From patchwork Mon Jun 10 12:08:31 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sumit Garg <sumit.garg@linaro.org>
X-Patchwork-Id: 166312
Delivered-To: patches@linaro.org
Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp949400ilk;
 Mon, 10 Jun 2019 05:09:01 -0700 (PDT)
X-Received: by 2002:a17:90a:30aa:: with SMTP id
 h39mr738826pjb.32.1560168541738; 
 Mon, 10 Jun 2019 05:09:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560168541; cv=none;
 d=google.com; s=arc-20160816;
 b=TrKnIEmUVKipCqN9TQ1BH0L2GSCYzzRQi3K0byw7boOsMjXbh4KsnSTxNRzsTM9Ria
 0nzRM5w69Wh6FLG8cTkVaWLglZ81hS/QuiQ0EmBMjtOldS4cOheNK4mWCke9arspnrgh
 K1O/S0QfHyX0XHKp5X7ojtju4UfXpOhXmvvvBZVV8sL8qUTlRipPHbEKCRYxOXsGA7q7
 4QMtlgupdrl1WSauSowmq9iRLWiQSju+lRHvO158TW/rMIqg7J+6Z21ZnvEkDvmzMD1s
 P52muXdkvvpn/gJ/I0l04Q+9so5kU9T6nLaqNj2jGRWRX/lNmtFvv7fbdnz5nK9y1LA5
 djRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=AyoVUzrL3687ErRfsEjq7Ree76XWkq6JDxKuVSzn4fI=;
 b=SoP/s7+SCauxz8ZX9F5z9KcsaXC2EgaY/9gzQcjazqujwLOHFfP7IVeistzey78UjS
 44RJaZOEplY54/ap13TJr0m+ANy6VcwT9Q3JnmQR5+a4gAMuRLqBibhFtKwQltJwlT+h
 f1MzIrWC3D85YGOqOnbh592Xqz1QSRTF2SQAL8itShkWiRctk/HcS1//YQ6OkakpFPWq
 2nu/OJy8egWszBD06+vhJ+QTz6MqqQAVmWSJHYRoMlBG2WnSJ8WhFHxYnoyBRR44naZ6
 KIbRQmaXcqiRCXGj6CtuUZVHQlJaaxpA3PRzi2mbitwMQBjhI3IWsLtE35f/jRcxSNZb
 q+lA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=YOf0NrRh;
 spf=pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=sumit.garg@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <sumit.garg@linaro.org>
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com.
 [209.85.220.65])
 by mx.google.com with SMTPS id h9sor8725731pgg.27.2019.06.10.05.09.01
 for <patches@linaro.org> (Google Transport Security);
 Mon, 10 Jun 2019 05:09:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender) client-ip=209.85.220.65; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=YOf0NrRh;
 spf=pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=sumit.garg@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=AyoVUzrL3687ErRfsEjq7Ree76XWkq6JDxKuVSzn4fI=;
 b=YOf0NrRhRBKxD6fUGjur+opaTNsUeVIEUfUjXAQqDiefbFnjC0GjtEBhsBtAxbMD28
 DMrwFaZnu9w9uNqZSCEXi7OdkAXC23nMYKuwrP8TwX50Ei11nRIJ//sNypyICJqbnlR/
 SmxPuxE9rgEMGaGUOVbqElebTRtomra8AsdK61jj5WFQDtOQrBxX1TF07xyy9FgMc0aL
 qcuQfUd5t/84cmoQr9wBn9yDA9j+gBSWN4mJPytRTD5tBB/JOF/ThjzunlOM3+43hL4q
 SDmiV7/Aw76TlyjBtTbbfp0ZuE+/r/kOSW2YsNMeYQBcEeztlh7Qmuq23Xe5h8G+s+Le
 yaHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=AyoVUzrL3687ErRfsEjq7Ree76XWkq6JDxKuVSzn4fI=;
 b=KqVlTqKgDQDaQsifP2XO9VNE6WwCc7D/RSt2UaKlXHrCtzYZFW72VDxmY+U2xII3By
 +hFjZU29NT1mOMpixxAexd+ubmGf/w2OYJXrCXehdO/A55XiqXGSnINN4KlsjUAbEwNX
 3/mEOmZrQfOFLG4rftuz1SgbzliNJJeIGdjOSMO6aYemNMlTaB3SiEsJVHFUH1tKPjMS
 Zxv+qBA83osmhY5uJH6GSvRQNJ2OTF8utqMDiZqsGxWNfj3dz25Lpr6dm0h9pH8NIxUy
 Smw3YQQNpuOoEVo5DE1Q+dS/sweYB/DU2jN/IJjyGiMgUlCOQfo9M3Yj3weY7GxtLsqh
 7lOA==
X-Gm-Message-State: APjAAAWdUe7gTp+gWaDJCzW3fuEn4ls+uTEfs2SbFjfX0sf4kfP/ZXGb
 61cW/mFKLmlHwwInHldxBBchTIqH
X-Google-Smtp-Source: APXvYqzRPRgBuQ+zuieBDCMWjiIKcXQje4rPxCOTQwBOr90B2rcMOIvunhlzNZFpR99eoezhRop5SQ==
X-Received: by 2002:a63:3148:: with SMTP id x69mr837488pgx.226.1560168541255; 
 Mon, 10 Jun 2019 05:09:01 -0700 (PDT)
Return-Path: <sumit.garg@linaro.org>
Received: from localhost.localdomain ([117.196.234.139])
 by smtp.gmail.com with ESMTPSA id
 f7sm2452961pfd.43.2019.06.10.05.08.59
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 10 Jun 2019 05:09:00 -0700 (PDT)
From: Sumit Garg <sumit.garg@linaro.org>
To: daniel.thompson@linaro.org
Cc: patches@linaro.org,
	Sumit Garg <sumit.garg@linaro.org>
Subject: [PATCH 3/7] tee: add private login method for kernel clients
Date: Mon, 10 Jun 2019 17:38:31 +0530
Message-Id: <1560168515-32714-4-git-send-email-sumit.garg@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1560168515-32714-1-git-send-email-sumit.garg@linaro.org>
References: <1560168515-32714-1-git-send-email-sumit.garg@linaro.org>

There are use-cases where user-space shouldn't be allowed to communicate
directly with a TEE device which is dedicated to provide a specific
service for a kernel client. So add a private login method for kernel
clients and disallow user-space to open-session using this login method.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
 drivers/tee/tee_core.c   | 6 ++++++
 include/uapi/linux/tee.h | 2 ++
 2 files changed, 8 insertions(+)

-- 
2.7.4

diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 37716ef..a9b7ee0 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -379,6 +379,12 @@ static int tee_ioctl_open_session(struct tee_context *ctx,
 			goto out;
 	}
 
+	if (arg.clnt_login == TEE_IOCTL_LOGIN_REE_KERNEL) {
+		pr_err("login method not allowed for user-space client\n");
+		rc = -EPERM;
+		goto out;
+	}
+
 	rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
 	if (rc)
 		goto out;
diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
index 08fb98f5f..cdcb606 100644
--- a/include/uapi/linux/tee.h
+++ b/include/uapi/linux/tee.h
@@ -201,6 +201,8 @@ struct tee_ioctl_buf_data {
 #define TEE_IOCTL_LOGIN_APPLICATION		4
 #define TEE_IOCTL_LOGIN_USER_APPLICATION	5
 #define TEE_IOCTL_LOGIN_GROUP_APPLICATION	6
+/* Private login method for REE kernel clients */
+#define TEE_IOCTL_LOGIN_REE_KERNEL		0x80000000
 
 /**
  * struct tee_ioctl_param - parameter