From: Sumit Garg <sumit.garg@kernel.org>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
op-tee@lists.trustedfirmware.org,
linux-arm-kernel@lists.infradead.org,
"Olivier Masse" <olivier.masse@nxp.com>,
"Thierry Reding" <thierry.reding@gmail.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Brian Starkey" <Brian.Starkey@arm.com>,
"John Stultz" <jstultz@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Matthias Brugger" <matthias.bgg@gmail.com>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
azarrabi@qti.qualcomm.com,
"Simona Vetter" <simona.vetter@ffwll.ch>,
"Daniel Stone" <daniel@fooishbar.org>,
"Rouven Czerwinski" <rouven.czerwinski@linaro.org>
Subject: Re: [PATCH v9 9/9] optee: smc abi: dynamic protected memory allocation
Date: Mon, 26 May 2025 13:43:41 +0530 [thread overview]
Message-ID: <aDQitSd27Z4qC0xT@sumit-X1> (raw)
In-Reply-To: <20250520152436.474778-10-jens.wiklander@linaro.org>
On Tue, May 20, 2025 at 05:16:52PM +0200, Jens Wiklander wrote:
> Add support in the OP-TEE backend driver for dynamic protected memory
> allocation using the SMC ABI.
>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
> drivers/tee/optee/smc_abi.c | 102 ++++++++++++++++++++++++++++++------
> 1 file changed, 85 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
> index f3cae8243785..6b3fbe7f0909 100644
> --- a/drivers/tee/optee/smc_abi.c
> +++ b/drivers/tee/optee/smc_abi.c
> @@ -965,6 +965,70 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx,
> return rc;
> }
>
> +static int optee_smc_lend_protmem(struct optee *optee, struct tee_shm *protmem,
> + u16 *end_points, unsigned int ep_count,
> + u32 use_case)
> +{
> + struct optee_shm_arg_entry *entry;
> + struct optee_msg_arg *msg_arg;
> + struct tee_shm *shm;
> + u_int offs;
> + int rc;
> +
> + msg_arg = optee_get_msg_arg(optee->ctx, 2, &entry, &shm, &offs);
> + if (IS_ERR(msg_arg))
> + return PTR_ERR(msg_arg);
> +
> + msg_arg->cmd = OPTEE_MSG_CMD_LEND_PROTMEM;
> + msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT;
> + msg_arg->params[0].u.value.a = use_case;
> + msg_arg->params[1].attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT;
> + msg_arg->params[1].u.tmem.buf_ptr = protmem->paddr;
> + msg_arg->params[1].u.tmem.size = protmem->size;
> + msg_arg->params[1].u.tmem.shm_ref = (u_long)protmem;
> +
> + rc = optee->ops->do_call_with_arg(optee->ctx, shm, offs, false);
> + if (rc)
> + goto out;
> + if (msg_arg->ret != TEEC_SUCCESS) {
> + rc = -EINVAL;
> + goto out;
> + }
> + protmem->sec_world_id = (u_long)protmem;
> +
> +out:
> + optee_free_msg_arg(optee->ctx, entry, offs);
> + return rc;
> +}
> +
> +static int optee_smc_reclaim_protmem(struct optee *optee,
> + struct tee_shm *protmem)
> +{
> + struct optee_shm_arg_entry *entry;
> + struct optee_msg_arg *msg_arg;
> + struct tee_shm *shm;
> + u_int offs;
> + int rc;
> +
> + msg_arg = optee_get_msg_arg(optee->ctx, 1, &entry, &shm, &offs);
> + if (IS_ERR(msg_arg))
> + return PTR_ERR(msg_arg);
> +
> + msg_arg->cmd = OPTEE_MSG_CMD_RECLAIM_PROTMEM;
> + msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT;
> + msg_arg->params[0].u.rmem.shm_ref = (u_long)protmem;
> +
> + rc = optee->ops->do_call_with_arg(optee->ctx, shm, offs, false);
> + if (rc)
> + goto out;
> + if (msg_arg->ret != TEEC_SUCCESS)
> + rc = -EINVAL;
> +
> +out:
> + optee_free_msg_arg(optee->ctx, entry, offs);
> + return rc;
> +}
> +
> /*
> * 5. Asynchronous notification
> */
> @@ -1216,6 +1280,8 @@ static const struct optee_ops optee_ops = {
> .do_call_with_arg = optee_smc_do_call_with_arg,
> .to_msg_param = optee_to_msg_param,
> .from_msg_param = optee_from_msg_param,
> + .lend_protmem = optee_smc_lend_protmem,
> + .reclaim_protmem = optee_smc_reclaim_protmem,
> };
>
> static int enable_async_notif(optee_invoke_fn *invoke_fn)
> @@ -1586,11 +1652,14 @@ static inline int optee_load_fw(struct platform_device *pdev,
>
> static int optee_protmem_pool_init(struct optee *optee)
> {
> + bool protm = optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM;
> + bool dyn_protm = optee->smc.sec_caps &
> + OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM;
> enum tee_dma_heap_id heap_id = TEE_DMA_HEAP_SECURE_VIDEO_PLAY;
> - struct tee_protmem_pool *pool;
> - int rc;
> + struct tee_protmem_pool *pool = ERR_PTR(-EINVAL);
> + int rc = -EINVAL;
>
> - if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM) {
> + if (protm) {
> union {
> struct arm_smccc_res smccc;
> struct optee_smc_get_protmem_config_result result;
> @@ -1598,26 +1667,26 @@ static int optee_protmem_pool_init(struct optee *optee)
>
> optee->smc.invoke_fn(OPTEE_SMC_GET_PROTMEM_CONFIG, 0, 0, 0, 0,
> 0, 0, 0, &res.smccc);
> - if (res.result.status != OPTEE_SMC_RETURN_OK) {
> - pr_err("Secure Data Path service not available\n");
> - return 0;
> - }
> - rc = optee_set_dma_mask(optee, res.result.pa_width);
> + if (res.result.status == OPTEE_SMC_RETURN_OK)
> + rc = optee_set_dma_mask(optee, res.result.pa_width);
This change should be folded in patch 7/9.
> if (!rc)
> pool = tee_protmem_static_pool_alloc(res.result.start,
> res.result.size);
> - if (IS_ERR(pool))
> - return PTR_ERR(pool);
> + }
>
> + if (dyn_protm && IS_ERR(pool))
> + pool = optee_protmem_alloc_dyn_pool(optee, heap_id);
> +
> + if (!IS_ERR(pool)) {
> rc = tee_device_register_dma_heap(optee->teedev, heap_id, pool);
> if (rc)
> - goto err;
> + pool->ops->destroy_pool(pool);
> }
>
> + if (protm || dyn_protm)
> + return rc;
> +
> return 0;
> -err:
> - pool->ops->destroy_pool(pool);
> - return rc;
> }
>
> static int optee_probe(struct platform_device *pdev)
> @@ -1788,9 +1857,8 @@ static int optee_probe(struct platform_device *pdev)
> pr_info("Asynchronous notifications enabled\n");
> }
>
> - rc = optee_protmem_pool_init(optee);
> - if (rc)
> - goto err_notif_uninit;
> + if (optee_protmem_pool_init(optee))
> + pr_info("Protected memory service not available\n");
This change can be folded in patch 7/9.
Rest looks good to me.
-Sumit
>
> /*
> * Ensure that there are no pre-existing shm objects before enabling
> --
> 2.43.0
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg via OP-TEE <op-tee@lists.trustedfirmware.org>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
op-tee@lists.trustedfirmware.org,
linux-arm-kernel@lists.infradead.org,
"Olivier Masse" <olivier.masse@nxp.com>,
"Thierry Reding" <thierry.reding@gmail.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Brian Starkey" <Brian.Starkey@arm.com>,
"John Stultz" <jstultz@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Matthias Brugger" <matthias.bgg@gmail.com>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
azarrabi@qti.qualcomm.com,
"Simona Vetter" <simona.vetter@ffwll.ch>,
"Daniel Stone" <daniel@fooishbar.org>,
"Rouven Czerwinski" <rouven.czerwinski@linaro.org>
Subject: Re: [PATCH v9 9/9] optee: smc abi: dynamic protected memory allocation
Date: Mon, 26 May 2025 13:43:41 +0530 [thread overview]
Message-ID: <aDQitSd27Z4qC0xT@sumit-X1> (raw)
In-Reply-To: <20250520152436.474778-10-jens.wiklander@linaro.org>
On Tue, May 20, 2025 at 05:16:52PM +0200, Jens Wiklander wrote:
> Add support in the OP-TEE backend driver for dynamic protected memory
> allocation using the SMC ABI.
>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
> drivers/tee/optee/smc_abi.c | 102 ++++++++++++++++++++++++++++++------
> 1 file changed, 85 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
> index f3cae8243785..6b3fbe7f0909 100644
> --- a/drivers/tee/optee/smc_abi.c
> +++ b/drivers/tee/optee/smc_abi.c
> @@ -965,6 +965,70 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx,
> return rc;
> }
>
> +static int optee_smc_lend_protmem(struct optee *optee, struct tee_shm *protmem,
> + u16 *end_points, unsigned int ep_count,
> + u32 use_case)
> +{
> + struct optee_shm_arg_entry *entry;
> + struct optee_msg_arg *msg_arg;
> + struct tee_shm *shm;
> + u_int offs;
> + int rc;
> +
> + msg_arg = optee_get_msg_arg(optee->ctx, 2, &entry, &shm, &offs);
> + if (IS_ERR(msg_arg))
> + return PTR_ERR(msg_arg);
> +
> + msg_arg->cmd = OPTEE_MSG_CMD_LEND_PROTMEM;
> + msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT;
> + msg_arg->params[0].u.value.a = use_case;
> + msg_arg->params[1].attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT;
> + msg_arg->params[1].u.tmem.buf_ptr = protmem->paddr;
> + msg_arg->params[1].u.tmem.size = protmem->size;
> + msg_arg->params[1].u.tmem.shm_ref = (u_long)protmem;
> +
> + rc = optee->ops->do_call_with_arg(optee->ctx, shm, offs, false);
> + if (rc)
> + goto out;
> + if (msg_arg->ret != TEEC_SUCCESS) {
> + rc = -EINVAL;
> + goto out;
> + }
> + protmem->sec_world_id = (u_long)protmem;
> +
> +out:
> + optee_free_msg_arg(optee->ctx, entry, offs);
> + return rc;
> +}
> +
> +static int optee_smc_reclaim_protmem(struct optee *optee,
> + struct tee_shm *protmem)
> +{
> + struct optee_shm_arg_entry *entry;
> + struct optee_msg_arg *msg_arg;
> + struct tee_shm *shm;
> + u_int offs;
> + int rc;
> +
> + msg_arg = optee_get_msg_arg(optee->ctx, 1, &entry, &shm, &offs);
> + if (IS_ERR(msg_arg))
> + return PTR_ERR(msg_arg);
> +
> + msg_arg->cmd = OPTEE_MSG_CMD_RECLAIM_PROTMEM;
> + msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT;
> + msg_arg->params[0].u.rmem.shm_ref = (u_long)protmem;
> +
> + rc = optee->ops->do_call_with_arg(optee->ctx, shm, offs, false);
> + if (rc)
> + goto out;
> + if (msg_arg->ret != TEEC_SUCCESS)
> + rc = -EINVAL;
> +
> +out:
> + optee_free_msg_arg(optee->ctx, entry, offs);
> + return rc;
> +}
> +
> /*
> * 5. Asynchronous notification
> */
> @@ -1216,6 +1280,8 @@ static const struct optee_ops optee_ops = {
> .do_call_with_arg = optee_smc_do_call_with_arg,
> .to_msg_param = optee_to_msg_param,
> .from_msg_param = optee_from_msg_param,
> + .lend_protmem = optee_smc_lend_protmem,
> + .reclaim_protmem = optee_smc_reclaim_protmem,
> };
>
> static int enable_async_notif(optee_invoke_fn *invoke_fn)
> @@ -1586,11 +1652,14 @@ static inline int optee_load_fw(struct platform_device *pdev,
>
> static int optee_protmem_pool_init(struct optee *optee)
> {
> + bool protm = optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM;
> + bool dyn_protm = optee->smc.sec_caps &
> + OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM;
> enum tee_dma_heap_id heap_id = TEE_DMA_HEAP_SECURE_VIDEO_PLAY;
> - struct tee_protmem_pool *pool;
> - int rc;
> + struct tee_protmem_pool *pool = ERR_PTR(-EINVAL);
> + int rc = -EINVAL;
>
> - if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_PROTMEM) {
> + if (protm) {
> union {
> struct arm_smccc_res smccc;
> struct optee_smc_get_protmem_config_result result;
> @@ -1598,26 +1667,26 @@ static int optee_protmem_pool_init(struct optee *optee)
>
> optee->smc.invoke_fn(OPTEE_SMC_GET_PROTMEM_CONFIG, 0, 0, 0, 0,
> 0, 0, 0, &res.smccc);
> - if (res.result.status != OPTEE_SMC_RETURN_OK) {
> - pr_err("Secure Data Path service not available\n");
> - return 0;
> - }
> - rc = optee_set_dma_mask(optee, res.result.pa_width);
> + if (res.result.status == OPTEE_SMC_RETURN_OK)
> + rc = optee_set_dma_mask(optee, res.result.pa_width);
This change should be folded in patch 7/9.
> if (!rc)
> pool = tee_protmem_static_pool_alloc(res.result.start,
> res.result.size);
> - if (IS_ERR(pool))
> - return PTR_ERR(pool);
> + }
>
> + if (dyn_protm && IS_ERR(pool))
> + pool = optee_protmem_alloc_dyn_pool(optee, heap_id);
> +
> + if (!IS_ERR(pool)) {
> rc = tee_device_register_dma_heap(optee->teedev, heap_id, pool);
> if (rc)
> - goto err;
> + pool->ops->destroy_pool(pool);
> }
>
> + if (protm || dyn_protm)
> + return rc;
> +
> return 0;
> -err:
> - pool->ops->destroy_pool(pool);
> - return rc;
> }
>
> static int optee_probe(struct platform_device *pdev)
> @@ -1788,9 +1857,8 @@ static int optee_probe(struct platform_device *pdev)
> pr_info("Asynchronous notifications enabled\n");
> }
>
> - rc = optee_protmem_pool_init(optee);
> - if (rc)
> - goto err_notif_uninit;
> + if (optee_protmem_pool_init(optee))
> + pr_info("Protected memory service not available\n");
This change can be folded in patch 7/9.
Rest looks good to me.
-Sumit
>
> /*
> * Ensure that there are no pre-existing shm objects before enabling
> --
> 2.43.0
>
next prev parent reply other threads:[~2025-05-26 8:21 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-20 15:16 [PATCH v9 0/9] TEE subsystem for protected dma-buf allocations Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 1/9] optee: sync secure world ABI headers Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-23 9:00 ` Sumit Garg
2025-05-23 9:00 ` Sumit Garg via OP-TEE
2025-05-20 15:16 ` [PATCH v9 2/9] dma-buf: dma-heap: export declared functions Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-21 7:13 ` Christian König
2025-05-21 7:13 ` Christian König via OP-TEE
2025-05-22 6:56 ` Jens Wiklander
2025-05-22 11:52 ` Christian König
2025-05-22 11:52 ` Christian König via OP-TEE
2025-05-22 12:36 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 3/9] tee: implement protected DMA-heap Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-22 9:11 ` kernel test robot
2025-05-23 13:03 ` Sumit Garg
2025-05-23 13:03 ` Sumit Garg via OP-TEE
2025-05-26 7:11 ` Jens Wiklander
2025-05-30 2:13 ` Amirreza Zarrabi
2025-05-30 2:13 ` Amirreza Zarrabi via OP-TEE
2025-06-02 16:00 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 4/9] tee: refactor params_from_user() Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 5/9] tee: new ioctl to a register tee_shm from a dmabuf file descriptor Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-23 13:31 ` Sumit Garg
2025-05-23 13:31 ` Sumit Garg via OP-TEE
2025-05-26 8:34 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 6/9] tee: add tee_shm_alloc_dma_mem() Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-22 16:49 ` kernel test robot
2025-05-22 16:49 ` kernel test robot
2025-05-26 7:22 ` Sumit Garg
2025-05-26 7:22 ` Sumit Garg via OP-TEE
2025-05-26 9:21 ` Jens Wiklander
2025-05-26 9:33 ` Sumit Garg
2025-05-26 9:33 ` Sumit Garg via OP-TEE
2025-05-27 14:21 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 7/9] optee: support protected memory allocation Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-26 7:33 ` Sumit Garg
2025-05-26 7:33 ` Sumit Garg via OP-TEE
2025-05-27 14:32 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 8/9] optee: FF-A: dynamic " Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-26 8:09 ` Sumit Garg
2025-05-26 8:09 ` Sumit Garg via OP-TEE
2025-05-27 15:07 ` Jens Wiklander
2025-05-20 15:16 ` [PATCH v9 9/9] optee: smc abi: " Jens Wiklander
2025-05-20 15:16 ` Jens Wiklander
2025-05-26 8:13 ` Sumit Garg [this message]
2025-05-26 8:13 ` Sumit Garg via OP-TEE
2025-05-27 14:43 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aDQitSd27Z4qC0xT@sumit-X1 \
--to=sumit.garg@kernel.org \
--cc=Brian.Starkey@arm.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=azarrabi@qti.qualcomm.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=daniel@fooishbar.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jens.wiklander@linaro.org \
--cc=jstultz@google.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=matthias.bgg@gmail.com \
--cc=olivier.masse@nxp.com \
--cc=op-tee@lists.trustedfirmware.org \
--cc=rouven.czerwinski@linaro.org \
--cc=simona.vetter@ffwll.ch \
--cc=sumit.semwal@linaro.org \
--cc=thierry.reding@gmail.com \
--cc=tjmercier@google.com \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.