From e9c6d11022d2ac66fbaf30cd07318ca9ddc9d326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Mon, 18 Nov 2013 20:46:48 -0800 Subject: trusty: Add trusty driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit includes: Add arm64 support includes: Add trusty_fast_call64 api on 64 bit systems. includes: move probe to subsys_initcall Child devices of trusty like FIQ-based debuggers and watchdogs may want to probe early, move trusty from module init to subsys init to allow it and its children to probe earlier. includes: Retry std_calls on SM_ERR_BUSY If the trusty spinlock is held, or if the strex fails for another reason, trusty returns SM_ERR_BUSY. Add retry code to handle this. Without this retry code, std_calls can fail. If the previous smc call had returned SM_ERR_INTERRUPTED, this failure would cause the driver to get out of sync with trusty. All later calls would then fail with SM_ERR_INTERLEAVED_SMC. Change-Id: I35318be3d41f84b922397e9afdca6bf47d9645db Signed-off-by: Arve Hjønnevåg --- include/linux/trusty/sm_err.h | 39 ++++++++++++++++++++++ include/linux/trusty/smcall.h | 75 +++++++++++++++++++++++++++++++++++++++++++ include/linux/trusty/trusty.h | 46 ++++++++++++++++++++++++++ 3 files changed, 160 insertions(+) create mode 100644 include/linux/trusty/sm_err.h create mode 100644 include/linux/trusty/smcall.h create mode 100644 include/linux/trusty/trusty.h (limited to 'include/linux') diff --git a/include/linux/trusty/sm_err.h b/include/linux/trusty/sm_err.h new file mode 100644 index 000000000..4ee67589c --- /dev/null +++ b/include/linux/trusty/sm_err.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2013 Google Inc. All rights reserved + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef __LINUX_TRUSTY_SM_ERR_H +#define __LINUX_TRUSTY_SM_ERR_H + +/* Errors from the secure monitor */ +#define SM_ERR_UNDEFINED_SMC 0xFFFFFFFF /* Unknown SMC (defined by ARM DEN 0028A(0.9.0) */ +#define SM_ERR_INVALID_PARAMETERS -2 +#define SM_ERR_INTERRUPTED -3 /* Got interrupted. Call back with restart SMC */ +#define SM_ERR_UNEXPECTED_RESTART -4 /* Got an restart SMC when we didn't expect it */ +#define SM_ERR_BUSY -5 /* Temporarily busy. Call back with original args */ +#define SM_ERR_INTERLEAVED_SMC -6 /* Got a trusted_service SMC when a restart SMC is required */ +#define SM_ERR_INTERNAL_FAILURE -7 /* Unknown error */ +#define SM_ERR_NOT_SUPPORTED -8 +#define SM_ERR_NOT_ALLOWED -9 /* SMC call not allowed */ +#define SM_ERR_END_OF_INPUT -10 +#define SM_ERR_PANIC -11 /* Secure OS crashed */ + +#endif diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h new file mode 100644 index 000000000..278a4b256 --- /dev/null +++ b/include/linux/trusty/smcall.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2013-2014 Google Inc. All rights reserved + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef __LINUX_TRUSTY_SMCALL_H +#define __LINUX_TRUSTY_SMCALL_H + +#define SMC_NUM_ENTITIES 64 +#define SMC_NUM_ARGS 4 +#define SMC_NUM_PARAMS (SMC_NUM_ARGS - 1) + +#define SMC_IS_FASTCALL(smc_nr) ((smc_nr) & 0x80000000) +#define SMC_IS_SMC64(smc_nr) ((smc_nr) & 0x40000000) +#define SMC_ENTITY(smc_nr) (((smc_nr) & 0x3F000000) >> 24) +#define SMC_FUNCTION(smc_nr) ((smc_nr) & 0x0000FFFF) + +#define SMC_NR(entity, fn, fastcall, smc64) ((((fastcall) & 0x1) << 31) | \ + (((smc64) & 0x1) << 30) | \ + (((entity) & 0x3F) << 24) | \ + ((fn) & 0xFFFF) \ + ) + +#define SMC_FASTCALL_NR(entity, fn) SMC_NR((entity), (fn), 1, 0) +#define SMC_STDCALL_NR(entity, fn) SMC_NR((entity), (fn), 0, 0) +#define SMC_FASTCALL64_NR(entity, fn) SMC_NR((entity), (fn), 1, 1) +#define SMC_STDCALL64_NR(entity, fn) SMC_NR((entity), (fn), 0, 1) + +#define SMC_ENTITY_ARCH 0 /* ARM Architecture calls */ +#define SMC_ENTITY_CPU 1 /* CPU Service calls */ +#define SMC_ENTITY_SIP 2 /* SIP Service calls */ +#define SMC_ENTITY_OEM 3 /* OEM Service calls */ +#define SMC_ENTITY_STD 4 /* Standard Service calls */ +#define SMC_ENTITY_RESERVED 5 /* Reserved for future use */ +#define SMC_ENTITY_TRUSTED_APP 48 /* Trusted Application calls */ +#define SMC_ENTITY_TRUSTED_OS 50 /* Trusted OS calls */ +#define SMC_ENTITY_SECURE_MONITOR 60 /* Trusted OS calls internal to secure monitor */ + +/* FC = Fast call, SC = Standard call */ +#define SMC_SC_RESTART_LAST SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 0) +#define SMC_SC_NOP SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) + +/* + * Return from secure os to non-secure os with return value in r1 + */ +#define SMC_SC_NS_RETURN SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 0) + +#define SMC_FC_RESERVED SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 0) +#define SMC_FC_FIQ_EXIT SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) +#define SMC_FC_REQUEST_FIQ SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 2) +#define SMC_FC_GET_NEXT_IRQ SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 3) + +#define SMC_FC_CPU_SUSPEND SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 7) +#define SMC_FC_CPU_RESUME SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 8) + +#define SMC_FC_AARCH_SWITCH SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 9) + +#endif /* __LINUX_TRUSTY_SMCALL_H */ diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h new file mode 100644 index 000000000..30d4300ba --- /dev/null +++ b/include/linux/trusty/trusty.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2013 Google, Inc. + * + * This software is licensed under the terms of the GNU General Public + * License version 2, as published by the Free Software Foundation, and + * may be copied, distributed, and modified under those terms. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#ifndef __LINUX_TRUSTY_TRUSTY_H +#define __LINUX_TRUSTY_TRUSTY_H + +#include +#include + +#ifdef CONFIG_TRUSTY +s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); +s32 trusty_fast_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); +#ifdef CONFIG_64BIT +s64 trusty_fast_call64(struct device *dev, u64 smcnr, u64 a0, u64 a1, u64 a2); +#endif +#else +static inline s32 trusty_std_call32(struct device *dev, u32 smcnr, + u32 a0, u32 a1, u32 a2) +{ + return SM_ERR_UNDEFINED_SMC; +} +static inline s32 trusty_fast_call32(struct device *dev, u32 smcnr, + u32 a0, u32 a1, u32 a2) +{ + return SM_ERR_UNDEFINED_SMC; +} +#ifdef CONFIG_64BIT +static inline s64 trusty_fast_call64(struct device *dev, + u64 smcnr, u64 a0, u64 a1, u64 a2) +{ + return SM_ERR_UNDEFINED_SMC; +} +#endif +#endif + +#endif -- cgit v1.2.2 From dde4d4cf917e3ebec415a728c4d3a422c4c630b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Thu, 5 May 2016 15:43:44 -0700 Subject: trusty: Add notifier before and after every smc call. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Called with local interrupts disabled. Change-Id: I6feb9cee349f78f8d228294f238b0b420a6d4beb Signed-off-by: Arve Hjønnevåg --- include/linux/trusty/trusty.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 30d4300ba..ce00c1d46 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -43,4 +43,14 @@ static inline s64 trusty_fast_call64(struct device *dev, #endif #endif +struct notifier_block; +enum { + TRUSTY_CALL_PREPARE, + TRUSTY_CALL_RETURNED, +}; +int trusty_call_notifier_register(struct device *dev, + struct notifier_block *n); +int trusty_call_notifier_unregister(struct device *dev, + struct notifier_block *n); + #endif -- cgit v1.2.2 From 30a030a9aff56a16e6bf4fee0ec31af7472955dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Thu, 9 Oct 2014 21:24:17 -0700 Subject: trusty: Get version string from trusty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Print trusty version to kernel log on startup, and export it in sysfs. Change-Id: Ibb503a9385a223b590b882578fdd6332fc750a8d Signed-off-by: Arve Hjønnevåg --- include/linux/trusty/smcall.h | 1 + include/linux/trusty/trusty.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 278a4b256..4344683f6 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -71,5 +71,6 @@ #define SMC_FC_CPU_RESUME SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 8) #define SMC_FC_AARCH_SWITCH SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 9) +#define SMC_FC_GET_VERSION_STR SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 10) #endif /* __LINUX_TRUSTY_SMCALL_H */ diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index ce00c1d46..abb77f1db 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -52,5 +52,5 @@ int trusty_call_notifier_register(struct device *dev, struct notifier_block *n); int trusty_call_notifier_unregister(struct device *dev, struct notifier_block *n); - +const char *trusty_version_str_get(struct device *dev); #endif -- cgit v1.2.2 From 37089fcfec540f5ebe01f70f3048e850bae9d7df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Mon, 14 Apr 2014 17:18:40 -0700 Subject: trusty: arm64 fiq support Change-Id: Icd7c410ea805d4f7b5318b922f269cff8a56d53e Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 4344683f6..e8704974d 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -66,6 +66,10 @@ #define SMC_FC_FIQ_EXIT SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) #define SMC_FC_REQUEST_FIQ SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 2) #define SMC_FC_GET_NEXT_IRQ SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 3) +#define SMC_FC_FIQ_ENTER SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 4) + +#define SMC_FC64_SET_FIQ_HANDLER SMC_FASTCALL64_NR(SMC_ENTITY_SECURE_MONITOR, 5) +#define SMC_FC64_GET_FIQ_REGS SMC_FASTCALL64_NR (SMC_ENTITY_SECURE_MONITOR, 6) #define SMC_FC_CPU_SUSPEND SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 7) #define SMC_FC_CPU_RESUME SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 8) -- cgit v1.2.2 From 751a57f1e20223d403ec77ab33e797d486e7d256 Mon Sep 17 00:00:00 2001 From: Riley Andrews Date: Thu, 5 May 2016 14:42:41 -0700 Subject: trusty: Add trusty logging driver. This driver is the consumer side of a ringbuffer of log data that the secure operating system dumps prints into. Trusty printfs will be dumped into the kernel log after smc calls and during panics. Change-Id: Ib4fc8b9077da5e2c628607bc6cd04dc8760dead5 Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index e8704974d..aaad5cee6 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -51,6 +51,7 @@ #define SMC_ENTITY_RESERVED 5 /* Reserved for future use */ #define SMC_ENTITY_TRUSTED_APP 48 /* Trusted Application calls */ #define SMC_ENTITY_TRUSTED_OS 50 /* Trusted OS calls */ +#define SMC_ENTITY_LOGGING 51 /* Used for secure -> nonsecure logging */ #define SMC_ENTITY_SECURE_MONITOR 60 /* Trusted OS calls internal to secure monitor */ /* FC = Fast call, SC = Standard call */ -- cgit v1.2.2 From cb7f0c33bd6733dab9f76adaaa1eeea77065054c Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Thu, 26 Mar 2015 19:31:25 -0700 Subject: trusty: add couple non-secure memory related helper routines trusty_encode_page_info - encodes page physical address, memory type and other attributes into architecture specific structure that can be parsed by secure side. trusty_call32_mem_buf - can be used by drivers to make specified smc call with physicaly contigues memory buffer as an argument. Memory buffer info in retrieved by trusty_encode_page_info and along with buffer size is encoded into series of 32-bit smc call parameters. Change-Id: Iae155c0eff0bb6269be1abbe53ee42f27a1c23f5 Signed-off-by: Michael Ryleev --- include/linux/trusty/trusty.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index abb77f1db..d084d9d68 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -16,6 +16,9 @@ #include #include +#include +#include + #ifdef CONFIG_TRUSTY s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); @@ -53,4 +56,16 @@ int trusty_call_notifier_register(struct device *dev, int trusty_call_notifier_unregister(struct device *dev, struct notifier_block *n); const char *trusty_version_str_get(struct device *dev); + +struct ns_mem_page_info { + uint64_t attr; +}; + +int trusty_encode_page_info(struct ns_mem_page_info *inf, + struct page *page, pgprot_t pgprot); + +int trusty_call32_mem_buf(struct device *dev, u32 smcnr, + struct page *page, u32 size, + pgprot_t pgprot); + #endif -- cgit v1.2.2 From 1db3530ea6781b888f98f5dd7724ba042a02954b Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Mon, 30 Mar 2015 12:43:59 -0700 Subject: trusty: add trusty virtio driver Trusty virtio driver is responsible for management an interaction with virtio devices exposed by Trusty. During initialization, this driver makes an smc call to retrieve Trusty virtio device descriptor from secure side, parses it then instantiates and configures the specified set of virtio devices. Change-Id: I20a23518d5c19bedd9282f7f1d4b16957ba75408 Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index aaad5cee6..a2be2e357 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -78,4 +78,12 @@ #define SMC_FC_AARCH_SWITCH SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 9) #define SMC_FC_GET_VERSION_STR SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 10) +/* TRUSTED_OS entity calls */ +#define SMC_SC_VIRTIO_GET_DESCR SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 20) +#define SMC_SC_VIRTIO_START SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 21) +#define SMC_SC_VIRTIO_STOP SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 22) + +#define SMC_SC_VDEV_RESET SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 23) +#define SMC_SC_VDEV_KICK_VQ SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 24) + #endif /* __LINUX_TRUSTY_SMCALL_H */ -- cgit v1.2.2 From 782b48e793bbac025b1a79a11c67d38855cb75c6 Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Wed, 7 Jan 2015 15:47:37 -0800 Subject: trusty: add trusty-ipc driver Trusty IPC driver provides message passing interface between non-secure side (Linux) and secure side running Trusty. It is handling a set of trusty IPC virtio devices instantiated and configured by trusty-virtio driver based on device description retrieved from secure side. Change-Id: I81288aa458675996cbc93e73baf3c41d735d5429 Signed-off-by: Michael Ryleev --- include/linux/trusty/trusty_ipc.h | 88 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 include/linux/trusty/trusty_ipc.h (limited to 'include/linux') diff --git a/include/linux/trusty/trusty_ipc.h b/include/linux/trusty/trusty_ipc.h new file mode 100644 index 000000000..4ca15938a --- /dev/null +++ b/include/linux/trusty/trusty_ipc.h @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2015 Google, Inc. + * + * This software is licensed under the terms of the GNU General Public + * License version 2, as published by the Free Software Foundation, and + * may be copied, distributed, and modified under those terms. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#ifndef __LINUX_TRUSTY_TRUSTY_IPC_H +#define __LINUX_TRUSTY_TRUSTY_IPC_H + +struct tipc_chan; + +struct tipc_msg_buf { + void *buf_va; + phys_addr_t buf_pa; + size_t buf_sz; + size_t wpos; + size_t rpos; + struct list_head node; +}; + +enum tipc_chan_event { + TIPC_CHANNEL_CONNECTED = 1, + TIPC_CHANNEL_DISCONNECTED, + TIPC_CHANNEL_SHUTDOWN, +}; + +struct tipc_chan_ops { + void (*handle_event)(void *cb_arg, int event); + struct tipc_msg_buf *(*handle_msg)(void *cb_arg, + struct tipc_msg_buf *mb); +}; + +struct tipc_chan *tipc_create_channel(struct device *dev, + const struct tipc_chan_ops *ops, + void *cb_arg); + +int tipc_chan_connect(struct tipc_chan *chan, const char *port); + +int tipc_chan_queue_msg(struct tipc_chan *chan, struct tipc_msg_buf *mb); + +int tipc_chan_shutdown(struct tipc_chan *chan); + +void tipc_chan_destroy(struct tipc_chan *chan); + +struct tipc_msg_buf *tipc_chan_get_rxbuf(struct tipc_chan *chan); + +void tipc_chan_put_rxbuf(struct tipc_chan *chan, struct tipc_msg_buf *mb); + +struct tipc_msg_buf * +tipc_chan_get_txbuf_timeout(struct tipc_chan *chan, long timeout); + +void tipc_chan_put_txbuf(struct tipc_chan *chan, struct tipc_msg_buf *mb); + +static inline size_t mb_avail_space(struct tipc_msg_buf *mb) +{ + return mb->buf_sz - mb->wpos; +} + +static inline size_t mb_avail_data(struct tipc_msg_buf *mb) +{ + return mb->wpos - mb->rpos; +} + +static inline void *mb_put_data(struct tipc_msg_buf *mb, size_t len) +{ + void *pos = (u8 *)mb->buf_va + mb->wpos; + BUG_ON(mb->wpos + len > mb->buf_sz); + mb->wpos += len; + return pos; +} + +static inline void *mb_get_data(struct tipc_msg_buf *mb, size_t len) +{ + void *pos = (u8 *)mb->buf_va + mb->rpos; + BUG_ON(mb->rpos + len > mb->wpos); + mb->rpos += len; + return pos; +} + +#endif /* __LINUX_TRUSTY_TRUSTY_IPC_H */ + -- cgit v1.2.2 From 4de081ad8ef79596293b299c05c2c0c67e8f2bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Thu, 11 Jun 2015 19:34:28 -0700 Subject: trusty: Select api version Select api version in probe, and store it in trusty_state. This enables new return codes from trusty, and will later be used to enable a nop stdcall that does not take smc_lock. Change-Id: Ib0c41b8b14e0638851d5236f83677c25507a2db6 Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 19 +++++++++++++++++++ include/linux/trusty/trusty.h | 1 + 2 files changed, 20 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index a2be2e357..cdb4eccd7 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -78,6 +78,25 @@ #define SMC_FC_AARCH_SWITCH SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 9) #define SMC_FC_GET_VERSION_STR SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 10) +/** + * SMC_FC_API_VERSION - Find and select supported API version. + * + * @r1: Version supported by client. + * + * Returns version supported by trusty. + * + * If multiple versions are supported, the client should start by calling + * SMC_FC_API_VERSION with the largest version it supports. Trusty will then + * return a version it supports. If the client does not support the version + * returned by trusty and the version returned is less than the version + * requested, repeat the call with the largest supported version less than the + * last returned version. + * + * This call must be made before any calls that are affected by the api version. + */ +#define TRUSTY_API_VERSION_CURRENT (0) +#define SMC_FC_API_VERSION SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 11) + /* TRUSTED_OS entity calls */ #define SMC_SC_VIRTIO_GET_DESCR SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 20) #define SMC_SC_VIRTIO_START SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 21) diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index d084d9d68..24fe2101a 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -56,6 +56,7 @@ int trusty_call_notifier_register(struct device *dev, int trusty_call_notifier_unregister(struct device *dev, struct notifier_block *n); const char *trusty_version_str_get(struct device *dev); +u32 trusty_get_api_version(struct device *dev); struct ns_mem_page_info { uint64_t attr; -- cgit v1.2.2 From 7abcf768d24edb227bc809d819e6b2544c496f34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Thu, 11 Jun 2015 19:51:54 -0700 Subject: trusty: Handle fiqs without calling notifier and enabling interrupts Change-Id: Iab318f0efd7ca0217bd64a30918f040938af5b76 Signed-off-by: Michael Ryleev --- include/linux/trusty/sm_err.h | 1 + include/linux/trusty/smcall.h | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/trusty/sm_err.h b/include/linux/trusty/sm_err.h index 4ee67589c..7de09b46f 100644 --- a/include/linux/trusty/sm_err.h +++ b/include/linux/trusty/sm_err.h @@ -35,5 +35,6 @@ #define SM_ERR_NOT_ALLOWED -9 /* SMC call not allowed */ #define SM_ERR_END_OF_INPUT -10 #define SM_ERR_PANIC -11 /* Secure OS crashed */ +#define SM_ERR_FIQ_INTERRUPTED -12 /* Got interrupted by FIQ. Call back with SMC_SC_RESTART_FIQ on same CPU */ #endif diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index cdb4eccd7..7d8950a88 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -58,6 +58,18 @@ #define SMC_SC_RESTART_LAST SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 0) #define SMC_SC_NOP SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) +/** + * SMC_SC_RESTART_FIQ - Re-enter trusty after it was interrupted by an fiq + * + * No arguments, no return value. + * + * Re-enter trusty after returning to ns to process an fiq. Must be called iff + * trusty returns SM_ERR_FIQ_INTERRUPTED. + * + * Enable by selecting api version TRUSTY_API_VERSION_RESTART_FIQ (1) or later. + */ +#define SMC_SC_RESTART_FIQ SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 2) + /* * Return from secure os to non-secure os with return value in r1 */ @@ -94,7 +106,8 @@ * * This call must be made before any calls that are affected by the api version. */ -#define TRUSTY_API_VERSION_CURRENT (0) +#define TRUSTY_API_VERSION_RESTART_FIQ (1) +#define TRUSTY_API_VERSION_CURRENT (1) #define SMC_FC_API_VERSION SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 11) /* TRUSTED_OS entity calls */ -- cgit v1.2.2 From b2a435cf6598473a194b4f7168225420f57c218f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Fri, 23 Jan 2015 17:55:48 -0800 Subject: trusty: Add smp support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add an unlocked nop call to allow multiple cpus to enter trusty. Other standard calls are still serialized to avoid return codes getting mixed up. A new return code is used to indicate that the standard call is running on another cpu. Change-Id: Iccc0785138fbc3eb9daebf22fd79d6c1f9b23f6a Signed-off-by: Arve Hjønnevåg --- include/linux/trusty/sm_err.h | 3 +++ include/linux/trusty/smcall.h | 17 +++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/trusty/sm_err.h b/include/linux/trusty/sm_err.h index 7de09b46f..32ee08e49 100644 --- a/include/linux/trusty/sm_err.h +++ b/include/linux/trusty/sm_err.h @@ -36,5 +36,8 @@ #define SM_ERR_END_OF_INPUT -10 #define SM_ERR_PANIC -11 /* Secure OS crashed */ #define SM_ERR_FIQ_INTERRUPTED -12 /* Got interrupted by FIQ. Call back with SMC_SC_RESTART_FIQ on same CPU */ +#define SM_ERR_CPU_IDLE -13 /* SMC call waiting for another CPU */ +#define SM_ERR_NOP_INTERRUPTED -14 /* Got interrupted. Call back with new SMC_SC_NOP */ +#define SM_ERR_NOP_DONE -15 /* Cpu idle after SMC_SC_NOP (not an error) */ #endif diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 7d8950a88..2e43803d9 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -56,7 +56,7 @@ /* FC = Fast call, SC = Standard call */ #define SMC_SC_RESTART_LAST SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 0) -#define SMC_SC_NOP SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) +#define SMC_SC_LOCKED_NOP SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 1) /** * SMC_SC_RESTART_FIQ - Re-enter trusty after it was interrupted by an fiq @@ -70,6 +70,18 @@ */ #define SMC_SC_RESTART_FIQ SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 2) +/** + * SMC_SC_NOP - Enter trusty to run pending work. + * + * No arguments. + * + * Returns SM_ERR_NOP_INTERRUPTED or SM_ERR_NOP_DONE. + * If SM_ERR_NOP_INTERRUPTED is returned, the call must be repeated. + * + * Enable by selecting api version TRUSTY_API_VERSION_SMP (2) or later. + */ +#define SMC_SC_NOP SMC_STDCALL_NR (SMC_ENTITY_SECURE_MONITOR, 3) + /* * Return from secure os to non-secure os with return value in r1 */ @@ -107,7 +119,8 @@ * This call must be made before any calls that are affected by the api version. */ #define TRUSTY_API_VERSION_RESTART_FIQ (1) -#define TRUSTY_API_VERSION_CURRENT (1) +#define TRUSTY_API_VERSION_SMP (2) +#define TRUSTY_API_VERSION_CURRENT (2) #define SMC_FC_API_VERSION SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 11) /* TRUSTED_OS entity calls */ -- cgit v1.2.2 From 27e57ad67ae0b76cdf94e323c07b6db90f11bea4 Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Tue, 11 Oct 2016 11:01:14 -0700 Subject: trusty: add support for parameterized NOP ops Parameterized NOPs are introduced by Trusty secure side to facilitate better SMP concurrency. They are effectively NOP calls with parameters that will be routed to appropriate handlers on secure side which can be executed concurrently on multiple CPUs. Parameterized NOPs are represented by trusty_nop structure that has to be initialized by calling trusty_nop_init call. This patch creates queue for such items, adds per CPU work queue to invoke them and adds API to enqueue and dequeue them. Change-Id: I4c450c3d6cc18b246dfd0ca4526ef8703c1c2d64 Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 3 ++- include/linux/trusty/trusty.h | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 2e43803d9..4e03a97ee 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -120,7 +120,8 @@ */ #define TRUSTY_API_VERSION_RESTART_FIQ (1) #define TRUSTY_API_VERSION_SMP (2) -#define TRUSTY_API_VERSION_CURRENT (2) +#define TRUSTY_API_VERSION_SMP_NOP (3) +#define TRUSTY_API_VERSION_CURRENT (3) #define SMC_FC_API_VERSION SMC_FASTCALL_NR (SMC_ENTITY_SECURE_MONITOR, 11) /* TRUSTED_OS entity calls */ diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 24fe2101a..742c09e9e 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -69,4 +69,20 @@ int trusty_call32_mem_buf(struct device *dev, u32 smcnr, struct page *page, u32 size, pgprot_t pgprot); +struct trusty_nop { + struct list_head node; + u32 args[3]; +}; + +static inline void trusty_nop_init(struct trusty_nop *nop, + u32 arg0, u32 arg1, u32 arg2) { + INIT_LIST_HEAD(&nop->node); + nop->args[0] = arg0; + nop->args[1] = arg1; + nop->args[2] = arg2; +} + +void trusty_enqueue_nop(struct device *dev, struct trusty_nop *nop); +void trusty_dequeue_nop(struct device *dev, struct trusty_nop *nop); + #endif -- cgit v1.2.2 From c9c0123938f306aeb4e066300dc8c3fcdb89b29d Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Fri, 14 Oct 2016 16:24:38 -0700 Subject: trusty: switch to use version 3 of TRUSTY_API Version 3 of Trusty API adds support for new command (SMC_NC_VDEV_KICK_VQ) that can be used to notify virtqueue that new item is available. This command is a parameterized NOP, it has to be queued using trusty_enqueue_nop API and as such can be executed concurrently on multiple CPUs. Change-Id: Ic979e628e780fe8b0c9de5058c897c0944006615 Signed-off-by: Michael Ryleev --- include/linux/trusty/smcall.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 4e03a97ee..80101dfc0 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -131,5 +131,6 @@ #define SMC_SC_VDEV_RESET SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 23) #define SMC_SC_VDEV_KICK_VQ SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 24) +#define SMC_NC_VDEV_KICK_VQ SMC_STDCALL_NR(SMC_ENTITY_TRUSTED_OS, 25) #endif /* __LINUX_TRUSTY_SMCALL_H */ -- cgit v1.2.2 From 73b76c9b61321c14bfe571406f7979ef43e69825 Mon Sep 17 00:00:00 2001 From: Mahesh Lagadapati Date: Fri, 10 Jun 2016 16:33:41 -0700 Subject: trusty: ote-tipc kernel interface This change provides APIs for kernel drivers to communicate with OTE TAs. Bug 200195643 Jira APTS-128 Change-Id: Idb7638d42a24ee22218858e4a93572234fe1522b Signed-off-by: Mahesh Lagadapati Reviewed-on: http://git-master/r/1165207 (cherry picked from commit 6b2e1a14262f401d596b1c115f5d47223d024f7d) --- include/linux/trusty/trusty_ipc.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty_ipc.h b/include/linux/trusty/trusty_ipc.h index 4ca15938a..beabc3f3e 100644 --- a/include/linux/trusty/trusty_ipc.h +++ b/include/linux/trusty/trusty_ipc.h @@ -84,5 +84,29 @@ static inline void *mb_get_data(struct tipc_msg_buf *mb, size_t len) return pos; } +/* OTE-TIPC wrapper APIs*/ +/* + * te_open_trusted_session - Establishes the session with TA + * @name(in): name of the TA to connect to. + * @ctx(out): pointer to the private data associated to the open session + * Returns 0 on Success else error code. + */ +int te_open_trusted_session(char *name, void **ctx); +/* + * te_close_trusted_session - Closes the session established + * @ctx: ctx returned by open session + */ +void te_close_trusted_session(void *ctx); +/* + * te_launch_trusted_oper - Communicate with TA to perform any operation + * @buf: Buffer to sent to secure world. + * @buf_len: length of the buffer. + * @ta_cmd: command to sent to secure world. + * @ctx: ctx returned by open session. + * Returns 0 on Success else error code. + */ +int te_launch_trusted_oper(void *buf, size_t buf_len, uint32_t ta_cmd, + void *ctx); + #endif /* __LINUX_TRUSTY_TRUSTY_IPC_H */ -- cgit v1.2.2 From 44b6cc594ef9b3173261832cfa8f0063f0f3a63c Mon Sep 17 00:00:00 2001 From: Nitin Kumbhar Date: Fri, 23 Sep 2016 14:21:40 +0530 Subject: trusty: add dt node based checks Update trusty driver(s) to inclue trusty DT node based run time checks for presence of trusty device. All APIs exported to clients are updated to include this check. If trusty DT node is absent or in disabled state, these interfaces return an error. Bug 200173095 Change-Id: Ib8853c9c4b25efa3a69c3cd83e4eb6c77be42d9a Signed-off-by: Nitin Kumbhar Reviewed-on: http://git-master/r/1225984 (cherry picked from commit 585cb6718254db2e75b949efbf8ac76903c6ee86) --- include/linux/trusty/trusty.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 742c09e9e..d6fffc710 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2013 Google, Inc. + * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved. * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -19,6 +20,12 @@ #include #include +enum { + TRUSTY_DEV_UNINIT = -1, + + TRUSTY_DEV_DISABLED = 0, + TRUSTY_DEV_ENABLED +}; #ifdef CONFIG_TRUSTY s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); @@ -84,5 +91,6 @@ static inline void trusty_nop_init(struct trusty_nop *nop, void trusty_enqueue_nop(struct device *dev, struct trusty_nop *nop); void trusty_dequeue_nop(struct device *dev, struct trusty_nop *nop); +int is_trusty_dev_enabled(void); #endif -- cgit v1.2.2 From 3ff9b80495a8c901d084f811594a7999d8bd620f Mon Sep 17 00:00:00 2001 From: Nicolin Chen Date: Thu, 23 Mar 2017 15:20:17 -0700 Subject: trusty: use #if IS_ENABLED() instead of #ifdef The CONFIG_TRUSTY could be selected as a module while should still work for trusty driver. Prior to this patch, there're compile errors when selecting CONFIG_TRUSTY=m: drivers/trusty/trusty.c:93:5: error: redefinition of 'trusty_fast_call32' drivers/trusty/trusty.c:109:5: error: redefinition of 'trusty_fast_call64' So this patch just changes the "#ifdef" to "#if IS_ENABLED". Bug 200305192 Change-Id: I867af8ce112be6eaf86c6bde311e248b1f601884 Signed-off-by: Nicolin Chen Reviewed-on: http://git-master/r/1475902 Reviewed-by: Automatic_Commit_Validation_User GVS: Gerrit_Virtual_Submit Reviewed-by: Sachin Nikam --- include/linux/trusty/trusty.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index d6fffc710..542399d1b 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Google, Inc. - * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved. + * Copyright (c) 2016-2017, NVIDIA CORPORATION. All rights reserved. * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -27,7 +27,7 @@ enum { TRUSTY_DEV_ENABLED }; -#ifdef CONFIG_TRUSTY +#if IS_ENABLED(CONFIG_TRUSTY) s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); s32 trusty_fast_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); #ifdef CONFIG_64BIT -- cgit v1.2.2 From 5d873fd2532a861ac7554f4ac348d032f3dc5d4c Mon Sep 17 00:00:00 2001 From: Amith Date: Fri, 20 Nov 2015 15:02:08 -0800 Subject: trusty/virtio_ring: use real PA instead IPA If hypervisor exit, trusty won't know the real PA from a guest. So call HVC get the real PA first. Bug 200044390 Change-Id: Ibca05b8465e254f4bb173e1ea1e820fb3846f922 Reviewed-on: http://git-master/r/1198267 Signed-off-by: Haley Teng (cherry picked from commit cf08ac832fcb22b000a8bbc08cb48bdf53928069) Reviewed-on: http://git-master/r/1323007 GVS: Gerrit_Virtual_Submit Reviewed-by: Nicolin Chen Reviewed-by: Sachin Nikam --- include/linux/trusty/trusty.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 542399d1b..bd7c91313 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -33,6 +33,9 @@ s32 trusty_fast_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); #ifdef CONFIG_64BIT s64 trusty_fast_call64(struct device *dev, u64 smcnr, u64 a0, u64 a1, u64 a2); #endif +#ifdef CONFIG_TEGRA_VIRTUALIZATION +int hyp_ipa_translate(uint64_t *ipa); +#endif #else static inline s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2) -- cgit v1.2.2 From 02a7ce99ffe2adc39606d6e277be6593e6c9ea0c Mon Sep 17 00:00:00 2001 From: Amith Nuggehalli Date: Tue, 25 Jul 2017 17:17:15 -0700 Subject: Retry NOP smc call when a guest's VIRQ is pending In virtualization use case, if a guest's VIRQ is pending at, the hypervisor, the control returns back control immediately to the guest without transitioning to TOS so that the guest's IRQ is handled in time. In such a case, re-try the NOP smc with the same arguments as the previous call as the SMC wouldn't have reached TOS yet. JIRA: SEC-366 Change-Id: Iff0f4fd6aab1369848736a1a7f2fa75afd3616b9 Signed-off-by: Amith Nuggehalli (cherry picked from commit 585fea50e14410d312c9966f5520af305c56e989) Reviewed-on: https://git-master.nvidia.com/r/1533177 GVS: Gerrit_Virtual_Submit Reviewed-by: Varun Wadekar --- include/linux/trusty/sm_err.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/sm_err.h b/include/linux/trusty/sm_err.h index 32ee08e49..fb6f3794d 100644 --- a/include/linux/trusty/sm_err.h +++ b/include/linux/trusty/sm_err.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2013 Google Inc. All rights reserved + * Copyright (c) 2017 NVIDIA CORPORATION. All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files @@ -39,5 +40,6 @@ #define SM_ERR_CPU_IDLE -13 /* SMC call waiting for another CPU */ #define SM_ERR_NOP_INTERRUPTED -14 /* Got interrupted. Call back with new SMC_SC_NOP */ #define SM_ERR_NOP_DONE -15 /* Cpu idle after SMC_SC_NOP (not an error) */ +#define SM_ERR_NOP_RETRY -16 /* Retry the previous NOP smc as the first may not have reached TOS */ #endif -- cgit v1.2.2 From ec1519dd0198a24b3ffdcb207a6dae039af2d2f6 Mon Sep 17 00:00:00 2001 From: Tao Ye Date: Sat, 15 Jul 2017 16:30:35 -0700 Subject: Add support to probe if TA is available When connecting to Trusty via TIPC, linux kernel wants to know if the connection failure is caused by port_not_found issues such as the requested TA is not available. Bug 1896070 Jira APTS-731 Change-Id: I7fe9b895b79ba5fa82b15d2bfd90b1297fd7d017 Signed-off-by: Tao Ye Reviewed-on: https://git-master.nvidia.com/r/1523288 Reviewed-by: Varun Wadekar Reviewed-by: svccoveritychecker Reviewed-by: svc-mobile-coverity GVS: Gerrit_Virtual_Submit Reviewed-by: Stephen Warren Reviewed-by: Mitch Luban Tested-by: Mrutyunjay Sawant --- include/linux/trusty/trusty_ipc.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty_ipc.h b/include/linux/trusty/trusty_ipc.h index beabc3f3e..da785e98d 100644 --- a/include/linux/trusty/trusty_ipc.h +++ b/include/linux/trusty/trusty_ipc.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2015 Google, Inc. + * Copyright (c) 2016-2017, NVIDIA CORPORATION. All rights reserved. * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -14,6 +15,13 @@ #ifndef __LINUX_TRUSTY_TRUSTY_IPC_H #define __LINUX_TRUSTY_TRUSTY_IPC_H +/* + * Errnos below must be in sync with the corresponding errnos + * defined in 3rdparty/trusty/external/lk/include/err.h + */ +#define NO_ERROR (0) +#define ERR_NOT_FOUND (-2) + struct tipc_chan; struct tipc_msg_buf { @@ -29,6 +37,7 @@ enum tipc_chan_event { TIPC_CHANNEL_CONNECTED = 1, TIPC_CHANNEL_DISCONNECTED, TIPC_CHANNEL_SHUTDOWN, + TIPC_CHANNEL_NOT_FOUND, }; struct tipc_chan_ops { -- cgit v1.2.2 From af5f3aec798ad724697053b9e993fc53eefbfadd Mon Sep 17 00:00:00 2001 From: Steven Kao Date: Fri, 18 Mar 2016 14:17:16 +0800 Subject: trusty: smc_entity_guest_reset smc for hypervisor This smc is called by the hypervisor before hypervisor guest reset. VFND-1273 Bug 200145347 Change-Id: I9f599943768038c50e87e5f2b299d06099ee8a36 Signed-off-by: Steven Kao Reviewed-on: http://git-master/r/1114457 (cherry picked from commit c8e2d669e69541da8bfa6ad795839f30874e2fbc) Reviewed-on: http://git-master/r/1219491 (cherry picked from commit c334664e2208dee4c1e4480da76e5f2f23f202f3) Reviewed-on: https://git-master.nvidia.com/r/1538684 Reviewed-by: Bharat Nihalani GVS: Gerrit_Virtual_Submit --- include/linux/trusty/smcall.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h index 80101dfc0..b11cf2ea9 100644 --- a/include/linux/trusty/smcall.h +++ b/include/linux/trusty/smcall.h @@ -52,6 +52,8 @@ #define SMC_ENTITY_TRUSTED_APP 48 /* Trusted Application calls */ #define SMC_ENTITY_TRUSTED_OS 50 /* Trusted OS calls */ #define SMC_ENTITY_LOGGING 51 /* Used for secure -> nonsecure logging */ +#define SMC_ENTITY_GUEST_RESET 52 /* Notify Trusted OS */ + /* about guest reset */ #define SMC_ENTITY_SECURE_MONITOR 60 /* Trusted OS calls internal to secure monitor */ /* FC = Fast call, SC = Standard call */ -- cgit v1.2.2 From 9b415b21b13c94f26269dfb97f648be59f931ef8 Mon Sep 17 00:00:00 2001 From: Amith Nuggehalli Date: Wed, 6 Sep 2017 22:19:16 -0700 Subject: Add polling thread to poll TX vq *** This change is needed for multi-guest trusty use-case only *** Trusty (TOS) splits the incoming requests into kernel and user threads. These threads are blocked on events, run when their event is released. Trusty also has an idle thread whose priority is lower than all other threads in the OS. It runs when there is no other active thread to run and it takes the cpu back to the NS world (idle return). In multi-guest configuration, TOS can receive requests from multiple guests concurrently. While some requests are exclusive rest others access shared system resources such as SE engine keyslots and so on. Infact, trusted applications can also be considered to be shared resources as they are single threaded and only one instance of each TA runs on the system. Threads waiting on shared resources or service from a server, go to sleep if the wait is not released immediately. In such cases, the incoming guest returns back to the kernel, while its requests are still waiting in TOS.This guest kernel would need some kind of a callback or an asynchronous event or rudimentary polling to inform its requests are completed. The cpu running in trusty runs all the waiting threads before it returns back to its guest. This fix checks the VQ for any new buffers at every second. So at the end of each interval, there is a guarantee that the kernel looks at its Rx queues and notifies the clients waiting on their channels for any new messages. JIRA: SEC-412 TESTS: Ran 10,000 iterations of sample_client1 calling crypto, secure storage, secure RTC and nvcrypto APIs concurrently on both guest VMs in a linux-linux configuration. Tests complete successfully. Change-Id: I7e336c79cac0ebb36a81921553243c09c98a6568 Signed-off-by: Amith Nuggehalli Reviewed-on: https://git-master.nvidia.com/r/1550450 Reviewed-by: svccoveritychecker GVS: Gerrit_Virtual_Submit Reviewed-by: Mihir Joshi Reviewed-by: Varun Wadekar --- include/linux/trusty/trusty.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index bd7c91313..a203e6943 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -60,6 +60,9 @@ struct notifier_block; enum { TRUSTY_CALL_PREPARE, TRUSTY_CALL_RETURNED, +#ifdef CONFIG_TEGRA_VIRTUALIZATION + TRUSTY_CALL_VQ_POLLING, +#endif }; int trusty_call_notifier_register(struct device *dev, struct notifier_block *n); -- cgit v1.2.2 From da468442a086845539fd5cebcf3f831aec69cd3a Mon Sep 17 00:00:00 2001 From: Anthony Zhou Date: Mon, 4 Jul 2016 16:31:30 +0800 Subject: trusty: Add return check for IPA to PA Check the return value of hyp_ipa_translate, if it is not 0, report error and return. Bug 200044390 Change-Id: Ic28a18164e162d5a399b4227f42f04cc97cedbce Signed-off-by: Anthony Zhou Reviewed-on: http://git-master/r/1241638 (cherry picked from commit 4e06cd93edec2d67c62d6fc9408e2690afbfc9fd) Reviewed-on: https://git-master.nvidia.com/r/1488435 Reviewed-by: svc-mobile-coverity Reviewed-by: svccoveritychecker GVS: Gerrit_Virtual_Submit Tested-by: Stephen Wolfe Reviewed-by: Timo Alho --- include/linux/trusty/trusty.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index a203e6943..41623faa9 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -19,6 +19,7 @@ #include #include #include +#include enum { TRUSTY_DEV_UNINIT = -1, @@ -33,9 +34,7 @@ s32 trusty_fast_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2); #ifdef CONFIG_64BIT s64 trusty_fast_call64(struct device *dev, u64 smcnr, u64 a0, u64 a1, u64 a2); #endif -#ifdef CONFIG_TEGRA_VIRTUALIZATION int hyp_ipa_translate(uint64_t *ipa); -#endif #else static inline s32 trusty_std_call32(struct device *dev, u32 smcnr, u32 a0, u32 a1, u32 a2) -- cgit v1.2.2 From 111a90676b10d3fbb9de161775724e1194e83aa6 Mon Sep 17 00:00:00 2001 From: Stephen Wolfe Date: Sun, 29 Oct 2017 19:39:44 -0700 Subject: trusty: disable trusty irq's when trusty crashes After trusty panics, whenever control reaches trusty will immediately context switch back to NS world. This triggers a trusty irq in the linux kernel, which eventually causes control to return back to trusty. This causes an endless loop of context switching back and forth between non-secure and secure world, and generates log spew. This commit fixes this issue by disabling trusty irq's once trusty crashes. The crash is detected in the trusty driver, who signals the trusty-irq driver to disable interrupts via a notifier chain. Bug 1883981 Change-Id: Ib7d8f921537f6aa423bd1372d8073bfa73b81fa4 Signed-off-by: Stephen Wolfe Reviewed-on: https://git-master.nvidia.com/r/1591010 (cherry picked from commit 55756bf62e988fe028791d95bc54b5345863c098) Reviewed-on: https://git-master.nvidia.com/r/1600497 Reviewed-by: Automatic_Commit_Validation_User Reviewed-by: svc-mobile-coverity GVS: Gerrit_Virtual_Submit Reviewed-by: Mihir Joshi Reviewed-by: Bharat Nihalani Reviewed-by: mobile promotions Tested-by: mobile promotions --- include/linux/trusty/trusty.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h index 41623faa9..096608e24 100644 --- a/include/linux/trusty/trusty.h +++ b/include/linux/trusty/trusty.h @@ -67,6 +67,10 @@ int trusty_call_notifier_register(struct device *dev, struct notifier_block *n); int trusty_call_notifier_unregister(struct device *dev, struct notifier_block *n); +int trusty_panic_notifier_register(struct device *dev, + struct notifier_block *n); +int trusty_panic_notifier_unregister(struct device *dev, + struct notifier_block *n); const char *trusty_version_str_get(struct device *dev); u32 trusty_get_api_version(struct device *dev); -- cgit v1.2.2 From ee6fbe3a25ff94cf062f18dad4c78ed14f7924a1 Mon Sep 17 00:00:00 2001 From: Michael Ryleev Date: Wed, 21 Mar 2018 10:21:03 -0700 Subject: trusty-ipc: Fix a race condition in tipc_release Under certain conditions it is possible that an instance of tipc_dn_chan structure will be freed in context of tipc_release call while still be referenced and in use by corresponding instance of tipc_chan struct. In order to fix that, we will need to make sure that corresponding tipc_chan struct is not in use before freeing tipc_dn_chan struct. This CL introduces and implements a new callback in tipc_chan_ops struct, called handle_release, that when specified will be called while an instance of tipc_chan object is getting destroyed. This is only possible when the last reference to tipc_chan struct goes away so it is not in use anymore. Change-Id: I93849aab08e09374a9f8ca9fa00351839519027d Signed-off-by: Michael Ryleev Reviewed-on: https://git-master.nvidia.com/r/1679989 Tested-by: Stephen Wolfe Reviewed-by: Mihir Joshi Reviewed-by: Mahesh Lagadapati Reviewed-by: svc-mobile-coverity GVS: Gerrit_Virtual_Submit Reviewed-by: Bharat Nihalani Reviewed-by: mobile promotions Tested-by: mobile promotions --- include/linux/trusty/trusty_ipc.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/trusty/trusty_ipc.h b/include/linux/trusty/trusty_ipc.h index da785e98d..e76e252e4 100644 --- a/include/linux/trusty/trusty_ipc.h +++ b/include/linux/trusty/trusty_ipc.h @@ -44,6 +44,7 @@ struct tipc_chan_ops { void (*handle_event)(void *cb_arg, int event); struct tipc_msg_buf *(*handle_msg)(void *cb_arg, struct tipc_msg_buf *mb); + void (*handle_release)(void *cb_arg); }; struct tipc_chan *tipc_create_channel(struct device *dev, -- cgit v1.2.2