18 Jan, 2021
23 commits
-
Consistently use the MIT license for headers that are also duplicated in
Trusty (and sometimes in TF-A too). This is the license in the other
copies, and unlike GPL-2.0 it's compatible with both Linux and Trusty.For trusty-log.h, also add the copyright statement that is in the other
copy, as the MIT license requires a copyright statement.Also remove the unnecessary include of in arm_ffa.h.
Finally, also add reminders to keep the headers in sync.
Change-Id: Id0349d605013a941d2c54d9a372991b300d8feea
Signed-off-by: Eric Biggers -
Linux kernel code conventionally uses u8, u16, u32, etc. instead of the
stdint-style uint8_t, uint16_t, uint32_t, etc. So replace the
stdint-style types with the Linux-style types.Don't make this change in arm_ffa.h or trusty-log.h, since there is a
copy of these headers in non-Linux code, and there is a desire to keep
the copies the same.Change-Id: I0a0239cbda9a32b004581e80e5d4420cee7ee429
Signed-off-by: Eric Biggers -
Linux kernel code uses traditional include guards, not '#pragma once'.
Change-Id: Ia865e58b1d08a2e8df96854933f500b504341794
Signed-off-by: Eric Biggers -
* Adds ability to send memfds over a tipc channel
Missing:
* COMPAT support for 32-bit ioctls
* Receiving shared memoryBug: 117221195
Test: tipc-test -t send-fd
Change-Id: I1bb6c9f1c2ce8ab3e73de3666916a89f872909c9
Signed-off-by: Matthew Maurer -
Fix instances of the following checkpatch warnings:
WARNING: quoted string split across lines
WARNING: char * array declaration might be better as static const
WARNING: else is not generally useful after a break or return
WARNING: braces {} are not necessary for single statement blocks
WARNING: Missing a blank line after declarations
WARNING: Prefer 'unsigned int' to bare use of 'unsigned'
WARNING: Possible unnecessary 'out of memory' message
WARNING: ENOTSUPP is not a SUSV4 error code, prefer EOPNOTSUPP
WARNING: Symbolic permissions 'S_IRUSR' are not preferred. Consider using octal permissions '0400'.
WARNING: space prohibited between function name and open parenthesis '('Test: trusty/vendor/google/aosp/scripts/build.py qemu-generic-arm64-test-debug
Change-Id: If470fe558206c4a689323db7c6d787db82b9aa86
Signed-off-by: Eric BiggersConflicts:
arch/arm64/kernel/smp.cChange-Id: I68e4d85f1b0f73b6c158a4d37c07e0301c6cc7d7
-
This fixes several instances of the following checkpatch warning:
WARNING: Missing or malformed SPDX-License-Identifier tag
This doesn't change the actual licenses.
Test: trusty/vendor/google/aosp/scripts/build.py qemu-generic-arm64-test-debug
Change-Id: I611721ef5af4ead7a33e402b618ad5de1ffa730e
Signed-off-by: Eric Biggers -
Bug: 140053385
Change-Id: I9341d2f17c06ea89c2dfb160b6aa8440c32123b5
Signed-off-by: Tri Vo -
If trusty runs in an environment where it does not have access to all
memory, any memory passed to trusty must be explicitly shared.Bug: 128698138
Change-Id: I42c8acad0e77ab6e19c76ed1ee0777c9e091e023
Signed-off-by: Arve Hjønnevåg -
Tests shared memory interface with a stdcall.
Bug: 147322844
Change-Id: Id1b8991dfdccdb136126127968e110df709cc59b
Signed-off-by: Arve Hjønnevåg -
The current implementation only supports contiguous regions and uses the
physical address as the id.includes: Remove trusty_call32_mem_buf
It is no longer used.
includes: Set dma_mask
Set dma_mask to 48 bits. This is the current limit of our encoded page
information. Allow sharing memory above 4GB with trusty on platforms
where the default dma_mask is 32 bits.Bug: 128698138
Change-Id: Ib0801a0d67032bdf35cea4c27e27663bf68b2aa1
Signed-off-by: Arve Hjønnevåg
Signed-off-by: Tri Vo -
Support using a single (per-cpu) doorbell interrupt to signal that there
is an interrupt pending for trusty. This can be used instead of
registering a linux interrupt handler for every trusty interrupt.Bug: 122357256
Change-Id: I146f04ed45ea466cce3c571c93f8d694969b90ba
Signed-off-by: Arve Hjønnevåg -
Version 3 of Trusty API adds support for new command
(SMC_NC_VDEV_KICK_VQ) that can be used to notify virtqueue
that new item is available. This command is a parameterized
NOP, it has to be queued using trusty_enqueue_nop API and as
such can be executed concurrently on multiple CPUs.Change-Id: Ic979e628e780fe8b0c9de5058c897c0944006615
Signed-off-by: Michael Ryleev -
Parameterized NOPs are introduced by Trusty secure side to
facilitate better SMP concurrency. They are effectively NOP
calls with parameters that will be routed to appropriate
handlers on secure side which can be executed concurrently
on multiple CPUs. Parameterized NOPs are represented by
trusty_nop structure that has to be initialized by calling
trusty_nop_init call. This patch creates queue for such items,
adds per CPU work queue to invoke them and adds API to enqueue
and dequeue them.Change-Id: I4c450c3d6cc18b246dfd0ca4526ef8703c1c2d64
Signed-off-by: Michael Ryleev -
Add an unlocked nop call to allow multiple cpus to enter trusty.
Other standard calls are still serialized to avoid return codes
getting mixed up.
A new return code is used to indicate that the standard call is
running on another cpu.Change-Id: Iccc0785138fbc3eb9daebf22fd79d6c1f9b23f6a
Signed-off-by: Arve Hjønnevåg -
Change-Id: Iab318f0efd7ca0217bd64a30918f040938af5b76
Signed-off-by: Michael Ryleev
Signed-off-by: Arve Hjønnevåg -
Select api version in probe, and store it in trusty_state.
This enables new return codes from trusty, and will later be used
to enable a nop stdcall that does not take smc_lock.Change-Id: Ib0c41b8b14e0638851d5236f83677c25507a2db6
Signed-off-by: Michael Ryleev
Signed-off-by: Arve Hjønnevåg -
Trusty IPC driver provides message passing interface
between non-secure side (Linux) and secure side running
Trusty. It is handling a set of trusty IPC virtio devices
instantiated and configured by trusty-virtio driver based
on device description retrieved from secure side.* Updated for 4.19 VirtIO API (mmaurer@google.com)
includes: Rework tipc_chan_destroy
It seems unnecessary to dynamically detach vds pointer in
tipc_chan_destroy. Instead, it is cleaner to keep it around
until channel object itself is actually freed. This eliminates
the need to dynamically check presence of that pointer as it
is should always be present if tipc_chan exists.includes: Fix a race condition in tipc_release
Under certain conditions it is possible that an instance of
tipc_dn_chan structure will be freed in context of tipc_release
call while still be referenced and in use by corresponding
instance of tipc_chan struct. In order to fix that, we will need
to make sure that corresponding tipc_chan struct is not in use
before freeing tipc_dn_chan struct. This CL introduces and
implements a new callback in tipc_chan_ops struct, called
handle_release, that when specified will be called while an
instance of tipc_chan object is getting destroyed. This is
only possible when the last reference to tipc_chan struct
goes away so it is not in use anymore.includes: Fix off by one error in idr allocation.
The driver is configured to support 4 devices, but only the first 3
worked.Change-Id: I81288aa458675996cbc93e73baf3c41d735d5429
Signed-off-by: Michael Ryleev
Signed-off-by: Matthew Maurer
Signed-off-by: Arve Hjønnevåg
Signed-off-by: Tri Vo -
Trusty virtio driver is responsible for management an
interaction with virtio devices exposed by Trusty.
During initialization, this driver makes an smc
call to retrieve Trusty virtio device descriptor from
secure side, parses it then instantiates and configures
the specified set of virtio devices.* Updated for 4.19 VirtIO API (mmaurer@google.com)
includes: Add null terminator to of_device_id table
Change-Id: I20a23518d5c19bedd9282f7f1d4b16957ba75408
Signed-off-by: Michael Ryleev
Signed-off-by: Matthew Maurer
Signed-off-by: Tri Vo -
trusty_encode_page_info - encodes page physical address, memory
type and other attributes into architecture specific structure
that can be parsed by secure side.trusty_call32_mem_buf - can be used by drivers to make
specified smc call with physicaly contigues memory buffer as
an argument. Memory buffer info in retrieved by trusty_encode_page_info
and along with buffer size is encoded into series of 32-bit
smc call parameters.Change-Id: Iae155c0eff0bb6269be1abbe53ee42f27a1c23f5
Signed-off-by: Michael Ryleev -
This driver is the consumer side of a ringbuffer of log data
that the secure operating system dumps prints into. Trusty
printfs will be dumped into the kernel log after smc calls
and during panics.* Added header needed in 4.19 (mmaurer@google.com)
Change-Id: Ib4fc8b9077da5e2c628607bc6cd04dc8760dead5
Signed-off-by: Michael Ryleev
Signed-off-by: Matthew Maurer
Signed-off-by: Tri Vo -
Print trusty version to kernel log on startup, and export it in sysfs.
Change-Id: Ibb503a9385a223b590b882578fdd6332fc750a8d
Signed-off-by: Arve Hjønnevåg -
Called with local interrupts disabled.
Change-Id: I6feb9cee349f78f8d228294f238b0b420a6d4beb
Signed-off-by: Arve Hjønnevåg -
includes: Add arm64 support
includes: Add trusty_fast_call64 api on 64 bit systems.
includes: move probe to subsys_initcall
Child devices of trusty like FIQ-based debuggers and watchdogs may
want to probe early, move trusty from module init to subsys init
to allow it and its children to probe earlier.includes: Retry std_calls on SM_ERR_BUSY
If the trusty spinlock is held, or if the strex fails for another
reason, trusty returns SM_ERR_BUSY. Add retry code to handle this.Without this retry code, std_calls can fail. If the previous smc
call had returned SM_ERR_INTERRUPTED, this failure would cause
the driver to get out of sync with trusty. All later calls would
then fail with SM_ERR_INTERLEAVED_SMC.includes: Extend smc function and move to arch specific asm file
Extend trusty smc function to pass 8 registers in both directions. Move
to separate assembly files so r7 can be used (in thumb mode r7 got
corrupted by the inline assembly even though it was specified as an
output).Change-Id: I35318be3d41f84b922397e9afdca6bf47d9645db
Signed-off-by: Arve Hjønnevåg
Signed-off-by: Tri Vo