From: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
To: "Jens Wiklander" <jens.wiklander@linaro.org>,
"Sumit Garg" <sumit.garg@kernel.org>,
"Bjorn Andersson" <andersson@kernel.org>,
"Konrad Dybcio" <konradybcio@kernel.org>,
"Bartosz Golaszewski" <bartosz.golaszewski@linaro.org>,
"Apurupa Pattapu" <quic_apurupa@quicinc.com>,
"Kees Cook" <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Christian König" <christian.koenig@amd.com>
Cc: Harshal Dev <quic_hdev@quicinc.com>,
linux-arm-msm@vger.kernel.org, op-tee@lists.trustedfirmware.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
linux-doc@vger.kernel.org,
Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>,
Sumit Garg <sumit.garg@oss.qualcomm.com>,
Neil Armstrong <neil.armstrong@linaro.org>
Subject: [PATCH v5 03/12] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF
Date: Mon, 26 May 2025 23:56:48 -0700 [thread overview]
Message-ID: <20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-3-024e3221b0b9@oss.qualcomm.com> (raw)
In-Reply-To: <20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-0-024e3221b0b9@oss.qualcomm.com>
For drivers that can transfer data to the TEE without using shared
memory from client, it is necessary to receive the user address
directly, bypassing any processing by the TEE subsystem. Introduce
TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent
userspace buffers.
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
---
drivers/tee/tee_core.c | 33 +++++++++++++++++++++++++++++++++
include/linux/tee_drv.h | 6 ++++++
include/uapi/linux/tee.h | 22 ++++++++++++++++------
3 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index b9ea5a85278c..74e40ed83fa7 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -387,6 +387,17 @@ static int params_from_user(struct tee_context *ctx, struct tee_param *params,
params[n].u.value.b = ip.b;
params[n].u.value.c = ip.c;
break;
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT:
+ params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a);
+ params[n].u.ubuf.size = ip.b;
+
+ if (!access_ok(params[n].u.ubuf.uaddr,
+ params[n].u.ubuf.size))
+ return -EFAULT;
+
+ break;
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
@@ -455,6 +466,11 @@ static int params_to_user(struct tee_ioctl_param __user *uparams,
put_user(p->u.value.c, &up->c))
return -EFAULT;
break;
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT:
+ if (put_user((u64)p->u.ubuf.size, &up->b))
+ return -EFAULT;
+ break;
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
if (put_user((u64)p->u.memref.size, &up->b))
@@ -655,6 +671,13 @@ static int params_to_supp(struct tee_context *ctx,
ip.b = p->u.value.b;
ip.c = p->u.value.c;
break;
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT:
+ ip.a = (u64)p->u.ubuf.uaddr;
+ ip.b = p->u.ubuf.size;
+ ip.c = 0;
+ break;
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
@@ -757,6 +780,16 @@ static int params_from_supp(struct tee_param *params, size_t num_params,
p->u.value.b = ip.b;
p->u.value.c = ip.c;
break;
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT:
+ case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT:
+ p->u.ubuf.uaddr = u64_to_user_ptr(ip.a);
+ p->u.ubuf.size = ip.b;
+
+ if (!access_ok(params[n].u.ubuf.uaddr,
+ params[n].u.ubuf.size))
+ return -EFAULT;
+
+ break;
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
/*
diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
index a54c203000ed..78bbf12f02f0 100644
--- a/include/linux/tee_drv.h
+++ b/include/linux/tee_drv.h
@@ -82,6 +82,11 @@ struct tee_param_memref {
struct tee_shm *shm;
};
+struct tee_param_ubuf {
+ void * __user uaddr;
+ size_t size;
+};
+
struct tee_param_value {
u64 a;
u64 b;
@@ -92,6 +97,7 @@ struct tee_param {
u64 attr;
union {
struct tee_param_memref memref;
+ struct tee_param_ubuf ubuf;
struct tee_param_value value;
} u;
};
diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
index d0430bee8292..3e9b1ec5dfde 100644
--- a/include/uapi/linux/tee.h
+++ b/include/uapi/linux/tee.h
@@ -151,6 +151,13 @@ struct tee_ioctl_buf_data {
#define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6
#define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */
+/*
+ * These defines userspace buffer parameters.
+ */
+#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT 8
+#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT 9
+#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT 10 /* input and output */
+
/*
* Mask for the type part of the attribute, leaves room for more types
*/
@@ -186,14 +193,17 @@ struct tee_ioctl_buf_data {
/**
* struct tee_ioctl_param - parameter
* @attr: attributes
- * @a: if a memref, offset into the shared memory object, else a value parameter
- * @b: if a memref, size of the buffer, else a value parameter
+ * @a: if a memref, offset into the shared memory object,
+ * else if a ubuf, address of the user buffer,
+ * else a value parameter
+ * @b: if a memref or ubuf, size of the buffer, else a value parameter
* @c: if a memref, shared memory identifier, else a value parameter
*
- * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in
- * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and
- * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE
- * indicates that none of the members are used.
+ * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref, ubuf, or value is
+ * used in the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value,
+ * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref, and TEE_PARAM_ATTR_TYPE_UBUF_*
+ * indicates ubuf. TEE_PARAM_ATTR_TYPE_NONE indicates that none of the members
+ * are used.
*
* Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an
* identifier representing the shared memory object. A memref can reference
--
2.34.1
next prev parent reply other threads:[~2025-05-27 6:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-27 6:56 [PATCH v5 00/12] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE) Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 01/12] tee: allow a driver to allocate a tee_device without a pool Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 02/12] tee: add close_context to TEE driver operation Amirreza Zarrabi
2025-05-27 6:56 ` Amirreza Zarrabi [this message]
2025-05-28 0:04 ` [PATCH v5 03/12] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF kernel test robot
2025-06-11 22:40 ` Andrew Davis
2025-06-11 23:45 ` Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 04/12] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 05/12] tee: increase TEE_MAX_ARG_SIZE to 4096 Amirreza Zarrabi
2025-06-11 13:02 ` Sumit Garg
2025-05-27 6:56 ` [PATCH v5 06/12] firmware: qcom: scm: add support for object invocation Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 07/12] firmware: qcom: scm: remove unused arguments to the shm_brige Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 08/12] firmware: qcom: tzmem: export shm_bridge create/delete Amirreza Zarrabi
2025-07-01 11:47 ` Kuldeep Singh
2025-07-08 0:18 ` Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 09/12] tee: add Qualcomm TEE driver Amirreza Zarrabi
2025-05-27 21:28 ` kernel test robot
2025-05-28 5:22 ` Dan Carpenter
2025-07-07 12:09 ` Sumit Garg
2025-07-11 7:05 ` Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 10/12] qcomtee: add primordial object Amirreza Zarrabi
2025-05-27 6:56 ` [PATCH v5 11/12] qcomtee: enable TEE_IOC_SHM_ALLOC ioctl Amirreza Zarrabi
2025-07-07 12:15 ` Sumit Garg
2025-05-27 6:56 ` [PATCH v5 12/12] Documentation: tee: Add Qualcomm TEE driver Amirreza Zarrabi
2025-07-07 12:19 ` Sumit Garg
2025-07-11 5:05 ` Amirreza Zarrabi
2025-07-08 10:02 ` [PATCH v5 00/12] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE) Harshal Dev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-3-024e3221b0b9@oss.qualcomm.com \
--to=amirreza.zarrabi@oss.qualcomm.com \
--cc=andersson@kernel.org \
--cc=bartosz.golaszewski@linaro.org \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavoars@kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=kees@kernel.org \
--cc=konradybcio@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=quic_apurupa@quicinc.com \
--cc=quic_hdev@quicinc.com \
--cc=sumit.garg@kernel.org \
--cc=sumit.garg@oss.qualcomm.com \
--cc=sumit.semwal@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).