Earlier this patch-set was part of TEE Trusted keys patch-set [1]. But since these are completely independent enhancements for TEE kernel client interface which can be merged separately while TEE Trusted keys discussions are ongoing.
Patch #1 enables support for registered kernel shared memory with TEE.
Patch #2 enables support for private kernel login method required for cases like trusted keys where we don't wan't user-space to directly access TEE service.
[1] https://lkml.org/lkml/2019/10/31/430
Changes in v6: - Reserve only half of GP implementation defined range for kernel space.
Changes in v5: - Misc. renaming of variables.
Sumit Garg (2): tee: enable support to register kernel memory tee: add private login method for kernel clients
drivers/tee/tee_core.c | 7 +++++++ drivers/tee/tee_shm.c | 28 +++++++++++++++++++++++++--- include/linux/tee_drv.h | 1 + include/uapi/linux/tee.h | 9 +++++++++ 4 files changed, 42 insertions(+), 3 deletions(-)
Enable support to register kernel memory reference with TEE. This change will allow TEE bus drivers to register memory references.
Signed-off-by: Sumit Garg sumit.garg@linaro.org --- drivers/tee/tee_shm.c | 28 +++++++++++++++++++++++++--- include/linux/tee_drv.h | 1 + 2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 937ac5a..a6c75a4 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -9,6 +9,7 @@ #include <linux/sched.h> #include <linux/slab.h> #include <linux/tee_drv.h> +#include <linux/uio.h> #include "tee_private.h"
static void tee_shm_release(struct tee_shm *shm) @@ -217,14 +218,15 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, size_t length, u32 flags) { struct tee_device *teedev = ctx->teedev; - const u32 req_flags = TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED; + const u32 req_user_flags = TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED; + const u32 req_kernel_flags = TEE_SHM_DMA_BUF | TEE_SHM_KERNEL_MAPPED; struct tee_shm *shm; void *ret; int rc; int num_pages; unsigned long start;
- if (flags != req_flags) + if (flags != req_user_flags && flags != req_kernel_flags) return ERR_PTR(-ENOTSUPP);
if (!tee_device_get(teedev)) @@ -259,7 +261,27 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; }
- rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); + if (flags & TEE_SHM_USER_MAPPED) { + rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, + shm->pages); + } else { + struct kvec *kiov; + int i; + + kiov = kcalloc(num_pages, sizeof(*kiov), GFP_KERNEL); + if (!kiov) { + ret = ERR_PTR(-ENOMEM); + goto err; + } + + for (i = 0; i < num_pages; i++) { + kiov[i].iov_base = (void *)(start + i * PAGE_SIZE); + kiov[i].iov_len = PAGE_SIZE; + } + + rc = get_kernel_pages(kiov, num_pages, 0, shm->pages); + kfree(kiov); + } if (rc > 0) shm->num_pages = rc; if (rc != num_pages) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 7a03f68..dedf8fa 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -26,6 +26,7 @@ #define TEE_SHM_REGISTER BIT(3) /* Memory registered in secure world */ #define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */ #define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */ +#define TEE_SHM_KERNEL_MAPPED BIT(6) /* Memory mapped in kernel space */
struct device; struct tee_device;
There are use-cases where user-space shouldn't be allowed to communicate directly with a TEE device which is dedicated to provide a specific service for a kernel client. So add a private login method for kernel clients and disallow user-space to open-session using GP implementation defined login method range: (0x80000000 - 0xBFFFFFFF).
Signed-off-by: Sumit Garg sumit.garg@linaro.org --- drivers/tee/tee_core.c | 7 +++++++ include/uapi/linux/tee.h | 9 +++++++++ 2 files changed, 16 insertions(+)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 37d22e3..13a016e 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -334,6 +334,13 @@ static int tee_ioctl_open_session(struct tee_context *ctx, goto out; }
+ if (arg.clnt_login >= TEE_IOCTL_LOGIN_REE_KERNEL_MIN && + arg.clnt_login <= TEE_IOCTL_LOGIN_REE_KERNEL_MAX) { + pr_debug("login method not allowed for user-space client\n"); + rc = -EPERM; + goto out; + } + rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); if (rc) goto out; diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 6596f3a..b619f37 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -173,6 +173,15 @@ struct tee_ioctl_buf_data { #define TEE_IOCTL_LOGIN_APPLICATION 4 #define TEE_IOCTL_LOGIN_USER_APPLICATION 5 #define TEE_IOCTL_LOGIN_GROUP_APPLICATION 6 +/* + * Disallow user-space to use GP implementation specific login + * method range (0x80000000 - 0xBFFFFFFF). This range is rather + * being reserved for REE kernel clients or TEE implementation. + */ +#define TEE_IOCTL_LOGIN_REE_KERNEL_MIN 0x80000000 +#define TEE_IOCTL_LOGIN_REE_KERNEL_MAX 0xBFFFFFFF +/* Private login method for REE kernel clients */ +#define TEE_IOCTL_LOGIN_REE_KERNEL 0x80000000
/** * struct tee_ioctl_param - parameter
On 3/27/20 6:29 AM, Sumit Garg wrote:
There are use-cases where user-space shouldn't be allowed to communicate directly with a TEE device which is dedicated to provide a specific service for a kernel client. So add a private login method for kernel clients and disallow user-space to open-session using GP implementation defined login method range: (0x80000000 - 0xBFFFFFFF).
Signed-off-by: Sumit Garg sumit.garg@linaro.org
drivers/tee/tee_core.c | 7 +++++++ include/uapi/linux/tee.h | 9 +++++++++ 2 files changed, 16 insertions(+)
Reviewed-by: Jerome Forissier jerome@forissier.org
Thanks,
Hi Jens,
On Fri, 27 Mar 2020 at 11:00, Sumit Garg sumit.garg@linaro.org wrote:
Earlier this patch-set was part of TEE Trusted keys patch-set [1]. But since these are completely independent enhancements for TEE kernel client interface which can be merged separately while TEE Trusted keys discussions are ongoing.
Patch #1 enables support for registered kernel shared memory with TEE.
Patch #2 enables support for private kernel login method required for cases like trusted keys where we don't wan't user-space to directly access TEE service.
[1] https://lkml.org/lkml/2019/10/31/430
Changes in v6:
- Reserve only half of GP implementation defined range for kernel space.
Changes in v5:
- Misc. renaming of variables.
Sumit Garg (2): tee: enable support to register kernel memory tee: add private login method for kernel clients
In case we don't have any further comments, would you like to pick up these?
-Sumit
drivers/tee/tee_core.c | 7 +++++++ drivers/tee/tee_shm.c | 28 +++++++++++++++++++++++++--- include/linux/tee_drv.h | 1 + include/uapi/linux/tee.h | 9 +++++++++ 4 files changed, 42 insertions(+), 3 deletions(-)
-- 2.7.4
Hi Sumit,
On Fri, Apr 17, 2020 at 12:45 PM Sumit Garg sumit.garg@linaro.org wrote:
Hi Jens,
On Fri, 27 Mar 2020 at 11:00, Sumit Garg sumit.garg@linaro.org wrote:
Earlier this patch-set was part of TEE Trusted keys patch-set [1]. But since these are completely independent enhancements for TEE kernel client interface which can be merged separately while TEE Trusted keys discussions are ongoing.
Patch #1 enables support for registered kernel shared memory with TEE.
Patch #2 enables support for private kernel login method required for cases like trusted keys where we don't wan't user-space to directly access TEE service.
[1] https://lkml.org/lkml/2019/10/31/430
Changes in v6:
- Reserve only half of GP implementation defined range for kernel space.
Changes in v5:
- Misc. renaming of variables.
Sumit Garg (2): tee: enable support to register kernel memory tee: add private login method for kernel clients
In case we don't have any further comments, would you like to pick up these?
Thanks for the reminder. I'm picking this up.
Jerome, it's not too late to provide a tag if you like.
Cheers, Jens
-
Jens Wiklander -
Jerome Forissier -
Sumit Garg