summaryrefslogtreecommitdiff
path: root/drivers/tee
AgeCommit message (Collapse)Author
2023-03-17Merge tag 'amdtee-fix-for-v6.3' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into soc-fixes AMDTEE fix race condition in amdtee_open_session() * tag 'amdtee-fix-for-v6.3' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: amdtee: fix race condition in amdtee_open_session Link: https://lore.kernel.org/r/Y/5ZGX0lSTnZz27E@rayden Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2023-02-28tee: amdtee: fix race condition in amdtee_open_sessionRijo Thomas
There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session(). Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Cc: stable@vger.kernel.org Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2023-02-24Merge tag 'driver-core-6.3-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here is the large set of driver core changes for 6.3-rc1. There's a lot of changes this development cycle, most of the work falls into two different categories: - fw_devlink fixes and updates. This has gone through numerous review cycles and lots of review and testing by lots of different devices. Hopefully all should be good now, and Saravana will be keeping a watch for any potential regression on odd embedded systems. - driver core changes to work to make struct bus_type able to be moved into read-only memory (i.e. const) The recent work with Rust has pointed out a number of areas in the driver core where we are passing around and working with structures that really do not have to be dynamic at all, and they should be able to be read-only making things safer overall. This is the contuation of that work (started last release with kobject changes) in moving struct bus_type to be constant. We didn't quite make it for this release, but the remaining patches will be finished up for the release after this one, but the groundwork has been laid for this effort. Other than that we have in here: - debugfs memory leak fixes in some subsystems - error path cleanups and fixes for some never-able-to-be-hit codepaths. - cacheinfo rework and fixes - Other tiny fixes, full details are in the shortlog All of these have been in linux-next for a while with no reported problems" [ Geert Uytterhoeven points out that that last sentence isn't true, and that there's a pending report that has a fix that is queued up - Linus ] * tag 'driver-core-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (124 commits) debugfs: drop inline constant formatting for ERR_PTR(-ERROR) OPP: fix error checking in opp_migrate_dentry() debugfs: update comment of debugfs_rename() i3c: fix device.h kernel-doc warnings dma-mapping: no need to pass a bus_type into get_arch_dma_ops() driver core: class: move EXPORT_SYMBOL_GPL() lines to the correct place Revert "driver core: add error handling for devtmpfs_create_node()" Revert "devtmpfs: add debug info to handle()" Revert "devtmpfs: remove return value of devtmpfs_delete_node()" driver core: cpu: don't hand-override the uevent bus_type callback. devtmpfs: remove return value of devtmpfs_delete_node() devtmpfs: add debug info to handle() driver core: add error handling for devtmpfs_create_node() driver core: bus: update my copyright notice driver core: bus: add bus_get_dev_root() function driver core: bus: constify bus_unregister() driver core: bus: constify some internal functions driver core: bus: constify bus_get_kset() driver core: bus: constify bus_register/unregister_notifier() driver core: remove private pointer from struct bus_type ...
2023-02-13tee: Remove call to get_kernel_pages()Ira Weiny
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack: trusted_instantiate() trusted_payload_alloc() -> GFP_KERNEL <trusted key op> tee_shm_register_kernel_buf() register_shm_helper() shm_get_kernel_pages() Where <trusted key op> is one of: trusted_key_unseal() trusted_key_get_random() trusted_key_seal() Because the pages can't be from highmem get_kernel_pages() boils down to a get_page() call. Remove the get_kernel_pages() call and open code the get_page(). In case a highmem page does slip through warn on once for a kmap'ed address. Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2023-02-13tee: Remove vmalloc page supportIra Weiny
The kernel pages used by shm_get_kernel_pages() are allocated using GFP_KERNEL through the following call stack: trusted_instantiate() trusted_payload_alloc() -> GFP_KERNEL <trusted key op> tee_shm_register_kernel_buf() register_shm_helper() shm_get_kernel_pages() Where <trusted key op> is one of: trusted_key_unseal() trusted_key_get_random() trusted_key_seal() Remove the vmalloc page support from shm_get_kernel_pages(). Replace with a warn on once. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2023-01-27driver core: make struct bus_type.uevent() take a const *Greg Kroah-Hartman
The uevent() callback in struct bus_type should not be modifying the device that is passed into it, so mark it as a const * and propagate the function signature changes out into all relevant subsystems that use this callback. Acked-by: Rafael J. Wysocki <rafael@kernel.org> Acked-by: Hans de Goede <hdegoede@redhat.com> Link: https://lore.kernel.org/r/20230111113018.459199-16-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-12Merge tag 'soc-drivers-6.2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM SoC driver updates from Arnd Bergmann: "There are few major updates in the SoC specific drivers, mainly the usual reworks and support for variants of the existing SoC. While this remains Arm centric for the most part, the branch now also contains updates to risc-v and loongarch specific code in drivers/soc/. Notable changes include: - Support for the newly added Qualcomm Snapdragon variants (MSM8956, MSM8976, SM6115, SM4250, SM8150, SA8155 and SM8550) in the soc ID, rpmh, rpm, spm and powerdomain drivers. - Documentation for the somewhat controversial qcom,board-id properties that are required for booting a number of machines - A new SoC identification driver for the loongson-2 (loongarch) platform - memory controller updates for stm32, tegra, and renesas. - a new DT binding to better describe LPDDR2/3/4/5 chips in the memory controller subsystem - Updates for Tegra specific drivers across multiple subsystems, improving support for newer SoCs and better identification - Minor fixes for Broadcom, Freescale, Apple, Renesas, Sifive, TI, Mediatek and Marvell SoC drivers" * tag 'soc-drivers-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (137 commits) soc: qcom: socinfo: Add SM6115 / SM4250 SoC IDs to the soc_id table dt-bindings: arm: qcom,ids: Add SoC IDs for SM6115 / SM4250 and variants soc: qcom: socinfo: Add SM8150 and SA8155 SoC IDs to the soc_id table dt-bindings: arm: qcom,ids: Add SoC IDs for SM8150 and SA8155 dt-bindings: soc: qcom: apr: document generic qcom,apr compatible soc: qcom: Select REMAP_MMIO for ICC_BWMON driver soc: qcom: Select REMAP_MMIO for LLCC driver soc: qcom: rpmpd: Add SM4250 support dt-bindings: power: rpmpd: Add SM4250 support dt-bindings: soc: qcom: aoss: Add compatible for SM8550 soc: qcom: llcc: Add configuration data for SM8550 dt-bindings: arm: msm: Add LLCC compatible for SM8550 soc: qcom: llcc: Add v4.1 HW version support soc: qcom: socinfo: Add SM8550 ID soc: qcom: rpmh-rsc: Avoid unnecessary checks on irq-done response soc: qcom: rpmh-rsc: Add support for RSC v3 register offsets soc: qcom: rpmhpd: Add SM8550 power domains dt-bindings: power: rpmpd: Add SM8550 to rpmpd binding soc: qcom: socinfo: Add MSM8956/76 SoC IDs to the soc_id table dt-bindings: arm: qcom,ids: Add SoC IDs for MSM8956 and MSM8976 ...
2022-11-21Merge tag 'optee-for-6.2' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into soc/drivers Add missing __init/__exit annotations to OP-TEE driver * tag 'optee-for-6.2' of https://git.linaro.org/people/jens.wiklander/linux-tee: optee: Add __init/__exit annotations to module init/exit funcs Link: https://lore.kernel.org/r/Y3d4CHWl3Ofx5OrX@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-11-17tee: optee: fix possible memory leak in optee_register_device()Yang Yingliang
If device_register() returns error in optee_register_device(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and optee_device is freed in optee_release_device(). Fixes: c3fa24af9244 ("tee: optee: add TEE bus device enumeration support") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-10-11optee: Add __init/__exit annotations to module init/exit funcsXiu Jianfeng
Add missing __init/__exit annotations to module init/exit funcs. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-10-10Merge tag 'mm-stable-2022-10-08' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull MM updates from Andrew Morton: - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in linux-next for a couple of months without, to my knowledge, any negative reports (or any positive ones, come to that). - Also the Maple Tree from Liam Howlett. An overlapping range-based tree for vmas. It it apparently slightly more efficient in its own right, but is mainly targeted at enabling work to reduce mmap_lock contention. Liam has identified a number of other tree users in the kernel which could be beneficially onverted to mapletrees. Yu Zhao has identified a hard-to-hit but "easy to fix" lockdep splat at [1]. This has yet to be addressed due to Liam's unfortunately timed vacation. He is now back and we'll get this fixed up. - Dmitry Vyukov introduces KMSAN: the Kernel Memory Sanitizer. It uses clang-generated instrumentation to detect used-unintialized bugs down to the single bit level. KMSAN keeps finding bugs. New ones, as well as the legacy ones. - Yang Shi adds a userspace mechanism (madvise) to induce a collapse of memory into THPs. - Zach O'Keefe has expanded Yang Shi's madvise(MADV_COLLAPSE) to support file/shmem-backed pages. - userfaultfd updates from Axel Rasmussen - zsmalloc cleanups from Alexey Romanov - cleanups from Miaohe Lin: vmscan, hugetlb_cgroup, hugetlb and memory-failure - Huang Ying adds enhancements to NUMA balancing memory tiering mode's page promotion, with a new way of detecting hot pages. - memcg updates from Shakeel Butt: charging optimizations and reduced memory consumption. - memcg cleanups from Kairui Song. - memcg fixes and cleanups from Johannes Weiner. - Vishal Moola provides more folio conversions - Zhang Yi removed ll_rw_block() :( - migration enhancements from Peter Xu - migration error-path bugfixes from Huang Ying - Aneesh Kumar added ability for a device driver to alter the memory tiering promotion paths. For optimizations by PMEM drivers, DRM drivers, etc. - vma merging improvements from Jakub Matěn. - NUMA hinting cleanups from David Hildenbrand. - xu xin added aditional userspace visibility into KSM merging activity. - THP & KSM code consolidation from Qi Zheng. - more folio work from Matthew Wilcox. - KASAN updates from Andrey Konovalov. - DAMON cleanups from Kaixu Xia. - DAMON work from SeongJae Park: fixes, cleanups. - hugetlb sysfs cleanups from Muchun Song. - Mike Kravetz fixes locking issues in hugetlbfs and in hugetlb core. Link: https://lkml.kernel.org/r/CAOUHufZabH85CeUN-MEMgL8gJGzJEWUrkiM58JkTbBhh-jew0Q@mail.gmail.com [1] * tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (555 commits) hugetlb: allocate vma lock for all sharable vmas hugetlb: take hugetlb vma_lock when clearing vma_lock->vma pointer hugetlb: fix vma lock handling during split vma and range unmapping mglru: mm/vmscan.c: fix imprecise comments mm/mglru: don't sync disk for each aging cycle mm: memcontrol: drop dead CONFIG_MEMCG_SWAP config symbol mm: memcontrol: use do_memsw_account() in a few more places mm: memcontrol: deprecate swapaccounting=0 mode mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled mm/secretmem: remove reduntant return value mm/hugetlb: add available_huge_pages() func mm: remove unused inline functions from include/linux/mm_inline.h selftests/vm: add selftest for MADV_COLLAPSE of uffd-minor memory selftests/vm: add file/shmem MADV_COLLAPSE selftest for cleared pmd selftests/vm: add thp collapse shmem testing selftests/vm: add thp collapse file and tmpfs testing selftests/vm: modularize thp collapse memory operations selftests/vm: dedup THP helpers mm/khugepaged: add tracepoint to hpage_collapse_scan_file() mm/madvise: add file and shmem support to MADV_COLLAPSE ...
2022-10-06Merge tag 'arm-drivers-6.1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM driver updates from Arnd Bergmann: "The drivers branch for 6.1 is a bit larger than for most releases. Most of the changes come from SoC maintainers for the drivers/soc subsystem: - A new driver for error handling on the NVIDIA Tegra 'control backbone' bus. - A new driver for Qualcomm LLCC/DDR bandwidth measurement - New Rockchip rv1126 and rk3588 power domain drivers - DT binding updates for memory controllers, older Rockchip SoCs, various Mediatek devices, Qualcomm SCM firmware - Minor updates to Hisilicon LPC bus, the Allwinner SRAM driver, the Apple rtkit firmware driver, Tegra firmware - Minor updates for SoC drivers (Samsung, Mediatek, Renesas, Tegra, Qualcomm, Broadcom, NXP, ...) There are also some separate subsystem with downstream maintainers that merge updates this way: - Various updates and new drivers in the memory controller subsystem for Mediatek and Broadcom SoCs - Small set of changes in preparation to add support for FF-A v1.1 specification later, in the Arm FF-A firmware subsystem - debugfs support in the PSCI firmware subsystem" * tag 'arm-drivers-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (149 commits) ARM: remove check for CONFIG_DEBUG_LL_SER3 firmware/psci: Add debugfs support to ease debugging firmware/psci: Print a warning if PSCI doesn't accept PC mode dt-bindings: memory: snps,dw-umctl2-ddrc: Extend schema with IRQs/resets/clocks props dt-bindings: memory: snps,dw-umctl2-ddrc: Replace opencoded numbers with macros dt-bindings: memory: snps,dw-umctl2-ddrc: Use more descriptive device name dt-bindings: memory: synopsys,ddrc-ecc: Detach Zynq DDRC controller support soc: sunxi: sram: Add support for the D1 system control soc: sunxi: sram: Export the LDO control register soc: sunxi: sram: Save a pointer to the OF match data soc: sunxi: sram: Return void from the release function soc: apple: rtkit: Add apple_rtkit_poll soc: imx: add i.MX93 media blk ctrl driver soc: imx: add i.MX93 SRC power domain driver soc: imx: imx8m-blk-ctrl: Use genpd_xlate_onecell soc: imx: imx8mp-blk-ctrl: handle PCIe PHY resets soc: imx: imx8m-blk-ctrl: add i.MX8MP VPU blk ctrl soc: imx: add i.MX8MP HDMI blk ctrl HDCP/HRV_MWR soc: imx: add icc paths for i.MX8MP hsio/hdmi blk ctrl soc: imx: add icc paths for i.MX8MP media blk ctrl ...
2022-09-26optee: remove vma linked list walkMatthew Wilcox (Oracle)
Use the VMA iterator instead. Change the calling convention of __check_mem_type() to pass in the mm instead of the first vma in the range. Link: https://lkml.kernel.org/r/20220906194824.2110408-39-Liam.Howlett@oracle.com Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Tested-by: Yu Zhao <yuzhao@google.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: SeongJae Park <sj@kernel.org> Cc: Sven Schnelle <svens@linux.ibm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-09-15Merge tag 'ffa-updates-6.1' of ↵Arnd Bergmann
git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/drivers Arm FF-A firmware driver updates for v6.1 Small set of changes in preparation to add support for FF-A v1.1 specification later. It mainly contains: 1. Splitting up ffa_ops into different categories namely information, message and memory. It helps to make info and memory operations independent from ffa_device so thata generic memory management module can use it without specific ffa_dev. 2. Adds support for querying FF-A features and use the same to detect the support for 64-bit operations. 3. Adds v1.1 get_partition_info support and use the same to set up 32-bit execution mode flag automatically. 4. Adds pointer to the ffa_dev_ops in struct ffa_dev and drop ffa_dev_ops_get() which enables to drop ffa_ops in optee_ffa structure using ffa_dev->ops directly. Additionally ffa_dev_ops is renamed as ffa_ops. * tag 'ffa-updates-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: firmware: arm_ffa: Split up ffa_ops into info, message and memory operations firmware: arm_ffa: Set up 32bit execution mode flag using partiion property firmware: arm_ffa: Add v1.1 get_partition_info support firmware: arm_ffa: Rename ffa_dev_ops as ffa_ops firmware: arm_ffa: Make memory apis ffa_device independent firmware: arm_ffa: Use FFA_FEATURES to detect if native versions are supported firmware: arm_ffa: Add support for querying FF-A features firmware: arm_ffa: Remove ffa_dev_ops_get() tee: optee: Drop ffa_ops in optee_ffa structure using ffa_dev->ops directly firmware: arm_ffa: Add pointer to the ffa_dev_ops in struct ffa_dev Link: https://lore.kernel.org/r/20220913100612.2924643-1-sudeep.holla@arm.com Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-09-08firmware: arm_ffa: Split up ffa_ops into info, message and memory operationsSudeep Holla
In preparation to make memory operations accessible for a non ffa_driver/device, it is better to split the ffa_ops into different categories of operations: info, message and memory. The info and memory are ffa_device independent and can be used without any associated ffa_device from a non ffa_driver. However, we don't export these info and memory APIs yet without the user. The first users of these APIs can export them. Link: https://lore.kernel.org/r/20220907145240.1683088-11-sudeep.holla@arm.com Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
2022-09-08firmware: arm_ffa: Rename ffa_dev_ops as ffa_opsSudeep Holla
Except the message APIs, all other APIs are ffa_device independent and can be used without any associated ffa_device from a non ffa_driver. In order to reflect the same, just rename ffa_dev_ops as ffa_ops to avoid any confusion or to keep it simple. Link: https://lore.kernel.org/r/20220907145240.1683088-8-sudeep.holla@arm.com Suggested-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
2022-09-08firmware: arm_ffa: Make memory apis ffa_device independentSudeep Holla
There is a requirement to make memory APIs independent of the ffa_device. One of the use-case is to have a common memory driver that manages the memory for all the ffa_devices. That common memory driver won't be a ffa_driver or won't have any ffa_device associated with it. So having these memory APIs accessible without a ffa_device is needed and should be possible as most of these are handled by the partition manager(SPM or hypervisor). Drop the ffa_device argument to the memory APIs and make them ffa_device independent. Link: https://lore.kernel.org/r/20220907145240.1683088-7-sudeep.holla@arm.com Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
2022-09-08tee: optee: Drop ffa_ops in optee_ffa structure using ffa_dev->ops directlySudeep Holla
Now that the ffa_device structure holds the pointer to ffa_dev_ops, there is no need to obtain the same through ffa_dev_ops_get(). Just use the ffa_dev->ops directly. Since the ffa_device itself carries ffa_dev_ops now, there is no need to keep a copy in optee_ffa structure. Drop ffa_ops in the optee_ffa structure as it is not needed anymore. Link: https://lore.kernel.org/r/20220907145240.1683088-3-sudeep.holla@arm.com Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
2022-08-25tee: fix compiler warning in tee_shm_register()Jens Wiklander
Include <linux/uaccess.h> to avoid the warning: drivers/tee/tee_shm.c: In function 'tee_shm_register': >> drivers/tee/tee_shm.c:242:14: error: implicit declaration of function 'access_ok' [-Werror=implicit-function-declaration] 242 | if (!access_ok((void __user *)addr, length)) | ^~~~~~~~~ cc1: some warnings being treated as errors Fixes: 573ae4f13f63 ("tee: add overflow check in register_shm_helper()") Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-08-18tee: add overflow check in register_shm_helper()Jens Wiklander
With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early. Fixes: 033ddf12bcf5 ("tee: add register user memory") Cc: stable@vger.kernel.org Reported-by: Nimish Mishra <neelam.nimish@gmail.com> Reported-by: Anirban Chakraborty <ch.anirban00727@gmail.com> Reported-by: Debdeep Mukhopadhyay <debdeep.mukhopadhyay@gmail.com> Suggested-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-08tee: tee_get_drvdata(): fix description of return valueMarc Kleine-Budde
This patch fixes the description of tee_get_drvdata()'s return value. It actually returns the driver_data pointer supplied to tee_device_alloc() since the TEE subsystem was added to the kernel. Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") Cc: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-07-08optee: Remove duplicate 'of' in two places.Jiang Jian
file: ./drivers/tee/optee/optee_smc.h line: 192 * a2 Size of of SHM chanegd to * a2 Size of SHM Signed-off-by: Jiang Jian <jiangjian@cdjrlc.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-07-08optee: smc_abi.c: fix wrong pointer passed to IS_ERR/PTR_ERR()Yang Yingliang
In optee_smc_do_call_with_arg() there is a code path when the argument struct for RPC is passed appended to the primary argument struct. When the address of the RPC struct is retrieved there's an invalid check for success. It should be 'rpc_arg' pass to IS_ERR/PTR_ERR(). Fixes: ed8faf6c8f8c ("optee: add OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> [jw: added background to the problem] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-05-30Merge tag 'optee-warning-for-v5.19' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into arm/late Fix a compiler warning in OP-TEE driver * tag 'optee-warning-for-v5.19' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: optee: Pass a pointer to virt_addr_valid() Link: https://lore.kernel.org/r/20220530112612.GA1511426@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-05-30tee: optee: Pass a pointer to virt_addr_valid()Linus Walleij
A pointer into virtual memory is represented by a (void *) not an u32, so the compiler warns: drivers/tee/optee/call.c:365:29: warning: passing argument 1 of 'virt_to_pfn' makes pointer from integer without a cast [-Wint-conversion] Fix this with an explicit cast. Cc: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> [jw: fixed merge conflict] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-05-26Merge tag 'arm-drivers-5.19' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM driver updates from Arnd Bergmann: "There are minor updates to SoC specific drivers for chips by Rockchip, Samsung, NVIDIA, TI, NXP, i.MX, Qualcomm, and Broadcom. Noteworthy driver changes include: - Several conversions of DT bindings to yaml format. - Renesas adds driver support for R-Car V4H, RZ/V2M and RZ/G2UL SoCs. - Qualcomm adds a bus driver for the SSC (Snapdragon Sensor Core), and support for more chips in the RPMh power domains and the soc-id. - NXP has a new driver for the HDMI blk-ctrl on i.MX8MP. - Apple M1 gains support for the on-chip NVMe controller, making it possible to finally use the internal disks. This also includes SoC drivers for their RTKit IPC and for the SART DMA address filter. For other subsystems that merge their drivers through the SoC tree, we have - Firmware drivers for the ARM firmware stack including TEE, OP-TEE, SCMI and FF-A get a number of smaller updates and cleanups. OP-TEE now has a cache for firmware argument structures as an optimization, and SCMI now supports the 3.1 version of the specification. - Reset controller updates to Amlogic, ASpeed, Renesas and ACPI drivers - Memory controller updates for Tegra, and a few updates for other platforms" * tag 'arm-drivers-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (159 commits) memory: tegra: Add MC error logging on Tegra186 onward memory: tegra: Add memory controller channels support memory: tegra: Add APE memory clients for Tegra234 memory: tegra: Add Tegra234 support nvme-apple: fix sparse endianess warnings soc/tegra: pmc: Document core domain fields soc: qcom: pdr: use static for servreg_* variables soc: imx: fix semicolon.cocci warnings soc: renesas: R-Car V3U is R-Car Gen4 soc: imx: add i.MX8MP HDMI blk-ctrl soc: imx: imx8m-blk-ctrl: Add i.MX8MP media blk-ctrl soc: imx: add i.MX8MP HSIO blk-ctrl soc: imx: imx8m-blk-ctrl: set power device name soc: qcom: llcc: Add sc8180x and sc8280xp configurations dt-bindings: arm: msm: Add sc8180x and sc8280xp LLCC compatibles soc/tegra: pmc: Select REGMAP dt-bindings: reset: st,sti-powerdown: Convert to yaml dt-bindings: reset: st,sti-picophyreset: Convert to yaml dt-bindings: reset: socfpga: Convert to yaml dt-bindings: reset: snps,axs10x-reset: Convert to yaml ...
2022-05-06Merge tag 'tee-cleanup-for-v5.19' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers TEE cleanup Removes the old and unused TEE_IOCTL_SHM_* flags Removes unused the unused tee_shm_va2pa() and tee_shm_pa2va() functions * tag 'tee-cleanup-for-v5.19' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: remove flags TEE_IOCTL_SHM_MAPPED and TEE_IOCTL_SHM_DMA_BUF tee: remove tee_shm_va2pa() and tee_shm_pa2va() Link: https://lore.kernel.org/r/20220506070328.GA1344495@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-05-05Merge tag 'optee-rpc-arg-for-v5.19' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers OP-TEE RPC argument cache Adds caching of the OP-TEE argument structure used to pass request to secure world. This reduces quite a bit of unnecessary alloc/free and possibly switching back and forth to secure work in order to register the buffers in some configurations, most notably FF-A. * tag 'optee-rpc-arg-for-v5.19' of https://git.linaro.org/people/jens.wiklander/linux-tee: optee: cache argument shared memory structs optee: add FF-A capability OPTEE_FFA_SEC_CAP_ARG_OFFSET optee: add OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG optee: rename rpc_arg_count to rpc_param_count Link: https://lore.kernel.org/r/20220504201759.GA180315@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-05-05Merge tag 'ffa-updates-5.19' of ↵Arnd Bergmann
git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/drivers Arm FF-A firmware driver updates/fixes for v5.19 Couple of fixes to handle fragmented memory descriptors and incorrect UUID parameter passed to ffa_partition_probe. Another fix deals with the incorrect use of ffa_device's driver_data by the core driver. Apart from these fixes, there is an addition of ffa_dev_get_drvdata helper function and its use in optee driver. * tag 'ffa-updates-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: tee: optee: Use ffa_dev_get_drvdata to fetch driver_data firmware: arm_ffa: Add ffa_dev_get_drvdata helper function firmware: arm_ffa: Remove incorrect assignment of driver_data firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe firmware: arm_ffa: Fix handling of fragmented memory descriptors Link: https://lore.kernel.org/r/20220504112853.3491961-1-sudeep.holla@arm.com Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-05-05Merge tag 'tee-shm-vmalloc-for-v5.19' of ↵Arnd Bergmann
https://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers TEE accept vmalloc()ed buffers for tee_shm_register_kernel_buf() * tag 'tee-shm-vmalloc-for-v5.19' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: make tee_shm_register_kernel_buf vmalloc supported Link: https://lore.kernel.org/r/20220503192916.GA3288817@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-04-29tee: optee: Use ffa_dev_get_drvdata to fetch driver_dataSudeep Holla
Due to lack of an helper like ffa_dev_get_drvdata, this driver was fetching driver_data directly accessing the structure member. Now that we have added an helper, just use the same instead. Link: https://lore.kernel.org/r/20220429113946.2087145-4-sudeep.holla@arm.com Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
2022-04-26tee: remove flags TEE_IOCTL_SHM_MAPPED and TEE_IOCTL_SHM_DMA_BUFAndrew Davis
These look to be leftover from an early edition of this driver. Userspace does not need this information. Checking all users of this that I have access to I have verified no one is using them. They leak internal use flags out to userspace. Even more they are not correct anymore after a45ea4efa358. Lets drop these flags before someone does try to use them for something and they become ABI. Signed-off-by: Andrew Davis <afd@ti.com> Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-26tee: remove tee_shm_va2pa() and tee_shm_pa2va()Andrew Davis
We should not need to index into SHMs based on absolute VA/PA. These functions are not used and this kind of usage should not be encouraged anyway. Remove these functions. Signed-off-by: Andrew Davis <afd@ti.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-25optee: cache argument shared memory structsJens Wiklander
Implements a cache to handle shared memory used to pass the argument struct needed when doing a normal yielding call into secure world. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-13optee: add FF-A capability OPTEE_FFA_SEC_CAP_ARG_OFFSETJens Wiklander
Adds the secure capability OPTEE_FFA_SEC_CAP_ARG_OFFSET to indicate that OP-TEE with FF-A can support an argument struct at a non-zero offset into a passed shared memory object. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-13optee: add OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARGJens Wiklander
Adds OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG where the struct optee_msg_arg to be used for RPC is appended in the memory following the normal argument struct optee_msg_arg. This is an optimization to avoid caching the RPC argument struct while still maintaining similar performance as if it was cached. OPTEE_SMC_CALL_WITH_REGD_ARG optimized one step further by using a registered shared memory object instead. It's in other aspects identical to OPTEE_SMC_CALL_WITH_RPC_ARG. The presence of OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG is indicated by the new OPTEE_SMC_SEC_CAP_RPC_ARG bit returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. OPTEE_SMC_EXCHANGE_CAPABILITIES also reports the number of arguments that the RPC argument struct must have room for. OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_ARG can be used interleaved with difference that when OPTEE_SMC_CALL_WITH_RPC_ARG is used the RPC argument struct to be used is the one appended to the normal argument struct. The same is true for OPTEE_SMC_CALL_WITH_REGD_ARG. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-13optee: rename rpc_arg_count to rpc_param_countJens Wiklander
Renames the field rpc_arg_count in struct optee to rpc_param_count. Function parameter names and local variables are also renamed to match. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-05tee: optee: add missing mutext_destroy in optee_ffa_probeDongliang Mu
The error handling code of optee_ffa_probe misses the mutex_destroy of ffa.mutex when mutext_init succeeds. Fix this by adding mutex_destory of ffa.mutex at the error handling part Fixes: aceeafefff73 ("optee: use driver internal tee_context for some rpc") Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-05tee: make tee_shm_register_kernel_buf vmalloc supportedPhil Chang
In some low-memory devices, it's hard to aquire large-orders pages, this patch allowed user using scatter pages to register shm. Signed-off-by: Phil Chang <phil.chang@mediatek.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-04-05tee: combine "config" and "menu" for TEE's menuconfigJan Engelhardt
Don't let TEE occupy two lines in menuconfig when practically no other (sub)menu does either. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-03-23Merge tag 'arm-drivers-5.18' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM driver updates from Arnd Bergmann: "There are a few separately maintained driver subsystems that we merge through the SoC tree, notable changes are: - Memory controller updates, mainly for Tegra and Mediatek SoCs, and clarifications for the memory controller DT bindings - SCMI firmware interface updates, in particular a new transport based on OPTEE and support for atomic operations. - Cleanups to the TEE subsystem, refactoring its memory management For SoC specific drivers without a separate subsystem, changes include - Smaller updates and fixes for TI, AT91/SAMA5, Qualcomm and NXP Layerscape SoCs. - Driver support for Microchip SAMA5D29, Tesla FSD, Renesas RZ/G2L, and Qualcomm SM8450. - Better power management on Mediatek MT81xx, NXP i.MX8MQ and older NVIDIA Tegra chips" * tag 'arm-drivers-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (154 commits) ARM: spear: fix typos in comments soc/microchip: fix invalid free in mpfs_sys_controller_delete soc: s4: Add support for power domains controller dt-bindings: power: add Amlogic s4 power domains bindings ARM: at91: add support in soc driver for new SAMA5D29 soc: mediatek: mmsys: add sw0_rst_offset in mmsys driver data dt-bindings: memory: renesas,rpc-if: Document RZ/V2L SoC memory: emif: check the pointer temp in get_device_details() memory: emif: Add check for setup_interrupts dt-bindings: arm: mediatek: mmsys: add support for MT8186 dt-bindings: mediatek: add compatible for MT8186 pwrap soc: mediatek: pwrap: add pwrap driver for MT8186 SoC soc: mediatek: mmsys: add mmsys reset control for MT8186 soc: mediatek: mtk-infracfg: Disable ACP on MT8192 soc: ti: k3-socinfo: Add AM62x JTAG ID soc: mediatek: add MTK mutex support for MT8186 soc: mediatek: mmsys: add mt8186 mmsys routing table soc: mediatek: pm-domains: Add support for mt8186 dt-bindings: power: Add MT8186 power domains soc: mediatek: pm-domains: Add support for mt8195 ...
2022-02-25Merge tag 'tee-shm-for-v5.18' of ↵Arnd Bergmann
git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/drivers TEE shared memory cleanup for v5.18 - The TEE shared memory pool based on two pools is replaced with a single somewhat more capable pool. - Replaces tee_shm_alloc() and tee_shm_register() with new functions easier to use and maintain. The TEE subsystem and the TEE drivers are updated to use the new functions instead. - The TEE based Trusted keys routines are updated to use the new simplified functions above. - The OP-TEE based rng driver is updated to use the new simplified functions above. - The TEE_SHM-flags are refactored to better match their usage * tag 'tee-shm-for-v5.18' of git://git.linaro.org:/people/jens.wiklander/linux-tee: tee: refactor TEE_SHM_* flags tee: replace tee_shm_register() KEYS: trusted: tee: use tee_shm_register_kernel_buf() tee: add tee_shm_register_{user,kernel}_buf() optee: add optee_pool_op_free_helper() tee: replace tee_shm_alloc() tee: simplify shm pool handling tee: add tee_shm_alloc_user_buf() tee: remove unused tee_shm_pool_alloc_res_mem() hwrng: optee-rng: use tee_shm_alloc_kernel_buf() optee: use driver internal tee_context for some rpc Link: https://lore.kernel.org/r/20220218184802.GA968155@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-02-18Merge tag 'optee-fix2-for-v5.17' of ↵Arnd Bergmann
git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes OP-TEE fix error return code in probe functions * tag 'optee-fix2-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee: tee: optee: fix error return code in probe function Link: https://lore.kernel.org/r/20220214125931.GA1332792@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-02-16tee: refactor TEE_SHM_* flagsJens Wiklander
Removes the redundant TEE_SHM_DMA_BUF, TEE_SHM_EXT_DMA_BUF, TEE_SHM_MAPPED and TEE_SHM_KERNEL_MAPPED flags. TEE_SHM_REGISTER is renamed to TEE_SHM_DYNAMIC in order to better match its usage. Assigns new values to the remaining flags to void gaps. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16tee: replace tee_shm_register()Jens Wiklander
tee_shm_register() is replaced by the previously introduced functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf(). Since there are not external callers left we can remove tee_shm_register() and refactor the remains. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16tee: add tee_shm_register_{user,kernel}_buf()Jens Wiklander
Adds the two new functions tee_shm_register_user_buf() and tee_shm_register_kernel_buf() which should be used instead of the old tee_shm_register(). This avoids having the caller supplying the flags parameter which exposes a bit more than desired of the internals of the TEE subsystem. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16optee: add optee_pool_op_free_helper()Jens Wiklander
Adds a common helper function to free a tee_shm allocated using the helper function optee_pool_op_alloc_helper(). Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16tee: replace tee_shm_alloc()Jens Wiklander
tee_shm_alloc() is replaced by three new functions, tee_shm_alloc_user_buf() - for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF tee_shm_alloc_kernel_buf() - for kernel mode allocations, slightly optimized compared to using the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF. tee_shm_alloc_priv_buf() - primarily for TEE driver internal use. This also makes the interface easier to use as we can get rid of the somewhat hard to use flags parameter. The TEE subsystem and the TEE drivers are updated to use the new functions instead. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16tee: simplify shm pool handlingJens Wiklander
Replaces the shared memory pool based on two pools with a single pool. The alloc() function pointer in struct tee_shm_pool_ops gets another parameter, align. This makes it possible to make less than page aligned allocations from the optional reserved shared memory pool while still making user space allocations page aligned. With in practice unchanged behaviour using only a single pool for bookkeeping. The allocation algorithm in the static OP-TEE shared memory pool is changed from best-fit to first-fit since only the latter supports an alignment parameter. The best-fit algorithm was previously the default choice and not a conscious one. The optee and amdtee drivers are updated as needed to work with this changed pool handling. This also removes OPTEE_SHM_NUM_PRIV_PAGES which becomes obsolete with this change as the private pages can be mixed with the payload pages. The OP-TEE driver changes minimum alignment for argument struct from 8 bytes to 512 bytes. A typical OP-TEE private shm allocation is 224 bytes (argument struct with 6 parameters, needed for open session). So with an alignment of 512 well waste a bit more than 50%. Before this we had a single page reserved for this so worst case usage compared to that would be 3 pages instead of 1 page. However, this worst case only occurs if there is a high pressure from multiple threads on secure world. All in all this should scale up and down better than fixed boundaries. Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2022-02-16tee: add tee_shm_alloc_user_buf()Jens Wiklander
Adds a new function tee_shm_alloc_user_buf() for user mode allocations, replacing passing the flags TEE_SHM_MAPPED | TEE_SHM_DMA_BUF to tee_shm_alloc(). Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>