linux.git/drivers/tee/optee, branch v4.19.315 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git optee: Clear stale cache entries during initialization 2021-08-12T11:19:42+00:00 Tyler Hicks tyhicks@linux.microsoft.com 2021-06-14T22:33:13+00:00 78264dfb6fafa8efff024a473dfbeec3bb861f18 commit b5c10dd04b7418793517e3286cde5c04759a86de upstream. The shm cache could contain invalid addresses if optee_disable_shm_cache() was not called from the .shutdown hook of the previous kernel before a kexec. These addresses could be unmapped or they could point to mapped but unintended locations in memory. Clear the shared memory cache, while being careful to not translate the addresses returned from OPTEE_SMC_DISABLE_SHM_CACHE, during driver initialization. Once all pre-cache shm objects are removed, proceed with enabling the cache so that we know that we can handle cached shm objects with confidence later in the .shutdown hook. Cc: stable@vger.kernel.org Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit b5c10dd04b7418793517e3286cde5c04759a86de upstream.

The shm cache could contain invalid addresses if
optee_disable_shm_cache() was not called from the .shutdown hook of the
previous kernel before a kexec. These addresses could be unmapped or
they could point to mapped but unintended locations in memory.

Clear the shared memory cache, while being careful to not translate the
addresses returned from OPTEE_SMC_DISABLE_SHM_CACHE, during driver
initialization. Once all pre-cache shm objects are removed, proceed with
enabling the cache so that we know that we can handle cached shm objects
with confidence later in the .shutdown hook.

Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tee: optee: do not check memref size on return from Secure World 2021-05-22T08:59:15+00:00 Jerome Forissier jerome@forissier.org 2021-03-22T10:40:37+00:00 f386d162c20c6adbd97c3a8f4240be7aba956f96 [ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ] When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Suggested-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ]

When Secure World returns, it may have changed the size attribute of the
memory references passed as [in/out] parameters. The GlobalPlatform TEE
Internal Core API specification does not restrict the values that this
size can take. In particular, Secure World may increase the value to be
larger than the size of the input buffer to indicate that it needs more.

Therefore, the size check in optee_from_msg_param() is incorrect and
needs to be removed. This fixes a number of failed test cases in the
GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09
when OP-TEE is compiled without dynamic shared memory support
(CFG_CORE_DYN_SHM=n).

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
optee: add writeback to valid memory type 2020-12-02T07:48:12+00:00 Rui Miguel Silva rui.silva@linaro.org 2020-11-13T15:06:04+00:00 d6172283a4706aef3136d704e27b8446e879f010 [ Upstream commit 853735e404244f5496cdb6188c5ed9a0f9627ee6 ] Only in smp systems the cache policy is setup as write alloc, in single cpu systems the cache policy is set as writeback and it is normal memory, so, it should pass the is_normal_memory check in the share memory registration. Add the right condition to make it work in no smp systems. Fixes: cdbcf83d29c1 ("tee: optee: check type of registered shared memory") Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 853735e404244f5496cdb6188c5ed9a0f9627ee6 ]

Only in smp systems the cache policy is setup as write alloc, in
single cpu systems the cache policy is set as writeback and it is
normal memory, so, it should pass the is_normal_memory check in the
share memory registration.

Add the right condition to make it work in no smp systems.

Fixes: cdbcf83d29c1 ("tee: optee: check type of registered shared memory")
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tee: optee: Fix compilation issue with nommu 2020-02-05T14:43:50+00:00 Vincenzo Frascino vincenzo.frascino@arm.com 2020-01-10T12:28:07+00:00 3ac901fc064ddcfbe3e24af4a25f67ee182e4581 [ Upstream commit 9e0caab8e0f96f0af7d1dd388e62f44184a75372 ] The optee driver uses specific page table types to verify if a memory region is normal. These types are not defined in nommu systems. Trying to compile the driver in these systems results in a build error: linux/drivers/tee/optee/call.c: In function ‘is_normal_memory’: linux/drivers/tee/optee/call.c:533:26: error: ‘L_PTE_MT_MASK’ undeclared (first use in this function); did you mean ‘PREEMPT_MASK’? return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC; ^~~~~~~~~~~~~ PREEMPT_MASK linux/drivers/tee/optee/call.c:533:26: note: each undeclared identifier is reported only once for each function it appears in linux/drivers/tee/optee/call.c:533:44: error: ‘L_PTE_MT_WRITEALLOC’ undeclared (first use in this function) return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC; ^~~~~~~~~~~~~~~~~~~ Make the optee driver depend on MMU to fix the compilation issue. Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> [jw: update commit title] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 9e0caab8e0f96f0af7d1dd388e62f44184a75372 ]

The optee driver uses specific page table types to verify if a memory
region is normal. These types are not defined in nommu systems. Trying
to compile the driver in these systems results in a build error:

  linux/drivers/tee/optee/call.c: In function ‘is_normal_memory’:
  linux/drivers/tee/optee/call.c:533:26: error: ‘L_PTE_MT_MASK’ undeclared
     (first use in this function); did you mean ‘PREEMPT_MASK’?
     return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC;
                             ^~~~~~~~~~~~~
                             PREEMPT_MASK
  linux/drivers/tee/optee/call.c:533:26: note: each undeclared identifier is
     reported only once for each function it appears in
  linux/drivers/tee/optee/call.c:533:44: error: ‘L_PTE_MT_WRITEALLOC’ undeclared
     (first use in this function)
     return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC;
                                            ^~~~~~~~~~~~~~~~~~~

Make the optee driver depend on MMU to fix the compilation issue.

Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
[jw: update commit title]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tee: optee: add missing of_node_put after of_device_is_available 2019-11-24T07:19:08+00:00 Julia Lawall Julia.Lawall@lip6.fr 2019-02-23T13:20:36+00:00 4f4ab0b49cf2e85a9dd94fa1a34e782fba15c8e1 commit c7c0d8df0b94a67377555a550b8d66ee2ad2f4ed upstream. Add an of_node_put when a tested device node is not available. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // <smpl> @@ identifier f; local idexpression e; expression x; @@ e = f(...); ... when != of_node_put(e) when != x = e when != e = x when any if (<+...of_device_is_available(e)...+>) { ... when != of_node_put(e) ( return e; | + of_node_put(e); return ...; ) } // </smpl> Fixes: db878f76b9ff ("tee: optee: take DT status property into account") Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Cc: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit c7c0d8df0b94a67377555a550b8d66ee2ad2f4ed upstream.

Add an of_node_put when a tested device node is not available.

The semantic patch that fixes this problem is as follows
(http://coccinelle.lip6.fr):

// <smpl>
@@
identifier f;
local idexpression e;
expression x;
@@

e = f(...);
... when != of_node_put(e)
    when != x = e
    when != e = x
    when any
if (<+...of_device_is_available(e)...+>) {
  ... when != of_node_put(e)
(
  return e;
|
+ of_node_put(e);
  return ...;
)
}
// </smpl>

Fixes: db878f76b9ff ("tee: optee: take DT status property into account")
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tee: optee: take DT status property into account 2019-11-20T17:45:20+00:00 Ard Biesheuvel ard.biesheuvel@linaro.org 2018-08-01T09:48:33+00:00 75a600d7f062a9633fe9f5728aa2e26c13193e40 [ Upstream commit db878f76b9ff7487da9bb0f686153f81829f1230 ] DT nodes may have a 'status' property which, if set to anything other than 'ok' or 'okay', indicates to the OS that the DT node should be treated as if it was not present. So add that missing logic to the OP-TEE driver. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit db878f76b9ff7487da9bb0f686153f81829f1230 ]

DT nodes may have a 'status' property which, if set to anything other
than 'ok' or 'okay', indicates to the OS that the DT node should be
treated as if it was not present. So add that missing logic to the
OP-TEE driver.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tee: optee: avoid possible double list_del() 2019-02-12T18:47:08+00:00 Zhizhou Zhang zhizhouzhang@asrmicro.com 2018-11-21T03:01:43+00:00 39d4c1c0dd7678d19bdab1f7e3ba8dc4217f636d [ Upstream commit b2d102bd0146d9eb1fa630ca0cd19a15ef2f74c8 ] This bug occurs when: - a new request arrives, one thread(let's call it A) is pending in optee_supp_req() with req->busy is initial value false. - tee-supplicant is killed, then optee_supp_release() is called, this function calls list_del(&req->link), and set supp->ctx to NULL. And it also wake up process A. - process A continues, it firstly checks supp->ctx which is NULL, then checks req->busy which is false, at last run list_del(&req->link). This triggers double list_del() and results kernel panic. For solve this problem, we rename req->busy to req->in_queue, and associate it with state of whether req is linked to supp->reqs. So we can just only check req->in_queue to make decision calling list_del() or not. Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit b2d102bd0146d9eb1fa630ca0cd19a15ef2f74c8 ]

This bug occurs when:

- a new request arrives, one thread(let's call it A) is pending in
  optee_supp_req() with req->busy is initial value false.

- tee-supplicant is killed, then optee_supp_release() is called, this
  function calls list_del(&req->link), and set supp->ctx to NULL. And
  it also wake up process A.

- process A continues, it firstly checks supp->ctx which is NULL,
  then checks req->busy which is false, at last run list_del(&req->link).
  This triggers double list_del() and results kernel panic.

For solve this problem, we rename req->busy to req->in_queue, and
associate it with state of whether req is linked to supp->reqs. So we
can just only check req->in_queue to make decision calling list_del()
or not.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tee: optee: making OPTEE_SHM_NUM_PRIV_PAGES configurable via Kconfig 2018-06-20T09:20:36+00:00 Sahil Malhotra sahil.malhotra@nxp.com 2018-06-08T07:08:13+00:00 3249527f19d660c5adfb2b6f4ffd4ca0506b8755 This change adds KCONFIG option to set number of pages out of whole shared memory to be used for OP-TEE driver private data structures. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> [jw: fixing trivial merge conflict] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
This change adds KCONFIG option to set number of pages out of
whole shared memory to be used for OP-TEE driver private data
structures.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
[jw: fixing trivial merge conflict]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: replace getnstimeofday64() with ktime_get_real_ts64() 2018-06-19T14:37:14+00:00 Arnd Bergmann arnd@arndb.de 2018-06-18T14:24:56+00:00 cf89fe88a676d9482313b6b674e9edce34591400 The two do the same thing, but we want to have a consistent naming in the kernel. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
The two do the same thing, but we want to have a consistent
naming in the kernel.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: optee: report OP-TEE revision information 2018-03-06T10:03:55+00:00 Jérôme Forissier jerome.forissier@linaro.org 2017-11-24T14:47:18+00:00 5c5f80307ab27c53b56569245a0b12f4e3b577de When the driver initializes, report the following information about the OP-TEE OS: - major and minor version, - build identifier (if available). Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Matthias Brugger <mbruger@suse.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
When the driver initializes, report the following information
about the OP-TEE OS:
- major and minor version,
- build identifier (if available).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Matthias Brugger <mbruger@suse.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>