From: Jeffrey Kardatzke <jkardatzke@google.com>
To: Joakim Bech <joakim.bech@linaro.org>
Cc: "Yong Wu (吴勇)" <Yong.Wu@mediatek.com>,
"matthias.bgg@gmail.com" <matthias.bgg@gmail.com>,
"christian.koenig@amd.com" <christian.koenig@amd.com>,
"angelogioacchino.delregno@collabora.com"
<angelogioacchino.delregno@collabora.com>,
"robh+dt@kernel.org" <robh+dt@kernel.org>,
"sumit.semwal@linaro.org" <sumit.semwal@linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
"jstultz@google.com" <jstultz@google.com>,
"linaro-mm-sig@lists.linaro.org" <linaro-mm-sig@lists.linaro.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"Jianjiao Zeng (曾健姣)" <Jianjiao.Zeng@mediatek.com>,
"Kuohong Wang (王國鴻)" <kuohong.wang@mediatek.com>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"Brian.Starkey@arm.com" <Brian.Starkey@arm.com>,
"benjamin.gaignard@collabora.com"
<benjamin.gaignard@collabora.com>,
"tjmercier@google.com" <tjmercier@google.com>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH 5/9] dma-buf: heaps: mtk_sec_heap: Initialise tee session
Date: Wed, 27 Sep 2023 11:54:03 -0700 [thread overview]
Message-ID: <CA+ddPcNDOsd4+1a3W5ufA-FaCc801bKkA-OapNKOC8snXrntAw@mail.gmail.com> (raw)
In-Reply-To: <20230927134614.kp27moxdw72jiu4y@pop-os.localdomain>
On Wed, Sep 27, 2023 at 6:46 AM Joakim Bech <joakim.bech@linaro.org> wrote:
>
> On Mon, Sep 25, 2023 at 12:49:50PM +0000, Yong Wu (吴勇) wrote:
> > On Tue, 2023-09-12 at 11:32 +0200, AngeloGioacchino Del Regno wrote:
> > > Il 12/09/23 08:17, Yong Wu (吴勇) ha scritto:
> > > > On Mon, 2023-09-11 at 11:29 +0200, AngeloGioacchino Del Regno
> > > > wrote:
> > > > > Il 11/09/23 04:30, Yong Wu ha scritto:
> > > > > > The TEE probe later than dma-buf heap, and PROBE_DEDER doesn't
> > > > > > work
> > > > > > here since this is not a platform driver, therefore initialise
> > > > > > the
> > > > > > TEE
> > > > > > context/session while we allocate the first secure buffer.
> > > > > >
> > > > > > Signed-off-by: Yong Wu <yong.wu@mediatek.com>
> > > > > > ---
> > > > > > drivers/dma-buf/heaps/mtk_secure_heap.c | 61
> > > > > > +++++++++++++++++++++++++
> > > > > > 1 file changed, 61 insertions(+)
> > > > > >
> > > > > > diff --git a/drivers/dma-buf/heaps/mtk_secure_heap.c
> > > > > > b/drivers/dma-
> > > > > > buf/heaps/mtk_secure_heap.c
> > > > > > index bbf1c8dce23e..e3da33a3d083 100644
> > > > > > --- a/drivers/dma-buf/heaps/mtk_secure_heap.c
> > > > > > +++ b/drivers/dma-buf/heaps/mtk_secure_heap.c
> > > > > > @@ -10,6 +10,12 @@
> > > > > > #include <linux/err.h>
> > > > > > #include <linux/module.h>
> > > > > > #include <linux/slab.h>
> > > > > > +#include <linux/tee_drv.h>
> > > > > > +#include <linux/uuid.h>
> > > > > > +
> > > > > > +#define TZ_TA_MEM_UUID "4477588a-8476-11e2-ad15-
> > > > > > e41f1390d676"
> > > > > > +
> > > > >
> > > > > Is this UUID the same for all SoCs and all TZ versions?
> > > >
> > > > Yes. It is the same for all SoCs and all TZ versions currently.
> > > >
> > >
> > > That's good news!
> > >
> > > Is this UUID used in any userspace component? (example: Android
> > > HALs?)
> >
> > No. Userspace never use it. If userspace would like to allocate this
> > secure buffer, it can achieve through the existing dmabuf IOCTL via
> > /dev/dma_heap/mtk_svp node.
> >
> In general I think as mentioned elsewhere in comments, that there isn't
> that much here that seems to be unique for MediaTek in this patch
> series, so I think it worth to see whether this whole patch set can be
> made more generic. Having said that, the UUID is always unique for a
> certain Trusted Application. So, it's not entirely true saying that the
> UUID is the same for all SoCs and all TrustZone versions. It might be
> true for a family of MediaTek devices and the TEE in use, but not
> generically.
>
> So, if we need to differentiate between different TA implementations,
> then we need different UUIDs. If it would be possible to make this patch
> set generic, then it sounds like a single UUID would be sufficient, but
> that would imply that all TA's supporting such a generic UUID would be
> implemented the same from an API point of view. Which also means that
> for example Trusted Application function ID's needs to be the same etc.
> Not impossible to achieve, but still not easy (different TEE follows
> different specifications) and it's not typically something we've done in
> the past.
>
> Unfortunately there is no standardized database of TA's describing what
> they implement and support.
>
> As an alternative, we could implement a query call in the TEE answering,
> "What UUID does your TA have that implements secure unmapped heap?".
> I.e., something that reminds of a lookup table. Then we wouldn't have to
> carry this in UAPI, DT or anywhere else.
>
I think that's a good idea. If we add kernel APIs to the tee for
opening a session for secure memory allocation and for performing the
allocation, then the UUID, TA commands and TA parameters can all be
decided upon in the TEE specific driver and the code in dma-heap
becomes generic.
> --
> // Regards
> Joakim
>
> >
> > > If it is (and I somehow expect that it is), then this definition
> > > should go
> > > to a UAPI header, as suggested by Christian.
> > >
> > > Cheers!
> > >
> > > > >
> > > > > Thanks,
> > > > > Angelo
> > > > >
> > > > >
> > > > > > +#define MTK_TEE_PARAM_NUM 4
> > > > > >
> > > > > > /*
> > > > > > * MediaTek secure (chunk) memory type
> > > > > > @@ -28,17 +34,72 @@ struct mtk_secure_heap_buffer {
> > > > > > struct mtk_secure_heap {
> > > > > > const char *name;
> > > > > > const enum kree_mem_type mem_type;
> > > > > > + u32 mem_session;
> > > > > > + struct tee_context *tee_ctx;
> > > > > > };
> > > > > >
> > > > > > +static int mtk_optee_ctx_match(struct tee_ioctl_version_data
> > > > > > *ver,
> > > > > > const void *data)
> > > > > > +{
> > > > > > + return ver->impl_id == TEE_IMPL_ID_OPTEE;
> > > > > > +}
> > > > > > +
> > > > > > +static int mtk_kree_secure_session_init(struct mtk_secure_heap
> > > > > > *sec_heap)
> > > > > > +{
> > > > > > + struct tee_param t_param[MTK_TEE_PARAM_NUM] = {0};
> > > > > > + struct tee_ioctl_open_session_arg arg = {0};
> > > > > > + uuid_t ta_mem_uuid;
> > > > > > + int ret;
> > > > > > +
> > > > > > + sec_heap->tee_ctx = tee_client_open_context(NULL,
> > > > > > mtk_optee_ctx_match,
> > > > > > + NULL,
> > > > > > NULL);
> > > > > > + if (IS_ERR(sec_heap->tee_ctx)) {
> > > > > > + pr_err("%s: open context failed, ret=%ld\n",
> > > > > > sec_heap-
> > > > > > > name,
> > > > > >
> > > > > > + PTR_ERR(sec_heap->tee_ctx));
> > > > > > + return -ENODEV;
> > > > > > + }
> > > > > > +
> > > > > > + arg.num_params = MTK_TEE_PARAM_NUM;
> > > > > > + arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
> > > > > > + ret = uuid_parse(TZ_TA_MEM_UUID, &ta_mem_uuid);
> > > > > > + if (ret)
> > > > > > + goto close_context;
> > > > > > + memcpy(&arg.uuid, &ta_mem_uuid.b, sizeof(ta_mem_uuid));
> > > > > > +
> > > > > > + ret = tee_client_open_session(sec_heap->tee_ctx, &arg,
> > > > > > t_param);
> > > > > > + if (ret < 0 || arg.ret) {
> > > > > > + pr_err("%s: open session failed, ret=%d:%d\n",
> > > > > > + sec_heap->name, ret, arg.ret);
> > > > > > + ret = -EINVAL;
> > > > > > + goto close_context;
> > > > > > + }
> > > > > > + sec_heap->mem_session = arg.session;
> > > > > > + return 0;
> > > > > > +
> > > > > > +close_context:
> > > > > > + tee_client_close_context(sec_heap->tee_ctx);
> > > > > > + return ret;
> > > > > > +}
> > > > > > +
> > > > > > static struct dma_buf *
> > > > > > mtk_sec_heap_allocate(struct dma_heap *heap, size_t size,
> > > > > > unsigned long fd_flags, unsigned long
> > > > > > heap_flags)
> > > > > > {
> > > > > > + struct mtk_secure_heap *sec_heap =
> > > > > > dma_heap_get_drvdata(heap);
> > > > > > struct mtk_secure_heap_buffer *sec_buf;
> > > > > > DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
> > > > > > struct dma_buf *dmabuf;
> > > > > > int ret;
> > > > > >
> > > > > > + /*
> > > > > > + * TEE probe may be late. Initialise the secure session
> > > > > > in the
> > > > > > first
> > > > > > + * allocating secure buffer.
> > > > > > + */
> > > > > > + if (!sec_heap->mem_session) {
> > > > > > + ret = mtk_kree_secure_session_init(sec_heap);
> > > > > > + if (ret)
> > > > > > + return ERR_PTR(ret);
> > > > > > + }
> > > > > > +
> > > > > > sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL);
> > > > > > if (!sec_buf)
> > > > > > return ERR_PTR(-ENOMEM);
> > > > >
> > > > >
> > >
> > >
next prev parent reply other threads:[~2023-09-27 18:54 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-11 2:30 [PATCH 0/9] dma-buf: heaps: Add MediaTek secure heap Yong Wu
2023-09-11 2:30 ` [PATCH 1/9] dma-buf: heaps: Deduplicate docs and adopt common format Yong Wu
2023-09-11 9:36 ` Christian König
2023-09-11 23:51 ` T.J. Mercier
2023-09-11 2:30 ` [PATCH 2/9] dma-heap: Add proper kref handling on dma-buf heaps Yong Wu
2023-09-11 9:48 ` Christian König
2023-09-22 18:19 ` T.J. Mercier
2023-09-11 2:30 ` [PATCH 3/9] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific heaps Yong Wu
2023-09-11 10:13 ` Christian König
2023-09-11 18:29 ` John Stultz
2023-09-12 7:06 ` Christian König
2023-09-12 8:52 ` Yong Wu (吴勇)
2023-09-12 14:46 ` Christian König
2023-09-12 14:58 ` Nicolas Dufresne
2023-09-13 8:30 ` Christian König
2023-09-12 14:50 ` Nicolas Dufresne
2023-09-11 16:12 ` Nicolas Dufresne
2023-09-12 8:47 ` Yong Wu (吴勇)
2023-09-12 15:05 ` Nicolas Dufresne
2023-09-18 10:46 ` Yong Wu (吴勇)
2023-09-11 2:30 ` [PATCH 4/9] dma-buf: heaps: Initialise MediaTek secure heap Yong Wu
2023-09-11 8:05 ` kernel test robot
2023-09-27 14:42 ` Joakim Bech
2023-10-19 4:45 ` Vijayanand Jitta
2023-10-20 9:59 ` Yong Wu (吴勇)
2023-10-26 4:48 ` Vijayanand Jitta
2023-10-27 7:47 ` Yong Wu (吴勇)
2023-10-30 8:06 ` Vijayanand Jitta
2023-09-11 2:30 ` [PATCH 5/9] dma-buf: heaps: mtk_sec_heap: Initialise tee session Yong Wu
2023-09-11 9:29 ` AngeloGioacchino Del Regno
2023-09-11 10:15 ` Christian König
2023-09-12 6:17 ` Yong Wu (吴勇)
2023-09-12 9:32 ` AngeloGioacchino Del Regno
2023-09-25 12:49 ` Yong Wu (吴勇)
2023-09-27 13:46 ` Joakim Bech
2023-09-27 15:17 ` Benjamin Gaignard
2023-09-27 18:56 ` Jeffrey Kardatzke
2023-09-28 8:30 ` Benjamin Gaignard
2023-09-28 17:48 ` Jeffrey Kardatzke
2023-09-29 6:54 ` Benjamin Gaignard
2023-10-13 19:10 ` Jeffrey Kardatzke
2023-09-27 18:54 ` Jeffrey Kardatzke [this message]
2023-09-13 13:35 ` kernel test robot
2023-09-11 2:30 ` [PATCH 6/9] dma-buf: heaps: mtk_sec_heap: Add tee service call for buffer allocating/freeing Yong Wu
2023-09-14 10:18 ` kernel test robot
2023-09-27 14:37 ` Joakim Bech
2023-09-28 5:24 ` Yong Wu (吴勇)
2023-10-19 4:45 ` Vijayanand Jitta
2023-10-20 10:01 ` Yong Wu (吴勇)
2023-09-11 2:30 ` [PATCH 7/9] dma-buf: heaps: mtk_sec_heap: Add dma_ops Yong Wu
2023-09-11 2:30 ` [PATCH 8/9] dt-bindings: reserved-memory: MediaTek: Add reserved memory for SVP Yong Wu
2023-09-11 15:44 ` Rob Herring
2023-09-12 6:16 ` Yong Wu (吴勇)
2023-09-12 8:28 ` Krzysztof Kozlowski
2023-09-12 10:13 ` Robin Murphy
[not found] ` <20230912155338.GA842444-robh@kernel.org>
2023-09-12 16:05 ` Robin Murphy
2023-09-18 10:47 ` Yong Wu (吴勇)
2023-09-19 22:15 ` Jeffrey Kardatzke
2023-10-12 6:54 ` Yong Wu (吴勇)
2023-10-12 7:07 ` Krzysztof Kozlowski
2023-10-12 11:15 ` Yong Wu (吴勇)
2023-10-19 4:46 ` Vijayanand Jitta
2023-10-20 9:50 ` Yong Wu (吴勇)
2023-11-01 5:50 ` Jaskaran Singh
2023-11-06 5:56 ` Yong Wu (吴勇)
2023-11-20 8:20 ` Jaskaran Singh
2023-09-11 2:30 ` [PATCH 9/9] dma_buf: heaps: mtk_sec_heap: Add a new CMA heap Yong Wu
2023-09-11 9:33 ` AngeloGioacchino Del Regno
2023-10-19 4:44 ` [PATCH 0/9] dma-buf: heaps: Add MediaTek secure heap Vijayanand Jitta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+ddPcNDOsd4+1a3W5ufA-FaCc801bKkA-OapNKOC8snXrntAw@mail.gmail.com \
--to=jkardatzke@google.com \
--cc=Brian.Starkey@arm.com \
--cc=Jianjiao.Zeng@mediatek.com \
--cc=Yong.Wu@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=joakim.bech@linaro.org \
--cc=jstultz@google.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuohong.wang@mediatek.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=robh+dt@kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).