From patchwork Fri Jan 12 09:20:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?WW9uZyBXdSAo5ZC05YuHKQ==?= X-Patchwork-Id: 762291 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E431C57303; Fri, 12 Jan 2024 09:20:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mediatek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mediatek.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="oxlB8I7B" X-UUID: dfbb2522b12b11ee9e680517dc993faa-20240112 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=plNlMh6L7Bhe6s5CZZaLhR2KjGh0ZZE3dRsgkTAADBM=; b=oxlB8I7BZ4OwAzUMrXvH9tPcFG+YgmS68xa6lPgBMy4gGn+YDwNYGsCayxTBWHd3LI896jUWPebQdD5ZVLindaIMeeOmyCk0sptSC4mSx8YQCxYhwaYjQjcg9LM3vLZJwRhKPDjGRwBB4bj1ZRiOEtTbSEjYeCw8rYq61vPyXYw=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35, REQID:f2780ca3-df25-4758-a0d0-0ff3171e98f2, IP:0, U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:5d391d7, CLOUDID:a3532e8e-e2c0-40b0-a8fe-7c7e47299109, B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR: NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_ULN,TF_CID_SPAM_SNR X-UUID: dfbb2522b12b11ee9e680517dc993faa-20240112 Received: from mtkmbs13n2.mediatek.inc [(172.21.101.108)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 700378187; Fri, 12 Jan 2024 17:20:49 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by MTKMBS14N1.mediatek.inc (172.21.101.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 12 Jan 2024 17:20:47 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Fri, 12 Jan 2024 17:20:45 +0800 From: Yong Wu To: Rob Herring , Matthias Brugger , , Sumit Semwal CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , Robin Murphy , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , "Pavel Machek" , Simon Ser , Pekka Paalanen , , , Subject: [PATCH v4 2/7] dma-buf: heaps: Initialize a restricted heap Date: Fri, 12 Jan 2024 17:20:09 +0800 Message-ID: <20240112092014.23999-3-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240112092014.23999-1-yong.wu@mediatek.com> References: <20240112092014.23999-1-yong.wu@mediatek.com> Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-Product-Ver: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-AS-Result: No-10-1.555600-8.000000 X-TMASE-MatchedRID: z8c0liBrbjrpHkfingCwBFz+axQLnAVB5Y0kb0hqatw1LB46LFAAkqSd 3wubgak2t+ki9vYAWeawblw6HaK6mqNu8YiLlIJQDYh1Uz6zv6MuLZ3AqIxH3Fc/Cedjlcvk4PS yLdjnTmsKAm/Z86jMQ1b1Mjm+bRZC+niVaMBfU7MC9PSiNyNg6fNYQxCOihTNZ5yuplze9psxK5 LonEEbrjxXJFV2fyjAccRjfACWEZm4c6uEFrThdkOZWaJBszmquoYFb0nRiqPYIRSS/nf+VaPFj JEFr+olwXCBO/GKkVr3FLeZXNZS4H0jHMQPhEvZ/eeo/eLXrNmgmLGCPVS10RF5GyxjDLjxdw0U TgINhQPKrXtDwo7Rzro8yJLdnKCjRRbc9yKXf38+Qp0hgi4Bk5/rxaJt3oPahJVRlkc0uv5GBXo eyrLHXVBo425nomviD2TeXwRpghw5Asr9kfiuVn7cGd19dSFd X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10-1.555600-8.000000 X-TMASE-Version: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-SNTS-SMTP: E0330AFC751236FF884905E6CC3C296B7EE5284951FED07A2D758633DA382B4B2000:8 X-MTK: N Initialize a restricted heap. Currently just add a null heap, Prepare for the later patches. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/Kconfig | 9 ++++ drivers/dma-buf/heaps/Makefile | 3 +- drivers/dma-buf/heaps/restricted_heap.c | 67 +++++++++++++++++++++++++ drivers/dma-buf/heaps/restricted_heap.h | 22 ++++++++ 4 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 drivers/dma-buf/heaps/restricted_heap.c create mode 100644 drivers/dma-buf/heaps/restricted_heap.h diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig index a5eef06c4226..e54506f480ea 100644 --- a/drivers/dma-buf/heaps/Kconfig +++ b/drivers/dma-buf/heaps/Kconfig @@ -12,3 +12,12 @@ config DMABUF_HEAPS_CMA Choose this option to enable dma-buf CMA heap. This heap is backed by the Contiguous Memory Allocator (CMA). If your system has these regions, you should say Y here. + +config DMABUF_HEAPS_RESTRICTED + bool "DMA-BUF Restricted Heap" + depends on DMABUF_HEAPS + help + Choose this option to enable dma-buf restricted heap. The purpose of this + heap is to manage buffers that are inaccessible to the kernel and user space. + There may be several ways to restrict it, for example it may be encrypted or + protected by a TEE or hypervisor. If in doubt, say N. diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile index 974467791032..a2437c1817e2 100644 --- a/drivers/dma-buf/heaps/Makefile +++ b/drivers/dma-buf/heaps/Makefile @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0 -obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o +obj-$(CONFIG_DMABUF_HEAPS_RESTRICTED) += restricted_heap.o +obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o diff --git a/drivers/dma-buf/heaps/restricted_heap.c b/drivers/dma-buf/heaps/restricted_heap.c new file mode 100644 index 000000000000..fd7c82abd42e --- /dev/null +++ b/drivers/dma-buf/heaps/restricted_heap.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * DMABUF restricted heap exporter + * + * Copyright (C) 2024 MediaTek Inc. + */ + +#include +#include +#include +#include + +#include "restricted_heap.h" + +static struct dma_buf * +restricted_heap_allocate(struct dma_heap *heap, unsigned long size, + unsigned long fd_flags, unsigned long heap_flags) +{ + struct restricted_buffer *restricted_buf; + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); + struct dma_buf *dmabuf; + int ret; + + restricted_buf = kzalloc(sizeof(*restricted_buf), GFP_KERNEL); + if (!restricted_buf) + return ERR_PTR(-ENOMEM); + + restricted_buf->size = ALIGN(size, PAGE_SIZE); + restricted_buf->heap = heap; + + exp_info.exp_name = dma_heap_get_name(heap); + exp_info.size = restricted_buf->size; + exp_info.flags = fd_flags; + exp_info.priv = restricted_buf; + + dmabuf = dma_buf_export(&exp_info); + if (IS_ERR(dmabuf)) { + ret = PTR_ERR(dmabuf); + goto err_free_buf; + } + + return dmabuf; + +err_free_buf: + kfree(restricted_buf); + return ERR_PTR(ret); +} + +static const struct dma_heap_ops restricted_heap_ops = { + .allocate = restricted_heap_allocate, +}; + +int restricted_heap_add(struct restricted_heap *rstrd_heap) +{ + struct dma_heap_export_info exp_info; + struct dma_heap *heap; + + exp_info.name = rstrd_heap->name; + exp_info.ops = &restricted_heap_ops; + exp_info.priv = (void *)rstrd_heap; + + heap = dma_heap_add(&exp_info); + if (IS_ERR(heap)) + return PTR_ERR(heap); + return 0; +} +EXPORT_SYMBOL_GPL(restricted_heap_add); diff --git a/drivers/dma-buf/heaps/restricted_heap.h b/drivers/dma-buf/heaps/restricted_heap.h new file mode 100644 index 000000000000..443028f6ba3b --- /dev/null +++ b/drivers/dma-buf/heaps/restricted_heap.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Restricted heap Header. + * + * Copyright (C) 2024 MediaTek, Inc. + */ + +#ifndef _DMABUF_RESTRICTED_HEAP_H_ +#define _DMABUF_RESTRICTED_HEAP_H_ + +struct restricted_buffer { + struct dma_heap *heap; + size_t size; +}; + +struct restricted_heap { + const char *name; +}; + +int restricted_heap_add(struct restricted_heap *rstrd_heap); + +#endif From patchwork Fri Jan 12 09:20:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?WW9uZyBXdSAo5ZC05YuHKQ==?= X-Patchwork-Id: 762290 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E935155C06; Fri, 12 Jan 2024 09:21:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mediatek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mediatek.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="K+Qb3h5j" X-UUID: ee89ce1eb12b11ee9e680517dc993faa-20240112 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=y+0mAD68siKHkA4YtgC2Wh8sXu2aPnlLjtzoxs7OLwk=; b=K+Qb3h5jK5ZR/4x6tTjPTZV2ehRN4QVagffRT45k75khzyN8wVA55TwlwnX56KJfpgmJmbLZ3oGfDkkdUmk2xJBHuaar1QmlozuNawGfVnfgpMj/mbDKwj3+x73GhX4r5VmG25eg+5oU6iaUGADmDWiQPF9k/awmj+6YK91601g=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35, REQID:e8339b2b-fce8-4de3-9517-4baa1bc1b789, IP:0, U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:5d391d7, CLOUDID:6c6a477f-4f93-4875-95e7-8c66ea833d57, B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: ee89ce1eb12b11ee9e680517dc993faa-20240112 Received: from mtkmbs14n2.mediatek.inc [(172.21.101.76)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 627212575; Fri, 12 Jan 2024 17:21:13 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs11n1.mediatek.inc (172.21.101.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 12 Jan 2024 17:21:12 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Fri, 12 Jan 2024 17:21:11 +0800 From: Yong Wu To: Rob Herring , Matthias Brugger , , Sumit Semwal CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , Robin Murphy , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Pavel Machek , Simon Ser , Pekka Paalanen , , , Subject: [PATCH v4 4/7] dma-buf: heaps: restricted_heap: Add dma_ops Date: Fri, 12 Jan 2024 17:20:11 +0800 Message-ID: <20240112092014.23999-5-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240112092014.23999-1-yong.wu@mediatek.com> References: <20240112092014.23999-1-yong.wu@mediatek.com> Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MTK: N Add the dma_ops for this restricted heap. For restricted buffer, cache_ops/mmap are not allowed, thus return EPERM for them. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/restricted_heap.c | 103 ++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/drivers/dma-buf/heaps/restricted_heap.c b/drivers/dma-buf/heaps/restricted_heap.c index 8c266a0f6192..ec4c63d2112d 100644 --- a/drivers/dma-buf/heaps/restricted_heap.c +++ b/drivers/dma-buf/heaps/restricted_heap.c @@ -12,6 +12,10 @@ #include "restricted_heap.h" +struct restricted_heap_attachment { + struct sg_table *table; +}; + static int restricted_heap_memory_allocate(struct restricted_heap *heap, struct restricted_buffer *buf) { @@ -45,6 +49,104 @@ restricted_heap_memory_free(struct restricted_heap *heap, struct restricted_buff ops->memory_free(heap, buf); } +static int restricted_heap_attach(struct dma_buf *dmabuf, struct dma_buf_attachment *attachment) +{ + struct restricted_buffer *restricted_buf = dmabuf->priv; + struct restricted_heap_attachment *a; + struct sg_table *table; + int ret; + + a = kzalloc(sizeof(*a), GFP_KERNEL); + if (!a) + return -ENOMEM; + + table = kzalloc(sizeof(*table), GFP_KERNEL); + if (!table) { + ret = -ENOMEM; + goto err_free_attach; + } + + ret = sg_alloc_table(table, 1, GFP_KERNEL); + if (ret) + goto err_free_sgt; + sg_set_page(table->sgl, NULL, restricted_buf->size, 0); + + a->table = table; + attachment->priv = a; + + return 0; + +err_free_sgt: + kfree(table); +err_free_attach: + kfree(a); + return ret; +} + +static void restricted_heap_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attachment) +{ + struct restricted_heap_attachment *a = attachment->priv; + + sg_free_table(a->table); + kfree(a->table); + kfree(a); +} + +static struct sg_table * +restricted_heap_map_dma_buf(struct dma_buf_attachment *attachment, enum dma_data_direction direct) +{ + struct restricted_heap_attachment *a = attachment->priv; + struct sg_table *table = a->table; + + return table; +} + +static void +restricted_heap_unmap_dma_buf(struct dma_buf_attachment *attachment, struct sg_table *table, + enum dma_data_direction direction) +{ + struct restricted_heap_attachment *a = attachment->priv; + + WARN_ON(a->table != table); +} + +static int +restricted_heap_dma_buf_begin_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) +{ + return -EPERM; +} + +static int +restricted_heap_dma_buf_end_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) +{ + return -EPERM; +} + +static int restricted_heap_dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) +{ + return -EPERM; +} + +static void restricted_heap_free(struct dma_buf *dmabuf) +{ + struct restricted_buffer *restricted_buf = dmabuf->priv; + struct restricted_heap *heap = dma_heap_get_drvdata(restricted_buf->heap); + + restricted_heap_memory_free(heap, restricted_buf); + kfree(restricted_buf); +} + +static const struct dma_buf_ops restricted_heap_buf_ops = { + .attach = restricted_heap_attach, + .detach = restricted_heap_detach, + .map_dma_buf = restricted_heap_map_dma_buf, + .unmap_dma_buf = restricted_heap_unmap_dma_buf, + .begin_cpu_access = restricted_heap_dma_buf_begin_cpu_access, + .end_cpu_access = restricted_heap_dma_buf_end_cpu_access, + .mmap = restricted_heap_dma_buf_mmap, + .release = restricted_heap_free, +}; + static struct dma_buf * restricted_heap_allocate(struct dma_heap *heap, unsigned long size, unsigned long fd_flags, unsigned long heap_flags) @@ -66,6 +168,7 @@ restricted_heap_allocate(struct dma_heap *heap, unsigned long size, if (ret) goto err_free_buf; exp_info.exp_name = dma_heap_get_name(heap); + exp_info.ops = &restricted_heap_buf_ops; exp_info.size = restricted_buf->size; exp_info.flags = fd_flags; exp_info.priv = restricted_buf; From patchwork Fri Jan 12 09:20:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?WW9uZyBXdSAo5ZC05YuHKQ==?= X-Patchwork-Id: 762289 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 773B15DF01; Fri, 12 Jan 2024 09:21:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mediatek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mediatek.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="aFRe8pWA" X-UUID: f94cf632b12b11eea2298b7352fd921d-20240112 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=1qcdQjBZ56QTpzafWL1QFw5tiD6+cbZEjg74O5FAPTo=; b=aFRe8pWAfypydnYqJkIZcT+ALa1vxjZ4v+ax9V7suFPn8MHWq7J0peszdkt35l7Qv4gPEa4SF9dO/bsOXUpfbw6P0znHiviEEJGQ/+sCie/5DWGWMvwer5ifGwaW5le2pSM1vuVEMvALLGJ7rIVLLG6UlXVrByzetN1INYpO9vU=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35, REQID:7889b8a9-b305-4718-bf0c-1b679a933ea5, IP:0, U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:5d391d7, CLOUDID:c7a6182f-1ab8-4133-9780-81938111c800, B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: f94cf632b12b11eea2298b7352fd921d-20240112 Received: from mtkmbs13n1.mediatek.inc [(172.21.101.193)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1870276530; Fri, 12 Jan 2024 17:21:31 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n2.mediatek.inc (172.21.101.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 12 Jan 2024 17:21:30 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Fri, 12 Jan 2024 17:21:29 +0800 From: Yong Wu To: Rob Herring , Matthias Brugger , , Sumit Semwal CC: Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , John Stultz , , AngeloGioacchino Del Regno , Yong Wu , , , , , , , , Robin Murphy , Vijayanand Jitta , Joakim Bech , Jeffrey Kardatzke , Pavel Machek , Simon Ser , Pekka Paalanen , , , Subject: [PATCH v4 6/7] dma-buf: heaps: restricted_heap_mtk: Add TEE memory service call Date: Fri, 12 Jan 2024 17:20:13 +0800 Message-ID: <20240112092014.23999-7-yong.wu@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240112092014.23999-1-yong.wu@mediatek.com> References: <20240112092014.23999-1-yong.wu@mediatek.com> Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MTK: N Add TEE service call for MediaTek heap. We have a limited number of hardware entries to protect memory, therefore we cannot protect memory arbitrarily, and our secure memory management is actually inside OPTEE. The kernel just tells the TEE what size I want and the TEE will return a "secure handle"/"secure address". To make the name more general, We call it "restricted_addr" here. The restricted_addr is a reference to a secure buffer within TEE. We put it in the sg_dma_address, please see the comment in code. Signed-off-by: Yong Wu --- drivers/dma-buf/heaps/restricted_heap.c | 17 ++++ drivers/dma-buf/heaps/restricted_heap.h | 3 + drivers/dma-buf/heaps/restricted_heap_mtk.c | 93 +++++++++++++++++++++ 3 files changed, 113 insertions(+) diff --git a/drivers/dma-buf/heaps/restricted_heap.c b/drivers/dma-buf/heaps/restricted_heap.c index 4e9869ab4a85..148dbf5662c2 100644 --- a/drivers/dma-buf/heaps/restricted_heap.c +++ b/drivers/dma-buf/heaps/restricted_heap.c @@ -96,8 +96,23 @@ static struct sg_table * restricted_heap_map_dma_buf(struct dma_buf_attachment *attachment, enum dma_data_direction direct) { struct restricted_heap_attachment *a = attachment->priv; + struct dma_buf *dmabuf = attachment->dmabuf; + struct restricted_buffer *restricted_buf = dmabuf->priv; struct sg_table *table = a->table; + /* + * Technically dma_address refers to the address used by HW, But for restricted buffer + * we don't know its dma_address in kernel, Instead, we may know its restricted address + * which refers to the real buffer in the trusted or secure world. Here use this property + * to save the restricted address, and the user will use it to obtain the real address in + * trusted or secure world. + * + * Note: CONFIG_DMA_API_DEBUG requires this to be aligned with PAGE_SIZE. + */ + if (restricted_buf->restricted_addr) { + sg_dma_address(table->sgl) = restricted_buf->restricted_addr; + sg_dma_len(table->sgl) = restricted_buf->size; + } return table; } @@ -108,6 +123,8 @@ restricted_heap_unmap_dma_buf(struct dma_buf_attachment *attachment, struct sg_t struct restricted_heap_attachment *a = attachment->priv; WARN_ON(a->table != table); + sg_dma_address(table->sgl) = 0; + sg_dma_len(table->sgl) = 0; } static int diff --git a/drivers/dma-buf/heaps/restricted_heap.h b/drivers/dma-buf/heaps/restricted_heap.h index cf5865f829fc..6c93f6d257dc 100644 --- a/drivers/dma-buf/heaps/restricted_heap.h +++ b/drivers/dma-buf/heaps/restricted_heap.h @@ -11,6 +11,9 @@ struct restricted_buffer { struct dma_heap *heap; size_t size; + + /* A reference to a buffer in the trusted or secure world. */ + u64 restricted_addr; }; struct restricted_heap { diff --git a/drivers/dma-buf/heaps/restricted_heap_mtk.c b/drivers/dma-buf/heaps/restricted_heap_mtk.c index a5f5365059cd..902add95bb7e 100644 --- a/drivers/dma-buf/heaps/restricted_heap_mtk.c +++ b/drivers/dma-buf/heaps/restricted_heap_mtk.c @@ -25,6 +25,27 @@ enum mtk_secure_mem_type { MTK_SECURE_MEMORY_TYPE_CM_TZ = 1, }; +enum mtk_secure_buffer_tee_cmd { + /* + * Allocate the zeroed secure memory from TEE. + * + * [in] value[0].a: The buffer size. + * value[0].b: alignment. + * [in] value[1].a: enum mtk_secure_mem_type. + * [out] value[3].a: The secure handle. + */ + MTK_TZCMD_SECMEM_ZALLOC = 0x10000, /* MTK TEE Command ID Base */ + + /* + * Free secure memory. + * + * [in] value[0].a: The secure handle of this buffer, It's value[3].a of + * MTK_TZCMD_SECMEM_ZALLOC. + * [out] value[1].a: return value, 0 means successful, otherwise fail. + */ + MTK_TZCMD_SECMEM_FREE = 0x10001, +}; + struct mtk_restricted_heap_data { struct tee_context *tee_ctx; u32 tee_session; @@ -74,6 +95,74 @@ static int mtk_tee_session_init(struct mtk_restricted_heap_data *data) return ret; } +static int mtk_tee_service_call(struct tee_context *tee_ctx, u32 session, + unsigned int command, struct tee_param *params) +{ + struct tee_ioctl_invoke_arg arg = {0}; + int ret; + + arg.num_params = TEE_PARAM_NUM; + arg.session = session; + arg.func = command; + + ret = tee_client_invoke_func(tee_ctx, &arg, params); + if (ret < 0 || arg.ret) { + pr_err("%s: cmd %d ret %d:%x.\n", __func__, command, ret, arg.ret); + ret = -EOPNOTSUPP; + } + return ret; +} + +static int mtk_tee_restrict_memory(struct restricted_heap *heap, struct restricted_buffer *buf) +{ + struct mtk_restricted_heap_data *data = heap->priv_data; + struct tee_param params[TEE_PARAM_NUM] = {0}; + int ret; + + params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[0].u.value.a = buf->size; + params[0].u.value.b = PAGE_SIZE; + params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[1].u.value.a = data->mem_type; + params[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[3].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + ret = mtk_tee_service_call(data->tee_ctx, data->tee_session, + MTK_TZCMD_SECMEM_ZALLOC, params); + if (ret) + return -ENOMEM; + + buf->restricted_addr = params[3].u.value.a; + return 0; +} + +static void mtk_tee_unrestrict_memory(struct restricted_heap *heap, struct restricted_buffer *buf) +{ + struct mtk_restricted_heap_data *data = heap->priv_data; + struct tee_param params[TEE_PARAM_NUM] = {0}; + + params[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + params[0].u.value.a = buf->restricted_addr; + params[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + mtk_tee_service_call(data->tee_ctx, data->tee_session, + MTK_TZCMD_SECMEM_FREE, params); + if (params[1].u.value.a) + pr_err("%s, Unrestrict buffer(0x%llx) fail(%lld) from TEE.\n", + heap->name, buf->restricted_addr, params[1].u.value.a); +} + +static int +mtk_restricted_memory_allocate(struct restricted_heap *heap, struct restricted_buffer *buf) +{ + /* The memory allocating is within the TEE. */ + return 0; +} + +static void +mtk_restricted_memory_free(struct restricted_heap *heap, struct restricted_buffer *buf) +{ +} + static int mtk_restricted_heap_init(struct restricted_heap *heap) { struct mtk_restricted_heap_data *data = heap->priv_data; @@ -85,6 +174,10 @@ static int mtk_restricted_heap_init(struct restricted_heap *heap) static const struct restricted_heap_ops mtk_restricted_heap_ops = { .heap_init = mtk_restricted_heap_init, + .memory_alloc = mtk_restricted_memory_allocate, + .memory_free = mtk_restricted_memory_free, + .memory_restrict = mtk_tee_restrict_memory, + .memory_unrestrict = mtk_tee_unrestrict_memory, }; static struct mtk_restricted_heap_data mtk_restricted_heap_data = {