From patchwork Tue Dec 12 02:46:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177053 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475228vqy; Mon, 11 Dec 2023 18:46:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IGPe32ErWBaFUfh/2u7IZlTJD/Gu2cT4OEPxa3rV91JF+iOwp7pfCFHoI4axT7/30bIJcrG X-Received: by 2002:a05:6870:d88c:b0:1fb:75a:de54 with SMTP id oe12-20020a056870d88c00b001fb075ade54mr6679739oac.66.1702349217969; Mon, 11 Dec 2023 18:46:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349217; cv=none; d=google.com; s=arc-20160816; b=kdfIjTfl+wYIaewFo3I5xVh43Q/9e9WcFBecy3BytN/DLaCAiapo/+jWtXhuATFGLH m8fEqjiC1CRf7FzkylagL2T9oV357Jt8FElNgLgV7AuGs0AySPK9QlCHnGKh1fvYjHOO kdWNE9DTCcWlRFTR3F6Zhmm4EJQNKqQrwhuRHBmx98/68cD/TgwvTnnrEXa7vEX7pU/U 0hsicujNW3n4klUpF6YiHbTY0AM8a+eNdrA0z7abrm0Xrdgq040DYDEsFnIfz0K3QjIJ VAuX+sLwUHBzQYqyMdzm5TolGuzpsAcIVI/SHBavGmwJNTcdcuWX0BI3ElwACMAl1PXj wqOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HYHZew6lf/mOP5U23ofsnX7zKCjL+zhlga53OrTPXp0=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=0NBEIXk3bdEArk6wIKrWazLixcxwnQeIUNpxDQWDZI0F4uYMsDeKZL+VSDD4+Lo2rJ CNrzGkLzmlaK50nr7k3Pqkqd7cVduicZrBQLkN1WvsOWrKM/R4xG9VXeQk31xA5IwSl7 2f+V/Czv33WDEXwVmahiOEX6QJJXT7MLAxcRCmcSd2s2Yy9cJPOvyZ+EoHgyxiqkKti+ DHLzP/XixruiZZRlLaNGB8qc5VjN6Mqv9OvimzZDXG/Ryjr7ggypMXKNBFmb/NVblx/v N03/G/PZ09sTF6KD5xuozxCt6rUV1L5KXyl0p66moyNybNuk1OLMw8kSwDPSTgiXy0mI 6sow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=bCsofGBP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id c4-20020a63ef44000000b005824bad8f81si6939827pgk.853.2023.12.11.18.46.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:46:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=bCsofGBP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 68313807E406; Mon, 11 Dec 2023 18:46:55 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345741AbjLLCqk (ORCPT + 99 others); Mon, 11 Dec 2023 21:46:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231250AbjLLCqi (ORCPT ); Mon, 11 Dec 2023 21:46:38 -0500 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CB05BA; Mon, 11 Dec 2023 18:46:41 -0800 (PST) X-UUID: aa51f970989811eea5db2bebc7c28f94-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=HYHZew6lf/mOP5U23ofsnX7zKCjL+zhlga53OrTPXp0=; b=bCsofGBPHdWhd4pb91y8U9CLi9zWC80773HK7n1jye/bfyTZjLtl/pl5oC+jjD7T2Lq21b4CDHJZJuuv4w0kmUCk8FafAGQeIKdwlffubpR4KpZoNKTiAAsfYIdl3X3mRGZmzp+13CPClmUh+OC9EfWslitTllzUeULPLR0ipF0=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:15359fc6-cf38-4a33-95ca-b761993bbad5,IP:0,U RL:25,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:25 X-CID-META: VersionHash:5d391d7,CLOUDID:1dd98efd-4a48-46e2-b946-12f04f20af8c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR: NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_ULN X-UUID: aa51f970989811eea5db2bebc7c28f94-20231212 Received: from mtkmbs14n2.mediatek.inc [(172.21.101.76)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 413819834; Tue, 12 Dec 2023 10:46:35 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n2.mediatek.inc (172.21.101.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:46:34 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:46:33 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek,dynamic-secure-region Date: Tue, 12 Dec 2023 10:46:01 +0800 Message-ID: <20231212024607.3681-2-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:46:55 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042533421139654 X-GMAIL-MSGID: 1785042533421139654 Add a binding for describing the dynamic secure reserved memory range. The memory range also will be defined in the TEE firmware. It means the TEE will be configured with the same address/size that is being set in this DT node. Regarding to the detail TEE command, Please search MTK_TZCMD_SECMEM_ZALLOC and MTK_TZCMD_SECMEM_FREE. Signed-off-by: Yong Wu --- .../mediatek,dynamic-secure-region.yaml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-secure-region.yaml diff --git a/Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-secure-region.yaml b/Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-secure-region.yaml new file mode 100644 index 000000000000..4a735aeafc62 --- /dev/null +++ b/Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-secure-region.yaml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/reserved-memory/mediatek,dynamic-secure-region.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: MediaTek Dynamic Reserved Region + +description: + A memory region that can dynamically transition as a whole between + secure and non-secure states. This memory will be protected by OP-TEE + when allocations are active and unprotected otherwise. + +maintainers: + - Yong Wu + +allOf: + - $ref: reserved-memory.yaml + +properties: + compatible: + const: mediatek,dynamic-secure-region + +required: + - compatible + - reg + - reusable + +unevaluatedProperties: false + +examples: + - | + reserved-memory { + #address-cells = <1>; + #size-cells = <1>; + ranges; + + reserved-memory@80000000 { + compatible = "mediatek,dynamic-secure-region"; + reg = <0x80000000 0x18000000>; + reusable; + }; + }; From patchwork Tue Dec 12 02:46:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177055 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475342vqy; Mon, 11 Dec 2023 18:47:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IHSDn/O8KTvEouNzzZWnx6+6NYM0ol+S9kHeGEbGFcgHdliTSCBayOcrqjAjEiLJ697o+64 X-Received: by 2002:a9d:7d84:0:b0:6d8:7ee8:29b8 with SMTP id j4-20020a9d7d84000000b006d87ee829b8mr5667956otn.8.1702349241268; Mon, 11 Dec 2023 18:47:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349241; cv=none; d=google.com; s=arc-20160816; b=NnRO1WwLxXjLnOO1u0G/snJ6gKVyHd52oo2KEPG+Cq22cNZlsIO+T/ZjA+KhwcokK2 fGdRV9Dkp1SDuRmuRs24uZC62KUnFQCXFvriXleBTVfXzTS0xbob8fqeK96tkqy3EZJS sW1NRbfiSg6YjWclkPp8WELaju8b/rWsd3bSglJRKvf1N7eqmvG+cRQzgp1gk3chNMeX Yr6VIiuzk6Ch0bs+m8zK4tVGYPe18YppjUDut/ILHllQ+4E+YTksQdd9q/IgbogQWM0d HrqEcXnnXQfmZ9vggLs2twE5LfF7UXApp7MjFOJtX/FVz44xEq+LzhYmodaT8b4jFCTd g3RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IUt8l+91IoXVo1cpDt79bjGAdJRilmTqvcbGtD1y4Uw=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=mbsLtPHtyWk5/ngQcJ7g5EPsOoD5OAKkEZ1woz6TaGj8eTLI4YAKb51LQhlD3cKqW4 ba+Yvq+VwU3ADUsnk9Lmhb0uP8/Zs8qWAn7M9SPMEMJBfIvfCnPf33Q47hKqwG+XEE0F 73bNcPXLTd7bORbdOPYOPSNv8bVR+N4mksFoVq9qo9oFc4MrQS64Tz+5nHGO2ZBTIAUB zd6zoz/t2hZEIJxR6+kOIphTBOZ33knmDTAE9oDn8gBT6anEd2SlBCcuPx8ggGw5nx4W AHVuxDG4YS4NaoxD6Jv5sCqiG2kbed0xRoYjWio0eq7u5KwOPGhHwX0bbYLkiyEb2uvZ AVig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=L3KsD28y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id k16-20020a63d850000000b005740b4723f9si7029644pgj.811.2023.12.11.18.47.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:47:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=L3KsD28y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id AA9CE80338AB; Mon, 11 Dec 2023 18:47:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345766AbjLLCqu (ORCPT + 99 others); Mon, 11 Dec 2023 21:46:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345731AbjLLCqt (ORCPT ); Mon, 11 Dec 2023 21:46:49 -0500 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56F69EB; Mon, 11 Dec 2023 18:46:51 -0800 (PST) X-UUID: b1320406989811eea5db2bebc7c28f94-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=IUt8l+91IoXVo1cpDt79bjGAdJRilmTqvcbGtD1y4Uw=; b=L3KsD28ySxOB1TVEHChyB0MKuFtyte//kfSf8RafnC2KdbIKzaZ7EQwyuWeOtR1N9Jl+n1eNGxDxucPhdwajRMqOPaoOa+uGkpehD23dAMUrGJWElck3EWtETwLUIwyAgp4rmjbgDw1X0SiMIc1MMZtnq2WM+G3vpLAwfaflyaE=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:0a8b12e0-5d37-4538-be00-ad48219a3b2b,IP:0,U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:5d391d7,CLOUDID:ec85ad73-1bd3-4f48-b671-ada88705968c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR: NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_ULN X-UUID: b1320406989811eea5db2bebc7c28f94-20231212 Received: from mtkmbs14n1.mediatek.inc [(172.21.101.75)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 154741472; Tue, 12 Dec 2023 10:46:47 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:46:45 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:46:44 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 2/7] dma-buf: heaps: Initialize a secure heap Date: Tue, 12 Dec 2023 10:46:02 +0800 Message-ID: <20231212024607.3681-3-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-TM-AS-Product-Ver: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-AS-Result: No-10-0.162000-8.000000 X-TMASE-MatchedRID: jFGZ1KSu+yPtAxjyNphE0lz+axQLnAVB5Y0kb0hqatw1LB46LFAAkpkC erFMaabiXQS0szagh4NSeVWfRpnv1OG0fWP55EEGma6DzXaohvPJ5SXtoJPLyO0JEDP8WtN7rVb mNWMCsmqzR95c6Z6Roe1oMOv2nr2N0H/zLeBgX28SDAzxRL+lMVg3VqSTJ7SoYdn5x3tXIpeSLr afNpSUmkpqm9YsoMoIEAhIuZPp0MQfE8yM4pjsDzXJPZYaymc4xEHRux+uk8gVPU8Gz4xVjZgtw ixx9AosTJt/087qXILnCRyFIAHTrUDilNfZzLJbW496KV7WSvGDSsK68ZB5JuO5WhTxlk3SeI9M zgCvEUcpDHQ3eKOza7W994ja5xiQ8jae4OD13tAV7Mc+rowcVKtX/F0pBwVJjSV5hDFby7aYnYB 3Lm7XsQ== X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10-0.162000-8.000000 X-TMASE-Version: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-SNTS-SMTP: DCCFB0A26993BC3E487D177E281AF68FA8257BAA72E1133602723C55C68896A82000:8 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:47:16 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042557555014439 X-GMAIL-MSGID: 1785042557555014439 Initialize a secure heap. Currently just add a null heap, Prepare for the later patches. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/Kconfig | 6 +++ drivers/dma-buf/heaps/Makefile | 1 + drivers/dma-buf/heaps/secure_heap.c | 67 +++++++++++++++++++++++++++++ drivers/dma-buf/heaps/secure_heap.h | 22 ++++++++++ 4 files changed, 96 insertions(+) create mode 100644 drivers/dma-buf/heaps/secure_heap.c create mode 100644 drivers/dma-buf/heaps/secure_heap.h diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig index a5eef06c4226..3a9943e94200 100644 --- a/drivers/dma-buf/heaps/Kconfig +++ b/drivers/dma-buf/heaps/Kconfig @@ -12,3 +12,9 @@ config DMABUF_HEAPS_CMA Choose this option to enable dma-buf CMA heap. This heap is backed by the Contiguous Memory Allocator (CMA). If your system has these regions, you should say Y here. + +config DMABUF_HEAPS_SECURE + bool "DMA-BUF Secure Heap" + depends on DMABUF_HEAPS + help + Choose this option to enable dma-buf secure heap. If in doubt, say N. diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile index 974467791032..b1ad9d1f2fbe 100644 --- a/drivers/dma-buf/heaps/Makefile +++ b/drivers/dma-buf/heaps/Makefile @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0 +obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c new file mode 100644 index 000000000000..e087da5638aa --- /dev/null +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * DMABUF secure heap exporter + * + * Copyright (C) 2023 MediaTek Inc. + */ + +#include +#include +#include +#include + +#include "secure_heap.h" + +static struct dma_buf * +secure_heap_allocate(struct dma_heap *heap, unsigned long size, + unsigned long fd_flags, unsigned long heap_flags) +{ + struct secure_buffer *sec_buf; + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); + struct dma_buf *dmabuf; + int ret; + + sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL); + if (!sec_buf) + return ERR_PTR(-ENOMEM); + + sec_buf->size = ALIGN(size, PAGE_SIZE); + sec_buf->heap = heap; + + exp_info.exp_name = dma_heap_get_name(heap); + exp_info.size = sec_buf->size; + exp_info.flags = fd_flags; + exp_info.priv = sec_buf; + + dmabuf = dma_buf_export(&exp_info); + if (IS_ERR(dmabuf)) { + ret = PTR_ERR(dmabuf); + goto err_free_buf; + } + + return dmabuf; + +err_free_buf: + kfree(sec_buf); + return ERR_PTR(ret); +} + +static const struct dma_heap_ops sec_heap_ops = { + .allocate = secure_heap_allocate, +}; + +int secure_heap_add(struct secure_heap *sec_heap) +{ + struct dma_heap_export_info exp_info; + struct dma_heap *heap; + + exp_info.name = sec_heap->name; + exp_info.ops = &sec_heap_ops; + exp_info.priv = (void *)sec_heap; + + heap = dma_heap_add(&exp_info); + if (IS_ERR(heap)) + return PTR_ERR(heap); + return 0; +} +EXPORT_SYMBOL_GPL(secure_heap_add); diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h new file mode 100644 index 000000000000..50733dc6d4db --- /dev/null +++ b/drivers/dma-buf/heaps/secure_heap.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Secure heap Header. + * + * Copyright (C) 2023 MediaTek, Inc. + */ + +#ifndef _DMABUF_SECURE_HEAP_H_ +#define _DMABUF_SECURE_HEAP_H_ + +struct secure_buffer { + struct dma_heap *heap; + size_t size; +}; + +struct secure_heap { + const char *name; +}; + +int secure_heap_add(struct secure_heap *sec_heap); + +#endif From patchwork Tue Dec 12 02:46:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177054 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475334vqy; Mon, 11 Dec 2023 18:47:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IHGdayHDe0UTgdC2S5oXPV1FQ9kfQEP7tx+B/gL7JZYxrxHIUzTFFoTnnGsWlxinGvVIIKB X-Received: by 2002:a0d:c642:0:b0:5d7:1941:ac8 with SMTP id i63-20020a0dc642000000b005d719410ac8mr4084318ywd.99.1702349238583; Mon, 11 Dec 2023 18:47:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349238; cv=none; d=google.com; s=arc-20160816; b=znRKExh0GH3BdWV17sjy42sDhS9yuMBMavI4kOImYSKSz0ZuV4pkev2hOIKS90snKz 3qwpUPwjiMuFWxzIM34LT3BgaBrucBe4g8BFxh84mHwMczCI1SojJqrseDAfavIwmD6M ml84S50GE/6N2ENlE+/Un406bdVizLF0pG0IcUkXVhB3+KIivCNw7UUnSwMw7Z9jXXlN 2CqxmEhZcJB+sMYgqU39HWTpUERPvlENnKFXOlkaMaNbsabkVuv+EMxwDQGMcgAX9KDg STJO8ZH/K9MiBjoVZEueWvVWSAKkzp1R5eC11XdqLBpGeDvo+ZVMw0btNozR+ZEyvt7D StEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3V6024Solz4jQYx03PCU2DnkByw7fBKMpDmrnrFyUcU=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=VibT+8bMxSoGtL/nAKRvp6+CPRAfe60XdjuLHaKcDE394qPzVkxETUAcQutl41LP9h 0yDKFOxtLuiK/CbjIuEcdjtzgY/e2mO1SK4ebbZU4Qv/UhtvzFyaCzEbibp5oHy8M2Iz 5YuSRda5QoMkUaPtItW2V4cgLWsdHaU9tIpY1FG2iacDKHknM5P63iUuV6/FiZApjtp3 KGAQaOau0aTw9yAMJbTAzMzMFeSIrjsIXWYDGUT1CgZ3aIceQSReIJ//XsRzABbQiQZs snrTH2IOOQtxmMCYkn4dDUQLPB16Ydx4hpSLYs+yH+zC5hla4O68wxVurU1SYoysnj3d 8cRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=pOmEvuXo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id g14-20020a1709029f8e00b001d0522c0778si6822365plq.641.2023.12.11.18.47.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:47:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=pOmEvuXo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 238A580D0CAE; Mon, 11 Dec 2023 18:47:16 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345754AbjLLCrH (ORCPT + 99 others); Mon, 11 Dec 2023 21:47:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235004AbjLLCrE (ORCPT ); Mon, 11 Dec 2023 21:47:04 -0500 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B16112B; Mon, 11 Dec 2023 18:47:04 -0800 (PST) X-UUID: b6c73d96989811eeba30773df0976c77-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=3V6024Solz4jQYx03PCU2DnkByw7fBKMpDmrnrFyUcU=; b=pOmEvuXoxChbJWuq92cRacJm0mAMVy3dBVGjYOxuxr1fwA6Ek6HOSlnaku5zgJV37qK1aLd3vtkQ/4jXQ+QFldwXBMNYRpsVW24D9Qzs71ch8w95iFsjWoGXVkLQz5xezE7Vb3KihPJ3L5Pdk6OJmLRsYas3xHfWyWwPU05Adg8=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:1c248f56-d357-4ed1-8361-6c3eb6df2ef2,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:5d391d7,CLOUDID:2fda8efd-4a48-46e2-b946-12f04f20af8c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: b6c73d96989811eeba30773df0976c77-20231212 Received: from mtkmbs11n2.mediatek.inc [(172.21.101.187)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 72758738; Tue, 12 Dec 2023 10:46:56 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n2.mediatek.inc (172.21.101.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:46:55 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:46:54 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 3/7] dma-buf: heaps: secure_heap: Add private heap ops Date: Tue, 12 Dec 2023 10:46:03 +0800 Message-ID: <20231212024607.3681-4-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:47:16 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042554883434118 X-GMAIL-MSGID: 1785042554883434118 Add "struct secure_heap_ops". For the secure memory, totally there are two steps: a) memory_alloc: Allocate the buffer in kernel; b) secure_the_memory: Secure/Proect that buffer. The memory_alloc is mandatory while secure_the_memory is optinal since it may be part of memory_alloc. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/secure_heap.c | 39 ++++++++++++++++++++++++++++- drivers/dma-buf/heaps/secure_heap.h | 11 ++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c index e087da5638aa..925cf8e1c7ce 100644 --- a/drivers/dma-buf/heaps/secure_heap.c +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -12,10 +12,42 @@ #include "secure_heap.h" +static int secure_heap_memory_allocate(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ + const struct secure_heap_ops *ops = sec_heap->ops; + int ret; + + ret = ops->memory_alloc(sec_heap, sec_buf); + if (ret) + return ret; + + if (ops->secure_the_memory) { + ret = ops->secure_the_memory(sec_heap, sec_buf); + if (ret) + goto sec_memory_free; + } + return 0; + +sec_memory_free: + ops->memory_free(sec_heap, sec_buf); + return ret; +} + +static void secure_heap_memory_free(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ + const struct secure_heap_ops *ops = sec_heap->ops; + + if (ops->unsecure_the_memory) + ops->unsecure_the_memory(sec_heap, sec_buf); + + ops->memory_free(sec_heap, sec_buf); +} + static struct dma_buf * secure_heap_allocate(struct dma_heap *heap, unsigned long size, unsigned long fd_flags, unsigned long heap_flags) { + struct secure_heap *sec_heap = dma_heap_get_drvdata(heap); struct secure_buffer *sec_buf; DEFINE_DMA_BUF_EXPORT_INFO(exp_info); struct dma_buf *dmabuf; @@ -28,6 +60,9 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size, sec_buf->size = ALIGN(size, PAGE_SIZE); sec_buf->heap = heap; + ret = secure_heap_memory_allocate(sec_heap, sec_buf); + if (ret) + goto err_free_buf; exp_info.exp_name = dma_heap_get_name(heap); exp_info.size = sec_buf->size; exp_info.flags = fd_flags; @@ -36,11 +71,13 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size, dmabuf = dma_buf_export(&exp_info); if (IS_ERR(dmabuf)) { ret = PTR_ERR(dmabuf); - goto err_free_buf; + goto err_free_sec_mem; } return dmabuf; +err_free_sec_mem: + secure_heap_memory_free(sec_heap, sec_buf); err_free_buf: kfree(sec_buf); return ERR_PTR(ret); diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h index 50733dc6d4db..ec5349cd28d0 100644 --- a/drivers/dma-buf/heaps/secure_heap.h +++ b/drivers/dma-buf/heaps/secure_heap.h @@ -15,6 +15,17 @@ struct secure_buffer { struct secure_heap { const char *name; + + const struct secure_heap_ops *ops; +}; + +struct secure_heap_ops { + int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); + void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); + + /* Protect/unprotect the memory */ + int (*secure_the_memory)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); + void (*unsecure_the_memory)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); }; int secure_heap_add(struct secure_heap *sec_heap); From patchwork Tue Dec 12 02:46:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177056 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475439vqy; Mon, 11 Dec 2023 18:47:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IFJHS97a5dmuFuICoMjMqab6szl8L9TtVOSiNPMRyVSF9LQX+J98F6FwIAVBV+93cAAWBmR X-Received: by 2002:a17:90b:e17:b0:286:9966:2ce7 with SMTP id ge23-20020a17090b0e1700b0028699662ce7mr4173666pjb.18.1702349259430; Mon, 11 Dec 2023 18:47:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349259; cv=none; d=google.com; s=arc-20160816; b=OquPvEDygrrc+cghG8ixj7yfGSPvYoFzGFe7r853CNHTwmy0nQhfjF0ARy7JVPOG3C ivo9Sl6y6DMs499ZhUbYPuu8VgHZlkogOp0TzQT4buh89P+HjOyyZdQiorl1c7UgsM7y 4L/rM+7uIxY3Sd6vC9jupgx/89pKzQPuWiLOvPJ0atiOwsgue2+Nig6evG9Axx1fqODs mOd5M3DxtOxlfpkwuQJ30GI9GRFb1Kiyb4sHYyJapvsZTh5IS3Jn64y7ucB9yzd99Hlx dQgN9GiVPLPGivKM5jAKL1WkyzX0Mg8DQvsPiHgPR+f1BV+7BquKzp56pK/zieh0yjfd BUZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XaRVYF8RVa6s7Wemh4dazulTChOg4lLt+vsRrGuQUj4=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=Akf+TE21vomg8NZsZr2KjQnCkBzbZwcKndd/x6z0yHby6CNy91/5rulumwbm4JdmsG tnqJ5hte3Qb7WzeoOD7ueRgJVI02QmVRjKM5hEYoEUxkcLrrf/cOrU/hNgBq6vWBi1Pt juv0pKX81boxOs6aoEtCLZsgr8rdO0gjGZTjZcNahG6F3TBqLI0FAfAxOEb1dtglg/ho C04tgopMxUIbKta/cvINhH4IC9QfESJqDGFTiGIiHpolUwrFxwe2rXTJ0eOR9Yv8vjdz qOZBU6BUv1HyeKkBBfE2p2kSxXAWxF2DncZo1xARxhUbNQwMojhXIQndp6eMNcAAmDfw s11Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=BFB+oMIf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id qa1-20020a17090b4fc100b00288895dd81csi7352661pjb.59.2023.12.11.18.47.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:47:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=BFB+oMIf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 1E31B80D2919; Mon, 11 Dec 2023 18:47:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345785AbjLLCrO (ORCPT + 99 others); Mon, 11 Dec 2023 21:47:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47676 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345778AbjLLCrJ (ORCPT ); Mon, 11 Dec 2023 21:47:09 -0500 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1163C109; Mon, 11 Dec 2023 18:47:09 -0800 (PST) X-UUID: bbbcb8ee989811eea5db2bebc7c28f94-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=XaRVYF8RVa6s7Wemh4dazulTChOg4lLt+vsRrGuQUj4=; b=BFB+oMIf/BIzlTyrBdIqaKeXAF8d8xA8p7r4YsxvGraZAX8gpf/wAlQ0FFfh09HrfZauTeqJL5gflLE5kLNT0HAtvWdaiFgMkULWuAEwb0+sAdApCsQu5tObjZf+t0J4oSyHGb/w3d/Oho/iyKKad6zUn/fUgTzbEdTvJFAs1FE=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:52d011f7-fb57-4b15-a7b8-9409b9225b78,IP:0,U RL:0,TC:0,Content:-5,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:-5 X-CID-META: VersionHash:5d391d7,CLOUDID:1d87ad73-1bd3-4f48-b671-ada88705968c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: bbbcb8ee989811eea5db2bebc7c28f94-20231212 Received: from mtkmbs14n1.mediatek.inc [(172.21.101.75)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1573079492; Tue, 12 Dec 2023 10:47:04 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs11n2.mediatek.inc (172.21.101.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:47:03 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:47:02 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 4/7] dma-buf: heaps: secure_heap: Add dma_ops Date: Tue, 12 Dec 2023 10:46:04 +0800 Message-ID: <20231212024607.3681-5-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:47:37 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042577372381191 X-GMAIL-MSGID: 1785042577372381191 Add the dma_ops for this secure heap. For secure buffer, cache_ops/mmap are not allowed, thus return EPERM for them. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/secure_heap.c | 103 ++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c index 925cf8e1c7ce..7cb4db3e55c2 100644 --- a/drivers/dma-buf/heaps/secure_heap.c +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -12,6 +12,10 @@ #include "secure_heap.h" +struct secure_heap_attachment { + struct sg_table *table; +}; + static int secure_heap_memory_allocate(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) { const struct secure_heap_ops *ops = sec_heap->ops; @@ -43,6 +47,104 @@ static void secure_heap_memory_free(struct secure_heap *sec_heap, struct secure_ ops->memory_free(sec_heap, sec_buf); } +static int secure_heap_attach(struct dma_buf *dmabuf, struct dma_buf_attachment *attachment) +{ + struct secure_buffer *sec_buf = dmabuf->priv; + struct secure_heap_attachment *a; + struct sg_table *table; + int ret; + + a = kzalloc(sizeof(*a), GFP_KERNEL); + if (!a) + return -ENOMEM; + + table = kzalloc(sizeof(*table), GFP_KERNEL); + if (!table) { + ret = -ENOMEM; + goto err_free_attach; + } + + ret = sg_alloc_table(table, 1, GFP_KERNEL); + if (ret) + goto err_free_sgt; + sg_set_page(table->sgl, NULL, sec_buf->size, 0); + + a->table = table; + attachment->priv = a; + + return 0; + +err_free_sgt: + kfree(table); +err_free_attach: + kfree(a); + return ret; +} + +static void secure_heap_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attachment) +{ + struct secure_heap_attachment *a = attachment->priv; + + sg_free_table(a->table); + kfree(a->table); + kfree(a); +} + +static struct sg_table * +secure_heap_map_dma_buf(struct dma_buf_attachment *attachment, enum dma_data_direction direction) +{ + struct secure_heap_attachment *a = attachment->priv; + struct sg_table *table = a->table; + + return table; +} + +static void +secure_heap_unmap_dma_buf(struct dma_buf_attachment *attachment, struct sg_table *table, + enum dma_data_direction direction) +{ + struct secure_heap_attachment *a = attachment->priv; + + WARN_ON(a->table != table); +} + +static int +secure_heap_dma_buf_begin_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) +{ + return -EPERM; +} + +static int +secure_heap_dma_buf_end_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) +{ + return -EPERM; +} + +static int secure_heap_dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) +{ + return -EPERM; +} + +static void secure_heap_free(struct dma_buf *dmabuf) +{ + struct secure_buffer *sec_buf = dmabuf->priv; + struct secure_heap *sec_heap = dma_heap_get_drvdata(sec_buf->heap); + + secure_heap_memory_free(sec_heap, sec_buf); + kfree(sec_buf); +} + +static const struct dma_buf_ops sec_heap_buf_ops = { + .attach = secure_heap_attach, + .detach = secure_heap_detach, + .map_dma_buf = secure_heap_map_dma_buf, + .unmap_dma_buf = secure_heap_unmap_dma_buf, + .begin_cpu_access = secure_heap_dma_buf_begin_cpu_access, + .end_cpu_access = secure_heap_dma_buf_end_cpu_access, + .mmap = secure_heap_dma_buf_mmap, + .release = secure_heap_free, +}; + static struct dma_buf * secure_heap_allocate(struct dma_heap *heap, unsigned long size, unsigned long fd_flags, unsigned long heap_flags) @@ -64,6 +166,7 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size, if (ret) goto err_free_buf; exp_info.exp_name = dma_heap_get_name(heap); + exp_info.ops = &sec_heap_buf_ops; exp_info.size = sec_buf->size; exp_info.flags = fd_flags; exp_info.priv = sec_buf; From patchwork Tue Dec 12 02:46:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177057 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475450vqy; Mon, 11 Dec 2023 18:47:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IF2aoWUg1Z/qJxuk0m324XbtwHsed109EMbEhV0qT8NNs8yTrbQspR6XvOda8NfgU4uzjLg X-Received: by 2002:a17:90a:c7cf:b0:286:b8a1:f1a2 with SMTP id gf15-20020a17090ac7cf00b00286b8a1f1a2mr2334354pjb.44.1702349261204; Mon, 11 Dec 2023 18:47:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349261; cv=none; d=google.com; s=arc-20160816; b=0eO4YKovZG6cH5HwgK60fGQH0wvJGaxMgAkY9wrnBUxXsJ9FYhBTv1lRcNjIrZC7ez vGkhsfK1Kworo0um/jZSKOAxIoupJ6xkGjJBQcNdJiBr2IpIEQy4FDfxLn4lO8Jkta6+ BPHo6Olm3nWhycUYXjp7uq3j0tM6aYZ3s92FSG6RlW5xc3p7t/mn5UpfmRN/vDKAX1Co GQ9giKcmODhPo0H73I+v+WVx7aoMfyS1pexqQ/spWxtKSe8DCoTwqkX0cqkZNp8Q5ULb /THBIVf04WcRLjb/3s24uNgCAVZ4l7CyfnQqAU36ebsIOF/eJC2iIzXI7EQ1xlr5SGHR j0XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2xDnkMnS/gVeWB6IKVWql10EZCtv+Nhi5DPLdCwJNmk=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=uVqm00R6jrYev0nrmMSU5Yh337/tG919tE4bYYOs3BaWIdNj3na2GfFoPcl84ALUUt cGbexPbXKzPb7thzKVjnuSj9BYt2qN1/3Rpogvkd3NLi1+yWOEupdI1AV2V3BYYgrhtg bzhiJ+Lahm1rGRuWGgW+f4BJLJHclSDcwksEg2DN4aXLOKcGOYdkeBiFAzUxxcnBDv0q BawCheHu9eEc16OwYlxqgxVX6/46HDExW+Ikx5tStwo1dpkQZ2GbGhWBQS3HXlSXu0RD v2uHyJZ2FHjOrlwy+UB9X7z7UHK/UzU2V/SMgfdUnORASkAvY1kTxZ4zQufkhwm5z9Wz C7tQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=sh2bXTBO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id d24-20020a17090ab31800b0028a9b910230si2161661pjr.116.2023.12.11.18.47.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:47:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=sh2bXTBO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 7082080C5C93; Mon, 11 Dec 2023 18:47:33 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235019AbjLLCrX (ORCPT + 99 others); Mon, 11 Dec 2023 21:47:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345809AbjLLCrP (ORCPT ); Mon, 11 Dec 2023 21:47:15 -0500 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E3F1EE; Mon, 11 Dec 2023 18:47:20 -0800 (PST) X-UUID: c26da6ee989811eeba30773df0976c77-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=2xDnkMnS/gVeWB6IKVWql10EZCtv+Nhi5DPLdCwJNmk=; b=sh2bXTBOzWpdQf/6rG8aWnNLyL3IplnD3RSZhYRyi2HJU07IHOBBLK3WXqIcmUWS848+N/3ekpxdQvgqCi+VTvCIotsh9IDPLZzSSsgfwJpFNwYpAW8hHEjrbwjDOccA9DXR0CxwEnjJ5vUjwKXw8IctwgbrCxPzG0PM4a2UnlE=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:27501b68-6419-4ee9-ac3d-7649c1d23de6,IP:0,U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:5d391d7,CLOUDID:af87ad73-1bd3-4f48-b671-ada88705968c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: c26da6ee989811eeba30773df0976c77-20231212 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1043107234; Tue, 12 Dec 2023 10:47:15 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n1.mediatek.inc (172.21.101.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:47:14 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:47:13 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init Date: Tue, 12 Dec 2023 10:46:05 +0800 Message-ID: <20231212024607.3681-6-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:47:33 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042578545748010 X-GMAIL-MSGID: 1785042578545748010 Add a Mediatek secure heap which uses TEE service call to protect buffer. Currently this secure heap is NULL, Prepare for the later patch. Mainly there are two changes: a) Add a heap_init ops since TEE probe late than secure heap, thus initialize the heap when we require the buffer the first time. b) Add a priv_data for each heap, like the special data used by MTK (such as "TEE session") can be placed in priv_data. Currently our heap depends on CMA which could only be bool, thus depend on "TEE=y". Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/Kconfig | 7 ++ drivers/dma-buf/heaps/Makefile | 1 + drivers/dma-buf/heaps/secure_heap.c | 11 +++ drivers/dma-buf/heaps/secure_heap.h | 4 + drivers/dma-buf/heaps/secure_heap_mtk.c | 114 ++++++++++++++++++++++++ 5 files changed, 137 insertions(+) create mode 100644 drivers/dma-buf/heaps/secure_heap_mtk.c diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig index 3a9943e94200..12962189878e 100644 --- a/drivers/dma-buf/heaps/Kconfig +++ b/drivers/dma-buf/heaps/Kconfig @@ -18,3 +18,10 @@ config DMABUF_HEAPS_SECURE depends on DMABUF_HEAPS help Choose this option to enable dma-buf secure heap. If in doubt, say N. + +config DMABUF_HEAPS_SECURE_MTK + bool "MediaTek DMA-BUF Secure Heap" + depends on DMABUF_HEAPS_SECURE && TEE=y + help + Enable secure dma-buf heaps for MediaTek platform. This heap is backed by + TEE client interfaces. If in doubt, say N. diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile index b1ad9d1f2fbe..9751dea345df 100644 --- a/drivers/dma-buf/heaps/Makefile +++ b/drivers/dma-buf/heaps/Makefile @@ -1,4 +1,5 @@ # SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o +obj-$(CONFIG_DMABUF_HEAPS_SECURE_MTK) += secure_heap_mtk.o obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c index 7cb4db3e55c2..ca4b433fb3f1 100644 --- a/drivers/dma-buf/heaps/secure_heap.c +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -150,11 +150,22 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size, unsigned long fd_flags, unsigned long heap_flags) { struct secure_heap *sec_heap = dma_heap_get_drvdata(heap); + const struct secure_heap_ops *ops = sec_heap->ops; struct secure_buffer *sec_buf; DEFINE_DMA_BUF_EXPORT_INFO(exp_info); struct dma_buf *dmabuf; int ret; + /* + * In some implements, TEE is required to protect buffer. However TEE probe + * may be late, Thus heap_init is performed when the first buffer is requested. + */ + if (ops->heap_init) { + ret = ops->heap_init(sec_heap); + if (ret) + return ERR_PTR(ret); + } + sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL); if (!sec_buf) return ERR_PTR(-ENOMEM); diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h index ec5349cd28d0..1ce9c431d989 100644 --- a/drivers/dma-buf/heaps/secure_heap.h +++ b/drivers/dma-buf/heaps/secure_heap.h @@ -17,9 +17,13 @@ struct secure_heap { const char *name; const struct secure_heap_ops *ops; + + void *priv_data; }; struct secure_heap_ops { + int (*heap_init)(struct secure_heap *sec_heap); + int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf); diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c new file mode 100644 index 000000000000..c7e609dd7bd3 --- /dev/null +++ b/drivers/dma-buf/heaps/secure_heap_mtk.c @@ -0,0 +1,114 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * DMABUF MediaTek secure heap exporter + * + * Copyright (C) 2023 MediaTek Inc. + */ +#include +#include +#include +#include +#include +#include + +#include "secure_heap.h" + +#define TZ_TA_MEM_UUID_MTK "4477588a-8476-11e2-ad15-e41f1390d676" + +#define TEE_PARAM_NUM 4 + +enum mtk_secure_mem_type { + /* + * MediaTek static chunk memory carved out for TrustZone. The memory + * management is inside the TEE. + */ + MTK_SECURE_MEMORY_TYPE_CM_TZ = 1, +}; + +struct mtk_secure_heap_data { + struct tee_context *tee_ctx; + u32 tee_session; + + const enum mtk_secure_mem_type mem_type; + +}; + +static int mtk_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + return ver->impl_id == TEE_IMPL_ID_OPTEE; +} + +static int mtk_tee_session_init(struct mtk_secure_heap_data *data) +{ + struct tee_param t_param[TEE_PARAM_NUM] = {0}; + struct tee_ioctl_open_session_arg arg = {0}; + uuid_t ta_mem_uuid; + int ret; + + data->tee_ctx = tee_client_open_context(NULL, mtk_tee_ctx_match, NULL, NULL); + if (IS_ERR(data->tee_ctx)) { + pr_err_once("%s: open context failed, ret=%ld\n", __func__, + PTR_ERR(data->tee_ctx)); + return -ENODEV; + } + + arg.num_params = TEE_PARAM_NUM; + arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC; + ret = uuid_parse(TZ_TA_MEM_UUID_MTK, &ta_mem_uuid); + if (ret) + goto close_context; + memcpy(&arg.uuid, &ta_mem_uuid.b, sizeof(ta_mem_uuid)); + + ret = tee_client_open_session(data->tee_ctx, &arg, t_param); + if (ret < 0 || arg.ret) { + pr_err_once("%s: open session failed, ret=%d:%d\n", + __func__, ret, arg.ret); + ret = -EINVAL; + goto close_context; + } + data->tee_session = arg.session; + return 0; + +close_context: + tee_client_close_context(data->tee_ctx); + return ret; +} + +static int mtk_secure_heap_init(struct secure_heap *sec_heap) +{ + struct mtk_secure_heap_data *data = sec_heap->priv_data; + + if (!data->tee_ctx) + return mtk_tee_session_init(data); + return 0; +} + +static const struct secure_heap_ops mtk_sec_mem_ops = { + .heap_init = mtk_secure_heap_init, +}; + +static struct mtk_secure_heap_data mtk_sec_heap_data = { + .mem_type = MTK_SECURE_MEMORY_TYPE_CM_TZ, +}; + +static struct secure_heap mtk_secure_heaps[] = { + { + .name = "secure_mtk_cm", + .ops = &mtk_sec_mem_ops, + .priv_data = &mtk_sec_heap_data, + }, +}; + +static int mtk_sec_heap_init(void) +{ + struct secure_heap *sec_heap = mtk_secure_heaps; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++) + secure_heap_add(sec_heap); + return 0; +} + +module_init(mtk_sec_heap_init); +MODULE_DESCRIPTION("MediaTek Secure Heap Driver"); +MODULE_LICENSE("GPL"); From patchwork Tue Dec 12 02:46:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177058 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475523vqy; Mon, 11 Dec 2023 18:47:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IEac3KMIG91lz13e4x9N7C5e0O3qGrj4Xqy6c5vL4qJ8kX2aBrNGqSRFJyJD3sbwlWEPn65 X-Received: by 2002:a9d:7e9a:0:b0:6d9:d8b1:c131 with SMTP id m26-20020a9d7e9a000000b006d9d8b1c131mr5400613otp.76.1702349277556; Mon, 11 Dec 2023 18:47:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349277; cv=none; d=google.com; s=arc-20160816; b=ouoF5sP0BISPWxdGh3pq1N1cNADd3AymcCqtuj00/HjxaV0HMOGuA1S4B1/lMwNvvE k2UGUHxaxdprg3lh33nMLbpw+WYFuaDr2aaNY61AXXLjYSZJZ6d7hydSdRKJ91R1Ik0q 4GPRhzrC0+xslWutJKsAupp++ExAUQGZq51Uzwf/pl1QrDY9u2dRyIoxEYecr98nj7lB mA5L+HuufxKxdOYYuNctdgbZo+m0FZFfHpcKQd4w35oR+iarOjU+Azm6fkCBWz4D74Q8 8QDNuwdhmJLvTbzKJ991YfD4vF6zfa/QDNO+DZ0Z4CG79eFAnvNFA9+X80NF4oqBW1OK 2LfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vwtS8L5iqxhbdUVvfvV1bHrAuc8ODHY3J4ZblLns0Jw=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=Y7UdZzsQA5S5cLwiwDFi7xcFKd2r0QbEQ3UJXSGdvGnk/5g2B5GmBCnl1NSHDeTWXu bpaRecEOZ6CNweObrkWzSHDFxhqWcKtICzA65X5byD8S73EoiKzTny2DX4bcJcPjXxLJ ZYvE+Fa1ULNOFnYrXrE02GSIfr+hxVlIR3t7BiaD97D6gDiyKWvpz6YIyn+ePfhPdXcl pvpc/mNeOhsuKURxwMgf3VL+yYM0E50LiIjhO3viaaC9tmB+5ULfdaEU/0mkKzJoASmv +r0Uv613EC8qVO+IRRZrWpid9bJeK6tbNMmoFZchA+uNP94Q0vlYs+7Fyhm4X4XcGSZn mXnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=Yb7vsKgS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id q4-20020a63e944000000b005c659dc546csi6966061pgj.24.2023.12.11.18.47.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:47:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=Yb7vsKgS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 7153E804E70F; Mon, 11 Dec 2023 18:47:56 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345708AbjLLCrg (ORCPT + 99 others); Mon, 11 Dec 2023 21:47:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234998AbjLLCrX (ORCPT ); Mon, 11 Dec 2023 21:47:23 -0500 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06D4A114; Mon, 11 Dec 2023 18:47:27 -0800 (PST) X-UUID: c7489822989811eea5db2bebc7c28f94-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=vwtS8L5iqxhbdUVvfvV1bHrAuc8ODHY3J4ZblLns0Jw=; b=Yb7vsKgSdQ2uePq+G51ovRnkSz6QIjpP499IqE1KjsveMB0+p0CaBqRjcs7yAkiXdX15z2mF4tAeSWLv5Mjoxk80pnUkhBrh6+KA4iOPbPqxDhAEG51uAjem/JWLoQc+jCXOMgVxSUQ64FAVXn8+jP5/T4VDn0iPuFTnxV5E35M=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:d89c0e66-f24b-4473-b9c5-2e9af2d0acf3,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:5d391d7,CLOUDID:97db8efd-4a48-46e2-b946-12f04f20af8c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: c7489822989811eea5db2bebc7c28f94-20231212 Received: from mtkmbs14n2.mediatek.inc [(172.21.101.76)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 2081418428; Tue, 12 Dec 2023 10:47:24 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs11n2.mediatek.inc (172.21.101.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:47:22 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:47:21 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 6/7] dma-buf: heaps: secure_heap_mtk: Add tee memory service call Date: Tue, 12 Dec 2023 10:46:06 +0800 Message-ID: <20231212024607.3681-7-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:47:56 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042595680463285 X-GMAIL-MSGID: 1785042595680463285 Add TEE service call for MediaTek heap. We have a limited number of hardware entries to protect memory, therefore we cannot protect memory arbitrarily, then our secure memory management is actually inside OPTEE. The kernel just tells the TEE what size I want and the TEE will return a "secure address". The secure_address is a reference to a secure buffer within TEE. We put it in the sg_dma_address, please see the comment in code. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/secure_heap.c | 16 +++++ drivers/dma-buf/heaps/secure_heap.h | 2 + drivers/dma-buf/heaps/secure_heap_mtk.c | 92 +++++++++++++++++++++++++ 3 files changed, 110 insertions(+) diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c index ca4b433fb3f1..e2b8b97ad4dc 100644 --- a/drivers/dma-buf/heaps/secure_heap.c +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -94,8 +94,22 @@ static struct sg_table * secure_heap_map_dma_buf(struct dma_buf_attachment *attachment, enum dma_data_direction direction) { struct secure_heap_attachment *a = attachment->priv; + struct dma_buf *dmabuf = attachment->dmabuf; + struct secure_buffer *sec_buf = dmabuf->priv; struct sg_table *table = a->table; + /* + * Technically dma_address refers to the address used by HW, But for secure buffer + * we don't know its dma_address in kernel, Instead, we only know its "secure handle". + * Thus use this property to save the "secure handle", and the user will use it to + * obtain the real address in secure world. + * + * Note: CONFIG_DMA_API_DEBUG requires it to be aligned with PAGE_SIZE. + */ + if (sec_buf->secure_address) { + sg_dma_address(table->sgl) = sec_buf->secure_address; + sg_dma_len(table->sgl) = sec_buf->size; + } return table; } @@ -106,6 +120,8 @@ secure_heap_unmap_dma_buf(struct dma_buf_attachment *attachment, struct sg_table struct secure_heap_attachment *a = attachment->priv; WARN_ON(a->table != table); + sg_dma_address(table->sgl) = 0; + sg_dma_len(table->sgl) = 0; } static int diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h index 1ce9c431d989..374fd276bdd7 100644 --- a/drivers/dma-buf/heaps/secure_heap.h +++ b/drivers/dma-buf/heaps/secure_heap.h @@ -11,6 +11,8 @@ struct secure_buffer { struct dma_heap *heap; size_t size; + + u64 secure_address; /* A reference to the buffer in the secure world */ }; struct secure_heap { diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c index c7e609dd7bd3..2c6aaeaf469f 100644 --- a/drivers/dma-buf/heaps/secure_heap_mtk.c +++ b/drivers/dma-buf/heaps/secure_heap_mtk.c @@ -25,6 +25,27 @@ enum mtk_secure_mem_type { MTK_SECURE_MEMORY_TYPE_CM_TZ = 1, }; +enum mtk_secure_buffer_tee_cmd { + /* + * Allocate the zeroed secure memory from TEE. + * + * [in] value[0].a: The buffer size. + * value[0].b: alignment. + * [in] value[1].a: enum mtk_secure_mem_type. + * [out] value[3].a: The secure handle. + */ + MTK_TZCMD_SECMEM_ZALLOC = 0x10000, /* MTK TEE Command ID Base */ + + /* + * Free secure memory. + * + * [in] value[0].a: The secure handle of this buffer, It's value[3].a of + * MTK_TZCMD_SECMEM_ZALLOC. + * [out] value[1].a: return value, 0 means successful, otherwise fail. + */ + MTK_TZCMD_SECMEM_FREE = 0x10001, +}; + struct mtk_secure_heap_data { struct tee_context *tee_ctx; u32 tee_session; @@ -74,6 +95,73 @@ static int mtk_tee_session_init(struct mtk_secure_heap_data *data) return ret; } +static int +mtk_tee_service_call(struct tee_context *tee_ctx, u32 session, + unsigned int command, struct tee_param *params) +{ + struct tee_ioctl_invoke_arg arg = {0}; + int ret; + + arg.num_params = TEE_PARAM_NUM; + arg.session = session; + arg.func = command; + + ret = tee_client_invoke_func(tee_ctx, &arg, params); + if (ret < 0 || arg.ret) { + pr_err("%s: cmd %d ret %d:%x.\n", __func__, command, ret, arg.ret); + ret = -EOPNOTSUPP; + } + return ret; +} + +static int mtk_tee_secure_memory(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ + struct mtk_secure_heap_data *data = sec_heap->priv_data; + struct tee_param params[TEE_PARAM_NUM] = {0}; + int ret; + + params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[0].u.value.a = sec_buf->size; + params[0].u.value.b = PAGE_SIZE; + params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[1].u.value.a = data->mem_type; + params[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[3].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + ret = mtk_tee_service_call(data->tee_ctx, data->tee_session, + MTK_TZCMD_SECMEM_ZALLOC, params); + if (ret) + return -ENOMEM; + + sec_buf->secure_address = params[3].u.value.a; + return 0; +} + +static void mtk_tee_unsecure_memory(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ + struct mtk_secure_heap_data *data = sec_heap->priv_data; + struct tee_param params[TEE_PARAM_NUM] = {0}; + + params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[0].u.value.a = sec_buf->secure_address; + params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + mtk_tee_service_call(data->tee_ctx, data->tee_session, + MTK_TZCMD_SECMEM_FREE, params); + if (params[1].u.value.a) + pr_err("%s, unsecure buffer(0x%llx) fail(%lld) from TEE.\n", + sec_heap->name, sec_buf->secure_address, params[1].u.value.a); +} + +static int mtk_secure_memory_allocate(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ + /* The memory allocating is within the TEE. */ + return 0; +} + +static void mtk_secure_memory_free(struct secure_heap *sec_heap, struct secure_buffer *sec_buf) +{ +} + static int mtk_secure_heap_init(struct secure_heap *sec_heap) { struct mtk_secure_heap_data *data = sec_heap->priv_data; @@ -85,6 +173,10 @@ static int mtk_secure_heap_init(struct secure_heap *sec_heap) static const struct secure_heap_ops mtk_sec_mem_ops = { .heap_init = mtk_secure_heap_init, + .memory_alloc = mtk_secure_memory_allocate, + .memory_free = mtk_secure_memory_free, + .secure_the_memory = mtk_tee_secure_memory, + .unsecure_the_memory = mtk_tee_unsecure_memory, }; static struct mtk_secure_heap_data mtk_sec_heap_data = { From patchwork Tue Dec 12 02:46:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Wu X-Patchwork-Id: 177059 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7475577vqy; Mon, 11 Dec 2023 18:48:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IFp4PaCFb7/ctG4wJQ3gO6reerb1LpfBsLwsG646tZ0mL9k7OgU/NyhSTpnPD02jf4l86bZ X-Received: by 2002:a17:90a:1341:b0:286:6cd8:ef19 with SMTP id y1-20020a17090a134100b002866cd8ef19mr6647442pjf.49.1702349287474; Mon, 11 Dec 2023 18:48:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702349287; cv=none; d=google.com; s=arc-20160816; b=aVEJLxE1rhGXws9VFXZu3WqowXTXve52EUvE7QdTlOAGhnWYddb7R4kcgVO3R6GQTD fVHlkTScvAWje2fHKe/p1kYsv5BLSSByoOf6y6ty6tR1XdVEtTtAiUDnZ01g3+z7mqVU QqQ9BAxkHVA9UiK6S6Q+3NTm1VbVG5XimMQDdYYR+YZJhIPY/MWaD3RkfKnDza1i51wC D07U3JsO4xEoA0nvP6wNhe9k8x7YV8wPGuNM1oIny0hVgGBdEgqtHal1JiUHnKFlhPyM pYXhuwTLqPzxLcZKTnkay2+kOeMehu6/f9dV9a3VuUaLKzPuhlkc904665BD1vqM7P8Q cr5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rtUejzwvIPotNfGLjhuGc1HEgpLh9vDQzrSPNUvf5vQ=; fh=OWZGSeDk0Aqy44JQD4a9BiWeZfTHmrW0DBRG2LLmKkg=; b=f2prweUSnHOltWCe+DVZZLM7sG2E3Cg1ymcbQ6V7fAN4cMtrXqa3USNBjK1tpMCQU0 +O2sGLaQsrkW4/jgmBfObtgz7abmvX8k50pxAk+hMpD5vu4HuXF3JPBm+aCBkE7pgbhM yhFL/kcmW4KU26wQQDmJzzQIZktISl2KnYKL0tiBzZiLv0eLWO7kF4HSfWLfNlXVbcLo NRdXA08cUr+++z+TaxXf+ePZ0pblRg+42QcfqS7Q1iu9jCCKgDtI0vLcw9FU3SKMK8A+ /l1X5vkVsFJMmFtzeBcvwuEDJ4Xlz+9RrgsIrr3P3hec2TRUFQBbI2IRgqchkS5CDk3z r4BA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=k0IYPNrb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id k5-20020a170902c40500b001d2eb1a4f12si7123780plk.233.2023.12.11.18.48.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 18:48:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=k0IYPNrb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 63BB8809F3A1; Mon, 11 Dec 2023 18:48:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235033AbjLLCrx (ORCPT + 99 others); Mon, 11 Dec 2023 21:47:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345785AbjLLCrj (ORCPT ); Mon, 11 Dec 2023 21:47:39 -0500 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E24DF2; Mon, 11 Dec 2023 18:47:42 -0800 (PST) X-UUID: ce307df8989811eeba30773df0976c77-20231212 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=rtUejzwvIPotNfGLjhuGc1HEgpLh9vDQzrSPNUvf5vQ=; b=k0IYPNrbGrJReCD4oJFKlsjFvLywDC4MKkkfkPZXDTNjw/vAz9rwfmaKCzzzU3b8amKK3SCd1lOhAZS1dU7WKc2ns4A71uvc3Fx5eK4KwA9srsigUNJSbDqlJRE6z4FEAwhUH5Lj7Atk5edjAV8u5G2UGoo6NQE7/dGmG9zhFrI=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:f274b442-b30d-493c-ab24-615bd2ecfd80,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:5d391d7,CLOUDID:1d5d10bd-2ac7-4da2-9f94-677a477649d9,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: ce307df8989811eeba30773df0976c77-20231212 Received: from mtkmbs14n1.mediatek.inc [(172.21.101.75)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1455109051; Tue, 12 Dec 2023 10:47:35 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n1.mediatek.inc (172.21.101.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 12 Dec 2023 10:47:34 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 12 Dec 2023 10:47:33 +0800 From: Yong Wu To: Rob Herring , Sumit Semwal , , Matthias Brugger CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , , , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Nicolas Dufresne , Subject: [PATCH v3 7/7] dma_buf: heaps: secure_heap_mtk: Add a new CMA heap Date: Tue, 12 Dec 2023 10:46:07 +0800 Message-ID: <20231212024607.3681-8-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231212024607.3681-1-yong.wu@mediatek.com> References: <20231212024607.3681-1-yong.wu@mediatek.com> MIME-Version: 1.0 X-MTK: N X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 11 Dec 2023 18:48:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785042606452578233 X-GMAIL-MSGID: 1785042606452578233 Create a new MediaTek CMA heap from the CMA reserved buffer. In this heap, When the first allocating buffer, use cma_alloc to prepare whole the CMA range, then send its range to TEE to protect and manage. For the later allocating, we just adds the cma_used_size. When SVP done, cma_release will release the buffer, then kernel may reuse it. For the "CMA" secure heap, "struct cma *cma" is a common property, not just for MediaTek, so put it into "struct secure_heap" instead of our private data. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/Kconfig | 2 +- drivers/dma-buf/heaps/secure_heap.h | 4 + drivers/dma-buf/heaps/secure_heap_mtk.c | 119 +++++++++++++++++++++++- 3 files changed, 122 insertions(+), 3 deletions(-) diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig index 12962189878e..f117d91a0a9d 100644 --- a/drivers/dma-buf/heaps/Kconfig +++ b/drivers/dma-buf/heaps/Kconfig @@ -21,7 +21,7 @@ config DMABUF_HEAPS_SECURE config DMABUF_HEAPS_SECURE_MTK bool "MediaTek DMA-BUF Secure Heap" - depends on DMABUF_HEAPS_SECURE && TEE=y + depends on DMABUF_HEAPS_SECURE && DMA_CMA && TEE=y help Enable secure dma-buf heaps for MediaTek platform. This heap is backed by TEE client interfaces. If in doubt, say N. diff --git a/drivers/dma-buf/heaps/secure_heap.h b/drivers/dma-buf/heaps/secure_heap.h index 374fd276bdd7..9f80edcd3e1f 100644 --- a/drivers/dma-buf/heaps/secure_heap.h +++ b/drivers/dma-buf/heaps/secure_heap.h @@ -20,6 +20,10 @@ struct secure_heap { const struct secure_heap_ops *ops; + struct cma *cma; + unsigned long cma_paddr; + unsigned long cma_size; + void *priv_data; }; diff --git a/drivers/dma-buf/heaps/secure_heap_mtk.c b/drivers/dma-buf/heaps/secure_heap_mtk.c index 2c6aaeaf469f..58148120f4ed 100644 --- a/drivers/dma-buf/heaps/secure_heap_mtk.c +++ b/drivers/dma-buf/heaps/secure_heap_mtk.c @@ -4,9 +4,11 @@ * * Copyright (C) 2023 MediaTek Inc. */ +#include #include #include #include +#include #include #include #include @@ -23,6 +25,13 @@ enum mtk_secure_mem_type { * management is inside the TEE. */ MTK_SECURE_MEMORY_TYPE_CM_TZ = 1, + /* + * MediaTek dynamic chunk memory carved out from CMA. + * In normal case, the CMA could be used in kernel; When SVP start, we will + * allocate whole this CMA and pass whole the CMA PA and size into TEE to + * protect it, then the detail memory management also is inside the TEE. + */ + MTK_SECURE_MEMORY_TYPE_CM_CMA = 2, }; enum mtk_secure_buffer_tee_cmd { @@ -32,6 +41,8 @@ enum mtk_secure_buffer_tee_cmd { * [in] value[0].a: The buffer size. * value[0].b: alignment. * [in] value[1].a: enum mtk_secure_mem_type. + * [in] value[2].a: pa base in cma case. + * value[2].b: The buffer size in cma case. * [out] value[3].a: The secure handle. */ MTK_TZCMD_SECMEM_ZALLOC = 0x10000, /* MTK TEE Command ID Base */ @@ -52,6 +63,9 @@ struct mtk_secure_heap_data { const enum mtk_secure_mem_type mem_type; + struct page *cma_page; + unsigned long cma_used_size; + struct mutex lock; /* lock for cma_used_size */ }; static int mtk_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) @@ -126,6 +140,10 @@ static int mtk_tee_secure_memory(struct secure_heap *sec_heap, struct secure_buf params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; params[1].u.value.a = data->mem_type; params[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + if (sec_heap->cma && data->mem_type == MTK_SECURE_MEMORY_TYPE_CM_CMA) { + params[2].u.value.a = sec_heap->cma_paddr; + params[2].u.value.b = sec_heap->cma_size; + } params[3].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; ret = mtk_tee_service_call(data->tee_ctx, data->tee_session, MTK_TZCMD_SECMEM_ZALLOC, params); @@ -162,6 +180,48 @@ static void mtk_secure_memory_free(struct secure_heap *sec_heap, struct secure_b { } +static int mtk_secure_memory_cma_allocate(struct secure_heap *sec_heap, + struct secure_buffer *sec_buf) +{ + struct mtk_secure_heap_data *data = sec_heap->priv_data; + int ret = 0; + /* + * Allocate CMA only when allocating buffer for the first time, and just + * increase cma_used_size at the other time, Actually the memory + * allocating is within the TEE. + */ + mutex_lock(&data->lock); + if (!data->cma_used_size) { + data->cma_page = cma_alloc(sec_heap->cma, sec_heap->cma_size >> PAGE_SHIFT, + get_order(PAGE_SIZE), false); + if (!data->cma_page) { + ret = -ENOMEM; + goto out_unlock; + } + } else if (data->cma_used_size + sec_buf->size > sec_heap->cma_size) { + ret = -EINVAL; + goto out_unlock; + } + data->cma_used_size += sec_buf->size; + +out_unlock: + mutex_unlock(&data->lock); + return ret; +} + +static void mtk_secure_memory_cma_free(struct secure_heap *sec_heap, + struct secure_buffer *sec_buf) +{ + struct mtk_secure_heap_data *data = sec_heap->priv_data; + + mutex_lock(&data->lock); + data->cma_used_size -= sec_buf->size; + if (!data->cma_used_size) + cma_release(sec_heap->cma, data->cma_page, + sec_heap->cma_size >> PAGE_SHIFT); + mutex_unlock(&data->lock); +} + static int mtk_secure_heap_init(struct secure_heap *sec_heap) { struct mtk_secure_heap_data *data = sec_heap->priv_data; @@ -183,21 +243,76 @@ static struct mtk_secure_heap_data mtk_sec_heap_data = { .mem_type = MTK_SECURE_MEMORY_TYPE_CM_TZ, }; +static const struct secure_heap_ops mtk_sec_mem_ops_cma = { + .heap_init = mtk_secure_heap_init, + .memory_alloc = mtk_secure_memory_cma_allocate, + .memory_free = mtk_secure_memory_cma_free, + .secure_the_memory = mtk_tee_secure_memory, + .unsecure_the_memory = mtk_tee_unsecure_memory, +}; + +static struct mtk_secure_heap_data mtk_sec_heap_data_cma = { + .mem_type = MTK_SECURE_MEMORY_TYPE_CM_CMA, +}; + static struct secure_heap mtk_secure_heaps[] = { { .name = "secure_mtk_cm", .ops = &mtk_sec_mem_ops, .priv_data = &mtk_sec_heap_data, }, + { + .name = "secure_mtk_cma", + .ops = &mtk_sec_mem_ops_cma, + .priv_data = &mtk_sec_heap_data_cma, + }, }; +static int __init mtk_secure_cma_init(struct reserved_mem *rmem) +{ + struct mtk_secure_heap_data *data; + struct secure_heap *sec_heap = mtk_secure_heaps, *sec_heap_cma = NULL; + struct cma *sec_cma; + int ret, i; + + for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++) { + data = sec_heap->priv_data; + if (data->mem_type == MTK_SECURE_MEMORY_TYPE_CM_CMA) { + sec_heap_cma = sec_heap; + break; + } + } + if (!sec_heap_cma) + return -EINVAL; + + ret = cma_init_reserved_mem(rmem->base, rmem->size, 0, rmem->name, + &sec_cma); + if (ret) { + pr_err("%s: %s set up CMA fail\n", __func__, rmem->name); + return ret; + } + + sec_heap_cma->cma = sec_cma; + sec_heap_cma->cma_paddr = rmem->base; + sec_heap_cma->cma_size = rmem->size; + return 0; +} + +RESERVEDMEM_OF_DECLARE(secure_cma, "mediatek,dynamic-secure-region", mtk_secure_cma_init); + static int mtk_sec_heap_init(void) { struct secure_heap *sec_heap = mtk_secure_heaps; + struct mtk_secure_heap_data *data; unsigned int i; - for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++) - secure_heap_add(sec_heap); + for (i = 0; i < ARRAY_SIZE(mtk_secure_heaps); i++, sec_heap++) { + data = sec_heap->priv_data; + if (data->mem_type == MTK_SECURE_MEMORY_TYPE_CM_CMA && !sec_heap->cma) + continue; + if (!secure_heap_add(sec_heap)) + mutex_init(&data->lock); + } return 0; }