From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sumit Garg <sumit.garg@linaro.org>,
Tyler Hicks <tyhicks@linux.microsoft.com>,
Jens Wiklander <jens.wiklander@linaro.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 02/19] tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
Date: Fri, 13 Aug 2021 17:07:19 +0200 [thread overview]
Message-ID: <20210813150522.708120827@linuxfoundation.org> (raw)
In-Reply-To: <20210813150522.623322501@linuxfoundation.org>
From: Sumit Garg <sumit.garg@linaro.org>
[ Upstream commit 376e4199e327a5cf29b8ec8fb0f64f3d8b429819 ]
Currently TEE_SHM_DMA_BUF flag has been inappropriately used to not
register shared memory allocated for private usage by underlying TEE
driver: OP-TEE in this case. So rather add a new flag as TEE_SHM_PRIV
that can be utilized by underlying TEE drivers for private allocation
and usage of shared memory.
With this corrected, allow tee_shm_alloc_kernel_buf() to allocate a
shared memory region without the backing of dma-buf.
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Co-developed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/optee/call.c | 2 +-
drivers/tee/optee/core.c | 3 ++-
drivers/tee/optee/rpc.c | 5 +++--
drivers/tee/optee/shm_pool.c | 8 ++++++--
drivers/tee/tee_shm.c | 4 ++--
include/linux/tee_drv.h | 1 +
6 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c
index 1231ce56e712..f8f1594bea43 100644
--- a/drivers/tee/optee/call.c
+++ b/drivers/tee/optee/call.c
@@ -181,7 +181,7 @@ static struct tee_shm *get_msg_arg(struct tee_context *ctx, size_t num_params,
struct optee_msg_arg *ma;
shm = tee_shm_alloc(ctx, OPTEE_MSG_GET_ARG_SIZE(num_params),
- TEE_SHM_MAPPED);
+ TEE_SHM_MAPPED | TEE_SHM_PRIV);
if (IS_ERR(shm))
return shm;
diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 7b17248f1527..823a81d8ff0e 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -278,7 +278,8 @@ static void optee_release(struct tee_context *ctx)
if (!ctxdata)
return;
- shm = tee_shm_alloc(ctx, sizeof(struct optee_msg_arg), TEE_SHM_MAPPED);
+ shm = tee_shm_alloc(ctx, sizeof(struct optee_msg_arg),
+ TEE_SHM_MAPPED | TEE_SHM_PRIV);
if (!IS_ERR(shm)) {
arg = tee_shm_get_va(shm, 0);
/*
diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
index 6cbb3643c6c4..9dbdd783d6f2 100644
--- a/drivers/tee/optee/rpc.c
+++ b/drivers/tee/optee/rpc.c
@@ -313,7 +313,7 @@ static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx,
shm = cmd_alloc_suppl(ctx, sz);
break;
case OPTEE_MSG_RPC_SHM_TYPE_KERNEL:
- shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED);
+ shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED | TEE_SHM_PRIV);
break;
default:
arg->ret = TEEC_ERROR_BAD_PARAMETERS;
@@ -501,7 +501,8 @@ void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param,
switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) {
case OPTEE_SMC_RPC_FUNC_ALLOC:
- shm = tee_shm_alloc(ctx, param->a1, TEE_SHM_MAPPED);
+ shm = tee_shm_alloc(ctx, param->a1,
+ TEE_SHM_MAPPED | TEE_SHM_PRIV);
if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) {
reg_pair_from_64(¶m->a1, ¶m->a2, pa);
reg_pair_from_64(¶m->a4, ¶m->a5,
diff --git a/drivers/tee/optee/shm_pool.c b/drivers/tee/optee/shm_pool.c
index da06ce9b9313..c41a9a501a6e 100644
--- a/drivers/tee/optee/shm_pool.c
+++ b/drivers/tee/optee/shm_pool.c
@@ -27,7 +27,11 @@ static int pool_op_alloc(struct tee_shm_pool_mgr *poolm,
shm->paddr = page_to_phys(page);
shm->size = PAGE_SIZE << order;
- if (shm->flags & TEE_SHM_DMA_BUF) {
+ /*
+ * Shared memory private to the OP-TEE driver doesn't need
+ * to be registered with OP-TEE.
+ */
+ if (!(shm->flags & TEE_SHM_PRIV)) {
unsigned int nr_pages = 1 << order, i;
struct page **pages;
@@ -60,7 +64,7 @@ err:
static void pool_op_free(struct tee_shm_pool_mgr *poolm,
struct tee_shm *shm)
{
- if (shm->flags & TEE_SHM_DMA_BUF)
+ if (!(shm->flags & TEE_SHM_PRIV))
optee_shm_unregister(shm->ctx, shm);
free_pages((unsigned long)shm->kaddr, get_order(shm->size));
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index c65e44707cd6..8a9384a64f3e 100644
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -117,7 +117,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags)
return ERR_PTR(-EINVAL);
}
- if ((flags & ~(TEE_SHM_MAPPED | TEE_SHM_DMA_BUF))) {
+ if ((flags & ~(TEE_SHM_MAPPED | TEE_SHM_DMA_BUF | TEE_SHM_PRIV))) {
dev_err(teedev->dev.parent, "invalid shm flags 0x%x", flags);
return ERR_PTR(-EINVAL);
}
@@ -207,7 +207,7 @@ EXPORT_SYMBOL_GPL(tee_shm_alloc);
*/
struct tee_shm *tee_shm_alloc_kernel_buf(struct tee_context *ctx, size_t size)
{
- return tee_shm_alloc(ctx, size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
+ return tee_shm_alloc(ctx, size, TEE_SHM_MAPPED);
}
EXPORT_SYMBOL_GPL(tee_shm_alloc_kernel_buf);
diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
index 9b24cc3d3024..459e9a76d7e6 100644
--- a/include/linux/tee_drv.h
+++ b/include/linux/tee_drv.h
@@ -27,6 +27,7 @@
#define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */
#define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */
#define TEE_SHM_KERNEL_MAPPED BIT(6) /* Memory mapped in kernel space */
+#define TEE_SHM_PRIV BIT(7) /* Memory private to TEE driver */
struct device;
struct tee_device;
--
2.30.2
next prev parent reply other threads:[~2021-08-13 15:17 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-13 15:07 [PATCH 5.10 00/19] 5.10.59-rc1 review Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 01/19] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB Greg Kroah-Hartman
2021-08-13 15:07 ` Greg Kroah-Hartman [this message]
2021-08-13 15:07 ` [PATCH 5.10 03/19] firmware: tee_bnxt: Release TEE shm, session, and context during kexec Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 04/19] bpf: Add _kernel suffix to internal lockdown_bpf_read Greg Kroah-Hartman
2021-08-13 19:55 ` Pavel Machek
2021-08-13 21:57 ` Daniel Borkmann
2021-08-15 11:42 ` Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 05/19] bpf: Add lockdown check for probe_write_user helper Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 06/19] Revert "selftests/resctrl: Use resctrl/info for feature detection" Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 07/19] mm: make zone_to_nid() and zone_set_nid() available for DISCONTIGMEM Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 08/19] arm64: dts: renesas: rzg2: Add usb2_clksel to RZ/G2 M/N/H Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 09/19] arm64: dts: renesas: beacon: Fix USB extal reference Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 10/19] arm64: dts: renesas: beacon: Fix USB ref clock references Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 11/19] vboxsf: Honor excl flag to the dir-inode create op Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 12/19] vboxsf: Make vboxsf_dir_create() return the handle for the created file Greg Kroah-Hartman
2021-08-13 19:31 ` Pavel Machek
2021-08-15 11:43 ` Greg Kroah-Hartman
2021-08-15 13:57 ` Hans de Goede
2021-08-16 8:49 ` Greg Kroah-Hartman
2021-08-17 15:52 ` Sudip Mukherjee
2021-08-17 18:21 ` Hans de Goede
2021-08-13 15:07 ` [PATCH 5.10 13/19] USB:ehci:fix Kunpeng920 ehci hardware problem Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 14/19] ALSA: pcm: Fix mmap breakage without explicit buffer setup Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 15/19] ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 16/19] ALSA: hda: Add quirk for ASUS Flow x13 Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 17/19] ppp: Fix generating ppp unit id when ifname is not specified Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 18/19] ovl: prevent private clone if bind mount is not allowed Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 5.10 19/19] net: xilinx_emaclite: Do not print real IOMEM pointer Greg Kroah-Hartman
2021-08-13 23:24 ` [PATCH 5.10 00/19] 5.10.59-rc1 review Shuah Khan
2021-08-14 11:07 ` Sudip Mukherjee
2021-08-14 11:35 ` Naresh Kamboju
2021-08-14 15:08 ` Fox Chen
2021-08-14 18:16 ` Guenter Roeck
2021-08-15 19:48 ` Pavel Machek
2021-08-16 3:03 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210813150522.708120827@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jens.wiklander@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=sumit.garg@linaro.org \
--cc=tyhicks@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).