[GIT PULL] TEE protected DMA-bufs for v6.18

[Jens Wiklander <jens.wiklander@linaro.org>]

Hello arm-soc maintainers,

Please pull this set of patches enabling protected DMA-bufs in the TEE
subsystem. There's a brief desciption in the tag below. All patches but
"dma-buf: dma-heap: export declared functions" are withing the TEE
subsystem. The dma-heap maintainer, Sumit Semwal, has acked the dma-heap
patch to be merged via my tree.

I believe I've addressed all comments from the reviews including providing
a demo as described in [1].

[1] https://lore.kernel.org/op-tee/20250911135007.1275833-1-jens.wiklander@linaro.org/

Thanks,
Jens

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/tee-prot-dma-buf-for-v6.18

for you to fetch changes up to dbc2868b7b57fb4caa8e44a69e882dcf8e8d59bf:

  optee: smc abi: dynamic protected memory allocation (2025-09-11 11:22:43 +0200)

----------------------------------------------------------------
TEE protected DMA-bufs for v6.18

- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE
  subsystem.
- The DMA-heap uses a protected memory pool provided by the backend TEE
  driver, allowing it to choose how to allocate the protected physical
  memory.
- Three use-cases (Secure Video Playback, Trusted UI, and Secure Video
  Recording) have been identified so far to serve as examples of what
  can be expected.
- The use-cases have predefined DMA-heap names,
  "protected,secure-video", "protected,trusted-ui", and
  "protected,secure-video-record". The backend driver registers protected
  memory pools for the use-cases it supports.

----------------------------------------------------------------
Etienne Carriere (1):
      tee: new ioctl to a register tee_shm from a dmabuf file descriptor

Jens Wiklander (8):
      optee: sync secure world ABI headers
      dma-buf: dma-heap: export declared functions
      tee: implement protected DMA-heap
      tee: refactor params_from_user()
      tee: add tee_shm_alloc_dma_mem()
      optee: support protected memory allocation
      optee: FF-A: dynamic protected memory allocation
      optee: smc abi: dynamic protected memory allocation

 drivers/dma-buf/dma-heap.c        |   4 +
 drivers/tee/Kconfig               |   5 +
 drivers/tee/Makefile              |   1 +
 drivers/tee/optee/Kconfig         |   5 +
 drivers/tee/optee/Makefile        |   1 +
 drivers/tee/optee/core.c          |   7 +
 drivers/tee/optee/ffa_abi.c       | 146 ++++++++++-
 drivers/tee/optee/optee_ffa.h     |  27 +-
 drivers/tee/optee/optee_msg.h     |  84 ++++++-
 drivers/tee/optee/optee_private.h |  15 +-
 drivers/tee/optee/optee_smc.h     |  37 ++-
 drivers/tee/optee/protmem.c       | 335 +++++++++++++++++++++++++
 drivers/tee/optee/smc_abi.c       | 141 ++++++++++-
 drivers/tee/tee_core.c            | 158 +++++++++---
 drivers/tee/tee_heap.c            | 500 ++++++++++++++++++++++++++++++++++++++
 drivers/tee/tee_private.h         |  14 ++
 drivers/tee/tee_shm.c             | 157 +++++++++++-
 include/linux/tee_core.h          |  59 +++++
 include/linux/tee_drv.h           |  10 +
 include/uapi/linux/tee.h          |  31 +++
 20 files changed, 1670 insertions(+), 67 deletions(-)
 create mode 100644 drivers/tee/optee/protmem.c
 create mode 100644 drivers/tee/tee_heap.c