lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Jun 2018 07:37:56 +0200
From:   Rouven Czerwinski <rouven@...rwinskis.de>
To:     Volodymyr Babchuk <volodymyr_babchuk@...m.com>
Cc:     Jens Wiklander <jens.wiklander@...aro.org>,
        linux-kernel@...r.kernel.org, tee-dev@...ts.linaro.org
Subject: Re: [Tee-dev] [PATCH] optee: allow to work without static shared memory


Volodymyr Babchuk <volodymyr_babchuk@...m.com> writes:

> From: Volodymyr Babchuk <vlad.babchuk@...il.com>
>
> On virtualized systems it is possible that OP-TEE will provide
> only dynamic shared memory support. So it is fine to boot
> without static SHM enabled if dymanic one is supported.
>
> Signed-off-by: Volodymyr Babchuk <vlad.babchuk@...il.com>
> ---
>  drivers/tee/optee/core.c | 83 ++++++++++++++++++++++++++++--------------------
>  1 file changed, 49 insertions(+), 34 deletions(-)
>
> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 4a2c420..d80da29 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -420,9 +420,35 @@ static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn,
>  	return true;
>  }
>  
> +static struct tee_shm_pool *optee_config_dyn_shm(void)
> +{
> +	struct tee_shm_pool_mgr *priv_mgr;
> +	struct tee_shm_pool_mgr *dmabuf_mgr;
> +	void *rc;
> +
> +	rc = optee_shm_pool_alloc_pages();
> +	if (IS_ERR(rc))
> +		return rc;
> +	priv_mgr = rc;
> +
> +	rc = optee_shm_pool_alloc_pages();
> +	if (IS_ERR(rc)) {
> +		tee_shm_pool_mgr_destroy(priv_mgr);
> +		return rc;
> +	}
> +	dmabuf_mgr = rc;
> +
> +	rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr);
> +	if (IS_ERR(rc)) {
> +		tee_shm_pool_mgr_destroy(priv_mgr);
> +		tee_shm_pool_mgr_destroy(dmabuf_mgr);
> +	}
> +
> +	return rc;
> +}
> +
>  static struct tee_shm_pool *
> -optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm,
> -			  u32 sec_caps)
> +optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm)
>  {
>  	union {
>  		struct arm_smccc_res smccc;
> @@ -437,10 +463,11 @@ optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm,
>  	struct tee_shm_pool_mgr *priv_mgr;
>  	struct tee_shm_pool_mgr *dmabuf_mgr;
>  	void *rc;
> +	const int sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE;
>  
>  	invoke_fn(OPTEE_SMC_GET_SHM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc);
>  	if (res.result.status != OPTEE_SMC_RETURN_OK) {
> -		pr_info("shm service not available\n");
> +		pr_err("static shm service not available\n");
>  		return ERR_PTR(-ENOENT);
>  	}
>  
> @@ -466,28 +493,15 @@ optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm,
>  	}
>  	vaddr = (unsigned long)va;
>  
> -	/*
> -	 * If OP-TEE can work with unregistered SHM, we will use own pool
> -	 * for private shm
> -	 */
> -	if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) {
> -		rc = optee_shm_pool_alloc_pages();
> -		if (IS_ERR(rc))
> -			goto err_memunmap;
> -		priv_mgr = rc;
> -	} else {
> -		const size_t sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE;
> -
> -		rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz,
> -						    3 /* 8 bytes aligned */);
> -		if (IS_ERR(rc))
> -			goto err_memunmap;
> -		priv_mgr = rc;
> -
> -		vaddr += sz;
> -		paddr += sz;
> -		size -= sz;
> -	}
> +	rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz,
> +					    3 /* 8 bytes aligned */);
> +	if (IS_ERR(rc))
> +		goto err_memunmap;
> +	priv_mgr = rc;
> +
> +	vaddr += sz;
> +	paddr += sz;
> +	size -= sz;
>  
>  	rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, size, PAGE_SHIFT);
>  	if (IS_ERR(rc))
> @@ -553,7 +567,7 @@ static optee_invoke_fn *get_invoke_func(struct device_node *np)
>  static struct optee *optee_probe(struct device_node *np)
>  {
>  	optee_invoke_fn *invoke_fn;
> -	struct tee_shm_pool *pool;
> +	struct tee_shm_pool *pool = ERR_PTR(-EINVAL);
>  	struct optee *optee = NULL;
>  	void *memremaped_shm = NULL;
>  	struct tee_device *teedev;
> @@ -582,13 +596,17 @@ static struct optee *optee_probe(struct device_node *np)
>  	}
>  
>  	/*
> -	 * We have no other option for shared memory, if secure world
> -	 * doesn't have any reserved memory we can use we can't continue.
> +	 * Try to use dynamic shared memory if possible
>  	 */
> -	if (!(sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM))
> -		return ERR_PTR(-EINVAL);
> +	if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
> +		pool = optee_config_dyn_shm();
> +
> +	/*
> +	 * If dynamic shared memory is not available or failed - try static one
> +	 */
> +	if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM))
> +		pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm);
>  
> -	pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm, sec_caps);
>  	if (IS_ERR(pool))
>  		return (void *)pool;
>  

-- BEGIN --
> @@ -632,9 +650,6 @@ static struct optee *optee_probe(struct device_node *np)
>  
>  	optee_enable_shm_cache(optee);
>  
> -	if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
> -		pr_info("dynamic shared memory is enabled\n");
> -
>  	pr_info("initialized driver\n");
>  	return optee;
>  err:
-- END --

This part does not apply against upstream.

Greetings

Rouven

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ