linux-toradex.git/drivers/tee, branch v5.9-rc6 Linux kernel for Apalis and Colibri modules Merge tag 'optee-bus-for-v5.9' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers 2020-07-13T13:11:44+00:00 Arnd Bergmann arnd@arndb.de 2020-07-13T13:11:42+00:00 38d9dff186f1c88ce8ca92700d6cedc374ff9900 Enable multi-stage OP-TEE bus enumeration Probes drivers on the OP-TEE bus in two steps. First for drivers which do not depend on tee-supplicant. After tee-supplicant has been started probe the devices which do depend on tee-supplicant. Also introduces driver which uses an OP-TEE based fTPM Trusted Application depends on tee-supplicant NV RAM implementation based on RPMB secure storage. * tag 'optee-bus-for-v5.9' of git://git.linaro.org/people/jens.wiklander/linux-tee: tpm_ftpm_tee: register driver on TEE bus optee: enable support for multi-stage bus enumeration optee: use uuid for sysfs driver entry Link: https://lore.kernel.org/r/20200710085230.GA1312913@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
Enable multi-stage OP-TEE bus enumeration

Probes drivers on the OP-TEE bus in two steps. First for drivers which
do not depend on tee-supplicant. After tee-supplicant has been started
probe the devices which do depend on tee-supplicant.

Also introduces driver which uses an OP-TEE based fTPM Trusted
Application depends on tee-supplicant NV RAM implementation based on
RPMB secure storage.

* tag 'optee-bus-for-v5.9' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  tpm_ftpm_tee: register driver on TEE bus
  optee: enable support for multi-stage bus enumeration
  optee: use uuid for sysfs driver entry

Link: https://lore.kernel.org/r/20200710085230.GA1312913@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
optee: enable support for multi-stage bus enumeration 2020-07-10T07:41:53+00:00 Maxim Uvarov maxim.uvarov@linaro.org 2020-06-18T13:52:50+00:00 5f178bb71e3aff2abab01b1ff6837c3a054b25e1 Some drivers (like ftpm) can operate only after tee-supplicant runs because of tee-supplicant provides things like storage services (rpmb, shm).  This patch splits probe of non tee-supplicant dependable drivers to the early stage, and after tee-supplicant run probe other drivers. Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> Suggested-by: Sumit Garg <sumit.garg@linaro.org> Suggested-by: Arnd Bergmann <arnd@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Some drivers (like ftpm) can operate only after tee-supplicant
runs because of tee-supplicant provides things like storage
services (rpmb, shm).  This patch splits probe of non tee-supplicant
dependable drivers to the early stage, and after tee-supplicant run
probe other drivers.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Suggested-by: Arnd Bergmann <arnd@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
optee: use uuid for sysfs driver entry 2020-07-10T07:41:48+00:00 Maxim Uvarov maxim.uvarov@linaro.org 2020-06-18T13:52:49+00:00 58df195cd47d9b06c7160253d35881c1de90aa9e With the evolving use-cases for TEE bus, now it's required to support multi-stage enumeration process. But using a simple index doesn't suffice this requirement and instead leads to duplicate sysfs entries. So instead switch to use more informative device UUID for sysfs entry like: /sys/bus/tee/devices/optee-ta-<uuid> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
With the evolving use-cases for TEE bus, now it's required to support
multi-stage enumeration process. But using a simple index doesn't
suffice this requirement and instead leads to duplicate sysfs entries.
So instead switch to use more informative device UUID for sysfs entry
like:
/sys/bus/tee/devices/optee-ta-<uuid>

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09T16:39:14+00:00 Michel Lespinasse walken@google.com 2020-06-09T04:33:25+00:00 d8ed45c5dcd455fc5848d47f86883a1b872ac0d0 This change converts the existing mmap_sem rwsem calls to use the new mmap locking API instead. The change is generated using coccinelle with the following rule: // spatch --sp-file mmap_lock_api.cocci --in-place --include-headers --dir . @@ expression mm; @@ ( -init_rwsem +mmap_init_lock | -down_write +mmap_write_lock | -down_write_killable +mmap_write_lock_killable | -down_write_trylock +mmap_write_trylock | -up_write +mmap_write_unlock | -downgrade_write +mmap_write_downgrade | -down_read +mmap_read_lock | -down_read_killable +mmap_read_lock_killable | -down_read_trylock +mmap_read_trylock | -up_read +mmap_read_unlock ) -(&mm->mmap_sem) +(mm) Signed-off-by: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com> Reviewed-by: Laurent Dufour <ldufour@linux.ibm.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Cc: Davidlohr Bueso <dbueso@suse.de> Cc: David Rientjes <rientjes@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Jerome Glisse <jglisse@redhat.com> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Liam Howlett <Liam.Howlett@oracle.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ying Han <yinghan@google.com> Link: http://lkml.kernel.org/r/20200520052908.204642-5-walken@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This change converts the existing mmap_sem rwsem calls to use the new mmap
locking API instead.

The change is generated using coccinelle with the following rule:

// spatch --sp-file mmap_lock_api.cocci --in-place --include-headers --dir .

@@
expression mm;
@@
(
-init_rwsem
+mmap_init_lock
|
-down_write
+mmap_write_lock
|
-down_write_killable
+mmap_write_lock_killable
|
-down_write_trylock
+mmap_write_trylock
|
-up_write
+mmap_write_unlock
|
-downgrade_write
+mmap_write_downgrade
|
-down_read
+mmap_read_lock
|
-down_read_killable
+mmap_read_lock_killable
|
-down_read_trylock
+mmap_read_trylock
|
-up_read
+mmap_read_unlock
)
-(&mm->mmap_sem)
+(mm)

Signed-off-by: Michel Lespinasse <walken@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Reviewed-by: Laurent Dufour <ldufour@linux.ibm.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: David Rientjes <rientjes@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Liam Howlett <Liam.Howlett@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ying Han <yinghan@google.com>
Link: http://lkml.kernel.org/r/20200520052908.204642-5-walken@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
tee: fix crypto select 2020-05-28T10:38:00+00:00 Arnd Bergmann arnd@arndb.de 2020-05-27T13:39:16+00:00 60b4000f54649546b4780ac61b67e5601382225d When selecting a crypto cipher, we also need to select the subsystem itself: WARNING: unmet direct dependencies detected for CRYPTO_SHA1 Depends on [m]: CRYPTO [=m] Selected by [y]: - TEE [=y] && (HAVE_ARM_SMCCC [=n] || COMPILE_TEST [=y] || CPU_SUP_AMD [=y]) Selected by [m]: - CRYPTO_DEV_QAT [=m] && CRYPTO [=m] && CRYPTO_HW [=y] - CRYPTO_DEV_MEDIATEK [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (ARM && ARCH_MEDIATEK || COMPILE_TEST [=y]) - CRYPTO_DEV_SAFEXCEL [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (OF [=y] || PCI [=y] || COMPILE_TEST [=y]) && HAS_IOMEM [=y] - CRYPTO_DEV_CCREE [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && OF [=y] && HAS_DMA [=y] - CRYPTO_DEV_SP_CCP [=y] && CRYPTO [=m] && CRYPTO_HW [=y] && CRYPTO_DEV_CCP [=y] && CRYPTO_DEV_CCP_DD [=m] && DMADEVICES [=y] Link: https://lore.kernel.org/r/20200527133924.724819-1-arnd@arndb.de Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
When selecting a crypto cipher, we also need to select the
subsystem itself:

WARNING: unmet direct dependencies detected for CRYPTO_SHA1
  Depends on [m]: CRYPTO [=m]
  Selected by [y]:
  - TEE [=y] && (HAVE_ARM_SMCCC [=n] || COMPILE_TEST [=y] || CPU_SUP_AMD [=y])
  Selected by [m]:
  - CRYPTO_DEV_QAT [=m] && CRYPTO [=m] && CRYPTO_HW [=y]
  - CRYPTO_DEV_MEDIATEK [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (ARM && ARCH_MEDIATEK || COMPILE_TEST [=y])
  - CRYPTO_DEV_SAFEXCEL [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (OF [=y] || PCI [=y] || COMPILE_TEST [=y]) && HAS_IOMEM [=y]
  - CRYPTO_DEV_CCREE [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && OF [=y] && HAS_DMA [=y]
  - CRYPTO_DEV_SP_CCP [=y] && CRYPTO [=m] && CRYPTO_HW [=y] && CRYPTO_DEV_CCP [=y] && CRYPTO_DEV_CCP_DD [=m] && DMADEVICES [=y]

Link: https://lore.kernel.org/r/20200527133924.724819-1-arnd@arndb.de
Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Merge tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers 2020-05-25T21:15:03+00:00 Arnd Bergmann arnd@arndb.de 2020-05-25T21:15:02+00:00 be4ad166b4e229ba7f129c5e3bd5ff0347652422 Adds utility function in TEE subsystem for client UUID generation. This function is also used in the optee driver. * tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee: tee: optee: Add support for session login client UUID generation tee: add support for session's client UUID generation Link: https://lore.kernel.org/r/20200512131243.GA10028@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
Adds utility function in TEE subsystem for client UUID generation. This
function is also used in the optee driver.

* tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: optee: Add support for session login client UUID generation
  tee: add support for session's client UUID generation

Link: https://lore.kernel.org/r/20200512131243.GA10028@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Merge tag 'tee-smatch-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers 2020-05-25T14:56:33+00:00 Arnd Bergmann arnd@arndb.de 2020-05-25T14:56:33+00:00 6d83d800b2456122299dcfce4a7da4b86d7cec8e tee: remove unnecessary NULL check in tee_shm_alloc() * tag 'tee-smatch-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee: tee: remove unnecessary NULL check in tee_shm_alloc() Link: https://lore.kernel.org/r/20200504181333.GA11018@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
tee: remove unnecessary NULL check in tee_shm_alloc()

* tag 'tee-smatch-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: remove unnecessary NULL check in tee_shm_alloc()

Link: https://lore.kernel.org/r/20200504181333.GA11018@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
tee: optee: Add support for session login client UUID generation 2020-05-11T12:11:33+00:00 Vesa Jääskeläinen vesa.jaaskelainen@vaisala.com 2020-04-30T12:37:10+00:00 c5b4312bea5d5e5e3d4f0af640e2ef8a1c1bb167 Adds support for client UUID generation for OP-TEE. For group based session logins membership is verified. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Adds support for client UUID generation for OP-TEE. For group based session
logins membership is verified.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: add support for session's client UUID generation 2020-05-11T12:11:26+00:00 Vesa Jääskeläinen vesa.jaaskelainen@vaisala.com 2020-04-30T12:37:09+00:00 e33bcbab16d1c0dd85d72bec275308369ad901f5 TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. UUIDv5 form is used encode variable amount of information needed for different login types. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> [jw: remove unused variable application_id] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
TEE Client API defines that from user space only information needed for
specified login operations is group identifier for group based logins.

REE kernel is expected to formulate trustworthy client UUID and pass that
to TEE environment. REE kernel is required to verify that provided group
identifier for group based logins matches calling processes group
memberships.

TEE specification only defines that the information passed from REE
environment to TEE environment is encoded into on UUID.

In order to guarantee trustworthiness of client UUID user space is not
allowed to freely pass client UUID.

UUIDv5 form is used encode variable amount of information needed for
different login types.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
[jw: remove unused variable application_id]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: add private login method for kernel clients 2020-04-20T14:18:14+00:00 Sumit Garg sumit.garg@linaro.org 2020-03-27T05:29:48+00:00 104edb94cc4b3101bab33161cd861de13e85610b There are use-cases where user-space shouldn't be allowed to communicate directly with a TEE device which is dedicated to provide a specific service for a kernel client. So add a private login method for kernel clients and disallow user-space to open-session using GP implementation defined login method range: (0x80000000 - 0xBFFFFFFF). Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
There are use-cases where user-space shouldn't be allowed to communicate
directly with a TEE device which is dedicated to provide a specific
service for a kernel client. So add a private login method for kernel
clients and disallow user-space to open-session using GP implementation
defined login method range: (0x80000000 - 0xBFFFFFFF).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>