From: Tyler Hicks <tyhicks@linux.microsoft.com>
To: Jens Wiklander <jens.wiklander@linaro.org>,
Allen Pais <apais@linux.microsoft.com>,
Sumit Garg <sumit.garg@linaro.org>,
Peter Huewe <peterhuewe@gmx.de>,
Jarkko Sakkinen <jarkko@kernel.org>,
Jason Gunthorpe <jgg@ziepe.ca>,
Vikas Gupta <vikas.gupta@broadcom.com>
Cc: "Thirupathaiah Annapureddy" <thiruan@microsoft.com>,
"Pavel Tatashin" <pasha.tatashin@soleen.com>,
"Rafał Miłecki" <zajec5@gmail.com>,
op-tee@lists.trustedfirmware.org,
linux-integrity@vger.kernel.org,
bcm-kernel-feedback-list@broadcom.com,
linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v5 4/8] optee: Clear stale cache entries during initialization
Date: Mon, 14 Jun 2021 17:33:13 -0500 [thread overview]
Message-ID: <20210614223317.999867-5-tyhicks@linux.microsoft.com> (raw)
In-Reply-To: <20210614223317.999867-1-tyhicks@linux.microsoft.com>
The shm cache could contain invalid addresses if
optee_disable_shm_cache() was not called from the .shutdown hook of the
previous kernel before a kexec. These addresses could be unmapped or
they could point to mapped but unintended locations in memory.
Clear the shared memory cache, while being careful to not translate the
addresses returned from OPTEE_SMC_DISABLE_SHM_CACHE, during driver
initialization. Once all pre-cache shm objects are removed, proceed with
enabling the cache so that we know that we can handle cached shm objects
with confidence later in the .shutdown hook.
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
---
drivers/tee/optee/call.c | 36 ++++++++++++++++++++++++++++---
drivers/tee/optee/core.c | 9 ++++++++
drivers/tee/optee/optee_private.h | 1 +
3 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c
index 6e6eb836e9b6..387e94768182 100644
--- a/drivers/tee/optee/call.c
+++ b/drivers/tee/optee/call.c
@@ -416,11 +416,13 @@ void optee_enable_shm_cache(struct optee *optee)
}
/**
- * optee_disable_shm_cache() - Disables caching of some shared memory allocation
- * in OP-TEE
+ * __optee_disable_shm_cache() - Disables caching of some shared memory
+ * allocation in OP-TEE
* @optee: main service struct
+ * @is_mapped: true if the cached shared memory addresses were mapped by this
+ * kernel, are safe to dereference, and should be freed
*/
-void optee_disable_shm_cache(struct optee *optee)
+static void __optee_disable_shm_cache(struct optee *optee, bool is_mapped)
{
struct optee_call_waiter w;
@@ -439,6 +441,13 @@ void optee_disable_shm_cache(struct optee *optee)
if (res.result.status == OPTEE_SMC_RETURN_OK) {
struct tee_shm *shm;
+ /*
+ * Shared memory references that were not mapped by
+ * this kernel must be ignored to prevent a crash.
+ */
+ if (!is_mapped)
+ continue;
+
shm = reg_pair_to_ptr(res.result.shm_upper32,
res.result.shm_lower32);
tee_shm_free(shm);
@@ -449,6 +458,27 @@ void optee_disable_shm_cache(struct optee *optee)
optee_cq_wait_final(&optee->call_queue, &w);
}
+/**
+ * optee_disable_shm_cache() - Disables caching of mapped shared memory
+ * allocations in OP-TEE
+ * @optee: main service struct
+ */
+void optee_disable_shm_cache(struct optee *optee)
+{
+ return __optee_disable_shm_cache(optee, true);
+}
+
+/**
+ * optee_disable_unmapped_shm_cache() - Disables caching of shared memory
+ * allocations in OP-TEE which are not
+ * currently mapped
+ * @optee: main service struct
+ */
+void optee_disable_unmapped_shm_cache(struct optee *optee)
+{
+ return __optee_disable_shm_cache(optee, false);
+}
+
#define PAGELIST_ENTRIES_PER_PAGE \
((OPTEE_MSG_NONCONTIG_PAGE_SIZE / sizeof(u64)) - 1)
diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 0987074d7ed0..651d49b53d3b 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -716,6 +716,15 @@ static int optee_probe(struct platform_device *pdev)
optee->memremaped_shm = memremaped_shm;
optee->pool = pool;
+ /*
+ * Ensure that there are no pre-existing shm objects before enabling
+ * the shm cache so that there's no chance of receiving an invalid
+ * address during shutdown. This could occur, for example, if we're
+ * kexec booting from an older kernel that did not properly cleanup the
+ * shm cache.
+ */
+ optee_disable_unmapped_shm_cache(optee);
+
optee_enable_shm_cache(optee);
if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
index e25b216a14ef..dbdd367be156 100644
--- a/drivers/tee/optee/optee_private.h
+++ b/drivers/tee/optee/optee_private.h
@@ -159,6 +159,7 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
void optee_enable_shm_cache(struct optee *optee);
void optee_disable_shm_cache(struct optee *optee);
+void optee_disable_unmapped_shm_cache(struct optee *optee);
int optee_shm_register(struct tee_context *ctx, struct tee_shm *shm,
struct page **pages, size_t num_pages,
--
2.25.1
next prev parent reply other threads:[~2021-06-14 22:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 22:33 [PATCH v5 0/8] tee: Improve support for kexec and kdump Tyler Hicks
2021-06-14 22:33 ` [PATCH v5 1/8] optee: Fix memory leak when failing to register shm pages Tyler Hicks
2021-06-14 22:33 ` [PATCH v5 2/8] optee: Refuse to load the driver under the kdump kernel Tyler Hicks
2021-06-14 22:33 ` [PATCH v5 3/8] optee: fix tee out of memory failure seen during kexec reboot Tyler Hicks
2021-06-14 22:33 ` Tyler Hicks [this message]
2021-06-15 7:00 ` [PATCH v5 4/8] optee: Clear stale cache entries during initialization Jens Wiklander
2021-06-14 22:33 ` [PATCH v5 5/8] tee: add tee_shm_alloc_kernel_buf() Tyler Hicks
2021-06-14 22:33 ` [PATCH v5 6/8] tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag Tyler Hicks
2021-06-15 7:10 ` Jens Wiklander
2021-06-14 22:33 ` [PATCH v5 7/8] tpm_ftpm_tee: Free and unregister TEE shared memory during kexec Tyler Hicks
2021-06-14 22:33 ` [PATCH v5 8/8] firmware: tee_bnxt: Release TEE shm, session, and context " Tyler Hicks
2021-06-15 4:32 ` [PATCH v5 0/8] tee: Improve support for kexec and kdump Sumit Garg
2021-06-15 4:34 ` Tyler Hicks
2021-06-15 7:23 ` Jens Wiklander
2021-06-15 13:37 ` Tyler Hicks
2021-06-15 14:15 ` Florian Fainelli
2021-07-21 6:03 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210614223317.999867-5-tyhicks@linux.microsoft.com \
--to=tyhicks@linux.microsoft.com \
--cc=apais@linux.microsoft.com \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=jarkko@kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=pasha.tatashin@soleen.com \
--cc=peterhuewe@gmx.de \
--cc=sumit.garg@linaro.org \
--cc=thiruan@microsoft.com \
--cc=vikas.gupta@broadcom.com \
--cc=zajec5@gmail.com \
--subject='Re: [PATCH v5 4/8] optee: Clear stale cache entries during initialization' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).