| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+ddPcPZJzJXro1ph7tT=Zdk6wyDyncmpPZvO0i0J2zCRauMsQ@mail.gmail.com>
Date: Wed, 15 Nov 2023 15:21:44 -0800
From: Jeffrey Kardatzke <jkardatzke@...gle.com>
To: Yong Wu <yong.wu@...iatek.com>
Cc: Rob Herring <robh+dt@...nel.org>,
Sumit Semwal <sumit.semwal@...aro.org>,
christian.koenig@....com,
Matthias Brugger <matthias.bgg@...il.com>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
Conor Dooley <conor+dt@...nel.org>,
Benjamin Gaignard <benjamin.gaignard@...labora.com>,
Brian Starkey <Brian.Starkey@....com>,
John Stultz <jstultz@...gle.com>, tjmercier@...gle.com,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-media@...r.kernel.org, dri-devel@...ts.freedesktop.org,
linaro-mm-sig@...ts.linaro.org,
linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org, jianjiao.zeng@...iatek.com,
kuohong.wang@...iatek.com,
Vijayanand Jitta <quic_vjitta@...cinc.com>,
Joakim Bech <joakim.bech@...aro.org>,
Nicolas Dufresne <nicolas@...fresne.ca>,
ckoenig.leichtzumerken@...il.com
Subject: Re: [PATCH v2 2/8] dma-buf: heaps: secure_heap: Add private heap ops
On Sat, Nov 11, 2023 at 3:16 AM Yong Wu <yong.wu@...iatek.com> wrote:
>
> For the secure memory, there are two steps:
> a) Allocate buffers in kernel side;
> b) Secure that buffer.
> Different heaps may have different buffer allocation methods and
> different memory protection methods. Here abstract the memory
> allocation and securing operations.
>
> Signed-off-by: Yong Wu <yong.wu@...iatek.com>
> ---
> drivers/dma-buf/heaps/secure_heap.c | 58 ++++++++++++++++++++++++++++-
> 1 file changed, 57 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c
> index a634051a0a67..87ac23072e9e 100644
> --- a/drivers/dma-buf/heaps/secure_heap.c
> +++ b/drivers/dma-buf/heaps/secure_heap.c
> @@ -24,15 +24,66 @@ struct secure_buffer {
> size_t size;
> };
>
> +struct secure_heap;
> +
> +struct secure_heap_prv_data {
> + int (*memory_alloc)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
> + void (*memory_free)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
> +
> + /* Protect/unprotect the memory */
> + int (*secure_the_memory)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
> + void (*unsecure_the_memory)(struct secure_heap *sec_heap, struct secure_buffer *sec_buf);
> +};
Move these into dma-heap-secure.h per the comments on the prior patch.
> +
> struct secure_heap {
> const char *name;
> const enum secure_memory_type mem_type;
> +
> + const struct secure_heap_prv_data *data;
> };
>
> +static int secure_heap_secure_memory_allocate(struct secure_heap *sec_heap,
> + struct secure_buffer *sec_buf)
> +{
> + const struct secure_heap_prv_data *data = sec_heap->data;
> + int ret;
> +
> + if (data->memory_alloc) {
> + ret = data->memory_alloc(sec_heap, sec_buf);
> + if (ret)
> + return ret;
> + }
You should probably always require that memory_alloc is defined
(secure_the_memory can be optional, as that may be part of the
allocation).
> +
> + if (data->secure_the_memory) {
> + ret = data->secure_the_memory(sec_heap, sec_buf);
> + if (ret)
> + goto sec_memory_free;
> + }
> + return 0;
> +
> +sec_memory_free:
> + if (data->memory_free)
> + data->memory_free(sec_heap, sec_buf);
You should probably always require that memory_free is defined.
> + return ret;
> +}
> +
> +static void secure_heap_secure_memory_free(struct secure_heap *sec_heap,
> + struct secure_buffer *sec_buf)
> +{
> + const struct secure_heap_prv_data *data = sec_heap->data;
> +
> + if (data->unsecure_the_memory)
> + data->unsecure_the_memory(sec_heap, sec_buf);
> +
> + if (data->memory_free)
> + data->memory_free(sec_heap, sec_buf);
You should probably always require that memory_free is defined.
> +}
> +
> static struct dma_buf *
> secure_heap_allocate(struct dma_heap *heap, unsigned long size,
> unsigned long fd_flags, unsigned long heap_flags)
> {
> + struct secure_heap *sec_heap = dma_heap_get_drvdata(heap);
> struct secure_buffer *sec_buf;
> DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
> struct dma_buf *dmabuf;
> @@ -45,6 +96,9 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size,
> sec_buf->size = ALIGN(size, PAGE_SIZE);
> sec_buf->heap = heap;
>
> + ret = secure_heap_secure_memory_allocate(sec_heap, sec_buf);
> + if (ret)
> + goto err_free_buf;
> exp_info.exp_name = dma_heap_get_name(heap);
> exp_info.size = sec_buf->size;
> exp_info.flags = fd_flags;
> @@ -53,11 +107,13 @@ secure_heap_allocate(struct dma_heap *heap, unsigned long size,
> dmabuf = dma_buf_export(&exp_info);
> if (IS_ERR(dmabuf)) {
> ret = PTR_ERR(dmabuf);
> - goto err_free_buf;
> + goto err_free_sec_mem;
> }
>
> return dmabuf;
>
> +err_free_sec_mem:
> + secure_heap_secure_memory_free(sec_heap, sec_buf);
> err_free_buf:
> kfree(sec_buf);
> return ERR_PTR(ret);
> --
> 2.25.1
>
Powered by blists - more mailing lists