[PATCH v2 0/1] tee: Add tee_shm_register_fd

[PATCH v2 0/1] tee: Add tee_shm_register_fd

[Olivier Masse]

Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
shared memory from a dmabuf file descriptor.
This new ioctl will allow the Linux Kernel to register a buffer
to be used by the Secure Data Path OPTEE OS feature.

Please find more information here:
https://static.linaro.org/connect/san19/presentations/san19-107.pdf

Patch tested on Hikey 6220.

Etienne Carriere (1):
  tee: new ioctl to a register tee_shm from a dmabuf file descriptor

 drivers/tee/tee_core.c   | 38 +++++++++++++++
 drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
 include/linux/tee_drv.h  | 11 +++++
 include/uapi/linux/tee.h | 29 ++++++++++++
 4 files changed, 175 insertions(+), 2 deletions(-)

-- 
2.25.0

[PATCH 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Olivier Masse]

From: Etienne Carriere <etienne.carriere@linaro.org>

This change allows userland to create a tee_shm object that refers
to a dmabuf reference.

Userland provides a dmabuf file descriptor as buffer reference.
The created tee_shm object exported as a brand new dmabuf reference
used to provide a clean fd to userland. Userland shall closed this new
fd to release the tee_shm object resources. The initial dmabuf resources
are tracked independently through original dmabuf file descriptor.

Once the buffer is registered and until it is released, TEE driver
keeps a refcount on the registered dmabuf structure.

This change only support dmabuf references that relates to physically
contiguous memory buffers.

New tee_shm flag to identify tee_shm objects built from a registered
dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged with
TEE_SHM_EXT_DMA_BUF.

Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Reported-by: kernel test robot <lkp@intel.com>
From: https://github.com/linaro-swg/linux.git
(cherry picked from commit 41e21e5c405530590dc2dd10b2a8dbe64589840f)
---
 drivers/tee/tee_core.c   | 38 +++++++++++++++
 drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
 include/linux/tee_drv.h  | 11 +++++
 include/uapi/linux/tee.h | 29 ++++++++++++
 4 files changed, 175 insertions(+), 2 deletions(-)

diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 8aa1a4836b92..7c45cbf85eb9 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
 	return ret;
 }
 
+static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
+				     struct tee_ioctl_shm_register_fd_data __user *udata)
+{
+	struct tee_ioctl_shm_register_fd_data data;
+	struct tee_shm *shm;
+	long ret;
+
+	if (copy_from_user(&data, udata, sizeof(data)))
+		return -EFAULT;
+
+	/* Currently no input flags are supported */
+	if (data.flags)
+		return -EINVAL;
+
+	shm = tee_shm_register_fd(ctx, data.fd);
+	if (IS_ERR(shm))
+		return -EINVAL;
+
+	data.id = shm->id;
+	data.flags = shm->flags;
+	data.size = shm->size;
+
+	if (copy_to_user(udata, &data, sizeof(data)))
+		ret = -EFAULT;
+	else
+		ret = tee_shm_get_fd(shm);
+
+	/*
+	 * When user space closes the file descriptor the shared memory
+	 * should be freed or if tee_shm_get_fd() failed then it will
+	 * be freed immediately.
+	 */
+	tee_shm_put(shm);
+	return ret;
+}
+
 static int params_from_user(struct tee_context *ctx, struct tee_param *params,
 			    size_t num_params,
 			    struct tee_ioctl_param __user *uparams)
@@ -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		return tee_ioctl_shm_alloc(ctx, uarg);
 	case TEE_IOC_SHM_REGISTER:
 		return tee_ioctl_shm_register(ctx, uarg);
+	case TEE_IOC_SHM_REGISTER_FD:
+		return tee_ioctl_shm_register_fd(ctx, uarg);
 	case TEE_IOC_OPEN_SESSION:
 		return tee_ioctl_open_session(ctx, uarg);
 	case TEE_IOC_INVOKE:
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index 836872467dc6..55a3fbbb022e 100644
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -4,6 +4,7 @@
  */
 #include <linux/anon_inodes.h>
 #include <linux/device.h>
+#include <linux/dma-buf.h>
 #include <linux/idr.h>
 #include <linux/mm.h>
 #include <linux/sched.h>
@@ -12,6 +13,14 @@
 #include <linux/uio.h>
 #include "tee_private.h"
 
+/* extra references appended to shm object for registered shared memory */
+struct tee_shm_dmabuf_ref {
+     struct tee_shm shm;
+     struct dma_buf *dmabuf;
+     struct dma_buf_attachment *attach;
+     struct sg_table *sgt;
+};
+
 static void shm_put_kernel_pages(struct page **pages, size_t page_count)
 {
 	size_t n;
@@ -71,7 +80,16 @@ static void release_registered_pages(struct tee_shm *shm)
 
 static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm)
 {
-	if (shm->flags & TEE_SHM_POOL) {
+	if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
+		struct tee_shm_dmabuf_ref *ref;
+
+		ref = container_of(shm, struct tee_shm_dmabuf_ref, shm);
+		dma_buf_unmap_attachment(ref->attach, ref->sgt,
+					 DMA_BIDIRECTIONAL);
+
+		dma_buf_detach(ref->dmabuf, ref->attach);
+		dma_buf_put(ref->dmabuf);
+	} else if (shm->flags & TEE_SHM_POOL) {
 		teedev->pool->ops->free(teedev->pool, shm);
 	} else if (shm->flags & TEE_SHM_DYNAMIC) {
 		int rc = teedev->desc->ops->shm_unregister(shm->ctx, shm);
@@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct tee_context *ctx, size_t size)
  * tee_client_invoke_func(). The memory allocated is later freed with a
  * call to tee_shm_free().
  *
- * @returns a pointer to 'struct tee_shm'
+ * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on failure
  */
 struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx, size_t size)
 {
@@ -229,6 +247,83 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size)
 }
 EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
 
+struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
+{
+	struct tee_shm_dmabuf_ref *ref;
+	int rc;
+
+	if (!tee_device_get(ctx->teedev))
+		return ERR_PTR(-EINVAL);
+
+	teedev_ctx_get(ctx);
+
+	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
+	if (!ref) {
+		rc = -ENOMEM;
+		goto err_put_tee;
+	}
+
+	refcount_set(&ref->shm.refcount, 1);
+	ref->shm.ctx = ctx;
+	ref->shm.id = -1;
+
+	ref->dmabuf = dma_buf_get(fd);
+	if (IS_ERR(ref->dmabuf)) {
+		rc = PTR_ERR(ref->dmabuf);
+		goto err_put_dmabuf;
+	}
+
+	ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx->teedev->dev);
+	if (IS_ERR(ref->attach)) {
+		rc = PTR_ERR(ref->attach);
+		goto err_detach;
+	}
+
+	ref->sgt = dma_buf_map_attachment(ref->attach, DMA_BIDIRECTIONAL);
+	if (IS_ERR(ref->sgt)) {
+		rc = PTR_ERR(ref->sgt);
+		goto err_unmap_attachement;
+	}
+
+	if (sg_nents(ref->sgt->sgl) != 1) {
+		rc = PTR_ERR(ref->sgt->sgl);
+		goto err_unmap_attachement;
+	}
+
+	ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
+	ref->shm.size = sg_dma_len(ref->sgt->sgl);
+	ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
+
+	mutex_lock(&ref->shm.ctx->teedev->mutex);
+	ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
+				1, 0, GFP_KERNEL);
+	mutex_unlock(&ref->shm.ctx->teedev->mutex);
+	if (ref->shm.id < 0) {
+		rc = ref->shm.id;
+		goto err_idr_remove;
+	}
+
+	return &ref->shm;
+
+err_idr_remove:
+	mutex_lock(&ctx->teedev->mutex);
+	idr_remove(&ctx->teedev->idr, ref->shm.id);
+	mutex_unlock(&ctx->teedev->mutex);
+err_unmap_attachement:
+	dma_buf_unmap_attachment(ref->attach, ref->sgt, DMA_BIDIRECTIONAL);
+err_detach:
+	dma_buf_detach(ref->dmabuf, ref->attach);
+err_put_dmabuf:
+	dma_buf_put(ref->dmabuf);
+	kfree(ref);
+err_put_tee:
+	teedev_ctx_put(ctx);
+	tee_device_put(ctx->teedev);
+
+	return ERR_PTR(rc);
+}
+EXPORT_SYMBOL_GPL(tee_shm_register_fd);
+
 static struct tee_shm *
 register_shm_helper(struct tee_context *ctx, unsigned long addr,
 		    size_t length, u32 flags, int id)
diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
index 911cad324acc..40ddd5376c2d 100644
--- a/include/linux/tee_drv.h
+++ b/include/linux/tee_drv.h
@@ -25,6 +25,7 @@
 #define TEE_SHM_USER_MAPPED	BIT(1)  /* Memory mapped in user space */
 #define TEE_SHM_POOL		BIT(2)  /* Memory allocated from pool */
 #define TEE_SHM_PRIV		BIT(3)  /* Memory private to TEE driver */
+#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf handle */
 
 struct device;
 struct tee_device;
@@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx, size_t size);
 struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx,
 					    void *addr, size_t length);
 
+/**
+ * tee_shm_register_fd() - Register shared memory from file descriptor
+ *
+ * @ctx:	Context that allocates the shared memory
+ * @fd:		Shared memory file descriptor reference
+ *
+ * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on failure
+ */
+struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd);
+
 /**
  * tee_shm_is_dynamic() - Check if shared memory object is of the dynamic kind
  * @shm:	Shared memory handle
diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
index 25a6c534beb1..baf3cd7cfdac 100644
--- a/include/uapi/linux/tee.h
+++ b/include/uapi/linux/tee.h
@@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
 #define TEE_IOC_SHM_ALLOC	_IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1, \
 				     struct tee_ioctl_shm_alloc_data)
 
+/**
+ * struct tee_ioctl_shm_register_fd_data - Shared memory registering argument
+ * @fd:		[in] File descriptor identifying the shared memory
+ * @size:	[out] Size of shared memory to allocate
+ * @flags:	[in] Flags to/from allocation.
+ * @id:		[out] Identifier of the shared memory
+ *
+ * The flags field should currently be zero as input. Updated by the call
+ * with actual flags as defined by TEE_IOCTL_SHM_* above.
+ * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD below.
+ */
+struct tee_ioctl_shm_register_fd_data {
+	__s64 fd;
+	__u64 size;
+	__u32 flags;
+	__s32 id;
+} __attribute__ ((aligned (8)));
+
+/**
+ * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file descriptor
+ *
+ * Returns a file descriptor on success or < 0 on failure
+ *
+ * The returned file descriptor refers to the shared memory object in kernel
+ * land. The shared memory is freed when the descriptor is closed.
+ */
+#define TEE_IOC_SHM_REGISTER_FD	_IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 8, \
+				     struct tee_ioctl_shm_register_fd_data)
+
 /**
  * struct tee_ioctl_buf_data - Variable sized buffer
  * @buf_ptr:	[in] A __user pointer to a buffer
-- 
2.25.0

Re: [PATCH 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[kernel test robot]

Hi Olivier,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on drm-misc/drm-misc-next]
[also build test ERROR on drm-tip/drm-tip linus/master v5.19 next-20220812]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Olivier-Masse/tee-Add-tee_shm_register_fd/20220812-223302
base:   git://anongit.freedesktop.org/drm/drm-misc drm-misc-next
config: arm-randconfig-r026-20220814 (https://download.01.org/0day-ci/archive/20220814/202208140900.TNSQFBzy-lkp@intel.com/config)
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 3329cec2f79185bafd678f310fafadba2a8c76d2)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install arm cross compiling tool for clang build
        # apt-get install binutils-arm-linux-gnueabi
        # https://github.com/intel-lab-lkp/linux/commit/994ce362c3244904f79f1e7d4cb436ea162421d1
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Olivier-Masse/tee-Add-tee_shm_register_fd/20220812-223302
        git checkout 994ce362c3244904f79f1e7d4cb436ea162421d1
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>, old ones prefixed by <<):

ERROR: modpost: "__aeabi_uldivmod" [drivers/mtd/mtdswap.ko] undefined!
>> ERROR: modpost: module tee uses symbol dma_buf_get from namespace DMA_BUF, but does not import it.
>> ERROR: modpost: module tee uses symbol dma_buf_attach from namespace DMA_BUF, but does not import it.
>> ERROR: modpost: module tee uses symbol dma_buf_map_attachment from namespace DMA_BUF, but does not import it.
>> ERROR: modpost: module tee uses symbol dma_buf_unmap_attachment from namespace DMA_BUF, but does not import it.
>> ERROR: modpost: module tee uses symbol dma_buf_detach from namespace DMA_BUF, but does not import it.
>> ERROR: modpost: module tee uses symbol dma_buf_put from namespace DMA_BUF, but does not import it.

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Jens Wiklander]

Hi Olivier,

On Fri, Aug 12, 2022 at 4:31 PM Olivier Masse <olivier.masse@nxp.com> wrote:
>
> Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> shared memory from a dmabuf file descriptor.
> This new ioctl will allow the Linux Kernel to register a buffer
> to be used by the Secure Data Path OPTEE OS feature.
>
> Please find more information here:
> https://static.linaro.org/connect/san19/presentations/san19-107.pdf
>
> Patch tested on Hikey 6220.

What's new in this V2?

Thanks,
Jens

>
> Etienne Carriere (1):
>   tee: new ioctl to a register tee_shm from a dmabuf file descriptor
>
>  drivers/tee/tee_core.c   | 38 +++++++++++++++
>  drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
>  include/linux/tee_drv.h  | 11 +++++
>  include/uapi/linux/tee.h | 29 ++++++++++++
>  4 files changed, 175 insertions(+), 2 deletions(-)
>
> --
> 2.25.0
>

Re: [EXT] Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Olivier Masse]

Hi Jens,

On mar., 2022-08-16 at 10:17 +0200, Jens Wiklander wrote:
> Caution: EXT Email
> 
> Hi Olivier,
> 
> On Fri, Aug 12, 2022 at 4:31 PM Olivier Masse <olivier.masse@nxp.com>
> wrote:
> > 
> > Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> > shared memory from a dmabuf file descriptor.
> > This new ioctl will allow the Linux Kernel to register a buffer
> > to be used by the Secure Data Path OPTEE OS feature.
> > 
> > Please find more information here:
> > 
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstatic.linaro.org%2Fconnect%2Fsan19%2Fpresentations%2Fsan19-107.pdf&amp;data=05%7C01%7Colivier.masse%40nxp.com%7C20ddb873be8f4cd89b5408da7f5fda26%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637962346897373445%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=cMbuihC0Hat4DEVORzcGhzwjO%2FxclAW43AIcvR8yReE%3D&amp;reserved=0
> > 
> > Patch tested on Hikey 6220.
> 
> What's new in this V2?

Just updated the cover letter and minor change to fix a build error
with gcc-11 for x86 architecture:
>> ./usr/include/linux/tee.h:136:13: error: expected declaration
specifiers or '...' before numeric constant
     136 | } __aligned(8);
         |             ^

Best regards,
Olivier

> 
> Thanks,
> Jens
> 
> > 
> > Etienne Carriere (1):
> >   tee: new ioctl to a register tee_shm from a dmabuf file
> > descriptor
> > 
> >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> >  drivers/tee/tee_shm.c    | 99
> > +++++++++++++++++++++++++++++++++++++++-
> >  include/linux/tee_drv.h  | 11 +++++
> >  include/uapi/linux/tee.h | 29 ++++++++++++
> >  4 files changed, 175 insertions(+), 2 deletions(-)
> > 
> > --
> > 2.25.0
> > 

Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Sumit Garg]

Hi Olivier,

On Fri, 12 Aug 2022 at 20:01, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> shared memory from a dmabuf file descriptor.
> This new ioctl will allow the Linux Kernel to register a buffer
> to be used by the Secure Data Path OPTEE OS feature.
>
> Please find more information here:
> https://static.linaro.org/connect/san19/presentations/san19-107.pdf
>
> Patch tested on Hikey 6220.
>

AFAIU, for the OP-TEE SDP feature to work you need to have a DMA-BUF
heap driver for allocating secure buffers through exposed chardev:
"/dev/dma_heap/sdp". Have you tested it with some out-of-tree driver
as I can't find it upstream? Also, do you plan to push that upstream
as well?

BTW, please add a changelog while sending newer patch-set versions.

-Sumit

> Etienne Carriere (1):
>   tee: new ioctl to a register tee_shm from a dmabuf file descriptor
>
>  drivers/tee/tee_core.c   | 38 +++++++++++++++
>  drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
>  include/linux/tee_drv.h  | 11 +++++
>  include/uapi/linux/tee.h | 29 ++++++++++++
>  4 files changed, 175 insertions(+), 2 deletions(-)
>
> --
> 2.25.0
>

Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Daniel Vetter]

On Fri, Aug 19, 2022 at 01:54:31PM +0530, Sumit Garg wrote:
> Hi Olivier,
> 
> On Fri, 12 Aug 2022 at 20:01, Olivier Masse <olivier.masse@nxp.com> wrote:
> >
> > Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> > shared memory from a dmabuf file descriptor.
> > This new ioctl will allow the Linux Kernel to register a buffer
> > to be used by the Secure Data Path OPTEE OS feature.
> >
> > Please find more information here:
> > https://static.linaro.org/connect/san19/presentations/san19-107.pdf
> >
> > Patch tested on Hikey 6220.
> >
> 
> AFAIU, for the OP-TEE SDP feature to work you need to have a DMA-BUF
> heap driver for allocating secure buffers through exposed chardev:
> "/dev/dma_heap/sdp". Have you tested it with some out-of-tree driver
> as I can't find it upstream? Also, do you plan to push that upstream
> as well?
> 
> BTW, please add a changelog while sending newer patch-set versions.

Also after the huge discussion last year dma-buf are agreed to be under
the "you need an open source userspace for any new uapi using them" rule
that all gpu drivers are under.

Does this exist here?
-Daniel

> 
> -Sumit
> 
> > Etienne Carriere (1):
> >   tee: new ioctl to a register tee_shm from a dmabuf file descriptor
> >
> >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> >  drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
> >  include/linux/tee_drv.h  | 11 +++++
> >  include/uapi/linux/tee.h | 29 ++++++++++++
> >  4 files changed, 175 insertions(+), 2 deletions(-)
> >
> > --
> > 2.25.0
> >

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Re: [EXT] Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Olivier Masse]

Hi Sumit

On ven., 2022-08-19 at 13:54 +0530, Sumit Garg wrote:
> Caution: EXT Email
> 
> Hi Olivier,
> 
> On Fri, 12 Aug 2022 at 20:01, Olivier Masse <olivier.masse@nxp.com>
> wrote:
> > 
> > Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> > shared memory from a dmabuf file descriptor.
> > This new ioctl will allow the Linux Kernel to register a buffer
> > to be used by the Secure Data Path OPTEE OS feature.
> > 
> > Please find more information here:
> > 
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstatic.linaro.org%2Fconnect%2Fsan19%2Fpresentations%2Fsan19-107.pdf&amp;data=05%7C01%7Colivier.masse%40nxp.com%7C05071ff1c28044ab740908da81bc44e2%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637964942860947359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=nYLb2iMoJExdKEg4CL4eW5%2FQ%2Bqqj4Iw1TxFsd1UqWW0%3D&amp;reserved=0
> > 
> > Patch tested on Hikey 6220.
> > 
> 
> AFAIU, for the OP-TEE SDP feature to work you need to have a DMA-BUF
> heap driver for allocating secure buffers through exposed chardev:
> "/dev/dma_heap/sdp". Have you tested it with some out-of-tree driver
> as I can't find it upstream? Also, do you plan to push that upstream
> as well?

It has been tested with linaro,secure-heap reserved dma heap memory
which is also in review for upstream.

> 
> BTW, please add a changelog while sending newer patch-set versions.
> 
> -Sumit
> 
> > Etienne Carriere (1):
> >   tee: new ioctl to a register tee_shm from a dmabuf file
> > descriptor
> > 
> >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> >  drivers/tee/tee_shm.c    | 99
> > +++++++++++++++++++++++++++++++++++++++-
> >  include/linux/tee_drv.h  | 11 +++++
> >  include/uapi/linux/tee.h | 29 ++++++++++++
> >  4 files changed, 175 insertions(+), 2 deletions(-)
> > 
> > --
> > 2.25.0
> > 

Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Sumit Garg]

Hi Daniel,

On Wed, 7 Sept 2022 at 01:29, Daniel Vetter <daniel@ffwll.ch> wrote:
>
> On Fri, Aug 19, 2022 at 01:54:31PM +0530, Sumit Garg wrote:
> > Hi Olivier,
> >
> > On Fri, 12 Aug 2022 at 20:01, Olivier Masse <olivier.masse@nxp.com> wrote:
> > >
> > > Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> > > shared memory from a dmabuf file descriptor.
> > > This new ioctl will allow the Linux Kernel to register a buffer
> > > to be used by the Secure Data Path OPTEE OS feature.
> > >
> > > Please find more information here:
> > > https://static.linaro.org/connect/san19/presentations/san19-107.pdf
> > >
> > > Patch tested on Hikey 6220.
> > >
> >
> > AFAIU, for the OP-TEE SDP feature to work you need to have a DMA-BUF
> > heap driver for allocating secure buffers through exposed chardev:
> > "/dev/dma_heap/sdp". Have you tested it with some out-of-tree driver
> > as I can't find it upstream? Also, do you plan to push that upstream
> > as well?
> >
> > BTW, please add a changelog while sending newer patch-set versions.
>
> Also after the huge discussion last year dma-buf are agreed to be under
> the "you need an open source userspace for any new uapi using them" rule
> that all gpu drivers are under.
>
> Does this exist here?

There is already an open source userspace test application using it
here [1] [2] demonstrating its use-case. I think that should be
sufficient.

[1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.c
[2] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.h

-Sumit

> -Daniel
>
> >
> > -Sumit
> >
> > > Etienne Carriere (1):
> > >   tee: new ioctl to a register tee_shm from a dmabuf file descriptor
> > >
> > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > >  drivers/tee/tee_shm.c    | 99 +++++++++++++++++++++++++++++++++++++++-
> > >  include/linux/tee_drv.h  | 11 +++++
> > >  include/uapi/linux/tee.h | 29 ++++++++++++
> > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > >
> > > --
> > > 2.25.0
> > >
>
> --
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch

Re: [EXT] Re: [PATCH v2 0/1] tee: Add tee_shm_register_fd

[Sumit Garg]

On Thu, 8 Sept 2022 at 14:48, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> Hi Sumit
>
> On ven., 2022-08-19 at 13:54 +0530, Sumit Garg wrote:
> > Caution: EXT Email
> >
> > Hi Olivier,
> >
> > On Fri, 12 Aug 2022 at 20:01, Olivier Masse <olivier.masse@nxp.com>
> > wrote:
> > >
> > > Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a
> > > shared memory from a dmabuf file descriptor.
> > > This new ioctl will allow the Linux Kernel to register a buffer
> > > to be used by the Secure Data Path OPTEE OS feature.
> > >
> > > Please find more information here:
> > >
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstatic.linaro.org%2Fconnect%2Fsan19%2Fpresentations%2Fsan19-107.pdf&amp;data=05%7C01%7Colivier.masse%40nxp.com%7C05071ff1c28044ab740908da81bc44e2%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637964942860947359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=nYLb2iMoJExdKEg4CL4eW5%2FQ%2Bqqj4Iw1TxFsd1UqWW0%3D&amp;reserved=0
> > >
> > > Patch tested on Hikey 6220.
> > >
> >
> > AFAIU, for the OP-TEE SDP feature to work you need to have a DMA-BUF
> > heap driver for allocating secure buffers through exposed chardev:
> > "/dev/dma_heap/sdp". Have you tested it with some out-of-tree driver
> > as I can't find it upstream? Also, do you plan to push that upstream
> > as well?
>
> It has been tested with linaro,secure-heap reserved dma heap memory
> which is also in review for upstream.

Can you provide the corresponding reference? Also, do keep OP-TEE ML
in CC if you send any new iteration for that patch.

-Sumit

>
> >
> > BTW, please add a changelog while sending newer patch-set versions.
> >
> > -Sumit
> >
> > > Etienne Carriere (1):
> > >   tee: new ioctl to a register tee_shm from a dmabuf file
> > > descriptor
> > >
> > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > >  drivers/tee/tee_shm.c    | 99
> > > +++++++++++++++++++++++++++++++++++++++-
> > >  include/linux/tee_drv.h  | 11 +++++
> > >  include/uapi/linux/tee.h | 29 ++++++++++++
> > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > >
> > > --
> > > 2.25.0
> > >

Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Olivier Masse]

Hi Joakim,
Hi Etienne,

Let me bring back this pull request for OPTEE Linux driver.

Last feedback was from Christian König and Sumit Garg.
From Christian:
> Just two comments:
> 
> 1. Dmitry is working on a change which renames some functions and
> makes
> it mandatory to call them with the dma_resv lock held.
> 
> Depending on how you want to upstream this change you will certainly
> run
> into conflicts with that.

Is there any update on these changes ?

> 
> 2. Would it be possible to do this dynamically? In other words does
> the
> tee driver has a concept of buffers moving around?

We do not support dynamic secure memory heap.

From Sumit:
> What limits you to extend this feature to non-contiguous memory
> buffers? I believe that should be possible with OP-TEE dynamic shared
> memory which gives you the granularity to register a list of pages.

Our solution use a fixed protected reserved memory region and do not
rely on a dynamic protection managed in secure.

The scope of this implementation rely on a static memory region handled
by a specific DMA Heap type.

Best regards,
Olivier MASSE


On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> From: Etienne Carriere <etienne.carriere@linaro.org>
> 
> This change allows userland to create a tee_shm object that refers
> to a dmabuf reference.
> 
> Userland provides a dmabuf file descriptor as buffer reference.
> The created tee_shm object exported as a brand new dmabuf reference
> used to provide a clean fd to userland. Userland shall closed this
> new
> fd to release the tee_shm object resources. The initial dmabuf
> resources
> are tracked independently through original dmabuf file descriptor.
> 
> Once the buffer is registered and until it is released, TEE driver
> keeps a refcount on the registered dmabuf structure.
> 
> This change only support dmabuf references that relates to physically
> contiguous memory buffers.
> 
> New tee_shm flag to identify tee_shm objects built from a registered
> dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged with
> TEE_SHM_EXT_DMA_BUF.
> 
> Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> Reported-by: kernel test robot <lkp@intel.com>
> From: https://github.com/linaro-swg/linux.git
> (cherry picked from commit 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> ---
>  drivers/tee/tee_core.c   | 38 +++++++++++++++
>  drivers/tee/tee_shm.c    | 99
> +++++++++++++++++++++++++++++++++++++++-
>  include/linux/tee_drv.h  | 11 +++++
>  include/uapi/linux/tee.h | 29 ++++++++++++
>  4 files changed, 175 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index 8aa1a4836b92..7c45cbf85eb9 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
>  	return ret;
>  }
>  
> +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> +				     struct
> tee_ioctl_shm_register_fd_data __user *udata)
> +{
> +	struct tee_ioctl_shm_register_fd_data data;
> +	struct tee_shm *shm;
> +	long ret;
> +
> +	if (copy_from_user(&data, udata, sizeof(data)))
> +		return -EFAULT;
> +
> +	/* Currently no input flags are supported */
> +	if (data.flags)
> +		return -EINVAL;
> +
> +	shm = tee_shm_register_fd(ctx, data.fd);
> +	if (IS_ERR(shm))
> +		return -EINVAL;
> +
> +	data.id = shm->id;
> +	data.flags = shm->flags;
> +	data.size = shm->size;
> +
> +	if (copy_to_user(udata, &data, sizeof(data)))
> +		ret = -EFAULT;
> +	else
> +		ret = tee_shm_get_fd(shm);
> +
> +	/*
> +	 * When user space closes the file descriptor the shared memory
> +	 * should be freed or if tee_shm_get_fd() failed then it will
> +	 * be freed immediately.
> +	 */
> +	tee_shm_put(shm);
> +	return ret;
> +}
> +
>  static int params_from_user(struct tee_context *ctx, struct
> tee_param *params,
>  			    size_t num_params,
>  			    struct tee_ioctl_param __user *uparams)
> @@ -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
> int cmd, unsigned long arg)
>  		return tee_ioctl_shm_alloc(ctx, uarg);
>  	case TEE_IOC_SHM_REGISTER:
>  		return tee_ioctl_shm_register(ctx, uarg);
> +	case TEE_IOC_SHM_REGISTER_FD:
> +		return tee_ioctl_shm_register_fd(ctx, uarg);
>  	case TEE_IOC_OPEN_SESSION:
>  		return tee_ioctl_open_session(ctx, uarg);
>  	case TEE_IOC_INVOKE:
> diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> index 836872467dc6..55a3fbbb022e 100644
> --- a/drivers/tee/tee_shm.c
> +++ b/drivers/tee/tee_shm.c
> @@ -4,6 +4,7 @@
>   */
>  #include <linux/anon_inodes.h>
>  #include <linux/device.h>
> +#include <linux/dma-buf.h>
>  #include <linux/idr.h>
>  #include <linux/mm.h>
>  #include <linux/sched.h>
> @@ -12,6 +13,14 @@
>  #include <linux/uio.h>
>  #include "tee_private.h"
>  
> +/* extra references appended to shm object for registered shared
> memory */
> +struct tee_shm_dmabuf_ref {
> +     struct tee_shm shm;
> +     struct dma_buf *dmabuf;
> +     struct dma_buf_attachment *attach;
> +     struct sg_table *sgt;
> +};
> +
>  static void shm_put_kernel_pages(struct page **pages, size_t
> page_count)
>  {
>  	size_t n;
> @@ -71,7 +80,16 @@ static void release_registered_pages(struct
> tee_shm *shm)
>  
>  static void tee_shm_release(struct tee_device *teedev, struct
> tee_shm *shm)
>  {
> -	if (shm->flags & TEE_SHM_POOL) {
> +	if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> +		struct tee_shm_dmabuf_ref *ref;
> +
> +		ref = container_of(shm, struct tee_shm_dmabuf_ref,
> shm);
> +		dma_buf_unmap_attachment(ref->attach, ref->sgt,
> +					 DMA_BIDIRECTIONAL);
> +
> +		dma_buf_detach(ref->dmabuf, ref->attach);
> +		dma_buf_put(ref->dmabuf);
> +	} else if (shm->flags & TEE_SHM_POOL) {
>  		teedev->pool->ops->free(teedev->pool, shm);
>  	} else if (shm->flags & TEE_SHM_DYNAMIC) {
>  		int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> shm);
> @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
> tee_context *ctx, size_t size)
>   * tee_client_invoke_func(). The memory allocated is later freed
> with a
>   * call to tee_shm_free().
>   *
> - * @returns a pointer to 'struct tee_shm'
> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> failure
>   */
>  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
> size_t size)
>  {
> @@ -229,6 +247,83 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct
> tee_context *ctx, size_t size)
>  }
>  EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
>  
> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
> +{
> +	struct tee_shm_dmabuf_ref *ref;
> +	int rc;
> +
> +	if (!tee_device_get(ctx->teedev))
> +		return ERR_PTR(-EINVAL);
> +
> +	teedev_ctx_get(ctx);
> +
> +	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> +	if (!ref) {
> +		rc = -ENOMEM;
> +		goto err_put_tee;
> +	}
> +
> +	refcount_set(&ref->shm.refcount, 1);
> +	ref->shm.ctx = ctx;
> +	ref->shm.id = -1;
> +
> +	ref->dmabuf = dma_buf_get(fd);
> +	if (IS_ERR(ref->dmabuf)) {
> +		rc = PTR_ERR(ref->dmabuf);
> +		goto err_put_dmabuf;
> +	}
> +
> +	ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> >teedev->dev);
> +	if (IS_ERR(ref->attach)) {
> +		rc = PTR_ERR(ref->attach);
> +		goto err_detach;
> +	}
> +
> +	ref->sgt = dma_buf_map_attachment(ref->attach,
> DMA_BIDIRECTIONAL);
> +	if (IS_ERR(ref->sgt)) {
> +		rc = PTR_ERR(ref->sgt);
> +		goto err_unmap_attachement;
> +	}
> +
> +	if (sg_nents(ref->sgt->sgl) != 1) {
> +		rc = PTR_ERR(ref->sgt->sgl);
> +		goto err_unmap_attachement;
> +	}
> +
> +	ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> +	ref->shm.size = sg_dma_len(ref->sgt->sgl);
> +	ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> +
> +	mutex_lock(&ref->shm.ctx->teedev->mutex);
> +	ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> +				1, 0, GFP_KERNEL);
> +	mutex_unlock(&ref->shm.ctx->teedev->mutex);
> +	if (ref->shm.id < 0) {
> +		rc = ref->shm.id;
> +		goto err_idr_remove;
> +	}
> +
> +	return &ref->shm;
> +
> +err_idr_remove:
> +	mutex_lock(&ctx->teedev->mutex);
> +	idr_remove(&ctx->teedev->idr, ref->shm.id);
> +	mutex_unlock(&ctx->teedev->mutex);
> +err_unmap_attachement:
> +	dma_buf_unmap_attachment(ref->attach, ref->sgt,
> DMA_BIDIRECTIONAL);
> +err_detach:
> +	dma_buf_detach(ref->dmabuf, ref->attach);
> +err_put_dmabuf:
> +	dma_buf_put(ref->dmabuf);
> +	kfree(ref);
> +err_put_tee:
> +	teedev_ctx_put(ctx);
> +	tee_device_put(ctx->teedev);
> +
> +	return ERR_PTR(rc);
> +}
> +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> +
>  static struct tee_shm *
>  register_shm_helper(struct tee_context *ctx, unsigned long addr,
>  		    size_t length, u32 flags, int id)
> diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
> index 911cad324acc..40ddd5376c2d 100644
> --- a/include/linux/tee_drv.h
> +++ b/include/linux/tee_drv.h
> @@ -25,6 +25,7 @@
>  #define TEE_SHM_USER_MAPPED	BIT(1)  /* Memory mapped in user space
> */
>  #define TEE_SHM_POOL		BIT(2)  /* Memory allocated from pool
> */
>  #define TEE_SHM_PRIV		BIT(3)  /* Memory private to TEE driver
> */
> +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> handle */
>  
>  struct device;
>  struct tee_device;
> @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
> tee_context *ctx, size_t size);
>  struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx,
>  					    void *addr, size_t length);
>  
> +/**
> + * tee_shm_register_fd() - Register shared memory from file
> descriptor
> + *
> + * @ctx:	Context that allocates the shared memory
> + * @fd:		Shared memory file descriptor reference
> + *
> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> failure
> + */
> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> fd);
> +
>  /**
>   * tee_shm_is_dynamic() - Check if shared memory object is of the
> dynamic kind
>   * @shm:	Shared memory handle
> diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> index 25a6c534beb1..baf3cd7cfdac 100644
> --- a/include/uapi/linux/tee.h
> +++ b/include/uapi/linux/tee.h
> @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
>  #define TEE_IOC_SHM_ALLOC	_IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> \
>  				     struct tee_ioctl_shm_alloc_data)
>  
> +/**
> + * struct tee_ioctl_shm_register_fd_data - Shared memory registering
> argument
> + * @fd:		[in] File descriptor identifying the shared
> memory
> + * @size:	[out] Size of shared memory to allocate
> + * @flags:	[in] Flags to/from allocation.
> + * @id:		[out] Identifier of the shared memory
> + *
> + * The flags field should currently be zero as input. Updated by the
> call
> + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> below.
> + */
> +struct tee_ioctl_shm_register_fd_data {
> +	__s64 fd;
> +	__u64 size;
> +	__u32 flags;
> +	__s32 id;
> +} __attribute__ ((aligned (8)));
> +
> +/**
> + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> descriptor
> + *
> + * Returns a file descriptor on success or < 0 on failure
> + *
> + * The returned file descriptor refers to the shared memory object
> in kernel
> + * land. The shared memory is freed when the descriptor is closed.
> + */
> +#define TEE_IOC_SHM_REGISTER_FD	_IOWR(TEE_IOC_MAGIC,
> TEE_IOC_BASE + 8, \
> +				     struct
> tee_ioctl_shm_register_fd_data)
> +
>  /**
>   * struct tee_ioctl_buf_data - Variable sized buffer
>   * @buf_ptr:	[in] A __user pointer to a buffer

Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Christian König]

Hi guys,

Am 27.01.23 um 11:54 schrieb Olivier Masse:
> Hi Joakim,
> Hi Etienne,
>
> Let me bring back this pull request for OPTEE Linux driver.
>
> Last feedback was from Christian König and Sumit Garg.
>  From Christian:
>> Just two comments:
>>
>> 1. Dmitry is working on a change which renames some functions and
>> makes
>> it mandatory to call them with the dma_resv lock held.
>>
>> Depending on how you want to upstream this change you will certainly
>> run
>> into conflicts with that.
> Is there any update on these changes ?

Just FYI: The upstream changes Dmitry worked on are now committed, so 
you just need to rebase your work on top and send it out once more.

>> 2. Would it be possible to do this dynamically? In other words does
>> the
>> tee driver has a concept of buffers moving around?
> We do not support dynamic secure memory heap.

That's not an issue. If you pin the memory anyway then you can expose it 
pinned through DMA-buf as well.

The only thing you should avoid is pinning it extra for DMA-buf, because 
then you often create a really nice possibility for an OOM deny of service.

Regards,
Christian.

>
>  From Sumit:
>> What limits you to extend this feature to non-contiguous memory
>> buffers? I believe that should be possible with OP-TEE dynamic shared
>> memory which gives you the granularity to register a list of pages.
> Our solution use a fixed protected reserved memory region and do not
> rely on a dynamic protection managed in secure.
>
> The scope of this implementation rely on a static memory region handled
> by a specific DMA Heap type.
>
> Best regards,
> Olivier MASSE
>
>
> On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
>> From: Etienne Carriere <etienne.carriere@linaro.org>
>>
>> This change allows userland to create a tee_shm object that refers
>> to a dmabuf reference.
>>
>> Userland provides a dmabuf file descriptor as buffer reference.
>> The created tee_shm object exported as a brand new dmabuf reference
>> used to provide a clean fd to userland. Userland shall closed this
>> new
>> fd to release the tee_shm object resources. The initial dmabuf
>> resources
>> are tracked independently through original dmabuf file descriptor.
>>
>> Once the buffer is registered and until it is released, TEE driver
>> keeps a refcount on the registered dmabuf structure.
>>
>> This change only support dmabuf references that relates to physically
>> contiguous memory buffers.
>>
>> New tee_shm flag to identify tee_shm objects built from a registered
>> dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged with
>> TEE_SHM_EXT_DMA_BUF.
>>
>> Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
>> Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
>> Reported-by: kernel test robot <lkp@intel.com>
>> From: https://github.com/linaro-swg/linux.git
>> (cherry picked from commit 41e21e5c405530590dc2dd10b2a8dbe64589840f)
>> ---
>>   drivers/tee/tee_core.c   | 38 +++++++++++++++
>>   drivers/tee/tee_shm.c    | 99
>> +++++++++++++++++++++++++++++++++++++++-
>>   include/linux/tee_drv.h  | 11 +++++
>>   include/uapi/linux/tee.h | 29 ++++++++++++
>>   4 files changed, 175 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
>> index 8aa1a4836b92..7c45cbf85eb9 100644
>> --- a/drivers/tee/tee_core.c
>> +++ b/drivers/tee/tee_core.c
>> @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
>>   	return ret;
>>   }
>>   
>> +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
>> +				     struct
>> tee_ioctl_shm_register_fd_data __user *udata)
>> +{
>> +	struct tee_ioctl_shm_register_fd_data data;
>> +	struct tee_shm *shm;
>> +	long ret;
>> +
>> +	if (copy_from_user(&data, udata, sizeof(data)))
>> +		return -EFAULT;
>> +
>> +	/* Currently no input flags are supported */
>> +	if (data.flags)
>> +		return -EINVAL;
>> +
>> +	shm = tee_shm_register_fd(ctx, data.fd);
>> +	if (IS_ERR(shm))
>> +		return -EINVAL;
>> +
>> +	data.id = shm->id;
>> +	data.flags = shm->flags;
>> +	data.size = shm->size;
>> +
>> +	if (copy_to_user(udata, &data, sizeof(data)))
>> +		ret = -EFAULT;
>> +	else
>> +		ret = tee_shm_get_fd(shm);
>> +
>> +	/*
>> +	 * When user space closes the file descriptor the shared memory
>> +	 * should be freed or if tee_shm_get_fd() failed then it will
>> +	 * be freed immediately.
>> +	 */
>> +	tee_shm_put(shm);
>> +	return ret;
>> +}
>> +
>>   static int params_from_user(struct tee_context *ctx, struct
>> tee_param *params,
>>   			    size_t num_params,
>>   			    struct tee_ioctl_param __user *uparams)
>> @@ -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
>> int cmd, unsigned long arg)
>>   		return tee_ioctl_shm_alloc(ctx, uarg);
>>   	case TEE_IOC_SHM_REGISTER:
>>   		return tee_ioctl_shm_register(ctx, uarg);
>> +	case TEE_IOC_SHM_REGISTER_FD:
>> +		return tee_ioctl_shm_register_fd(ctx, uarg);
>>   	case TEE_IOC_OPEN_SESSION:
>>   		return tee_ioctl_open_session(ctx, uarg);
>>   	case TEE_IOC_INVOKE:
>> diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
>> index 836872467dc6..55a3fbbb022e 100644
>> --- a/drivers/tee/tee_shm.c
>> +++ b/drivers/tee/tee_shm.c
>> @@ -4,6 +4,7 @@
>>    */
>>   #include <linux/anon_inodes.h>
>>   #include <linux/device.h>
>> +#include <linux/dma-buf.h>
>>   #include <linux/idr.h>
>>   #include <linux/mm.h>
>>   #include <linux/sched.h>
>> @@ -12,6 +13,14 @@
>>   #include <linux/uio.h>
>>   #include "tee_private.h"
>>   
>> +/* extra references appended to shm object for registered shared
>> memory */
>> +struct tee_shm_dmabuf_ref {
>> +     struct tee_shm shm;
>> +     struct dma_buf *dmabuf;
>> +     struct dma_buf_attachment *attach;
>> +     struct sg_table *sgt;
>> +};
>> +
>>   static void shm_put_kernel_pages(struct page **pages, size_t
>> page_count)
>>   {
>>   	size_t n;
>> @@ -71,7 +80,16 @@ static void release_registered_pages(struct
>> tee_shm *shm)
>>   
>>   static void tee_shm_release(struct tee_device *teedev, struct
>> tee_shm *shm)
>>   {
>> -	if (shm->flags & TEE_SHM_POOL) {
>> +	if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
>> +		struct tee_shm_dmabuf_ref *ref;
>> +
>> +		ref = container_of(shm, struct tee_shm_dmabuf_ref,
>> shm);
>> +		dma_buf_unmap_attachment(ref->attach, ref->sgt,
>> +					 DMA_BIDIRECTIONAL);
>> +
>> +		dma_buf_detach(ref->dmabuf, ref->attach);
>> +		dma_buf_put(ref->dmabuf);
>> +	} else if (shm->flags & TEE_SHM_POOL) {
>>   		teedev->pool->ops->free(teedev->pool, shm);
>>   	} else if (shm->flags & TEE_SHM_DYNAMIC) {
>>   		int rc = teedev->desc->ops->shm_unregister(shm->ctx,
>> shm);
>> @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
>> tee_context *ctx, size_t size)
>>    * tee_client_invoke_func(). The memory allocated is later freed
>> with a
>>    * call to tee_shm_free().
>>    *
>> - * @returns a pointer to 'struct tee_shm'
>> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
>> failure
>>    */
>>   struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
>> size_t size)
>>   {
>> @@ -229,6 +247,83 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct
>> tee_context *ctx, size_t size)
>>   }
>>   EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
>>   
>> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
>> +{
>> +	struct tee_shm_dmabuf_ref *ref;
>> +	int rc;
>> +
>> +	if (!tee_device_get(ctx->teedev))
>> +		return ERR_PTR(-EINVAL);
>> +
>> +	teedev_ctx_get(ctx);
>> +
>> +	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
>> +	if (!ref) {
>> +		rc = -ENOMEM;
>> +		goto err_put_tee;
>> +	}
>> +
>> +	refcount_set(&ref->shm.refcount, 1);
>> +	ref->shm.ctx = ctx;
>> +	ref->shm.id = -1;
>> +
>> +	ref->dmabuf = dma_buf_get(fd);
>> +	if (IS_ERR(ref->dmabuf)) {
>> +		rc = PTR_ERR(ref->dmabuf);
>> +		goto err_put_dmabuf;
>> +	}
>> +
>> +	ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
>>> teedev->dev);
>> +	if (IS_ERR(ref->attach)) {
>> +		rc = PTR_ERR(ref->attach);
>> +		goto err_detach;
>> +	}
>> +
>> +	ref->sgt = dma_buf_map_attachment(ref->attach,
>> DMA_BIDIRECTIONAL);
>> +	if (IS_ERR(ref->sgt)) {
>> +		rc = PTR_ERR(ref->sgt);
>> +		goto err_unmap_attachement;
>> +	}
>> +
>> +	if (sg_nents(ref->sgt->sgl) != 1) {
>> +		rc = PTR_ERR(ref->sgt->sgl);
>> +		goto err_unmap_attachement;
>> +	}
>> +
>> +	ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
>> +	ref->shm.size = sg_dma_len(ref->sgt->sgl);
>> +	ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
>> +
>> +	mutex_lock(&ref->shm.ctx->teedev->mutex);
>> +	ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
>> +				1, 0, GFP_KERNEL);
>> +	mutex_unlock(&ref->shm.ctx->teedev->mutex);
>> +	if (ref->shm.id < 0) {
>> +		rc = ref->shm.id;
>> +		goto err_idr_remove;
>> +	}
>> +
>> +	return &ref->shm;
>> +
>> +err_idr_remove:
>> +	mutex_lock(&ctx->teedev->mutex);
>> +	idr_remove(&ctx->teedev->idr, ref->shm.id);
>> +	mutex_unlock(&ctx->teedev->mutex);
>> +err_unmap_attachement:
>> +	dma_buf_unmap_attachment(ref->attach, ref->sgt,
>> DMA_BIDIRECTIONAL);
>> +err_detach:
>> +	dma_buf_detach(ref->dmabuf, ref->attach);
>> +err_put_dmabuf:
>> +	dma_buf_put(ref->dmabuf);
>> +	kfree(ref);
>> +err_put_tee:
>> +	teedev_ctx_put(ctx);
>> +	tee_device_put(ctx->teedev);
>> +
>> +	return ERR_PTR(rc);
>> +}
>> +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
>> +
>>   static struct tee_shm *
>>   register_shm_helper(struct tee_context *ctx, unsigned long addr,
>>   		    size_t length, u32 flags, int id)
>> diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
>> index 911cad324acc..40ddd5376c2d 100644
>> --- a/include/linux/tee_drv.h
>> +++ b/include/linux/tee_drv.h
>> @@ -25,6 +25,7 @@
>>   #define TEE_SHM_USER_MAPPED	BIT(1)  /* Memory mapped in user space
>> */
>>   #define TEE_SHM_POOL		BIT(2)  /* Memory allocated from pool
>> */
>>   #define TEE_SHM_PRIV		BIT(3)  /* Memory private to TEE driver
>> */
>> +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
>> handle */
>>   
>>   struct device;
>>   struct tee_device;
>> @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
>> tee_context *ctx, size_t size);
>>   struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx,
>>   					    void *addr, size_t length);
>>   
>> +/**
>> + * tee_shm_register_fd() - Register shared memory from file
>> descriptor
>> + *
>> + * @ctx:	Context that allocates the shared memory
>> + * @fd:		Shared memory file descriptor reference
>> + *
>> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
>> failure
>> + */
>> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
>> fd);
>> +
>>   /**
>>    * tee_shm_is_dynamic() - Check if shared memory object is of the
>> dynamic kind
>>    * @shm:	Shared memory handle
>> diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
>> index 25a6c534beb1..baf3cd7cfdac 100644
>> --- a/include/uapi/linux/tee.h
>> +++ b/include/uapi/linux/tee.h
>> @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
>>   #define TEE_IOC_SHM_ALLOC	_IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
>> \
>>   				     struct tee_ioctl_shm_alloc_data)
>>   
>> +/**
>> + * struct tee_ioctl_shm_register_fd_data - Shared memory registering
>> argument
>> + * @fd:		[in] File descriptor identifying the shared
>> memory
>> + * @size:	[out] Size of shared memory to allocate
>> + * @flags:	[in] Flags to/from allocation.
>> + * @id:		[out] Identifier of the shared memory
>> + *
>> + * The flags field should currently be zero as input. Updated by the
>> call
>> + * with actual flags as defined by TEE_IOCTL_SHM_* above.
>> + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
>> below.
>> + */
>> +struct tee_ioctl_shm_register_fd_data {
>> +	__s64 fd;
>> +	__u64 size;
>> +	__u32 flags;
>> +	__s32 id;
>> +} __attribute__ ((aligned (8)));
>> +
>> +/**
>> + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
>> descriptor
>> + *
>> + * Returns a file descriptor on success or < 0 on failure
>> + *
>> + * The returned file descriptor refers to the shared memory object
>> in kernel
>> + * land. The shared memory is freed when the descriptor is closed.
>> + */
>> +#define TEE_IOC_SHM_REGISTER_FD	_IOWR(TEE_IOC_MAGIC,
>> TEE_IOC_BASE + 8, \
>> +				     struct
>> tee_ioctl_shm_register_fd_data)
>> +
>>   /**
>>    * struct tee_ioctl_buf_data - Variable sized buffer
>>    * @buf_ptr:	[in] A __user pointer to a buffer

Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Etienne Carriere]

Hello Christian, Olivier,


On Fri, 27 Jan 2023 at 12:19, Christian König <christian.koenig@amd.com> wrote:
>
> Hi guys,
>
> Am 27.01.23 um 11:54 schrieb Olivier Masse:
> > Hi Joakim,
> > Hi Etienne,
> >
> > Let me bring back this pull request for OPTEE Linux driver.
> >
> > Last feedback was from Christian König and Sumit Garg.
> >  From Christian:
> >> Just two comments:
> >>
> >> 1. Dmitry is working on a change which renames some functions and
> >> makes
> >> it mandatory to call them with the dma_resv lock held.
> >>
> >> Depending on how you want to upstream this change you will certainly
> >> run
> >> into conflicts with that.
> > Is there any update on these changes ?
>
> Just FYI: The upstream changes Dmitry worked on are now committed, so
> you just need to rebase your work on top and send it out once more.

Could you point out the changes you're referring to?  Is it the below change?

I've reviewed this change. It looks good to me, at least for opteee driver side,
with few fixes in the tee_shm_register_fd() error case path.

Br,
etienne


>
> >> 2. Would it be possible to do this dynamically? In other words does
> >> the
> >> tee driver has a concept of buffers moving around?
> > We do not support dynamic secure memory heap.
>
> That's not an issue. If you pin the memory anyway then you can expose it
> pinned through DMA-buf as well.
>
> The only thing you should avoid is pinning it extra for DMA-buf, because
> then you often create a really nice possibility for an OOM deny of service.
>
> Regards,
> Christian.
>
> >
> >  From Sumit:
> >> What limits you to extend this feature to non-contiguous memory
> >> buffers? I believe that should be possible with OP-TEE dynamic shared
> >> memory which gives you the granularity to register a list of pages.
> > Our solution use a fixed protected reserved memory region and do not
> > rely on a dynamic protection managed in secure.
> >
> > The scope of this implementation rely on a static memory region handled
> > by a specific DMA Heap type.
> >
> > Best regards,
> > Olivier MASSE
> >
> >
> > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> >> From: Etienne Carriere <etienne.carriere@linaro.org>
> >>
> >> This change allows userland to create a tee_shm object that refers
> >> to a dmabuf reference.
> >>
> >> Userland provides a dmabuf file descriptor as buffer reference.
> >> The created tee_shm object exported as a brand new dmabuf reference
> >> used to provide a clean fd to userland. Userland shall closed this
> >> new
> >> fd to release the tee_shm object resources. The initial dmabuf
> >> resources
> >> are tracked independently through original dmabuf file descriptor.
> >>
> >> Once the buffer is registered and until it is released, TEE driver
> >> keeps a refcount on the registered dmabuf structure.
> >>
> >> This change only support dmabuf references that relates to physically
> >> contiguous memory buffers.
> >>
> >> New tee_shm flag to identify tee_shm objects built from a registered
> >> dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged with
> >> TEE_SHM_EXT_DMA_BUF.
> >>
> >> Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> >> Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> >> Reported-by: kernel test robot <lkp@intel.com>
> >> From: https://github.com/linaro-swg/linux.git
> >> (cherry picked from commit 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> >> ---
> >>   drivers/tee/tee_core.c   | 38 +++++++++++++++
> >>   drivers/tee/tee_shm.c    | 99
> >> +++++++++++++++++++++++++++++++++++++++-
> >>   include/linux/tee_drv.h  | 11 +++++
> >>   include/uapi/linux/tee.h | 29 ++++++++++++
> >>   4 files changed, 175 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> >> index 8aa1a4836b92..7c45cbf85eb9 100644
> >> --- a/drivers/tee/tee_core.c
> >> +++ b/drivers/tee/tee_core.c
> >> @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
> >>      return ret;
> >>   }
> >>
> >> +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> >> +                                 struct
> >> tee_ioctl_shm_register_fd_data __user *udata)
> >> +{
> >> +    struct tee_ioctl_shm_register_fd_data data;
> >> +    struct tee_shm *shm;
> >> +    long ret;
> >> +
> >> +    if (copy_from_user(&data, udata, sizeof(data)))
> >> +            return -EFAULT;
> >> +
> >> +    /* Currently no input flags are supported */
> >> +    if (data.flags)
> >> +            return -EINVAL;
> >> +
> >> +    shm = tee_shm_register_fd(ctx, data.fd);
> >> +    if (IS_ERR(shm))
> >> +            return -EINVAL;
> >> +
> >> +    data.id = shm->id;
> >> +    data.flags = shm->flags;
> >> +    data.size = shm->size;
> >> +
> >> +    if (copy_to_user(udata, &data, sizeof(data)))
> >> +            ret = -EFAULT;
> >> +    else
> >> +            ret = tee_shm_get_fd(shm);
> >> +
> >> +    /*
> >> +     * When user space closes the file descriptor the shared memory
> >> +     * should be freed or if tee_shm_get_fd() failed then it will
> >> +     * be freed immediately.
> >> +     */
> >> +    tee_shm_put(shm);
> >> +    return ret;
> >> +}
> >> +
> >>   static int params_from_user(struct tee_context *ctx, struct
> >> tee_param *params,
> >>                          size_t num_params,
> >>                          struct tee_ioctl_param __user *uparams)
> >> @@ -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
> >> int cmd, unsigned long arg)
> >>              return tee_ioctl_shm_alloc(ctx, uarg);
> >>      case TEE_IOC_SHM_REGISTER:
> >>              return tee_ioctl_shm_register(ctx, uarg);
> >> +    case TEE_IOC_SHM_REGISTER_FD:
> >> +            return tee_ioctl_shm_register_fd(ctx, uarg);
> >>      case TEE_IOC_OPEN_SESSION:
> >>              return tee_ioctl_open_session(ctx, uarg);
> >>      case TEE_IOC_INVOKE:
> >> diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> >> index 836872467dc6..55a3fbbb022e 100644
> >> --- a/drivers/tee/tee_shm.c
> >> +++ b/drivers/tee/tee_shm.c
> >> @@ -4,6 +4,7 @@
> >>    */
> >>   #include <linux/anon_inodes.h>
> >>   #include <linux/device.h>
> >> +#include <linux/dma-buf.h>
> >>   #include <linux/idr.h>
> >>   #include <linux/mm.h>
> >>   #include <linux/sched.h>
> >> @@ -12,6 +13,14 @@
> >>   #include <linux/uio.h>
> >>   #include "tee_private.h"
> >>
> >> +/* extra references appended to shm object for registered shared
> >> memory */
> >> +struct tee_shm_dmabuf_ref {
> >> +     struct tee_shm shm;
> >> +     struct dma_buf *dmabuf;
> >> +     struct dma_buf_attachment *attach;
> >> +     struct sg_table *sgt;
> >> +};
> >> +
> >>   static void shm_put_kernel_pages(struct page **pages, size_t
> >> page_count)
> >>   {
> >>      size_t n;
> >> @@ -71,7 +80,16 @@ static void release_registered_pages(struct
> >> tee_shm *shm)
> >>
> >>   static void tee_shm_release(struct tee_device *teedev, struct
> >> tee_shm *shm)
> >>   {
> >> -    if (shm->flags & TEE_SHM_POOL) {
> >> +    if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> >> +            struct tee_shm_dmabuf_ref *ref;
> >> +
> >> +            ref = container_of(shm, struct tee_shm_dmabuf_ref,
> >> shm);
> >> +            dma_buf_unmap_attachment(ref->attach, ref->sgt,
> >> +                                     DMA_BIDIRECTIONAL);
> >> +
> >> +            dma_buf_detach(ref->dmabuf, ref->attach);
> >> +            dma_buf_put(ref->dmabuf);
> >> +    } else if (shm->flags & TEE_SHM_POOL) {
> >>              teedev->pool->ops->free(teedev->pool, shm);
> >>      } else if (shm->flags & TEE_SHM_DYNAMIC) {
> >>              int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> >> shm);
> >> @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
> >> tee_context *ctx, size_t size)
> >>    * tee_client_invoke_func(). The memory allocated is later freed
> >> with a
> >>    * call to tee_shm_free().
> >>    *
> >> - * @returns a pointer to 'struct tee_shm'
> >> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> >> failure
> >>    */
> >>   struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
> >> size_t size)
> >>   {
> >> @@ -229,6 +247,83 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct
> >> tee_context *ctx, size_t size)
> >>   }
> >>   EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> >>
> >> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
> >> +{
> >> +    struct tee_shm_dmabuf_ref *ref;
> >> +    int rc;
> >> +
> >> +    if (!tee_device_get(ctx->teedev))
> >> +            return ERR_PTR(-EINVAL);
> >> +
> >> +    teedev_ctx_get(ctx);
> >> +
> >> +    ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> >> +    if (!ref) {
> >> +            rc = -ENOMEM;
> >> +            goto err_put_tee;
> >> +    }
> >> +
> >> +    refcount_set(&ref->shm.refcount, 1);
> >> +    ref->shm.ctx = ctx;
> >> +    ref->shm.id = -1;
> >> +
> >> +    ref->dmabuf = dma_buf_get(fd);
> >> +    if (IS_ERR(ref->dmabuf)) {
> >> +            rc = PTR_ERR(ref->dmabuf);
> >> +            goto err_put_dmabuf;

goto err_put_tee

> >> +    }
> >> +
> >> +    ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> >>> teedev->dev);
> >> +    if (IS_ERR(ref->attach)) {
> >> +            rc = PTR_ERR(ref->attach);
> >> +            goto err_detach;

goto err_put_dmabuf

> >> +    }
> >> +
> >> +    ref->sgt = dma_buf_map_attachment(ref->attach,
> >> DMA_BIDIRECTIONAL);
> >> +    if (IS_ERR(ref->sgt)) {
> >> +            rc = PTR_ERR(ref->sgt);
> >> +            goto err_unmap_attachement;

goto err_detach

> >> +    }
> >> +
> >> +    if (sg_nents(ref->sgt->sgl) != 1) {
> >> +            rc = PTR_ERR(ref->sgt->sgl);
> >> +            goto err_unmap_attachement;
> >> +    }
> >> +
> >> +    ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> >> +    ref->shm.size = sg_dma_len(ref->sgt->sgl);
> >> +    ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> >> +
> >> +    mutex_lock(&ref->shm.ctx->teedev->mutex);
> >> +    ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> >> +                            1, 0, GFP_KERNEL);
> >> +    mutex_unlock(&ref->shm.ctx->teedev->mutex);
> >> +    if (ref->shm.id < 0) {
> >> +            rc = ref->shm.id;
> >> +            goto err_idr_remove;

goto err_unmap_attachement

> >> +    }
> >> +
> >> +    return &ref->shm;
> >> +
> >> +err_idr_remove:
> >> +    mutex_lock(&ctx->teedev->mutex);
> >> +    idr_remove(&ctx->teedev->idr, ref->shm.id);
> >> +    mutex_unlock(&ctx->teedev->mutex);

Can remove the 4 above lines.

> >> +err_unmap_attachement:
> >> +    dma_buf_unmap_attachment(ref->attach, ref->sgt,
> >> DMA_BIDIRECTIONAL);
> >> +err_detach:
> >> +    dma_buf_detach(ref->dmabuf, ref->attach);
> >> +err_put_dmabuf:
> >> +    dma_buf_put(ref->dmabuf);
> >> +    kfree(ref);
> >> +err_put_tee:
> >> +    teedev_ctx_put(ctx);
> >> +    tee_device_put(ctx->teedev);
> >> +
> >> +    return ERR_PTR(rc);
> >> +}
> >> +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> >> +
> >>   static struct tee_shm *
> >>   register_shm_helper(struct tee_context *ctx, unsigned long addr,
> >>                  size_t length, u32 flags, int id)
> >> diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
> >> index 911cad324acc..40ddd5376c2d 100644
> >> --- a/include/linux/tee_drv.h
> >> +++ b/include/linux/tee_drv.h
> >> @@ -25,6 +25,7 @@
> >>   #define TEE_SHM_USER_MAPPED        BIT(1)  /* Memory mapped in user space
> >> */
> >>   #define TEE_SHM_POOL               BIT(2)  /* Memory allocated from pool
> >> */
> >>   #define TEE_SHM_PRIV               BIT(3)  /* Memory private to TEE driver
> >> */
> >> +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> >> handle */
> >>
> >>   struct device;
> >>   struct tee_device;
> >> @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
> >> tee_context *ctx, size_t size);
> >>   struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx,
> >>                                          void *addr, size_t length);
> >>
> >> +/**
> >> + * tee_shm_register_fd() - Register shared memory from file
> >> descriptor
> >> + *
> >> + * @ctx:    Context that allocates the shared memory
> >> + * @fd:             Shared memory file descriptor reference
> >> + *
> >> + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> >> failure
> >> + */
> >> +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> >> fd);
> >> +
> >>   /**
> >>    * tee_shm_is_dynamic() - Check if shared memory object is of the
> >> dynamic kind
> >>    * @shm:   Shared memory handle
> >> diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> >> index 25a6c534beb1..baf3cd7cfdac 100644
> >> --- a/include/uapi/linux/tee.h
> >> +++ b/include/uapi/linux/tee.h
> >> @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> >>   #define TEE_IOC_SHM_ALLOC  _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> >> \
> >>                                   struct tee_ioctl_shm_alloc_data)
> >>
> >> +/**
> >> + * struct tee_ioctl_shm_register_fd_data - Shared memory registering
> >> argument
> >> + * @fd:             [in] File descriptor identifying the shared
> >> memory
> >> + * @size:   [out] Size of shared memory to allocate
> >> + * @flags:  [in] Flags to/from allocation.
> >> + * @id:             [out] Identifier of the shared memory
> >> + *
> >> + * The flags field should currently be zero as input. Updated by the
> >> call
> >> + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> >> + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> >> below.
> >> + */
> >> +struct tee_ioctl_shm_register_fd_data {
> >> +    __s64 fd;
> >> +    __u64 size;
> >> +    __u32 flags;
> >> +    __s32 id;
> >> +} __attribute__ ((aligned (8)));
> >> +
> >> +/**
> >> + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> >> descriptor
> >> + *
> >> + * Returns a file descriptor on success or < 0 on failure
> >> + *
> >> + * The returned file descriptor refers to the shared memory object
> >> in kernel
> >> + * land. The shared memory is freed when the descriptor is closed.
> >> + */
> >> +#define TEE_IOC_SHM_REGISTER_FD     _IOWR(TEE_IOC_MAGIC,
> >> TEE_IOC_BASE + 8, \
> >> +                                 struct
> >> tee_ioctl_shm_register_fd_data)
> >> +
> >>   /**
> >>    * struct tee_ioctl_buf_data - Variable sized buffer
> >>    * @buf_ptr:       [in] A __user pointer to a buffer
>

Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Sumit Garg]

Hi Olivier,

On Fri, 27 Jan 2023 at 16:24, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> Hi Joakim,
> Hi Etienne,
>
> Let me bring back this pull request for OPTEE Linux driver.
>
> Last feedback was from Christian König and Sumit Garg.
> From Christian:
> > Just two comments:
> >
> > 1. Dmitry is working on a change which renames some functions and
> > makes
> > it mandatory to call them with the dma_resv lock held.
> >
> > Depending on how you want to upstream this change you will certainly
> > run
> > into conflicts with that.
>
> Is there any update on these changes ?
>
> >
> > 2. Would it be possible to do this dynamically? In other words does
> > the
> > tee driver has a concept of buffers moving around?
>
> We do not support dynamic secure memory heap.
>
> From Sumit:
> > What limits you to extend this feature to non-contiguous memory
> > buffers? I believe that should be possible with OP-TEE dynamic shared
> > memory which gives you the granularity to register a list of pages.
>
> Our solution use a fixed protected reserved memory region and do not
> rely on a dynamic protection managed in secure.
>
> The scope of this implementation rely on a static memory region handled
> by a specific DMA Heap type.
>

AFAIR, the last review for v2 is here [1]. So we need to have this
secure DMA heap upstream in order for ioctl added by this patch to be
usable.

[1] https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/message/M3WLO7RNG22OR4744BY6XNG2GLIYMNHN/

-Sumit

> Best regards,
> Olivier MASSE
>
>
> On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > From: Etienne Carriere <etienne.carriere@linaro.org>
> >
> > This change allows userland to create a tee_shm object that refers
> > to a dmabuf reference.
> >
> > Userland provides a dmabuf file descriptor as buffer reference.
> > The created tee_shm object exported as a brand new dmabuf reference
> > used to provide a clean fd to userland. Userland shall closed this
> > new
> > fd to release the tee_shm object resources. The initial dmabuf
> > resources
> > are tracked independently through original dmabuf file descriptor.
> >
> > Once the buffer is registered and until it is released, TEE driver
> > keeps a refcount on the registered dmabuf structure.
> >
> > This change only support dmabuf references that relates to physically
> > contiguous memory buffers.
> >
> > New tee_shm flag to identify tee_shm objects built from a registered
> > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged with
> > TEE_SHM_EXT_DMA_BUF.
> >
> > Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > Reported-by: kernel test robot <lkp@intel.com>
> > From: https://github.com/linaro-swg/linux.git
> > (cherry picked from commit 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > ---
> >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> >  drivers/tee/tee_shm.c    | 99
> > +++++++++++++++++++++++++++++++++++++++-
> >  include/linux/tee_drv.h  | 11 +++++
> >  include/uapi/linux/tee.h | 29 ++++++++++++
> >  4 files changed, 175 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > index 8aa1a4836b92..7c45cbf85eb9 100644
> > --- a/drivers/tee/tee_core.c
> > +++ b/drivers/tee/tee_core.c
> > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
> >       return ret;
> >  }
> >
> > +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> > +                                  struct
> > tee_ioctl_shm_register_fd_data __user *udata)
> > +{
> > +     struct tee_ioctl_shm_register_fd_data data;
> > +     struct tee_shm *shm;
> > +     long ret;
> > +
> > +     if (copy_from_user(&data, udata, sizeof(data)))
> > +             return -EFAULT;
> > +
> > +     /* Currently no input flags are supported */
> > +     if (data.flags)
> > +             return -EINVAL;
> > +
> > +     shm = tee_shm_register_fd(ctx, data.fd);
> > +     if (IS_ERR(shm))
> > +             return -EINVAL;
> > +
> > +     data.id = shm->id;
> > +     data.flags = shm->flags;
> > +     data.size = shm->size;
> > +
> > +     if (copy_to_user(udata, &data, sizeof(data)))
> > +             ret = -EFAULT;
> > +     else
> > +             ret = tee_shm_get_fd(shm);
> > +
> > +     /*
> > +      * When user space closes the file descriptor the shared memory
> > +      * should be freed or if tee_shm_get_fd() failed then it will
> > +      * be freed immediately.
> > +      */
> > +     tee_shm_put(shm);
> > +     return ret;
> > +}
> > +
> >  static int params_from_user(struct tee_context *ctx, struct
> > tee_param *params,
> >                           size_t num_params,
> >                           struct tee_ioctl_param __user *uparams)
> > @@ -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
> > int cmd, unsigned long arg)
> >               return tee_ioctl_shm_alloc(ctx, uarg);
> >       case TEE_IOC_SHM_REGISTER:
> >               return tee_ioctl_shm_register(ctx, uarg);
> > +     case TEE_IOC_SHM_REGISTER_FD:
> > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> >       case TEE_IOC_OPEN_SESSION:
> >               return tee_ioctl_open_session(ctx, uarg);
> >       case TEE_IOC_INVOKE:
> > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> > index 836872467dc6..55a3fbbb022e 100644
> > --- a/drivers/tee/tee_shm.c
> > +++ b/drivers/tee/tee_shm.c
> > @@ -4,6 +4,7 @@
> >   */
> >  #include <linux/anon_inodes.h>
> >  #include <linux/device.h>
> > +#include <linux/dma-buf.h>
> >  #include <linux/idr.h>
> >  #include <linux/mm.h>
> >  #include <linux/sched.h>
> > @@ -12,6 +13,14 @@
> >  #include <linux/uio.h>
> >  #include "tee_private.h"
> >
> > +/* extra references appended to shm object for registered shared
> > memory */
> > +struct tee_shm_dmabuf_ref {
> > +     struct tee_shm shm;
> > +     struct dma_buf *dmabuf;
> > +     struct dma_buf_attachment *attach;
> > +     struct sg_table *sgt;
> > +};
> > +
> >  static void shm_put_kernel_pages(struct page **pages, size_t
> > page_count)
> >  {
> >       size_t n;
> > @@ -71,7 +80,16 @@ static void release_registered_pages(struct
> > tee_shm *shm)
> >
> >  static void tee_shm_release(struct tee_device *teedev, struct
> > tee_shm *shm)
> >  {
> > -     if (shm->flags & TEE_SHM_POOL) {
> > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > +             struct tee_shm_dmabuf_ref *ref;
> > +
> > +             ref = container_of(shm, struct tee_shm_dmabuf_ref,
> > shm);
> > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > +                                      DMA_BIDIRECTIONAL);
> > +
> > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > +             dma_buf_put(ref->dmabuf);
> > +     } else if (shm->flags & TEE_SHM_POOL) {
> >               teedev->pool->ops->free(teedev->pool, shm);
> >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> >               int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> > shm);
> > @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
> > tee_context *ctx, size_t size)
> >   * tee_client_invoke_func(). The memory allocated is later freed
> > with a
> >   * call to tee_shm_free().
> >   *
> > - * @returns a pointer to 'struct tee_shm'
> > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> > failure
> >   */
> >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
> > size_t size)
> >  {
> > @@ -229,6 +247,83 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct
> > tee_context *ctx, size_t size)
> >  }
> >  EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> >
> > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
> > +{
> > +     struct tee_shm_dmabuf_ref *ref;
> > +     int rc;
> > +
> > +     if (!tee_device_get(ctx->teedev))
> > +             return ERR_PTR(-EINVAL);
> > +
> > +     teedev_ctx_get(ctx);
> > +
> > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > +     if (!ref) {
> > +             rc = -ENOMEM;
> > +             goto err_put_tee;
> > +     }
> > +
> > +     refcount_set(&ref->shm.refcount, 1);
> > +     ref->shm.ctx = ctx;
> > +     ref->shm.id = -1;
> > +
> > +     ref->dmabuf = dma_buf_get(fd);
> > +     if (IS_ERR(ref->dmabuf)) {
> > +             rc = PTR_ERR(ref->dmabuf);
> > +             goto err_put_dmabuf;
> > +     }
> > +
> > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> > >teedev->dev);
> > +     if (IS_ERR(ref->attach)) {
> > +             rc = PTR_ERR(ref->attach);
> > +             goto err_detach;
> > +     }
> > +
> > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > DMA_BIDIRECTIONAL);
> > +     if (IS_ERR(ref->sgt)) {
> > +             rc = PTR_ERR(ref->sgt);
> > +             goto err_unmap_attachement;
> > +     }
> > +
> > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > +             rc = PTR_ERR(ref->sgt->sgl);
> > +             goto err_unmap_attachement;
> > +     }
> > +
> > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > +
> > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> > +                             1, 0, GFP_KERNEL);
> > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > +     if (ref->shm.id < 0) {
> > +             rc = ref->shm.id;
> > +             goto err_idr_remove;
> > +     }
> > +
> > +     return &ref->shm;
> > +
> > +err_idr_remove:
> > +     mutex_lock(&ctx->teedev->mutex);
> > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > +     mutex_unlock(&ctx->teedev->mutex);
> > +err_unmap_attachement:
> > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > DMA_BIDIRECTIONAL);
> > +err_detach:
> > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > +err_put_dmabuf:
> > +     dma_buf_put(ref->dmabuf);
> > +     kfree(ref);
> > +err_put_tee:
> > +     teedev_ctx_put(ctx);
> > +     tee_device_put(ctx->teedev);
> > +
> > +     return ERR_PTR(rc);
> > +}
> > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > +
> >  static struct tee_shm *
> >  register_shm_helper(struct tee_context *ctx, unsigned long addr,
> >                   size_t length, u32 flags, int id)
> > diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
> > index 911cad324acc..40ddd5376c2d 100644
> > --- a/include/linux/tee_drv.h
> > +++ b/include/linux/tee_drv.h
> > @@ -25,6 +25,7 @@
> >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in user space
> > */
> >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated from pool
> > */
> >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to TEE driver
> > */
> > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> > handle */
> >
> >  struct device;
> >  struct tee_device;
> > @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
> > tee_context *ctx, size_t size);
> >  struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx,
> >                                           void *addr, size_t length);
> >
> > +/**
> > + * tee_shm_register_fd() - Register shared memory from file
> > descriptor
> > + *
> > + * @ctx:     Context that allocates the shared memory
> > + * @fd:              Shared memory file descriptor reference
> > + *
> > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR on
> > failure
> > + */
> > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > fd);
> > +
> >  /**
> >   * tee_shm_is_dynamic() - Check if shared memory object is of the
> > dynamic kind
> >   * @shm:     Shared memory handle
> > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> > index 25a6c534beb1..baf3cd7cfdac 100644
> > --- a/include/uapi/linux/tee.h
> > +++ b/include/uapi/linux/tee.h
> > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> > \
> >                                    struct tee_ioctl_shm_alloc_data)
> >
> > +/**
> > + * struct tee_ioctl_shm_register_fd_data - Shared memory registering
> > argument
> > + * @fd:              [in] File descriptor identifying the shared
> > memory
> > + * @size:    [out] Size of shared memory to allocate
> > + * @flags:   [in] Flags to/from allocation.
> > + * @id:              [out] Identifier of the shared memory
> > + *
> > + * The flags field should currently be zero as input. Updated by the
> > call
> > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> > below.
> > + */
> > +struct tee_ioctl_shm_register_fd_data {
> > +     __s64 fd;
> > +     __u64 size;
> > +     __u32 flags;
> > +     __s32 id;
> > +} __attribute__ ((aligned (8)));
> > +
> > +/**
> > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> > descriptor
> > + *
> > + * Returns a file descriptor on success or < 0 on failure
> > + *
> > + * The returned file descriptor refers to the shared memory object
> > in kernel
> > + * land. The shared memory is freed when the descriptor is closed.
> > + */
> > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > TEE_IOC_BASE + 8, \
> > +                                  struct
> > tee_ioctl_shm_register_fd_data)
> > +
> >  /**
> >   * struct tee_ioctl_buf_data - Variable sized buffer
> >   * @buf_ptr: [in] A __user pointer to a buffer

RE: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Cyrille Fleury]

Hi Sumit, all

Upstream OP-TEE should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.

Purpose of the new register_tee_shm ioctl is to allow OPTEE to use memory allocated from the exiting linux dma buffer. We don't need to have secure dma-heap up streamed. 

You mentioned secure dma-buffer, but secure dma-buffer is a dma-buffer, so the work to be done for secure or "regular" dma buffers by the register_tee_shm ioctl is 100% the same.

The scope of this ioctl is limited to what existing upstream dma-buffers are:
        -> sharing buffers for hardware (DMA) access across multiple device drivers and subsystems, and for synchronizing asynchronous hardware access.
       -> It means continuous memory only. 

So if we reduce the scope of register tee_shm to exiting dma-buffer area, the current patch does the job.  

Regards.

-----Original Message-----
From: Sumit Garg <sumit.garg@linaro.org> 
Sent: Wednesday, February 1, 2023 6:34 AM
To: Olivier Masse <olivier.masse@nxp.com>
Cc: fredgc@google.com; linux-media@vger.kernel.org; linaro-mm-sig@lists.linaro.org; afd@ti.com; op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org; christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>; Cyrille Fleury <cyrille.fleury@nxp.com>
Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

Caution: EXT Email

Hi Olivier,

On Fri, 27 Jan 2023 at 16:24, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> Hi Joakim,
> Hi Etienne,
>
> Let me bring back this pull request for OPTEE Linux driver.
>
> Last feedback was from Christian König and Sumit Garg.
> From Christian:
> > Just two comments:
> >
> > 1. Dmitry is working on a change which renames some functions and 
> > makes it mandatory to call them with the dma_resv lock held.
> >
> > Depending on how you want to upstream this change you will certainly 
> > run into conflicts with that.
>
> Is there any update on these changes ?
>
> >
> > 2. Would it be possible to do this dynamically? In other words does 
> > the tee driver has a concept of buffers moving around?
>
> We do not support dynamic secure memory heap.
>
> From Sumit:
> > What limits you to extend this feature to non-contiguous memory 
> > buffers? I believe that should be possible with OP-TEE dynamic 
> > shared memory which gives you the granularity to register a list of pages.
>
> Our solution use a fixed protected reserved memory region and do not 
> rely on a dynamic protection managed in secure.
>
> The scope of this implementation rely on a static memory region 
> handled by a specific DMA Heap type.
>

AFAIR, the last review for v2 is here [1]. So we need to have this secure DMA heap upstream in order for ioctl added by this patch to be usable.

[1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6pRAqnMlJ0TX000YmlgTkPKn411VBC%2Bj29O9KhJjJOg%3D&reserved=0

-Sumit

> Best regards,
> Olivier MASSE
>
>
> On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > From: Etienne Carriere <etienne.carriere@linaro.org>
> >
> > This change allows userland to create a tee_shm object that refers 
> > to a dmabuf reference.
> >
> > Userland provides a dmabuf file descriptor as buffer reference.
> > The created tee_shm object exported as a brand new dmabuf reference 
> > used to provide a clean fd to userland. Userland shall closed this 
> > new fd to release the tee_shm object resources. The initial dmabuf 
> > resources are tracked independently through original dmabuf file 
> > descriptor.
> >
> > Once the buffer is registered and until it is released, TEE driver 
> > keeps a refcount on the registered dmabuf structure.
> >
> > This change only support dmabuf references that relates to 
> > physically contiguous memory buffers.
> >
> > New tee_shm flag to identify tee_shm objects built from a registered
> > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged 
> > with TEE_SHM_EXT_DMA_BUF.
> >
> > Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > Reported-by: kernel test robot <lkp@intel.com>
> > From: 
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> > thub.com%2Flinaro-swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5
> > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLfok%3D&r
> > eserved=0 (cherry picked from commit 
> > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > ---
> >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> >  drivers/tee/tee_shm.c    | 99
> > +++++++++++++++++++++++++++++++++++++++-
> >  include/linux/tee_drv.h  | 11 +++++  include/uapi/linux/tee.h | 29 
> > ++++++++++++
> >  4 files changed, 175 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 
> > 8aa1a4836b92..7c45cbf85eb9 100644
> > --- a/drivers/tee/tee_core.c
> > +++ b/drivers/tee/tee_core.c
> > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
> >       return ret;
> >  }
> >
> > +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> > +                                  struct
> > tee_ioctl_shm_register_fd_data __user *udata)
> > +{
> > +     struct tee_ioctl_shm_register_fd_data data;
> > +     struct tee_shm *shm;
> > +     long ret;
> > +
> > +     if (copy_from_user(&data, udata, sizeof(data)))
> > +             return -EFAULT;
> > +
> > +     /* Currently no input flags are supported */
> > +     if (data.flags)
> > +             return -EINVAL;
> > +
> > +     shm = tee_shm_register_fd(ctx, data.fd);
> > +     if (IS_ERR(shm))
> > +             return -EINVAL;
> > +
> > +     data.id = shm->id;
> > +     data.flags = shm->flags;
> > +     data.size = shm->size;
> > +
> > +     if (copy_to_user(udata, &data, sizeof(data)))
> > +             ret = -EFAULT;
> > +     else
> > +             ret = tee_shm_get_fd(shm);
> > +
> > +     /*
> > +      * When user space closes the file descriptor the shared memory
> > +      * should be freed or if tee_shm_get_fd() failed then it will
> > +      * be freed immediately.
> > +      */
> > +     tee_shm_put(shm);
> > +     return ret;
> > +}
> > +
> >  static int params_from_user(struct tee_context *ctx, struct 
> > tee_param *params,
> >                           size_t num_params,
> >                           struct tee_ioctl_param __user *uparams) @@ 
> > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned 
> > int cmd, unsigned long arg)
> >               return tee_ioctl_shm_alloc(ctx, uarg);
> >       case TEE_IOC_SHM_REGISTER:
> >               return tee_ioctl_shm_register(ctx, uarg);
> > +     case TEE_IOC_SHM_REGISTER_FD:
> > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> >       case TEE_IOC_OPEN_SESSION:
> >               return tee_ioctl_open_session(ctx, uarg);
> >       case TEE_IOC_INVOKE:
> > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 
> > 836872467dc6..55a3fbbb022e 100644
> > --- a/drivers/tee/tee_shm.c
> > +++ b/drivers/tee/tee_shm.c
> > @@ -4,6 +4,7 @@
> >   */
> >  #include <linux/anon_inodes.h>
> >  #include <linux/device.h>
> > +#include <linux/dma-buf.h>
> >  #include <linux/idr.h>
> >  #include <linux/mm.h>
> >  #include <linux/sched.h>
> > @@ -12,6 +13,14 @@
> >  #include <linux/uio.h>
> >  #include "tee_private.h"
> >
> > +/* extra references appended to shm object for registered shared
> > memory */
> > +struct tee_shm_dmabuf_ref {
> > +     struct tee_shm shm;
> > +     struct dma_buf *dmabuf;
> > +     struct dma_buf_attachment *attach;
> > +     struct sg_table *sgt;
> > +};
> > +
> >  static void shm_put_kernel_pages(struct page **pages, size_t
> > page_count)
> >  {
> >       size_t n;
> > @@ -71,7 +80,16 @@ static void release_registered_pages(struct 
> > tee_shm *shm)
> >
> >  static void tee_shm_release(struct tee_device *teedev, struct 
> > tee_shm *shm)  {
> > -     if (shm->flags & TEE_SHM_POOL) {
> > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > +             struct tee_shm_dmabuf_ref *ref;
> > +
> > +             ref = container_of(shm, struct tee_shm_dmabuf_ref,
> > shm);
> > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > +                                      DMA_BIDIRECTIONAL);
> > +
> > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > +             dma_buf_put(ref->dmabuf);
> > +     } else if (shm->flags & TEE_SHM_POOL) {
> >               teedev->pool->ops->free(teedev->pool, shm);
> >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> >               int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> > shm);
> > @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct 
> > tee_context *ctx, size_t size)
> >   * tee_client_invoke_func(). The memory allocated is later freed 
> > with a
> >   * call to tee_shm_free().
> >   *
> > - * @returns a pointer to 'struct tee_shm'
> > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR 
> > + on
> > failure
> >   */
> >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx, 
> > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm 
> > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size)  }  
> > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> >
> > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int 
> > +fd) {
> > +     struct tee_shm_dmabuf_ref *ref;
> > +     int rc;
> > +
> > +     if (!tee_device_get(ctx->teedev))
> > +             return ERR_PTR(-EINVAL);
> > +
> > +     teedev_ctx_get(ctx);
> > +
> > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > +     if (!ref) {
> > +             rc = -ENOMEM;
> > +             goto err_put_tee;
> > +     }
> > +
> > +     refcount_set(&ref->shm.refcount, 1);
> > +     ref->shm.ctx = ctx;
> > +     ref->shm.id = -1;
> > +
> > +     ref->dmabuf = dma_buf_get(fd);
> > +     if (IS_ERR(ref->dmabuf)) {
> > +             rc = PTR_ERR(ref->dmabuf);
> > +             goto err_put_dmabuf;
> > +     }
> > +
> > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> > >teedev->dev);
> > +     if (IS_ERR(ref->attach)) {
> > +             rc = PTR_ERR(ref->attach);
> > +             goto err_detach;
> > +     }
> > +
> > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > DMA_BIDIRECTIONAL);
> > +     if (IS_ERR(ref->sgt)) {
> > +             rc = PTR_ERR(ref->sgt);
> > +             goto err_unmap_attachement;
> > +     }
> > +
> > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > +             rc = PTR_ERR(ref->sgt->sgl);
> > +             goto err_unmap_attachement;
> > +     }
> > +
> > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > +
> > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> > +                             1, 0, GFP_KERNEL);
> > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > +     if (ref->shm.id < 0) {
> > +             rc = ref->shm.id;
> > +             goto err_idr_remove;
> > +     }
> > +
> > +     return &ref->shm;
> > +
> > +err_idr_remove:
> > +     mutex_lock(&ctx->teedev->mutex);
> > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > +     mutex_unlock(&ctx->teedev->mutex);
> > +err_unmap_attachement:
> > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > DMA_BIDIRECTIONAL);
> > +err_detach:
> > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > +err_put_dmabuf:
> > +     dma_buf_put(ref->dmabuf);
> > +     kfree(ref);
> > +err_put_tee:
> > +     teedev_ctx_put(ctx);
> > +     tee_device_put(ctx->teedev);
> > +
> > +     return ERR_PTR(rc);
> > +}
> > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > +
> >  static struct tee_shm *
> >  register_shm_helper(struct tee_context *ctx, unsigned long addr,
> >                   size_t length, u32 flags, int id) diff --git 
> > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 
> > 911cad324acc..40ddd5376c2d 100644
> > --- a/include/linux/tee_drv.h
> > +++ b/include/linux/tee_drv.h
> > @@ -25,6 +25,7 @@
> >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in user space 
> > */
> >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated from pool
> > */
> >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to TEE driver
> > */
> > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> > handle */
> >
> >  struct device;
> >  struct tee_device;
> > @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct 
> > tee_context *ctx, size_t size);  struct tee_shm 
> > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> >                                           void *addr, size_t 
> > length);
> >
> > +/**
> > + * tee_shm_register_fd() - Register shared memory from file
> > descriptor
> > + *
> > + * @ctx:     Context that allocates the shared memory
> > + * @fd:              Shared memory file descriptor reference
> > + *
> > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR 
> > + on
> > failure
> > + */
> > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > fd);
> > +
> >  /**
> >   * tee_shm_is_dynamic() - Check if shared memory object is of the 
> > dynamic kind
> >   * @shm:     Shared memory handle
> > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h 
> > index 25a6c534beb1..baf3cd7cfdac 100644
> > --- a/include/uapi/linux/tee.h
> > +++ b/include/uapi/linux/tee.h
> > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> > \
> >                                    struct tee_ioctl_shm_alloc_data)
> >
> > +/**
> > + * struct tee_ioctl_shm_register_fd_data - Shared memory 
> > +registering
> > argument
> > + * @fd:              [in] File descriptor identifying the shared
> > memory
> > + * @size:    [out] Size of shared memory to allocate
> > + * @flags:   [in] Flags to/from allocation.
> > + * @id:              [out] Identifier of the shared memory
> > + *
> > + * The flags field should currently be zero as input. Updated by 
> > + the
> > call
> > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> > below.
> > + */
> > +struct tee_ioctl_shm_register_fd_data {
> > +     __s64 fd;
> > +     __u64 size;
> > +     __u32 flags;
> > +     __s32 id;
> > +} __attribute__ ((aligned (8)));
> > +
> > +/**
> > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> > descriptor
> > + *
> > + * Returns a file descriptor on success or < 0 on failure
> > + *
> > + * The returned file descriptor refers to the shared memory object
> > in kernel
> > + * land. The shared memory is freed when the descriptor is closed.
> > + */
> > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > TEE_IOC_BASE + 8, \
> > +                                  struct
> > tee_ioctl_shm_register_fd_data)
> > +
> >  /**
> >   * struct tee_ioctl_buf_data - Variable sized buffer
> >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Sumit Garg]

Hi Cyrille,

Please don't top post as it makes it harder to follow-up.

On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com> wrote:
>
> Hi Sumit, all
>
> Upstream OP-TEE should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
>
> Purpose of the new register_tee_shm ioctl is to allow OPTEE to use memory allocated from the exiting linux dma buffer. We don't need to have secure dma-heap up streamed.
>
> You mentioned secure dma-buffer, but secure dma-buffer is a dma-buffer, so the work to be done for secure or "regular" dma buffers by the register_tee_shm ioctl is 100% the same.
>
> The scope of this ioctl is limited to what existing upstream dma-buffers are:
>         -> sharing buffers for hardware (DMA) access across multiple device drivers and subsystems, and for synchronizing asynchronous hardware access.
>        -> It means continuous memory only.
>
> So if we reduce the scope of register tee_shm to exiting dma-buffer area, the current patch does the job.

Do you have a corresponding real world use-case supported by upstream
OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
supported in OP-TEE upstream but without secure dmabuf heap [1]
available, the new ioctl can't be exercised.

[1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.h#L15

-Sumit

>
> Regards.
>
> -----Original Message-----
> From: Sumit Garg <sumit.garg@linaro.org>
> Sent: Wednesday, February 1, 2023 6:34 AM
> To: Olivier Masse <olivier.masse@nxp.com>
> Cc: fredgc@google.com; linux-media@vger.kernel.org; linaro-mm-sig@lists.linaro.org; afd@ti.com; op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org; christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>; Cyrille Fleury <cyrille.fleury@nxp.com>
> Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor
>
> Caution: EXT Email
>
> Hi Olivier,
>
> On Fri, 27 Jan 2023 at 16:24, Olivier Masse <olivier.masse@nxp.com> wrote:
> >
> > Hi Joakim,
> > Hi Etienne,
> >
> > Let me bring back this pull request for OPTEE Linux driver.
> >
> > Last feedback was from Christian König and Sumit Garg.
> > From Christian:
> > > Just two comments:
> > >
> > > 1. Dmitry is working on a change which renames some functions and
> > > makes it mandatory to call them with the dma_resv lock held.
> > >
> > > Depending on how you want to upstream this change you will certainly
> > > run into conflicts with that.
> >
> > Is there any update on these changes ?
> >
> > >
> > > 2. Would it be possible to do this dynamically? In other words does
> > > the tee driver has a concept of buffers moving around?
> >
> > We do not support dynamic secure memory heap.
> >
> > From Sumit:
> > > What limits you to extend this feature to non-contiguous memory
> > > buffers? I believe that should be possible with OP-TEE dynamic
> > > shared memory which gives you the granularity to register a list of pages.
> >
> > Our solution use a fixed protected reserved memory region and do not
> > rely on a dynamic protection managed in secure.
> >
> > The scope of this implementation rely on a static memory region
> > handled by a specific DMA Heap type.
> >
>
> AFAIR, the last review for v2 is here [1]. So we need to have this secure DMA heap upstream in order for ioctl added by this patch to be usable.
>
> [1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6pRAqnMlJ0TX000YmlgTkPKn411VBC%2Bj29O9KhJjJOg%3D&reserved=0
>
> -Sumit
>
> > Best regards,
> > Olivier MASSE
> >
> >
> > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > > From: Etienne Carriere <etienne.carriere@linaro.org>
> > >
> > > This change allows userland to create a tee_shm object that refers
> > > to a dmabuf reference.
> > >
> > > Userland provides a dmabuf file descriptor as buffer reference.
> > > The created tee_shm object exported as a brand new dmabuf reference
> > > used to provide a clean fd to userland. Userland shall closed this
> > > new fd to release the tee_shm object resources. The initial dmabuf
> > > resources are tracked independently through original dmabuf file
> > > descriptor.
> > >
> > > Once the buffer is registered and until it is released, TEE driver
> > > keeps a refcount on the registered dmabuf structure.
> > >
> > > This change only support dmabuf references that relates to
> > > physically contiguous memory buffers.
> > >
> > > New tee_shm flag to identify tee_shm objects built from a registered
> > > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged
> > > with TEE_SHM_EXT_DMA_BUF.
> > >
> > > Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> > > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > From:
> > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> > > thub.com%2Flinaro-swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5
> > > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> > > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> > > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLfok%3D&r
> > > eserved=0 (cherry picked from commit
> > > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > > ---
> > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > >  drivers/tee/tee_shm.c    | 99
> > > +++++++++++++++++++++++++++++++++++++++-
> > >  include/linux/tee_drv.h  | 11 +++++  include/uapi/linux/tee.h | 29
> > > ++++++++++++
> > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index
> > > 8aa1a4836b92..7c45cbf85eb9 100644
> > > --- a/drivers/tee/tee_core.c
> > > +++ b/drivers/tee/tee_core.c
> > > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
> > >       return ret;
> > >  }
> > >
> > > +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> > > +                                  struct
> > > tee_ioctl_shm_register_fd_data __user *udata)
> > > +{
> > > +     struct tee_ioctl_shm_register_fd_data data;
> > > +     struct tee_shm *shm;
> > > +     long ret;
> > > +
> > > +     if (copy_from_user(&data, udata, sizeof(data)))
> > > +             return -EFAULT;
> > > +
> > > +     /* Currently no input flags are supported */
> > > +     if (data.flags)
> > > +             return -EINVAL;
> > > +
> > > +     shm = tee_shm_register_fd(ctx, data.fd);
> > > +     if (IS_ERR(shm))
> > > +             return -EINVAL;
> > > +
> > > +     data.id = shm->id;
> > > +     data.flags = shm->flags;
> > > +     data.size = shm->size;
> > > +
> > > +     if (copy_to_user(udata, &data, sizeof(data)))
> > > +             ret = -EFAULT;
> > > +     else
> > > +             ret = tee_shm_get_fd(shm);
> > > +
> > > +     /*
> > > +      * When user space closes the file descriptor the shared memory
> > > +      * should be freed or if tee_shm_get_fd() failed then it will
> > > +      * be freed immediately.
> > > +      */
> > > +     tee_shm_put(shm);
> > > +     return ret;
> > > +}
> > > +
> > >  static int params_from_user(struct tee_context *ctx, struct
> > > tee_param *params,
> > >                           size_t num_params,
> > >                           struct tee_ioctl_param __user *uparams) @@
> > > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
> > > int cmd, unsigned long arg)
> > >               return tee_ioctl_shm_alloc(ctx, uarg);
> > >       case TEE_IOC_SHM_REGISTER:
> > >               return tee_ioctl_shm_register(ctx, uarg);
> > > +     case TEE_IOC_SHM_REGISTER_FD:
> > > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> > >       case TEE_IOC_OPEN_SESSION:
> > >               return tee_ioctl_open_session(ctx, uarg);
> > >       case TEE_IOC_INVOKE:
> > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index
> > > 836872467dc6..55a3fbbb022e 100644
> > > --- a/drivers/tee/tee_shm.c
> > > +++ b/drivers/tee/tee_shm.c
> > > @@ -4,6 +4,7 @@
> > >   */
> > >  #include <linux/anon_inodes.h>
> > >  #include <linux/device.h>
> > > +#include <linux/dma-buf.h>
> > >  #include <linux/idr.h>
> > >  #include <linux/mm.h>
> > >  #include <linux/sched.h>
> > > @@ -12,6 +13,14 @@
> > >  #include <linux/uio.h>
> > >  #include "tee_private.h"
> > >
> > > +/* extra references appended to shm object for registered shared
> > > memory */
> > > +struct tee_shm_dmabuf_ref {
> > > +     struct tee_shm shm;
> > > +     struct dma_buf *dmabuf;
> > > +     struct dma_buf_attachment *attach;
> > > +     struct sg_table *sgt;
> > > +};
> > > +
> > >  static void shm_put_kernel_pages(struct page **pages, size_t
> > > page_count)
> > >  {
> > >       size_t n;
> > > @@ -71,7 +80,16 @@ static void release_registered_pages(struct
> > > tee_shm *shm)
> > >
> > >  static void tee_shm_release(struct tee_device *teedev, struct
> > > tee_shm *shm)  {
> > > -     if (shm->flags & TEE_SHM_POOL) {
> > > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > > +             struct tee_shm_dmabuf_ref *ref;
> > > +
> > > +             ref = container_of(shm, struct tee_shm_dmabuf_ref,
> > > shm);
> > > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > +                                      DMA_BIDIRECTIONAL);
> > > +
> > > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > > +             dma_buf_put(ref->dmabuf);
> > > +     } else if (shm->flags & TEE_SHM_POOL) {
> > >               teedev->pool->ops->free(teedev->pool, shm);
> > >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> > >               int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> > > shm);
> > > @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
> > > tee_context *ctx, size_t size)
> > >   * tee_client_invoke_func(). The memory allocated is later freed
> > > with a
> > >   * call to tee_shm_free().
> > >   *
> > > - * @returns a pointer to 'struct tee_shm'
> > > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR
> > > + on
> > > failure
> > >   */
> > >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
> > > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm
> > > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size)  }
> > > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> > >
> > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > > +fd) {
> > > +     struct tee_shm_dmabuf_ref *ref;
> > > +     int rc;
> > > +
> > > +     if (!tee_device_get(ctx->teedev))
> > > +             return ERR_PTR(-EINVAL);
> > > +
> > > +     teedev_ctx_get(ctx);
> > > +
> > > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > > +     if (!ref) {
> > > +             rc = -ENOMEM;
> > > +             goto err_put_tee;
> > > +     }
> > > +
> > > +     refcount_set(&ref->shm.refcount, 1);
> > > +     ref->shm.ctx = ctx;
> > > +     ref->shm.id = -1;
> > > +
> > > +     ref->dmabuf = dma_buf_get(fd);
> > > +     if (IS_ERR(ref->dmabuf)) {
> > > +             rc = PTR_ERR(ref->dmabuf);
> > > +             goto err_put_dmabuf;
> > > +     }
> > > +
> > > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> > > >teedev->dev);
> > > +     if (IS_ERR(ref->attach)) {
> > > +             rc = PTR_ERR(ref->attach);
> > > +             goto err_detach;
> > > +     }
> > > +
> > > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > > DMA_BIDIRECTIONAL);
> > > +     if (IS_ERR(ref->sgt)) {
> > > +             rc = PTR_ERR(ref->sgt);
> > > +             goto err_unmap_attachement;
> > > +     }
> > > +
> > > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > > +             rc = PTR_ERR(ref->sgt->sgl);
> > > +             goto err_unmap_attachement;
> > > +     }
> > > +
> > > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > > +
> > > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> > > +                             1, 0, GFP_KERNEL);
> > > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > > +     if (ref->shm.id < 0) {
> > > +             rc = ref->shm.id;
> > > +             goto err_idr_remove;
> > > +     }
> > > +
> > > +     return &ref->shm;
> > > +
> > > +err_idr_remove:
> > > +     mutex_lock(&ctx->teedev->mutex);
> > > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > > +     mutex_unlock(&ctx->teedev->mutex);
> > > +err_unmap_attachement:
> > > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > DMA_BIDIRECTIONAL);
> > > +err_detach:
> > > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > > +err_put_dmabuf:
> > > +     dma_buf_put(ref->dmabuf);
> > > +     kfree(ref);
> > > +err_put_tee:
> > > +     teedev_ctx_put(ctx);
> > > +     tee_device_put(ctx->teedev);
> > > +
> > > +     return ERR_PTR(rc);
> > > +}
> > > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > > +
> > >  static struct tee_shm *
> > >  register_shm_helper(struct tee_context *ctx, unsigned long addr,
> > >                   size_t length, u32 flags, int id) diff --git
> > > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index
> > > 911cad324acc..40ddd5376c2d 100644
> > > --- a/include/linux/tee_drv.h
> > > +++ b/include/linux/tee_drv.h
> > > @@ -25,6 +25,7 @@
> > >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in user space
> > > */
> > >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated from pool
> > > */
> > >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to TEE driver
> > > */
> > > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> > > handle */
> > >
> > >  struct device;
> > >  struct tee_device;
> > > @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
> > > tee_context *ctx, size_t size);  struct tee_shm
> > > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> > >                                           void *addr, size_t
> > > length);
> > >
> > > +/**
> > > + * tee_shm_register_fd() - Register shared memory from file
> > > descriptor
> > > + *
> > > + * @ctx:     Context that allocates the shared memory
> > > + * @fd:              Shared memory file descriptor reference
> > > + *
> > > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR
> > > + on
> > > failure
> > > + */
> > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > > fd);
> > > +
> > >  /**
> > >   * tee_shm_is_dynamic() - Check if shared memory object is of the
> > > dynamic kind
> > >   * @shm:     Shared memory handle
> > > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> > > index 25a6c534beb1..baf3cd7cfdac 100644
> > > --- a/include/uapi/linux/tee.h
> > > +++ b/include/uapi/linux/tee.h
> > > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> > >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> > > \
> > >                                    struct tee_ioctl_shm_alloc_data)
> > >
> > > +/**
> > > + * struct tee_ioctl_shm_register_fd_data - Shared memory
> > > +registering
> > > argument
> > > + * @fd:              [in] File descriptor identifying the shared
> > > memory
> > > + * @size:    [out] Size of shared memory to allocate
> > > + * @flags:   [in] Flags to/from allocation.
> > > + * @id:              [out] Identifier of the shared memory
> > > + *
> > > + * The flags field should currently be zero as input. Updated by
> > > + the
> > > call
> > > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > > + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> > > below.
> > > + */
> > > +struct tee_ioctl_shm_register_fd_data {
> > > +     __s64 fd;
> > > +     __u64 size;
> > > +     __u32 flags;
> > > +     __s32 id;
> > > +} __attribute__ ((aligned (8)));
> > > +
> > > +/**
> > > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> > > descriptor
> > > + *
> > > + * Returns a file descriptor on success or < 0 on failure
> > > + *
> > > + * The returned file descriptor refers to the shared memory object
> > > in kernel
> > > + * land. The shared memory is freed when the descriptor is closed.
> > > + */
> > > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > > TEE_IOC_BASE + 8, \
> > > +                                  struct
> > > tee_ioctl_shm_register_fd_data)
> > > +
> > >  /**
> > >   * struct tee_ioctl_buf_data - Variable sized buffer
> > >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Etienne Carriere]

On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> Hi Cyrille,
>
> Please don't top post as it makes it harder to follow-up.
>
> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com> wrote:
> >
> > Hi Sumit, all
> >
> > Upstream OP-TEE should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
> >
> > Purpose of the new register_tee_shm ioctl is to allow OPTEE to use memory allocated from the exiting linux dma buffer. We don't need to have secure dma-heap up streamed.
> >
> > You mentioned secure dma-buffer, but secure dma-buffer is a dma-buffer, so the work to be done for secure or "regular" dma buffers by the register_tee_shm ioctl is 100% the same.
> >
> > The scope of this ioctl is limited to what existing upstream dma-buffers are:
> >         -> sharing buffers for hardware (DMA) access across multiple device drivers and subsystems, and for synchronizing asynchronous hardware access.
> >        -> It means continuous memory only.
> >
> > So if we reduce the scope of register tee_shm to exiting dma-buffer area, the current patch does the job.
>
> Do you have a corresponding real world use-case supported by upstream
> OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
> supported in OP-TEE upstream but without secure dmabuf heap [1]
> available, the new ioctl can't be exercised.
>
> [1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.h#L15

OP-TEE has some SDP test taht can exercice SDP: 'xtest regression_1014'.
https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/regression_1000.c#L1256

The test relies on old staged ION + local secure dmabuf heaps no more
maintained, so this test is currently not functional.
If we upgrade the test to mainline dmabuf alloc means, and apply the
change discussed here, we should be able to regularly test SDP in
OP-TEE project CI.
The part to update is the userland allocation of the dmabuf:
https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L91

br,
etienne


>
> -Sumit
>
> >
> > Regards.
> >
> > -----Original Message-----
> > From: Sumit Garg <sumit.garg@linaro.org>
> > Sent: Wednesday, February 1, 2023 6:34 AM
> > To: Olivier Masse <olivier.masse@nxp.com>
> > Cc: fredgc@google.com; linux-media@vger.kernel.org; linaro-mm-sig@lists.linaro.org; afd@ti.com; op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org; christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>; Cyrille Fleury <cyrille.fleury@nxp.com>
> > Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor
> >
> > Caution: EXT Email
> >
> > Hi Olivier,
> >
> > On Fri, 27 Jan 2023 at 16:24, Olivier Masse <olivier.masse@nxp.com> wrote:
> > >
> > > Hi Joakim,
> > > Hi Etienne,
> > >
> > > Let me bring back this pull request for OPTEE Linux driver.
> > >
> > > Last feedback was from Christian König and Sumit Garg.
> > > From Christian:
> > > > Just two comments:
> > > >
> > > > 1. Dmitry is working on a change which renames some functions and
> > > > makes it mandatory to call them with the dma_resv lock held.
> > > >
> > > > Depending on how you want to upstream this change you will certainly
> > > > run into conflicts with that.
> > >
> > > Is there any update on these changes ?
> > >
> > > >
> > > > 2. Would it be possible to do this dynamically? In other words does
> > > > the tee driver has a concept of buffers moving around?
> > >
> > > We do not support dynamic secure memory heap.
> > >
> > > From Sumit:
> > > > What limits you to extend this feature to non-contiguous memory
> > > > buffers? I believe that should be possible with OP-TEE dynamic
> > > > shared memory which gives you the granularity to register a list of pages.
> > >
> > > Our solution use a fixed protected reserved memory region and do not
> > > rely on a dynamic protection managed in secure.
> > >
> > > The scope of this implementation rely on a static memory region
> > > handled by a specific DMA Heap type.
> > >
> >
> > AFAIR, the last review for v2 is here [1]. So we need to have this secure DMA heap upstream in order for ioctl added by this patch to be usable.
> >
> > [1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6pRAqnMlJ0TX000YmlgTkPKn411VBC%2Bj29O9KhJjJOg%3D&reserved=0
> >
> > -Sumit
> >
> > > Best regards,
> > > Olivier MASSE
> > >
> > >
> > > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > > > From: Etienne Carriere <etienne.carriere@linaro.org>
> > > >
> > > > This change allows userland to create a tee_shm object that refers
> > > > to a dmabuf reference.
> > > >
> > > > Userland provides a dmabuf file descriptor as buffer reference.
> > > > The created tee_shm object exported as a brand new dmabuf reference
> > > > used to provide a clean fd to userland. Userland shall closed this
> > > > new fd to release the tee_shm object resources. The initial dmabuf
> > > > resources are tracked independently through original dmabuf file
> > > > descriptor.
> > > >
> > > > Once the buffer is registered and until it is released, TEE driver
> > > > keeps a refcount on the registered dmabuf structure.
> > > >
> > > > This change only support dmabuf references that relates to
> > > > physically contiguous memory buffers.
> > > >
> > > > New tee_shm flag to identify tee_shm objects built from a registered
> > > > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are flagged
> > > > with TEE_SHM_EXT_DMA_BUF.
> > > >
> > > > Co-Developed-by: Etienne Carriere <etienne.carriere@linaro.org>
> > > > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > > > Reported-by: kernel test robot <lkp@intel.com>
> > > > From:
> > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> > > > thub.com%2Flinaro-swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > > > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa92cd99c5
> > > > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> > > > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> > > > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLfok%3D&r
> > > > eserved=0 (cherry picked from commit
> > > > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > > > ---
> > > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > > >  drivers/tee/tee_shm.c    | 99
> > > > +++++++++++++++++++++++++++++++++++++++-
> > > >  include/linux/tee_drv.h  | 11 +++++  include/uapi/linux/tee.h | 29
> > > > ++++++++++++
> > > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index
> > > > 8aa1a4836b92..7c45cbf85eb9 100644
> > > > --- a/drivers/tee/tee_core.c
> > > > +++ b/drivers/tee/tee_core.c
> > > > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct tee_context *ctx,
> > > >       return ret;
> > > >  }
> > > >
> > > > +static int tee_ioctl_shm_register_fd(struct tee_context *ctx,
> > > > +                                  struct
> > > > tee_ioctl_shm_register_fd_data __user *udata)
> > > > +{
> > > > +     struct tee_ioctl_shm_register_fd_data data;
> > > > +     struct tee_shm *shm;
> > > > +     long ret;
> > > > +
> > > > +     if (copy_from_user(&data, udata, sizeof(data)))
> > > > +             return -EFAULT;
> > > > +
> > > > +     /* Currently no input flags are supported */
> > > > +     if (data.flags)
> > > > +             return -EINVAL;
> > > > +
> > > > +     shm = tee_shm_register_fd(ctx, data.fd);
> > > > +     if (IS_ERR(shm))
> > > > +             return -EINVAL;
> > > > +
> > > > +     data.id = shm->id;
> > > > +     data.flags = shm->flags;
> > > > +     data.size = shm->size;
> > > > +
> > > > +     if (copy_to_user(udata, &data, sizeof(data)))
> > > > +             ret = -EFAULT;
> > > > +     else
> > > > +             ret = tee_shm_get_fd(shm);
> > > > +
> > > > +     /*
> > > > +      * When user space closes the file descriptor the shared memory
> > > > +      * should be freed or if tee_shm_get_fd() failed then it will
> > > > +      * be freed immediately.
> > > > +      */
> > > > +     tee_shm_put(shm);
> > > > +     return ret;
> > > > +}
> > > > +
> > > >  static int params_from_user(struct tee_context *ctx, struct
> > > > tee_param *params,
> > > >                           size_t num_params,
> > > >                           struct tee_ioctl_param __user *uparams) @@
> > > > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp, unsigned
> > > > int cmd, unsigned long arg)
> > > >               return tee_ioctl_shm_alloc(ctx, uarg);
> > > >       case TEE_IOC_SHM_REGISTER:
> > > >               return tee_ioctl_shm_register(ctx, uarg);
> > > > +     case TEE_IOC_SHM_REGISTER_FD:
> > > > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> > > >       case TEE_IOC_OPEN_SESSION:
> > > >               return tee_ioctl_open_session(ctx, uarg);
> > > >       case TEE_IOC_INVOKE:
> > > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index
> > > > 836872467dc6..55a3fbbb022e 100644
> > > > --- a/drivers/tee/tee_shm.c
> > > > +++ b/drivers/tee/tee_shm.c
> > > > @@ -4,6 +4,7 @@
> > > >   */
> > > >  #include <linux/anon_inodes.h>
> > > >  #include <linux/device.h>
> > > > +#include <linux/dma-buf.h>
> > > >  #include <linux/idr.h>
> > > >  #include <linux/mm.h>
> > > >  #include <linux/sched.h>
> > > > @@ -12,6 +13,14 @@
> > > >  #include <linux/uio.h>
> > > >  #include "tee_private.h"
> > > >
> > > > +/* extra references appended to shm object for registered shared
> > > > memory */
> > > > +struct tee_shm_dmabuf_ref {
> > > > +     struct tee_shm shm;
> > > > +     struct dma_buf *dmabuf;
> > > > +     struct dma_buf_attachment *attach;
> > > > +     struct sg_table *sgt;
> > > > +};
> > > > +
> > > >  static void shm_put_kernel_pages(struct page **pages, size_t
> > > > page_count)
> > > >  {
> > > >       size_t n;
> > > > @@ -71,7 +80,16 @@ static void release_registered_pages(struct
> > > > tee_shm *shm)
> > > >
> > > >  static void tee_shm_release(struct tee_device *teedev, struct
> > > > tee_shm *shm)  {
> > > > -     if (shm->flags & TEE_SHM_POOL) {
> > > > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > > > +             struct tee_shm_dmabuf_ref *ref;
> > > > +
> > > > +             ref = container_of(shm, struct tee_shm_dmabuf_ref,
> > > > shm);
> > > > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > +                                      DMA_BIDIRECTIONAL);
> > > > +
> > > > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > > > +             dma_buf_put(ref->dmabuf);
> > > > +     } else if (shm->flags & TEE_SHM_POOL) {
> > > >               teedev->pool->ops->free(teedev->pool, shm);
> > > >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> > > >               int rc = teedev->desc->ops->shm_unregister(shm->ctx,
> > > > shm);
> > > > @@ -195,7 +213,7 @@ struct tee_shm *tee_shm_alloc_user_buf(struct
> > > > tee_context *ctx, size_t size)
> > > >   * tee_client_invoke_func(). The memory allocated is later freed
> > > > with a
> > > >   * call to tee_shm_free().
> > > >   *
> > > > - * @returns a pointer to 'struct tee_shm'
> > > > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR
> > > > + on
> > > > failure
> > > >   */
> > > >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx,
> > > > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm
> > > > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size)  }
> > > > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> > > >
> > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > > > +fd) {
> > > > +     struct tee_shm_dmabuf_ref *ref;
> > > > +     int rc;
> > > > +
> > > > +     if (!tee_device_get(ctx->teedev))
> > > > +             return ERR_PTR(-EINVAL);
> > > > +
> > > > +     teedev_ctx_get(ctx);
> > > > +
> > > > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > > > +     if (!ref) {
> > > > +             rc = -ENOMEM;
> > > > +             goto err_put_tee;
> > > > +     }
> > > > +
> > > > +     refcount_set(&ref->shm.refcount, 1);
> > > > +     ref->shm.ctx = ctx;
> > > > +     ref->shm.id = -1;
> > > > +
> > > > +     ref->dmabuf = dma_buf_get(fd);
> > > > +     if (IS_ERR(ref->dmabuf)) {
> > > > +             rc = PTR_ERR(ref->dmabuf);
> > > > +             goto err_put_dmabuf;
> > > > +     }
> > > > +
> > > > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref->shm.ctx-
> > > > >teedev->dev);
> > > > +     if (IS_ERR(ref->attach)) {
> > > > +             rc = PTR_ERR(ref->attach);
> > > > +             goto err_detach;
> > > > +     }
> > > > +
> > > > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > > > DMA_BIDIRECTIONAL);
> > > > +     if (IS_ERR(ref->sgt)) {
> > > > +             rc = PTR_ERR(ref->sgt);
> > > > +             goto err_unmap_attachement;
> > > > +     }
> > > > +
> > > > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > > > +             rc = PTR_ERR(ref->sgt->sgl);
> > > > +             goto err_unmap_attachement;
> > > > +     }
> > > > +
> > > > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > > > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > > > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > > > +
> > > > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > > > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr, &ref->shm,
> > > > +                             1, 0, GFP_KERNEL);
> > > > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > > > +     if (ref->shm.id < 0) {
> > > > +             rc = ref->shm.id;
> > > > +             goto err_idr_remove;
> > > > +     }
> > > > +
> > > > +     return &ref->shm;
> > > > +
> > > > +err_idr_remove:
> > > > +     mutex_lock(&ctx->teedev->mutex);
> > > > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > > > +     mutex_unlock(&ctx->teedev->mutex);
> > > > +err_unmap_attachement:
> > > > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > DMA_BIDIRECTIONAL);
> > > > +err_detach:
> > > > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > > > +err_put_dmabuf:
> > > > +     dma_buf_put(ref->dmabuf);
> > > > +     kfree(ref);
> > > > +err_put_tee:
> > > > +     teedev_ctx_put(ctx);
> > > > +     tee_device_put(ctx->teedev);
> > > > +
> > > > +     return ERR_PTR(rc);
> > > > +}
> > > > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > > > +
> > > >  static struct tee_shm *
> > > >  register_shm_helper(struct tee_context *ctx, unsigned long addr,
> > > >                   size_t length, u32 flags, int id) diff --git
> > > > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index
> > > > 911cad324acc..40ddd5376c2d 100644
> > > > --- a/include/linux/tee_drv.h
> > > > +++ b/include/linux/tee_drv.h
> > > > @@ -25,6 +25,7 @@
> > > >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in user space
> > > > */
> > > >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated from pool
> > > > */
> > > >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to TEE driver
> > > > */
> > > > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-buf
> > > > handle */
> > > >
> > > >  struct device;
> > > >  struct tee_device;
> > > > @@ -276,6 +277,16 @@ struct tee_shm *tee_shm_alloc_kernel_buf(struct
> > > > tee_context *ctx, size_t size);  struct tee_shm
> > > > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> > > >                                           void *addr, size_t
> > > > length);
> > > >
> > > > +/**
> > > > + * tee_shm_register_fd() - Register shared memory from file
> > > > descriptor
> > > > + *
> > > > + * @ctx:     Context that allocates the shared memory
> > > > + * @fd:              Shared memory file descriptor reference
> > > > + *
> > > > + * @returns a pointer to 'struct tee_shm' on success, and ERR_PTR
> > > > + on
> > > > failure
> > > > + */
> > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int
> > > > fd);
> > > > +
> > > >  /**
> > > >   * tee_shm_is_dynamic() - Check if shared memory object is of the
> > > > dynamic kind
> > > >   * @shm:     Shared memory handle
> > > > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> > > > index 25a6c534beb1..baf3cd7cfdac 100644
> > > > --- a/include/uapi/linux/tee.h
> > > > +++ b/include/uapi/linux/tee.h
> > > > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> > > >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1,
> > > > \
> > > >                                    struct tee_ioctl_shm_alloc_data)
> > > >
> > > > +/**
> > > > + * struct tee_ioctl_shm_register_fd_data - Shared memory
> > > > +registering
> > > > argument
> > > > + * @fd:              [in] File descriptor identifying the shared
> > > > memory
> > > > + * @size:    [out] Size of shared memory to allocate
> > > > + * @flags:   [in] Flags to/from allocation.
> > > > + * @id:              [out] Identifier of the shared memory
> > > > + *
> > > > + * The flags field should currently be zero as input. Updated by
> > > > + the
> > > > call
> > > > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > > > + * This structure is used as argument for TEE_IOC_SHM_REGISTER_FD
> > > > below.
> > > > + */
> > > > +struct tee_ioctl_shm_register_fd_data {
> > > > +     __s64 fd;
> > > > +     __u64 size;
> > > > +     __u32 flags;
> > > > +     __s32 id;
> > > > +} __attribute__ ((aligned (8)));
> > > > +
> > > > +/**
> > > > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a file
> > > > descriptor
> > > > + *
> > > > + * Returns a file descriptor on success or < 0 on failure
> > > > + *
> > > > + * The returned file descriptor refers to the shared memory object
> > > > in kernel
> > > > + * land. The shared memory is freed when the descriptor is closed.
> > > > + */
> > > > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > > > TEE_IOC_BASE + 8, \
> > > > +                                  struct
> > > > tee_ioctl_shm_register_fd_data)
> > > > +
> > > >  /**
> > > >   * struct tee_ioctl_buf_data - Variable sized buffer
> > > >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Olivier Masse]

On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
> Caution: EXT Email
> 
> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
> wrote:
> > Hi Cyrille,
> > 
> > Please don't top post as it makes it harder to follow-up.
> > 
> > On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
> > > wrote:
> > > Hi Sumit, all
> > > 
> > > Upstream OP-TEE should support registering a dmabuf since a
> > > while, given how widely dmabuf is used in Linux for passing
> > > buffers around between devices.
> > > 
> > > Purpose of the new register_tee_shm ioctl is to allow OPTEE to
> > > use memory allocated from the exiting linux dma buffer. We don't
> > > need to have secure dma-heap up streamed.
> > > 
> > > You mentioned secure dma-buffer, but secure dma-buffer is a dma-
> > > buffer, so the work to be done for secure or "regular" dma
> > > buffers by the register_tee_shm ioctl is 100% the same.
> > > 
> > > The scope of this ioctl is limited to what existing upstream dma-
> > > buffers are:
> > >         -> sharing buffers for hardware (DMA) access across
> > > multiple device drivers and subsystems, and for synchronizing
> > > asynchronous hardware access.
> > >        -> It means continuous memory only.
> > > 
> > > So if we reduce the scope of register tee_shm to exiting dma-
> > > buffer area, the current patch does the job.
> > 
> > Do you have a corresponding real world use-case supported by
> > upstream
> > OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
> > supported in OP-TEE upstream but without secure dmabuf heap [1]
> > available, the new ioctl can't be exercised.
> > 
> > [1] 
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2Fsdp_basic.h%23L15&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eNUbc0uaKjfmxau8L7ZB8u%2BtYdUxT4pIS%2Fht29uwRKg%3D&reserved=0
> 
> OP-TEE has some SDP test taht can exercice SDP: 'xtest
> regression_1014'.
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fregression_1000.c%23L1256&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BOtAlVOq7%2Fi6SloSTZuwa5VtlC5RqtcJ4fGtio0YI8A%3D&reserved=0
> 
> The test relies on old staged ION + local secure dmabuf heaps no more
> maintained, so this test is currently not functional.
> If we upgrade the test to mainline dmabuf alloc means, and apply the
> change discussed here, we should be able to regularly test SDP in
> OP-TEE project CI.
> The part to update is the userland allocation of the dmabuf:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_basic.c%23L91&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=K2NB2Bj7V3CXNsM9fZy95OEjF3EzqU4mgmM1PTY3J1Y%3D&reserved=0
> 
> 

the test was already updated to support secure dma heap with Kernel
version 5.11 and higher. the userland allocation could be find here:
https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L153

This upgrade need a Linux dma-buf patch:
https://lore.kernel.org/all/20220805154139.2qkqxwklufjpsfdx@000377403353/T/


> br,
> etienne
> 
> 
> > -Sumit
> > 
> > > Regards.
> > > 
> > > -----Original Message-----
> > > From: Sumit Garg <sumit.garg@linaro.org>
> > > Sent: Wednesday, February 1, 2023 6:34 AM
> > > To: Olivier Masse <olivier.masse@nxp.com>
> > > Cc: fredgc@google.com; linux-media@vger.kernel.org; 
> > > linaro-mm-sig@lists.linaro.org; afd@ti.com; 
> > > op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; 
> > > joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <
> > > peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; 
> > > etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org; 
> > > christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>;
> > > Cyrille Fleury <cyrille.fleury@nxp.com>
> > > Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register
> > > tee_shm from a dmabuf file descriptor
> > > 
> > > Caution: EXT Email
> > > 
> > > Hi Olivier,
> > > 
> > > On Fri, 27 Jan 2023 at 16:24, Olivier Masse <
> > > olivier.masse@nxp.com> wrote:
> > > > Hi Joakim,
> > > > Hi Etienne,
> > > > 
> > > > Let me bring back this pull request for OPTEE Linux driver.
> > > > 
> > > > Last feedback was from Christian König and Sumit Garg.
> > > > From Christian:
> > > > > Just two comments:
> > > > > 
> > > > > 1. Dmitry is working on a change which renames some functions
> > > > > and
> > > > > makes it mandatory to call them with the dma_resv lock held.
> > > > > 
> > > > > Depending on how you want to upstream this change you will
> > > > > certainly
> > > > > run into conflicts with that.
> > > > 
> > > > Is there any update on these changes ?
> > > > 
> > > > > 2. Would it be possible to do this dynamically? In other
> > > > > words does
> > > > > the tee driver has a concept of buffers moving around?
> > > > 
> > > > We do not support dynamic secure memory heap.
> > > > 
> > > > From Sumit:
> > > > > What limits you to extend this feature to non-contiguous
> > > > > memory
> > > > > buffers? I believe that should be possible with OP-TEE
> > > > > dynamic
> > > > > shared memory which gives you the granularity to register a
> > > > > list of pages.
> > > > 
> > > > Our solution use a fixed protected reserved memory region and
> > > > do not
> > > > rely on a dynamic protection managed in secure.
> > > > 
> > > > The scope of this implementation rely on a static memory region
> > > > handled by a specific DMA Heap type.
> > > > 
> > > 
> > > AFAIR, the last review for v2 is here [1]. So we need to have
> > > this secure DMA heap upstream in order for ioctl added by this
> > > patch to be usable.
> > > 
> > > [1] 
> > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3ur7F71QnW6r15GdYR2e2YyoZLTONtTQvLHigH3uJsk%3D&reserved=0
> > > 
> > > -Sumit
> > > 
> > > > Best regards,
> > > > Olivier MASSE
> > > > 
> > > > 
> > > > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > > > > From: Etienne Carriere <etienne.carriere@linaro.org>
> > > > > 
> > > > > This change allows userland to create a tee_shm object that
> > > > > refers
> > > > > to a dmabuf reference.
> > > > > 
> > > > > Userland provides a dmabuf file descriptor as buffer
> > > > > reference.
> > > > > The created tee_shm object exported as a brand new dmabuf
> > > > > reference
> > > > > used to provide a clean fd to userland. Userland shall closed
> > > > > this
> > > > > new fd to release the tee_shm object resources. The initial
> > > > > dmabuf
> > > > > resources are tracked independently through original dmabuf
> > > > > file
> > > > > descriptor.
> > > > > 
> > > > > Once the buffer is registered and until it is released, TEE
> > > > > driver
> > > > > keeps a refcount on the registered dmabuf structure.
> > > > > 
> > > > > This change only support dmabuf references that relates to
> > > > > physically contiguous memory buffers.
> > > > > 
> > > > > New tee_shm flag to identify tee_shm objects built from a
> > > > > registered
> > > > > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are
> > > > > flagged
> > > > > with TEE_SHM_EXT_DMA_BUF.
> > > > > 
> > > > > Co-Developed-by: Etienne Carriere <
> > > > > etienne.carriere@linaro.org>
> > > > > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > > > > Reported-by: kernel test robot <lkp@intel.com>
> > > > > From:
> > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7LNWTr4TWQoB0OLqasXT05o%2BUkodxsOqpcUcvoeiZ74%3D&reserved=0
> > > > > thub.com%2Flinaro-
> > > > > swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > > > > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa9
> > > > > 2cd99c5
> > > > > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8
> > > > > eyJWIjo
> > > > > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> > > > > C3000%7
> > > > > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLf
> > > > > ok%3D&r
> > > > > eserved=0 (cherry picked from commit
> > > > > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > > > > ---
> > > > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > > > >  drivers/tee/tee_shm.c    | 99
> > > > > +++++++++++++++++++++++++++++++++++++++-
> > > > >  include/linux/tee_drv.h  | 11
> > > > > +++++  include/uapi/linux/tee.h | 29
> > > > > ++++++++++++
> > > > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > > > > index
> > > > > 8aa1a4836b92..7c45cbf85eb9 100644
> > > > > --- a/drivers/tee/tee_core.c
> > > > > +++ b/drivers/tee/tee_core.c
> > > > > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct
> > > > > tee_context *ctx,
> > > > >       return ret;
> > > > >  }
> > > > > 
> > > > > +static int tee_ioctl_shm_register_fd(struct tee_context
> > > > > *ctx,
> > > > > +                                  struct
> > > > > tee_ioctl_shm_register_fd_data __user *udata)
> > > > > +{
> > > > > +     struct tee_ioctl_shm_register_fd_data data;
> > > > > +     struct tee_shm *shm;
> > > > > +     long ret;
> > > > > +
> > > > > +     if (copy_from_user(&data, udata, sizeof(data)))
> > > > > +             return -EFAULT;
> > > > > +
> > > > > +     /* Currently no input flags are supported */
> > > > > +     if (data.flags)
> > > > > +             return -EINVAL;
> > > > > +
> > > > > +     shm = tee_shm_register_fd(ctx, data.fd);
> > > > > +     if (IS_ERR(shm))
> > > > > +             return -EINVAL;
> > > > > +
> > > > > +     data.id = shm->id;
> > > > > +     data.flags = shm->flags;
> > > > > +     data.size = shm->size;
> > > > > +
> > > > > +     if (copy_to_user(udata, &data, sizeof(data)))
> > > > > +             ret = -EFAULT;
> > > > > +     else
> > > > > +             ret = tee_shm_get_fd(shm);
> > > > > +
> > > > > +     /*
> > > > > +      * When user space closes the file descriptor the
> > > > > shared memory
> > > > > +      * should be freed or if tee_shm_get_fd() failed then
> > > > > it will
> > > > > +      * be freed immediately.
> > > > > +      */
> > > > > +     tee_shm_put(shm);
> > > > > +     return ret;
> > > > > +}
> > > > > +
> > > > >  static int params_from_user(struct tee_context *ctx, struct
> > > > > tee_param *params,
> > > > >                           size_t num_params,
> > > > >                           struct tee_ioctl_param __user
> > > > > *uparams) @@
> > > > > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp,
> > > > > unsigned
> > > > > int cmd, unsigned long arg)
> > > > >               return tee_ioctl_shm_alloc(ctx, uarg);
> > > > >       case TEE_IOC_SHM_REGISTER:
> > > > >               return tee_ioctl_shm_register(ctx, uarg);
> > > > > +     case TEE_IOC_SHM_REGISTER_FD:
> > > > > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> > > > >       case TEE_IOC_OPEN_SESSION:
> > > > >               return tee_ioctl_open_session(ctx, uarg);
> > > > >       case TEE_IOC_INVOKE:
> > > > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> > > > > index
> > > > > 836872467dc6..55a3fbbb022e 100644
> > > > > --- a/drivers/tee/tee_shm.c
> > > > > +++ b/drivers/tee/tee_shm.c
> > > > > @@ -4,6 +4,7 @@
> > > > >   */
> > > > >  #include <linux/anon_inodes.h>
> > > > >  #include <linux/device.h>
> > > > > +#include <linux/dma-buf.h>
> > > > >  #include <linux/idr.h>
> > > > >  #include <linux/mm.h>
> > > > >  #include <linux/sched.h>
> > > > > @@ -12,6 +13,14 @@
> > > > >  #include <linux/uio.h>
> > > > >  #include "tee_private.h"
> > > > > 
> > > > > +/* extra references appended to shm object for registered
> > > > > shared
> > > > > memory */
> > > > > +struct tee_shm_dmabuf_ref {
> > > > > +     struct tee_shm shm;
> > > > > +     struct dma_buf *dmabuf;
> > > > > +     struct dma_buf_attachment *attach;
> > > > > +     struct sg_table *sgt;
> > > > > +};
> > > > > +
> > > > >  static void shm_put_kernel_pages(struct page **pages, size_t
> > > > > page_count)
> > > > >  {
> > > > >       size_t n;
> > > > > @@ -71,7 +80,16 @@ static void
> > > > > release_registered_pages(struct
> > > > > tee_shm *shm)
> > > > > 
> > > > >  static void tee_shm_release(struct tee_device *teedev,
> > > > > struct
> > > > > tee_shm *shm)  {
> > > > > -     if (shm->flags & TEE_SHM_POOL) {
> > > > > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > > > > +             struct tee_shm_dmabuf_ref *ref;
> > > > > +
> > > > > +             ref = container_of(shm, struct
> > > > > tee_shm_dmabuf_ref,
> > > > > shm);
> > > > > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > +                                      DMA_BIDIRECTIONAL);
> > > > > +
> > > > > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > +             dma_buf_put(ref->dmabuf);
> > > > > +     } else if (shm->flags & TEE_SHM_POOL) {
> > > > >               teedev->pool->ops->free(teedev->pool, shm);
> > > > >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> > > > >               int rc = teedev->desc->ops->shm_unregister(shm-
> > > > > >ctx,
> > > > > shm);
> > > > > @@ -195,7 +213,7 @@ struct tee_shm
> > > > > *tee_shm_alloc_user_buf(struct
> > > > > tee_context *ctx, size_t size)
> > > > >   * tee_client_invoke_func(). The memory allocated is later
> > > > > freed
> > > > > with a
> > > > >   * call to tee_shm_free().
> > > > >   *
> > > > > - * @returns a pointer to 'struct tee_shm'
> > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > ERR_PTR
> > > > > + on
> > > > > failure
> > > > >   */
> > > > >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context
> > > > > *ctx,
> > > > > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm
> > > > > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t
> > > > > size)  }
> > > > > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> > > > > 
> > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > int
> > > > > +fd) {
> > > > > +     struct tee_shm_dmabuf_ref *ref;
> > > > > +     int rc;
> > > > > +
> > > > > +     if (!tee_device_get(ctx->teedev))
> > > > > +             return ERR_PTR(-EINVAL);
> > > > > +
> > > > > +     teedev_ctx_get(ctx);
> > > > > +
> > > > > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > > > > +     if (!ref) {
> > > > > +             rc = -ENOMEM;
> > > > > +             goto err_put_tee;
> > > > > +     }
> > > > > +
> > > > > +     refcount_set(&ref->shm.refcount, 1);
> > > > > +     ref->shm.ctx = ctx;
> > > > > +     ref->shm.id = -1;
> > > > > +
> > > > > +     ref->dmabuf = dma_buf_get(fd);
> > > > > +     if (IS_ERR(ref->dmabuf)) {
> > > > > +             rc = PTR_ERR(ref->dmabuf);
> > > > > +             goto err_put_dmabuf;
> > > > > +     }
> > > > > +
> > > > > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref-
> > > > > >shm.ctx-
> > > > > > teedev->dev);
> > > > > +     if (IS_ERR(ref->attach)) {
> > > > > +             rc = PTR_ERR(ref->attach);
> > > > > +             goto err_detach;
> > > > > +     }
> > > > > +
> > > > > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > > > > DMA_BIDIRECTIONAL);
> > > > > +     if (IS_ERR(ref->sgt)) {
> > > > > +             rc = PTR_ERR(ref->sgt);
> > > > > +             goto err_unmap_attachement;
> > > > > +     }
> > > > > +
> > > > > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > > > > +             rc = PTR_ERR(ref->sgt->sgl);
> > > > > +             goto err_unmap_attachement;
> > > > > +     }
> > > > > +
> > > > > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > > > > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > > > > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > > > > +
> > > > > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > > > > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr,
> > > > > &ref->shm,
> > > > > +                             1, 0, GFP_KERNEL);
> > > > > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > > > > +     if (ref->shm.id < 0) {
> > > > > +             rc = ref->shm.id;
> > > > > +             goto err_idr_remove;
> > > > > +     }
> > > > > +
> > > > > +     return &ref->shm;
> > > > > +
> > > > > +err_idr_remove:
> > > > > +     mutex_lock(&ctx->teedev->mutex);
> > > > > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > > > > +     mutex_unlock(&ctx->teedev->mutex);
> > > > > +err_unmap_attachement:
> > > > > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > DMA_BIDIRECTIONAL);
> > > > > +err_detach:
> > > > > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > +err_put_dmabuf:
> > > > > +     dma_buf_put(ref->dmabuf);
> > > > > +     kfree(ref);
> > > > > +err_put_tee:
> > > > > +     teedev_ctx_put(ctx);
> > > > > +     tee_device_put(ctx->teedev);
> > > > > +
> > > > > +     return ERR_PTR(rc);
> > > > > +}
> > > > > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > > > > +
> > > > >  static struct tee_shm *
> > > > >  register_shm_helper(struct tee_context *ctx, unsigned long
> > > > > addr,
> > > > >                   size_t length, u32 flags, int id) diff --
> > > > > git
> > > > > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index
> > > > > 911cad324acc..40ddd5376c2d 100644
> > > > > --- a/include/linux/tee_drv.h
> > > > > +++ b/include/linux/tee_drv.h
> > > > > @@ -25,6 +25,7 @@
> > > > >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in
> > > > > user space
> > > > > */
> > > > >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated
> > > > > from pool
> > > > > */
> > > > >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to
> > > > > TEE driver
> > > > > */
> > > > > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-
> > > > > buf
> > > > > handle */
> > > > > 
> > > > >  struct device;
> > > > >  struct tee_device;
> > > > > @@ -276,6 +277,16 @@ struct tee_shm
> > > > > *tee_shm_alloc_kernel_buf(struct
> > > > > tee_context *ctx, size_t size);  struct tee_shm
> > > > > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> > > > >                                           void *addr, size_t
> > > > > length);
> > > > > 
> > > > > +/**
> > > > > + * tee_shm_register_fd() - Register shared memory from file
> > > > > descriptor
> > > > > + *
> > > > > + * @ctx:     Context that allocates the shared memory
> > > > > + * @fd:              Shared memory file descriptor reference
> > > > > + *
> > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > ERR_PTR
> > > > > + on
> > > > > failure
> > > > > + */
> > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > int
> > > > > fd);
> > > > > +
> > > > >  /**
> > > > >   * tee_shm_is_dynamic() - Check if shared memory object is
> > > > > of the
> > > > > dynamic kind
> > > > >   * @shm:     Shared memory handle
> > > > > diff --git a/include/uapi/linux/tee.h
> > > > > b/include/uapi/linux/tee.h
> > > > > index 25a6c534beb1..baf3cd7cfdac 100644
> > > > > --- a/include/uapi/linux/tee.h
> > > > > +++ b/include/uapi/linux/tee.h
> > > > > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> > > > >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC,
> > > > > TEE_IOC_BASE + 1,
> > > > > \
> > > > >                                    struct
> > > > > tee_ioctl_shm_alloc_data)
> > > > > 
> > > > > +/**
> > > > > + * struct tee_ioctl_shm_register_fd_data - Shared memory
> > > > > +registering
> > > > > argument
> > > > > + * @fd:              [in] File descriptor identifying the
> > > > > shared
> > > > > memory
> > > > > + * @size:    [out] Size of shared memory to allocate
> > > > > + * @flags:   [in] Flags to/from allocation.
> > > > > + * @id:              [out] Identifier of the shared memory
> > > > > + *
> > > > > + * The flags field should currently be zero as input.
> > > > > Updated by
> > > > > + the
> > > > > call
> > > > > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > > > > + * This structure is used as argument for
> > > > > TEE_IOC_SHM_REGISTER_FD
> > > > > below.
> > > > > + */
> > > > > +struct tee_ioctl_shm_register_fd_data {
> > > > > +     __s64 fd;
> > > > > +     __u64 size;
> > > > > +     __u32 flags;
> > > > > +     __s32 id;
> > > > > +} __attribute__ ((aligned (8)));
> > > > > +
> > > > > +/**
> > > > > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a
> > > > > file
> > > > > descriptor
> > > > > + *
> > > > > + * Returns a file descriptor on success or < 0 on failure
> > > > > + *
> > > > > + * The returned file descriptor refers to the shared memory
> > > > > object
> > > > > in kernel
> > > > > + * land. The shared memory is freed when the descriptor is
> > > > > closed.
> > > > > + */
> > > > > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > > > > TEE_IOC_BASE + 8, \
> > > > > +                                  struct
> > > > > tee_ioctl_shm_register_fd_data)
> > > > > +
> > > > >  /**
> > > > >   * struct tee_ioctl_buf_data - Variable sized buffer
> > > > >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Etienne Carriere]

Hell all,

+jerome f.

On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
> > Caution: EXT Email
> >
> > On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
> > wrote:
> > > Hi Cyrille,
> > >
> > > Please don't top post as it makes it harder to follow-up.
> > >
> > > On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
> > > > wrote:
> > > > Hi Sumit, all
> > > >
> > > > Upstream OP-TEE should support registering a dmabuf since a
> > > > while, given how widely dmabuf is used in Linux for passing
> > > > buffers around between devices.
> > > >
> > > > Purpose of the new register_tee_shm ioctl is to allow OPTEE to
> > > > use memory allocated from the exiting linux dma buffer. We don't
> > > > need to have secure dma-heap up streamed.
> > > >
> > > > You mentioned secure dma-buffer, but secure dma-buffer is a dma-
> > > > buffer, so the work to be done for secure or "regular" dma
> > > > buffers by the register_tee_shm ioctl is 100% the same.
> > > >
> > > > The scope of this ioctl is limited to what existing upstream dma-
> > > > buffers are:
> > > >         -> sharing buffers for hardware (DMA) access across
> > > > multiple device drivers and subsystems, and for synchronizing
> > > > asynchronous hardware access.
> > > >        -> It means continuous memory only.
> > > >
> > > > So if we reduce the scope of register tee_shm to exiting dma-
> > > > buffer area, the current patch does the job.
> > >
> > > Do you have a corresponding real world use-case supported by
> > > upstream
> > > OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
> > > supported in OP-TEE upstream but without secure dmabuf heap [1]
> > > available, the new ioctl can't be exercised.
> > >
> > > [1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.h#L15
> >
> > OP-TEE has some SDP test taht can exercice SDP: 'xtest
> > regression_1014'.
> > https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/regression_1000.c#L1256
> >
> > The test relies on old staged ION + local secure dmabuf heaps no more
> > maintained, so this test is currently not functional.
> > If we upgrade the test to mainline dmabuf alloc means, and apply the
> > change discussed here, we should be able to regularly test SDP in
> > OP-TEE project CI.
> > The part to update is the userland allocation of the dmabuf:
> > https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L91
> >
> >
>
> the test was already updated to support secure dma heap with Kernel
> version 5.11 and higher. the userland allocation could be find here:
> https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L153
>

Oh, right. So fine, optee_test is ready for the new flavor of secure
buffer fd's.


> This upgrade need a Linux dma-buf patch:
> https://lore.kernel.org/all/20220805154139.2qkqxwklufjpsfdx@000377403353/T/

@Jens, @Jerome, do we want to pick the 2 necessary Linux patches in
our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise
SDP in our CI and be ready if dma-buf secure heaps (ref right above)
is accepted and merged in mainline kernel?.

Br,
etienne

>
>
> > br,
> > etienne
> >
> >
> > > -Sumit
> > >
> > > > Regards.
> > > >
> > > > -----Original Message-----
> > > > From: Sumit Garg <sumit.garg@linaro.org>
> > > > Sent: Wednesday, February 1, 2023 6:34 AM
> > > > To: Olivier Masse <olivier.masse@nxp.com>
> > > > Cc: fredgc@google.com; linux-media@vger.kernel.org;
> > > > linaro-mm-sig@lists.linaro.org; afd@ti.com;
> > > > op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org;
> > > > joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <
> > > > peter.griffin@linaro.org>; linux-kernel@vger.kernel.org;
> > > > etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org;
> > > > christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>;
> > > > Cyrille Fleury <cyrille.fleury@nxp.com>
> > > > Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register
> > > > tee_shm from a dmabuf file descriptor
> > > >
> > > > Caution: EXT Email
> > > >
> > > > Hi Olivier,
> > > >
> > > > On Fri, 27 Jan 2023 at 16:24, Olivier Masse <
> > > > olivier.masse@nxp.com> wrote:
> > > > > Hi Joakim,
> > > > > Hi Etienne,
> > > > >
> > > > > Let me bring back this pull request for OPTEE Linux driver.
> > > > >
> > > > > Last feedback was from Christian König and Sumit Garg.
> > > > > From Christian:
> > > > > > Just two comments:
> > > > > >
> > > > > > 1. Dmitry is working on a change which renames some functions
> > > > > > and
> > > > > > makes it mandatory to call them with the dma_resv lock held.
> > > > > >
> > > > > > Depending on how you want to upstream this change you will
> > > > > > certainly
> > > > > > run into conflicts with that.
> > > > >
> > > > > Is there any update on these changes ?
> > > > >
> > > > > > 2. Would it be possible to do this dynamically? In other
> > > > > > words does
> > > > > > the tee driver has a concept of buffers moving around?
> > > > >
> > > > > We do not support dynamic secure memory heap.
> > > > >
> > > > > From Sumit:
> > > > > > What limits you to extend this feature to non-contiguous
> > > > > > memory
> > > > > > buffers? I believe that should be possible with OP-TEE
> > > > > > dynamic
> > > > > > shared memory which gives you the granularity to register a
> > > > > > list of pages.
> > > > >
> > > > > Our solution use a fixed protected reserved memory region and
> > > > > do not
> > > > > rely on a dynamic protection managed in secure.
> > > > >
> > > > > The scope of this implementation rely on a static memory region
> > > > > handled by a specific DMA Heap type.
> > > > >
> > > >
> > > > AFAIR, the last review for v2 is here [1]. So we need to have
> > > > this secure DMA heap upstream in order for ioctl added by this
> > > > patch to be usable.
> > > >
> > > > [1]
> > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3ur7F71QnW6r15GdYR2e2YyoZLTONtTQvLHigH3uJsk%3D&reserved=0
> > > >
> > > > -Sumit
> > > >
> > > > > Best regards,
> > > > > Olivier MASSE
> > > > >
> > > > >
> > > > > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > > > > > From: Etienne Carriere <etienne.carriere@linaro.org>
> > > > > >
> > > > > > This change allows userland to create a tee_shm object that
> > > > > > refers
> > > > > > to a dmabuf reference.
> > > > > >
> > > > > > Userland provides a dmabuf file descriptor as buffer
> > > > > > reference.
> > > > > > The created tee_shm object exported as a brand new dmabuf
> > > > > > reference
> > > > > > used to provide a clean fd to userland. Userland shall closed
> > > > > > this
> > > > > > new fd to release the tee_shm object resources. The initial
> > > > > > dmabuf
> > > > > > resources are tracked independently through original dmabuf
> > > > > > file
> > > > > > descriptor.
> > > > > >
> > > > > > Once the buffer is registered and until it is released, TEE
> > > > > > driver
> > > > > > keeps a refcount on the registered dmabuf structure.
> > > > > >
> > > > > > This change only support dmabuf references that relates to
> > > > > > physically contiguous memory buffers.
> > > > > >
> > > > > > New tee_shm flag to identify tee_shm objects built from a
> > > > > > registered
> > > > > > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are
> > > > > > flagged
> > > > > > with TEE_SHM_EXT_DMA_BUF.
> > > > > >
> > > > > > Co-Developed-by: Etienne Carriere <
> > > > > > etienne.carriere@linaro.org>
> > > > > > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > > > > > Reported-by: kernel test robot <lkp@intel.com>
> > > > > > From:
> > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7LNWTr4TWQoB0OLqasXT05o%2BUkodxsOqpcUcvoeiZ74%3D&reserved=0
> > > > > > thub.com%2Flinaro-
> > > > > > swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > > > > > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa9
> > > > > > 2cd99c5
> > > > > > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8
> > > > > > eyJWIjo
> > > > > > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> > > > > > C3000%7
> > > > > > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLf
> > > > > > ok%3D&r
> > > > > > eserved=0 (cherry picked from commit
> > > > > > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > > > > > ---
> > > > > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > > > > >  drivers/tee/tee_shm.c    | 99
> > > > > > +++++++++++++++++++++++++++++++++++++++-
> > > > > >  include/linux/tee_drv.h  | 11
> > > > > > +++++  include/uapi/linux/tee.h | 29
> > > > > > ++++++++++++
> > > > > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > > > > > index
> > > > > > 8aa1a4836b92..7c45cbf85eb9 100644
> > > > > > --- a/drivers/tee/tee_core.c
> > > > > > +++ b/drivers/tee/tee_core.c
> > > > > > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct
> > > > > > tee_context *ctx,
> > > > > >       return ret;
> > > > > >  }
> > > > > >
> > > > > > +static int tee_ioctl_shm_register_fd(struct tee_context
> > > > > > *ctx,
> > > > > > +                                  struct
> > > > > > tee_ioctl_shm_register_fd_data __user *udata)
> > > > > > +{
> > > > > > +     struct tee_ioctl_shm_register_fd_data data;
> > > > > > +     struct tee_shm *shm;
> > > > > > +     long ret;
> > > > > > +
> > > > > > +     if (copy_from_user(&data, udata, sizeof(data)))
> > > > > > +             return -EFAULT;
> > > > > > +
> > > > > > +     /* Currently no input flags are supported */
> > > > > > +     if (data.flags)
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     shm = tee_shm_register_fd(ctx, data.fd);
> > > > > > +     if (IS_ERR(shm))
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     data.id = shm->id;
> > > > > > +     data.flags = shm->flags;
> > > > > > +     data.size = shm->size;
> > > > > > +
> > > > > > +     if (copy_to_user(udata, &data, sizeof(data)))
> > > > > > +             ret = -EFAULT;
> > > > > > +     else
> > > > > > +             ret = tee_shm_get_fd(shm);
> > > > > > +
> > > > > > +     /*
> > > > > > +      * When user space closes the file descriptor the
> > > > > > shared memory
> > > > > > +      * should be freed or if tee_shm_get_fd() failed then
> > > > > > it will
> > > > > > +      * be freed immediately.
> > > > > > +      */
> > > > > > +     tee_shm_put(shm);
> > > > > > +     return ret;
> > > > > > +}
> > > > > > +
> > > > > >  static int params_from_user(struct tee_context *ctx, struct
> > > > > > tee_param *params,
> > > > > >                           size_t num_params,
> > > > > >                           struct tee_ioctl_param __user
> > > > > > *uparams) @@
> > > > > > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp,
> > > > > > unsigned
> > > > > > int cmd, unsigned long arg)
> > > > > >               return tee_ioctl_shm_alloc(ctx, uarg);
> > > > > >       case TEE_IOC_SHM_REGISTER:
> > > > > >               return tee_ioctl_shm_register(ctx, uarg);
> > > > > > +     case TEE_IOC_SHM_REGISTER_FD:
> > > > > > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> > > > > >       case TEE_IOC_OPEN_SESSION:
> > > > > >               return tee_ioctl_open_session(ctx, uarg);
> > > > > >       case TEE_IOC_INVOKE:
> > > > > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> > > > > > index
> > > > > > 836872467dc6..55a3fbbb022e 100644
> > > > > > --- a/drivers/tee/tee_shm.c
> > > > > > +++ b/drivers/tee/tee_shm.c
> > > > > > @@ -4,6 +4,7 @@
> > > > > >   */
> > > > > >  #include <linux/anon_inodes.h>
> > > > > >  #include <linux/device.h>
> > > > > > +#include <linux/dma-buf.h>
> > > > > >  #include <linux/idr.h>
> > > > > >  #include <linux/mm.h>
> > > > > >  #include <linux/sched.h>
> > > > > > @@ -12,6 +13,14 @@
> > > > > >  #include <linux/uio.h>
> > > > > >  #include "tee_private.h"
> > > > > >
> > > > > > +/* extra references appended to shm object for registered
> > > > > > shared
> > > > > > memory */
> > > > > > +struct tee_shm_dmabuf_ref {
> > > > > > +     struct tee_shm shm;
> > > > > > +     struct dma_buf *dmabuf;
> > > > > > +     struct dma_buf_attachment *attach;
> > > > > > +     struct sg_table *sgt;
> > > > > > +};
> > > > > > +
> > > > > >  static void shm_put_kernel_pages(struct page **pages, size_t
> > > > > > page_count)
> > > > > >  {
> > > > > >       size_t n;
> > > > > > @@ -71,7 +80,16 @@ static void
> > > > > > release_registered_pages(struct
> > > > > > tee_shm *shm)
> > > > > >
> > > > > >  static void tee_shm_release(struct tee_device *teedev,
> > > > > > struct
> > > > > > tee_shm *shm)  {
> > > > > > -     if (shm->flags & TEE_SHM_POOL) {
> > > > > > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > > > > > +             struct tee_shm_dmabuf_ref *ref;
> > > > > > +
> > > > > > +             ref = container_of(shm, struct
> > > > > > tee_shm_dmabuf_ref,
> > > > > > shm);
> > > > > > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > > +                                      DMA_BIDIRECTIONAL);
> > > > > > +
> > > > > > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > > +             dma_buf_put(ref->dmabuf);
> > > > > > +     } else if (shm->flags & TEE_SHM_POOL) {
> > > > > >               teedev->pool->ops->free(teedev->pool, shm);
> > > > > >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> > > > > >               int rc = teedev->desc->ops->shm_unregister(shm-
> > > > > > >ctx,
> > > > > > shm);
> > > > > > @@ -195,7 +213,7 @@ struct tee_shm
> > > > > > *tee_shm_alloc_user_buf(struct
> > > > > > tee_context *ctx, size_t size)
> > > > > >   * tee_client_invoke_func(). The memory allocated is later
> > > > > > freed
> > > > > > with a
> > > > > >   * call to tee_shm_free().
> > > > > >   *
> > > > > > - * @returns a pointer to 'struct tee_shm'
> > > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > > ERR_PTR
> > > > > > + on
> > > > > > failure
> > > > > >   */
> > > > > >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context
> > > > > > *ctx,
> > > > > > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm
> > > > > > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t
> > > > > > size)  }
> > > > > > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> > > > > >
> > > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > > int
> > > > > > +fd) {
> > > > > > +     struct tee_shm_dmabuf_ref *ref;
> > > > > > +     int rc;
> > > > > > +
> > > > > > +     if (!tee_device_get(ctx->teedev))
> > > > > > +             return ERR_PTR(-EINVAL);
> > > > > > +
> > > > > > +     teedev_ctx_get(ctx);
> > > > > > +
> > > > > > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > > > > > +     if (!ref) {
> > > > > > +             rc = -ENOMEM;
> > > > > > +             goto err_put_tee;
> > > > > > +     }
> > > > > > +
> > > > > > +     refcount_set(&ref->shm.refcount, 1);
> > > > > > +     ref->shm.ctx = ctx;
> > > > > > +     ref->shm.id = -1;
> > > > > > +
> > > > > > +     ref->dmabuf = dma_buf_get(fd);
> > > > > > +     if (IS_ERR(ref->dmabuf)) {
> > > > > > +             rc = PTR_ERR(ref->dmabuf);
> > > > > > +             goto err_put_dmabuf;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref-
> > > > > > >shm.ctx-
> > > > > > > teedev->dev);
> > > > > > +     if (IS_ERR(ref->attach)) {
> > > > > > +             rc = PTR_ERR(ref->attach);
> > > > > > +             goto err_detach;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > > > > > DMA_BIDIRECTIONAL);
> > > > > > +     if (IS_ERR(ref->sgt)) {
> > > > > > +             rc = PTR_ERR(ref->sgt);
> > > > > > +             goto err_unmap_attachement;
> > > > > > +     }
> > > > > > +
> > > > > > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > > > > > +             rc = PTR_ERR(ref->sgt->sgl);
> > > > > > +             goto err_unmap_attachement;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > > > > > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > > > > > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > > > > > +
> > > > > > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > > > > > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr,
> > > > > > &ref->shm,
> > > > > > +                             1, 0, GFP_KERNEL);
> > > > > > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > > > > > +     if (ref->shm.id < 0) {
> > > > > > +             rc = ref->shm.id;
> > > > > > +             goto err_idr_remove;
> > > > > > +     }
> > > > > > +
> > > > > > +     return &ref->shm;
> > > > > > +
> > > > > > +err_idr_remove:
> > > > > > +     mutex_lock(&ctx->teedev->mutex);
> > > > > > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > > > > > +     mutex_unlock(&ctx->teedev->mutex);
> > > > > > +err_unmap_attachement:
> > > > > > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > > DMA_BIDIRECTIONAL);
> > > > > > +err_detach:
> > > > > > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > > +err_put_dmabuf:
> > > > > > +     dma_buf_put(ref->dmabuf);
> > > > > > +     kfree(ref);
> > > > > > +err_put_tee:
> > > > > > +     teedev_ctx_put(ctx);
> > > > > > +     tee_device_put(ctx->teedev);
> > > > > > +
> > > > > > +     return ERR_PTR(rc);
> > > > > > +}
> > > > > > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > > > > > +
> > > > > >  static struct tee_shm *
> > > > > >  register_shm_helper(struct tee_context *ctx, unsigned long
> > > > > > addr,
> > > > > >                   size_t length, u32 flags, int id) diff --
> > > > > > git
> > > > > > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index
> > > > > > 911cad324acc..40ddd5376c2d 100644
> > > > > > --- a/include/linux/tee_drv.h
> > > > > > +++ b/include/linux/tee_drv.h
> > > > > > @@ -25,6 +25,7 @@
> > > > > >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in
> > > > > > user space
> > > > > > */
> > > > > >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated
> > > > > > from pool
> > > > > > */
> > > > > >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to
> > > > > > TEE driver
> > > > > > */
> > > > > > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-
> > > > > > buf
> > > > > > handle */
> > > > > >
> > > > > >  struct device;
> > > > > >  struct tee_device;
> > > > > > @@ -276,6 +277,16 @@ struct tee_shm
> > > > > > *tee_shm_alloc_kernel_buf(struct
> > > > > > tee_context *ctx, size_t size);  struct tee_shm
> > > > > > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> > > > > >                                           void *addr, size_t
> > > > > > length);
> > > > > >
> > > > > > +/**
> > > > > > + * tee_shm_register_fd() - Register shared memory from file
> > > > > > descriptor
> > > > > > + *
> > > > > > + * @ctx:     Context that allocates the shared memory
> > > > > > + * @fd:              Shared memory file descriptor reference
> > > > > > + *
> > > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > > ERR_PTR
> > > > > > + on
> > > > > > failure
> > > > > > + */
> > > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > > int
> > > > > > fd);
> > > > > > +
> > > > > >  /**
> > > > > >   * tee_shm_is_dynamic() - Check if shared memory object is
> > > > > > of the
> > > > > > dynamic kind
> > > > > >   * @shm:     Shared memory handle
> > > > > > diff --git a/include/uapi/linux/tee.h
> > > > > > b/include/uapi/linux/tee.h
> > > > > > index 25a6c534beb1..baf3cd7cfdac 100644
> > > > > > --- a/include/uapi/linux/tee.h
> > > > > > +++ b/include/uapi/linux/tee.h
> > > > > > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> > > > > >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC,
> > > > > > TEE_IOC_BASE + 1,
> > > > > > \
> > > > > >                                    struct
> > > > > > tee_ioctl_shm_alloc_data)
> > > > > >
> > > > > > +/**
> > > > > > + * struct tee_ioctl_shm_register_fd_data - Shared memory
> > > > > > +registering
> > > > > > argument
> > > > > > + * @fd:              [in] File descriptor identifying the
> > > > > > shared
> > > > > > memory
> > > > > > + * @size:    [out] Size of shared memory to allocate
> > > > > > + * @flags:   [in] Flags to/from allocation.
> > > > > > + * @id:              [out] Identifier of the shared memory
> > > > > > + *
> > > > > > + * The flags field should currently be zero as input.
> > > > > > Updated by
> > > > > > + the
> > > > > > call
> > > > > > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > > > > > + * This structure is used as argument for
> > > > > > TEE_IOC_SHM_REGISTER_FD
> > > > > > below.
> > > > > > + */
> > > > > > +struct tee_ioctl_shm_register_fd_data {
> > > > > > +     __s64 fd;
> > > > > > +     __u64 size;
> > > > > > +     __u32 flags;
> > > > > > +     __s32 id;
> > > > > > +} __attribute__ ((aligned (8)));
> > > > > > +
> > > > > > +/**
> > > > > > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a
> > > > > > file
> > > > > > descriptor
> > > > > > + *
> > > > > > + * Returns a file descriptor on success or < 0 on failure
> > > > > > + *
> > > > > > + * The returned file descriptor refers to the shared memory
> > > > > > object
> > > > > > in kernel
> > > > > > + * land. The shared memory is freed when the descriptor is
> > > > > > closed.
> > > > > > + */
> > > > > > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > > > > > TEE_IOC_BASE + 8, \
> > > > > > +                                  struct
> > > > > > tee_ioctl_shm_register_fd_data)
> > > > > > +
> > > > > >  /**
> > > > > >   * struct tee_ioctl_buf_data - Variable sized buffer
> > > > > >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Sumit Garg]

On Fri, 3 Feb 2023 at 16:31, Olivier Masse <olivier.masse@nxp.com> wrote:
>
> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
> > Caution: EXT Email
> >
> > On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
> > wrote:
> > > Hi Cyrille,
> > >
> > > Please don't top post as it makes it harder to follow-up.
> > >
> > > On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
> > > > wrote:
> > > > Hi Sumit, all
> > > >
> > > > Upstream OP-TEE should support registering a dmabuf since a
> > > > while, given how widely dmabuf is used in Linux for passing
> > > > buffers around between devices.
> > > >
> > > > Purpose of the new register_tee_shm ioctl is to allow OPTEE to
> > > > use memory allocated from the exiting linux dma buffer. We don't
> > > > need to have secure dma-heap up streamed.
> > > >
> > > > You mentioned secure dma-buffer, but secure dma-buffer is a dma-
> > > > buffer, so the work to be done for secure or "regular" dma
> > > > buffers by the register_tee_shm ioctl is 100% the same.
> > > >
> > > > The scope of this ioctl is limited to what existing upstream dma-
> > > > buffers are:
> > > >         -> sharing buffers for hardware (DMA) access across
> > > > multiple device drivers and subsystems, and for synchronizing
> > > > asynchronous hardware access.
> > > >        -> It means continuous memory only.
> > > >
> > > > So if we reduce the scope of register tee_shm to exiting dma-
> > > > buffer area, the current patch does the job.
> > >
> > > Do you have a corresponding real world use-case supported by
> > > upstream
> > > OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
> > > supported in OP-TEE upstream but without secure dmabuf heap [1]
> > > available, the new ioctl can't be exercised.
> > >
> > > [1]
> > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2Fsdp_basic.h%23L15&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eNUbc0uaKjfmxau8L7ZB8u%2BtYdUxT4pIS%2Fht29uwRKg%3D&reserved=0
> >
> > OP-TEE has some SDP test taht can exercice SDP: 'xtest
> > regression_1014'.
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fregression_1000.c%23L1256&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BOtAlVOq7%2Fi6SloSTZuwa5VtlC5RqtcJ4fGtio0YI8A%3D&reserved=0
> >
> > The test relies on old staged ION + local secure dmabuf heaps no more
> > maintained, so this test is currently not functional.
> > If we upgrade the test to mainline dmabuf alloc means, and apply the
> > change discussed here, we should be able to regularly test SDP in
> > OP-TEE project CI.
> > The part to update is the userland allocation of the dmabuf:
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_basic.c%23L91&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=K2NB2Bj7V3CXNsM9fZy95OEjF3EzqU4mgmM1PTY3J1Y%3D&reserved=0
> >
> >
>
> the test was already updated to support secure dma heap with Kernel
> version 5.11 and higher. the userland allocation could be find here:
> https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L153
>
> This upgrade need a Linux dma-buf patch:
> https://lore.kernel.org/all/20220805154139.2qkqxwklufjpsfdx@000377403353/T/
>

I would suggest you to club this new ioctl patch with this secure
dmabuf heap series so that you can provide a complete SDP use-case
picture with a working SDP xtest case.

-Sumit

>
> > br,
> > etienne
> >
> >
> > > -Sumit
> > >
> > > > Regards.
> > > >
> > > > -----Original Message-----
> > > > From: Sumit Garg <sumit.garg@linaro.org>
> > > > Sent: Wednesday, February 1, 2023 6:34 AM
> > > > To: Olivier Masse <olivier.masse@nxp.com>
> > > > Cc: fredgc@google.com; linux-media@vger.kernel.org;
> > > > linaro-mm-sig@lists.linaro.org; afd@ti.com;
> > > > op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org;
> > > > joakim.bech@linaro.org; sumit.semwal@linaro.org; Peter Griffin <
> > > > peter.griffin@linaro.org>; linux-kernel@vger.kernel.org;
> > > > etienne.carriere@linaro.org; dri-devel@lists.freedesktop.org;
> > > > christian.koenig@amd.com; Clément Faure <clement.faure@nxp.com>;
> > > > Cyrille Fleury <cyrille.fleury@nxp.com>
> > > > Subject: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register
> > > > tee_shm from a dmabuf file descriptor
> > > >
> > > > Caution: EXT Email
> > > >
> > > > Hi Olivier,
> > > >
> > > > On Fri, 27 Jan 2023 at 16:24, Olivier Masse <
> > > > olivier.masse@nxp.com> wrote:
> > > > > Hi Joakim,
> > > > > Hi Etienne,
> > > > >
> > > > > Let me bring back this pull request for OPTEE Linux driver.
> > > > >
> > > > > Last feedback was from Christian König and Sumit Garg.
> > > > > From Christian:
> > > > > > Just two comments:
> > > > > >
> > > > > > 1. Dmitry is working on a change which renames some functions
> > > > > > and
> > > > > > makes it mandatory to call them with the dma_resv lock held.
> > > > > >
> > > > > > Depending on how you want to upstream this change you will
> > > > > > certainly
> > > > > > run into conflicts with that.
> > > > >
> > > > > Is there any update on these changes ?
> > > > >
> > > > > > 2. Would it be possible to do this dynamically? In other
> > > > > > words does
> > > > > > the tee driver has a concept of buffers moving around?
> > > > >
> > > > > We do not support dynamic secure memory heap.
> > > > >
> > > > > From Sumit:
> > > > > > What limits you to extend this feature to non-contiguous
> > > > > > memory
> > > > > > buffers? I believe that should be possible with OP-TEE
> > > > > > dynamic
> > > > > > shared memory which gives you the granularity to register a
> > > > > > list of pages.
> > > > >
> > > > > Our solution use a fixed protected reserved memory region and
> > > > > do not
> > > > > rely on a dynamic protection managed in secure.
> > > > >
> > > > > The scope of this implementation rely on a static memory region
> > > > > handled by a specific DMA Heap type.
> > > > >
> > > >
> > > > AFAIR, the last review for v2 is here [1]. So we need to have
> > > > this secure DMA heap upstream in order for ioctl added by this
> > > > patch to be usable.
> > > >
> > > > [1]
> > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmware.org%2Fmessage%2FM3WLO7RNG22OR4744BY6XNG2GLIYMNHN%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3ur7F71QnW6r15GdYR2e2YyoZLTONtTQvLHigH3uJsk%3D&reserved=0
> > > >
> > > > -Sumit
> > > >
> > > > > Best regards,
> > > > > Olivier MASSE
> > > > >
> > > > >
> > > > > On ven., 2022-08-12 at 16:30 +0200, Olivier Masse wrote:
> > > > > > From: Etienne Carriere <etienne.carriere@linaro.org>
> > > > > >
> > > > > > This change allows userland to create a tee_shm object that
> > > > > > refers
> > > > > > to a dmabuf reference.
> > > > > >
> > > > > > Userland provides a dmabuf file descriptor as buffer
> > > > > > reference.
> > > > > > The created tee_shm object exported as a brand new dmabuf
> > > > > > reference
> > > > > > used to provide a clean fd to userland. Userland shall closed
> > > > > > this
> > > > > > new fd to release the tee_shm object resources. The initial
> > > > > > dmabuf
> > > > > > resources are tracked independently through original dmabuf
> > > > > > file
> > > > > > descriptor.
> > > > > >
> > > > > > Once the buffer is registered and until it is released, TEE
> > > > > > driver
> > > > > > keeps a refcount on the registered dmabuf structure.
> > > > > >
> > > > > > This change only support dmabuf references that relates to
> > > > > > physically contiguous memory buffers.
> > > > > >
> > > > > > New tee_shm flag to identify tee_shm objects built from a
> > > > > > registered
> > > > > > dmabuf: TEE_SHM_EXT_DMA_BUF. Such tee_shm structures are
> > > > > > flagged
> > > > > > with TEE_SHM_EXT_DMA_BUF.
> > > > > >
> > > > > > Co-Developed-by: Etienne Carriere <
> > > > > > etienne.carriere@linaro.org>
> > > > > > Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
> > > > > > Reported-by: kernel test robot <lkp@intel.com>
> > > > > > From:
> > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi%2F&data=05%7C01%7Colivier.masse%40nxp.com%7Ca27f690d9d7244c2bcff08db05040f11%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638109287211847995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7LNWTr4TWQoB0OLqasXT05o%2BUkodxsOqpcUcvoeiZ74%3D&reserved=0
> > > > > > thub.com%2Flinaro-
> > > > > > swg%2Flinux.git&data=05%7C01%7Ccyrille.fleury%40nx
> > > > > > p.com%7Cb24461a4e7284314dff408db0415f23e%7C686ea1d3bc2b4c6fa9
> > > > > > 2cd99c5
> > > > > > c301635%7C0%7C0%7C638108264533221384%7CUnknown%7CTWFpbGZsb3d8
> > > > > > eyJWIjo
> > > > > > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> > > > > > C3000%7
> > > > > > C%7C%7C&sdata=8jbFPaF%2B5JBed4Uvo1hsJiB%2BP71KUgJmnW%2BIi3zLf
> > > > > > ok%3D&r
> > > > > > eserved=0 (cherry picked from commit
> > > > > > 41e21e5c405530590dc2dd10b2a8dbe64589840f)
> > > > > > ---
> > > > > >  drivers/tee/tee_core.c   | 38 +++++++++++++++
> > > > > >  drivers/tee/tee_shm.c    | 99
> > > > > > +++++++++++++++++++++++++++++++++++++++-
> > > > > >  include/linux/tee_drv.h  | 11
> > > > > > +++++  include/uapi/linux/tee.h | 29
> > > > > > ++++++++++++
> > > > > >  4 files changed, 175 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > > > > > index
> > > > > > 8aa1a4836b92..7c45cbf85eb9 100644
> > > > > > --- a/drivers/tee/tee_core.c
> > > > > > +++ b/drivers/tee/tee_core.c
> > > > > > @@ -355,6 +355,42 @@ tee_ioctl_shm_register(struct
> > > > > > tee_context *ctx,
> > > > > >       return ret;
> > > > > >  }
> > > > > >
> > > > > > +static int tee_ioctl_shm_register_fd(struct tee_context
> > > > > > *ctx,
> > > > > > +                                  struct
> > > > > > tee_ioctl_shm_register_fd_data __user *udata)
> > > > > > +{
> > > > > > +     struct tee_ioctl_shm_register_fd_data data;
> > > > > > +     struct tee_shm *shm;
> > > > > > +     long ret;
> > > > > > +
> > > > > > +     if (copy_from_user(&data, udata, sizeof(data)))
> > > > > > +             return -EFAULT;
> > > > > > +
> > > > > > +     /* Currently no input flags are supported */
> > > > > > +     if (data.flags)
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     shm = tee_shm_register_fd(ctx, data.fd);
> > > > > > +     if (IS_ERR(shm))
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     data.id = shm->id;
> > > > > > +     data.flags = shm->flags;
> > > > > > +     data.size = shm->size;
> > > > > > +
> > > > > > +     if (copy_to_user(udata, &data, sizeof(data)))
> > > > > > +             ret = -EFAULT;
> > > > > > +     else
> > > > > > +             ret = tee_shm_get_fd(shm);
> > > > > > +
> > > > > > +     /*
> > > > > > +      * When user space closes the file descriptor the
> > > > > > shared memory
> > > > > > +      * should be freed or if tee_shm_get_fd() failed then
> > > > > > it will
> > > > > > +      * be freed immediately.
> > > > > > +      */
> > > > > > +     tee_shm_put(shm);
> > > > > > +     return ret;
> > > > > > +}
> > > > > > +
> > > > > >  static int params_from_user(struct tee_context *ctx, struct
> > > > > > tee_param *params,
> > > > > >                           size_t num_params,
> > > > > >                           struct tee_ioctl_param __user
> > > > > > *uparams) @@
> > > > > > -829,6 +865,8 @@ static long tee_ioctl(struct file *filp,
> > > > > > unsigned
> > > > > > int cmd, unsigned long arg)
> > > > > >               return tee_ioctl_shm_alloc(ctx, uarg);
> > > > > >       case TEE_IOC_SHM_REGISTER:
> > > > > >               return tee_ioctl_shm_register(ctx, uarg);
> > > > > > +     case TEE_IOC_SHM_REGISTER_FD:
> > > > > > +             return tee_ioctl_shm_register_fd(ctx, uarg);
> > > > > >       case TEE_IOC_OPEN_SESSION:
> > > > > >               return tee_ioctl_open_session(ctx, uarg);
> > > > > >       case TEE_IOC_INVOKE:
> > > > > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
> > > > > > index
> > > > > > 836872467dc6..55a3fbbb022e 100644
> > > > > > --- a/drivers/tee/tee_shm.c
> > > > > > +++ b/drivers/tee/tee_shm.c
> > > > > > @@ -4,6 +4,7 @@
> > > > > >   */
> > > > > >  #include <linux/anon_inodes.h>
> > > > > >  #include <linux/device.h>
> > > > > > +#include <linux/dma-buf.h>
> > > > > >  #include <linux/idr.h>
> > > > > >  #include <linux/mm.h>
> > > > > >  #include <linux/sched.h>
> > > > > > @@ -12,6 +13,14 @@
> > > > > >  #include <linux/uio.h>
> > > > > >  #include "tee_private.h"
> > > > > >
> > > > > > +/* extra references appended to shm object for registered
> > > > > > shared
> > > > > > memory */
> > > > > > +struct tee_shm_dmabuf_ref {
> > > > > > +     struct tee_shm shm;
> > > > > > +     struct dma_buf *dmabuf;
> > > > > > +     struct dma_buf_attachment *attach;
> > > > > > +     struct sg_table *sgt;
> > > > > > +};
> > > > > > +
> > > > > >  static void shm_put_kernel_pages(struct page **pages, size_t
> > > > > > page_count)
> > > > > >  {
> > > > > >       size_t n;
> > > > > > @@ -71,7 +80,16 @@ static void
> > > > > > release_registered_pages(struct
> > > > > > tee_shm *shm)
> > > > > >
> > > > > >  static void tee_shm_release(struct tee_device *teedev,
> > > > > > struct
> > > > > > tee_shm *shm)  {
> > > > > > -     if (shm->flags & TEE_SHM_POOL) {
> > > > > > +     if (shm->flags & TEE_SHM_EXT_DMA_BUF) {
> > > > > > +             struct tee_shm_dmabuf_ref *ref;
> > > > > > +
> > > > > > +             ref = container_of(shm, struct
> > > > > > tee_shm_dmabuf_ref,
> > > > > > shm);
> > > > > > +             dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > > +                                      DMA_BIDIRECTIONAL);
> > > > > > +
> > > > > > +             dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > > +             dma_buf_put(ref->dmabuf);
> > > > > > +     } else if (shm->flags & TEE_SHM_POOL) {
> > > > > >               teedev->pool->ops->free(teedev->pool, shm);
> > > > > >       } else if (shm->flags & TEE_SHM_DYNAMIC) {
> > > > > >               int rc = teedev->desc->ops->shm_unregister(shm-
> > > > > > >ctx,
> > > > > > shm);
> > > > > > @@ -195,7 +213,7 @@ struct tee_shm
> > > > > > *tee_shm_alloc_user_buf(struct
> > > > > > tee_context *ctx, size_t size)
> > > > > >   * tee_client_invoke_func(). The memory allocated is later
> > > > > > freed
> > > > > > with a
> > > > > >   * call to tee_shm_free().
> > > > > >   *
> > > > > > - * @returns a pointer to 'struct tee_shm'
> > > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > > ERR_PTR
> > > > > > + on
> > > > > > failure
> > > > > >   */
> > > > > >  struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context
> > > > > > *ctx,
> > > > > > size_t size)  { @@ -229,6 +247,83 @@ struct tee_shm
> > > > > > *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t
> > > > > > size)  }
> > > > > > EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf);
> > > > > >
> > > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > > int
> > > > > > +fd) {
> > > > > > +     struct tee_shm_dmabuf_ref *ref;
> > > > > > +     int rc;
> > > > > > +
> > > > > > +     if (!tee_device_get(ctx->teedev))
> > > > > > +             return ERR_PTR(-EINVAL);
> > > > > > +
> > > > > > +     teedev_ctx_get(ctx);
> > > > > > +
> > > > > > +     ref = kzalloc(sizeof(*ref), GFP_KERNEL);
> > > > > > +     if (!ref) {
> > > > > > +             rc = -ENOMEM;
> > > > > > +             goto err_put_tee;
> > > > > > +     }
> > > > > > +
> > > > > > +     refcount_set(&ref->shm.refcount, 1);
> > > > > > +     ref->shm.ctx = ctx;
> > > > > > +     ref->shm.id = -1;
> > > > > > +
> > > > > > +     ref->dmabuf = dma_buf_get(fd);
> > > > > > +     if (IS_ERR(ref->dmabuf)) {
> > > > > > +             rc = PTR_ERR(ref->dmabuf);
> > > > > > +             goto err_put_dmabuf;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->attach = dma_buf_attach(ref->dmabuf, &ref-
> > > > > > >shm.ctx-
> > > > > > > teedev->dev);
> > > > > > +     if (IS_ERR(ref->attach)) {
> > > > > > +             rc = PTR_ERR(ref->attach);
> > > > > > +             goto err_detach;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->sgt = dma_buf_map_attachment(ref->attach,
> > > > > > DMA_BIDIRECTIONAL);
> > > > > > +     if (IS_ERR(ref->sgt)) {
> > > > > > +             rc = PTR_ERR(ref->sgt);
> > > > > > +             goto err_unmap_attachement;
> > > > > > +     }
> > > > > > +
> > > > > > +     if (sg_nents(ref->sgt->sgl) != 1) {
> > > > > > +             rc = PTR_ERR(ref->sgt->sgl);
> > > > > > +             goto err_unmap_attachement;
> > > > > > +     }
> > > > > > +
> > > > > > +     ref->shm.paddr = sg_dma_address(ref->sgt->sgl);
> > > > > > +     ref->shm.size = sg_dma_len(ref->sgt->sgl);
> > > > > > +     ref->shm.flags = TEE_SHM_EXT_DMA_BUF;
> > > > > > +
> > > > > > +     mutex_lock(&ref->shm.ctx->teedev->mutex);
> > > > > > +     ref->shm.id = idr_alloc(&ref->shm.ctx->teedev->idr,
> > > > > > &ref->shm,
> > > > > > +                             1, 0, GFP_KERNEL);
> > > > > > +     mutex_unlock(&ref->shm.ctx->teedev->mutex);
> > > > > > +     if (ref->shm.id < 0) {
> > > > > > +             rc = ref->shm.id;
> > > > > > +             goto err_idr_remove;
> > > > > > +     }
> > > > > > +
> > > > > > +     return &ref->shm;
> > > > > > +
> > > > > > +err_idr_remove:
> > > > > > +     mutex_lock(&ctx->teedev->mutex);
> > > > > > +     idr_remove(&ctx->teedev->idr, ref->shm.id);
> > > > > > +     mutex_unlock(&ctx->teedev->mutex);
> > > > > > +err_unmap_attachement:
> > > > > > +     dma_buf_unmap_attachment(ref->attach, ref->sgt,
> > > > > > DMA_BIDIRECTIONAL);
> > > > > > +err_detach:
> > > > > > +     dma_buf_detach(ref->dmabuf, ref->attach);
> > > > > > +err_put_dmabuf:
> > > > > > +     dma_buf_put(ref->dmabuf);
> > > > > > +     kfree(ref);
> > > > > > +err_put_tee:
> > > > > > +     teedev_ctx_put(ctx);
> > > > > > +     tee_device_put(ctx->teedev);
> > > > > > +
> > > > > > +     return ERR_PTR(rc);
> > > > > > +}
> > > > > > +EXPORT_SYMBOL_GPL(tee_shm_register_fd);
> > > > > > +
> > > > > >  static struct tee_shm *
> > > > > >  register_shm_helper(struct tee_context *ctx, unsigned long
> > > > > > addr,
> > > > > >                   size_t length, u32 flags, int id) diff --
> > > > > > git
> > > > > > a/include/linux/tee_drv.h b/include/linux/tee_drv.h index
> > > > > > 911cad324acc..40ddd5376c2d 100644
> > > > > > --- a/include/linux/tee_drv.h
> > > > > > +++ b/include/linux/tee_drv.h
> > > > > > @@ -25,6 +25,7 @@
> > > > > >  #define TEE_SHM_USER_MAPPED  BIT(1)  /* Memory mapped in
> > > > > > user space
> > > > > > */
> > > > > >  #define TEE_SHM_POOL         BIT(2)  /* Memory allocated
> > > > > > from pool
> > > > > > */
> > > > > >  #define TEE_SHM_PRIV         BIT(3)  /* Memory private to
> > > > > > TEE driver
> > > > > > */
> > > > > > +#define TEE_SHM_EXT_DMA_BUF     BIT(4)  /* Memory with dma-
> > > > > > buf
> > > > > > handle */
> > > > > >
> > > > > >  struct device;
> > > > > >  struct tee_device;
> > > > > > @@ -276,6 +277,16 @@ struct tee_shm
> > > > > > *tee_shm_alloc_kernel_buf(struct
> > > > > > tee_context *ctx, size_t size);  struct tee_shm
> > > > > > *tee_shm_register_kernel_buf(struct tee_context *ctx,
> > > > > >                                           void *addr, size_t
> > > > > > length);
> > > > > >
> > > > > > +/**
> > > > > > + * tee_shm_register_fd() - Register shared memory from file
> > > > > > descriptor
> > > > > > + *
> > > > > > + * @ctx:     Context that allocates the shared memory
> > > > > > + * @fd:              Shared memory file descriptor reference
> > > > > > + *
> > > > > > + * @returns a pointer to 'struct tee_shm' on success, and
> > > > > > ERR_PTR
> > > > > > + on
> > > > > > failure
> > > > > > + */
> > > > > > +struct tee_shm *tee_shm_register_fd(struct tee_context *ctx,
> > > > > > int
> > > > > > fd);
> > > > > > +
> > > > > >  /**
> > > > > >   * tee_shm_is_dynamic() - Check if shared memory object is
> > > > > > of the
> > > > > > dynamic kind
> > > > > >   * @shm:     Shared memory handle
> > > > > > diff --git a/include/uapi/linux/tee.h
> > > > > > b/include/uapi/linux/tee.h
> > > > > > index 25a6c534beb1..baf3cd7cfdac 100644
> > > > > > --- a/include/uapi/linux/tee.h
> > > > > > +++ b/include/uapi/linux/tee.h
> > > > > > @@ -121,6 +121,35 @@ struct tee_ioctl_shm_alloc_data {
> > > > > >  #define TEE_IOC_SHM_ALLOC    _IOWR(TEE_IOC_MAGIC,
> > > > > > TEE_IOC_BASE + 1,
> > > > > > \
> > > > > >                                    struct
> > > > > > tee_ioctl_shm_alloc_data)
> > > > > >
> > > > > > +/**
> > > > > > + * struct tee_ioctl_shm_register_fd_data - Shared memory
> > > > > > +registering
> > > > > > argument
> > > > > > + * @fd:              [in] File descriptor identifying the
> > > > > > shared
> > > > > > memory
> > > > > > + * @size:    [out] Size of shared memory to allocate
> > > > > > + * @flags:   [in] Flags to/from allocation.
> > > > > > + * @id:              [out] Identifier of the shared memory
> > > > > > + *
> > > > > > + * The flags field should currently be zero as input.
> > > > > > Updated by
> > > > > > + the
> > > > > > call
> > > > > > + * with actual flags as defined by TEE_IOCTL_SHM_* above.
> > > > > > + * This structure is used as argument for
> > > > > > TEE_IOC_SHM_REGISTER_FD
> > > > > > below.
> > > > > > + */
> > > > > > +struct tee_ioctl_shm_register_fd_data {
> > > > > > +     __s64 fd;
> > > > > > +     __u64 size;
> > > > > > +     __u32 flags;
> > > > > > +     __s32 id;
> > > > > > +} __attribute__ ((aligned (8)));
> > > > > > +
> > > > > > +/**
> > > > > > + * TEE_IOC_SHM_REGISTER_FD - register a shared memory from a
> > > > > > file
> > > > > > descriptor
> > > > > > + *
> > > > > > + * Returns a file descriptor on success or < 0 on failure
> > > > > > + *
> > > > > > + * The returned file descriptor refers to the shared memory
> > > > > > object
> > > > > > in kernel
> > > > > > + * land. The shared memory is freed when the descriptor is
> > > > > > closed.
> > > > > > + */
> > > > > > +#define TEE_IOC_SHM_REGISTER_FD      _IOWR(TEE_IOC_MAGIC,
> > > > > > TEE_IOC_BASE + 8, \
> > > > > > +                                  struct
> > > > > > tee_ioctl_shm_register_fd_data)
> > > > > > +
> > > > > >  /**
> > > > > >   * struct tee_ioctl_buf_data - Variable sized buffer
> > > > > >   * @buf_ptr: [in] A __user pointer to a buffer

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Jerome Forissier]

On 2/3/23 12:37, Etienne Carriere wrote:
> Hell all,
> 
> +jerome f.
> 
> On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
>>
>> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
>>> Caution: EXT Email
>>>
>>> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
>>> wrote:
>>>> Hi Cyrille,
>>>>
>>>> Please don't top post as it makes it harder to follow-up.
>>>>
>>>> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
>>>>> wrote:
>>>>> Hi Sumit, all
>>>>>
>>>>> Upstream OP-TEE should support registering a dmabuf since a
>>>>> while, given how widely dmabuf is used in Linux for passing
>>>>> buffers around between devices.
>>>>>
>>>>> Purpose of the new register_tee_shm ioctl is to allow OPTEE to
>>>>> use memory allocated from the exiting linux dma buffer. We don't
>>>>> need to have secure dma-heap up streamed.
>>>>>
>>>>> You mentioned secure dma-buffer, but secure dma-buffer is a dma-
>>>>> buffer, so the work to be done for secure or "regular" dma
>>>>> buffers by the register_tee_shm ioctl is 100% the same.
>>>>>
>>>>> The scope of this ioctl is limited to what existing upstream dma-
>>>>> buffers are:
>>>>>         -> sharing buffers for hardware (DMA) access across
>>>>> multiple device drivers and subsystems, and for synchronizing
>>>>> asynchronous hardware access.
>>>>>        -> It means continuous memory only.
>>>>>
>>>>> So if we reduce the scope of register tee_shm to exiting dma-
>>>>> buffer area, the current patch does the job.
>>>>
>>>> Do you have a corresponding real world use-case supported by
>>>> upstream
>>>> OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the one
>>>> supported in OP-TEE upstream but without secure dmabuf heap [1]
>>>> available, the new ioctl can't be exercised.
>>>>
>>>> [1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/sdp_basic.h#L15
>>>
>>> OP-TEE has some SDP test taht can exercice SDP: 'xtest
>>> regression_1014'.
>>> https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/regression_1000.c#L1256
>>>
>>> The test relies on old staged ION + local secure dmabuf heaps no more
>>> maintained, so this test is currently not functional.
>>> If we upgrade the test to mainline dmabuf alloc means, and apply the
>>> change discussed here, we should be able to regularly test SDP in
>>> OP-TEE project CI.
>>> The part to update is the userland allocation of the dmabuf:
>>> https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L91
>>>
>>>
>>
>> the test was already updated to support secure dma heap with Kernel
>> version 5.11 and higher. the userland allocation could be find here:
>> https://github.com/OP-TEE/optee_test/blob/3.20.0/host/xtest/sdp_basic.c#L153
>>
> 
> Oh, right. So fine, optee_test is ready for the new flavor of secure
> buffer fd's.
> 
> 
>> This upgrade need a Linux dma-buf patch:
>> https://lore.kernel.org/all/20220805154139.2qkqxwklufjpsfdx@000377403353/T/
> 
> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in
> our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise
> SDP in our CI and be ready if dma-buf secure heaps (ref right above)
> is accepted and merged in mainline kernel?.

How would that help? I mean, when the kernel patches are merged and if
things break we can make the necessary adjustments in the optee_test app
or whatever, but in the meantime I don't see much point. I suppose the
people who are actively developing the patches do make sure it works with
OP-TEE ;-)

Regards,
-- 
Jerome

RE: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Cyrille Fleury]

-----Original Message-----
From: Jerome Forissier <jerome.forissier@linaro.org>
Sent: Friday, February 3, 2023 1:32 PM
To: Etienne Carriere <etienne.carriere@linaro.org>; Olivier Masse <olivier.masse@nxp.com>
Cc: sumit.garg@linaro.org; linux-media@vger.kernel.org; fredgc@google.com; linaro-mm-sig@lists.linaro.org; afd@ti.com; op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; joakim.bech@linaro.org; sumit.semwal@linaro.org; Cyrille Fleury <cyrille.fleury@nxp.com>; Peter Griffin <peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; dri-devel@lists.freedesktop.org; Clément Faure <clement.faure@nxp.com>; christian.koenig@amd.com
Subject: Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

On 2/3/23 15:12, Cyrille Fleury wrote:
Hi all,

>On 2/3/23 12:37, Etienne Carriere wrote:
>> Hell all,
>>
>> +jerome f.
>>
>> On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
>>>
>>> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
>>>> Caution: EXT Email
>>>>
>>>> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
>>>> wrote:
>>>>> Hi Cyrille,
>>>>>
>>>>> Please don't top post as it makes it harder to follow-up.
>>>>>
>>>>> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
>>>>>> wrote:
>>>>>> Hi Sumit, all
>>>>>>
>>>>>> Upstream OP-TEE should support registering a dmabuf since a while, 
>>>>>> given how widely dmabuf is used in Linux for passing buffers 
>>>>>> around between devices.
>>>>>>
>>>>>> Purpose of the new register_tee_shm ioctl is to allow OPTEE to use 
>>>>>> memory allocated from the exiting linux dma buffer. We don't need 
>>>>>> to have secure dma-heap up streamed.
>>>>>>
>>>>>> You mentioned secure dma-buffer, but secure dma-buffer is a dma- 
>>>>>> buffer, so the work to be done for secure or "regular" dma buffers 
>>>>>> by the register_tee_shm ioctl is 100% the same.
>>>>>>
>>>>>> The scope of this ioctl is limited to what existing upstream dma- 
>>>>>> buffers are:
>>>>>>         -> sharing buffers for hardware (DMA) access across 
>>>>>> multiple device drivers and subsystems, and for synchronizing 
>>>>>> asynchronous hardware access.
>>>>>>        -> It means continuous memory only.
>>>>>>
>>>>>> So if we reduce the scope of register tee_shm to exiting dma- 
>>>>>> buffer area, the current patch does the job.
>>>>>
>>>>> Do you have a corresponding real world use-case supported by 
>>>>> upstream OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the 
>>>>> one supported in OP-TEE upstream but without secure dmabuf heap [1] 
>>>>> available, the new ioctl can't be exercised.
>>>>>
>>>>> [1] 
>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fg
>>>>> ithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2Fsd
>>>>> p_basic.h%23L15&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb5
>>>>> 8f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%
>>>>> 7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
>>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=
>>>>> UNB88rvmhQ5qRoIGN%2FpS4cQTES5joM8AjoyAAYzPKl0%3D&reserved=0
>>>>
>>>> OP-TEE has some SDP test taht can exercice SDP: 'xtest 
>>>> regression_1014'.
>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
>>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fregr
>>>> ession_1000.c%23L1256&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff9
>>>> 62fb58f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%
>>>> 7C0%7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA
>>>> iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
>>>> a=e%2B40rwWvtvVFG8aWZNeu%2FgjMXXvZ3pRhJfHLkdurovs%3D&reserved=0
>>>>
>>>> The test relies on old staged ION + local secure dmabuf heaps no 
>>>> more maintained, so this test is currently not functional.
>>>> If we upgrade the test to mainline dmabuf alloc means, and apply the 
>>>> change discussed here, we should be able to regularly test SDP in 
>>>> OP-TEE project CI.
>>>> The part to update is the userland allocation of the dmabuf:
>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
>>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_
>>>> basic.c%23L91&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6
>>>> 401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63
>>>> 8110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
>>>> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5rPV1j
>>>> qzqjVh2N5pdUW41YwF6EkgIDwfhyfYkgmtdZI%3D&reserved=0
>>>>
>>>>
>>>
>>> the test was already updated to support secure dma heap with Kernel 
>>> version 5.11 and higher. the userland allocation could be find here:
>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
>>> hub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_ba
>>> sic.c%23L153&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f640
>>> 1c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
>>> 0243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l
>>> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=01H96n47K6R
>>> mBKZQhRdcqX3nE5VBHOXNfGuMmmkVSvc%3D&reserved=0
>>>
>>
>> Oh, right. So fine, optee_test is ready for the new flavor of secure 
>> buffer fd's.
>>
>>
>>> This upgrade need a Linux dma-buf patch:
>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flor
>>> e.kernel.org%2Fall%2F20220805154139.2qkqxwklufjpsfdx%40000377403353%2
>>> FT%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6401c59780
>>> 8db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638110243232
>>> 457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
>>> JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yCS%2BDcuGp%2BafAL
>>> tpw74O1bI0K%2Fwnt%2FOw5ob1ngfDA0E%3D&reserved=0
>>
>> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in 
>> our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise 
>> SDP in our CI and be ready if dma-buf secure heaps (ref right above) 
>> is accepted and merged in mainline kernel?.
>
>How would that help? I mean, when the kernel patches are merged and if things break we can make the necessary adjustments in the optee_test app or whatever, but in the meantime I don't see much point. I suppose the people who are actively developing the patches do make sure it works with OP-TEE ;-)
>
>Regards,
>--
>Jerome

As mentioned in the cover letter, this IOCTL got tested by Jens Wiklander <jens.wiklander@linaro.org>, using Linaro reference board from Hikey 6620:
https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/thread/I3TZN4TBDOUVE567VMMN2TAXGWZNY7S3/
It also works on i.MX8M EVK boards.

My understanding today is we are good to upstream this patch, knowing:
     - Upstream OPTEE driver should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
     - review is OK 
     - test environment is already available in optee-test
     - it has been tested on 2 different platforms
     - the scope of the new ioctl is limited to existing feature in dma-buffer
     
What is missing from this list preventing to upstream ? 
Who do we still need to convince ?

Regards.

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Jens Wiklander]

Hi,

On Fri, Feb 03, 2023 at 02:13:53PM +0000, Cyrille Fleury wrote:
> 
> 
> -----Original Message-----
> From: Jerome Forissier <jerome.forissier@linaro.org>
> Sent: Friday, February 3, 2023 1:32 PM
> To: Etienne Carriere <etienne.carriere@linaro.org>; Olivier Masse <olivier.masse@nxp.com>
> Cc: sumit.garg@linaro.org; linux-media@vger.kernel.org; fredgc@google.com; linaro-mm-sig@lists.linaro.org; afd@ti.com; op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; joakim.bech@linaro.org; sumit.semwal@linaro.org; Cyrille Fleury <cyrille.fleury@nxp.com>; Peter Griffin <peter.griffin@linaro.org>; linux-kernel@vger.kernel.org; dri-devel@lists.freedesktop.org; Clément Faure <clement.faure@nxp.com>; christian.koenig@amd.com
> Subject: Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor
> 
> On 2/3/23 15:12, Cyrille Fleury wrote:
> Hi all,
> 
> >On 2/3/23 12:37, Etienne Carriere wrote:
> >> Hell all,
> >>
> >> +jerome f.
> >>
> >> On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
> >>>
> >>> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
> >>>> Caution: EXT Email
> >>>>
> >>>> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
> >>>> wrote:
> >>>>> Hi Cyrille,
> >>>>>
> >>>>> Please don't top post as it makes it harder to follow-up.
> >>>>>
> >>>>> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury <cyrille.fleury@nxp.com
> >>>>>> wrote:
> >>>>>> Hi Sumit, all
> >>>>>>
> >>>>>> Upstream OP-TEE should support registering a dmabuf since a while, 
> >>>>>> given how widely dmabuf is used in Linux for passing buffers 
> >>>>>> around between devices.
> >>>>>>
> >>>>>> Purpose of the new register_tee_shm ioctl is to allow OPTEE to use 
> >>>>>> memory allocated from the exiting linux dma buffer. We don't need 
> >>>>>> to have secure dma-heap up streamed.
> >>>>>>
> >>>>>> You mentioned secure dma-buffer, but secure dma-buffer is a dma- 
> >>>>>> buffer, so the work to be done for secure or "regular" dma buffers 
> >>>>>> by the register_tee_shm ioctl is 100% the same.
> >>>>>>
> >>>>>> The scope of this ioctl is limited to what existing upstream dma- 
> >>>>>> buffers are:
> >>>>>>         -> sharing buffers for hardware (DMA) access across 
> >>>>>> multiple device drivers and subsystems, and for synchronizing 
> >>>>>> asynchronous hardware access.
> >>>>>>        -> It means continuous memory only.
> >>>>>>
> >>>>>> So if we reduce the scope of register tee_shm to exiting dma- 
> >>>>>> buffer area, the current patch does the job.
> >>>>>
> >>>>> Do you have a corresponding real world use-case supported by 
> >>>>> upstream OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is the 
> >>>>> one supported in OP-TEE upstream but without secure dmabuf heap [1] 
> >>>>> available, the new ioctl can't be exercised.
> >>>>>
> >>>>> [1] 
> >>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fg
> >>>>> ithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2Fsd
> >>>>> p_basic.h%23L15&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb5
> >>>>> 8f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%
> >>>>> 7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> >>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=
> >>>>> UNB88rvmhQ5qRoIGN%2FpS4cQTES5joM8AjoyAAYzPKl0%3D&reserved=0
> >>>>
> >>>> OP-TEE has some SDP test taht can exercice SDP: 'xtest 
> >>>> regression_1014'.
> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fregr
> >>>> ession_1000.c%23L1256&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff9
> >>>> 62fb58f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%
> >>>> 7C0%7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA
> >>>> iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
> >>>> a=e%2B40rwWvtvVFG8aWZNeu%2FgjMXXvZ3pRhJfHLkdurovs%3D&reserved=0
> >>>>
> >>>> The test relies on old staged ION + local secure dmabuf heaps no 
> >>>> more maintained, so this test is currently not functional.
> >>>> If we upgrade the test to mainline dmabuf alloc means, and apply the 
> >>>> change discussed here, we should be able to regularly test SDP in 
> >>>> OP-TEE project CI.
> >>>> The part to update is the userland allocation of the dmabuf:
> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_
> >>>> basic.c%23L91&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6
> >>>> 401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63
> >>>> 8110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
> >>>> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5rPV1j
> >>>> qzqjVh2N5pdUW41YwF6EkgIDwfhyfYkgmtdZI%3D&reserved=0
> >>>>
> >>>>
> >>>
> >>> the test was already updated to support secure dma heap with Kernel 
> >>> version 5.11 and higher. the userland allocation could be find here:
> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
> >>> hub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp_ba
> >>> sic.c%23L153&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f640
> >>> 1c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
> >>> 0243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l
> >>> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=01H96n47K6R
> >>> mBKZQhRdcqX3nE5VBHOXNfGuMmmkVSvc%3D&reserved=0
> >>>
> >>
> >> Oh, right. So fine, optee_test is ready for the new flavor of secure 
> >> buffer fd's.
> >>
> >>
> >>> This upgrade need a Linux dma-buf patch:
> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flor
> >>> e.kernel.org%2Fall%2F20220805154139.2qkqxwklufjpsfdx%40000377403353%2
> >>> FT%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6401c59780
> >>> 8db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638110243232
> >>> 457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> >>> JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yCS%2BDcuGp%2BafAL
> >>> tpw74O1bI0K%2Fwnt%2FOw5ob1ngfDA0E%3D&reserved=0
> >>
> >> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in 
> >> our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise 
> >> SDP in our CI and be ready if dma-buf secure heaps (ref right above) 
> >> is accepted and merged in mainline kernel?.
> >
> >How would that help? I mean, when the kernel patches are merged and if things break we can make the necessary adjustments in the optee_test app or whatever, but in the meantime I don't see much point. I suppose the people who are actively developing the patches do make sure it works with OP-TEE ;-)
> >
> >Regards,
> >--
> >Jerome
> 
> As mentioned in the cover letter, this IOCTL got tested by Jens Wiklander <jens.wiklander@linaro.org>, using Linaro reference board from Hikey 6620:
> https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/thread/I3TZN4TBDOUVE567VMMN2TAXGWZNY7S3/
> It also works on i.MX8M EVK boards.
> 
> My understanding today is we are good to upstream this patch, knowing:
>      - Upstream OPTEE driver should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
>      - review is OK 
>      - test environment is already available in optee-test
>      - it has been tested on 2 different platforms
>      - the scope of the new ioctl is limited to existing feature in dma-buffer
>      
> What is missing from this list preventing to upstream ? 

Please address the comments from Etienne and post a new version of the
patch based on the latest kernel. Please try to improve the language in
the commit message.

Is it possible to update the tests so this can be tested on QEMU in our
CI loop? That should help to get the review restarted.

Thanks,
Jens

> Who do we still need to convince ?
> 
> Regards.

RE: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Cyrille Fleury]

Hi,

>>
>>
>> -----Original Message-----
>> From: Jerome Forissier <jerome.forissier@linaro.org>
>> Sent: Friday, February 3, 2023 1:32 PM
>> To: Etienne Carriere <etienne.carriere@linaro.org>; Olivier Masse 
>> <olivier.masse@nxp.com>
>> Cc: sumit.garg@linaro.org; linux-media@vger.kernel.org; 
>> fredgc@google.com; linaro-mm-sig@lists.linaro.org; afd@ti.com; 
>> op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org; 
>> joakim.bech@linaro.org; sumit.semwal@linaro.org; Cyrille Fleury 
>> <cyrille.fleury@nxp.com>; Peter Griffin <peter.griffin@linaro.org>; 
>> linux-kernel@vger.kernel.org; dri-devel@lists.freedesktop.org; Clément 
>> Faure <clement.faure@nxp.com>; christian.koenig@amd.com
>> Subject: Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register 
>> tee_shm from a dmabuf file descriptor
>>
>> On 2/3/23 15:12, Cyrille Fleury wrote:
>> Hi all,
>>
>> >On 2/3/23 12:37, Etienne Carriere wrote:
>> >> Hell all,
>> >>
>> >> +jerome f.
>> >>
>> >> On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
>> >>>
>> >>> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
>> >>>> Caution: EXT Email
>> >>>>
>> >>>> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
>> >>>> wrote:
>> >>>>> Hi Cyrille,
>> >>>>>
>> >>>>> Please don't top post as it makes it harder to follow-up.
>> >>>>>
>> >>>>> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury 
>> >>>>> <cyrille.fleury@nxp.com
>> >>>>>> wrote:
>> >>>>>> Hi Sumit, all
>> >>>>>>
>> >>>>>> Upstream OP-TEE should support registering a dmabuf since a 
>> >>>>>> while, given how widely dmabuf is used in Linux for passing 
>> >>>>>> buffers around between devices.
>> >>>>>>
>> >>>>>> Purpose of the new register_tee_shm ioctl is to allow OPTEE to 
>> >>>>>> use memory allocated from the exiting linux dma buffer. We 
>> >>>>>> don't need to have secure dma-heap up streamed.
>> >>>>>>
>> >>>>>> You mentioned secure dma-buffer, but secure dma-buffer is a 
>> >>>>>> dma- buffer, so the work to be done for secure or "regular" dma 
>> >>>>>> buffers by the register_tee_shm ioctl is 100% the same.
>> >>>>>>
>> >>>>>> The scope of this ioctl is limited to what existing upstream 
>> >>>>>> dma- buffers are:
>> >>>>>>         -> sharing buffers for hardware (DMA) access across 
>> >>>>>> multiple device drivers and subsystems, and for synchronizing 
>> >>>>>> asynchronous hardware access.
>> >>>>>>        -> It means continuous memory only.
>> >>>>>>
>> >>>>>> So if we reduce the scope of register tee_shm to exiting dma- 
>> >>>>>> buffer area, the current patch does the job.
>> >>>>>
>> >>>>> Do you have a corresponding real world use-case supported by 
>> >>>>> upstream OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is 
>> >>>>> the one supported in OP-TEE upstream but without secure dmabuf 
>> >>>>> heap [1] available, the new ioctl can't be exercised.
>> >>>>>
>> >>>>> [1]
>> >>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%
>> >>>>> 2Fg%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41e
>> >>>>> dd81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6
>> >>>>> 38118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
>> >>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
>> >>>>> ta=tBh3qNiinzTn%2BgqE8IvGw%2BYvRvo8ztDt4W4O0noEkk8%3D&reserved=0
>> >>>>> ithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2
>> >>>>> Fsd
>> >>>>> p_basic.h%23L15&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962
>> >>>>> fb5 
>> >>>>> 8f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7
>> >>>>> C0% 
>> >>>>> 7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA
>> >>>>> iLC 
>> >>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
>> >>>>> ta=
>> >>>>> UNB88rvmhQ5qRoIGN%2FpS4cQTES5joM8AjoyAAYzPKl0%3D&reserved=0
>> >>>>
>> >>>> OP-TEE has some SDP test taht can exercice SDP: 'xtest 
>> >>>> regression_1014'.
>> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2
>> >>>> Fgi%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41ed
>> >>>> d81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638
>> >>>> 118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
>> >>>> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%
>> >>>> 2FDGLzwTOc5%2F30%2BLy4bBVckK0fRJRsvuGcUvp6bfW9Tg%3D&reserved=0
>> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fr
>> >>>> egr
>> >>>> ession_1000.c%23L1256&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9
>> >>>> ff9 
>> >>>> 62fb58f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7
>> >>>> C0% 
>> >>>> 7C0%7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
>> >>>> MDA 
>> >>>> iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
>> >>>> dat
>> >>>> a=e%2B40rwWvtvVFG8aWZNeu%2FgjMXXvZ3pRhJfHLkdurovs%3D&reserved=0
>> >>>>
>> >>>> The test relies on old staged ION + local secure dmabuf heaps no 
>> >>>> more maintained, so this test is currently not functional.
>> >>>> If we upgrade the test to mainline dmabuf alloc means, and apply 
>> >>>> the change discussed here, we should be able to regularly test 
>> >>>> SDP in OP-TEE project CI.
>> >>>> The part to update is the userland allocation of the dmabuf:
>> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2
>> >>>> Fgi%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41ed
>> >>>> d81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638
>> >>>> 118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
>> >>>> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%
>> >>>> 2FDGLzwTOc5%2F30%2BLy4bBVckK0fRJRsvuGcUvp6bfW9Tg%3D&reserved=0
>> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fs
>> >>>> dp_
>> >>>> basic.c%23L91&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb5
>> >>>> 8f6
>> >>>> 401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7
>> >>>> C63 
>> >>>> 8110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ
>> >>>> Ijo 
>> >>>> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5rP
>> >>>> V1j
>> >>>> qzqjVh2N5pdUW41YwF6EkgIDwfhyfYkgmtdZI%3D&reserved=0
>> >>>>
>> >>>>
>> >>>
>> >>> the test was already updated to support secure dma heap with 
>> >>> Kernel version 5.11 and higher. the userland allocation could be find here:
>> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
>> >>> git%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41edd
>> >>> 81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
>> >>> 8829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
>> >>> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dUNus
>> >>> R9w0TlzTRiqUUhU8yo%2BUF7QPhsx5t8GQuAA1SU%3D&reserved=0
>> >>> hub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp
>> >>> _ba
>> >>> sic.c%23L153&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f
>> >>> 640
>> >>> 1c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63
>> >>> 811 
>> >>> 0243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
>> >>> V2l 
>> >>> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=01H96n47
>> >>> K6R
>> >>> mBKZQhRdcqX3nE5VBHOXNfGuMmmkVSvc%3D&reserved=0
>> >>>
>> >>
>> >> Oh, right. So fine, optee_test is ready for the new flavor of 
>> >> secure buffer fd's.
>> >>
>> >>
>> >>> This upgrade need a Linux dma-buf patch:
>> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
>> >>> lor%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41edd
>> >>> 81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
>> >>> 8829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
>> >>> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4iomH
>> >>> K4kPt6A4OmyioiIFD360bGh39o0d2%2BJGyI3WYM%3D&reserved=0
>> >>> e.kernel.org%2Fall%2F20220805154139.2qkqxwklufjpsfdx%4000037740335
>> >>> 3%2
>> >>> FT%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6401c59
>> >>> 780
>> >>> 8db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638110243
>> >>> 232 
>> >>> 457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
>> >>> iLC 
>> >>> JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yCS%2BDcuGp%2Ba
>> >>> fAL
>> >>> tpw74O1bI0K%2Fwnt%2FOw5ob1ngfDA0E%3D&reserved=0
>> >>
>> >> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in 
>> >> our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise 
>> >> SDP in our CI and be ready if dma-buf secure heaps (ref right 
>> >> above) is accepted and merged in mainline kernel?.
>> >
>> >How would that help? I mean, when the kernel patches are merged and 
>> >if things break we can make the necessary adjustments in the 
>> >optee_test app or whatever, but in the meantime I don't see much 
>> >point. I suppose the people who are actively developing the patches 
>> >do make sure it works with OP-TEE ;-)
>> >
>> >Regards,
>> >--
>> >Jerome
>>
>> As mentioned in the cover letter, this IOCTL got tested by Jens Wiklander <jens.wiklander@linaro.org>, using Linaro reference board from Hikey 6620:
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
>> s.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmwa
>> re.org%2Fthread%2FI3TZN4TBDOUVE567VMMN2TAXGWZNY7S3%2F&data=05%7C01%7Cc
>> yrille.fleury%40nxp.com%7C057d956d144a41edd81808db0db1c7f9%7C686ea1d3b
>> c2b4c6fa92cd99c5c301635%7C0%7C0%7C638118829451030288%7CUnknown%7CTWFpb
>> GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
>> %3D%7C3000%7C%7C%7C&sdata=EHEVIdfHacDVq%2BCdSYg0Tkm1ekQLEI6Vra4elN0%2F
>> %2F6I%3D&reserved=0
>> It also works on i.MX8M EVK boards.
>>
>> My understanding today is we are good to upstream this patch, knowing:
>>      - Upstream OPTEE driver should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
>>      - review is OK
>>      - test environment is already available in optee-test
>>      - it has been tested on 2 different platforms
>>      - the scope of the new ioctl is limited to existing feature in 
>> dma-buffer
>>
>> What is missing from this list preventing to upstream ?
>
>Please address the comments from Etienne and post a new version of the patch based on the latest kernel. Please try to improve the language in the commit message.
>
>Is it possible to update the tests so this can be tested on QEMU in our CI loop? That should help to get the review restarted.
>
>Thanks,
>Jens
>

Hi Jens
 Could you point the Etienne comment(s) not addressed by the pull request to add register tee_shm ioctl to linux optee-driver? 
  Last comments from Etienne:
        -> Oh, right. So fine, optee_test is ready for the new flavor of secure buffer fd's.
        -> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise SDP in our CI and be ready if dma-buf secure heaps (ref right above) is accepted and merged in mainline kernel?.

Regards.
Cyrille.


>> Who do we still need to convince ?
>>
>> Regards.

Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register tee_shm from a dmabuf file descriptor

[Jens Wiklander]

Hi Cyrille,

On Mon, Feb 13, 2023 at 1:41 PM Cyrille Fleury <cyrille.fleury@nxp.com> wrote:
>
> Hi,
>
> >>
> >>
> >> -----Original Message-----
> >> From: Jerome Forissier <jerome.forissier@linaro.org>
> >> Sent: Friday, February 3, 2023 1:32 PM
> >> To: Etienne Carriere <etienne.carriere@linaro.org>; Olivier Masse
> >> <olivier.masse@nxp.com>
> >> Cc: sumit.garg@linaro.org; linux-media@vger.kernel.org;
> >> fredgc@google.com; linaro-mm-sig@lists.linaro.org; afd@ti.com;
> >> op-tee@lists.trustedfirmware.org; jens.wiklander@linaro.org;
> >> joakim.bech@linaro.org; sumit.semwal@linaro.org; Cyrille Fleury
> >> <cyrille.fleury@nxp.com>; Peter Griffin <peter.griffin@linaro.org>;
> >> linux-kernel@vger.kernel.org; dri-devel@lists.freedesktop.org; Clément
> >> Faure <clement.faure@nxp.com>; christian.koenig@amd.com
> >> Subject: Re: [EXT] Re: [PATCH v2 1/1] tee: new ioctl to a register
> >> tee_shm from a dmabuf file descriptor
> >>
> >> On 2/3/23 15:12, Cyrille Fleury wrote:
> >> Hi all,
> >>
> >> >On 2/3/23 12:37, Etienne Carriere wrote:
> >> >> Hell all,
> >> >>
> >> >> +jerome f.
> >> >>
> >> >> On Fri, 3 Feb 2023 at 12:01, Olivier Masse <olivier.masse@nxp.com> wrote:
> >> >>>
> >> >>> On jeu., 2023-02-02 at 10:58 +0100, Etienne Carriere wrote:
> >> >>>> Caution: EXT Email
> >> >>>>
> >> >>>> On Thu, 2 Feb 2023 at 09:35, Sumit Garg <sumit.garg@linaro.org>
> >> >>>> wrote:
> >> >>>>> Hi Cyrille,
> >> >>>>>
> >> >>>>> Please don't top post as it makes it harder to follow-up.
> >> >>>>>
> >> >>>>> On Thu, 2 Feb 2023 at 13:26, Cyrille Fleury
> >> >>>>> <cyrille.fleury@nxp.com
> >> >>>>>> wrote:
> >> >>>>>> Hi Sumit, all
> >> >>>>>>
> >> >>>>>> Upstream OP-TEE should support registering a dmabuf since a
> >> >>>>>> while, given how widely dmabuf is used in Linux for passing
> >> >>>>>> buffers around between devices.
> >> >>>>>>
> >> >>>>>> Purpose of the new register_tee_shm ioctl is to allow OPTEE to
> >> >>>>>> use memory allocated from the exiting linux dma buffer. We
> >> >>>>>> don't need to have secure dma-heap up streamed.
> >> >>>>>>
> >> >>>>>> You mentioned secure dma-buffer, but secure dma-buffer is a
> >> >>>>>> dma- buffer, so the work to be done for secure or "regular" dma
> >> >>>>>> buffers by the register_tee_shm ioctl is 100% the same.
> >> >>>>>>
> >> >>>>>> The scope of this ioctl is limited to what existing upstream
> >> >>>>>> dma- buffers are:
> >> >>>>>>         -> sharing buffers for hardware (DMA) access across
> >> >>>>>> multiple device drivers and subsystems, and for synchronizing
> >> >>>>>> asynchronous hardware access.
> >> >>>>>>        -> It means continuous memory only.
> >> >>>>>>
> >> >>>>>> So if we reduce the scope of register tee_shm to exiting dma-
> >> >>>>>> buffer area, the current patch does the job.
> >> >>>>>
> >> >>>>> Do you have a corresponding real world use-case supported by
> >> >>>>> upstream OP-TEE? AFAIK, the Secure Data Path (SDP) use-case is
> >> >>>>> the one supported in OP-TEE upstream but without secure dmabuf
> >> >>>>> heap [1] available, the new ioctl can't be exercised.
> >> >>>>>
> >> >>>>> [1]
> >> >>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%
> >> >>>>> 2Fg%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41e
> >> >>>>> dd81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6
> >> >>>>> 38118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> >> >>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
> >> >>>>> ta=tBh3qNiinzTn%2BgqE8IvGw%2BYvRvo8ztDt4W4O0noEkk8%3D&reserved=0
> >> >>>>> ithub.com%2FOP-TEE%2Foptee_test%2Fblob%2Fmaster%2Fhost%2Fxtest%2
> >> >>>>> Fsd
> >> >>>>> p_basic.h%23L15&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962
> >> >>>>> fb5
> >> >>>>> 8f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7
> >> >>>>> C0%
> >> >>>>> 7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA
> >> >>>>> iLC
> >> >>>>> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
> >> >>>>> ta=
> >> >>>>> UNB88rvmhQ5qRoIGN%2FpS4cQTES5joM8AjoyAAYzPKl0%3D&reserved=0
> >> >>>>
> >> >>>> OP-TEE has some SDP test taht can exercice SDP: 'xtest
> >> >>>> regression_1014'.
> >> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2
> >> >>>> Fgi%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41ed
> >> >>>> d81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638
> >> >>>> 118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
> >> >>>> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%
> >> >>>> 2FDGLzwTOc5%2F30%2BLy4bBVckK0fRJRsvuGcUvp6bfW9Tg%3D&reserved=0
> >> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fr
> >> >>>> egr
> >> >>>> ession_1000.c%23L1256&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9
> >> >>>> ff9
> >> >>>> 62fb58f6401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7
> >> >>>> C0%
> >> >>>> 7C0%7C638110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> >> >>>> MDA
> >> >>>> iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> >> >>>> dat
> >> >>>> a=e%2B40rwWvtvVFG8aWZNeu%2FgjMXXvZ3pRhJfHLkdurovs%3D&reserved=0
> >> >>>>
> >> >>>> The test relies on old staged ION + local secure dmabuf heaps no
> >> >>>> more maintained, so this test is currently not functional.
> >> >>>> If we upgrade the test to mainline dmabuf alloc means, and apply
> >> >>>> the change discussed here, we should be able to regularly test
> >> >>>> SDP in OP-TEE project CI.
> >> >>>> The part to update is the userland allocation of the dmabuf:
> >> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2
> >> >>>> Fgi%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41ed
> >> >>>> d81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638
> >> >>>> 118829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
> >> >>>> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%
> >> >>>> 2FDGLzwTOc5%2F30%2BLy4bBVckK0fRJRsvuGcUvp6bfW9Tg%3D&reserved=0
> >> >>>> thub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fs
> >> >>>> dp_
> >> >>>> basic.c%23L91&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb5
> >> >>>> 8f6
> >> >>>> 401c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7
> >> >>>> C63
> >> >>>> 8110243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ
> >> >>>> Ijo
> >> >>>> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5rP
> >> >>>> V1j
> >> >>>> qzqjVh2N5pdUW41YwF6EkgIDwfhyfYkgmtdZI%3D&reserved=0
> >> >>>>
> >> >>>>
> >> >>>
> >> >>> the test was already updated to support secure dma heap with
> >> >>> Kernel version 5.11 and higher. the userland allocation could be find here:
> >> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> >> >>> git%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41edd
> >> >>> 81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
> >> >>> 8829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> >> >>> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dUNus
> >> >>> R9w0TlzTRiqUUhU8yo%2BUF7QPhsx5t8GQuAA1SU%3D&reserved=0
> >> >>> hub.com%2FOP-TEE%2Foptee_test%2Fblob%2F3.20.0%2Fhost%2Fxtest%2Fsdp
> >> >>> _ba
> >> >>> sic.c%23L153&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f
> >> >>> 640
> >> >>> 1c597808db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63
> >> >>> 811
> >> >>> 0243232457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> >> >>> V2l
> >> >>> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=01H96n47
> >> >>> K6R
> >> >>> mBKZQhRdcqX3nE5VBHOXNfGuMmmkVSvc%3D&reserved=0
> >> >>>
> >> >>
> >> >> Oh, right. So fine, optee_test is ready for the new flavor of
> >> >> secure buffer fd's.
> >> >>
> >> >>
> >> >>> This upgrade need a Linux dma-buf patch:
> >> >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> >> >>> lor%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C057d956d144a41edd
> >> >>> 81808db0db1c7f9%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C63811
> >> >>> 8829451030288%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> >> >>> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4iomH
> >> >>> K4kPt6A4OmyioiIFD360bGh39o0d2%2BJGyI3WYM%3D&reserved=0
> >> >>> e.kernel.org%2Fall%2F20220805154139.2qkqxwklufjpsfdx%4000037740335
> >> >>> 3%2
> >> >>> FT%2F&data=05%7C01%7Ccyrille.fleury%40nxp.com%7C9ff962fb58f6401c59
> >> >>> 780
> >> >>> 8db05e2a64b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638110243
> >> >>> 232
> >> >>> 457377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
> >> >>> iLC
> >> >>> JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yCS%2BDcuGp%2Ba
> >> >>> fAL
> >> >>> tpw74O1bI0K%2Fwnt%2FOw5ob1ngfDA0E%3D&reserved=0
> >> >>
> >> >> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in
> >> >> our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise
> >> >> SDP in our CI and be ready if dma-buf secure heaps (ref right
> >> >> above) is accepted and merged in mainline kernel?.
> >> >
> >> >How would that help? I mean, when the kernel patches are merged and
> >> >if things break we can make the necessary adjustments in the
> >> >optee_test app or whatever, but in the meantime I don't see much
> >> >point. I suppose the people who are actively developing the patches
> >> >do make sure it works with OP-TEE ;-)
> >> >
> >> >Regards,
> >> >--
> >> >Jerome
> >>
> >> As mentioned in the cover letter, this IOCTL got tested by Jens Wiklander <jens.wiklander@linaro.org>, using Linaro reference board from Hikey 6620:
> >> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> >> s.trustedfirmware.org%2Farchives%2Flist%2Fop-tee%40lists.trustedfirmwa
> >> re.org%2Fthread%2FI3TZN4TBDOUVE567VMMN2TAXGWZNY7S3%2F&data=05%7C01%7Cc
> >> yrille.fleury%40nxp.com%7C057d956d144a41edd81808db0db1c7f9%7C686ea1d3b
> >> c2b4c6fa92cd99c5c301635%7C0%7C0%7C638118829451030288%7CUnknown%7CTWFpb
> >> GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
> >> %3D%7C3000%7C%7C%7C&sdata=EHEVIdfHacDVq%2BCdSYg0Tkm1ekQLEI6Vra4elN0%2F
> >> %2F6I%3D&reserved=0
> >> It also works on i.MX8M EVK boards.
> >>
> >> My understanding today is we are good to upstream this patch, knowing:
> >>      - Upstream OPTEE driver should support registering a dmabuf since a while, given how widely dmabuf is used in Linux for passing buffers around between devices.
> >>      - review is OK
> >>      - test environment is already available in optee-test
> >>      - it has been tested on 2 different platforms
> >>      - the scope of the new ioctl is limited to existing feature in
> >> dma-buffer
> >>
> >> What is missing from this list preventing to upstream ?
> >
> >Please address the comments from Etienne and post a new version of the patch based on the latest kernel. Please try to improve the language in the commit message.
> >
> >Is it possible to update the tests so this can be tested on QEMU in our CI loop? That should help to get the review restarted.
> >
> >Thanks,
> >Jens
> >
>
> Hi Jens
>  Could you point the Etienne comment(s) not addressed by the pull request to add register tee_shm ioctl to linux optee-driver?
>   Last comments from Etienne:
>         -> Oh, right. So fine, optee_test is ready for the new flavor of secure buffer fd's.
>         -> @Jens, @Jerome, do we want to pick the 2 necessary Linux patches in our Linux kernel fork (github.com/linaro-swg/linux.git) to exercise SDP in our CI and be ready if dma-buf secure heaps (ref right above) is accepted and merged in mainline kernel?.

https://lore.kernel.org/lkml/CAN5uoS-nT1Bi0dhf74Hpv9LS6XPeTCdZ7sujAKNjacZ+PNh4xA@mail.gmail.com/

There are four comments quite a bit down into the patch.

Cheers,
Jens