From dc728d8e012a1045d79406fe423b9b96b02e80fd Mon Sep 17 00:00:00 2001 From: h00808063 Date: Mon, 8 Apr 2024 20:54:00 +0800 Subject: [PATCH 1/3] add posix proxy for file and net --- Makefile | 7 + auth/auth_base_impl.c | 8 +- core/tc_client_driver.c | 15 +- core/tc_cvm_driver.c | 56 ++++- core/tee_posix_proxy.c | 477 ++++++++++++++++++++++++++++++++++++++++ core/tee_posix_proxy.h | 22 ++ tc_ns_client.h | 20 ++ 7 files changed, 593 insertions(+), 12 deletions(-) create mode 100644 core/tee_posix_proxy.c create mode 100644 core/tee_posix_proxy.h diff --git a/Makefile b/Makefile index f9f1e16..839d8d6 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ obj-m := tzdriver.o CONFIG_FFA_SUPPORT := 0 CONFIG_TEE_TELEPORT_SUPPORT := y CONFIG_CONFIDENTIAL_CONTAINER ?= y +CROSS_DOMAIN_PERF := y tzdriver-objs := core/smc_smp.o core/tc_client_driver.o core/session_manager.o core/mailbox_mempool.o core/teek_app_load.o tzdriver-objs += core/agent.o core/gp_ops.o core/mem.o core/cmdmonitor.o core/tzdebug.o core/tz_spi_notify.o core/tz_pm.o core/tee_compat_check.o @@ -15,6 +16,9 @@ tzdriver-objs += tzdriver_internal/tee_reboot/reboot.o ifeq ($(CONFIG_TEE_TELEPORT_SUPPORT), y) tzdriver-objs += core/tee_portal.o +ifeq ($(CROSS_DOMAIN_PERF), y) +tzdriver-objs += core/tee_posix_proxy.o +endif EXTRA_CFLAGS += -DCONFIG_TEE_TELEPORT_SUPPORT -DCONFIG_TEE_TELEPORT_AUTH EXTRA_CFLAGS += -DTEE_TELEPORT_PATH_UID_AUTH_CTX=\"/usr/bin/tee_teleport:0\" tzdriver-objs += core/tc_cvm_driver.o @@ -53,6 +57,9 @@ EXTRA_CFLAGS += -DCONFIG_AUTH_SUPPORT_UNAME -DCONFIG_AUTH_HASH -std=gnu99 EXTRA_CFLAGS += -DCONFIG_TEE_UPGRADE -DCONFIG_TEE_REBOOT -DCONFIG_CONFIDENTIAL_TEE EXTRA_CFLAGS += -I$(PWD)/tzdriver_internal/tee_reboot EXTRA_CFLAGS += -DMAILBOX_POOL_COUNT=32 +ifeq ($(CROSS_DOMAIN_PERF), y) +EXTRA_CFLAGS += -DCROSS_DOMAIN_PERF +endif all: make -C $(KDIR) M=$(PWD) modules clean: diff --git a/auth/auth_base_impl.c b/auth/auth_base_impl.c index f3479e0..3fb52ba 100644 --- a/auth/auth_base_impl.c +++ b/auth/auth_base_impl.c @@ -342,11 +342,13 @@ int check_teecd_auth(void) #ifdef CONFIG_TEE_TELEPORT_AUTH int check_tee_teleport_auth(void) { - int ret = check_proc_uid_path(TEE_TELEPORT_PATH_UID_AUTH_CTX); +#if define(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) + int ret = check_proc_selinux_access(SELINUX_TEE_TELEPORT_LABEL); if (ret != 0) { - tlogd("check tee_teleport path failed, ret %d\n", ret); - return ret; + tloge("check tee_teleport selinux label failed, ret %d\n", ret) + return -EACCES; } +#endif return CHECK_ACCESS_SUCC; } #endif diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 9cb052c..25e68c7 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -89,6 +89,9 @@ #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" +#ifdef CROSS_DOMAIN_PERF +#include "tee_posix_proxy.h" +#endif #endif #include "tee_info.h" @@ -1201,6 +1204,13 @@ static int enable_dev_nodes(void) return 0; } +static char *tee_devnode(struct device *dev, umode_t *mode) +{ + if (strcmp(dev_name(dev, TC_NS_CVM_DEV) == 0) == 0) + *mode = S_IRUSER | S_IWUSER | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; + return NULL; +} + static int tc_ns_client_init(void) { int ret; @@ -1225,7 +1235,7 @@ static int tc_ns_client_init(void) ret = -ENOMEM; goto unmap_res_mem; } - + g_driver_class->devnode = tee_devnode; ret = init_dev_node(&g_tc_client, TC_NS_CLIENT_DEV, g_driver_class, &g_tc_ns_client_fops); if (ret != 0) { class_destroy(g_driver_class); @@ -1370,6 +1380,9 @@ static __init int tc_init(void) #ifdef CONFIG_TEE_TELEPORT_SUPPORT tee_portal_init(); +#ifdef CROSS_DOMAIN_PERF + tee_posix_proxy_init(); +#endif #endif /* diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index fa125b4..6a60d6f 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -22,6 +22,9 @@ #include "agent.h" #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" +#ifdef CROSS_DOMAIN_PERF +#include "tee_posix_proxy.h" +#endif #endif #include "tee_info.h" @@ -47,8 +50,45 @@ static int tc_cvm_open(struct inode *inode, struct file *file) file->private_data = NULL; ret = tc_ns_client_open(&dev, TEE_REQ_FROM_USER_MODE); - if (ret == 0) + if (ret == 0) { +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + dev->nsid = task_active_pid_ns(current)->ns.inum; +#endif file->private_data = dev; + } + return ret; +} + +static int teleport_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + int ret = -EFAULT; + void *argp = (void __user *)(uintptr_t)arg; + uint32_t nsid; + +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + nsid = task_active_pid_ns(current)->ns.inum; + ((struct tc_ns_dev_file *)file->private_data)->nsid = nsid; +#else + nsid = PROC_ID_INIT_INO; +#endif + + switch(cmd) { +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: + ret = tee_portal_register(file->private_data, argp); + break; + case TC_NS_CLIENT_IOCTL_PORTAL_WORK: + ret = tee_portal_work(file->private_data); + break; +#ifdef CROSS_DOMAIN_PERF + case TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET: + ret = tee_posix_proxy_register_tasklet(argp, nsid); + break; +#endif +#endif + default: + tloge("invalid cmd!\n"); + } return ret; } @@ -66,14 +106,12 @@ static long tc_cvm_ioctl(struct file *file, unsigned int cmd, #ifdef CONFIG_TEE_TELEPORT_SUPPORT case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: - if (check_tee_teleport_auth() == 0) - ret = tee_portal_register(file->private_data, argp); - else - tloge("check tee_teleport path failed\n"); - break; case TC_NS_CLIENT_IOCTL_PORTAL_WORK: +#ifdef CROSS_DOMAIN_PERF + case TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET: +#endif if (check_tee_teleport_auth() == 0) - ret = tee_portal_work(file->private_data); + ret = teleport_ioctl(file, cmd, arg); else tloge("check tee_teleport path failed\n"); break; @@ -110,7 +148,9 @@ static int tc_cvm_close(struct inode *inode, struct file *file) if (dev->portal_enabled) tee_portal_unregister(file->private_data); #endif - +#ifdef CROSS_DOMAIN_PERF + (void)tee_posix_proxy_unregister_all_tasklet(file->private_data); +#endif if (is_system_agent(dev)) { send_crashed_event_response_single(dev); free_dev(dev); diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c new file mode 100644 index 0000000..d52cb1a --- /dev/null +++ b/core/tee_posix_proxy.c @@ -0,0 +1,477 @@ +/* + * Copyright (c) 2023-2023 Huawei Technologies Co., Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + #define TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET 4 + #define TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET 5 + #define TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET 6 + + struct posix_proxy_shm { + void *buffer; + uint32_t size; + } + +struct posix_proxy_node { + struct list_head head; + unsigned int nsid; /* namesapce id */ + pid_t tp_pid; /* teleport pid, owner of posix_proxy_node with nsid */ + pid_t tp_ppid; /*teleport parent pid */ + struct posix_proxy_shm *ctrl_shm; + struct posix_proxy_shm *data_shm; + uint32_t event; + atomic_t ref_cnt; +} + +struct mailbox_info { + void *buf; /* mailbox vaddr */ + uint32_t size; /* mailbox buffer size */ + uint32_t mb_l_addr; /* low of mailbox buffer pyhs addr */ + uint32_t mb_h_addr; /* low of mailbox buffer pyhs addr */ +} + +struct posix_proxy_control { + struct mutex lock; + struct list_head_list; +} + +static struct posix_proxy_control g_posix_proxy_control; + +struct pid_t get_pid_compatible_namespace(struct task_struct *task) +{ + /* Obtain tgid in namespace */ + pid_t namespace_tgid = task_tgid_vnr(task); + + return namespace_tgid; +} + +static int alloc_and_fill_mailbox_info(struct posix_proxy_ioctl_args *args, struct mailbox_info *mb_info) +{ + uint32_t len; + uint32_t page_num; + int ret = 0; + void *mb_buff = NULL; + + page_num = args->buffer_size / PAGE_SIZE; + len = sizeof(struct pagelist_info) + (sizeof(uint64_t) * page_num); + mb_buff = mailbox_alloc(len, MB_FLAG_ZERO); + if (mb_buff == NULL) { + tloge("alloc mailbox mem failed\n"); + return -ENOMEM; + } + + mb_info->mb_l_addr = mailbox_virt_to_phys((uintptr_t)mb_buff); + mb_info->mb_h_addr = (uint64_t)mailbox_virt_to_phys((uintptr_t)mb_buff) >> ADDR_TRANS_NUM; + mb_info->buf = mb_buff; + mb_info->size = len; + + if (fill_shared_mem_info(args->addr, page_num, 0, args->buffer_size, (uint64_t)(uintptr_t)mb_info->buf) != 0) { + tloge("fill shared mem info failed\n"); + mailbox_free(mb_buff); + ret = -EFAULT; + } + + return ret; +} + +static void release_mailbox_info(const struct mailbox_info *mb_info) +{ + if (mb_info->buf != NULL) + mailbox_free(mb_info->buf); +} + +static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) +{ + if (shm == NULL) + return; + + if(shm->buff != NULL) { + release_shared_mem_page((uint64_t)(uintptr_t)shm->buffer, shm->size); + kfree(shm->buffer); + } + kfree(shm); +} + +#ifdef DEF_ENG +static void attribute((unused)) dump_posix_proxy_list(void) +{ + tloge("==== dump posix_proxy_list start ====\n"); + struct posix_proxy_node *posix_proxy = NULL; + uint32_t i = 0; + list_for_each_entry(posix_proxy, &g_posix_proxy_control.list, head) { + tloge("posix_proxy_node[%d] nsid %d, tp_pid %d\n", i, posix_proxy->nsid, posix_proxy->tp_pid); + i++; + } + tloge("==== dump posix_proxy_list end ====\n"); +} +#endif + +/* Important: must in lock protect */ +static int ref_posix_proxy(struct posix_proxy_node *posix_proxy) +{ + if (posix_proxy == NULL) + return -EINVAL; + + if (atomic_read(&posix_proxy->ref_cnt) == INT_MAX) { + tloge("posix proxy ref_cnt is out of limit\n"); + return -EBADFD; + } + + (void)atomic_inc(&posix_proxy->ref_cnt); + return 0; +} + +static void deref_posix_proxy(struct posix_proxy_node *posix_proxy) +{ + if (posix_proxy == NULL) + return; + + mutex_lock(&g_posix_proxy_control.lock); + /* unreachable branch */ + if (atomic_read(&posix_proxy->ref_cnt) == 0) { + tloge("deref failed due to posix proxy's ref_cnt is zero\n"); + mutex_unlock(&g_posix_proxy_control.lock); + return; + } + + if (atomic_dec_and_test(&posix_proxy->ref_cnt)) { + if (list_empty(&posix_proxy->head) == 0) + list_del(&posix_proxy->head); + if(posix_proxy->ctrl_shm != NULL) + destroy_posix_proxy_shm(posix_proxy->ctrl_shm); + if(posix_proxy->data_shm != NULL) + destroy_posix_proxy_shm(posix_proxy->data_shm); + + kfree(posix_proxy); + } + + mutex_unlock(&g_posix_proxy_control.lock); +} + +static int send_posix_proxy_smc(const struct posix_proxy_node *posix_proxy, const struct mailbox_info *mb_info) +{ + struct tc_ns_smc_cmd smc_cmd = { { 0 }, 0 }; + int ret = 0; + struct tc_uuid appmgr_uuid = TEE_SERVICE_APPMGR; + + if (posix_proxy == NULL || posix_proxy->event < TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || + posix_proxy->event > TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET) { + tloge("bad params for posix proxy\n"); + return -EINVAL; + } + + (void)memcpy_s(&smc_cmd.uuid, sizeof(struct tc_uuid), &appmgr_uuid, sizeof(struct tc_uuid)); + smc_cmd.cmd_type = CMD_TYPE_GLOBAL; + smc_cmd.cmd_id = GLOBAL_CMD_ID_PORTAL_WORK; + smc_cmd.eventindex = posix_proxy->event; + smc_cmd.pid = posix_proxy->tp_pid; + /* temporilay use agent_id store teleport's parent pid */ + smc_cmd.agent_id = posix_proxy->tp_ppid; + + if (posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || + posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET) { + smc_cmd.login_data_phy = mb_info->mb_l_addr; + smc_cmd.login_data_h_phy = mb_info->mb_h_addr; + smc_cmd.login_data_len = mb_info->size; + } + /* smc_cmd.ca_pid and smc_cmd.nsid will set in tc_ns_smc() */ + + ret = tc_ns_smc(&smc_cmd); + + if (ret != 0) { + tloge("smc calll return error, ret 0x%x\n", smc_cmd.ret_val); + if (smc_cmd.ret_val == TEEC_ERROR_SERVICE_NOT_EXIST) + return -EOPNOTSUPP; + else if (smc_cmd.ret_val == TEEC_ERROR_OUT_OF_MEMORY) + return -ENOMEM; + } + + return ret; +} + +/* find_posix_proxy_node_by_tgid will add ref_cnt */ +static struct posix_proxy_node *find_posix_proxy_node_by_tgid(unsigned int nsid, pid_t tgid) +{ + struct posix_proxy_node *posix_proxy = NULL; + mutex_lock(&g_posix_proxy_control.lock); + list_for_each_entry(posix_proxy, &g_posix_proxy_control.list, head) { + if (posix_proxy->nsid == nsid && posix_proxy->tp_pid == tgid) { + if (ref_posix_proxy(posix_proxy) != 0) + break; + mutex_unlock(&g_posix_proxy_control.lock); + return posix_proxy; + } + } + mutex_unlock(&g_posix_proxy_control.lock); + return NULL; +} + +static void add_posix_proxy_node_to_list(struct posix_proxy *posix_proxy) +{ + mutex_lock(&g_posix_proxy_control.lock) + list_add_tail(&posix_proxy->head, &g_posix_proxy_control.list); + mutex_unlock(&g_posix_proxy_control.lock); +} + +static int alloc_posix_proxy_node(unsigned int nsid, struct posix_proxy_node **posix_proxy) +{ + *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GP_KERNEL); + if (ZERO_OR_NULL_PTR(unsigned long)(uintptr_t)(*posix_proxy)) { + tloge("alloc mem for posix proxy node failed\n"); + return -ENOMEM; + } + + INIT_LIST_HEAD(&(*posix_proxy)->head); + (*posix_proxy)->nsid = nsid; + (*posix_proxy)->tp_pid = get_pid_compatible_namespace(current); + (*posix_proxy)->tp_ppid = get_pid_compatible_namespace(current->parent); + (*posix_proxy)->event = -1; + (*posix_proxy)->ctrl_shm = NULL; + (*posix_proxy)->data_shm = NULL; + atomic_set(&(*posix_proxy)->ref_cnt, 1); + return 0; +} + +static int add_shm_to_posix_proxy(struct posix_proxy_node *posix_proxy, struct mailbox_info *mb_info, + enum posix_proxy_shm_type shm_type) +{ + struct posix_proxy_shm *shm = NULL; + int ret = 0; + + shm = kzalloc(sizeof(struct posix_proxy_shm), GP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm)) { + tloge("alloc shm buff failed\n"); + return -ENOMEM; + } + + shm->buffer = kzalloc(mb_info->size, GFP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buff)) { + tloge("kzalloc failed\n"); + ret = -ENOMEM; + goto clear; + } + + (void)memcpy_s(shm->buffer, mb_info->size, mb_info->buf, mb_info->size); + shm->size = mb_info->size; + + if (shm_type == CTRL_TASKLET_BUFF) + posix_proxy->ctrl_shm = shm; + else + posix_proxy->data_shm = shm; + goto end; + +clear: + kfree(shm); +end: + return ret; +} + +static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *agrs) +{ + int ret = 0; + struct mailbox_info mb_info = { 0 }; + struct posix_proxy_node *posix_proxy = NULL; + + posix_proxy = find_posix_proxy_node_by_tgid(nsid, get_pid_compatible_namespace(current)); + if (posix_proxy != NULL) { + tloge("find a duplicate node with the same teleport pid when register ctrl tasklet\n"); + deref_posix_proxy(posix_proxy); + return -EEXIST; + } + + ret = alloc_and_fill_mailbox_info(args, &mb_info); + if (ret != 0) { + tloge("cannot fill ctrl tasklet info to mailbox\n"); + return ret; + } + + ret = alloc_posix_proxy_node(nsid, &posix_proxy); + if (ret != 0) { + tloge("alloc posix_proxy node for ctrl tasklet failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto end; + } + + ret = add_shm_to_posix_proxy(posix_proxy, &mb_info, CTRL_TASKLET_BUFF); + if (ret != 0) { + tloge("add shm buff info to posix_proxy failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto destroy_posix_proxy; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, &mb_info); + if (ret != 0) { + tloge("send register tasklet request to gtask failed, shm_type %d, ret = %d\n", args->shm_type, ret); + goto destroy_posix_proxy; + } else { + add_posix_proxy_node_to_list(posix_proxy); + } + + goto end; + +destroy_posix_proxy: + /* destroy_posix_proxy_shm func will release shm buf page */ + destroy_posix_proxy_shm(posix_proxy->ctrl_shm); + kfree(posix_proxy); +end: + release_mailbox_info(&mb_info); + return ret; +} + +static int send_data_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *args) +{ + int ret = 0; + struct mailbox_info mb_info = { 0 }; + struct posix_proxy_node *posix_proxy = NULL; + + posix_proxy = find_posix_proxy_node_by_tgid(nsid, get_pid_compatible_namespace(current)); + if (posix_proxy == NULL) { + tloge("expected posix proxy node is NULL when register data tasklet\n"); + return -ENOENT; + } + + ret = alloc_and_fill_mailbox_info(args, &mb_info); + if (ret != 0) { + tloge("cannot fill ctrl tasklet info to mailbox\n"); + goto end; + } + struct posix_proxy_shm *old_shm = posix_proxy->data_shm; + + ret = add_shm_to_posix_proxy(posix_proxy, &mb_info, DATA_TASKLET_BUFF); + if (ret != 0) { + tloge("add shm buffer info to posix proxy failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto end; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, &mb_info); + if (ret != 0) { + tloge("send register tasklet request to gtask failed, shm_type %d, ret = %d\n", args->shm_type, ret); + goto free_data_shm; + } + destroy_posix_proxy_shm(old_shm); + goto end; + +free_data_shm: + /* destroy_posix_proxy_shm func will release shm buff page */ + destroy_posix_proxy_shm(posix_proxy->data_shm); + /* restore old data shm */ + posix_proxy->data_shm = old_shm; +end: + deref_posix_proxy(posix_proxy); + release_mailbox_info(&mb_info); + return ret; +} + +/* 256MB, the configuration is the same as that in teleport */ +#define MAX_TASKLET_BUFF_SIZE (256 * 1024 * 1024) + +static bool posix_proxy_user_args_check(struct posix_proxy_ioctl_args *args) +{ + bool invalid = true; + if (args->shm_type == CTRL_TASKLET_BUFF) + invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size != PAGE_SIZE; + else if (args->shm_type == DATA_TASKLET_BUFF) + invlaid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || + args->buffer_size > MAX_TASKLET_BUFF_SIZE || args->buffer_size == 0; + else + tloge("bad type for shm\n"); + + return invalid; +} + +/* send create crtl or data tasklet request to gtask */ +int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid) +{ + int ret = 0; + struct posix_proxy_ioctl_args args = { 0 }; + if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args) != 0)) { + tloge("arg is NULL or copy posix proxy args failed\n"); + return -EINVAL; + } + + if (posix_proxy_user_args_check(&args)) { + tloge("bad memory addr or size or shm_type\n"); + return -EINVAL; + } + + if (args.shm_type == CTRL_TASKLET_BUFF) { + ret = send_ctrl_tasklet_register(nsid, &args); + } else if (args.shm_type == DATA_TASKLET_BUFF) { + ret = send_data_tasklet_register(nsid, &args); + } else { + tloge("invalid register cmd\n"); + ret = -EINVAL; + } + + return ret; +} + +/* send destroy all tasket request to gtask */ +int tee_posix_proxy_unregister_all_tasklet(const void *owner) +{ + if (owner == NULL) { + tloge("bad param\n"); + return -EINVAL; + } + + int ret = 0; + uint32_t nsid; +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + struct tc_ns_dev_file *dev = (struct tc_ns_dev_file *)owner; + nsid = dev->nsid; +#else + nsid = PROC_ID_INIT_INO; +#endif + pid_t tp_pid = get_pid_compatible_namespace(current); + struct posix_proxy_node *posix_proxy = find_posix_proxy_node_by_tgid(nsid, tp_pid); + if (posix_proxy == NULL) { + tlogd("cannot find posix proxy node, unregister failed\n"); + return -ENOENT; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, NULL); + if (ret < 0) { + tloge("send unregister all tasklet request to gtask failed, ret = %d\n", ret); + deref_posix_proxy(posix_proxy); + return ret; + } + + tlogd("destroy_posix_proxy node nsid %u, tp_pid %d, host tp_pid %d\n", nsid, tp_pid, current->tgid); + /* sub ref_cnt for previous find_posix_proxy_node_by_tgid */ + deref_posix_proxy(posix_proxy); + /* sub to zero to destroy posix proxy */ + deref_posix_proxy(posix_proxy); + return ret; +} + +void tee_posix_proxy_init(void) +{ + mutex_init(&g_posix_proxy_control.lock); + INIT_LIST_HEAD(&g_posix_proxy_control.list); +} diff --git a/core/tee_posix_proxy.h b/core/tee_posix_proxy.h new file mode 100644 index 0000000..3a62965 --- /dev/null +++ b/core/tee_posix_proxy.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2023-2023 Huawei Technologies Co., Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +#ifndef TEE_POSIX_PROXY_H +#define TEE_POSIX_PROXY_H + +int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid); +int tee_posix_proxy_unregister_all_tasklet(const void *owner); + +void tee_posix_proxy_init(void); + +#endif \ No newline at end of file diff --git a/tc_ns_client.h b/tc_ns_client.h index 1152a32..2ea82d3 100644 --- a/tc_ns_client.h +++ b/tc_ns_client.h @@ -128,6 +128,22 @@ struct load_secfile_ioctl_struct { }; }__attribute__((packed)); +#ifdef CROSS_DOMAIN_PERF +enum posix_proxy_shm_type { + CTRL_TASKLET_BUFF = 1, + DATA_TASKLET_BUFF +} + +struct posix_proxy_ioctl_args { + enum posix_proxy_shm_type shm_type; + uint32_t buffer_size; + union { + void * buffer; + unsigned long long addr; + }; +}; +#endif + struct agent_ioctl_args { uint32_t id; uint32_t buffer_size; @@ -206,6 +222,10 @@ struct tc_ns_log_pool { _IOWR(TC_NS_CLIENT_IOC_MAGIC, 24, struct agent_ioctl_args) #define TC_NS_CLIENT_IOCTL_PORTAL_WORK \ _IOWR(TC_NS_CLIENT_IOC_MAGIC, 25, struct agent_ioctl_args) +#ifdef CROSS_DOMAIN_PERF +#define TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET \ + _IOWR(TC_NS_CLIENT_IOC_MAGIC, 27, struct posix_proxy_ioctl_args) +#endif #endif #define TC_NS_CLIENT_IOCTL_GET_TEE_INFO \ _IOWR(TC_NS_CLIENT_IOC_MAGIC, 26, struct tc_ns_tee_info) -- Gitee From 938a6f965bc1565b98a88c996fb238bae7bfbff0 Mon Sep 17 00:00:00 2001 From: h00808063 Date: Sat, 20 Apr 2024 18:58:32 +0800 Subject: [PATCH 2/3] posix proxy compile error fix --- auth/auth_base_impl.c | 2 +- core/tc_client_driver.c | 2 +- core/tc_cvm_driver.c | 4 ++++ core/tee_posix_proxy.c | 32 ++++++++++++++++---------------- tc_ns_client.h | 2 +- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/auth/auth_base_impl.c b/auth/auth_base_impl.c index 3fb52ba..5b366fc 100644 --- a/auth/auth_base_impl.c +++ b/auth/auth_base_impl.c @@ -342,7 +342,7 @@ int check_teecd_auth(void) #ifdef CONFIG_TEE_TELEPORT_AUTH int check_tee_teleport_auth(void) { -#if define(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) +#if defined(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) int ret = check_proc_selinux_access(SELINUX_TEE_TELEPORT_LABEL); if (ret != 0) { tloge("check tee_teleport selinux label failed, ret %d\n", ret) diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 25e68c7..70848d2 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -1206,7 +1206,7 @@ static int enable_dev_nodes(void) static char *tee_devnode(struct device *dev, umode_t *mode) { - if (strcmp(dev_name(dev, TC_NS_CVM_DEV) == 0) == 0) + if (strcmp(dev_name(dev), TC_NS_CVM_DEV) == 0) *mode = S_IRUSER | S_IWUSER | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; return NULL; } diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index 6a60d6f..70ab308 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -20,6 +20,10 @@ #include #include "auth_base_impl.h" #include "agent.h" +#ifdef CONFIG_CONFIDENTIAL_CONTAINER +#include +#include +#endif #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" #ifdef CROSS_DOMAIN_PERF diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index d52cb1a..791c563 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -29,7 +29,7 @@ struct posix_proxy_shm { void *buffer; uint32_t size; - } + }; struct posix_proxy_node { struct list_head head; @@ -40,23 +40,23 @@ struct posix_proxy_node { struct posix_proxy_shm *data_shm; uint32_t event; atomic_t ref_cnt; -} +}; struct mailbox_info { void *buf; /* mailbox vaddr */ uint32_t size; /* mailbox buffer size */ uint32_t mb_l_addr; /* low of mailbox buffer pyhs addr */ uint32_t mb_h_addr; /* low of mailbox buffer pyhs addr */ -} +}; struct posix_proxy_control { struct mutex lock; struct list_head_list; -} +}; static struct posix_proxy_control g_posix_proxy_control; -struct pid_t get_pid_compatible_namespace(struct task_struct *task) +static pid_t get_pid_compatible_namespace(struct task_struct *task) { /* Obtain tgid in namespace */ pid_t namespace_tgid = task_tgid_vnr(task); @@ -104,7 +104,7 @@ static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) if (shm == NULL) return; - if(shm->buff != NULL) { + if(shm->buffer != NULL) { release_shared_mem_page((uint64_t)(uintptr_t)shm->buffer, shm->size); kfree(shm->buffer); } @@ -190,7 +190,7 @@ static int send_posix_proxy_smc(const struct posix_proxy_node *posix_proxy, cons if (posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET) { smc_cmd.login_data_phy = mb_info->mb_l_addr; - smc_cmd.login_data_h_phy = mb_info->mb_h_addr; + smc_cmd.login_data_h_addr = mb_info->mb_h_addr; smc_cmd.login_data_len = mb_info->size; } /* smc_cmd.ca_pid and smc_cmd.nsid will set in tc_ns_smc() */ @@ -225,17 +225,17 @@ static struct posix_proxy_node *find_posix_proxy_node_by_tgid(unsigned int nsid, return NULL; } -static void add_posix_proxy_node_to_list(struct posix_proxy *posix_proxy) +static void add_posix_proxy_node_to_list(struct posix_proxy_node *posix_proxy) { - mutex_lock(&g_posix_proxy_control.lock) + mutex_lock(&g_posix_proxy_control.lock); list_add_tail(&posix_proxy->head, &g_posix_proxy_control.list); mutex_unlock(&g_posix_proxy_control.lock); } static int alloc_posix_proxy_node(unsigned int nsid, struct posix_proxy_node **posix_proxy) { - *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GP_KERNEL); - if (ZERO_OR_NULL_PTR(unsigned long)(uintptr_t)(*posix_proxy)) { + *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GFP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)(*posix_proxy))) { tloge("alloc mem for posix proxy node failed\n"); return -ENOMEM; } @@ -257,14 +257,14 @@ static int add_shm_to_posix_proxy(struct posix_proxy_node *posix_proxy, struct m struct posix_proxy_shm *shm = NULL; int ret = 0; - shm = kzalloc(sizeof(struct posix_proxy_shm), GP_KERNEL); + shm = kzalloc(sizeof(struct posix_proxy_shm), GFP_KERNEL); if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm)) { tloge("alloc shm buff failed\n"); return -ENOMEM; } shm->buffer = kzalloc(mb_info->size, GFP_KERNEL); - if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buff)) { + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buffer)) { tloge("kzalloc failed\n"); ret = -ENOMEM; goto clear; @@ -285,7 +285,7 @@ end: return ret; } -static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *agrs) +static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *args) { int ret = 0; struct mailbox_info mb_info = { 0 }; @@ -395,7 +395,7 @@ static bool posix_proxy_user_args_check(struct posix_proxy_ioctl_args *args) if (args->shm_type == CTRL_TASKLET_BUFF) invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size != PAGE_SIZE; else if (args->shm_type == DATA_TASKLET_BUFF) - invlaid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || + invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || args->buffer_size > MAX_TASKLET_BUFF_SIZE || args->buffer_size == 0; else tloge("bad type for shm\n"); @@ -408,7 +408,7 @@ int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid) { int ret = 0; struct posix_proxy_ioctl_args args = { 0 }; - if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args) != 0)) { + if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args)) != 0) { tloge("arg is NULL or copy posix proxy args failed\n"); return -EINVAL; } diff --git a/tc_ns_client.h b/tc_ns_client.h index 2ea82d3..d928580 100644 --- a/tc_ns_client.h +++ b/tc_ns_client.h @@ -132,7 +132,7 @@ struct load_secfile_ioctl_struct { enum posix_proxy_shm_type { CTRL_TASKLET_BUFF = 1, DATA_TASKLET_BUFF -} +}; struct posix_proxy_ioctl_args { enum posix_proxy_shm_type shm_type; -- Gitee From 67574cf00aacd6388de5dd2f6e5f49c0090f9ebd Mon Sep 17 00:00:00 2001 From: h00808063 Date: Sat, 20 Apr 2024 19:24:09 +0800 Subject: [PATCH 3/3] fix compile error --- core/shared_mem.c | 20 ++++++++++++++++++++ core/shared_mem.h | 3 +-- core/tee_portal.c | 21 --------------------- core/tee_posix_proxy.c | 4 ++-- 4 files changed, 23 insertions(+), 25 deletions(-) diff --git a/core/shared_mem.c b/core/shared_mem.c index dd169be..fa50e7f 100644 --- a/core/shared_mem.c +++ b/core/shared_mem.c @@ -116,6 +116,26 @@ void release_shared_mem_page(uint64_t buf, uint32_t buf_size) put_page(page); } } +#else + +int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, + uint32_t offset, uint32_t buffer_size, uint64_t info_addr) +{ + (void)start_vaddr; + (void)pages_no; + (void)offset; + (void)buffer_size; + (void)info_addr; + tloge("shared memory is unsupported\n"); + return -EINVAL; +} + +void release_shared_mem_page(uint64_t buf, uint32_t buf_size) +{ + (void)buf; + (void)buf_size; + tloge("shared memory is unsupported\n"); +} #endif #ifdef CONFIG_SHARED_MEM_RESERVED diff --git a/core/shared_mem.h b/core/shared_mem.h index ab3bc43..aece31e 100644 --- a/core/shared_mem.h +++ b/core/shared_mem.h @@ -61,9 +61,8 @@ void free_cmd_mem(uint64_t cmd_vaddr); uint64_t get_spi_mem_vaddr(void); uint64_t get_spi_mem_paddr(uintptr_t spi_vaddr); void free_spi_mem(uint64_t spi_vaddr); -#ifdef CONFIG_NOCOPY_SHAREDMEM int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, uint32_t offset, uint32_t buffer_size, uint64_t info_addr); void release_shared_mem_page(uint64_t buf, uint32_t buf_size); -#endif + #endif diff --git a/core/tee_portal.c b/core/tee_portal.c index 7d6418b..05e430a 100644 --- a/core/tee_portal.c +++ b/core/tee_portal.c @@ -78,27 +78,6 @@ static int send_portal_smc(const struct portal_t *param) return ret; } -#ifndef CONFIG_NOCOPY_SHAREDMEM -static int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, - uint32_t offset, uint32_t buffer_size, uint64_t info_addr) -{ - (void)start_vaddr; - (void)pages_no; - (void)offset; - (void)buffer_size; - (void)info_addr; - tloge("shared memory is unsupported\n"); - return -EINVAL; -} - -static void release_shared_mem_page(uint64_t buf, uint32_t buf_size) -{ - (void)buf; - (void)buf_size; - tloge("shared memory is unsupported\n"); -} -#endif - static int init_portal_node(struct portal_t *portal, struct agent_ioctl_args *args, void* owner) { int ret = 0; diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index 791c563..2e691f7 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -51,7 +51,7 @@ struct mailbox_info { struct posix_proxy_control { struct mutex lock; - struct list_head_list; + struct list_head list; }; static struct posix_proxy_control g_posix_proxy_control; @@ -112,7 +112,7 @@ static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) } #ifdef DEF_ENG -static void attribute((unused)) dump_posix_proxy_list(void) +static void __attribute__((unused)) dump_posix_proxy_list(void) { tloge("==== dump posix_proxy_list start ====\n"); struct posix_proxy_node *posix_proxy = NULL; -- Gitee