From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.trustedfirmware.org (lists.trustedfirmware.org [18.214.241.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 88D23C54F30 for ; Tue, 27 May 2025 06:59:27 +0000 (UTC) Received: from lists.trustedfirmware.org (localhost [127.0.0.1]) by lists.trustedfirmware.org (Postfix) with ESMTP id CEF4B46459 for ; Tue, 27 May 2025 06:59:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.trustedfirmware.org; s=2024; t=1748329166; bh=/fg15wlLU9a84mP63LDo8vODKQ+G4sm9S8cVwXoIm/I=; h=Date:Subject:References:In-Reply-To:To:CC:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Reply-To:From; b=vITaTgHXH2YSxwsk082fpD4hnBJml7GnMWAOCCvyneRT9Uv99RYwI9W2ex1QbDSHA Pk0/K48lBHMUvKMz0pJcVPHJlQU2AFb+B04YuxwkeRoQ0PELOaMnqtBE66kkjC2qoH SAud8fjOZM7ViS2IC8tYBovSr46/R2snsodUbclKqoIyemU1ISdr+JLQQgQa1KMnMr 0cSm527WzrdKvlyCBNfRPNRk0CfQQH6H2QtVaqkAGgtFU6RlPqsISjrw02eCitNcT5 zeEpF4Id+00tODsNt/Dzb0QnBVteDFly8NNLXFPlHtzLQHYvDyAXYkHYChqTYcNOP9 QYZ/f6tJOa2BQ== Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by lists.trustedfirmware.org (Postfix) with ESMTPS id 3FC4D42F20 for ; Tue, 27 May 2025 06:57:22 +0000 (UTC) Authentication-Results: lists.trustedfirmware.org; dkim=pass (2048-bit key; unprotected) header.d=qualcomm.com header.i=@qualcomm.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=HAtgwKhm; dkim-atps=neutral Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 54QLh4MQ001972 for ; Tue, 27 May 2025 06:57:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= WLqeGWvU8zfMS74T60G8T+WzEG6/RvlK78WHTc8M8/0=; b=HAtgwKhmT4F8C1N6 Uk5eE5hCFmmFOguSbZpLA2RYG0qdEQwuBoLUUhWM7d1jz0udYGg9daX+zKL3OktW RmdYT43EpYfYw7MLwKtxpHIqXxoeB52SnipFVHA5kUbjVlPdRUGq/rj+0kbI3KGu IWuky6VFsOuDZ6L87nSEZ1SYlo9g4qiBJAzWlPkk7PY6Hn1QgxiSs0k09TaZ8/8a uGkDXxy7j8LNqnfZmq4DkdYGgbTFO7vHvBKtpTc+++ZSlJUCmNiGuk2fZDWVR2CZ nD1+8NTrLNYc6aN3MhFa30ymqJxOG3eP/oeEeYes5IlLvHzXZVyFu2WzbsE8igls dkSJnA== Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 46u549dyc6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 27 May 2025 06:57:21 +0000 (GMT) Received: by mail-pg1-f200.google.com with SMTP id 41be03b00d2f7-b2c00e965d0so1836851a12.2 for ; Mon, 26 May 2025 23:57:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748329040; x=1748933840; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WLqeGWvU8zfMS74T60G8T+WzEG6/RvlK78WHTc8M8/0=; b=sG2WtORQZEM2ZeCb1Yt2MzcvcBdjAvul90+EsWz9QguTkoXgppScMTZnUevYel2oQZ MdOkJW71iUL23VjX96TsekMIzfQulu9Xd2DIvpAoy+moSAPNY1ycXcPr0fHkc1LD8PC2 4BhGWuJ98di0uGrgNkUPVyXQ9SE8C/RsZ0lCEUJh2eSz3LsJaWmrvR+VvNzY6QX+Y4Q3 XzK8PBFbPdkpw7pMI66x8e3o5ZA1xpZ6r7YVroQTIG82IAQ4jRNQSbuX/r9CFfSjwnLl xM+UsN2hv2NNs2obD5DrQ5bWwjbBAtyIhRkS0bVMYg8U+nJN23D+pNj1+OOGi47ZicSs U7cw== X-Forwarded-Encrypted: i=1; AJvYcCVYGwJ62bVfQh7ogCwjS6BHiLtJZtRrO//hLDXKXzw+cLNMcY1B2VUBER7rQCcUm+Kx1Yna0Yg=@lists.trustedfirmware.org X-Gm-Message-State: AOJu0YwF3b4+WZRINruLfRmcy0pn/7ZEavRPTLQdbo3ZQwVBgXZDp742 8r4Ry6JCzgwYh7AQebA2QNcQVLoDt/zE0l8wXetxErsjl5ZQxhTCnngTHfFNoDV8o/v7sWMFMFC AXlId4p7VtUbhQz2VPOih0hpgoGjTi7+jQ31Tzw3PV0j+aRBGGhRgLvq8NYfgO1B92HNuis4= X-Gm-Gg: ASbGncvu4Ed++thuKM5APG+Gzlb+2b0X9J8vC58AEreMMJgGnNMzeGl8Bv48lwEU43m KxeQTCoBkXupTo7zG1u0Zu/AjpeRkZ/LIGIYZoPrTc2pf7FdHkBsZSeE7hcYqv1UDxZca3e5du7 WSEonzxwOLn+3KiROybC45WHxQo9lk9jbxqEsGgTk3owKECZUNTv0UqZQHqBbFmIak3kxPra+F+ QxL4sI1rIKjwDRnksiwsAsLhhONpyWwYO+HHigfiHT3ips2l8IigSauCrNSiwVTVjZx5Sljx3Qx pR40Gn/CdPR7pc7/RmFS/l5S0d1ChO21DrbhIYnw2GiYemhtUsny81gsSPmtz5rN0pnhArQ= X-Received: by 2002:a05:6a21:8cc4:b0:215:eac9:1ab5 with SMTP id adf61e73a8af0-2188c233917mr15033578637.20.1748329040364; Mon, 26 May 2025 23:57:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH1QjggcZf+rHuRKaXDNKUPHHlDjlhKRm0s+i6usFb3ovjby2oYt3vFxPnI/HBsiyPMMW1UEg== X-Received: by 2002:a05:6a21:8cc4:b0:215:eac9:1ab5 with SMTP id adf61e73a8af0-2188c233917mr15033538637.20.1748329039905; Mon, 26 May 2025 23:57:19 -0700 (PDT) Received: from hu-azarrabi-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-742a970954asm18037286b3a.46.2025.05.26.23.57.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 May 2025 23:57:19 -0700 (PDT) Date: Mon, 26 May 2025 23:56:48 -0700 Subject: [PATCH v5 03/12] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-3-024e3221b0b9@oss.qualcomm.com> References: <20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-0-024e3221b0b9@oss.qualcomm.com> In-Reply-To: <20250526-qcom-tee-using-tee-ss-without-mem-obj-v5-0-024e3221b0b9@oss.qualcomm.com> To: Jens Wiklander , Sumit Garg , Bjorn Andersson , Konrad Dybcio , Bartosz Golaszewski , Apurupa Pattapu , Kees Cook , "Gustavo A. R. Silva" , Sumit Semwal , =?utf-8?q?Christian_K=C3=B6nig?= X-Mailer: b4 0.13.0 X-Proofpoint-GUID: cfdpCs0SCLucntAzqXIPd3rfnRP02CSM X-Authority-Analysis: v=2.4 cv=E9nNpbdl c=1 sm=1 tr=0 ts=68356251 cx=c_pps a=oF/VQ+ItUULfLr/lQ2/icg==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=dt9VzEwgFbYA:10 a=EUspDBNiAAAA:8 a=KKAkSRfTAAAA:8 a=nExbU_x0mLWtth5-Sj8A:9 a=QEXdDO2ut3YA:10 a=3WC7DwWrALyhR5TkjVHa:22 a=cvBusfyB2V15izCimMoJ:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTI3MDA1NCBTYWx0ZWRfXwNuw8YAPOE4u vJVCsUijNIjhnjioOEEmKrObHVGLEB/aw8C+OxwRMJ4gV4lneSoXREHjrv4d1iE6I1RCfFbnu+S Vm9pn1mcg+zweiAbRjeMQu164IGQD9p7YqP2o0g902gzlcuESH3Hmh9H+X6qUqVN7pZpepPJaRS NMVhXfJ+C02t+deciAQTknpNlX6Td5PRRHWtoK0nYnbX/fAruSy2KqgFvzIMrFqFQpmDw4n9mXQ aiwzuvhrxB4nCNxGfsHXwSe1Xuq7syKPbMIBOZ0j5XPcItMgjJ2Zr7yibmWMRMTpU2CcrFxg2Hg fMvBxbD9vcTPoKdGS6ydYV0XMhHiqeJA4+3KdqDZMc0UivkzimUScA0MZqu8ihnqIncFEXZ9CIY MXTvokPnm8eCPd6MHYf3dIWxJNazqDyvzl3o6qnbQ/d4Z2HZ3XAiyyQUmYz+YOBZ6aDtWw4B X-Proofpoint-ORIG-GUID: cfdpCs0SCLucntAzqXIPd3rfnRP02CSM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-27_03,2025-05-26_02,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 priorityscore=1501 adultscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1015 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505160000 definitions=main-2505270054 X-Spamd-Bar: ---------- X-Spamd-Result: default: False [-10.80 / 15.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[100.00%]; DWL_DNSWL_MED(-2.00)[qualcomm.com:dkim]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[qualcomm.com,reject]; R_DKIM_ALLOW(-0.20)[qualcomm.com:s=qcppdkim1]; R_SPF_ALLOW(-0.20)[+ip4:205.220.180.131]; RCVD_IN_DNSWL_MED(-0.20)[129.46.96.20:received]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[205.220.180.131:from]; RCPT_COUNT_TWELVE(0.00)[21]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; NEURAL_HAM(-0.00)[-1.000]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[op-tee@lists.trustedfirmware.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ASN(0.00)[asn:22843, ipnet:205.220.180.0/24, country:US]; RCVD_IN_DNSWL_NONE(0.00)[209.85.215.200:received]; DKIM_TRACE(0.00)[qualcomm.com:+]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: lists.trustedfirmware.org X-Rspamd-Queue-Id: 3FC4D42F20 Message-ID-Hash: VKEK2Y737RH4U5S6WMB42PBEKSPRFUDD X-Message-ID-Hash: VKEK2Y737RH4U5S6WMB42PBEKSPRFUDD X-MailFrom: amirreza.zarrabi@oss.qualcomm.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-op-tee.lists.trustedfirmware.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Harshal Dev , linux-arm-msm@vger.kernel.org, op-tee@lists.trustedfirmware.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-doc@vger.kernel.org, Amirreza Zarrabi , Sumit Garg , Neil Armstrong X-Mailman-Version: 3.3.5 Precedence: list List-Id: Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Amirreza Zarrabi via OP-TEE Reply-To: Amirreza Zarrabi For drivers that can transfer data to the TEE without using shared memory from client, it is necessary to receive the user address directly, bypassing any processing by the TEE subsystem. Introduce TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent userspace buffers. Reviewed-by: Sumit Garg Tested-by: Neil Armstrong Signed-off-by: Amirreza Zarrabi --- drivers/tee/tee_core.c | 33 +++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 6 ++++++ include/uapi/linux/tee.h | 22 ++++++++++++++++------ 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index b9ea5a85278c..74e40ed83fa7 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -387,6 +387,17 @@ static int params_from_user(struct tee_context *ctx, struct tee_param *params, params[n].u.value.b = ip.b; params[n].u.value.c = ip.c; break; + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: + params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); + params[n].u.ubuf.size = ip.b; + + if (!access_ok(params[n].u.ubuf.uaddr, + params[n].u.ubuf.size)) + return -EFAULT; + + break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: @@ -455,6 +466,11 @@ static int params_to_user(struct tee_ioctl_param __user *uparams, put_user(p->u.value.c, &up->c)) return -EFAULT; break; + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: + if (put_user((u64)p->u.ubuf.size, &up->b)) + return -EFAULT; + break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: if (put_user((u64)p->u.memref.size, &up->b)) @@ -655,6 +671,13 @@ static int params_to_supp(struct tee_context *ctx, ip.b = p->u.value.b; ip.c = p->u.value.c; break; + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: + ip.a = (u64)p->u.ubuf.uaddr; + ip.b = p->u.ubuf.size; + ip.c = 0; + break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: @@ -757,6 +780,16 @@ static int params_from_supp(struct tee_param *params, size_t num_params, p->u.value.b = ip.b; p->u.value.c = ip.c; break; + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: + p->u.ubuf.uaddr = u64_to_user_ptr(ip.a); + p->u.ubuf.size = ip.b; + + if (!access_ok(params[n].u.ubuf.uaddr, + params[n].u.ubuf.size)) + return -EFAULT; + + break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: /* diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index a54c203000ed..78bbf12f02f0 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -82,6 +82,11 @@ struct tee_param_memref { struct tee_shm *shm; }; +struct tee_param_ubuf { + void * __user uaddr; + size_t size; +}; + struct tee_param_value { u64 a; u64 b; @@ -92,6 +97,7 @@ struct tee_param { u64 attr; union { struct tee_param_memref memref; + struct tee_param_ubuf ubuf; struct tee_param_value value; } u; }; diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index d0430bee8292..3e9b1ec5dfde 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -151,6 +151,13 @@ struct tee_ioctl_buf_data { #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6 #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */ +/* + * These defines userspace buffer parameters. + */ +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT 8 +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT 9 +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT 10 /* input and output */ + /* * Mask for the type part of the attribute, leaves room for more types */ @@ -186,14 +193,17 @@ struct tee_ioctl_buf_data { /** * struct tee_ioctl_param - parameter * @attr: attributes - * @a: if a memref, offset into the shared memory object, else a value parameter - * @b: if a memref, size of the buffer, else a value parameter + * @a: if a memref, offset into the shared memory object, + * else if a ubuf, address of the user buffer, + * else a value parameter + * @b: if a memref or ubuf, size of the buffer, else a value parameter * @c: if a memref, shared memory identifier, else a value parameter * - * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in - * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and - * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE - * indicates that none of the members are used. + * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref, ubuf, or value is + * used in the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value, + * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref, and TEE_PARAM_ATTR_TYPE_UBUF_* + * indicates ubuf. TEE_PARAM_ATTR_TYPE_NONE indicates that none of the members + * are used. * * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an * identifier representing the shared memory object. A memref can reference -- 2.34.1