR_ITEM_NOT_FOUND - Corrupt core dump + */ + TA_CMD_BNXT_COPY_COREDUMP, + +/* + * TA_CMD_BNXT_FW_UPGRADE - upgrade the bnxt firmware + * + * param[0] (in value) - value.a: size of the f/w image + * param[1] unused + * param[2] unused + * param[3] unused + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ + TA_CMD_BNXT_FW_UPGRADE, +}; + +/** + * struct tee_bnxt_fw_private - OP-TEE bnxt private data + * @dev: OP-TEE based bnxt device. + * @ctx: OP-TEE context handler. + * @session_id: TA session identifier. + */ +struct tee_bnxt_fw_private { + struct device *dev; + struct tee_context *ctx; + u32 session_id; + struct tee_shm *fw_shm_pool; +}; + +static struct tee_bnxt_fw_private pvt_data; + +static inline void prepare_args(int cmd, + struct tee_ioctl_invoke_arg *inv_arg, + struct tee_param *param) +{ + memset(inv_arg, 0, sizeof(*inv_arg)); + memset(param, 0, (MAX_TEE_PARAM_ARRY_MEMB * sizeof(*param))); + + inv_arg->func = cmd; + inv_arg->session = pvt_data.session_id; + inv_arg->num_params = MAX_TEE_PARAM_ARRY_MEMB; + + /* Fill invoke cmd params */ + switch (cmd) { + case TA_CMD_BNXT_HEALTH_STATUS: + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + break; + case TA_CMD_BNXT_HANDSHAKE: + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT; + break; + case TA_CMD_BNXT_COPY_COREDUMP: + case TA_CMD_BNXT_FW_UPGRADE: + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT; + param[0].u.memref.shm = pvt_data.fw_shm_pool; + param[0].u.memref.size = MAX_SHM_MEM_SZ; + param[0].u.memref.shm_offs = 0; + param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + break; + case TA_CMD_BNXT_FASTBOOT: + default: + /* Nothing to do */ + break; + } +} + +/** + * tee_bnxt_fw_load() - Load the bnxt firmware + * Uses an OP-TEE call to start a secure + * boot process. + * Returns 0 on success, negative errno otherwise. + */ +int tee_bnxt_fw_load(void) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[MAX_TEE_PARAM_ARRY_MEMB]; + + if (!pvt_data.ctx) + return -ENODEV; + + prepare_args(TA_CMD_BNXT_FASTBOOT, &inv_arg, param); + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_BNXT_LOAD invoke err: %x\n", + (ret < 0) ? ret : inv_arg.ret); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(tee_bnxt_fw_load); + +/** + * tee_bnxt_health_status() - Get the health status + * Uses an OP-TEE call to get health + * status of bnxt device. + * @status: status is returned on this pointer + * Returns 0 on success, negative errno otherwise. + */ +int tee_bnxt_health_status(u32 *status) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[MAX_TEE_PARAM_ARRY_MEMB]; + + if (!pvt_data.ctx) + return -ENODEV; + + prepare_args(TA_CMD_BNXT_HEALTH_STATUS, &inv_arg, param); + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_BNXT_HEALTH_STATUS invoke err: %x\n", + (ret < 0) ? ret : inv_arg.ret); + return -EINVAL; + } + + *status = param[0].u.value.a; + + return 0; +} +EXPORT_SYMBOL(tee_bnxt_health_status); + +/** + * tee_bnxt_handshake() - Get the handshake status + * Uses an OP-TEE call to get handshake + * status after bnxt device`s boot process. + * @timeout: max timeout to wait for handshake + * @status: status is populated + * Returns 0 on success, negative errno otherwise. + */ +int tee_bnxt_handshake(u32 timeout, u32 *status) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[MAX_TEE_PARAM_ARRY_MEMB]; + + if (!pvt_data.ctx) + return -ENODEV; + + prepare_args(TA_CMD_BNXT_HANDSHAKE, &inv_arg, param); + + /* Fill additional invoke cmd params */ + param[0].u.value.a = timeout; + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_BNXT_HANDSHAKE invoke err: %x\n", + (ret < 0) ? ret : inv_arg.ret); + return -EINVAL; + } + + *status = param[0].u.value.a; + + return 0; +} +EXPORT_SYMBOL(tee_bnxt_handshake); + +/** + * tee_bnxt_copy_coredump() - Copy coredump from the allocated memory + * Uses an OP-TEE call to copy coredump + * @buf: desintation buffer where core dump is copied into + * @offset: offset from the base address of core dump area + * @size: size of the dump + * + * Returns 0 on success, negative errno otherwise. + */ +int tee_bnxt_copy_coredump(void *buf, u32 offset, u32 size) +{ + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[MAX_TEE_PARAM_ARRY_MEMB]; + void *core_data; + u32 rbytes = size; + u32 nbytes = 0; + int ret = 0; + + if (!pvt_data.ctx) + return -ENODEV; + + if (!buf) + return -EINVAL; + + prepare_args(TA_CMD_BNXT_COPY_COREDUMP, &inv_arg, param); + + while (rbytes) { + nbytes = rbytes; + + nbytes = min_t(u32, rbytes, param[0].u.memref.size); + + /* Fill additional invoke cmd params */ + param[1].u.value.a = offset; + param[1].u.value.b = nbytes; + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, + "TA_CMD_BNXT_COPY_COREDUMP invoke err: %x\n", + (ret < 0) ? ret : inv_arg.ret); + return -EINVAL; + } + + core_data = tee_shm_get_va(pvt_data.fw_shm_pool, 0); + if (IS_ERR(core_data)) { + dev_err(pvt_data.dev, "tee_shm_get_va failed\n"); + return PTR_ERR(core_data); + } + + memcpy(buf, core_data, nbytes); + + rbytes -= nbytes; + buf += nbytes; + offset += nbytes; + } + + return 0; +} +EXPORT_SYMBOL(tee_bnxt_copy_coredump); + +/** + * bnxt_fw_upgrade() - Upgrade the bnxt firmware and configuration of + * bnxt device into the flash device. + * Uses an OP-TEE call to upgrade firmware. + * @buf: source buffer of firmware image + * @size: size of the image + * + * Returns 0 on success, negative errno otherwise. + */ +int bnxt_fw_upgrade(void *buf, u32 size) +{ + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[MAX_TEE_PARAM_ARRY_MEMB]; + void *fw_image_dst; + int ret = 0; + + if (!pvt_data.ctx) + return -ENODEV; + + /* we do not expect firmware size more than allocated tee shm size */ + if (!buf || size > MAX_SHM_MEM_SZ) + return -EINVAL; + + prepare_args(TA_CMD_BNXT_FW_UPGRADE, &inv_arg, param); + + /* Fill additional invoke cmd params */ + param[1].u.value.a = size; + + fw_image_dst = tee_shm_get_va(pvt_data.fw_shm_pool, 0); + if (IS_ERR(fw_image_dst)) { + dev_err(pvt_data.dev, "tee_shm_get_va failed\n"); + return PTR_ERR(fw_image_dst); + } + + memcpy(fw_image_dst, buf, size); + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_BNXT_FW_UPGRADE invoke err: %x\n", + (ret < 0) ? ret : inv_arg.ret); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(bnxt_fw_upgrade); + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + if (ver->impl_id == TEE_IMPL_ID_OPTEE) + return 1; + else + return 0; +} + +static int tee_bnxt_fw_probe(struct device *dev) +{ + struct tee_client_device *bnxt_device = to_tee_client_device(dev); + int ret, err = -ENODEV; + struct tee_ioctl_open_session_arg sess_arg; + struct tee_shm *fw_shm_pool; + + memset(&sess_arg, 0, sizeof(sess_arg)); + + /* Open context with TEE driver */ + pvt_data.ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, + NULL); + if (IS_ERR(pvt_data.ctx)) + return -ENODEV; + + /* Open session with Bnxt load Trusted App */ + memcpy(sess_arg.uuid, bnxt_device->id.uuid.b, TEE_IOCTL_UUID_LEN); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC; + sess_arg.num_params = 0; + + ret = tee_client_open_session(pvt_data.ctx, &sess_arg, NULL); + if ((ret < 0) || (sess_arg.ret != 0)) { + dev_err(dev, "tee_client_open_session failed, err: %x\n", + sess_arg.ret); + err = -EINVAL; + goto out_ctx; + } + pvt_data.session_id = sess_arg.session; + + pvt_data.dev = dev; + + fw_shm_pool = tee_shm_alloc(pvt_data.ctx, MAX_SHM_MEM_SZ, + TEE_SHM_MAPPED | TEE_SHM_DMA_BUF); + if (IS_ERR(fw_shm_pool)) { + tee_client_close_context(pvt_data.ctx); + dev_err(pvt_data.dev, "tee_shm_alloc failed\n"); + err = PTR_ERR(fw_shm_pool); + goto out_sess; + } + + pvt_data.fw_shm_pool = fw_shm_pool; + + return 0; + +out_sess: + tee_client_close_session(pvt_data.ctx, pvt_data.session_id); +out_ctx: + tee_client_close_context(pvt_data.ctx); + + return err; +} + +static int tee_bnxt_fw_remove(struct device *dev) +{ + tee_client_close_session(pvt_data.ctx, pvt_data.session_id); + tee_client_close_context(pvt_data.ctx); + pvt_data.ctx = NULL; + + return 0; +} + +static const struct tee_client_device_id tee_bnxt_fw_id_table[] = { + {UUID_INIT(0x6272636D, 0x2019, 0x0716, + 0x42, 0x43, 0x4D, 0x5F, 0x53, 0x43, 0x48, 0x49)}, + {} +}; + +MODULE_DEVICE_TABLE(tee, tee_bnxt_fw_id_table); + +static struct tee_client_driver tee_bnxt_fw_driver = { + .id_table = tee_bnxt_fw_id_table, + .driver = { + .name = DRIVER_NAME, + .bus = &tee_bus_type, + .probe = tee_bnxt_fw_probe, + .remove = tee_bnxt_fw_remove, + }, +}; + +static int __init tee_bnxt_fw_mod_init(void) +{ + return driver_register(&tee_bnxt_fw_driver.driver); +} + +static void __exit tee_bnxt_fw_mod_exit(void) +{ + driver_unregister(&tee_bnxt_fw_driver.driver); +} + +module_init(tee_bnxt_fw_mod_init); +module_exit(tee_bnxt_fw_mod_exit); + +MODULE_AUTHOR("Broadcom"); +MODULE_DESCRIPTION("Broadcom bnxt firmware manager"); +MODULE_LICENSE("GPL v2"); diff --git a/include/linux/firmware/broadcom/tee_bnxt_fw.h b/include/linux/firmware/broadcom/tee_bnxt_fw.h new file mode 100644 index 00000000..d3b7206 --- /dev/null +++ b/include/linux/firmware/broadcom/tee_bnxt_fw.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* + * Copyright 2019 Broadcom. + */ + +#ifndef _BROADCOM_TEE_BNXT_FW_H +#define _BROADCOM_TEE_BNXT_FW_H + +#include <linux/types.h> + +int tee_bnxt_fw_load(void); +int tee_bnxt_health_status(u32 *status); +int tee_bnxt_handshake(u32 timeout, u32 *status); +int tee_bnxt_fw_update(void *buf, u32 size); +int tee_bnxt_copy_coredump(void *buf, u32 offset, u32 size); + +#endif /* _BROADCOM_TEE_BNXT_FW_H */ -- 1.9.1

5 years, 2 months

[RFC/RFT v4 0/5] Add generic trusted keys framework/subsystem

by Sumit Garg

This patch-set is an outcome of discussion here [1]. It has evolved very much since v1 to create, consolidate and generalize trusted keys subsystem. This framework has been tested with trusted keys support provided via TEE but I wasn't able to test it with a TPM device as I don't possess one. It would be really helpful if others could test this patch-set using a TPM device. [1] https://www.mail-archive.com/linux-doc@vger.kernel.org/msg30591.html Changes in v4: 1. Separate patch for export of tpm_buf code to include/linux/tpm.h 2. Change TPM1.x trusted keys code to use common tpm_buf 3. Keep module name as trusted.ko only Changes in v3: Move TPM2 trusted keys code to trusted keys subsystem. Changes in v2: Split trusted keys abstraction patch for ease of review. Sumit Garg (5): tpm: move tpm_buf code to include/linux/ KEYS: trusted: use common tpm_buf for TPM1.x code KEYS: trusted: create trusted keys subsystem KEYS: trusted: move tpm2 trusted keys code KEYS: trusted: Add generic trusted keys framework crypto/asymmetric_keys/asym_tpm.c | 2 +- drivers/char/tpm/tpm-chip.c | 1 + drivers/char/tpm/tpm-interface.c | 56 --- drivers/char/tpm/tpm.h | 230 ----------- drivers/char/tpm/tpm2-cmd.c | 308 +-------------- include/keys/trusted-type.h | 45 +++ include/keys/{trusted.h => trusted_tpm.h} | 61 +-- include/linux/tpm.h | 270 ++++++++++++- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 9 + security/keys/trusted-keys/trusted-common.c | 343 ++++++++++++++++ .../keys/{trusted.c => trusted-keys/trusted-tpm.c} | 437 +++++---------------- security/keys/trusted-keys/trusted-tpm2.c | 378 ++++++++++++++++++ 13 files changed, 1141 insertions(+), 1001 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (64%) create mode 100644 security/keys/trusted-keys/Makefile create mode 100644 security/keys/trusted-keys/trusted-common.c rename security/keys/{trusted.c => trusted-keys/trusted-tpm.c} (72%) create mode 100644 security/keys/trusted-keys/trusted-tpm2.c -- 2.7.4

5 years, 2 months

[PATCH v5 0/4] Create and consolidate trusted keys subsystem

by Sumit Garg

This patch-set does restructuring of trusted keys code to create and consolidate trusted keys subsystem. Changes in v5: 1. Drop 5/5 patch as its more relavant along with TEE patch-set. 2. Add Reviewed-by tag for patch #2. 3. Fix build failure when "CONFIG_HEADER_TEST" and "CONFIG_KERNEL_HEADER_TEST" config options are enabled. 4. Misc changes to rename files. Changes in v4: 1. Separate patch for export of tpm_buf code to include/linux/tpm.h 2. Change TPM1.x trusted keys code to use common tpm_buf 3. Keep module name as trusted.ko only Changes in v3: Move TPM2 trusted keys code to trusted keys subsystem. Changes in v2: Split trusted keys abstraction patch for ease of review. Sumit Garg (4): tpm: move tpm_buf code to include/linux/ KEYS: trusted: use common tpm_buf for TPM1.x code KEYS: trusted: create trusted keys subsystem KEYS: trusted: move tpm2 trusted keys code crypto/asymmetric_keys/asym_tpm.c | 2 +- drivers/char/tpm/tpm-chip.c | 1 + drivers/char/tpm/tpm-interface.c | 56 --- drivers/char/tpm/tpm.h | 230 ------------- drivers/char/tpm/tpm2-cmd.c | 308 +---------------- include/Kbuild | 1 - include/keys/{trusted.h => trusted_tpm.h} | 49 +-- include/linux/tpm.h | 270 ++++++++++++++- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 8 + .../{trusted.c => trusted-keys/trusted_tpm1.c} | 92 +++-- security/keys/trusted-keys/trusted_tpm2.c | 378 +++++++++++++++++++++ 12 files changed, 697 insertions(+), 700 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (77%) create mode 100644 security/keys/trusted-keys/Makefile rename security/keys/{trusted.c => trusted-keys/trusted_tpm1.c} (94%) create mode 100644 security/keys/trusted-keys/trusted_tpm2.c -- 2.7.4

5 years, 2 months

[RFC/RFT v3 0/3] KEYS: trusted: Add generic trusted keys framework

by Sumit Garg

This patch-set is an outcome of discussion here [1]. I have tested this framework with trusted keys support provided via TEE but I wasn't able to test it with a TPM device as I don't possess one. It would be really helpful if others could test this patch-set using a TPM device. [1] https://www.mail-archive.com/linux-doc@vger.kernel.org/msg30591.html Changes in v3: Move TPM2 trusted keys code to trusted keys subsystem. Changes in v2: Split trusted keys abstraction patch for ease of review. Sumit Garg (3): KEYS: trusted: create trusted keys subsystem KEYS: trusted: move tpm2 trusted keys code KEYS: trusted: Add generic trusted keys framework crypto/asymmetric_keys/asym_tpm.c | 2 +- drivers/char/tpm/tpm-interface.c | 56 --- drivers/char/tpm/tpm.h | 224 ------------ drivers/char/tpm/tpm2-cmd.c | 307 ----------------- include/keys/trusted-type.h | 45 +++ include/keys/{trusted.h => trusted_tpm.h} | 42 +-- include/linux/tpm.h | 264 +++++++++++++- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 8 + .../keys/{trusted.c => trusted-keys/trusted-tpm.c} | 363 ++++---------------- security/keys/trusted-keys/trusted-tpm2.c | 378 +++++++++++++++++++++ security/keys/trusted-keys/trusted.c | 343 +++++++++++++++++++ 12 files changed, 1109 insertions(+), 925 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (72%) create mode 100644 security/keys/trusted-keys/Makefile rename security/keys/{trusted.c => trusted-keys/trusted-tpm.c} (76%) create mode 100644 security/keys/trusted-keys/trusted-tpm2.c create mode 100644 security/keys/trusted-keys/trusted.c -- 2.7.4

5 years, 3 months

[RFC v2 0/6] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This series also adds some TEE features like: Patch #1, #2 enables support for registered kernel shared memory with TEE. Patch #3 enables support for private kernel login method required for cases like trusted keys where we don't wan't user-space to directly access TEE service to retrieve trusted key contents. Rest of the patches from #4 to #6 adds support for TEE based trusted keys. This patch-set has been tested with OP-TEE based pseudo TA which can be found here [1]. Also, this patch-set is dependent on generic Trusted Keys framework patch-set [2]. [1] https://github.com/OP-TEE/optee_os/pull/3082 [2] https://lkml.org/lkml/2019/7/18/284 Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (6): tee: optee: allow kernel pages to register as shm tee: enable support to register kernel memory tee: add private login method for kernel clients KEYS: trusted: Introduce TEE based Trusted Keys doc: keys: Document usage of TEE based Trusted Keys MAINTAINERS: Add entry for TEE based Trusted Keys Documentation/security/keys/index.rst | 1 + Documentation/security/keys/tee-trusted.rst | 93 +++++++++ MAINTAINERS | 9 + drivers/tee/optee/call.c | 7 + drivers/tee/tee_core.c | 6 + drivers/tee/tee_shm.c | 16 +- include/keys/trusted-type.h | 3 + include/keys/trusted_tee.h | 66 +++++++ include/linux/tee_drv.h | 1 + include/uapi/linux/tee.h | 8 + security/keys/Kconfig | 3 + security/keys/trusted-keys/Makefile | 3 +- security/keys/trusted-keys/trusted-tee.c | 282 ++++++++++++++++++++++++++++ security/keys/trusted-keys/trusted.c | 3 + 14 files changed, 498 insertions(+), 3 deletions(-) create mode 100644 Documentation/security/keys/tee-trusted.rst create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted-tee.c -- 2.7.4

5 years, 3 months

shared memory with kernel client interface

by Stuart Yoder

Hi Jens, In the kernel internal client interface that you added last year one client function not added was one to register shared memory. Was there any reason in particular that a tee_client_shm_register() was not included? Was going to experiment with that but wanted to check first whether there was some known complexity or difficulty I'm going to run into. Thanks, Stuart

5 years, 3 months

[PATCH v8 0/2] fTPM: firmware TPM running in TEE

by Sasha Levin

Changes from v7: - Address Jarkko's comments. Sasha Levin (2): fTPM: firmware TPM running in TEE fTPM: add documentation for ftpm driver Documentation/security/tpm/index.rst | 1 + Documentation/security/tpm/tpm_ftpm_tee.rst | 27 ++ drivers/char/tpm/Kconfig | 5 + drivers/char/tpm/Makefile | 1 + drivers/char/tpm/tpm_ftpm_tee.c | 350 ++++++++++++++++++++ drivers/char/tpm/tpm_ftpm_tee.h | 40 +++ 6 files changed, 424 insertions(+) create mode 100644 Documentation/security/tpm/tpm_ftpm_tee.rst create mode 100644 drivers/char/tpm/tpm_ftpm_tee.c create mode 100644 drivers/char/tpm/tpm_ftpm_tee.h -- 2.20.1

5 years, 3 months

[RFC/RFT v2 0/2] KEYS: trusted: Add generic trusted keys framework

by Sumit Garg

This patch-set is an outcome of discussion here [1]. I have tested this framework with trusted keys support provided via TEE but I wasn't able to test it with a TPM device as I don't possess one. It would be really helpful if others could test this patch-set using a TPM device. [1] https://www.mail-archive.com/linux-doc@vger.kernel.org/msg30591.html Changes in v2: Split trusted keys abstraction patch for ease of review. Sumit Garg (2): KEYS: trusted: create trusted keys subsystem KEYS: trusted: Add generic trusted keys framework crypto/asymmetric_keys/asym_tpm.c | 2 +- include/keys/trusted-type.h | 45 +++ include/keys/{trusted.h => trusted_tpm.h} | 19 +- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 7 + .../keys/{trusted.c => trusted-keys/trusted-tpm.c} | 347 ++++----------------- security/keys/trusted-keys/trusted.c | 343 ++++++++++++++++++++ 7 files changed, 458 insertions(+), 307 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (85%) create mode 100644 security/keys/trusted-keys/Makefile rename security/keys/{trusted.c => trusted-keys/trusted-tpm.c} (77%) create mode 100644 security/keys/trusted-keys/trusted.c -- 2.7.4

5 years, 3 months

[PATCH v5 13/29] compat_ioctl: move more drivers to compat_ptr_ioctl

by Arnd Bergmann

The .ioctl and .compat_ioctl file operations have the same prototype so they can both point to the same function, which works great almost all the time when all the commands are compatible. One exception is the s390 architecture, where a compat pointer is only 31 bit wide, and converting it into a 64-bit pointer requires calling compat_ptr(). Most drivers here will never run in s390, but since we now have a generic helper for it, it's easy enough to use it consistently. I double-checked all these drivers to ensure that all ioctl arguments are used as pointers or are ignored, but are not interpreted as integer values. Acked-by: Jason Gunthorpe <jgg(a)mellanox.com> Acked-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Acked-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Acked-by: David Sterba <dsterba(a)suse.com> Acked-by: Darren Hart (VMware) <dvhart(a)infradead.org> Acked-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Acked-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/android/binder.c | 2 +- drivers/crypto/qat/qat_common/adf_ctl_drv.c | 2 +- drivers/dma-buf/dma-buf.c | 4 +--- drivers/dma-buf/sw_sync.c | 2 +- drivers/dma-buf/sync_file.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/hid/hidraw.c | 4 +--- drivers/iio/industrialio-core.c | 2 +- drivers/infiniband/core/uverbs_main.c | 4 ++-- drivers/media/rc/lirc_dev.c | 4 +--- drivers/mfd/cros_ec_dev.c | 4 +--- drivers/misc/vmw_vmci/vmci_host.c | 2 +- drivers/nvdimm/bus.c | 4 ++-- drivers/nvme/host/core.c | 2 +- drivers/pci/switch/switchtec.c | 2 +- drivers/platform/x86/wmi.c | 2 +- drivers/rpmsg/rpmsg_char.c | 4 ++-- drivers/sbus/char/display7seg.c | 2 +- drivers/sbus/char/envctrl.c | 4 +--- drivers/scsi/3w-xxxx.c | 4 +--- drivers/scsi/cxlflash/main.c | 2 +- drivers/scsi/esas2r/esas2r_main.c | 2 +- drivers/scsi/pmcraid.c | 4 +--- drivers/staging/android/ion/ion.c | 4 +--- drivers/staging/vme/devices/vme_user.c | 2 +- drivers/tee/tee_core.c | 2 +- drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/class/usbtmc.c | 4 +--- drivers/virt/fsl_hypervisor.c | 2 +- fs/btrfs/super.c | 2 +- fs/fuse/dev.c | 2 +- fs/notify/fanotify/fanotify_user.c | 2 +- fs/userfaultfd.c | 2 +- net/rfkill/core.c | 2 +- 34 files changed, 37 insertions(+), 55 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index dc1c83eafc22..79955e82544a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -6043,7 +6043,7 @@ const struct file_operations binder_fops = { .owner = THIS_MODULE, .poll = binder_poll, .unlocked_ioctl = binder_ioctl, - .compat_ioctl = binder_ioctl, + .compat_ioctl = compat_ptr_ioctl, .mmap = binder_mmap, .open = binder_open, .flush = binder_flush, diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c index abc7a7f64d64..ef0e482ee04f 100644 --- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c +++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c @@ -68,7 +68,7 @@ static long adf_ctl_ioctl(struct file *fp, unsigned int cmd, unsigned long arg); static const struct file_operations adf_ctl_ops = { .owner = THIS_MODULE, .unlocked_ioctl = adf_ctl_ioctl, - .compat_ioctl = adf_ctl_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; struct adf_ctl_drv_info { diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index f45bfb29ef96..f6d9047b7a69 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -415,9 +415,7 @@ static const struct file_operations dma_buf_fops = { .llseek = dma_buf_llseek, .poll = dma_buf_poll, .unlocked_ioctl = dma_buf_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = dma_buf_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .show_fdinfo = dma_buf_show_fdinfo, }; diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c index 051f6c2873c7..51026cb08801 100644 --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -410,5 +410,5 @@ const struct file_operations sw_sync_debugfs_fops = { .open = sw_sync_debugfs_open, .release = sw_sync_debugfs_release, .unlocked_ioctl = sw_sync_ioctl, - .compat_ioctl = sw_sync_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; diff --git a/drivers/dma-buf/sync_file.c b/drivers/dma-buf/sync_file.c index ee4d1a96d779..85b96757fc76 100644 --- a/drivers/dma-buf/sync_file.c +++ b/drivers/dma-buf/sync_file.c @@ -480,5 +480,5 @@ static const struct file_operations sync_file_fops = { .release = sync_file_release, .poll = sync_file_poll, .unlocked_ioctl = sync_file_ioctl, - .compat_ioctl = sync_file_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 26b15cc56c31..ea933d2444bb 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -49,7 +49,7 @@ static const char kfd_dev_name[] = "kfd"; static const struct file_operations kfd_fops = { .owner = THIS_MODULE, .unlocked_ioctl = kfd_ioctl, - .compat_ioctl = kfd_ioctl, + .compat_ioctl = compat_ptr_ioctl, .open = kfd_open, .mmap = kfd_mmap, }; diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c index 006bd6f4f653..923edc650f46 100644 --- a/drivers/hid/hidraw.c +++ b/drivers/hid/hidraw.c @@ -468,9 +468,7 @@ static const struct file_operations hidraw_ops = { .release = hidraw_release, .unlocked_ioctl = hidraw_ioctl, .fasync = hidraw_fasync, -#ifdef CONFIG_COMPAT - .compat_ioctl = hidraw_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index 524a686077ca..9dd687534035 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -1610,7 +1610,7 @@ static const struct file_operations iio_buffer_fileops = { .owner = THIS_MODULE, .llseek = noop_llseek, .unlocked_ioctl = iio_ioctl, - .compat_ioctl = iio_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static int iio_check_unique_scan_index(struct iio_dev *indio_dev) diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 11c13c1381cf..d6d2f6c0cd01 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -1135,7 +1135,7 @@ static const struct file_operations uverbs_fops = { .release = ib_uverbs_close, .llseek = no_llseek, .unlocked_ioctl = ib_uverbs_ioctl, - .compat_ioctl = ib_uverbs_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static const struct file_operations uverbs_mmap_fops = { @@ -1146,7 +1146,7 @@ static const struct file_operations uverbs_mmap_fops = { .release = ib_uverbs_close, .llseek = no_llseek, .unlocked_ioctl = ib_uverbs_ioctl, - .compat_ioctl = ib_uverbs_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static int ib_uverbs_get_nl_info(struct ib_device *ibdev, void *client_data, diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index f078f8a3aec8..9a8c1cf54ac4 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -720,9 +720,7 @@ static const struct file_operations lirc_fops = { .owner = THIS_MODULE, .write = ir_lirc_transmit_ir, .unlocked_ioctl = ir_lirc_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = ir_lirc_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .read = ir_lirc_read, .poll = ir_lirc_poll, .open = ir_lirc_open, diff --git a/drivers/mfd/cros_ec_dev.c b/drivers/mfd/cros_ec_dev.c index 41dccced5026..db1eefcd770b 100644 --- a/drivers/mfd/cros_ec_dev.c +++ b/drivers/mfd/cros_ec_dev.c @@ -239,9 +239,7 @@ static const struct file_operations fops = { .release = ec_device_release, .read = ec_device_read, .unlocked_ioctl = ec_device_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = ec_device_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, }; static void cros_ec_class_release(struct device *dev) diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index 833e2bd248a5..903e321e8e87 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -961,7 +961,7 @@ static const struct file_operations vmuser_fops = { .release = vmci_host_close, .poll = vmci_host_poll, .unlocked_ioctl = vmci_host_unlocked_ioctl, - .compat_ioctl = vmci_host_unlocked_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static struct miscdevice vmci_host_miscdev = { diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c index 798c5c4aea9c..6ca142d833ab 100644 --- a/drivers/nvdimm/bus.c +++ b/drivers/nvdimm/bus.c @@ -1229,7 +1229,7 @@ static const struct file_operations nvdimm_bus_fops = { .owner = THIS_MODULE, .open = nd_open, .unlocked_ioctl = bus_ioctl, - .compat_ioctl = bus_ioctl, + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; @@ -1237,7 +1237,7 @@ static const struct file_operations nvdimm_fops = { .owner = THIS_MODULE, .open = nd_open, .unlocked_ioctl = dimm_ioctl, - .compat_ioctl = dimm_ioctl, + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 8f3fbe5ca937..be07bd1f6654 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -2813,7 +2813,7 @@ static const struct file_operations nvme_dev_fops = { .owner = THIS_MODULE, .open = nvme_dev_open, .unlocked_ioctl = nvme_dev_ioctl, - .compat_ioctl = nvme_dev_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static ssize_t nvme_sysfs_reset(struct device *dev, diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c index 8c94cd3fd1f2..66610f04d76d 100644 --- a/drivers/pci/switch/switchtec.c +++ b/drivers/pci/switch/switchtec.c @@ -1025,7 +1025,7 @@ static const struct file_operations switchtec_fops = { .read = switchtec_dev_read, .poll = switchtec_dev_poll, .unlocked_ioctl = switchtec_dev_ioctl, - .compat_ioctl = switchtec_dev_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static void link_event_work(struct work_struct *work) diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c index 784cea8572c2..d9a0dd94ee62 100644 --- a/drivers/platform/x86/wmi.c +++ b/drivers/platform/x86/wmi.c @@ -913,7 +913,7 @@ static const struct file_operations wmi_fops = { .read = wmi_char_read, .open = wmi_char_open, .unlocked_ioctl = wmi_ioctl, - .compat_ioctl = wmi_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static int wmi_dev_probe(struct device *dev) diff --git a/drivers/rpmsg/rpmsg_char.c b/drivers/rpmsg/rpmsg_char.c index eea5ebbb5119..507bfe163883 100644 --- a/drivers/rpmsg/rpmsg_char.c +++ b/drivers/rpmsg/rpmsg_char.c @@ -290,7 +290,7 @@ static const struct file_operations rpmsg_eptdev_fops = { .write_iter = rpmsg_eptdev_write_iter, .poll = rpmsg_eptdev_poll, .unlocked_ioctl = rpmsg_eptdev_ioctl, - .compat_ioctl = rpmsg_eptdev_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static ssize_t name_show(struct device *dev, struct device_attribute *attr, @@ -451,7 +451,7 @@ static const struct file_operations rpmsg_ctrldev_fops = { .open = rpmsg_ctrldev_open, .release = rpmsg_ctrldev_release, .unlocked_ioctl = rpmsg_ctrldev_ioctl, - .compat_ioctl = rpmsg_ctrldev_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static void rpmsg_ctrldev_release_device(struct device *dev) diff --git a/drivers/sbus/char/display7seg.c b/drivers/sbus/char/display7seg.c index 971fe074d7c9..fad936eb845f 100644 --- a/drivers/sbus/char/display7seg.c +++ b/drivers/sbus/char/display7seg.c @@ -156,7 +156,7 @@ static long d7s_ioctl(struct file *file, unsigned int cmd, unsigned long arg) static const struct file_operations d7s_fops = { .owner = THIS_MODULE, .unlocked_ioctl = d7s_ioctl, - .compat_ioctl = d7s_ioctl, + .compat_ioctl = compat_ptr_ioctl, .open = d7s_open, .release = d7s_release, .llseek = noop_llseek, diff --git a/drivers/sbus/char/envctrl.c b/drivers/sbus/char/envctrl.c index a63d5e402ff2..12d66aa61ede 100644 --- a/drivers/sbus/char/envctrl.c +++ b/drivers/sbus/char/envctrl.c @@ -715,9 +715,7 @@ static const struct file_operations envctrl_fops = { .owner = THIS_MODULE, .read = envctrl_read, .unlocked_ioctl = envctrl_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = envctrl_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .open = envctrl_open, .release = envctrl_release, .llseek = noop_llseek, diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c index 2b1e0d503020..fb6444d0409c 100644 --- a/drivers/scsi/3w-xxxx.c +++ b/drivers/scsi/3w-xxxx.c @@ -1049,9 +1049,7 @@ static int tw_chrdev_open(struct inode *inode, struct file *file) static const struct file_operations tw_fops = { .owner = THIS_MODULE, .unlocked_ioctl = tw_chrdev_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = tw_chrdev_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .open = tw_chrdev_open, .release = NULL, .llseek = noop_llseek, diff --git a/drivers/scsi/cxlflash/main.c b/drivers/scsi/cxlflash/main.c index b1f4724efde2..6927654792b0 100644 --- a/drivers/scsi/cxlflash/main.c +++ b/drivers/scsi/cxlflash/main.c @@ -3585,7 +3585,7 @@ static const struct file_operations cxlflash_chr_fops = { .owner = THIS_MODULE, .open = cxlflash_chr_open, .unlocked_ioctl = cxlflash_chr_ioctl, - .compat_ioctl = cxlflash_chr_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; /** diff --git a/drivers/scsi/esas2r/esas2r_main.c b/drivers/scsi/esas2r/esas2r_main.c index fdbda5c05aa0..80c5a235d193 100644 --- a/drivers/scsi/esas2r/esas2r_main.c +++ b/drivers/scsi/esas2r/esas2r_main.c @@ -613,7 +613,7 @@ static int __init esas2r_init(void) /* Handle ioctl calls to "/proc/scsi/esas2r/ATTOnode" */ static const struct file_operations esas2r_proc_fops = { - .compat_ioctl = esas2r_proc_ioctl, + .compat_ioctl = compat_ptr_ioctl, .unlocked_ioctl = esas2r_proc_ioctl, }; diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c index 71ff3936da4f..12c4487cb9f6 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -3973,9 +3973,7 @@ static const struct file_operations pmcraid_fops = { .open = pmcraid_chr_open, .fasync = pmcraid_chr_fasync, .unlocked_ioctl = pmcraid_chr_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = pmcraid_chr_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 92c2914239e3..1663c163edca 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -567,9 +567,7 @@ static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) static const struct file_operations ion_fops = { .owner = THIS_MODULE, .unlocked_ioctl = ion_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = ion_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, }; static int debug_shrink_set(void *data, u64 val) diff --git a/drivers/staging/vme/devices/vme_user.c b/drivers/staging/vme/devices/vme_user.c index 6a33aaa1a49f..fd0ea4dbcb91 100644 --- a/drivers/staging/vme/devices/vme_user.c +++ b/drivers/staging/vme/devices/vme_user.c @@ -494,7 +494,7 @@ static const struct file_operations vme_user_fops = { .write = vme_user_write, .llseek = vme_user_llseek, .unlocked_ioctl = vme_user_unlocked_ioctl, - .compat_ioctl = vme_user_unlocked_ioctl, + .compat_ioctl = compat_ptr_ioctl, .mmap = vme_user_mmap, }; diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 0f16d9ffd8d1..37d22e39fd8d 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -675,7 +675,7 @@ static const struct file_operations tee_fops = { .open = tee_open, .release = tee_release, .unlocked_ioctl = tee_ioctl, - .compat_ioctl = tee_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static void tee_release_device(struct device *dev) diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c index a7824a51f86d..3234dc539873 100644 --- a/drivers/usb/class/cdc-wdm.c +++ b/drivers/usb/class/cdc-wdm.c @@ -724,7 +724,7 @@ static const struct file_operations wdm_fops = { .release = wdm_release, .poll = wdm_poll, .unlocked_ioctl = wdm_ioctl, - .compat_ioctl = wdm_ioctl, + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index 4942122b2346..bbd0308b13f5 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -2220,9 +2220,7 @@ static const struct file_operations fops = { .release = usbtmc_release, .flush = usbtmc_flush, .unlocked_ioctl = usbtmc_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = usbtmc_ioctl, -#endif + .compat_ioctl = compat_ptr_ioctl, .fasync = usbtmc_fasync, .poll = usbtmc_poll, .llseek = default_llseek, diff --git a/drivers/virt/fsl_hypervisor.c b/drivers/virt/fsl_hypervisor.c index 93d5bebf9572..1b0b11b55d2a 100644 --- a/drivers/virt/fsl_hypervisor.c +++ b/drivers/virt/fsl_hypervisor.c @@ -706,7 +706,7 @@ static const struct file_operations fsl_hv_fops = { .poll = fsl_hv_poll, .read = fsl_hv_read, .unlocked_ioctl = fsl_hv_ioctl, - .compat_ioctl = fsl_hv_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; static struct miscdevice fsl_hv_misc_dev = { diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 78de9d5d80c6..f4f792b7379d 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2305,7 +2305,7 @@ static const struct super_operations btrfs_super_ops = { static const struct file_operations btrfs_ctl_fops = { .open = btrfs_control_open, .unlocked_ioctl = btrfs_control_ioctl, - .compat_ioctl = btrfs_control_ioctl, + .compat_ioctl = compat_ptr_ioctl, .owner = THIS_MODULE, .llseek = noop_llseek, }; diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index ea8237513dfa..5bb93a3c397e 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -2354,7 +2354,7 @@ const struct file_operations fuse_dev_operations = { .release = fuse_dev_release, .fasync = fuse_dev_fasync, .unlocked_ioctl = fuse_dev_ioctl, - .compat_ioctl = fuse_dev_ioctl, + .compat_ioctl = compat_ptr_ioctl, }; EXPORT_SYMBOL_GPL(fuse_dev_operations); diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 91006f47e420..3f494c8eaf2b 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -523,7 +523,7 @@ static const struct file_operations fanotify_fops = { .fasync = NULL, .release = fanotify_release, .unlocked_ioctl = fanotify_ioctl, - .compat_ioctl = fanotify_ioctl, + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index ccbdbd62f0d8..6ec18e0492e6 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1920,7 +1920,7 @@ static const struct file_operations userfaultfd_fops = { .poll = userfaultfd_poll, .read = userfaultfd_read, .unlocked_ioctl = userfaultfd_ioctl, - .compat_ioctl = userfaultfd_ioctl, + .compat_ioctl = compat_ptr_ioctl, .llseek = noop_llseek, }; diff --git a/net/rfkill/core.c b/net/rfkill/core.c index f9b08a6d8dbe..c4be6a94ba97 100644 --- a/net/rfkill/core.c +++ b/net/rfkill/core.c @@ -1311,7 +1311,7 @@ static const struct file_operations rfkill_fops = { .release = rfkill_fop_release, #ifdef CONFIG_RFKILL_INPUT .unlocked_ioctl = rfkill_fop_ioctl, - .compat_ioctl = rfkill_fop_ioctl, + .compat_ioctl = compat_ptr_ioctl, #endif .llseek = no_llseek, }; -- 2.20.0

5 years, 3 months

← Newer
1
...
11
12
13
14
15
16
17
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev