Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp3891419pxb; Mon, 21 Feb 2022 07:46:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJzTYLJifAw/eP7VZqcYRY+07aipwMt6i4aTYquLpn5OD+WWFHTtOjT2FES9PxgQcDMTl8Ln X-Received: by 2002:a17:90b:1498:b0:1b9:bcb4:420 with SMTP id js24-20020a17090b149800b001b9bcb40420mr26160675pjb.37.1645458411512; Mon, 21 Feb 2022 07:46:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645458411; cv=none; d=google.com; s=arc-20160816; b=yEx/STD1ciPUWsNqQcuhHRubBLzZiIZm2dm9xQNWdTAPTmJ2PCPJ5R+iytyV/UoP/G XJkbO/jtCtVzBkYmQYdq7eu9M51GnVFIwNtIBtNgAW9jthIzliYfelyR/uxFJoXg9UfX 3oH1fn3pQAsaz2GZvOY4FjZ3bv2+Rjgspej1v/BJKW2kI8xK7QKmCnSgGm4qiu1fXxYl 14xzZAb2Vmjbcy+nJaddlxsqR6AyRdz9IoB3A2fRZzqQRD8qUJMKTmrutAqima+umgRz /WEjdqfpJMY1e35avIw7gaPoWM1WT7rgtyrQiGFI0sXgwIi5E7rNvrjZsPgiAPr3YVZy k5Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dLbsSqscM1iyHI0sRyGFqD6m8dCiQoCir08TTo7JCp0=; b=WkNDXmJzPWAPf0HIIaYmwGVVETMo+9vnOWKMBgYARz5sgLFkw0mwLceNhKzJbSe95j 3tq86GVCB2G8yRPmov/i/BMw3dGmoTwC2lNCfonveLb+zflhkijDLnK9l0hzVnYNf6Gi TPujt5+e4qCgOr+nVUjyjUx9NzlPEXXIu9IOJe6AHQQAB4Ig7q4od8YlbWJc8OifN7b+ toLdL/CDMAUAjucpL2D6Zt7R1g40G7CYvy9v7mukfXQbTdLGSqKYNHZbopPHwN/Xiw4R RPaD10To9LcarGuh4qpzLnqBMnjxuQiqPG0ignJrDIOJbTBlY+WshPHCKxSbV3LPIVho ClPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Z2mXaRs+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x7si28060055plr.389.2022.02.21.07.46.36; Mon, 21 Feb 2022 07:46:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Z2mXaRs+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348197AbiBUJO0 (ORCPT + 99 others); Mon, 21 Feb 2022 04:14:26 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346895AbiBUJJA (ORCPT ); Mon, 21 Feb 2022 04:09:00 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E0A0CFE; Mon, 21 Feb 2022 01:01:16 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 09ACB6112F; Mon, 21 Feb 2022 09:01:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF513C340E9; Mon, 21 Feb 2022 09:01:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1645434075; bh=2ATN3pHXGcHrav09gcHh0MdlxX2xOGZaav9X7QYVcY0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z2mXaRs+Jpm3ZtpSUvqIFCAPEQTGvnMAQmqca2F4zkQPxgwrBsGoEJOTIqb50TD3/ Jt6VTYyhHXDX0Cxh1gH2COpw98STbPwIRkOadtcTaiuQ0E0IJt3opr3D050yfoG6MX rOAfKGS/PON45lQuoeTn4xycVPBo8fPhvVjgw3gw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars Persson , Sumit Garg , Jens Wiklander Subject: [PATCH 5.4 53/80] optee: use driver internal tee_context for some rpc Date: Mon, 21 Feb 2022 09:49:33 +0100 Message-Id: <20220221084917.314405180@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221084915.554151737@linuxfoundation.org> References: <20220221084915.554151737@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Wiklander commit aceeafefff736057e8f93f19bbfbef26abd94604 upstream. Adds a driver private tee_context by moving the tee_context in struct optee_notif to struct optee. This tee_context was previously used when doing internal calls to secure world to deliver notification. The new driver internal tee_context is now also when allocating driver private shared memory. This decouples the shared memory object from its original tee_context. This is needed when the life time of such a memory allocation outlives the client tee_context. This patch fixes the problem described below: The addition of a shutdown hook by commit f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") introduced a kernel shutdown regression that can be triggered after running the OP-TEE xtest suites. Once the shutdown hook is called it is not possible to communicate any more with the supplicant process because the system is not scheduling task any longer. Thus if the optee driver shutdown path receives a supplicant RPC request from the OP-TEE we will deadlock the kernel's shutdown. Fixes: f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") Fixes: 217e0250cccb ("tee: use reference counting for tee_context") Reported-by: Lars Persson Cc: stable@vger.kernel.org Reviewed-by: Sumit Garg Signed-off-by: Jens Wiklander [JW: backport to 5.4-stable] Signed-off-by: Jens Wiklander Signed-off-by: Greg Kroah-Hartman --- drivers/tee/optee/core.c | 8 ++++++++ drivers/tee/optee/optee_private.h | 2 ++ drivers/tee/optee/rpc.c | 8 +++++--- 3 files changed, 15 insertions(+), 3 deletions(-) --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -552,6 +552,7 @@ static struct optee *optee_probe(struct struct optee *optee = NULL; void *memremaped_shm = NULL; struct tee_device *teedev; + struct tee_context *ctx; u32 sec_caps; int rc; @@ -631,6 +632,12 @@ static struct optee *optee_probe(struct optee_supp_init(&optee->supp); optee->memremaped_shm = memremaped_shm; optee->pool = pool; + ctx = teedev_open(optee->teedev); + if (IS_ERR(ctx)) { + rc = rc = PTR_ERR(ctx); + goto err; + } + optee->ctx = ctx; /* * Ensure that there are no pre-existing shm objects before enabling @@ -667,6 +674,7 @@ err: static void optee_remove(struct optee *optee) { + teedev_close_context(optee->ctx); /* * Ask OP-TEE to free all cached shared memory objects to decrease * reference counters and also avoid wild pointers in secure world --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -69,6 +69,7 @@ struct optee_supp { * struct optee - main service struct * @supp_teedev: supplicant device * @teedev: client device + * @ctx: driver internal TEE context * @invoke_fn: function to issue smc or hvc * @call_queue: queue of threads waiting to call @invoke_fn * @wait_queue: queue of threads from secure world waiting for a @@ -83,6 +84,7 @@ struct optee { struct tee_device *supp_teedev; struct tee_device *teedev; optee_invoke_fn *invoke_fn; + struct tee_context *ctx; struct optee_call_queue call_queue; struct optee_wait_queue wait_queue; struct optee_supp supp; --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -191,6 +191,7 @@ static struct tee_shm *cmd_alloc_suppl(s } static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx, + struct optee *optee, struct optee_msg_arg *arg, struct optee_call_ctx *call_ctx) { @@ -220,7 +221,8 @@ static void handle_rpc_func_cmd_shm_allo shm = cmd_alloc_suppl(ctx, sz); break; case OPTEE_MSG_RPC_SHM_TYPE_KERNEL: - shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED | TEE_SHM_PRIV); + shm = tee_shm_alloc(optee->ctx, sz, + TEE_SHM_MAPPED | TEE_SHM_PRIV); break; default: arg->ret = TEEC_ERROR_BAD_PARAMETERS; @@ -377,7 +379,7 @@ static void handle_rpc_func_cmd(struct t break; case OPTEE_MSG_RPC_CMD_SHM_ALLOC: free_pages_list(call_ctx); - handle_rpc_func_cmd_shm_alloc(ctx, arg, call_ctx); + handle_rpc_func_cmd_shm_alloc(ctx, optee, arg, call_ctx); break; case OPTEE_MSG_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); @@ -405,7 +407,7 @@ void optee_handle_rpc(struct tee_context switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) { case OPTEE_SMC_RPC_FUNC_ALLOC: - shm = tee_shm_alloc(ctx, param->a1, + shm = tee_shm_alloc(optee->ctx, param->a1, TEE_SHM_MAPPED | TEE_SHM_PRIV); if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) { reg_pair_from_64(¶m->a1, ¶m->a2, pa);