| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
address K4.14 trusty driver build fixes
Bug 200422831
Change-Id: I96d41f3eab3a95979a387df009adc503ec0f49c2
Signed-off-by: Stephen Wolfe <swolfe@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1787793
Reviewed-by: Mahesh Lagadapati <mlagadapati@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under certain conditions it is possible that an instance of
tipc_dn_chan structure will be freed in context of tipc_release
call while still be referenced and in use by corresponding
instance of tipc_chan struct. In order to fix that, we will need
to make sure that corresponding tipc_chan struct is not in use
before freeing tipc_dn_chan struct. This CL introduces and
implements a new callback in tipc_chan_ops struct, called
handle_release, that when specified will be called while an
instance of tipc_chan object is getting destroyed. This is
only possible when the last reference to tipc_chan struct
goes away so it is not in use anymore.
Change-Id: I93849aab08e09374a9f8ca9fa00351839519027d
Signed-off-by: Michael Ryleev <gmar@google.com>
Reviewed-on: https://git-master.nvidia.com/r/1679989
Tested-by: Stephen Wolfe <swolfe@nvidia.com>
Reviewed-by: Mihir Joshi <mihirj@nvidia.com>
Reviewed-by: Mahesh Lagadapati <mlagadapati@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After trusty panics, whenever control reaches trusty will
immediately context switch back to NS world. This triggers a trusty
irq in the linux kernel, which eventually causes control to return back
to trusty. This causes an endless loop of context switching back and
forth between non-secure and secure world, and generates log spew.
This commit fixes this issue by disabling trusty irq's once trusty
crashes. The crash is detected in the trusty driver, who signals the
trusty-irq driver to disable interrupts via a notifier chain.
Bug 1883981
Change-Id: Ib7d8f921537f6aa423bd1372d8073bfa73b81fa4
Signed-off-by: Stephen Wolfe <swolfe@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1591010
(cherry picked from commit 55756bf62e988fe028791d95bc54b5345863c098)
Reviewed-on: https://git-master.nvidia.com/r/1600497
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Mihir Joshi <mihirj@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return value of hyp_ipa_translate, if it is not 0,
report error and return.
Bug 200044390
Change-Id: Ic28a18164e162d5a399b4227f42f04cc97cedbce
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Reviewed-on: http://git-master/r/1241638
(cherry picked from commit 4e06cd93edec2d67c62d6fc9408e2690afbfc9fd)
Reviewed-on: https://git-master.nvidia.com/r/1488435
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svccoveritychecker <svccoveritychecker@nvidia.com>
GVS: Gerrit_Virtual_Submit
Tested-by: Stephen Wolfe <swolfe@nvidia.com>
Reviewed-by: Timo Alho <talho@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*** This change is needed for multi-guest trusty use-case only ***
Trusty (TOS) splits the incoming requests into kernel and user threads.
These threads are blocked on events, run when their event is released.
Trusty also has an idle thread whose priority is lower than all other
threads in the OS. It runs when there is no other active thread to run
and it takes the cpu back to the NS world (idle return).
In multi-guest configuration, TOS can receive requests from multiple
guests concurrently. While some requests are exclusive rest others
access shared system resources such as SE engine keyslots and so on.
Infact, trusted applications can also be considered to be shared
resources as they are single threaded and only one instance of
each TA runs on the system.
Threads waiting on shared resources or service from a server, go
to sleep if the wait is not released immediately. In such cases,
the incoming guest returns back to the kernel, while its requests
are still waiting in TOS.This guest kernel would need some
kind of a callback or an asynchronous event or rudimentary polling to
inform its requests are completed. The cpu running in trusty runs all
the waiting threads before it returns back to its guest.
This fix checks the VQ for any new buffers at every second. So
at the end of each interval, there is a guarantee that the kernel
looks at its Rx queues and notifies the clients waiting on their
channels for any new messages.
JIRA: SEC-412
TESTS: Ran 10,000 iterations of sample_client1 calling crypto, secure
storage, secure RTC and nvcrypto APIs concurrently on both guest
VMs in a linux-linux configuration. Tests complete successfully.
Change-Id: I7e336c79cac0ebb36a81921553243c09c98a6568
Signed-off-by: Amith Nuggehalli <aramachan@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1550450
Reviewed-by: svccoveritychecker <svccoveritychecker@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Mihir Joshi <mihirj@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This smc is called by the hypervisor before
hypervisor guest reset.
VFND-1273
Bug 200145347
Change-Id: I9f599943768038c50e87e5f2b299d06099ee8a36
Signed-off-by: Steven Kao <skao@nvidia.com>
Reviewed-on: http://git-master/r/1114457
(cherry picked from commit c8e2d669e69541da8bfa6ad795839f30874e2fbc)
Reviewed-on: http://git-master/r/1219491
(cherry picked from commit c334664e2208dee4c1e4480da76e5f2f23f202f3)
Reviewed-on: https://git-master.nvidia.com/r/1538684
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
GVS: Gerrit_Virtual_Submit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When connecting to Trusty via TIPC, linux kernel wants to know
if the connection failure is caused by port_not_found issues
such as the requested TA is not available.
Bug 1896070
Jira APTS-731
Change-Id: I7fe9b895b79ba5fa82b15d2bfd90b1297fd7d017
Signed-off-by: Tao Ye <tye@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1523288
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-by: svccoveritychecker <svccoveritychecker@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Mitch Luban <mluban@nvidia.com>
Tested-by: Mrutyunjay Sawant <msawant@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In virtualization use case, if a guest's VIRQ is pending at,
the hypervisor, the control returns back control immediately to the guest
without transitioning to TOS so that the guest's IRQ is handled
in time. In such a case, re-try the NOP smc with the same arguments
as the previous call as the SMC wouldn't have reached TOS yet.
JIRA: SEC-366
Change-Id: Iff0f4fd6aab1369848736a1a7f2fa75afd3616b9
Signed-off-by: Amith Nuggehalli <aramachan@nvidia.com>
(cherry picked from commit 585fea50e14410d312c9966f5520af305c56e989)
Reviewed-on: https://git-master.nvidia.com/r/1533177
GVS: Gerrit_Virtual_Submit
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If hypervisor exit, trusty won't know the real PA
from a guest. So call HVC get the real PA first.
Bug 200044390
Change-Id: Ibca05b8465e254f4bb173e1ea1e820fb3846f922
Reviewed-on: http://git-master/r/1198267
Signed-off-by: Haley Teng <hteng@nvidia.com>
(cherry picked from commit cf08ac832fcb22b000a8bbc08cb48bdf53928069)
Reviewed-on: http://git-master/r/1323007
GVS: Gerrit_Virtual_Submit
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CONFIG_TRUSTY could be selected as a module while should
still work for trusty driver.
Prior to this patch, there're compile errors when selecting
CONFIG_TRUSTY=m:
drivers/trusty/trusty.c:93:5: error: redefinition of 'trusty_fast_call32'
drivers/trusty/trusty.c:109:5: error: redefinition of 'trusty_fast_call64'
So this patch just changes the "#ifdef" to "#if IS_ENABLED".
Bug 200305192
Change-Id: I867af8ce112be6eaf86c6bde311e248b1f601884
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-on: http://git-master/r/1475902
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update trusty driver(s) to inclue trusty DT node based
run time checks for presence of trusty device. All APIs
exported to clients are updated to include this check.
If trusty DT node is absent or in disabled state, these
interfaces return an error.
Bug 200173095
Change-Id: Ib8853c9c4b25efa3a69c3cd83e4eb6c77be42d9a
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: http://git-master/r/1225984
(cherry picked from commit 585cb6718254db2e75b949efbf8ac76903c6ee86)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change provides APIs for kernel drivers to communicate with OTE
TAs.
Bug 200195643
Jira APTS-128
Change-Id: Idb7638d42a24ee22218858e4a93572234fe1522b
Signed-off-by: Mahesh Lagadapati <mlagadapati@nvidia.com>
Reviewed-on: http://git-master/r/1165207
(cherry picked from commit 6b2e1a14262f401d596b1c115f5d47223d024f7d)
|
| |
|
|
|
|
|
|
|
|
|
| |
Version 3 of Trusty API adds support for new command
(SMC_NC_VDEV_KICK_VQ) that can be used to notify virtqueue
that new item is available. This command is a parameterized
NOP, it has to be queued using trusty_enqueue_nop API and as
such can be executed concurrently on multiple CPUs.
Change-Id: Ic979e628e780fe8b0c9de5058c897c0944006615
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parameterized NOPs are introduced by Trusty secure side to
facilitate better SMP concurrency. They are effectively NOP
calls with parameters that will be routed to appropriate
handlers on secure side which can be executed concurrently
on multiple CPUs. Parameterized NOPs are represented by
trusty_nop structure that has to be initialized by calling
trusty_nop_init call. This patch creates queue for such items,
adds per CPU work queue to invoke them and adds API to enqueue
and dequeue them.
Change-Id: I4c450c3d6cc18b246dfd0ca4526ef8703c1c2d64
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add an unlocked nop call to allow multiple cpus to enter trusty.
Other standard calls are still serialized to avoid return codes
getting mixed up.
A new return code is used to indicate that the standard call is
running on another cpu.
Change-Id: Iccc0785138fbc3eb9daebf22fd79d6c1f9b23f6a
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
| |
Change-Id: Iab318f0efd7ca0217bd64a30918f040938af5b76
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
| |
Select api version in probe, and store it in trusty_state.
This enables new return codes from trusty, and will later be used
to enable a nop stdcall that does not take smc_lock.
Change-Id: Ib0c41b8b14e0638851d5236f83677c25507a2db6
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Trusty IPC driver provides message passing interface
between non-secure side (Linux) and secure side running
Trusty. It is handling a set of trusty IPC virtio devices
instantiated and configured by trusty-virtio driver based
on device description retrieved from secure side.
Change-Id: I81288aa458675996cbc93e73baf3c41d735d5429
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Trusty virtio driver is responsible for management an
interaction with virtio devices exposed by Trusty.
During initialization, this driver makes an smc
call to retrieve Trusty virtio device descriptor from
secure side, parses it then instantiates and configures
the specified set of virtio devices.
Change-Id: I20a23518d5c19bedd9282f7f1d4b16957ba75408
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
trusty_encode_page_info - encodes page physical address, memory
type and other attributes into architecture specific structure
that can be parsed by secure side.
trusty_call32_mem_buf - can be used by drivers to make
specified smc call with physicaly contigues memory buffer as
an argument. Memory buffer info in retrieved by trusty_encode_page_info
and along with buffer size is encoded into series of 32-bit
smc call parameters.
Change-Id: Iae155c0eff0bb6269be1abbe53ee42f27a1c23f5
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
This driver is the consumer side of a ringbuffer of log data
that the secure operating system dumps prints into. Trusty
printfs will be dumped into the kernel log after smc calls
and during panics.
Change-Id: Ib4fc8b9077da5e2c628607bc6cd04dc8760dead5
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
| |
Change-Id: Icd7c410ea805d4f7b5318b922f269cff8a56d53e
Signed-off-by: Michael Ryleev <gmar@google.com>
|
| |
|
|
|
|
|
| |
Print trusty version to kernel log on startup, and export it in sysfs.
Change-Id: Ibb503a9385a223b590b882578fdd6332fc750a8d
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
| |
Called with local interrupts disabled.
Change-Id: I6feb9cee349f78f8d228294f238b0b420a6d4beb
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
|
|
includes: Add arm64 support
includes: Add trusty_fast_call64 api on 64 bit systems.
includes: move probe to subsys_initcall
Child devices of trusty like FIQ-based debuggers and watchdogs may
want to probe early, move trusty from module init to subsys init
to allow it and its children to probe earlier.
includes: Retry std_calls on SM_ERR_BUSY
If the trusty spinlock is held, or if the strex fails for another
reason, trusty returns SM_ERR_BUSY. Add retry code to handle this.
Without this retry code, std_calls can fail. If the previous smc
call had returned SM_ERR_INTERRUPTED, this failure would cause
the driver to get out of sync with trusty. All later calls would
then fail with SM_ERR_INTERLEAVED_SMC.
Change-Id: I35318be3d41f84b922397e9afdca6bf47d9645db
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
