Message ID | 20231111111559.8218-2-yong.wu@mediatek.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | dma-buf: heaps: Add secure heap | expand |
On Sat, Nov 11, 2023 at 3:16 AM Yong Wu <yong.wu@mediatek.com> wrote: > > Initialize a secure heap. Currently just add a null heap, Prepare for > the later patches. > > Signed-off-by: Yong Wu <yong.wu@mediatek.com> > --- > drivers/dma-buf/heaps/Kconfig | 7 +++ > drivers/dma-buf/heaps/Makefile | 1 + > drivers/dma-buf/heaps/secure_heap.c | 98 +++++++++++++++++++++++++++++ > 3 files changed, 106 insertions(+) > create mode 100644 drivers/dma-buf/heaps/secure_heap.c > > diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig > index a5eef06c4226..e358bf711145 100644 > --- a/drivers/dma-buf/heaps/Kconfig > +++ b/drivers/dma-buf/heaps/Kconfig > @@ -12,3 +12,10 @@ config DMABUF_HEAPS_CMA > Choose this option to enable dma-buf CMA heap. This heap is backed > by the Contiguous Memory Allocator (CMA). If your system has these > regions, you should say Y here. > + > +config DMABUF_HEAPS_SECURE > + bool "DMA-BUF Secure Heap" > + depends on DMABUF_HEAPS && TEE > + help > + Choose this option to enable dma-buf secure heap. This heap is backed by > + TEE client interfaces or CMA. If in doubt, say N. Remove the mention of TEE and CMA from this. You should probably add two KConfig options. One is for DMABUF_HEAPS_SECURE which is for the framework for secure heaps. The other one should be: config MTK_DMABUF_HEAPS_SECURE bool "Mediatek DMA-BUF Secure Heap" depends on DMABUF_HEAPS_SECURE && TEE help Enables secure dma-buf heaps for Mediatek platforms. > diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile > index 974467791032..b1ad9d1f2fbe 100644 > --- a/drivers/dma-buf/heaps/Makefile > +++ b/drivers/dma-buf/heaps/Makefile > @@ -1,3 +1,4 @@ > # SPDX-License-Identifier: GPL-2.0 > +obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o > obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o > obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o > diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c > new file mode 100644 > index 000000000000..a634051a0a67 > --- /dev/null > +++ b/drivers/dma-buf/heaps/secure_heap.c > @@ -0,0 +1,98 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * DMABUF secure heap exporter > + * > + * Copyright (C) 2023 MediaTek Inc. > + */ > + > +#include <linux/dma-buf.h> > +#include <linux/dma-heap.h> > +#include <linux/err.h> > +#include <linux/module.h> > +#include <linux/slab.h> > + > +enum secure_memory_type { > + /* > + * MediaTek static chunk memory carved out for TrustZone. The memory > + * management is inside the TEE. > + */ > + SECURE_MEMORY_TYPE_MTK_CM_TZ = 1, Mediatek specific code for secure dma heaps should go into a new file (maybe secure_heap_mtk.c which the MTK_DMABUF_HEAPS_SECURE option enables). > +}; > + > +struct secure_buffer { > + struct dma_heap *heap; > + size_t size; > +}; > + > +struct secure_heap { > + const char *name; > + const enum secure_memory_type mem_type; secure_memory_type is going to be in the vendor specific implementation, I don't think you need it in the framework. > +}; You should probably move these to a <linux/dma-heap-secure.h> file so they can be shared by the framework and the specific implementation (in this case vendor specific). > + > +static struct dma_buf * > +secure_heap_allocate(struct dma_heap *heap, unsigned long size, > + unsigned long fd_flags, unsigned long heap_flags) > +{ > + struct secure_buffer *sec_buf; > + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); > + struct dma_buf *dmabuf; > + int ret; > + > + sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL); > + if (!sec_buf) > + return ERR_PTR(-ENOMEM); > + > + sec_buf->size = ALIGN(size, PAGE_SIZE); > + sec_buf->heap = heap; > + > + exp_info.exp_name = dma_heap_get_name(heap); > + exp_info.size = sec_buf->size; > + exp_info.flags = fd_flags; > + exp_info.priv = sec_buf; > + > + dmabuf = dma_buf_export(&exp_info); > + if (IS_ERR(dmabuf)) { > + ret = PTR_ERR(dmabuf); > + goto err_free_buf; > + } > + > + return dmabuf; > + > +err_free_buf: > + kfree(sec_buf); > + return ERR_PTR(ret); > +} > + > +static const struct dma_heap_ops sec_heap_ops = { > + .allocate = secure_heap_allocate, > +}; > + > +static struct secure_heap secure_heaps[] = { > + { > + .name = "secure_mtk_cm", > + .mem_type = SECURE_MEMORY_TYPE_MTK_CM_TZ, > + }, > +}; Move this to the vendor specific implementation. > + > +static int secure_heap_init(void) > +{ > + struct secure_heap *sec_heap = secure_heaps; > + struct dma_heap_export_info exp_info; > + struct dma_heap *heap; > + unsigned int i; > + > + for (i = 0; i < ARRAY_SIZE(secure_heaps); i++, sec_heap++) { > + exp_info.name = sec_heap->name; > + exp_info.ops = &sec_heap_ops; > + exp_info.priv = (void *)sec_heap; > + > + heap = dma_heap_add(&exp_info); > + if (IS_ERR(heap)) > + return PTR_ERR(heap); > + } > + return 0; > +} secure_heap_init should take a 'struct secure_heap*' as an argument and be defined in dma-heap-secure.h. > + > +module_init(secure_heap_init); > +MODULE_DESCRIPTION("Secure Heap Driver"); > +MODULE_LICENSE("GPL"); Remove from this file, it should go in the specific implementations. > -- > 2.25.1 >
diff --git a/drivers/dma-buf/heaps/Kconfig b/drivers/dma-buf/heaps/Kconfig index a5eef06c4226..e358bf711145 100644 --- a/drivers/dma-buf/heaps/Kconfig +++ b/drivers/dma-buf/heaps/Kconfig @@ -12,3 +12,10 @@ config DMABUF_HEAPS_CMA Choose this option to enable dma-buf CMA heap. This heap is backed by the Contiguous Memory Allocator (CMA). If your system has these regions, you should say Y here. + +config DMABUF_HEAPS_SECURE + bool "DMA-BUF Secure Heap" + depends on DMABUF_HEAPS && TEE + help + Choose this option to enable dma-buf secure heap. This heap is backed by + TEE client interfaces or CMA. If in doubt, say N. diff --git a/drivers/dma-buf/heaps/Makefile b/drivers/dma-buf/heaps/Makefile index 974467791032..b1ad9d1f2fbe 100644 --- a/drivers/dma-buf/heaps/Makefile +++ b/drivers/dma-buf/heaps/Makefile @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0 +obj-$(CONFIG_DMABUF_HEAPS_SECURE) += secure_heap.o obj-$(CONFIG_DMABUF_HEAPS_SYSTEM) += system_heap.o obj-$(CONFIG_DMABUF_HEAPS_CMA) += cma_heap.o diff --git a/drivers/dma-buf/heaps/secure_heap.c b/drivers/dma-buf/heaps/secure_heap.c new file mode 100644 index 000000000000..a634051a0a67 --- /dev/null +++ b/drivers/dma-buf/heaps/secure_heap.c @@ -0,0 +1,98 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * DMABUF secure heap exporter + * + * Copyright (C) 2023 MediaTek Inc. + */ + +#include <linux/dma-buf.h> +#include <linux/dma-heap.h> +#include <linux/err.h> +#include <linux/module.h> +#include <linux/slab.h> + +enum secure_memory_type { + /* + * MediaTek static chunk memory carved out for TrustZone. The memory + * management is inside the TEE. + */ + SECURE_MEMORY_TYPE_MTK_CM_TZ = 1, +}; + +struct secure_buffer { + struct dma_heap *heap; + size_t size; +}; + +struct secure_heap { + const char *name; + const enum secure_memory_type mem_type; +}; + +static struct dma_buf * +secure_heap_allocate(struct dma_heap *heap, unsigned long size, + unsigned long fd_flags, unsigned long heap_flags) +{ + struct secure_buffer *sec_buf; + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); + struct dma_buf *dmabuf; + int ret; + + sec_buf = kzalloc(sizeof(*sec_buf), GFP_KERNEL); + if (!sec_buf) + return ERR_PTR(-ENOMEM); + + sec_buf->size = ALIGN(size, PAGE_SIZE); + sec_buf->heap = heap; + + exp_info.exp_name = dma_heap_get_name(heap); + exp_info.size = sec_buf->size; + exp_info.flags = fd_flags; + exp_info.priv = sec_buf; + + dmabuf = dma_buf_export(&exp_info); + if (IS_ERR(dmabuf)) { + ret = PTR_ERR(dmabuf); + goto err_free_buf; + } + + return dmabuf; + +err_free_buf: + kfree(sec_buf); + return ERR_PTR(ret); +} + +static const struct dma_heap_ops sec_heap_ops = { + .allocate = secure_heap_allocate, +}; + +static struct secure_heap secure_heaps[] = { + { + .name = "secure_mtk_cm", + .mem_type = SECURE_MEMORY_TYPE_MTK_CM_TZ, + }, +}; + +static int secure_heap_init(void) +{ + struct secure_heap *sec_heap = secure_heaps; + struct dma_heap_export_info exp_info; + struct dma_heap *heap; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(secure_heaps); i++, sec_heap++) { + exp_info.name = sec_heap->name; + exp_info.ops = &sec_heap_ops; + exp_info.priv = (void *)sec_heap; + + heap = dma_heap_add(&exp_info); + if (IS_ERR(heap)) + return PTR_ERR(heap); + } + return 0; +} + +module_init(secure_heap_init); +MODULE_DESCRIPTION("Secure Heap Driver"); +MODULE_LICENSE("GPL");
Initialize a secure heap. Currently just add a null heap, Prepare for the later patches. Signed-off-by: Yong Wu <yong.wu@mediatek.com> --- drivers/dma-buf/heaps/Kconfig | 7 +++ drivers/dma-buf/heaps/Makefile | 1 + drivers/dma-buf/heaps/secure_heap.c | 98 +++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 drivers/dma-buf/heaps/secure_heap.c