This commit simplifies sending errors back to OP-TEE and avoids
code duplication when handling errno values.
Signed-off-by: Theodore Karatapanis <tkaratapanis@census-labs.com>
This commit expands RPC support for the OP-TEE driver using 2 files:
1) drivers/misc/optee_rpc.c
* Add support for RPCs that can be handled directly by the kernel.
* Can delegate RPC handling to optee_supplicant.c for RPCs that
need userspace interaction.
2) drivers/misc/optee_supplicant.c
* Enable communication between the userspace TEE supplicant and the
kernel driver.
Additional changes were needed to the following files:
1) drivers/misc/optee.c
* Add ioctls used SOLELY by the userspace TEE supplicant.
* Register /dev/teepriv0 if the supplicant is enabled in Kconfig
* Add OPTEE_ROLE_CA and OPTEE_ROLE_SUPPLICANT conditionals to
differentiate paths, between a normal Client Application (CA)
and the TEE supplicant.
* Change some functions from static to "public" to reuse them
in other C files.
* Adjust optee_to/from_msg_param() to work with RPCs.
2) drivers/misc/optee_smc.c
* Call the RPC handler from optee_rpc.c
3) drivers/misc/optee_msg.h
* Add definition needed for RPCs
4) drivers/misc/tee.h
* Add ioctl definitions
* Add TEE_SHM_SUPP flag, checked when unregistering supplicant
memory.
5) Documentation/guides/optee.rs
* Add documentation for RPCs and the supplicant.
6) drivers/misc/{CMakeLists.txt, Make.defs}
* Account for the new files.
7) drivers/misc/Kconfig
* Add DEV_OPTEE_SUPPLICANT option to enable/disable the supplicant
driver.
Signed-off-by: Theodore Karatapanis <tkaratapanis@census-labs.com>
The previous approach with memfd has 3 problems:
1) The close operation on the memfd isn't tied with optee_shm_close,
therefore close(fd) doesn't free the optee_shm struct allocated
by the kernel.
2) The kernel unnecessarily maps the file descriptor to its memory,
however only userspace should need to do that.
3) Since the kernel doesn't need to map the file descriptor we
don't need to unmap it.
To use anonymous mapping, the prototype of map_anonymous() was
moved from fs/mmap/fs_anonmap.h to include/nuttx/fs/fs.h. Since
fs_anonmap.h didn't contain any other information it is deleted.
A type from fs/mmap/fs_rammap.h was moved to the public :
include/nuttx/fs/fs.h as well.
Signed-off-by: Theodore Karatapanis <tkaratapanis@census-labs.com>
The VA -> PA translation must be performed once, at allocation time,
while the caller's virtual address space is known. If a second process
later tries to translate the same VA from a different mapping, the
calculated physical address can be wrong.
Signed-off-by: Theodore Karatapanis <tkaratapanis@census-labs.com>
When the MMU is disabled (CONFIG_ARCH_USE_MMU=n) the
data passed back and forth with the TEE needs to be
synced from/to the cache, otherwise we get random data
in either world.
Fix this by cleaning before a call and invalidating after.
This has to be done both on the optee msg arg, and the shm
buffers therein. Cleaning and invalidating the page list
used to describe non-contiguous shm buffers did not seem
mandatory in my tests, but common sense says that it should
be, so we do that too.
This fix does not apply to the optee msg arg of the socket
transport (optee_socket.c), as that one _should_ be handled
by the socket send/recv methods. It does apply to all shm
buffers though, regardless of transport.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
This patch is a rework of the NuttX file descriptor implementation. The
goal is two-fold:
1. Improve POSIX compliance. The old implementation tied file description
to inode only, not the file struct. POSIX however dictates otherwise.
2. Fix a bug with descriptor duplication (dup2() and dup3()). There is
an existing race condition with this POSIX API that currently results
in a kernel side crash.
The crash occurs when a partially open / closed file descriptor is
duplicated. The reason for the crash is that even if the descriptor is
closed, the file might still be in use by the kernel (due to e.g. ongoing
write to file). The open file data is changed by file_dup3() and this
causes a crash in the device / drivers themselves as they lose access to
the inode and private data.
The fix is done by separating struct file into file and file descriptor
structs. The file struct can live on even if the descriptor is closed,
fixing the crash. This also fixes the POSIX issue, as two descriptors
can now point to the same file.
Signed-off-by: Ville Juven <ville.juven@unikie.com>
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
So far the NuttX implementation of OP-TEE has been using
registered memory references to pass non-registered memory
to OP-TEE OS, passing the physical address of the memory
in what is normally used as a 'cookie'. This was compatible
with the Openvela framework, but no other OP-TEE OS.
Fix this by passing temporary memory instead with the standard
non-contiguous (OPTEE_MSG_ATTR_NONCONTIG) flag.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
This is mostly to handle the case that the user calls
close() before calling close() on the shm. In that case
optee_close() frees the shm and then optee_shm_close()
operates on an invalid reference. Fix that.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
This is no longer (exactly) the linked list entry that it
used to be, but rather an associated pointer in an idr tree
entry. Plain 'optee_shm' is more concise, and more appropriate.
Changes also reg_pair_to_uintptr() to reg_pair_to_ptr() for
better readability in invocations.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Previous implementation was not compatible with GlobalPlatform
API in the following ways:
- Registered mem IDs would begin from negatives when it should
have been greater than or equal to 0
- Register IOCTL would return 0 on success, when it should have
been returning a file descriptor.
- Register IOCTL would expect the user-space client to specify
TEE_SHM_* flags dictating its behaviour when in fact, libteec
never specifies flags.
This commit fixes all those issues. It uses nuttx/idr.h instead
of a linked list, and it uses `file_allocate` to provide file
descriptors for registered shared memory. Upon close(fd), the
memory is de-registered and freed accordingly. It also updates
the documentation accordingly.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Some calls to `optee_is_valid_range()` would return
-EINVAL and some would return -EACCESS. Change all to
-EFAULT (Bad Address) which is more appropriate.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Adds support for SHM_REGISTER IOCTL. Registration can
be requested both against the driver (for automatic cleanup)
and against the secure OS (for sharing).
Introduces also `optee_{msg,free}_alloc()` to allocate
aligned memory for message arguments depending on the
`alignment` specified in the driver's private data. For
alignment greater than word size, memory is allocated on the
heap, otherwise it's allocated on the stack (similar to the
previous implementation but using `alloca()` instead).
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Besides a few checks for NULL IOCTL argument values, this
commits introduces also a check to ensure that user specified
memory (mainly IOCTL arguments) indeed belongs to the user.
This is applicable only with `CONFIG_ARCH_ADDRENV`.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Prepares the ground for introducing new transports to
the OP-TEE driver. "transports" as in alternatives to
RPMsg and local network.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
This patch fixed userspace headers conflict. Architecture-related definition and API should not be exposed to users.
Signed-off-by: ouyangxiangzhen <ouyangxiangzhen@xiaomi.com>
The driver's main purpose is to support the porting of the open source
component optee_client (https://github.com/OP-TEE/optee_client) to nttux.
The basic function of the driver module is to convert the REE application layer data and send it to the TEE through rpmsg.
The main functions include
1 driver registration.
we need to register a device driver(/dev/tee0) through optee_register function.
2 open the driver
3 ioctl the driver
The ioctl command passes different parameters and commands, and interacts with the TEE through rpmsg.
4 close the driver
Signed-off-by: hujun5 <hujun5@xiaomi.com>
