| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250912101752.GA1453408@rayden>
Date: Fri, 12 Sep 2025 12:17:52 +0200
From: Jens Wiklander <jens.wiklander@...aro.org>
To: arm@...nel.org, soc@...nel.org
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
op-tee@...ts.trustedfirmware.org,
Sumit Semwal <sumit.semwal@...aro.org>
Subject: [GIT PULL] TEE protected DMA-bufs for v6.18
Hello arm-soc maintainers,
Please pull this set of patches enabling protected DMA-bufs in the TEE
subsystem. There's a brief desciption in the tag below. All patches but
"dma-buf: dma-heap: export declared functions" are withing the TEE
subsystem. The dma-heap maintainer, Sumit Semwal, has acked the dma-heap
patch to be merged via my tree.
I believe I've addressed all comments from the reviews including providing
a demo as described in [1].
[1] https://lore.kernel.org/op-tee/20250911135007.1275833-1-jens.wiklander@linaro.org/
Thanks,
Jens
The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/tee-prot-dma-buf-for-v6.18
for you to fetch changes up to dbc2868b7b57fb4caa8e44a69e882dcf8e8d59bf:
optee: smc abi: dynamic protected memory allocation (2025-09-11 11:22:43 +0200)
----------------------------------------------------------------
TEE protected DMA-bufs for v6.18
- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE
subsystem.
- The DMA-heap uses a protected memory pool provided by the backend TEE
driver, allowing it to choose how to allocate the protected physical
memory.
- Three use-cases (Secure Video Playback, Trusted UI, and Secure Video
Recording) have been identified so far to serve as examples of what
can be expected.
- The use-cases have predefined DMA-heap names,
"protected,secure-video", "protected,trusted-ui", and
"protected,secure-video-record". The backend driver registers protected
memory pools for the use-cases it supports.
----------------------------------------------------------------
Etienne Carriere (1):
tee: new ioctl to a register tee_shm from a dmabuf file descriptor
Jens Wiklander (8):
optee: sync secure world ABI headers
dma-buf: dma-heap: export declared functions
tee: implement protected DMA-heap
tee: refactor params_from_user()
tee: add tee_shm_alloc_dma_mem()
optee: support protected memory allocation
optee: FF-A: dynamic protected memory allocation
optee: smc abi: dynamic protected memory allocation
drivers/dma-buf/dma-heap.c | 4 +
drivers/tee/Kconfig | 5 +
drivers/tee/Makefile | 1 +
drivers/tee/optee/Kconfig | 5 +
drivers/tee/optee/Makefile | 1 +
drivers/tee/optee/core.c | 7 +
drivers/tee/optee/ffa_abi.c | 146 ++++++++++-
drivers/tee/optee/optee_ffa.h | 27 +-
drivers/tee/optee/optee_msg.h | 84 ++++++-
drivers/tee/optee/optee_private.h | 15 +-
drivers/tee/optee/optee_smc.h | 37 ++-
drivers/tee/optee/protmem.c | 335 +++++++++++++++++++++++++
drivers/tee/optee/smc_abi.c | 141 ++++++++++-
drivers/tee/tee_core.c | 158 +++++++++---
drivers/tee/tee_heap.c | 500 ++++++++++++++++++++++++++++++++++++++
drivers/tee/tee_private.h | 14 ++
drivers/tee/tee_shm.c | 157 +++++++++++-
include/linux/tee_core.h | 59 +++++
include/linux/tee_drv.h | 10 +
include/uapi/linux/tee.h | 31 +++
20 files changed, 1670 insertions(+), 67 deletions(-)
create mode 100644 drivers/tee/optee/protmem.c
create mode 100644 drivers/tee/tee_heap.c
Powered by blists - more mailing lists