[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230822125555.GA82256@rayden>
Date: Tue, 22 Aug 2023 14:55:55 +0200
From: Jens Wiklander <jens.wiklander@...aro.org>
To: Sumit Garg <sumit.garg@...aro.org>
Cc: linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
jarkko@...nel.org, jejb@...ux.ibm.com, zohar@...ux.ibm.com,
sudeep.holla@....com, achin.gupta@....com,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KEYS: trusted: tee: Refactor register SHM usage
On Tue, Aug 22, 2023 at 04:59:33PM +0530, Sumit Garg wrote:
> The OP-TEE driver using the old SMC based ABI permits overlapping shared
> buffers, but with the new FF-A based ABI each physical page may only
> be registered once.
>
> As the key and blob buffer are allocated adjancently, there is no need
> for redundant register shared memory invocation. Also, it is incompatibile
> with FF-A based ABI limitation. So refactor register shared memory
> implementation to use only single invocation to register both key and blob
> buffers.
>
> Fixes: 4615e5a34b95 ("optee: add FF-A support")
> Reported-by: Jens Wiklander <jens.wiklander@...aro.org>
> Signed-off-by: Sumit Garg <sumit.garg@...aro.org>
> ---
> security/keys/trusted-keys/trusted_tee.c | 64 ++++++++----------------
> 1 file changed, 20 insertions(+), 44 deletions(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c
> index ac3e270ade69..aa3d477de6db 100644
> --- a/security/keys/trusted-keys/trusted_tee.c
> +++ b/security/keys/trusted-keys/trusted_tee.c
> @@ -65,24 +65,16 @@ static int trusted_tee_seal(struct trusted_key_payload *p, char *datablob)
> int ret;
> struct tee_ioctl_invoke_arg inv_arg;
> struct tee_param param[4];
> - struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL;
> + struct tee_shm *reg_shm = NULL;
>
> memset(&inv_arg, 0, sizeof(inv_arg));
> memset(¶m, 0, sizeof(param));
>
> - reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
> - p->key_len);
> - if (IS_ERR(reg_shm_in)) {
> - dev_err(pvt_data.dev, "key shm register failed\n");
> - return PTR_ERR(reg_shm_in);
> - }
> -
> - reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
> - sizeof(p->blob));
> - if (IS_ERR(reg_shm_out)) {
> - dev_err(pvt_data.dev, "blob shm register failed\n");
> - ret = PTR_ERR(reg_shm_out);
> - goto out;
> + reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
> + sizeof(p->key) + sizeof(p->blob));
This is somewhat fragile. What if struct trusted_key_payload has a small
unexpected change in layout?
Thanks,
Jens
> + if (IS_ERR(reg_shm)) {
> + dev_err(pvt_data.dev, "shm register failed\n");
> + return PTR_ERR(reg_shm);
> }
>
> inv_arg.func = TA_CMD_SEAL;
> @@ -90,13 +82,13 @@ static int trusted_tee_seal(struct trusted_key_payload *p, char *datablob)
> inv_arg.num_params = 4;
>
> param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
> - param[0].u.memref.shm = reg_shm_in;
> + param[0].u.memref.shm = reg_shm;
> param[0].u.memref.size = p->key_len;
> param[0].u.memref.shm_offs = 0;
> param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
> - param[1].u.memref.shm = reg_shm_out;
> + param[1].u.memref.shm = reg_shm;
> param[1].u.memref.size = sizeof(p->blob);
> - param[1].u.memref.shm_offs = 0;
> + param[1].u.memref.shm_offs = sizeof(p->key);
>
> ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param);
> if ((ret < 0) || (inv_arg.ret != 0)) {
> @@ -107,11 +99,7 @@ static int trusted_tee_seal(struct trusted_key_payload *p, char *datablob)
> p->blob_len = param[1].u.memref.size;
> }
>
> -out:
> - if (reg_shm_out)
> - tee_shm_free(reg_shm_out);
> - if (reg_shm_in)
> - tee_shm_free(reg_shm_in);
> + tee_shm_free(reg_shm);
>
> return ret;
> }
> @@ -124,24 +112,16 @@ static int trusted_tee_unseal(struct trusted_key_payload *p, char *datablob)
> int ret;
> struct tee_ioctl_invoke_arg inv_arg;
> struct tee_param param[4];
> - struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL;
> + struct tee_shm *reg_shm = NULL;
>
> memset(&inv_arg, 0, sizeof(inv_arg));
> memset(¶m, 0, sizeof(param));
>
> - reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
> - p->blob_len);
> - if (IS_ERR(reg_shm_in)) {
> - dev_err(pvt_data.dev, "blob shm register failed\n");
> - return PTR_ERR(reg_shm_in);
> - }
> -
> - reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
> - sizeof(p->key));
> - if (IS_ERR(reg_shm_out)) {
> - dev_err(pvt_data.dev, "key shm register failed\n");
> - ret = PTR_ERR(reg_shm_out);
> - goto out;
> + reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
> + sizeof(p->key) + sizeof(p->blob));
> + if (IS_ERR(reg_shm)) {
> + dev_err(pvt_data.dev, "shm register failed\n");
> + return PTR_ERR(reg_shm);
> }
>
> inv_arg.func = TA_CMD_UNSEAL;
> @@ -149,11 +129,11 @@ static int trusted_tee_unseal(struct trusted_key_payload *p, char *datablob)
> inv_arg.num_params = 4;
>
> param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
> - param[0].u.memref.shm = reg_shm_in;
> + param[0].u.memref.shm = reg_shm;
> param[0].u.memref.size = p->blob_len;
> - param[0].u.memref.shm_offs = 0;
> + param[0].u.memref.shm_offs = sizeof(p->key);
> param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
> - param[1].u.memref.shm = reg_shm_out;
> + param[1].u.memref.shm = reg_shm;
> param[1].u.memref.size = sizeof(p->key);
> param[1].u.memref.shm_offs = 0;
>
> @@ -166,11 +146,7 @@ static int trusted_tee_unseal(struct trusted_key_payload *p, char *datablob)
> p->key_len = param[1].u.memref.size;
> }
>
> -out:
> - if (reg_shm_out)
> - tee_shm_free(reg_shm_out);
> - if (reg_shm_in)
> - tee_shm_free(reg_shm_in);
> + tee_shm_free(reg_shm);
>
> return ret;
> }
> --
> 2.34.1
>
Powered by blists - more mailing lists