From patchwork Tue May 21 21:25:51 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 10954543
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 552511708
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Tue, 21 May 2019 21:27:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43E6928A09
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Tue, 21 May 2019 21:27:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3867E28A71; Tue, 21 May 2019 21:27:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 741FC28A09
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Tue, 21 May 2019 21:27:46 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1hTCGj-0008Bf-7W; Tue, 21 May 2019 21:25:57 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=C2a6=TV=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1hTCGi-0008Ai-0j
 for xen-devel@lists.xenproject.org; Tue, 21 May 2019 21:25:56 +0000
X-Inumbo-ID: 03bf2ad0-7c0f-11e9-8980-bc764e045a96
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (unknown
 [2a01:111:f400:fe0d::60f])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 03bf2ad0-7c0f-11e9-8980-bc764e045a96;
 Tue, 21 May 2019 21:25:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OIqMIJZNJWHqjzcxzHljUOFxuawwdrleGYrLPmd9fi4=;
 b=ooAWNP2cOaJvoK7Vvd0kO3ox0Y3qe4poJTp8QoPacRAxOcfCNwBl12D+p2ymCxsLChoSRum8cNPG1gdo91oA7cdQm5iVXP6fleH2lduw+wXg9YIpppeOUEmXpL1tyPIJxr19YhN+oosFEWOtbHdLvtK8uQK7chVTE5EHDt3HtaSHbeJLQV+pJ3EWpwx2CeBxUIyUfpIx2d1xlczv74DTEUzFlfmu8r7DaWOjuJwRVt+scvkuPlUCUtYjO8G1BmQczk6VdTCHx7fjPNkii9Db9UvuZysDOfMDYRlje7xJzcp/ArqaAw/HKS/rrEfdVC5/ehh1XbUSHumFPjvQuqP3qA==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.176.214.210) by
 AM0PR03MB5698.eurprd03.prod.outlook.com (20.179.254.155) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1900.16; Tue, 21 May 2019 21:25:51 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::55c5:599a:1f80:208a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::55c5:599a:1f80:208a%3]) with mapi id 15.20.1900.020; Tue, 21 May 2019
 21:25:51 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH v5 03/10] xen/arm: optee: add OP-TEE mediator skeleton
Thread-Index: AQHVEBvDLs72BLmdtUy6R79fOBiNwA==
Date: Tue, 21 May 2019 21:25:51 +0000
Message-ID: <20190521212530.12706-4-volodymyr_babchuk@epam.com>
References: <20190521212530.12706-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190521212530.12706-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eeea60d7-de63-4cc9-c3cf-08d6de32e638
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020);
 SRVR:AM0PR03MB5698;
x-ms-traffictypediagnostic: AM0PR03MB5698:
x-microsoft-antispam-prvs: 
 <AM0PR03MB5698D3D89A3591251B7A3033E6070@AM0PR03MB5698.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(376002)(136003)(366004)(346002)(396003)(39860400002)(189003)(199004)(6512007)(6486002)(5640700003)(6436002)(68736007)(3846002)(2616005)(476003)(11346002)(6916009)(486006)(6116002)(76116006)(14444005)(256004)(64756008)(66476007)(478600001)(305945005)(66946007)(54906003)(316002)(7736002)(73956011)(71190400001)(72206003)(2501003)(66556008)(80792005)(71200400001)(66446008)(26005)(4326008)(14454004)(25786009)(102836004)(2906002)(55236004)(8936002)(81166006)(5660300002)(99286004)(66066001)(1076003)(36756003)(86362001)(53936002)(6506007)(81156014)(446003)(2351001)(186003)(8676002)(76176011)(2004002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB5698;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 a1K2Ew6v6Lo7GlxXAo51G0ic1WoNzClXHpP5cIA8tGviF8lEA00o3EgQvmILCHyMJSdiKlSmsOl2gN9PsVu6uuXfKbAG44gBr5TcNhy0enl+4E5HAjir3xsrU3+tTY/zLavs9gDr9RpTOCRIsTckoTAbau8sZ9h5y5IhdKtoYycyzbnFUyCxS+Dakwh0LO5CpPPEm0V5Mv3KjlRz3zBhd+qHyWnzdTr0F3zSkmpYwiIDX4YXzgarfACGR1hT2xPkGrfBdIt3qXNBUMkMSNsHEnXlFbyQWDVt54pzSZ9ISTa45FVB16kbE2rey9tuAVKjtMIixC0hFkOE6+fm7PcGUYc0HmhRdzGCbSMwFPHqAXaSLjGkqSOzCyhEEWPmjWN1nQfRIQaqz5kFkNS4161Ot/wrJ0aFdFppiulHFllHuG0=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 eeea60d7-de63-4cc9-c3cf-08d6de32e638
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 21:25:51.0625 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB5698
Subject: [Xen-devel] [PATCH v5 03/10] xen/arm: optee: add OP-TEE mediator
 skeleton
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Add very basic OP-TEE mediator. It can probe for OP-TEE presence,
tell it about domain creation/destruction and then return an error
to all calls to the guest.

This code issues two non-preemptible calls to OP-TEE: to create and
to destroy client context. They can't block in OP-TEE, as they are
considered "fast calls" in terms of ARM SMCCC.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Julien Grall <julien.grall@arm.com>
---

 All the patches to optee.c should be merged together. They were
 split to ease up review. But they depend heavily on each other.

Changes from v4:
  - Removed OPTEE_ENABLED macro. Empty (for now) struct optee_domain
    is used instead.
  - Removed forward_call() function, mediator now will return
    OPTEE_SMC_RETURN_ENOTAVAIL for all unimplemented calls
  - Fixed mistake when OPTEE_SMC_FUNCID_GET_OS_REVISION instead of
    OPTEE_SMC_CALL_GET_OS_REVISION was used
  - OP-TEE is informed about domain destruction in
    optee_relinquish_resources()
  - removed optee_domain_destroy() function because all job is done
    in the optee_relinquish_resources() function

Changes from v3:
  - Introduced optee_relinquish_resources() function to free
    mediator resources in a more controllable way

Changes from v2:
  - Fixed coding style
  - Introduced tee/Kconfig
  - Fixed error messages
---
 xen/arch/arm/Kconfig          |   2 +
 xen/arch/arm/domain.c         |   3 +-
 xen/arch/arm/tee/Kconfig      |   4 +
 xen/arch/arm/tee/Makefile     |   1 +
 xen/arch/arm/tee/optee.c      | 166 ++++++++++++++++++++++++++++++++++
 xen/include/asm-arm/domain.h  |   3 +
 xen/include/public/arch-arm.h |   1 +
 7 files changed, 179 insertions(+), 1 deletion(-)
 create mode 100644 xen/arch/arm/tee/Kconfig
 create mode 100644 xen/arch/arm/tee/optee.c

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index e527b2f885..99e6f0ebb2 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -237,3 +237,5 @@ source "arch/arm/platforms/Kconfig"
 source "common/Kconfig"
 
 source "drivers/Kconfig"
+
+source "arch/arm/tee/Kconfig"
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 0c8e50f48f..94e6f47f75 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -649,7 +649,8 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
         return -EINVAL;
     }
 
-    if ( config->arch.tee_type != XEN_DOMCTL_CONFIG_TEE_NONE )
+    if ( config->arch.tee_type != XEN_DOMCTL_CONFIG_TEE_NONE &&
+         config->arch.tee_type != tee_get_type() )
     {
         dprintk(XENLOG_INFO, "Unsupported TEE type\n");
         return -EINVAL;
diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig
new file mode 100644
index 0000000000..5b829db2e9
--- /dev/null
+++ b/xen/arch/arm/tee/Kconfig
@@ -0,0 +1,4 @@
+config OPTEE
+	bool "Enable OP-TEE mediator"
+	default n
+	depends on TEE
diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile
index c54d4796ff..982c879684 100644
--- a/xen/arch/arm/tee/Makefile
+++ b/xen/arch/arm/tee/Makefile
@@ -1 +1,2 @@
 obj-y += tee.o
+obj-$(CONFIG_OPTEE) += optee.o
diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
new file mode 100644
index 0000000000..e9b69bd2d2
--- /dev/null
+++ b/xen/arch/arm/tee/optee.c
@@ -0,0 +1,166 @@
+/*
+ * xen/arch/arm/tee/optee.c
+ *
+ * OP-TEE mediator. It sits in between OP-TEE and guests and performs
+ * actual calls to OP-TEE when some guest tries to interact with
+ * OP-TEE. As OP-TEE does not know about second stage MMU translation,
+ * mediator does this translation and performs other housekeeping tasks.
+ *
+ * OP-TEE ABI/protocol is described in two header files:
+ *  - optee_smc.h provides information about SMCs: all possible calls,
+ *    register allocation and return codes.
+ *  - optee_msg.h provides format for messages that are passed with
+ *    standard call OPTEE_SMC_CALL_WITH_ARG.
+ *
+ * Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+ * Copyright (c) 2018-2019 EPAM Systems.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <xen/device_tree.h>
+#include <xen/sched.h>
+
+#include <asm/smccc.h>
+#include <asm/tee/tee.h>
+#include <asm/tee/optee_msg.h>
+#include <asm/tee/optee_smc.h>
+
+/* Client ID 0 is reserved for the hypervisor itself */
+#define OPTEE_CLIENT_ID(domain) ((domain)->domain_id + 1)
+
+/* Domain context */
+struct optee_domain {
+};
+
+static bool optee_probe(void)
+{
+    struct dt_device_node *node;
+    struct arm_smccc_res resp;
+
+    /* Check for entry in dtb */
+    node = dt_find_compatible_node(NULL, NULL, "linaro,optee-tz");
+    if ( !node )
+        return false;
+
+    /* Check UID */
+    arm_smccc_smc(ARM_SMCCC_CALL_UID_FID(TRUSTED_OS_END), &resp);
+
+    if ( (uint32_t)resp.a0 != OPTEE_MSG_UID_0 ||
+         (uint32_t)resp.a1 != OPTEE_MSG_UID_1 ||
+         (uint32_t)resp.a2 != OPTEE_MSG_UID_2 ||
+         (uint32_t)resp.a3 != OPTEE_MSG_UID_3 )
+        return false;
+
+    return true;
+}
+
+static int optee_domain_init(struct domain *d)
+{
+    struct arm_smccc_res resp;
+    struct optee_domain *ctx;
+
+    ctx = xzalloc(struct optee_domain);
+    if ( !ctx )
+        return -ENOMEM;
+
+    /*
+     * Inform OP-TEE about a new guest.  This is a "Fast" call in
+     * terms of OP-TEE. This basically means that it can't be
+     * preempted, because there is no thread allocated for it in
+     * OP-TEE. No blocking calls can be issued and interrupts are
+     * disabled.
+     *
+     * a7 should be 0, so we can't skip last 6 parameters of arm_smccc_smc()
+     */
+    arm_smccc_smc(OPTEE_SMC_VM_CREATED, OPTEE_CLIENT_ID(d), 0, 0, 0, 0, 0, 0,
+                  &resp);
+    if ( resp.a0 != OPTEE_SMC_RETURN_OK )
+    {
+        printk(XENLOG_WARNING "%pd: Unable to create OPTEE client: rc = 0x%X\n",
+               d, (uint32_t)resp.a0);
+
+        xfree(ctx);
+
+        return -ENODEV;
+    }
+
+    d->arch.tee = ctx;
+
+    return 0;
+}
+
+static int optee_relinquish_resources(struct domain *d)
+{
+    struct arm_smccc_res resp;
+
+    if ( !d->arch.tee )
+        return 0;
+
+    /*
+     * Inform OP-TEE that domain is shutting down. This is
+     * also a fast SMC call, like OPTEE_SMC_VM_CREATED, so
+     * it is also non-preemptible.
+     * At this time all domain VCPUs should be stopped. OP-TEE
+     * relies on this.
+     *
+     * a7 should be 0, so we can't skip last 6 parameters of arm_smccc_smc()
+     */
+    arm_smccc_smc(OPTEE_SMC_VM_DESTROYED, OPTEE_CLIENT_ID(d), 0, 0, 0, 0, 0, 0,
+                  &resp);
+
+    XFREE(d->arch.tee);
+
+    return 0;
+}
+
+static bool optee_handle_call(struct cpu_user_regs *regs)
+{
+    if ( !current->domain->arch.tee )
+        return false;
+
+    switch ( get_user_reg(regs, 0) )
+    {
+    case OPTEE_SMC_CALLS_COUNT:
+    case OPTEE_SMC_CALLS_UID:
+    case OPTEE_SMC_CALLS_REVISION:
+    case OPTEE_SMC_CALL_GET_OS_UUID:
+    case OPTEE_SMC_CALL_GET_OS_REVISION:
+    case OPTEE_SMC_ENABLE_SHM_CACHE:
+    case OPTEE_SMC_DISABLE_SHM_CACHE:
+    case OPTEE_SMC_GET_SHM_CONFIG:
+    case OPTEE_SMC_EXCHANGE_CAPABILITIES:
+    case OPTEE_SMC_CALL_WITH_ARG:
+    case OPTEE_SMC_CALL_RETURN_FROM_RPC:
+        set_user_reg(regs, 0, OPTEE_SMC_RETURN_ENOTAVAIL);
+        return true;
+
+    default:
+        return false;
+    }
+}
+
+static const struct tee_mediator_ops optee_ops =
+{
+    .probe = optee_probe,
+    .domain_init = optee_domain_init,
+    .relinquish_resources = optee_relinquish_resources,
+    .handle_call = optee_handle_call,
+};
+
+REGISTER_TEE_MEDIATOR(optee, "OP-TEE", XEN_DOMCTL_CONFIG_TEE_OPTEE, &optee_ops);
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 0f15372098..2960a53e69 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -98,6 +98,9 @@ struct arch_domain
     struct vpl011 vpl011;
 #endif
 
+#ifdef CONFIG_TEE
+    void *tee;
+#endif
 }  __cacheline_aligned;
 
 struct arch_vcpu
diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h
index 5e938a91cc..ced9545596 100644
--- a/xen/include/public/arch-arm.h
+++ b/xen/include/public/arch-arm.h
@@ -305,6 +305,7 @@ DEFINE_XEN_GUEST_HANDLE(vcpu_guest_context_t);
 #define XEN_DOMCTL_CONFIG_GIC_V2        1
 #define XEN_DOMCTL_CONFIG_GIC_V3        2
 #define XEN_DOMCTL_CONFIG_TEE_NONE      0
+#define XEN_DOMCTL_CONFIG_TEE_OPTEE     1
 struct xen_arch_domainconfig {
     /* IN/OUT */
     uint8_t gic_version;