Linaro-mm-sig September 2025

linaro-mm-sig@lists.linaro.org

22 participants
40 discussions

Re: (subset) [PATCH v12 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Bjorn Andersson

On Thu, 11 Sep 2025 21:07:39 -0700, Amirreza Zarrabi wrote: > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > > [...] Applied, thanks! [01/11] firmware: qcom: tzmem: export shm_bridge create/delete commit: 8aa1e3a6f0ffbcfdf3bd7d87feb9090f96c54bc4 [02/11] firmware: qcom: scm: add support for object invocation commit: 4b700098c0fc4a76c5c1e54465c8f35e13755294 Best regards, -- Bjorn Andersson <andersson(a)kernel.org>

2 weeks, 3 days

Re: [PATCH v1 10/10] vfio/pci: Add dma-buf export support for MMIO regions

by Leon Romanovsky

On Fri, Sep 12, 2025 at 11:55:29AM -0700, Alex Mastro wrote: > On Mon, Aug 04, 2025 at 04:00:45PM +0300, Leon Romanovsky wrote: > > +static void dma_ranges_to_p2p_phys(struct vfio_pci_dma_buf *priv, > > + struct vfio_device_feature_dma_buf *dma_buf, > > + struct vfio_region_dma_range *dma_ranges) > > +{ > > + struct pci_dev *pdev = priv->vdev->pdev; > > + phys_addr_t pci_start; > > + int i; > > + > > + pci_start = pci_resource_start(pdev, dma_buf->region_index); > > + for (i = 0; i < dma_buf->nr_ranges; i++) { > > + priv->phys_vec[i].len = dma_ranges[i].length; > > + priv->phys_vec[i].paddr += pci_start + dma_ranges[i].offset; > > Is the intent really to += paddr? I would have expected a plain assignment. In this specific case, there is no difference, because phys_vec is initialized to 0, but It needs to be "=" and not "+=". > > > + priv->size += priv->phys_vec[i].len; > > + } > > + priv->nr_ranges = dma_buf->nr_ranges; > > +} > > ... > > > + priv->phys_vec = kcalloc(get_dma_buf.nr_ranges, sizeof(*priv->phys_vec), > > + GFP_KERNEL); > > + if (!priv->phys_vec) { > > + ret = -ENOMEM; > > + goto err_free_priv; > > + } > > + > > + priv->vdev = vdev; > > + dma_ranges_to_p2p_phys(priv, &get_dma_buf, dma_ranges); >

2 weeks, 3 days

[PATCH v12 0/9] TEE subsystem for protected dma-buf allocations

by Jens Wiklander

Hi, This patch set allocates the protected DMA-bufs from a DMA-heap instantiated from the TEE subsystem. The TEE subsystem handles the DMA-buf allocations since it is the TEE (OP-TEE, AMD-TEE, TS-TEE, or perhaps a future QTEE) which sets up the protection for the memory used for the DMA-bufs. The DMA-heap uses a protected memory pool provided by the backend TEE driver, allowing it to choose how to allocate the protected physical memory. The allocated DMA-bufs must be imported with a new TEE_IOC_SHM_REGISTER_FD before they can be passed as arguments when requesting services from the secure world. Three use-cases (Secure Video Playback, Trusted UI, and Secure Video Recording) have been identified so far to serve as examples of what can be expected. The use-cases have predefined DMA-heap names, "protected,secure-video", "protected,trusted-ui", and "protected,secure-video-record". The backend driver registers protected memory pools for the use-cases it supports. Each use-case has its own protected memory pool since different use-cases require isolation from different parts of the system. A protected memory pool can be based on a static carveout instantiated while probing the TEE backend driver, or dynamically allocated from CMA (dma_alloc_pages()) and made protected as needed by the TEE. This can be tested on a RockPi 4B+ with the following steps: repo init -u https://github.com/jenswi-linaro/manifest.git -m rockpi4.xml \ -b prototype/sdp-v12 repo sync -j8 cd build make toolchains -j$(nproc) make all -j$(nproc) # Copy ../out/rockpi4.img to an SD card and boot the RockPi from that # Connect a monitor to the RockPi # login and at the prompt: gst-launch-1.0 videotestsrc ! \ aesenc key=1f9423681beb9a79215820f6bda73d0f \ iv=e9aa8e834d8d70b7e0d254ff670dd718 serialize-iv=true ! \ aesdec key=1f9423681beb9a79215820f6bda73d0f ! \ kmssink The aesdec module has been hacked to use an OP-TEE TA to decrypt the stream into protected DMA-bufs which are consumed by the kmssink. The primitive QEMU tests from previous patch sets can be tested on RockPi in the same way using: xtest --sdp-basic The primitive tests are tested on QEMU with the following steps: repo init -u https://github.com/jenswi-linaro/manifest.git -m qemu_v8.xml \ -b prototype/sdp-v12 repo sync -j8 cd build make toolchains -j$(nproc) make SPMC_AT_EL=1 all -j$(nproc) make SPMC_AT_EL=1 run-only # login and at the prompt: xtest --sdp-basic The SPMC_AT_EL=1 parameter configures the build with FF-A and an SPMC at S-EL1 inside OP-TEE. The parameter can be changed to SPMC_AT_EL=n to test without FF-A using the original SMC ABI instead. Please remember to do %make arm-tf-clean for TF-A to be rebuilt properly using the new configuration. https://optee.readthedocs.io/en/latest/building/prerequisites.html list dependencies required to build the above. The primitive tests are pretty basic, mostly checking that a Trusted Application in the secure world can access and manipulate the memory. There are also some negative tests for out of bounds buffers, etc. Thanks, Jens Changes since V11: * In "dma-buf: dma-heap: export declared functions": - use EXPORT_SYMBOL_NS_GPL() - Added TJ's R-B and Sumit's Ack * In "tee: implement protected DMA-heap", import the namespaces "DMA_BUF" and "DMA_BUF_HEAP" as needed. Changes since V10: * Changed the new ABI OPTEE_MSG_CMD_GET_PROTMEM_CONFIG to report a list of u32 memory attributes instead of u16 endpoints to make room for both endpoint and access permissions in each entry. * In "tee: new ioctl to a register tee_shm from a dmabuf file descriptor", remove the unused path for DMA-bufs allocated by other means than the on in the TEE SS. * In "tee: implement protected DMA-heap", handle unloading of the backend driver module implementing the heap. The heap is reference counted and also calls tee_device_get() to guarantee that the module remains available while the heap is instantiated. * In "optee: support protected memory allocation", use dma_coerce_mask_and_coherent() instead of open-coding the function. * Added Sumit's R-B to - "optee: smc abi: dynamic protected memory allocation" - "optee: FF-A: dynamic protected memory allocation" - "optee: support protected memory allocation" - "tee: implement protected DMA-heap" - "dma-buf: dma-heap: export declared functions" Changes since V9: * Adding Sumit's R-B to "optee: sync secure world ABI headers" * Update commit message as requested for "dma-buf: dma-heap: export declared functions". * In "tee: implement protected DMA-heap": - add the hidden config option TEE_DMABUF_HEAPS to tell if the TEE subsystem can support DMA heaps - add a pfn_valid() to check that the passed physical address can be used by __pfn_to_page() and friends - remove the memremap() call, the caller is should do that instead if needed * In "tee: add tee_shm_alloc_dma_mem()" guard the calls to dma_alloc_pages() and dma_free_pages() with TEE_DMABUF_HEAPS to avoid linking errors in some configurations * In "optee: support protected memory allocation": - add the hidden config option OPTEE_STATIC_PROTMEM_POOL to tell if the driver can support a static protected memory pool - optee_protmem_pool_init() is slightly refactored to make the patches that follow easier - Call devm_memremap() before calling tee_protmem_static_pool_alloc() Changes since V8: * Using dma_alloc_pages() instead of cma_alloc() so the direct dependency on CMA can be removed together with the patches "cma: export cma_alloc() and cma_release()" and "dma-contiguous: export dma_contiguous_default_area". The patch * Renaming the patch "tee: add tee_shm_alloc_cma_phys_mem()" to "tee: add tee_shm_alloc_dma_mem()" * Setting DMA mask for the OP-TEE TEE device based on input from the secure world instead of relying on the parent device so following patches are removed: "tee: tee_device_alloc(): copy dma_mask from parent device" and "optee: pass parent device to tee_device_alloc()". * Adding Sumit Garg's R-B to "tee: refactor params_from_user()" * In the patch "tee: implement protected DMA-heap", map the physical memory passed to tee_protmem_static_pool_alloc(). Changes since V7: * Adding "dma-buf: dma-heap: export declared functions", "cma: export cma_alloc() and cma_release()", and "dma-contiguous: export dma_contiguous_default_area" to export the symbols needed to keep the TEE subsystem as a load module. * Removing CONFIG_TEE_DMABUF_HEAP and CONFIG_TEE_CMA since they aren't needed any longer. * Addressing review comments in "optee: sync secure world ABI headers" * Better align protected memory pool initialization between the smc-abi and ffa-abi parts of the optee driver. * Removing the patch "optee: account for direction while converting parameters" Changes since V6: * Restricted memory is now known as protected memory since to use the same term as https://docs.vulkan.org/guide/latest/protected.html. Update all patches to consistently use protected memory. * In "tee: implement protected DMA-heap" add the hidden config option TEE_DMABUF_HEAP to tell if the DMABUF_HEAPS functions are available for the TEE subsystem * Adding "tee: refactor params_from_user()", broken out from the patch "tee: new ioctl to a register tee_shm from a dmabuf file descriptor" * For "tee: new ioctl to a register tee_shm from a dmabuf file descriptor": - Update commit message to mention protected memory - Remove and open code tee_shm_get_parent_shm() in param_from_user_memref() * In "tee: add tee_shm_alloc_cma_phys_mem" add the hidden config option TEE_CMA to tell if the CMA functions are available for the TEE subsystem * For "tee: tee_device_alloc(): copy dma_mask from parent device" and "optee: pass parent device to tee_device_alloc", added Reviewed-by: Sumit Garg <sumit.garg(a)kernel.org> Changes since V5: * Removing "tee: add restricted memory allocation" and "tee: add TEE_IOC_RSTMEM_FD_INFO" * Adding "tee: implement restricted DMA-heap", "tee: new ioctl to a register tee_shm from a dmabuf file descriptor", "tee: add tee_shm_alloc_cma_phys_mem()", "optee: pass parent device to tee_device_alloc()", and "tee: tee_device_alloc(): copy dma_mask from parent device" * The two TEE driver OPs "rstmem_alloc()" and "rstmem_free()" are replaced with a struct tee_rstmem_pool abstraction. * Replaced the the TEE_IOC_RSTMEM_ALLOC user space API with the DMA-heap API Changes since V4: * Adding the patch "tee: add TEE_IOC_RSTMEM_FD_INFO" needed by the GStreamer demo * Removing the dummy CPU access and mmap functions from the dma_buf_ops * Fixing a compile error in "optee: FF-A: dynamic restricted memory allocation" reported by kernel test robot <lkp(a)intel.com> Changes since V3: * Make the use_case and flags field in struct tee_shm u32's instead of u16's * Add more description for TEE_IOC_RSTMEM_ALLOC in the header file * Import namespace DMA_BUF in module tee, reported by lkp(a)intel.com * Added a note in the commit message for "optee: account for direction while converting parameters" why it's needed * Factor out dynamic restricted memory allocation from "optee: support restricted memory allocation" into two new commits "optee: FF-A: dynamic restricted memory allocation" and "optee: smc abi: dynamic restricted memory allocation" * Guard CMA usage with #ifdef CONFIG_CMA, effectively disabling dynamic restricted memory allocate if CMA isn't configured Changes since the V2 RFC: * Based on v6.12 * Replaced the flags for SVP and Trusted UID memory with a u32 field with unique id for each use case * Added dynamic allocation of restricted memory pools * Added OP-TEE ABI both with and without FF-A for dynamic restricted memory * Added support for FF-A with FFA_LEND Changes since the V1 RFC: * Based on v6.11 * Complete rewrite, replacing the restricted heap with TEE_IOC_RSTMEM_ALLOC Changes since Olivier's post [2]: * Based on Yong Wu's post [1] where much of dma-buf handling is done in the generic restricted heap * Simplifications and cleanup * New commit message for "dma-buf: heaps: add Linaro restricted dmabuf heap support" * Replaced the word "secure" with "restricted" where applicable Etienne Carriere (1): tee: new ioctl to a register tee_shm from a dmabuf file descriptor Jens Wiklander (8): optee: sync secure world ABI headers dma-buf: dma-heap: export declared functions tee: implement protected DMA-heap tee: refactor params_from_user() tee: add tee_shm_alloc_dma_mem() optee: support protected memory allocation optee: FF-A: dynamic protected memory allocation optee: smc abi: dynamic protected memory allocation drivers/dma-buf/dma-heap.c | 4 + drivers/tee/Kconfig | 5 + drivers/tee/Makefile | 1 + drivers/tee/optee/Kconfig | 5 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/core.c | 7 + drivers/tee/optee/ffa_abi.c | 146 ++++++++- drivers/tee/optee/optee_ffa.h | 27 +- drivers/tee/optee/optee_msg.h | 84 ++++- drivers/tee/optee/optee_private.h | 15 +- drivers/tee/optee/optee_smc.h | 37 ++- drivers/tee/optee/protmem.c | 335 ++++++++++++++++++++ drivers/tee/optee/smc_abi.c | 141 ++++++++- drivers/tee/tee_core.c | 158 +++++++--- drivers/tee/tee_heap.c | 500 ++++++++++++++++++++++++++++++ drivers/tee/tee_private.h | 14 + drivers/tee/tee_shm.c | 157 +++++++++- include/linux/tee_core.h | 59 ++++ include/linux/tee_drv.h | 10 + include/uapi/linux/tee.h | 31 ++ 20 files changed, 1670 insertions(+), 67 deletions(-) create mode 100644 drivers/tee/optee/protmem.c create mode 100644 drivers/tee/tee_heap.c base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9 -- 2.43.0

2 weeks, 6 days

[PATCH v7 0/5] dma-buf: heaps: Create a CMA heap for each CMA reserved region

by Maxime Ripard

Hi, Here's another attempt at supporting user-space allocations from a specific carved-out reserved memory region. The initial problem we were discussing was that I'm currently working on a platform which has a memory layout with ECC enabled. However, enabling the ECC has a number of drawbacks on that platform: lower performance, increased memory usage, etc. So for things like framebuffers, the trade-off isn't great and thus there's a memory region with ECC disabled to allocate from for such use cases. After a suggestion from John, I chose to first start using heap allocations flags to allow for userspace to ask for a particular ECC setup. This is then backed by a new heap type that runs from reserved memory chunks flagged as such, and the existing DT properties to specify the ECC properties. After further discussion, it was considered that flags were not the right solution, and relying on the names of the heaps would be enough to let userspace know the kind of buffer it deals with. Thus, even though the uAPI part of it had been dropped in this second version, we still needed a driver to create heaps out of carved-out memory regions. In addition to the original usecase, a similar driver can be found in BSPs from most vendors, so I believe it would be a useful addition to the kernel. Some extra discussion with Rob Herring [1] came to the conclusion that some specific compatible for this is not great either, and as such an new driver probably isn't called for either. Some other discussions we had with John [2] also dropped some hints that multiple CMA heaps might be a good idea, and some vendors seem to do that too. So here's another attempt that doesn't affect the device tree at all and will just create a heap for every CMA reserved memory region. It also falls nicely into the current plan we have to support cgroups in DRM/KMS and v4l2, which is an additional benefit. Let me know what you think, Maxime 1: https://lore.kernel.org/all/20250707-cobalt-dingo-of-serenity-dbf92c@houat/ 2: https://lore.kernel.org/all/CANDhNCroe6ZBtN_o=c71kzFFaWK-fF5rCdnr9P5h1sgPOW… Let me know what you think, Maxime Signed-off-by: Maxime Ripard <mripard(a)kernel.org> --- Changes in v7: - Invert the logic and register CMA heap from the reserved memory / dma contiguous code, instead of iterating over them from the CMA heap. - Link to v6: https://lore.kernel.org/r/20250709-dma-buf-ecc-heap-v6-0-dac9bf80f35d@kerne… Changes in v6: - Drop the new driver and allocate a CMA heap for each region now - Dropped the binding - Rebased on 6.16-rc5 - Link to v5: https://lore.kernel.org/r/20250617-dma-buf-ecc-heap-v5-0-0abdc5863a4f@kerne… Changes in v5: - Rebased on 6.16-rc2 - Switch from property to dedicated binding - Link to v4: https://lore.kernel.org/r/20250520-dma-buf-ecc-heap-v4-1-bd2e1f1bb42c@kerne… Changes in v4: - Rebased on 6.15-rc7 - Map buffers only when map is actually called, not at allocation time - Deal with restricted-dma-pool and shared-dma-pool - Reword Kconfig options - Properly report dma_map_sgtable failures - Link to v3: https://lore.kernel.org/r/20250407-dma-buf-ecc-heap-v3-0-97cdd36a5f29@kerne… Changes in v3: - Reworked global variable patch - Link to v2: https://lore.kernel.org/r/20250401-dma-buf-ecc-heap-v2-0-043fd006a1af@kerne… Changes in v2: - Add vmap/vunmap operations - Drop ECC flags uapi - Rebase on top of 6.14 - Link to v1: https://lore.kernel.org/r/20240515-dma-buf-ecc-heap-v1-0-54cbbd049511@kerne… --- Maxime Ripard (5): doc: dma-buf: List the heaps by name dma-buf: heaps: cma: Register list of CMA regions at boot dma: contiguous: Register reusable CMA regions at boot dma: contiguous: Reserve default CMA heap dma-buf: heaps: cma: Create CMA heap for each CMA reserved region Documentation/userspace-api/dma-buf-heaps.rst | 24 ++++++++------ MAINTAINERS | 1 + drivers/dma-buf/heaps/Kconfig | 10 ------ drivers/dma-buf/heaps/cma_heap.c | 47 +++++++++++++++++---------- include/linux/dma-buf/heaps/cma.h | 16 +++++++++ kernel/dma/contiguous.c | 11 +++++++ 6 files changed, 72 insertions(+), 37 deletions(-) --- base-commit: 47633099a672fc7bfe604ef454e4f116e2c954b1 change-id: 20240515-dma-buf-ecc-heap-28a311d2c94e prerequisite-message-id: <20250610131231.1724627-1-jkangas(a)redhat.com> prerequisite-patch-id: bc44be5968feb187f2bc1b8074af7209462b18e7 prerequisite-patch-id: f02a91b723e5ec01fbfedf3c3905218b43d432da prerequisite-patch-id: e944d0a3e22f2cdf4d3b3906e5603af934696deb Best regards, -- Maxime Ripard <mripard(a)kernel.org>

3 weeks

Re: [PATCH v11 2/9] dma-buf: dma-heap: export declared functions

by T.J. Mercier

On Wed, Aug 13, 2025 at 11:13 PM Sumit Garg <sumit.garg(a)kernel.org> wrote: > > On Wed, Aug 13, 2025 at 08:02:51AM +0200, Jens Wiklander wrote: > > Export the dma-buf heap functions to allow them to be used by the OP-TEE > > driver. The OP-TEE driver wants to register and manage specific secure > > DMA heaps with it. > > > > Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> > > Reviewed-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> > > --- > > drivers/dma-buf/dma-heap.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > Can we get an ack from DMAbuf maintainers here? With that we should be > able to queue this patch-set for linux-next targetting the 6.18 merge > window. > > -Sumit Reviewed-by: T.J. Mercier <tjmercier(a)google.com> Sorry I haven't been able to participate much upstream lately. > > > diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c > > index 3cbe87d4a464..cdddf0e24dce 100644 > > --- a/drivers/dma-buf/dma-heap.c > > +++ b/drivers/dma-buf/dma-heap.c > > @@ -202,6 +202,7 @@ void *dma_heap_get_drvdata(struct dma_heap *heap) > > { > > return heap->priv; > > } > > +EXPORT_SYMBOL(dma_heap_get_drvdata); > > > > /** > > * dma_heap_get_name - get heap name > > @@ -214,6 +215,7 @@ const char *dma_heap_get_name(struct dma_heap *heap) > > { > > return heap->name; > > } > > +EXPORT_SYMBOL(dma_heap_get_name); > > > > /** > > * dma_heap_add - adds a heap to dmabuf heaps > > @@ -303,6 +305,7 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info) > > kfree(heap); > > return err_ret; > > } > > +EXPORT_SYMBOL(dma_heap_add); > > > > static char *dma_heap_devnode(const struct device *dev, umode_t *mode) > > { > > -- > > 2.43.0 > >

3 weeks

Re: [PATCH v11 05/11] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF

by Jens Wiklander

Hi Amir, On Thu, Sep 11, 2025 at 5:41 AM Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> wrote: > > For drivers that can transfer data to the TEE without using shared > memory from client, it is necessary to receive the user address > directly, bypassing any processing by the TEE subsystem. Introduce > TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent > userspace buffers. > > Reviewed-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> > Tested-by: Harshal Dev <quic_hdev(a)quicinc.com> > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > --- > drivers/tee/tee_core.c | 33 +++++++++++++++++++++++++++++++++ > include/linux/tee_drv.h | 6 ++++++ > include/uapi/linux/tee.h | 22 ++++++++++++++++------ > 3 files changed, 55 insertions(+), 6 deletions(-) > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c > index f8534a00c56c..bb2e3a6c23a3 100644 > --- a/drivers/tee/tee_core.c > +++ b/drivers/tee/tee_core.c > @@ -457,6 +457,17 @@ static int params_from_user(struct tee_context *ctx, struct tee_param *params, > params[n].u.value.b = ip.b; > params[n].u.value.c = ip.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); > + params[n].u.ubuf.size = ip.b; > + > + if (!access_ok(params[n].u.ubuf.uaddr, > + params[n].u.ubuf.size)) > + return -EFAULT; > + > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > @@ -490,6 +501,11 @@ static int params_to_user(struct tee_ioctl_param __user *uparams, > put_user(p->u.value.c, &up->c)) > return -EFAULT; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + if (put_user((u64)p->u.ubuf.size, &up->b)) > + return -EFAULT; > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > if (put_user((u64)p->u.memref.size, &up->b)) > @@ -690,6 +706,13 @@ static int params_to_supp(struct tee_context *ctx, > ip.b = p->u.value.b; > ip.c = p->u.value.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + ip.a = (__force u64)p->u.ubuf.uaddr; There's a warning on arm32: drivers/tee/tee_core.c: In function 'params_to_supp': drivers/tee/tee_core.c:821:32: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 821 | ip.a = (__force u64)p->u.ubuf.uaddr; I think you need to cast to unsigned long instead. Cheers, Jens > + ip.b = p->u.ubuf.size; > + ip.c = 0; > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > @@ -792,6 +815,16 @@ static int params_from_supp(struct tee_param *params, size_t num_params, > p->u.value.b = ip.b; > p->u.value.c = ip.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + p->u.ubuf.uaddr = u64_to_user_ptr(ip.a); > + p->u.ubuf.size = ip.b; > + > + if (!access_ok(params[n].u.ubuf.uaddr, > + params[n].u.ubuf.size)) > + return -EFAULT; > + > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > /* > diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h > index 824f1251de60..7915e8869cbd 100644 > --- a/include/linux/tee_drv.h > +++ b/include/linux/tee_drv.h > @@ -82,6 +82,11 @@ struct tee_param_memref { > struct tee_shm *shm; > }; > > +struct tee_param_ubuf { > + void __user *uaddr; > + size_t size; > +}; > + > struct tee_param_value { > u64 a; > u64 b; > @@ -92,6 +97,7 @@ struct tee_param { > u64 attr; > union { > struct tee_param_memref memref; > + struct tee_param_ubuf ubuf; > struct tee_param_value value; > } u; > }; > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h > index d843cf980d98..0e3b735dcfca 100644 > --- a/include/uapi/linux/tee.h > +++ b/include/uapi/linux/tee.h > @@ -151,6 +151,13 @@ struct tee_ioctl_buf_data { > #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6 > #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */ > > +/* > + * These defines userspace buffer parameters. > + */ > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT 8 > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT 9 > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT 10 /* input and output */ > + > /* > * Mask for the type part of the attribute, leaves room for more types > */ > @@ -186,14 +193,17 @@ struct tee_ioctl_buf_data { > /** > * struct tee_ioctl_param - parameter > * @attr: attributes > - * @a: if a memref, offset into the shared memory object, else a value parameter > - * @b: if a memref, size of the buffer, else a value parameter > + * @a: if a memref, offset into the shared memory object, > + * else if a ubuf, address of the user buffer, > + * else a value parameter > + * @b: if a memref or ubuf, size of the buffer, else a value parameter > * @c: if a memref, shared memory identifier, else a value parameter > * > - * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in > - * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and > - * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE > - * indicates that none of the members are used. > + * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref, ubuf, or value is > + * used in the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value, > + * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref, and TEE_PARAM_ATTR_TYPE_UBUF_* > + * indicates ubuf. TEE_PARAM_ATTR_TYPE_NONE indicates that none of the members > + * are used. > * > * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an > * identifier representing the shared memory object. A memref can reference > > -- > 2.34.1 >

3 weeks

Re: [PATCH v9 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Bjorn Andersson

On Mon, Sep 01, 2025 at 09:55:47PM -0700, Amirreza Zarrabi wrote: > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > > Kernel and userspace services are also available to QTEE through a > similar approach. QTEE makes callback requests that are converted into > object invocations. These objects can represent services within the > kernel or userspace process. > > Note: This patch series focuses on QTEE objects and userspace services. > > Linux already provides a TEE subsystem, which is described in [1]. The > tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which > can be used by userspace to talk to a TEE backend driver. We extend the > Linux TEE subsystem to understand object parameters and an ioctl call so > client can invoke objects in QTEE: > > - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* > - TEE_IOC_OBJECT_INVOKE > > The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are > used for invoking services in the userspace process by QTEE. > > The TEE backend driver uses the QTEE Transport Message to communicate > with QTEE. Interactions through the object INVOKE interface are > translated into QTEE messages. Likewise, object invocations from QTEE > for userspace objects are converted into SEND/RECV ioctl calls to > supplicants. > > The details of QTEE Transport Message to communicate with QTEE is > available in [PATCH 12/12] Documentation: tee: Add Qualcomm TEE driver. > > You can run basic tests with following steps: > git clone https://github.com/quic/quic-teec.git > cd quic-teec > mkdir build > cmake .. -DCMAKE_TOOLCHAIN_FILE=CMakeToolchain.txt -DBUILD_UNITTEST=ON > > https://github.com/quic/quic-teec/blob/main/README.md lists dependencies > needed to build the above. > > More comprehensive tests are availabe at > https://github.com/qualcomm/minkipc. > > root@qcom-armv8a:~# qtee_supplicant & > root@qcom-armv8a:~# qtee_supplicant: process entry PPID = 378 > Total listener services to start = 4 > Opening CRequestTABuffer_open > Path /data/ > register_service ::Opening CRegisterTABufCBO_UID > Calling TAbufCBO Register > QTEE_SUPPLICANT RUNNING > > root@qcom-armv8a:~# smcinvoke_client -c /data 1 > Run callback obj test... > Load /data/tzecotestapp.mbn, size 52192, buf 0x1e44ba0. > System Time: 2024-02-27 17:26:31 > PASSED - Callback tests with Buffer inputs. > PASSED - Callback tests with Remote and Callback object inputs. > PASSED - Callback tests with Memory Object inputs. > TEST PASSED! > root@qcom-armv8a:~# > root@qcom-armv8a:~# smcinvoke_client -m /data 1 > Run memory obj test... > Load /data/tzecotestapp.mbn, size 52192, buf 0x26cafba0. > System Time: 2024-02-27 17:26:39 > PASSED - Single Memory Object access Test. > PASSED - Two Memory Object access Test. > TEST PASSED! > > This series has been tested for QTEE object invocations, including > loading a TA, requesting services from the TA, memory sharing, and > handling callback requests to a supplicant. > > Tested platforms: sm8650-mtp, sm8550-qrd, sm8650-qrd, sm8650-hdk > > [1] https://www.kernel.org/doc/Documentation/tee.txt > > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > Changes in v9: > - Remove unnecessary logging in qcom_scm_probe(). > - Replace the platform_device_alloc()/add() sequence with > platform_device_register_data(). > - Fixed sparse warning. > - Fixed documentation typo. > - Link to v8: > https://lore.kernel.org/r/20250820-qcom-tee-using-tee-ss-without-mem-obj-v8… > > Changes in v8: > - Check if arguments to qcom_scm_qtee_invoke_smc() and > qcom_scm_qtee_callback_response() are NULL. > - Add CPU_BIG_ENDIAN as a dependency to Kconfig. > - Fixed kernel bot errors. > - Link to v7: > https://lore.kernel.org/r/20250812-qcom-tee-using-tee-ss-without-mem-obj-v7… > > Changes in v7: > - Updated copyrights. > - Updated Acked-by: tags. > - Fixed kernel bot errors. > - Link to v6: > https://lore.kernel.org/r/20250713-qcom-tee-using-tee-ss-without-mem-obj-v6… > > Changes in v6: > - Relocate QTEE version into the driver's main service structure. > - Simplfies qcomtee_objref_to_arg() and qcomtee_objref_from_arg(). > - Enhanced the return logic of qcomtee_object_do_invoke_internal(). > - Improve comments and remove redundant checks. > - Improve helpers in qcomtee_msh.h to use GENMASK() and FIELD_GET(). > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > - Link to v5: > https://lore.kernel.org/r/20250526-qcom-tee-using-tee-ss-without-mem-obj-v5… > > Changes in v5: > - Remove references to kernel services and public APIs. > - Support auto detection for failing devices (e.g., RB1, RB4). > - Add helpers for obtaining client environment and service objects. > - Query the QTEE version and print it. > - Move remaining static variables, including the object table, to struct > qcomtee. > - Update TEE_MAX_ARG_SIZE to 4096. > - Add a dependancy to QCOM_TZMEM_MODE_SHMBRIDGE in Kconfig > - Reorganize code by removing release.c and qcom_scm.c. > - Add more error messages and improve comments. > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > - Link to v4: https://lore.kernel.org/r/20250428-qcom-tee-using-tee-ss-without-mem-obj-v4… > > Changes in v4: > - Move teedev_ctx_get/put and tee_device_get/put to tee_core.h. > - Rename object to id in struct tee_ioctl_object_invoke_arg. > - Replace spinlock with mutex for qtee_objects_idr. > - Move qcomtee_object_get to qcomtee_user/memobj_param_to_object. > - More code cleanup following the comments. > - Cleanup documentations. > - Update MAINTAINERS file. > - Link to v3: https://lore.kernel.org/r/20250327-qcom-tee-using-tee-ss-without-mem-obj-v3… > > Changes in v3: > - Export shm_bridge create/delete APIs. > - Enable support for QTEE memory objects. > - Update the memory management code to use the TEE subsystem for all > allocations using the pool. > - Move all driver states into the driver's main service struct. > - Add more documentations. > - Link to v2: https://lore.kernel.org/r/20250202-qcom-tee-using-tee-ss-without-mem-obj-v2… > > Changes in v2: > - Clean up commit messages and comments. > - Use better names such as ubuf instead of membuf or QCOMTEE prefix > instead of QCOM_TEE, or names that are more consistent with other > TEE-backend drivers such as qcomtee_context_data instead of > qcom_tee_context. > - Drop the DTS patch and instantiate the device from the scm driver. > - Use a single structure for all driver's internal states. > - Drop srcu primitives and use the existing mutex for synchronization > between the supplicant and QTEE. > - Directly use tee_context to track the lifetime of qcomtee_context_data. > - Add close_context() to be called when the user closes the tee_context. > - Link to v1: https://lore.kernel.org/r/20241202-qcom-tee-using-tee-ss-without-mem-obj-v1… > > Changes in v1: > - It is a complete rewrite to utilize the TEE subsystem. > - Link to RFC: https://lore.kernel.org/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3d… > > --- > Amirreza Zarrabi (11): > tee: allow a driver to allocate a tee_device without a pool > tee: add close_context to TEE driver operation > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > tee: increase TEE_MAX_ARG_SIZE to 4096 > firmware: qcom: scm: add support for object invocation > firmware: qcom: tzmem: export shm_bridge create/delete These two patches are for code maintained by me, the rest by Jens. So we will have to dance to get this merged. Is there are reason why these two are in the middle of the series? Do they need to come after the first 5 but before the next 3? Regards, Bjorn > tee: add Qualcomm TEE driver > tee: qcom: add primordial object > tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl > Documentation: tee: Add Qualcomm TEE driver > > Documentation/tee/index.rst | 1 + > Documentation/tee/qtee.rst | 96 ++++ > MAINTAINERS | 7 + > drivers/firmware/qcom/qcom_scm.c | 124 +++++ > drivers/firmware/qcom/qcom_scm.h | 7 + > drivers/firmware/qcom/qcom_tzmem.c | 63 ++- > drivers/tee/Kconfig | 1 + > drivers/tee/Makefile | 1 + > drivers/tee/qcomtee/Kconfig | 12 + > drivers/tee/qcomtee/Makefile | 9 + > drivers/tee/qcomtee/async.c | 182 ++++++ > drivers/tee/qcomtee/call.c | 820 +++++++++++++++++++++++++++ > drivers/tee/qcomtee/core.c | 915 +++++++++++++++++++++++++++++++ > drivers/tee/qcomtee/mem_obj.c | 169 ++++++ > drivers/tee/qcomtee/primordial_obj.c | 113 ++++ > drivers/tee/qcomtee/qcomtee.h | 185 +++++++ > drivers/tee/qcomtee/qcomtee_msg.h | 304 ++++++++++ > drivers/tee/qcomtee/qcomtee_object.h | 316 +++++++++++ > drivers/tee/qcomtee/shm.c | 150 +++++ > drivers/tee/qcomtee/user_obj.c | 692 +++++++++++++++++++++++ > drivers/tee/tee_core.c | 127 ++++- > drivers/tee/tee_private.h | 6 - > include/linux/firmware/qcom/qcom_scm.h | 6 + > include/linux/firmware/qcom/qcom_tzmem.h | 15 + > include/linux/tee_core.h | 54 +- > include/linux/tee_drv.h | 12 + > include/uapi/linux/tee.h | 56 +- > 27 files changed, 4415 insertions(+), 28 deletions(-) > --- > base-commit: 33bcf93b9a6b028758105680f8b538a31bc563cf > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > Best regards, > -- > Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> >

3 weeks, 2 days

Re: [PATCH v9 06/11] firmware: qcom: scm: add support for object invocation

by Bjorn Andersson

On Mon, Sep 01, 2025 at 09:55:53PM -0700, Amirreza Zarrabi wrote: > Qualcomm TEE (QTEE) hosts Trusted Applications (TAs) and services in > the secure world, accessed via objects. A QTEE client can invoke these > objects to request services. Similarly, QTEE can request services from > the nonsecure world using objects exported to the secure world. > > Add low-level primitives to facilitate the invocation of objects hosted > in QTEE, as well as those hosted in the nonsecure world. > > If support for object invocation is available, the qcom_scm allocates > a dedicated child platform device. The driver for this device communicates > with QTEE using low-level primitives. > > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> > Tested-by: Harshal Dev <quic_hdev(a)quicinc.com> > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > --- > drivers/firmware/qcom/qcom_scm.c | 124 +++++++++++++++++++++++++++++++++ > drivers/firmware/qcom/qcom_scm.h | 7 ++ > include/linux/firmware/qcom/qcom_scm.h | 6 ++ > 3 files changed, 137 insertions(+) > > diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c > index edeae6cdcf31..739ee9819549 100644 > --- a/drivers/firmware/qcom/qcom_scm.c > +++ b/drivers/firmware/qcom/qcom_scm.c > @@ -2094,6 +2094,127 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm) > > #endif /* CONFIG_QCOM_QSEECOM */ > > +/** > + * qcom_scm_qtee_invoke_smc() - Invoke a QTEE object. > + * @inbuf: start address of memory area used for inbound buffer. > + * @inbuf_size: size of the memory area used for inbound buffer. > + * @outbuf: start address of memory area used for outbound buffer. > + * @outbuf_size: size of the memory area used for outbound buffer. > + * @result: result of QTEE object invocation. > + * @response_type: response type returned by QTEE. > + * > + * @response_type determines how the contents of @inbuf and @outbuf > + * should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_INVOKE, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = inbuf, > + .args[1] = inbuf_size, > + .args[2] = outbuf, > + .args[3] = outbuf_size, > + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RW, QCOM_SCM_VAL, > + QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + if (response_type) > + *response_type = res.result[0]; > + > + if (result) > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_invoke_smc); > + > +/** > + * qcom_scm_qtee_callback_response() - Submit response for callback request. > + * @buf: start address of memory area used for outbound buffer. > + * @buf_size: size of the memory area used for outbound buffer. > + * @result: Result of QTEE object invocation. > + * @response_type: Response type returned by QTEE. > + * > + * @response_type determines how the contents of @buf should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_CB_RSP, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = buf, > + .args[1] = buf_size, > + .arginfo = QCOM_SCM_ARGS(2, QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + if (response_type) > + *response_type = res.result[0]; > + > + if (result) > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_callback_response); > + > +static void qcom_scm_qtee_free(void *data) > +{ > + struct platform_device *qtee_dev = data; > + > + platform_device_unregister(qtee_dev); > +} > + > +static void qcom_scm_qtee_init(struct qcom_scm *scm) > +{ > + struct platform_device *qtee_dev; > + u64 result, response_type; > + int ret; > + > + /* > + * Probe for smcinvoke support. This will fail due to invalid buffers, > + * but first, it checks whether the call is supported in QTEE syscall > + * handler. If it is not supported, -EIO is returned. > + */ > + ret = qcom_scm_qtee_invoke_smc(0, 0, 0, 0, &result, &response_type); > + if (ret == -EIO) > + return; > + > + /* Setup QTEE interface device. */ > + qtee_dev = platform_device_register_data(scm->dev, "qcomtee", > + PLATFORM_DEVID_NONE, NULL, 0); > + if (IS_ERR(qtee_dev)) { > + dev_err(scm->dev, "qcomtee: register failed: %d\n", > + PTR_ERR(qtee_dev)); This isn't going to fail, and all expected paths that it would fail will be -ENOMEM which already printed a warning. So, I'd suggest that you resolve the LKP build warning by dropping the print. > + return; > + } > + > + ret = devm_add_action_or_reset(scm->dev, qcom_scm_qtee_free, qtee_dev); > + if (ret) > + dev_err(scm->dev, "qcomtee: add action failed: %d\n", ret); The only possible error here is -ENOMEM, so you can skip the print. Regards, Bjorn > +} > + > /** > * qcom_scm_is_available() - Checks if SCM is available > */ > @@ -2326,6 +2447,9 @@ static int qcom_scm_probe(struct platform_device *pdev) > ret = qcom_scm_qseecom_init(scm); > WARN(ret < 0, "failed to initialize qseecom: %d\n", ret); > > + /* Initialize the QTEE object interface. */ > + qcom_scm_qtee_init(scm); > + > return 0; > } > > diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h > index 0e8dd838099e..a56c8212cc0c 100644 > --- a/drivers/firmware/qcom/qcom_scm.h > +++ b/drivers/firmware/qcom/qcom_scm.h > @@ -156,6 +156,13 @@ int qcom_scm_shm_bridge_enable(struct device *scm_dev); > #define QCOM_SCM_SVC_GPU 0x28 > #define QCOM_SCM_SVC_GPU_INIT_REGS 0x01 > > +/* ARM_SMCCC_OWNER_TRUSTED_OS calls */ > + > +#define QCOM_SCM_SVC_SMCINVOKE 0x06 > +#define QCOM_SCM_SMCINVOKE_INVOKE_LEGACY 0x00 > +#define QCOM_SCM_SMCINVOKE_CB_RSP 0x01 > +#define QCOM_SCM_SMCINVOKE_INVOKE 0x02 > + > /* common error codes */ > #define QCOM_SCM_V2_EBUSY -12 > #define QCOM_SCM_ENOMEM -5 > diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h > index 0f667bf1d4d9..a55ca771286b 100644 > --- a/include/linux/firmware/qcom/qcom_scm.h > +++ b/include/linux/firmware/qcom/qcom_scm.h > @@ -175,4 +175,10 @@ static inline int qcom_scm_qseecom_app_send(u32 app_id, > > #endif /* CONFIG_QCOM_QSEECOM */ > > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type); > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type); > + > #endif > > -- > 2.34.1 >

3 weeks, 2 days

Re: [PATCH v7 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Jens Wiklander

On Tue, Sep 9, 2025 at 6:34 AM Sumit Garg <sumit.garg(a)kernel.org> wrote: > > On Tue, Aug 12, 2025 at 05:35:29PM -0700, Amirreza Zarrabi wrote: > > This patch series introduces a Trusted Execution Environment (TEE) > > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > > and services to run securely. It uses an object-based interface, where > > each service is an object with sets of operations. Clients can invoke > > these operations on objects, which can generate results, including other > > objects. For example, an object can load a TA and return another object > > that represents the loaded TA, allowing access to its services. > > > > Kernel and userspace services are also available to QTEE through a > > similar approach. QTEE makes callback requests that are converted into > > object invocations. These objects can represent services within the > > kernel or userspace process. > > > > Note: This patch series focuses on QTEE objects and userspace services. > > > > Linux already provides a TEE subsystem, which is described in [1]. The > > tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which > > can be used by userspace to talk to a TEE backend driver. We extend the > > Linux TEE subsystem to understand object parameters and an ioctl call so > > client can invoke objects in QTEE: > > > > - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* > > - TEE_IOC_OBJECT_INVOKE > > > > The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are > > used for invoking services in the userspace process by QTEE. > > > > The TEE backend driver uses the QTEE Transport Message to communicate > > with QTEE. Interactions through the object INVOKE interface are > > translated into QTEE messages. Likewise, object invocations from QTEE > > for userspace objects are converted into SEND/RECV ioctl calls to > > supplicants. > > > > The details of QTEE Transport Message to communicate with QTEE is > > available in [PATCH 12/12] Documentation: tee: Add Qualcomm TEE driver. > > > > You can run basic tests with following steps: > > git clone https://github.com/quic/quic-teec.git > > cd quic-teec > > mkdir build > > cmake .. -DCMAKE_TOOLCHAIN_FILE=CMakeToolchain.txt -DBUILD_UNITTEST=ON > > > > https://github.com/quic/quic-teec/blob/main/README.md lists dependencies > > needed to build the above. > > > > More comprehensive tests are availabe at > > https://github.com/qualcomm/minkipc. > > > > root@qcom-armv8a:~# qtee_supplicant & > > root@qcom-armv8a:~# qtee_supplicant: process entry PPID = 378 > > Total listener services to start = 4 > > Opening CRequestTABuffer_open > > Path /data/ > > register_service ::Opening CRegisterTABufCBO_UID > > Calling TAbufCBO Register > > QTEE_SUPPLICANT RUNNING > > > > root@qcom-armv8a:~# smcinvoke_client -c /data 1 > > Run callback obj test... > > Load /data/tzecotestapp.mbn, size 52192, buf 0x1e44ba0. > > System Time: 2024-02-27 17:26:31 > > PASSED - Callback tests with Buffer inputs. > > PASSED - Callback tests with Remote and Callback object inputs. > > PASSED - Callback tests with Memory Object inputs. > > TEST PASSED! > > root@qcom-armv8a:~# > > root@qcom-armv8a:~# smcinvoke_client -m /data 1 > > Run memory obj test... > > Load /data/tzecotestapp.mbn, size 52192, buf 0x26cafba0. > > System Time: 2024-02-27 17:26:39 > > PASSED - Single Memory Object access Test. > > PASSED - Two Memory Object access Test. > > TEST PASSED! > > > > This series has been tested for QTEE object invocations, including > > loading a TA, requesting services from the TA, memory sharing, and > > handling callback requests to a supplicant. > > > > Tested platforms: sm8650-mtp, sm8550-qrd, sm8650-qrd, sm8650-hdk > > > > [1] https://www.kernel.org/doc/Documentation/tee.txt > > > > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > > > At this point, I think this series is ready to be applied to linux-next. There are still some warnings in "[PATCH v9 06/11] firmware: qcom: scm: add support for object invocation" /Jens > > > Changes in v7: > > - Updated copyrights. > > - Updated Acked-by: tags. > > - Fixed kernel bot errors. > > - Link to v6: > > https://lore.kernel.org/r/20250713-qcom-tee-using-tee-ss-without-mem-obj-v6… > > > > Changes in v6: > > - Relocate QTEE version into the driver's main service structure. > > - Simplfies qcomtee_objref_to_arg() and qcomtee_objref_from_arg(). > > - Enhanced the return logic of qcomtee_object_do_invoke_internal(). > > - Improve comments and remove redundant checks. > > - Improve helpers in qcomtee_msh.h to use GENMASK() and FIELD_GET(). > > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > > - Link to v5: > > https://lore.kernel.org/r/20250526-qcom-tee-using-tee-ss-without-mem-obj-v5… > > > > Changes in v5: > > - Remove references to kernel services and public APIs. > > - Support auto detection for failing devices (e.g., RB1, RB4). > > - Add helpers for obtaining client environment and service objects. > > - Query the QTEE version and print it. > > - Move remaining static variables, including the object table, to struct > > qcomtee. > > - Update TEE_MAX_ARG_SIZE to 4096. > > - Add a dependancy to QCOM_TZMEM_MODE_SHMBRIDGE in Kconfig > > - Reorganize code by removing release.c and qcom_scm.c. > > - Add more error messages and improve comments. > > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > > - Link to v4: https://lore.kernel.org/r/20250428-qcom-tee-using-tee-ss-without-mem-obj-v4… > > > > Changes in v4: > > - Move teedev_ctx_get/put and tee_device_get/put to tee_core.h. > > - Rename object to id in struct tee_ioctl_object_invoke_arg. > > - Replace spinlock with mutex for qtee_objects_idr. > > - Move qcomtee_object_get to qcomtee_user/memobj_param_to_object. > > - More code cleanup following the comments. > > - Cleanup documentations. > > - Update MAINTAINERS file. > > - Link to v3: https://lore.kernel.org/r/20250327-qcom-tee-using-tee-ss-without-mem-obj-v3… > > > > Changes in v3: > > - Export shm_bridge create/delete APIs. > > - Enable support for QTEE memory objects. > > - Update the memory management code to use the TEE subsystem for all > > allocations using the pool. > > - Move all driver states into the driver's main service struct. > > - Add more documentations. > > - Link to v2: https://lore.kernel.org/r/20250202-qcom-tee-using-tee-ss-without-mem-obj-v2… > > > > Changes in v2: > > - Clean up commit messages and comments. > > - Use better names such as ubuf instead of membuf or QCOMTEE prefix > > instead of QCOM_TEE, or names that are more consistent with other > > TEE-backend drivers such as qcomtee_context_data instead of > > qcom_tee_context. > > - Drop the DTS patch and instantiate the device from the scm driver. > > - Use a single structure for all driver's internal states. > > - Drop srcu primitives and use the existing mutex for synchronization > > between the supplicant and QTEE. > > - Directly use tee_context to track the lifetime of qcomtee_context_data. > > - Add close_context() to be called when the user closes the tee_context. > > - Link to v1: https://lore.kernel.org/r/20241202-qcom-tee-using-tee-ss-without-mem-obj-v1… > > > > Changes in v1: > > - It is a complete rewrite to utilize the TEE subsystem. > > - Link to RFC: https://lore.kernel.org/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3d… > > > > --- > > Amirreza Zarrabi (11): > > tee: allow a driver to allocate a tee_device without a pool > > tee: add close_context to TEE driver operation > > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF > > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > > tee: increase TEE_MAX_ARG_SIZE to 4096 > > > firmware: qcom: scm: add support for object invocation > > firmware: qcom: tzmem: export shm_bridge create/delete > > Bjorn/Konrad, > > Since majority of this series belong to TEE subsystem, are you folks > fine to ack these patches for Jens to pick them up for next? > > -Sumit > > > tee: add Qualcomm TEE driver > > qcomtee: add primordial object > > qcomtee: enable TEE_IOC_SHM_ALLOC ioctl > > Documentation: tee: Add Qualcomm TEE driver > > > > > > > Documentation/tee/index.rst | 1 + > > Documentation/tee/qtee.rst | 96 ++++ > > MAINTAINERS | 7 + > > drivers/firmware/qcom/qcom_scm.c | 128 +++++ > > drivers/firmware/qcom/qcom_scm.h | 7 + > > drivers/firmware/qcom/qcom_tzmem.c | 63 ++- > > drivers/tee/Kconfig | 1 + > > drivers/tee/Makefile | 1 + > > drivers/tee/qcomtee/Kconfig | 11 + > > drivers/tee/qcomtee/Makefile | 9 + > > drivers/tee/qcomtee/async.c | 183 ++++++ > > drivers/tee/qcomtee/call.c | 820 +++++++++++++++++++++++++++ > > drivers/tee/qcomtee/core.c | 920 +++++++++++++++++++++++++++++++ > > drivers/tee/qcomtee/mem_obj.c | 169 ++++++ > > drivers/tee/qcomtee/primordial_obj.c | 116 ++++ > > drivers/tee/qcomtee/qcomtee.h | 185 +++++++ > > drivers/tee/qcomtee/qcomtee_msg.h | 300 ++++++++++ > > drivers/tee/qcomtee/qcomtee_object.h | 316 +++++++++++ > > drivers/tee/qcomtee/shm.c | 150 +++++ > > drivers/tee/qcomtee/user_obj.c | 692 +++++++++++++++++++++++ > > drivers/tee/tee_core.c | 127 ++++- > > drivers/tee/tee_private.h | 6 - > > include/linux/firmware/qcom/qcom_scm.h | 6 + > > include/linux/firmware/qcom/qcom_tzmem.h | 15 + > > include/linux/tee_core.h | 54 +- > > include/linux/tee_drv.h | 12 + > > include/uapi/linux/tee.h | 56 +- > > 27 files changed, 4423 insertions(+), 28 deletions(-) > > --- > > base-commit: 2674d1eadaa2fd3a918dfcdb6d0bb49efe8a8bb9 > > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > > > Best regards, > > -- > > Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > > >

3 weeks, 2 days

Re: [PATCH v7 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support

by kernel test robot

Hi Jyothi, kernel test robot noticed the following build warnings: [auto build test WARNING on vkoul-dmaengine/next] [also build test WARNING on andi-shyti/i2c/i2c-host linus/master v6.17-rc4 next-20250905] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Jyothi-Kumar-Seerapu/dmaengi… base: https://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine.git next patch link: https://lore.kernel.org/r/20250903073059.2151837-3-quic_jseerapu%40quicinc.… patch subject: [PATCH v7 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20250906/202509062008.lSOdhd4U-lkp@…) compiler: gcc-13 (Debian 13.3.0-16) 13.3.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250906/202509062008.lSOdhd4U-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202509062008.lSOdhd4U-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/i2c/busses/i2c-qcom-geni.c: In function 'geni_i2c_gpi_multi_desc_unmap': >> drivers/i2c/busses/i2c-qcom-geni.c:576:42: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 576 | NULL, (dma_addr_t)NULL); | ^ vim +576 drivers/i2c/busses/i2c-qcom-geni.c 555 556 /** 557 * geni_i2c_gpi_multi_desc_unmap() - Unmaps DMA buffers post multi message TX transfers 558 * @gi2c: I2C dev handle 559 * @msgs: Array of I2C messages 560 * @peripheral: Pointer to gpi_i2c_config 561 */ 562 static void geni_i2c_gpi_multi_desc_unmap(struct geni_i2c_dev *gi2c, struct i2c_msg msgs[], 563 struct gpi_i2c_config *peripheral) 564 { 565 u32 msg_xfer_cnt, wr_idx = 0; 566 struct geni_i2c_gpi_multi_desc_xfer *tx_multi_xfer = &gi2c->i2c_multi_desc_config; 567 568 msg_xfer_cnt = gi2c->err ? tx_multi_xfer->msg_idx_cnt : tx_multi_xfer->irq_cnt; 569 570 /* Unmap the processed DMA buffers based on the received interrupt count */ 571 for (; tx_multi_xfer->unmap_msg_cnt < msg_xfer_cnt; tx_multi_xfer->unmap_msg_cnt++) { 572 wr_idx = tx_multi_xfer->unmap_msg_cnt; 573 geni_i2c_gpi_unmap(gi2c, &msgs[wr_idx], 574 tx_multi_xfer->dma_buf[wr_idx], 575 tx_multi_xfer->dma_addr[wr_idx], > 576 NULL, (dma_addr_t)NULL); 577 578 if (tx_multi_xfer->unmap_msg_cnt == gi2c->num_msgs - 1) { 579 kfree(tx_multi_xfer->dma_buf); 580 kfree(tx_multi_xfer->dma_addr); 581 break; 582 } 583 } 584 } 585 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

3 weeks, 5 days

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig September 2025