Re: [PATCH RFC 1/3] firmware: qcom: implement object invoke support

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Krzysztof Kozlowski <krzk@kernel.org>
To: "Amirreza Zarrabi" <quic_azarrabi@quicinc.com>,
	"Bjorn Andersson" <andersson@kernel.org>,
	"Konrad Dybcio" <konrad.dybcio@linaro.org>,
	"Sumit Semwal" <sumit.semwal@linaro.org>,
	"Christian König" <christian.koenig@amd.com>,
	srinivas.kandagatla@linaro.org, bartosz.golaszewski@linaro.org
Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
	dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org
Subject: Re: [PATCH RFC 1/3] firmware: qcom: implement object invoke support
Date: Thu, 18 Jul 2024 13:27:51 +0200	[thread overview]
Message-ID: <09605d65-8a0e-4d28-be8e-a07bbdf376d6@kernel.org> (raw)
In-Reply-To: <20240702-qcom-tee-object-and-ioctls-v1-1-633c3ddf57ee@quicinc.com>

On 03/07/2024 07:57, Amirreza Zarrabi wrote:
> Qualcomm TEE hosts Trusted Applications and Services that run in the
> secure world. Access to these resources is provided using object
> capabilities. A TEE client with access to the capability can invoke
> the object and request a service. Similarly, TEE can request a service
> from nonsecure world with object capabilities that are exported to secure
> world.
> 
> We provide qcom_tee_object which represents an object in both secure
> and nonsecure world. TEE clients can invoke an instance of qcom_tee_object
> to access TEE. TEE can issue a callback request to nonsecure world
> by invoking an instance of qcom_tee_object in nonsecure world.
> 
> Any driver in nonsecure world that is interested to export a struct (or a
> service object) to TEE, requires to embed an instance of qcom_tee_object in
> the relevant struct and implements the dispatcher function which is called
> when TEE invoked the service object.
> 
> We also provids simplified API which implements the Qualcomm TEE transport
> protocol. The implementation is independent from any services that may
> reside in nonsecure world.
> 
> Signed-off-by: Amirreza Zarrabi <quic_azarrabi@quicinc.com>
> ---
>  drivers/firmware/qcom/Kconfig                      |   14 +
>  drivers/firmware/qcom/Makefile                     |    2 +
>  drivers/firmware/qcom/qcom_object_invoke/Makefile  |    4 +
>  drivers/firmware/qcom/qcom_object_invoke/async.c   |  142 +++
>  drivers/firmware/qcom/qcom_object_invoke/core.c    | 1139 ++++++++++++++++++++
>  drivers/firmware/qcom/qcom_object_invoke/core.h    |  186 ++++
>  .../qcom/qcom_object_invoke/qcom_scm_invoke.c      |   22 +
>  .../firmware/qcom/qcom_object_invoke/release_wq.c  |   90 ++
>  include/linux/firmware/qcom/qcom_object_invoke.h   |  233 ++++
>  9 files changed, 1832 insertions(+)
> 
> diff --git a/drivers/firmware/qcom/Kconfig b/drivers/firmware/qcom/Kconfig
> index 7f6eb4174734..103ab82bae9f 100644
> --- a/drivers/firmware/qcom/Kconfig
> +++ b/drivers/firmware/qcom/Kconfig
> @@ -84,4 +84,18 @@ config QCOM_QSEECOM_UEFISECAPP
>  	  Select Y here to provide access to EFI variables on the aforementioned
>  	  platforms.
>  
> +config QCOM_OBJECT_INVOKE_CORE

Let's avoid another rant from Linus and add here either proper defaults
or dependencies.

> +	bool "Secure TEE Communication Support"
> +	help
> +	  Various Qualcomm SoCs have a Trusted Execution Environment (TEE) running
> +	  in the Trust Zone. This module provides an interface to that via the
> +	  capability based object invocation, using SMC calls.
> +
> +	  OBJECT_INVOKE_CORE allows capability based secure communication between
> +	  TEE and VMs. Using OBJECT_INVOKE_CORE, kernel can issue calls to TEE or
> +	  TAs to request a service or exposes services to TEE and TAs. It implements
> +	  the necessary marshaling of messages with TEE.
> +
> +	  Select Y here to provide access to TEE.
> +
>  endmenu
> diff --git a/drivers/firmware/qcom/Makefile b/drivers/firmware/qc


...

> +		} else {
> +			/* TEE obtained the ownership of QCOM_TEE_OBJECT_TYPE_CB_OBJECT
> +			 * input objects in 'u'. On further failure, TEE is responsible
> +			 * to release them.
> +			 */
> +
> +			oic->flags |= OIC_FLAG_QCOM_TEE;
> +		}
> +
> +		/* Is it a callback request?! */
> +		if (response_type != QCOM_TEE_RESULT_INBOUND_REQ_NEEDED) {
> +			if (!*result) {
> +				ret = update_args(u, oic);
> +				if (ret) {
> +					arg_for_each_output_object(i, u)
> +						put_qcom_tee_object(u[i].o);
> +				}
> +			}
> +
> +			break;
> +
> +		} else {
> +			oic->flags |= OIC_FLAG_BUSY;
> +
> +			/* Before dispatching the request, handle any pending async requests. */
> +			__fetch__async_reqs(oic);
> +
> +			qcom_tee_object_invoke(oic, cb_msg);
> +		}
> +	}
> +
> +	__fetch__async_reqs(oic);
> +
> +out:
> +	qcom_tee_object_invoke_ctx_uninit(oic);
> +
> +	return ret;
> +}
> +EXPORT_SYMBOL_GPL(qcom_tee_object_do_invoke);
> +
> +/* Primordial Object. */
> +/* It is invoked by TEE for kernel services. */
> +
> +static struct qcom_tee_object *primordial_object = NULL_QCOM_TEE_OBJECT;
> +static DEFINE_MUTEX(primordial_object_lock);

Oh my... except that it looks like undocumented ABI, please avoid
file-scope variables.

Best regards,
Krzysztof

next prev parent reply	other threads:[~2024-07-18 11:27 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-03  5:57 [PATCH RFC 0/3] Implement Qualcomm TEE IPC and ioctl calls Amirreza Zarrabi
2024-07-03  5:57 ` [PATCH RFC 1/3] firmware: qcom: implement object invoke support Amirreza Zarrabi
2024-07-03 12:13   ` Dmitry Baryshkov
2024-07-03 21:39     ` Amirreza Zarrabi
2024-07-04  7:34       ` Dmitry Baryshkov
2024-07-25  3:19         ` Amirreza Zarrabi
2024-07-25  4:09           ` Dmitry Baryshkov
2024-07-25  4:15             ` Amirreza Zarrabi
2024-07-25  4:32               ` Dmitry Baryshkov
2024-07-18 11:27   ` Krzysztof Kozlowski [this message]
2024-07-03  5:57 ` [PATCH RFC 2/3] firmware: qcom: implement memory object support for TEE Amirreza Zarrabi
2024-07-03  5:57 ` [PATCH RFC 3/3] firmware: qcom: implement ioctl for TEE object invocation Amirreza Zarrabi
2024-07-03 11:36 ` [PATCH RFC 0/3] Implement Qualcomm TEE IPC and ioctl calls Dmitry Baryshkov
2024-07-03 12:48   ` neil.armstrong
2024-07-09 23:16   ` Amirreza Zarrabi
2024-07-17 12:31     ` Dmitry Baryshkov
2024-07-18 10:00       ` Sumit Garg
2024-07-25  3:16       ` Amirreza Zarrabi
2024-07-17 14:52     ` Jens Wiklander
2024-07-25  1:55       ` Amirreza Zarrabi
2024-07-09 10:01 ` Konrad Dybcio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=09605d65-8a0e-4d28-be8e-a07bbdf376d6@kernel.org \
    --to=krzk@kernel.org \
    --cc=andersson@kernel.org \
    --cc=bartosz.golaszewski@linaro.org \
    --cc=christian.koenig@amd.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=konrad.dybcio@linaro.org \
    --cc=linaro-mm-sig@lists.linaro.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=quic_azarrabi@quicinc.com \
    --cc=srinivas.kandagatla@linaro.org \
    --cc=sumit.semwal@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox