From: Yong Wu <yong.wu@mediatek.com>
To: Rob Herring <robh+dt@kernel.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
<christian.koenig@amd.com>,
Matthias Brugger <matthias.bgg@gmail.com>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Conor Dooley <conor+dt@kernel.org>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Brian Starkey <Brian.Starkey@arm.com>,
John Stultz <jstultz@google.com>, <tjmercier@google.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
Yong Wu <yong.wu@mediatek.com>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-media@vger.kernel.org>,
<dri-devel@lists.freedesktop.org>,
<linaro-mm-sig@lists.linaro.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<jianjiao.zeng@mediatek.com>, <kuohong.wang@mediatek.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Joakim Bech <joakim.bech@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
<ckoenig.leichtzumerken@gmail.com>
Subject: [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init
Date: Tue, 12 Dec 2023 10:46:05 +0800 [thread overview]
Message-ID: <20231212024607.3681-6-yong.wu@mediatek.com> (raw)
In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com>
Add a Mediatek secure heap which uses TEE service call to protect
buffer. Currently this secure heap is NULL, Prepare for the later patch.
Mainly there are two changes:
a) Add a heap_init ops since TEE probe late than secure heap, thus
initialize the heap when we require the buffer the first time.
b) Add a priv_data for each heap, like the special data used by MTK
(such as "TEE session") can be placed in priv_data.
Currently our heap depends on CMA which could only be bool, thus
depend on "TEE=y".
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
---
drivers/dma-buf/heaps/Kconfig | 7 ++
drivers/dma-buf/heaps/Makefile | 1 +
drivers/dma-buf/heaps/secure_heap.c | 11 +++
drivers/dma-buf/heaps/secure_heap.h | 4 +
drivers/dma-buf/heaps/secure_heap_mtk.c | 114 ++++++++++++++++++++++++
5 files changed, 137 insertions(+)
create mode 100644 drivers/dma-buf/heaps/secure_heap_mtk.c
diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig
index 3a9943e94200..12962189878e 100644
--- a/drivers/dma-buf/heaps/Kconfig
+++ b/drivers/dma-buf/heaps/Kconfig
@@ -18,3 +18,10 @@ config DMABUF_HEAPS_SECURE
depends on DMABUF_HEAPS
help
Choose this option to enable dma-buf secure heap. If in doubt, say N.
+
+config DMABUF_HEAPS_SECURE_MTK
+ bool "MediaTek DMA-BUF Secure Heap"
+ depends on DMABUF_HEAPS_SECURE && TEE=y
+ help
+ Enable secure dma-buf heaps for MediaTek platform. This heap is backed by
+ TEE client interfaces. If in doubt, say N.
diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile
index b1ad9d1f2fbe..9751dea345df 100644
--- a/drivers/dma-buf/heaps/Makefile
+++ b/drivers/dma-buf/heaps/Makefile
@@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o
+obj-$(CONFIG_DMABUF_HEAPS_SECURE_MTK) += secure_heap_mtk.o
obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o
obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o
diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c
index 7cb4db3e55c2..ca4b433fb3f1 100644
--- a/drivers/dma-buf/heaps/secure_heap.c
+++ b/drivers/dma-buf/heaps/secure_heap.c
@@ -150,11 +150,22 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size,
unsigned long fd_flags, unsigned long heap_flags)
{
struct secure_heap *sec_heap = dma_heap_get_drvdata(heap);
+ const struct secure_heap_ops *ops = sec_heap->ops;
struct secure_buffer *sec_buf;
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
struct dma_buf *dmabuf;
int ret;
+ /*
+ * In some implements, TEE is required to protect buffer. However TEE probe
+ * may be late, Thus heap_init is performed when the first buffer is requested.
+ */
+ if (ops->heap_init) {
+ ret = ops->heap_init(sec_heap);
+ if (ret)
+ return ERR_PTR(ret);
+ }
+
sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL);
if (!sec_buf)
return ERR_PTR(-ENOMEM);
diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h
index ec5349cd28d0..1ce9c431d989 100644
--- a/drivers/dma-buf/heaps/secure_heap.h
+++ b/drivers/dma-buf/heaps/secure_heap.h
@@ -17,9 +17,13 @@ struct secure_heap {
const char *name;
const struct secure_heap_ops *ops;
+
+ void *priv_data;
};
struct secure_heap_ops {
+ int (*heap_init)(struct secure_heap *sec_heap);
+
int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c
new file mode 100644
index 000000000000..c7e609dd7bd3
--- /dev/null
+++ b/drivers/dma-buf/heaps/secure_heap_mtk.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * DMABUF MediaTek secure heap exporter
+ *
+ * Copyright (C) 2023 MediaTek Inc.
+ */
+#include <linux/dma-buf.h>
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/tee_drv.h>
+#include <linux/uuid.h>
+
+#include "secure_heap.h"
+
+#define TZ_TA_MEM_UUID_MTK "4477588a-8476-11e2-ad15-e41f1390d676"
+
+#define TEE_PARAM_NUM 4
+
+enum mtk_secure_mem_type {
+ /*
+ * MediaTek static chunk memory carved out for TrustZone. The memory
+ * management is inside the TEE.
+ */
+ MTK_SECURE_MEMORY_TYPE_CM_TZ = 1,
+};
+
+struct mtk_secure_heap_data {
+ struct tee_context *tee_ctx;
+ u32 tee_session;
+
+ const enum mtk_secure_mem_type mem_type;
+
+};
+
+static int mtk_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
+{
+ return ver->impl_id == TEE_IMPL_ID_OPTEE;
+}
+
+static int mtk_tee_session_init(struct mtk_secure_heap_data *data)
+{
+ struct tee_param t_param[TEE_PARAM_NUM] = {0};
+ struct tee_ioctl_open_session_arg arg = {0};
+ uuid_t ta_mem_uuid;
+ int ret;
+
+ data->tee_ctx = tee_client_open_context(NULL, mtk_tee_ctx_match, NULL, NULL);
+ if (IS_ERR(data->tee_ctx)) {
+ pr_err_once("%s: open context failed, ret=%ld\n", __func__,
+ PTR_ERR(data->tee_ctx));
+ return -ENODEV;
+ }
+
+ arg.num_params = TEE_PARAM_NUM;
+ arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
+ ret = uuid_parse(TZ_TA_MEM_UUID_MTK, &ta_mem_uuid);
+ if (ret)
+ goto close_context;
+ memcpy(&arg.uuid, &ta_mem_uuid.b, sizeof(ta_mem_uuid));
+
+ ret = tee_client_open_session(data->tee_ctx, &arg, t_param);
+ if (ret < 0 || arg.ret) {
+ pr_err_once("%s: open session failed, ret=%d:%d\n",
+ __func__, ret, arg.ret);
+ ret = -EINVAL;
+ goto close_context;
+ }
+ data->tee_session = arg.session;
+ return 0;
+
+close_context:
+ tee_client_close_context(data->tee_ctx);
+ return ret;
+}
+
+static int mtk_secure_heap_init(struct secure_heap *sec_heap)
+{
+ struct mtk_secure_heap_data *data = sec_heap->priv_data;
+
+ if (!data->tee_ctx)
+ return mtk_tee_session_init(data);
+ return 0;
+}
+
+static const struct secure_heap_ops mtk_sec_mem_ops = {
+ .heap_init = mtk_secure_heap_init,
+};
+
+static struct mtk_secure_heap_data mtk_sec_heap_data = {
+ .mem_type = MTK_SECURE_MEMORY_TYPE_CM_TZ,
+};
+
+static struct secure_heap mtk_secure_heaps[] = {
+ {
+ .name = "secure_mtk_cm",
+ .ops = &mtk_sec_mem_ops,
+ .priv_data = &mtk_sec_heap_data,
+ },
+};
+
+static int mtk_sec_heap_init(void)
+{
+ struct secure_heap *sec_heap = mtk_secure_heaps;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++)
+ secure_heap_add(sec_heap);
+ return 0;
+}
+
+module_init(mtk_sec_heap_init);
+MODULE_DESCRIPTION("MediaTek Secure Heap Driver");
+MODULE_LICENSE("GPL");
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Yong Wu <yong.wu@mediatek.com>
To: Rob Herring <robh+dt@kernel.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
<christian.koenig@amd.com>,
Matthias Brugger <matthias.bgg@gmail.com>
Cc: dri-devel@lists.freedesktop.org, John Stultz <jstultz@google.com>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
Yong Wu <yong.wu@mediatek.com>,
jianjiao.zeng@mediatek.com, linux-media@vger.kernel.org,
devicetree@vger.kernel.org, Conor Dooley <conor+dt@kernel.org>,
ckoenig.leichtzumerken@gmail.com, linaro-mm-sig@lists.linaro.org,
linux-mediatek@lists.infradead.org,
Joakim Bech <joakim.bech@linaro.org>,
tjmercier@google.com, linux-arm-kernel@lists.infradead.org,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
kuohong.wang@mediatek.com, linux-kernel@vger.kernel.org
Subject: [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init
Date: Tue, 12 Dec 2023 10:46:05 +0800 [thread overview]
Message-ID: <20231212024607.3681-6-yong.wu@mediatek.com> (raw)
In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com>
Add a Mediatek secure heap which uses TEE service call to protect
buffer. Currently this secure heap is NULL, Prepare for the later patch.
Mainly there are two changes:
a) Add a heap_init ops since TEE probe late than secure heap, thus
initialize the heap when we require the buffer the first time.
b) Add a priv_data for each heap, like the special data used by MTK
(such as "TEE session") can be placed in priv_data.
Currently our heap depends on CMA which could only be bool, thus
depend on "TEE=y".
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
---
drivers/dma-buf/heaps/Kconfig | 7 ++
drivers/dma-buf/heaps/Makefile | 1 +
drivers/dma-buf/heaps/secure_heap.c | 11 +++
drivers/dma-buf/heaps/secure_heap.h | 4 +
drivers/dma-buf/heaps/secure_heap_mtk.c | 114 ++++++++++++++++++++++++
5 files changed, 137 insertions(+)
create mode 100644 drivers/dma-buf/heaps/secure_heap_mtk.c
diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig
index 3a9943e94200..12962189878e 100644
--- a/drivers/dma-buf/heaps/Kconfig
+++ b/drivers/dma-buf/heaps/Kconfig
@@ -18,3 +18,10 @@ config DMABUF_HEAPS_SECURE
depends on DMABUF_HEAPS
help
Choose this option to enable dma-buf secure heap. If in doubt, say N.
+
+config DMABUF_HEAPS_SECURE_MTK
+ bool "MediaTek DMA-BUF Secure Heap"
+ depends on DMABUF_HEAPS_SECURE && TEE=y
+ help
+ Enable secure dma-buf heaps for MediaTek platform. This heap is backed by
+ TEE client interfaces. If in doubt, say N.
diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile
index b1ad9d1f2fbe..9751dea345df 100644
--- a/drivers/dma-buf/heaps/Makefile
+++ b/drivers/dma-buf/heaps/Makefile
@@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o
+obj-$(CONFIG_DMABUF_HEAPS_SECURE_MTK) += secure_heap_mtk.o
obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o
obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o
diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c
index 7cb4db3e55c2..ca4b433fb3f1 100644
--- a/drivers/dma-buf/heaps/secure_heap.c
+++ b/drivers/dma-buf/heaps/secure_heap.c
@@ -150,11 +150,22 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size,
unsigned long fd_flags, unsigned long heap_flags)
{
struct secure_heap *sec_heap = dma_heap_get_drvdata(heap);
+ const struct secure_heap_ops *ops = sec_heap->ops;
struct secure_buffer *sec_buf;
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
struct dma_buf *dmabuf;
int ret;
+ /*
+ * In some implements, TEE is required to protect buffer. However TEE probe
+ * may be late, Thus heap_init is performed when the first buffer is requested.
+ */
+ if (ops->heap_init) {
+ ret = ops->heap_init(sec_heap);
+ if (ret)
+ return ERR_PTR(ret);
+ }
+
sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL);
if (!sec_buf)
return ERR_PTR(-ENOMEM);
diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h
index ec5349cd28d0..1ce9c431d989 100644
--- a/drivers/dma-buf/heaps/secure_heap.h
+++ b/drivers/dma-buf/heaps/secure_heap.h
@@ -17,9 +17,13 @@ struct secure_heap {
const char *name;
const struct secure_heap_ops *ops;
+
+ void *priv_data;
};
struct secure_heap_ops {
+ int (*heap_init)(struct secure_heap *sec_heap);
+
int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c
new file mode 100644
index 000000000000..c7e609dd7bd3
--- /dev/null
+++ b/drivers/dma-buf/heaps/secure_heap_mtk.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * DMABUF MediaTek secure heap exporter
+ *
+ * Copyright (C) 2023 MediaTek Inc.
+ */
+#include <linux/dma-buf.h>
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/tee_drv.h>
+#include <linux/uuid.h>
+
+#include "secure_heap.h"
+
+#define TZ_TA_MEM_UUID_MTK "4477588a-8476-11e2-ad15-e41f1390d676"
+
+#define TEE_PARAM_NUM 4
+
+enum mtk_secure_mem_type {
+ /*
+ * MediaTek static chunk memory carved out for TrustZone. The memory
+ * management is inside the TEE.
+ */
+ MTK_SECURE_MEMORY_TYPE_CM_TZ = 1,
+};
+
+struct mtk_secure_heap_data {
+ struct tee_context *tee_ctx;
+ u32 tee_session;
+
+ const enum mtk_secure_mem_type mem_type;
+
+};
+
+static int mtk_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
+{
+ return ver->impl_id == TEE_IMPL_ID_OPTEE;
+}
+
+static int mtk_tee_session_init(struct mtk_secure_heap_data *data)
+{
+ struct tee_param t_param[TEE_PARAM_NUM] = {0};
+ struct tee_ioctl_open_session_arg arg = {0};
+ uuid_t ta_mem_uuid;
+ int ret;
+
+ data->tee_ctx = tee_client_open_context(NULL, mtk_tee_ctx_match, NULL, NULL);
+ if (IS_ERR(data->tee_ctx)) {
+ pr_err_once("%s: open context failed, ret=%ld\n", __func__,
+ PTR_ERR(data->tee_ctx));
+ return -ENODEV;
+ }
+
+ arg.num_params = TEE_PARAM_NUM;
+ arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
+ ret = uuid_parse(TZ_TA_MEM_UUID_MTK, &ta_mem_uuid);
+ if (ret)
+ goto close_context;
+ memcpy(&arg.uuid, &ta_mem_uuid.b, sizeof(ta_mem_uuid));
+
+ ret = tee_client_open_session(data->tee_ctx, &arg, t_param);
+ if (ret < 0 || arg.ret) {
+ pr_err_once("%s: open session failed, ret=%d:%d\n",
+ __func__, ret, arg.ret);
+ ret = -EINVAL;
+ goto close_context;
+ }
+ data->tee_session = arg.session;
+ return 0;
+
+close_context:
+ tee_client_close_context(data->tee_ctx);
+ return ret;
+}
+
+static int mtk_secure_heap_init(struct secure_heap *sec_heap)
+{
+ struct mtk_secure_heap_data *data = sec_heap->priv_data;
+
+ if (!data->tee_ctx)
+ return mtk_tee_session_init(data);
+ return 0;
+}
+
+static const struct secure_heap_ops mtk_sec_mem_ops = {
+ .heap_init = mtk_secure_heap_init,
+};
+
+static struct mtk_secure_heap_data mtk_sec_heap_data = {
+ .mem_type = MTK_SECURE_MEMORY_TYPE_CM_TZ,
+};
+
+static struct secure_heap mtk_secure_heaps[] = {
+ {
+ .name = "secure_mtk_cm",
+ .ops = &mtk_sec_mem_ops,
+ .priv_data = &mtk_sec_heap_data,
+ },
+};
+
+static int mtk_sec_heap_init(void)
+{
+ struct secure_heap *sec_heap = mtk_secure_heaps;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++)
+ secure_heap_add(sec_heap);
+ return 0;
+}
+
+module_init(mtk_sec_heap_init);
+MODULE_DESCRIPTION("MediaTek Secure Heap Driver");
+MODULE_LICENSE("GPL");
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Yong Wu <yong.wu@mediatek.com>
To: Rob Herring <robh+dt@kernel.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
<christian.koenig@amd.com>,
Matthias Brugger <matthias.bgg@gmail.com>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Conor Dooley <conor+dt@kernel.org>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Brian Starkey <Brian.Starkey@arm.com>,
John Stultz <jstultz@google.com>, <tjmercier@google.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
Yong Wu <yong.wu@mediatek.com>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-media@vger.kernel.org>,
<dri-devel@lists.freedesktop.org>,
<linaro-mm-sig@lists.linaro.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<jianjiao.zeng@mediatek.com>, <kuohong.wang@mediatek.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Joakim Bech <joakim.bech@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
<ckoenig.leichtzumerken@gmail.com>
Subject: [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init
Date: Tue, 12 Dec 2023 10:46:05 +0800 [thread overview]
Message-ID: <20231212024607.3681-6-yong.wu@mediatek.com> (raw)
In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com>
Add a Mediatek secure heap which uses TEE service call to protect
buffer. Currently this secure heap is NULL, Prepare for the later patch.
Mainly there are two changes:
a) Add a heap_init ops since TEE probe late than secure heap, thus
initialize the heap when we require the buffer the first time.
b) Add a priv_data for each heap, like the special data used by MTK
(such as "TEE session") can be placed in priv_data.
Currently our heap depends on CMA which could only be bool, thus
depend on "TEE=y".
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
---
drivers/dma-buf/heaps/Kconfig | 7 ++
drivers/dma-buf/heaps/Makefile | 1 +
drivers/dma-buf/heaps/secure_heap.c | 11 +++
drivers/dma-buf/heaps/secure_heap.h | 4 +
drivers/dma-buf/heaps/secure_heap_mtk.c | 114 ++++++++++++++++++++++++
5 files changed, 137 insertions(+)
create mode 100644 drivers/dma-buf/heaps/secure_heap_mtk.c
diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig
index 3a9943e94200..12962189878e 100644
--- a/drivers/dma-buf/heaps/Kconfig
+++ b/drivers/dma-buf/heaps/Kconfig
@@ -18,3 +18,10 @@ config DMABUF_HEAPS_SECURE
depends on DMABUF_HEAPS
help
Choose this option to enable dma-buf secure heap. If in doubt, say N.
+
+config DMABUF_HEAPS_SECURE_MTK
+ bool "MediaTek DMA-BUF Secure Heap"
+ depends on DMABUF_HEAPS_SECURE && TEE=y
+ help
+ Enable secure dma-buf heaps for MediaTek platform. This heap is backed by
+ TEE client interfaces. If in doubt, say N.
diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile
index b1ad9d1f2fbe..9751dea345df 100644
--- a/drivers/dma-buf/heaps/Makefile
+++ b/drivers/dma-buf/heaps/Makefile
@@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o
+obj-$(CONFIG_DMABUF_HEAPS_SECURE_MTK) += secure_heap_mtk.o
obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o
obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o
diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c
index 7cb4db3e55c2..ca4b433fb3f1 100644
--- a/drivers/dma-buf/heaps/secure_heap.c
+++ b/drivers/dma-buf/heaps/secure_heap.c
@@ -150,11 +150,22 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size,
unsigned long fd_flags, unsigned long heap_flags)
{
struct secure_heap *sec_heap = dma_heap_get_drvdata(heap);
+ const struct secure_heap_ops *ops = sec_heap->ops;
struct secure_buffer *sec_buf;
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
struct dma_buf *dmabuf;
int ret;
+ /*
+ * In some implements, TEE is required to protect buffer. However TEE probe
+ * may be late, Thus heap_init is performed when the first buffer is requested.
+ */
+ if (ops->heap_init) {
+ ret = ops->heap_init(sec_heap);
+ if (ret)
+ return ERR_PTR(ret);
+ }
+
sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL);
if (!sec_buf)
return ERR_PTR(-ENOMEM);
diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h
index ec5349cd28d0..1ce9c431d989 100644
--- a/drivers/dma-buf/heaps/secure_heap.h
+++ b/drivers/dma-buf/heaps/secure_heap.h
@@ -17,9 +17,13 @@ struct secure_heap {
const char *name;
const struct secure_heap_ops *ops;
+
+ void *priv_data;
};
struct secure_heap_ops {
+ int (*heap_init)(struct secure_heap *sec_heap);
+
int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c
new file mode 100644
index 000000000000..c7e609dd7bd3
--- /dev/null
+++ b/drivers/dma-buf/heaps/secure_heap_mtk.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * DMABUF MediaTek secure heap exporter
+ *
+ * Copyright (C) 2023 MediaTek Inc.
+ */
+#include <linux/dma-buf.h>
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/tee_drv.h>
+#include <linux/uuid.h>
+
+#include "secure_heap.h"
+
+#define TZ_TA_MEM_UUID_MTK "4477588a-8476-11e2-ad15-e41f1390d676"
+
+#define TEE_PARAM_NUM 4
+
+enum mtk_secure_mem_type {
+ /*
+ * MediaTek static chunk memory carved out for TrustZone. The memory
+ * management is inside the TEE.
+ */
+ MTK_SECURE_MEMORY_TYPE_CM_TZ = 1,
+};
+
+struct mtk_secure_heap_data {
+ struct tee_context *tee_ctx;
+ u32 tee_session;
+
+ const enum mtk_secure_mem_type mem_type;
+
+};
+
+static int mtk_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
+{
+ return ver->impl_id == TEE_IMPL_ID_OPTEE;
+}
+
+static int mtk_tee_session_init(struct mtk_secure_heap_data *data)
+{
+ struct tee_param t_param[TEE_PARAM_NUM] = {0};
+ struct tee_ioctl_open_session_arg arg = {0};
+ uuid_t ta_mem_uuid;
+ int ret;
+
+ data->tee_ctx = tee_client_open_context(NULL, mtk_tee_ctx_match, NULL, NULL);
+ if (IS_ERR(data->tee_ctx)) {
+ pr_err_once("%s: open context failed, ret=%ld\n", __func__,
+ PTR_ERR(data->tee_ctx));
+ return -ENODEV;
+ }
+
+ arg.num_params = TEE_PARAM_NUM;
+ arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
+ ret = uuid_parse(TZ_TA_MEM_UUID_MTK, &ta_mem_uuid);
+ if (ret)
+ goto close_context;
+ memcpy(&arg.uuid, &ta_mem_uuid.b, sizeof(ta_mem_uuid));
+
+ ret = tee_client_open_session(data->tee_ctx, &arg, t_param);
+ if (ret < 0 || arg.ret) {
+ pr_err_once("%s: open session failed, ret=%d:%d\n",
+ __func__, ret, arg.ret);
+ ret = -EINVAL;
+ goto close_context;
+ }
+ data->tee_session = arg.session;
+ return 0;
+
+close_context:
+ tee_client_close_context(data->tee_ctx);
+ return ret;
+}
+
+static int mtk_secure_heap_init(struct secure_heap *sec_heap)
+{
+ struct mtk_secure_heap_data *data = sec_heap->priv_data;
+
+ if (!data->tee_ctx)
+ return mtk_tee_session_init(data);
+ return 0;
+}
+
+static const struct secure_heap_ops mtk_sec_mem_ops = {
+ .heap_init = mtk_secure_heap_init,
+};
+
+static struct mtk_secure_heap_data mtk_sec_heap_data = {
+ .mem_type = MTK_SECURE_MEMORY_TYPE_CM_TZ,
+};
+
+static struct secure_heap mtk_secure_heaps[] = {
+ {
+ .name = "secure_mtk_cm",
+ .ops = &mtk_sec_mem_ops,
+ .priv_data = &mtk_sec_heap_data,
+ },
+};
+
+static int mtk_sec_heap_init(void)
+{
+ struct secure_heap *sec_heap = mtk_secure_heaps;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++)
+ secure_heap_add(sec_heap);
+ return 0;
+}
+
+module_init(mtk_sec_heap_init);
+MODULE_DESCRIPTION("MediaTek Secure Heap Driver");
+MODULE_LICENSE("GPL");
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-12 2:47 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-12 2:46 [PATCH v3 0/7] dma-buf: heaps: Add secure heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek,dynamic-secure-region Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek, dynamic-secure-region Yong Wu
2023-12-12 2:46 ` [PATCH v3 2/7] dma-buf: heaps: Initialize a secure heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 3/7] dma-buf: heaps: secure_heap: Add private heap ops Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 4/7] dma-buf: heaps: secure_heap: Add dma_ops Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu [this message]
2023-12-12 2:46 ` [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 6/7] dma-buf: heaps: secure_heap_mtk: Add tee memory service call Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 7/7] dma_buf: heaps: secure_heap_mtk: Add a new CMA heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 16:36 ` [PATCH v3 0/7] dma-buf: heaps: Add secure heap Simon Ser
2023-12-12 16:36 ` Simon Ser
2023-12-12 16:36 ` Simon Ser
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 10:15 ` Joakim Bech
2023-12-13 10:15 ` Joakim Bech
2023-12-13 10:15 ` Joakim Bech
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:59 ` Christian König
2023-12-13 13:59 ` Christian König
2023-12-13 13:59 ` Christian König
2023-12-13 14:16 ` Pekka Paalanen
2023-12-13 14:16 ` Pekka Paalanen
2023-12-13 14:16 ` Pekka Paalanen
2023-12-22 9:40 ` Simon Ser
2023-12-22 9:40 ` Simon Ser
2023-12-22 9:40 ` Simon Ser
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-05 9:35 ` Christian König
2024-01-05 9:35 ` Christian König
2024-01-05 9:35 ` Christian König
2024-01-09 3:07 ` Yong Wu (吴勇)
2024-01-09 3:07 ` Yong Wu (吴勇)
2024-01-09 3:07 ` Yong Wu (吴勇)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231212024607.3681-6-yong.wu@mediatek.com \
--to=yong.wu@mediatek.com \
--cc=Brian.Starkey@arm.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=ckoenig.leichtzumerken@gmail.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jianjiao.zeng@mediatek.com \
--cc=jkardatzke@google.com \
--cc=joakim.bech@linaro.org \
--cc=jstultz@google.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuohong.wang@mediatek.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=nicolas@ndufresne.ca \
--cc=quic_vjitta@quicinc.com \
--cc=robh+dt@kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.