From dc728d8e012a1045d79406fe423b9b96b02e80fd Mon Sep 17 00:00:00 2001 From: h00808063 Date: Mon, 8 Apr 2024 20:54:00 +0800 Subject: [PATCH 01/15] add posix proxy for file and net --- Makefile | 7 + auth/auth_base_impl.c | 8 +- core/tc_client_driver.c | 15 +- core/tc_cvm_driver.c | 56 ++++- core/tee_posix_proxy.c | 477 ++++++++++++++++++++++++++++++++++++++++ core/tee_posix_proxy.h | 22 ++ tc_ns_client.h | 20 ++ 7 files changed, 593 insertions(+), 12 deletions(-) create mode 100644 core/tee_posix_proxy.c create mode 100644 core/tee_posix_proxy.h diff --git a/Makefile b/Makefile index f9f1e16..839d8d6 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ obj-m := tzdriver.o CONFIG_FFA_SUPPORT := 0 CONFIG_TEE_TELEPORT_SUPPORT := y CONFIG_CONFIDENTIAL_CONTAINER ?= y +CROSS_DOMAIN_PERF := y tzdriver-objs := core/smc_smp.o core/tc_client_driver.o core/session_manager.o core/mailbox_mempool.o core/teek_app_load.o tzdriver-objs += core/agent.o core/gp_ops.o core/mem.o core/cmdmonitor.o core/tzdebug.o core/tz_spi_notify.o core/tz_pm.o core/tee_compat_check.o @@ -15,6 +16,9 @@ tzdriver-objs += tzdriver_internal/tee_reboot/reboot.o ifeq ($(CONFIG_TEE_TELEPORT_SUPPORT), y) tzdriver-objs += core/tee_portal.o +ifeq ($(CROSS_DOMAIN_PERF), y) +tzdriver-objs += core/tee_posix_proxy.o +endif EXTRA_CFLAGS += -DCONFIG_TEE_TELEPORT_SUPPORT -DCONFIG_TEE_TELEPORT_AUTH EXTRA_CFLAGS += -DTEE_TELEPORT_PATH_UID_AUTH_CTX=\"/usr/bin/tee_teleport:0\" tzdriver-objs += core/tc_cvm_driver.o @@ -53,6 +57,9 @@ EXTRA_CFLAGS += -DCONFIG_AUTH_SUPPORT_UNAME -DCONFIG_AUTH_HASH -std=gnu99 EXTRA_CFLAGS += -DCONFIG_TEE_UPGRADE -DCONFIG_TEE_REBOOT -DCONFIG_CONFIDENTIAL_TEE EXTRA_CFLAGS += -I$(PWD)/tzdriver_internal/tee_reboot EXTRA_CFLAGS += -DMAILBOX_POOL_COUNT=32 +ifeq ($(CROSS_DOMAIN_PERF), y) +EXTRA_CFLAGS += -DCROSS_DOMAIN_PERF +endif all: make -C $(KDIR) M=$(PWD) modules clean: diff --git a/auth/auth_base_impl.c b/auth/auth_base_impl.c index f3479e0..3fb52ba 100644 --- a/auth/auth_base_impl.c +++ b/auth/auth_base_impl.c @@ -342,11 +342,13 @@ int check_teecd_auth(void) #ifdef CONFIG_TEE_TELEPORT_AUTH int check_tee_teleport_auth(void) { - int ret = check_proc_uid_path(TEE_TELEPORT_PATH_UID_AUTH_CTX); +#if define(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) + int ret = check_proc_selinux_access(SELINUX_TEE_TELEPORT_LABEL); if (ret != 0) { - tlogd("check tee_teleport path failed, ret %d\n", ret); - return ret; + tloge("check tee_teleport selinux label failed, ret %d\n", ret) + return -EACCES; } +#endif return CHECK_ACCESS_SUCC; } #endif diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 9cb052c..25e68c7 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -89,6 +89,9 @@ #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" +#ifdef CROSS_DOMAIN_PERF +#include "tee_posix_proxy.h" +#endif #endif #include "tee_info.h" @@ -1201,6 +1204,13 @@ static int enable_dev_nodes(void) return 0; } +static char *tee_devnode(struct device *dev, umode_t *mode) +{ + if (strcmp(dev_name(dev, TC_NS_CVM_DEV) == 0) == 0) + *mode = S_IRUSER | S_IWUSER | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; + return NULL; +} + static int tc_ns_client_init(void) { int ret; @@ -1225,7 +1235,7 @@ static int tc_ns_client_init(void) ret = -ENOMEM; goto unmap_res_mem; } - + g_driver_class->devnode = tee_devnode; ret = init_dev_node(&g_tc_client, TC_NS_CLIENT_DEV, g_driver_class, &g_tc_ns_client_fops); if (ret != 0) { class_destroy(g_driver_class); @@ -1370,6 +1380,9 @@ static __init int tc_init(void) #ifdef CONFIG_TEE_TELEPORT_SUPPORT tee_portal_init(); +#ifdef CROSS_DOMAIN_PERF + tee_posix_proxy_init(); +#endif #endif /* diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index fa125b4..6a60d6f 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -22,6 +22,9 @@ #include "agent.h" #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" +#ifdef CROSS_DOMAIN_PERF +#include "tee_posix_proxy.h" +#endif #endif #include "tee_info.h" @@ -47,8 +50,45 @@ static int tc_cvm_open(struct inode *inode, struct file *file) file->private_data = NULL; ret = tc_ns_client_open(&dev, TEE_REQ_FROM_USER_MODE); - if (ret == 0) + if (ret == 0) { +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + dev->nsid = task_active_pid_ns(current)->ns.inum; +#endif file->private_data = dev; + } + return ret; +} + +static int teleport_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + int ret = -EFAULT; + void *argp = (void __user *)(uintptr_t)arg; + uint32_t nsid; + +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + nsid = task_active_pid_ns(current)->ns.inum; + ((struct tc_ns_dev_file *)file->private_data)->nsid = nsid; +#else + nsid = PROC_ID_INIT_INO; +#endif + + switch(cmd) { +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: + ret = tee_portal_register(file->private_data, argp); + break; + case TC_NS_CLIENT_IOCTL_PORTAL_WORK: + ret = tee_portal_work(file->private_data); + break; +#ifdef CROSS_DOMAIN_PERF + case TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET: + ret = tee_posix_proxy_register_tasklet(argp, nsid); + break; +#endif +#endif + default: + tloge("invalid cmd!\n"); + } return ret; } @@ -66,14 +106,12 @@ static long tc_cvm_ioctl(struct file *file, unsigned int cmd, #ifdef CONFIG_TEE_TELEPORT_SUPPORT case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: - if (check_tee_teleport_auth() == 0) - ret = tee_portal_register(file->private_data, argp); - else - tloge("check tee_teleport path failed\n"); - break; case TC_NS_CLIENT_IOCTL_PORTAL_WORK: +#ifdef CROSS_DOMAIN_PERF + case TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET: +#endif if (check_tee_teleport_auth() == 0) - ret = tee_portal_work(file->private_data); + ret = teleport_ioctl(file, cmd, arg); else tloge("check tee_teleport path failed\n"); break; @@ -110,7 +148,9 @@ static int tc_cvm_close(struct inode *inode, struct file *file) if (dev->portal_enabled) tee_portal_unregister(file->private_data); #endif - +#ifdef CROSS_DOMAIN_PERF + (void)tee_posix_proxy_unregister_all_tasklet(file->private_data); +#endif if (is_system_agent(dev)) { send_crashed_event_response_single(dev); free_dev(dev); diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c new file mode 100644 index 0000000..d52cb1a --- /dev/null +++ b/core/tee_posix_proxy.c @@ -0,0 +1,477 @@ +/* + * Copyright (c) 2023-2023 Huawei Technologies Co., Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + #define TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET 4 + #define TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET 5 + #define TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET 6 + + struct posix_proxy_shm { + void *buffer; + uint32_t size; + } + +struct posix_proxy_node { + struct list_head head; + unsigned int nsid; /* namesapce id */ + pid_t tp_pid; /* teleport pid, owner of posix_proxy_node with nsid */ + pid_t tp_ppid; /*teleport parent pid */ + struct posix_proxy_shm *ctrl_shm; + struct posix_proxy_shm *data_shm; + uint32_t event; + atomic_t ref_cnt; +} + +struct mailbox_info { + void *buf; /* mailbox vaddr */ + uint32_t size; /* mailbox buffer size */ + uint32_t mb_l_addr; /* low of mailbox buffer pyhs addr */ + uint32_t mb_h_addr; /* low of mailbox buffer pyhs addr */ +} + +struct posix_proxy_control { + struct mutex lock; + struct list_head_list; +} + +static struct posix_proxy_control g_posix_proxy_control; + +struct pid_t get_pid_compatible_namespace(struct task_struct *task) +{ + /* Obtain tgid in namespace */ + pid_t namespace_tgid = task_tgid_vnr(task); + + return namespace_tgid; +} + +static int alloc_and_fill_mailbox_info(struct posix_proxy_ioctl_args *args, struct mailbox_info *mb_info) +{ + uint32_t len; + uint32_t page_num; + int ret = 0; + void *mb_buff = NULL; + + page_num = args->buffer_size / PAGE_SIZE; + len = sizeof(struct pagelist_info) + (sizeof(uint64_t) * page_num); + mb_buff = mailbox_alloc(len, MB_FLAG_ZERO); + if (mb_buff == NULL) { + tloge("alloc mailbox mem failed\n"); + return -ENOMEM; + } + + mb_info->mb_l_addr = mailbox_virt_to_phys((uintptr_t)mb_buff); + mb_info->mb_h_addr = (uint64_t)mailbox_virt_to_phys((uintptr_t)mb_buff) >> ADDR_TRANS_NUM; + mb_info->buf = mb_buff; + mb_info->size = len; + + if (fill_shared_mem_info(args->addr, page_num, 0, args->buffer_size, (uint64_t)(uintptr_t)mb_info->buf) != 0) { + tloge("fill shared mem info failed\n"); + mailbox_free(mb_buff); + ret = -EFAULT; + } + + return ret; +} + +static void release_mailbox_info(const struct mailbox_info *mb_info) +{ + if (mb_info->buf != NULL) + mailbox_free(mb_info->buf); +} + +static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) +{ + if (shm == NULL) + return; + + if(shm->buff != NULL) { + release_shared_mem_page((uint64_t)(uintptr_t)shm->buffer, shm->size); + kfree(shm->buffer); + } + kfree(shm); +} + +#ifdef DEF_ENG +static void attribute((unused)) dump_posix_proxy_list(void) +{ + tloge("==== dump posix_proxy_list start ====\n"); + struct posix_proxy_node *posix_proxy = NULL; + uint32_t i = 0; + list_for_each_entry(posix_proxy, &g_posix_proxy_control.list, head) { + tloge("posix_proxy_node[%d] nsid %d, tp_pid %d\n", i, posix_proxy->nsid, posix_proxy->tp_pid); + i++; + } + tloge("==== dump posix_proxy_list end ====\n"); +} +#endif + +/* Important: must in lock protect */ +static int ref_posix_proxy(struct posix_proxy_node *posix_proxy) +{ + if (posix_proxy == NULL) + return -EINVAL; + + if (atomic_read(&posix_proxy->ref_cnt) == INT_MAX) { + tloge("posix proxy ref_cnt is out of limit\n"); + return -EBADFD; + } + + (void)atomic_inc(&posix_proxy->ref_cnt); + return 0; +} + +static void deref_posix_proxy(struct posix_proxy_node *posix_proxy) +{ + if (posix_proxy == NULL) + return; + + mutex_lock(&g_posix_proxy_control.lock); + /* unreachable branch */ + if (atomic_read(&posix_proxy->ref_cnt) == 0) { + tloge("deref failed due to posix proxy's ref_cnt is zero\n"); + mutex_unlock(&g_posix_proxy_control.lock); + return; + } + + if (atomic_dec_and_test(&posix_proxy->ref_cnt)) { + if (list_empty(&posix_proxy->head) == 0) + list_del(&posix_proxy->head); + if(posix_proxy->ctrl_shm != NULL) + destroy_posix_proxy_shm(posix_proxy->ctrl_shm); + if(posix_proxy->data_shm != NULL) + destroy_posix_proxy_shm(posix_proxy->data_shm); + + kfree(posix_proxy); + } + + mutex_unlock(&g_posix_proxy_control.lock); +} + +static int send_posix_proxy_smc(const struct posix_proxy_node *posix_proxy, const struct mailbox_info *mb_info) +{ + struct tc_ns_smc_cmd smc_cmd = { { 0 }, 0 }; + int ret = 0; + struct tc_uuid appmgr_uuid = TEE_SERVICE_APPMGR; + + if (posix_proxy == NULL || posix_proxy->event < TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || + posix_proxy->event > TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET) { + tloge("bad params for posix proxy\n"); + return -EINVAL; + } + + (void)memcpy_s(&smc_cmd.uuid, sizeof(struct tc_uuid), &appmgr_uuid, sizeof(struct tc_uuid)); + smc_cmd.cmd_type = CMD_TYPE_GLOBAL; + smc_cmd.cmd_id = GLOBAL_CMD_ID_PORTAL_WORK; + smc_cmd.eventindex = posix_proxy->event; + smc_cmd.pid = posix_proxy->tp_pid; + /* temporilay use agent_id store teleport's parent pid */ + smc_cmd.agent_id = posix_proxy->tp_ppid; + + if (posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || + posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET) { + smc_cmd.login_data_phy = mb_info->mb_l_addr; + smc_cmd.login_data_h_phy = mb_info->mb_h_addr; + smc_cmd.login_data_len = mb_info->size; + } + /* smc_cmd.ca_pid and smc_cmd.nsid will set in tc_ns_smc() */ + + ret = tc_ns_smc(&smc_cmd); + + if (ret != 0) { + tloge("smc calll return error, ret 0x%x\n", smc_cmd.ret_val); + if (smc_cmd.ret_val == TEEC_ERROR_SERVICE_NOT_EXIST) + return -EOPNOTSUPP; + else if (smc_cmd.ret_val == TEEC_ERROR_OUT_OF_MEMORY) + return -ENOMEM; + } + + return ret; +} + +/* find_posix_proxy_node_by_tgid will add ref_cnt */ +static struct posix_proxy_node *find_posix_proxy_node_by_tgid(unsigned int nsid, pid_t tgid) +{ + struct posix_proxy_node *posix_proxy = NULL; + mutex_lock(&g_posix_proxy_control.lock); + list_for_each_entry(posix_proxy, &g_posix_proxy_control.list, head) { + if (posix_proxy->nsid == nsid && posix_proxy->tp_pid == tgid) { + if (ref_posix_proxy(posix_proxy) != 0) + break; + mutex_unlock(&g_posix_proxy_control.lock); + return posix_proxy; + } + } + mutex_unlock(&g_posix_proxy_control.lock); + return NULL; +} + +static void add_posix_proxy_node_to_list(struct posix_proxy *posix_proxy) +{ + mutex_lock(&g_posix_proxy_control.lock) + list_add_tail(&posix_proxy->head, &g_posix_proxy_control.list); + mutex_unlock(&g_posix_proxy_control.lock); +} + +static int alloc_posix_proxy_node(unsigned int nsid, struct posix_proxy_node **posix_proxy) +{ + *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GP_KERNEL); + if (ZERO_OR_NULL_PTR(unsigned long)(uintptr_t)(*posix_proxy)) { + tloge("alloc mem for posix proxy node failed\n"); + return -ENOMEM; + } + + INIT_LIST_HEAD(&(*posix_proxy)->head); + (*posix_proxy)->nsid = nsid; + (*posix_proxy)->tp_pid = get_pid_compatible_namespace(current); + (*posix_proxy)->tp_ppid = get_pid_compatible_namespace(current->parent); + (*posix_proxy)->event = -1; + (*posix_proxy)->ctrl_shm = NULL; + (*posix_proxy)->data_shm = NULL; + atomic_set(&(*posix_proxy)->ref_cnt, 1); + return 0; +} + +static int add_shm_to_posix_proxy(struct posix_proxy_node *posix_proxy, struct mailbox_info *mb_info, + enum posix_proxy_shm_type shm_type) +{ + struct posix_proxy_shm *shm = NULL; + int ret = 0; + + shm = kzalloc(sizeof(struct posix_proxy_shm), GP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm)) { + tloge("alloc shm buff failed\n"); + return -ENOMEM; + } + + shm->buffer = kzalloc(mb_info->size, GFP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buff)) { + tloge("kzalloc failed\n"); + ret = -ENOMEM; + goto clear; + } + + (void)memcpy_s(shm->buffer, mb_info->size, mb_info->buf, mb_info->size); + shm->size = mb_info->size; + + if (shm_type == CTRL_TASKLET_BUFF) + posix_proxy->ctrl_shm = shm; + else + posix_proxy->data_shm = shm; + goto end; + +clear: + kfree(shm); +end: + return ret; +} + +static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *agrs) +{ + int ret = 0; + struct mailbox_info mb_info = { 0 }; + struct posix_proxy_node *posix_proxy = NULL; + + posix_proxy = find_posix_proxy_node_by_tgid(nsid, get_pid_compatible_namespace(current)); + if (posix_proxy != NULL) { + tloge("find a duplicate node with the same teleport pid when register ctrl tasklet\n"); + deref_posix_proxy(posix_proxy); + return -EEXIST; + } + + ret = alloc_and_fill_mailbox_info(args, &mb_info); + if (ret != 0) { + tloge("cannot fill ctrl tasklet info to mailbox\n"); + return ret; + } + + ret = alloc_posix_proxy_node(nsid, &posix_proxy); + if (ret != 0) { + tloge("alloc posix_proxy node for ctrl tasklet failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto end; + } + + ret = add_shm_to_posix_proxy(posix_proxy, &mb_info, CTRL_TASKLET_BUFF); + if (ret != 0) { + tloge("add shm buff info to posix_proxy failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto destroy_posix_proxy; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, &mb_info); + if (ret != 0) { + tloge("send register tasklet request to gtask failed, shm_type %d, ret = %d\n", args->shm_type, ret); + goto destroy_posix_proxy; + } else { + add_posix_proxy_node_to_list(posix_proxy); + } + + goto end; + +destroy_posix_proxy: + /* destroy_posix_proxy_shm func will release shm buf page */ + destroy_posix_proxy_shm(posix_proxy->ctrl_shm); + kfree(posix_proxy); +end: + release_mailbox_info(&mb_info); + return ret; +} + +static int send_data_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *args) +{ + int ret = 0; + struct mailbox_info mb_info = { 0 }; + struct posix_proxy_node *posix_proxy = NULL; + + posix_proxy = find_posix_proxy_node_by_tgid(nsid, get_pid_compatible_namespace(current)); + if (posix_proxy == NULL) { + tloge("expected posix proxy node is NULL when register data tasklet\n"); + return -ENOENT; + } + + ret = alloc_and_fill_mailbox_info(args, &mb_info); + if (ret != 0) { + tloge("cannot fill ctrl tasklet info to mailbox\n"); + goto end; + } + struct posix_proxy_shm *old_shm = posix_proxy->data_shm; + + ret = add_shm_to_posix_proxy(posix_proxy, &mb_info, DATA_TASKLET_BUFF); + if (ret != 0) { + tloge("add shm buffer info to posix proxy failed\n"); + release_shared_mem_page((uint64_t)(uintptr_t)mb_info.buf, mb_info.size); + goto end; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, &mb_info); + if (ret != 0) { + tloge("send register tasklet request to gtask failed, shm_type %d, ret = %d\n", args->shm_type, ret); + goto free_data_shm; + } + destroy_posix_proxy_shm(old_shm); + goto end; + +free_data_shm: + /* destroy_posix_proxy_shm func will release shm buff page */ + destroy_posix_proxy_shm(posix_proxy->data_shm); + /* restore old data shm */ + posix_proxy->data_shm = old_shm; +end: + deref_posix_proxy(posix_proxy); + release_mailbox_info(&mb_info); + return ret; +} + +/* 256MB, the configuration is the same as that in teleport */ +#define MAX_TASKLET_BUFF_SIZE (256 * 1024 * 1024) + +static bool posix_proxy_user_args_check(struct posix_proxy_ioctl_args *args) +{ + bool invalid = true; + if (args->shm_type == CTRL_TASKLET_BUFF) + invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size != PAGE_SIZE; + else if (args->shm_type == DATA_TASKLET_BUFF) + invlaid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || + args->buffer_size > MAX_TASKLET_BUFF_SIZE || args->buffer_size == 0; + else + tloge("bad type for shm\n"); + + return invalid; +} + +/* send create crtl or data tasklet request to gtask */ +int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid) +{ + int ret = 0; + struct posix_proxy_ioctl_args args = { 0 }; + if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args) != 0)) { + tloge("arg is NULL or copy posix proxy args failed\n"); + return -EINVAL; + } + + if (posix_proxy_user_args_check(&args)) { + tloge("bad memory addr or size or shm_type\n"); + return -EINVAL; + } + + if (args.shm_type == CTRL_TASKLET_BUFF) { + ret = send_ctrl_tasklet_register(nsid, &args); + } else if (args.shm_type == DATA_TASKLET_BUFF) { + ret = send_data_tasklet_register(nsid, &args); + } else { + tloge("invalid register cmd\n"); + ret = -EINVAL; + } + + return ret; +} + +/* send destroy all tasket request to gtask */ +int tee_posix_proxy_unregister_all_tasklet(const void *owner) +{ + if (owner == NULL) { + tloge("bad param\n"); + return -EINVAL; + } + + int ret = 0; + uint32_t nsid; +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + struct tc_ns_dev_file *dev = (struct tc_ns_dev_file *)owner; + nsid = dev->nsid; +#else + nsid = PROC_ID_INIT_INO; +#endif + pid_t tp_pid = get_pid_compatible_namespace(current); + struct posix_proxy_node *posix_proxy = find_posix_proxy_node_by_tgid(nsid, tp_pid); + if (posix_proxy == NULL) { + tlogd("cannot find posix proxy node, unregister failed\n"); + return -ENOENT; + } + + posix_proxy->event = TEE_POSIX_PROXY_EVENT_UNREGISTER_ALL_TASKLET; + + ret = send_posix_proxy_smc(posix_proxy, NULL); + if (ret < 0) { + tloge("send unregister all tasklet request to gtask failed, ret = %d\n", ret); + deref_posix_proxy(posix_proxy); + return ret; + } + + tlogd("destroy_posix_proxy node nsid %u, tp_pid %d, host tp_pid %d\n", nsid, tp_pid, current->tgid); + /* sub ref_cnt for previous find_posix_proxy_node_by_tgid */ + deref_posix_proxy(posix_proxy); + /* sub to zero to destroy posix proxy */ + deref_posix_proxy(posix_proxy); + return ret; +} + +void tee_posix_proxy_init(void) +{ + mutex_init(&g_posix_proxy_control.lock); + INIT_LIST_HEAD(&g_posix_proxy_control.list); +} diff --git a/core/tee_posix_proxy.h b/core/tee_posix_proxy.h new file mode 100644 index 0000000..3a62965 --- /dev/null +++ b/core/tee_posix_proxy.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2023-2023 Huawei Technologies Co., Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +#ifndef TEE_POSIX_PROXY_H +#define TEE_POSIX_PROXY_H + +int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid); +int tee_posix_proxy_unregister_all_tasklet(const void *owner); + +void tee_posix_proxy_init(void); + +#endif \ No newline at end of file diff --git a/tc_ns_client.h b/tc_ns_client.h index 1152a32..2ea82d3 100644 --- a/tc_ns_client.h +++ b/tc_ns_client.h @@ -128,6 +128,22 @@ struct load_secfile_ioctl_struct { }; }__attribute__((packed)); +#ifdef CROSS_DOMAIN_PERF +enum posix_proxy_shm_type { + CTRL_TASKLET_BUFF = 1, + DATA_TASKLET_BUFF +} + +struct posix_proxy_ioctl_args { + enum posix_proxy_shm_type shm_type; + uint32_t buffer_size; + union { + void * buffer; + unsigned long long addr; + }; +}; +#endif + struct agent_ioctl_args { uint32_t id; uint32_t buffer_size; @@ -206,6 +222,10 @@ struct tc_ns_log_pool { _IOWR(TC_NS_CLIENT_IOC_MAGIC, 24, struct agent_ioctl_args) #define TC_NS_CLIENT_IOCTL_PORTAL_WORK \ _IOWR(TC_NS_CLIENT_IOC_MAGIC, 25, struct agent_ioctl_args) +#ifdef CROSS_DOMAIN_PERF +#define TC_NS_CLIENT_IOCTL_POSIX_PROXY_REGISTER_TASKLET \ + _IOWR(TC_NS_CLIENT_IOC_MAGIC, 27, struct posix_proxy_ioctl_args) +#endif #endif #define TC_NS_CLIENT_IOCTL_GET_TEE_INFO \ _IOWR(TC_NS_CLIENT_IOC_MAGIC, 26, struct tc_ns_tee_info) -- Gitee From 938a6f965bc1565b98a88c996fb238bae7bfbff0 Mon Sep 17 00:00:00 2001 From: h00808063 Date: Sat, 20 Apr 2024 18:58:32 +0800 Subject: [PATCH 02/15] posix proxy compile error fix --- auth/auth_base_impl.c | 2 +- core/tc_client_driver.c | 2 +- core/tc_cvm_driver.c | 4 ++++ core/tee_posix_proxy.c | 32 ++++++++++++++++---------------- tc_ns_client.h | 2 +- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/auth/auth_base_impl.c b/auth/auth_base_impl.c index 3fb52ba..5b366fc 100644 --- a/auth/auth_base_impl.c +++ b/auth/auth_base_impl.c @@ -342,7 +342,7 @@ int check_teecd_auth(void) #ifdef CONFIG_TEE_TELEPORT_AUTH int check_tee_teleport_auth(void) { -#if define(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) +#if defined(CONFIG_SELINUX_AUTH_ENABLE) && defined(CONFIG_SECURITY_SELINUX) int ret = check_proc_selinux_access(SELINUX_TEE_TELEPORT_LABEL); if (ret != 0) { tloge("check tee_teleport selinux label failed, ret %d\n", ret) diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 25e68c7..70848d2 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -1206,7 +1206,7 @@ static int enable_dev_nodes(void) static char *tee_devnode(struct device *dev, umode_t *mode) { - if (strcmp(dev_name(dev, TC_NS_CVM_DEV) == 0) == 0) + if (strcmp(dev_name(dev), TC_NS_CVM_DEV) == 0) *mode = S_IRUSER | S_IWUSER | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; return NULL; } diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index 6a60d6f..70ab308 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -20,6 +20,10 @@ #include #include "auth_base_impl.h" #include "agent.h" +#ifdef CONFIG_CONFIDENTIAL_CONTAINER +#include +#include +#endif #ifdef CONFIG_TEE_TELEPORT_SUPPORT #include "tee_portal.h" #ifdef CROSS_DOMAIN_PERF diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index d52cb1a..791c563 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -29,7 +29,7 @@ struct posix_proxy_shm { void *buffer; uint32_t size; - } + }; struct posix_proxy_node { struct list_head head; @@ -40,23 +40,23 @@ struct posix_proxy_node { struct posix_proxy_shm *data_shm; uint32_t event; atomic_t ref_cnt; -} +}; struct mailbox_info { void *buf; /* mailbox vaddr */ uint32_t size; /* mailbox buffer size */ uint32_t mb_l_addr; /* low of mailbox buffer pyhs addr */ uint32_t mb_h_addr; /* low of mailbox buffer pyhs addr */ -} +}; struct posix_proxy_control { struct mutex lock; struct list_head_list; -} +}; static struct posix_proxy_control g_posix_proxy_control; -struct pid_t get_pid_compatible_namespace(struct task_struct *task) +static pid_t get_pid_compatible_namespace(struct task_struct *task) { /* Obtain tgid in namespace */ pid_t namespace_tgid = task_tgid_vnr(task); @@ -104,7 +104,7 @@ static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) if (shm == NULL) return; - if(shm->buff != NULL) { + if(shm->buffer != NULL) { release_shared_mem_page((uint64_t)(uintptr_t)shm->buffer, shm->size); kfree(shm->buffer); } @@ -190,7 +190,7 @@ static int send_posix_proxy_smc(const struct posix_proxy_node *posix_proxy, cons if (posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_CTRL_TASKLET || posix_proxy->event == TEE_POSIX_PROXY_EVENT_REGISTER_DATA_TASKLET) { smc_cmd.login_data_phy = mb_info->mb_l_addr; - smc_cmd.login_data_h_phy = mb_info->mb_h_addr; + smc_cmd.login_data_h_addr = mb_info->mb_h_addr; smc_cmd.login_data_len = mb_info->size; } /* smc_cmd.ca_pid and smc_cmd.nsid will set in tc_ns_smc() */ @@ -225,17 +225,17 @@ static struct posix_proxy_node *find_posix_proxy_node_by_tgid(unsigned int nsid, return NULL; } -static void add_posix_proxy_node_to_list(struct posix_proxy *posix_proxy) +static void add_posix_proxy_node_to_list(struct posix_proxy_node *posix_proxy) { - mutex_lock(&g_posix_proxy_control.lock) + mutex_lock(&g_posix_proxy_control.lock); list_add_tail(&posix_proxy->head, &g_posix_proxy_control.list); mutex_unlock(&g_posix_proxy_control.lock); } static int alloc_posix_proxy_node(unsigned int nsid, struct posix_proxy_node **posix_proxy) { - *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GP_KERNEL); - if (ZERO_OR_NULL_PTR(unsigned long)(uintptr_t)(*posix_proxy)) { + *posix_proxy = (struct posix_proxy_node *)kzalloc(sizeof(struct posix_proxy_node), GFP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)(*posix_proxy))) { tloge("alloc mem for posix proxy node failed\n"); return -ENOMEM; } @@ -257,14 +257,14 @@ static int add_shm_to_posix_proxy(struct posix_proxy_node *posix_proxy, struct m struct posix_proxy_shm *shm = NULL; int ret = 0; - shm = kzalloc(sizeof(struct posix_proxy_shm), GP_KERNEL); + shm = kzalloc(sizeof(struct posix_proxy_shm), GFP_KERNEL); if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm)) { tloge("alloc shm buff failed\n"); return -ENOMEM; } shm->buffer = kzalloc(mb_info->size, GFP_KERNEL); - if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buff)) { + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)shm->buffer)) { tloge("kzalloc failed\n"); ret = -ENOMEM; goto clear; @@ -285,7 +285,7 @@ end: return ret; } -static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *agrs) +static int send_ctrl_tasklet_register(unsigned int nsid, struct posix_proxy_ioctl_args *args) { int ret = 0; struct mailbox_info mb_info = { 0 }; @@ -395,7 +395,7 @@ static bool posix_proxy_user_args_check(struct posix_proxy_ioctl_args *args) if (args->shm_type == CTRL_TASKLET_BUFF) invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size != PAGE_SIZE; else if (args->shm_type == DATA_TASKLET_BUFF) - invlaid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || + invalid = args->addr == 0 || args->addr % PAGE_SIZE != 0 || args->buffer_size % PAGE_SIZE != 0 || args->buffer_size > MAX_TASKLET_BUFF_SIZE || args->buffer_size == 0; else tloge("bad type for shm\n"); @@ -408,7 +408,7 @@ int tee_posix_proxy_register_tasklet(void __user *arg, unsigned int nsid) { int ret = 0; struct posix_proxy_ioctl_args args = { 0 }; - if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args) != 0)) { + if (arg == NULL || copy_from_user(&args, (void *)(uintptr_t)arg, sizeof(args)) != 0) { tloge("arg is NULL or copy posix proxy args failed\n"); return -EINVAL; } diff --git a/tc_ns_client.h b/tc_ns_client.h index 2ea82d3..d928580 100644 --- a/tc_ns_client.h +++ b/tc_ns_client.h @@ -132,7 +132,7 @@ struct load_secfile_ioctl_struct { enum posix_proxy_shm_type { CTRL_TASKLET_BUFF = 1, DATA_TASKLET_BUFF -} +}; struct posix_proxy_ioctl_args { enum posix_proxy_shm_type shm_type; -- Gitee From 67574cf00aacd6388de5dd2f6e5f49c0090f9ebd Mon Sep 17 00:00:00 2001 From: h00808063 Date: Sat, 20 Apr 2024 19:24:09 +0800 Subject: [PATCH 03/15] fix compile error --- core/shared_mem.c | 20 ++++++++++++++++++++ core/shared_mem.h | 3 +-- core/tee_portal.c | 21 --------------------- core/tee_posix_proxy.c | 4 ++-- 4 files changed, 23 insertions(+), 25 deletions(-) diff --git a/core/shared_mem.c b/core/shared_mem.c index dd169be..fa50e7f 100644 --- a/core/shared_mem.c +++ b/core/shared_mem.c @@ -116,6 +116,26 @@ void release_shared_mem_page(uint64_t buf, uint32_t buf_size) put_page(page); } } +#else + +int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, + uint32_t offset, uint32_t buffer_size, uint64_t info_addr) +{ + (void)start_vaddr; + (void)pages_no; + (void)offset; + (void)buffer_size; + (void)info_addr; + tloge("shared memory is unsupported\n"); + return -EINVAL; +} + +void release_shared_mem_page(uint64_t buf, uint32_t buf_size) +{ + (void)buf; + (void)buf_size; + tloge("shared memory is unsupported\n"); +} #endif #ifdef CONFIG_SHARED_MEM_RESERVED diff --git a/core/shared_mem.h b/core/shared_mem.h index ab3bc43..aece31e 100644 --- a/core/shared_mem.h +++ b/core/shared_mem.h @@ -61,9 +61,8 @@ void free_cmd_mem(uint64_t cmd_vaddr); uint64_t get_spi_mem_vaddr(void); uint64_t get_spi_mem_paddr(uintptr_t spi_vaddr); void free_spi_mem(uint64_t spi_vaddr); -#ifdef CONFIG_NOCOPY_SHAREDMEM int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, uint32_t offset, uint32_t buffer_size, uint64_t info_addr); void release_shared_mem_page(uint64_t buf, uint32_t buf_size); -#endif + #endif diff --git a/core/tee_portal.c b/core/tee_portal.c index 7d6418b..05e430a 100644 --- a/core/tee_portal.c +++ b/core/tee_portal.c @@ -78,27 +78,6 @@ static int send_portal_smc(const struct portal_t *param) return ret; } -#ifndef CONFIG_NOCOPY_SHAREDMEM -static int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, - uint32_t offset, uint32_t buffer_size, uint64_t info_addr) -{ - (void)start_vaddr; - (void)pages_no; - (void)offset; - (void)buffer_size; - (void)info_addr; - tloge("shared memory is unsupported\n"); - return -EINVAL; -} - -static void release_shared_mem_page(uint64_t buf, uint32_t buf_size) -{ - (void)buf; - (void)buf_size; - tloge("shared memory is unsupported\n"); -} -#endif - static int init_portal_node(struct portal_t *portal, struct agent_ioctl_args *args, void* owner) { int ret = 0; diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index 791c563..2e691f7 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -51,7 +51,7 @@ struct mailbox_info { struct posix_proxy_control { struct mutex lock; - struct list_head_list; + struct list_head list; }; static struct posix_proxy_control g_posix_proxy_control; @@ -112,7 +112,7 @@ static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) } #ifdef DEF_ENG -static void attribute((unused)) dump_posix_proxy_list(void) +static void __attribute__((unused)) dump_posix_proxy_list(void) { tloge("==== dump posix_proxy_list start ====\n"); struct posix_proxy_node *posix_proxy = NULL; -- Gitee From f58def8dcb550572a586cd1b24476893e18f3014 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 23 Apr 2024 15:55:20 +0800 Subject: [PATCH 04/15] add container support --- core/tc_client_driver.c | 69 ++++++++++--------- core/tc_client_driver.h | 19 +++++- core/tc_cvm_driver.c | 97 +++++++++++++++++++++++++-- core/tee_portal.c | 29 +++++--- core/tee_portal.h | 4 +- tzdriver_internal/tee_reboot/reboot.c | 8 +++ 6 files changed, 177 insertions(+), 49 deletions(-) diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 70848d2..ebca46a 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -101,9 +101,6 @@ static struct device_node *g_dev_node; struct dev_node g_tc_client; struct dev_node g_tc_private; -#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) -struct dev_node g_tc_cvm; -#endif #ifdef CONFIG_ACPI static int g_acpi_irq; @@ -118,6 +115,11 @@ struct tc_ns_dev_list g_tc_ns_dev_list; static bool g_init_succ = false; +struct class *get_driver_class(void) +{ + return g_driver_class; +} + static void set_tz_init_flag(void) { g_init_succ = true; @@ -1131,7 +1133,7 @@ static int create_dev_node(struct dev_node *node) return ret; } node->class_dev = device_create(node->driver_class, NULL, node->devt, - NULL, node->node_name); + NULL, "%s", node->node_name); if (IS_ERR_OR_NULL(node->class_dev)) { tloge("class device create failed"); ret = -ENOMEM; @@ -1149,7 +1151,7 @@ chrdev_region_unregister: return ret; } -static int init_dev_node(struct dev_node *node, char *node_name, +int init_dev_node(struct dev_node *node, const char *node_name, struct class *driver_class, const struct file_operations *fops) { int ret = -1; @@ -1165,8 +1167,12 @@ static int init_dev_node(struct dev_node *node, char *node_name, return ret; } -static void destory_dev_node(struct dev_node *node, struct class *driver_class) +void destory_dev_node(struct dev_node *node, struct class *driver_class) { + if (!node || !driver_class) { + tloge("node/driver is NULL\n"); + return; + } device_destroy(driver_class, node->devt); unregister_chrdev_region(node->devt, 1); return; @@ -1192,13 +1198,14 @@ static int enable_dev_nodes(void) } #if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - ret = cdev_add(&(g_tc_cvm.char_dev), - MKDEV(MAJOR(g_tc_cvm.devt), 0), 1); - if (ret < 0) { - tloge("cdev add failed %d", ret); - cdev_del(&(g_tc_client.char_dev)); - cdev_del(&(g_tc_private.char_dev)); - return ret; + if (is_ccos()) { + ret = init_cvm_node_file(); + if (ret != 0) { + tloge("cdev add failed %d", ret); + cdev_del(&(g_tc_client.char_dev)); + cdev_del(&(g_tc_private.char_dev)); + return ret; + } } #endif return 0; @@ -1207,7 +1214,7 @@ static int enable_dev_nodes(void) static char *tee_devnode(struct device *dev, umode_t *mode) { if (strcmp(dev_name(dev), TC_NS_CVM_DEV) == 0) - *mode = S_IRUSER | S_IWUSER | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; + *mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; return NULL; } @@ -1248,16 +1255,6 @@ static int tc_ns_client_init(void) goto unmap_res_mem; } -#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - ret = init_dev_node(&g_tc_cvm, TC_NS_CVM_DEV, g_driver_class, get_cvm_fops()); - if (ret != 0) { - destory_dev_node(&g_tc_private, g_driver_class); - destory_dev_node(&g_tc_client, g_driver_class); - class_destroy(g_driver_class); - goto unmap_res_mem; - } -#endif - INIT_LIST_HEAD(&g_tc_ns_dev_list.dev_file_list); mutex_init(&g_tc_ns_dev_list.dev_lock); init_crypto_hash_lock(); @@ -1278,10 +1275,20 @@ static int tc_teeos_init(struct device *class_dev) return ret; } +#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) + if (is_ccos()) { + ret = init_cvm_node(); + if (ret != 0) { + tloge("init cvm node failed\n"); + goto smc_data_free; + } + } +#endif + ret = tee_init_reboot_thread(); if (ret != 0) { tloge("init reboot thread failed\n"); - goto smc_data_free; + goto cvm_node_free; } ret = reserved_mempool_init(); @@ -1315,7 +1322,12 @@ release_resmem: free_reserved_mempool(); reboot_thread_free: free_reboot_thread(); +cvm_node_free: +#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) + if (is_ccos()) + destroy_cvm_node(); smc_data_free: +#endif free_smc_data(); return ret; } @@ -1402,9 +1414,6 @@ static __init int tc_init(void) return 0; class_device_destroy: -#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - destory_dev_node(&g_tc_cvm, g_driver_class); -#endif destory_dev_node(&g_tc_client, g_driver_class); destory_dev_node(&g_tc_private, g_driver_class); class_destroy(g_driver_class); @@ -1433,7 +1442,7 @@ static void tc_exit(void) * prevent access to the device node when uninstalling "tzdriver". */ #if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - cdev_del(&(g_tc_cvm.char_dev)); + destroy_cvm_node_file(); #endif cdev_del(&(g_tc_private.char_dev)); cdev_del(&(g_tc_client.char_dev)); @@ -1443,7 +1452,7 @@ static void tc_exit(void) free_tz_spi(g_tc_client.class_dev); /* run-time environment exit should before teeos exit */ #if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - destory_dev_node(&g_tc_cvm, g_driver_class); + destroy_cvm_node(); #endif destory_dev_node(&g_tc_client, g_driver_class); diff --git a/core/tc_client_driver.h b/core/tc_client_driver.h index 45f758a..774fbd3 100644 --- a/core/tc_client_driver.h +++ b/core/tc_client_driver.h @@ -28,9 +28,18 @@ struct dev_node { dev_t devt; struct device *class_dev; const struct file_operations *fops; - char *node_name; + const char *node_name; }; +struct dev_ops { + bool dev_node_inited; + bool dev_file_inited; + int (*init_dev_node)(struct dev_node *node, const char *node_name, + struct class *driver_class, const struct file_operations *fops); + void (*destroy_dev_node)(struct dev_node *node, struct class *driver_class); +}; + +struct class *get_driver_class(void); bool get_tz_init_flag(void); struct tc_ns_dev_list *get_dev_list(void); struct tc_ns_dev_file *tc_find_dev_file(unsigned int dev_file_id); @@ -38,9 +47,15 @@ int tc_ns_client_open(struct tc_ns_dev_file **dev_file, uint8_t kernel_api); int tc_ns_client_close(struct tc_ns_dev_file *dev); int is_agent_alive(unsigned int agent_id, unsigned int nsid); int tc_ns_register_host_nsid(void); +int init_dev_node(struct dev_node *node, const char *node_name, + struct class *driver_class, const struct file_operations *fops); +void destory_dev_node(struct dev_node *node, struct class *driver_class); #if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) -const struct file_operations *get_cvm_fops(void); +int init_cvm_node(void); +int init_cvm_node_file(void); +void destroy_cvm_node_file(void); +void destroy_cvm_node(void); #endif void handle_cmd_prepare(unsigned int cmd); diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index 70ab308..99a7c3a 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -73,11 +73,11 @@ static int teleport_ioctl(struct file *file, unsigned int cmd, unsigned long arg nsid = task_active_pid_ns(current)->ns.inum; ((struct tc_ns_dev_file *)file->private_data)->nsid = nsid; #else - nsid = PROC_ID_INIT_INO; + nsid = PROC_PID_INIT_INO; #endif switch(cmd) { -#ifdef CONFIG_CONFIDENTIAL_CONTAINER +#ifdef CONFIG_TEE_TELEPORT_SUPPORT case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: ret = tee_portal_register(file->private_data, argp); break; @@ -120,9 +120,22 @@ static long tc_cvm_ioctl(struct file *file, unsigned int cmd, tloge("check tee_teleport path failed\n"); break; #endif - default: - ret = public_ioctl(file, cmd, arg, false); + +#ifdef CONFIG_TEE_AGENTD_AUTH + case TC_NS_CLIENT_IOCTL_REGISTER_AGENT: + case TC_NS_CLIENT_IOCTL_UNREGISTER_AGENT: + case TC_NS_CLIENT_IOCTL_SEND_EVENT_RESPONSE: + case TC_NS_CLIENT_IOCTL_WAIT_EVENT: + case TC_NS_CLIENT_IOCTL_LOAD_APP_REQ: + case TC_NS_CLIENT_IOCTL_CHECK_CCOS: + if (check_tee_agentd_auth() == 0) + ret = public_ioctl(file, cmd, arg, false); + else + tloge("check agentd path failed\n"); break; +#endif + default: + tloge("invalid cmd!\n"); } handle_cmd_finish(cmd); @@ -151,9 +164,9 @@ static int tc_cvm_close(struct inode *inode, struct file *file) #ifdef CONFIG_TEE_TELEPORT_SUPPORT if (dev->portal_enabled) tee_portal_unregister(file->private_data); -#endif #ifdef CROSS_DOMAIN_PERF (void)tee_posix_proxy_unregister_all_tasklet(file->private_data); +#endif #endif if (is_system_agent(dev)) { send_crashed_event_response_single(dev); @@ -176,8 +189,78 @@ static const struct file_operations g_cvm_fops = { #endif }; -const struct file_operations *get_cvm_fops(void) +static struct dev_node g_tc_cvm; +static struct dev_ops g_tc_cvm_ops = { + .dev_node_inited = false, + .dev_file_inited = false, + .init_dev_node = init_dev_node, + .destroy_dev_node = destory_dev_node +}; + +int init_cvm_node(void) +{ + int ret = 0; + struct class *driver_class = NULL; + if (g_tc_cvm_ops.dev_node_inited) + return 0; + + driver_class = get_driver_class(); + if (g_tc_cvm_ops.init_dev_node != NULL && g_tc_cvm_ops.destroy_dev_node != NULL && + driver_class != NULL) { + ret = g_tc_cvm_ops.init_dev_node(&g_tc_cvm, TC_NS_CVM_DEV, driver_class, &g_cvm_fops); + if (ret != 0) { + tloge("create tc_ns_cvm device node failed\n"); + return -1; + } + g_tc_cvm_ops.dev_node_inited = true; + return 0; + } + + return -1; +} + +int init_cvm_node_file(void) +{ + int ret = 0; + struct class *driver_class = NULL; + if (!g_tc_cvm_ops.dev_node_inited) + return -1; + + if (g_tc_cvm_ops.dev_file_inited) + return 0; + + ret = cdev_add(&(g_tc_cvm.char_dev), + MKDEV(MAJOR(g_tc_cvm.devt), 0), 1); + if (ret < 0) { + tloge("create /dev/tc_ns_cvm device node file failed\n"); + driver_class = get_driver_class(); + if (g_tc_cvm_ops.destroy_dev_node != NULL && driver_class != NULL) + g_tc_cvm_ops.destroy_dev_node(&g_tc_cvm, driver_class); + g_tc_cvm_ops.dev_node_inited = false; + return ret; + } + g_tc_cvm_ops.dev_file_inited = true; + return 0; +} + +void destroy_cvm_node_file(void) +{ + if (!g_tc_cvm_ops.dev_file_inited) + return; + + cdev_del(&(g_tc_cvm.char_dev)); + g_tc_cvm_ops.dev_file_inited = false; +} + +void destroy_cvm_node(void) { - return &g_cvm_fops; + struct class *driver_class = NULL; + if (!g_tc_cvm_ops.dev_node_inited) + return; + + driver_class = get_driver_class(); + if (g_tc_cvm_ops.destroy_dev_node != NULL && driver_class != NULL) + g_tc_cvm_ops.destroy_dev_node(&g_tc_cvm, driver_class); + g_tc_cvm_ops.dev_node_inited = false; } #endif diff --git a/core/tee_portal.c b/core/tee_portal.c index 05e430a..566047b 100644 --- a/core/tee_portal.c +++ b/core/tee_portal.c @@ -23,6 +23,8 @@ #include #include #include +#include +#include #define TEE_PORTAL_EVENT_REGISTER_SHM 0 #define TEE_PORTAL_EVENT_UNREGISTER_SHM 1 @@ -65,10 +67,11 @@ static int send_portal_smc(const struct portal_t *param) smc_cmd.login_data_h_addr = param->mb_h_addr; smc_cmd.login_data_len = param->size; smc_cmd.uid = kuid.val; + smc_cmd.pid = current->tgid; ret = tc_ns_smc(&smc_cmd); if (ret != 0) { - tloge("smc call returns error ret 0x%x\n", smc_cmd.ret_val); + tloge("portal smc call returns error 0x%x\n", smc_cmd.ret_val); if (smc_cmd.ret_val == TEEC_ERROR_SERVICE_NOT_EXIST) return -EOPNOTSUPP; else if (smc_cmd.ret_val == TEEC_ERROR_OUT_OF_MEMORY) @@ -94,7 +97,7 @@ static int init_portal_node(struct portal_t *portal, struct agent_ioctl_args *ar return -ENOMEM; } - if (fill_shared_mem_info(start_vaddr, page_num, 0, args->buffer_size, (uint64_t)mb_buff)) { + if (fill_shared_mem_info(start_vaddr, page_num, 0, args->buffer_size, (uint64_t)mb_buff) != 0) { tloge("cannot fill shared memory info\n"); mailbox_free(mb_buff); return -EFAULT; @@ -124,6 +127,7 @@ int tee_portal_register(void *owner, void __user *arg) { int ret; struct agent_ioctl_args args; + struct portal_t *portal = NULL; if (owner == NULL || arg == NULL) return -EFAULT; @@ -139,7 +143,6 @@ int tee_portal_register(void *owner, void __user *arg) return -EFAULT; } - struct portal_t *portal; portal = (struct portal_t *)kmalloc(sizeof(struct portal_t), GFP_KERNEL); if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)(portal))) { tloge("failed to alloc mem for portal node!\n"); @@ -150,7 +153,8 @@ int tee_portal_register(void *owner, void __user *arg) if (check_portal_exist(owner)) { mutex_unlock(&g_portal_lock); tloge("illegal register request!\n"); - return -EFAULT; + ret = -EFAULT; + goto clean; } ret = init_portal_node(portal, &args, owner); @@ -165,7 +169,7 @@ int tee_portal_register(void *owner, void __user *arg) ret = send_portal_smc(portal); if (ret != 0) { - release_shared_mem_page(portal->buf, portal->size); + release_shared_mem_page((uint64_t)(uintptr_t)portal->buf, portal->size); mailbox_free(portal->buf); mutex_lock(&g_portal_lock); list_del(&portal->list); @@ -185,11 +189,20 @@ clean: int tee_portal_unregister(const void *owner) { int ret; + struct portal_t *pos = NULL; + bool found = false; + uint32_t nsid; + if (!owner) return -EFAULT; - struct portal_t *pos; - bool found = false; +#ifdef CONFIG_CONFIDENTIAL_CONTAINER + struct tc_ns_dev_file *dev = (struct tc_ns_dev_file *)owner; + nsid = dev->nsid; +#else + nsid = PROC_PID_INIT_INO; +#endif + mutex_lock(&g_portal_lock); list_for_each_entry(pos, &g_portal_head.list, list) { if (pos->owner == owner) { @@ -207,7 +220,7 @@ int tee_portal_unregister(const void *owner) pos->event = TEE_PORTAL_EVENT_UNREGISTER_SHM; ret = send_portal_smc(pos); - release_shared_mem_page(pos->buf, pos->size); + release_shared_mem_page((uint64_t)(uintptr_t)pos->buf, pos->size); mailbox_free(pos->buf); list_del(&pos->list); diff --git a/core/tee_portal.h b/core/tee_portal.h index 10c392f..d715030 100644 --- a/core/tee_portal.h +++ b/core/tee_portal.h @@ -11,8 +11,8 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ -#ifndef TEE_PORTAL_H -#define TEE_PORTAL_H +#ifndef TEE_PORTAL +#define TEE_PORTAL int tee_portal_register(void *owner, void __user *arg); int tee_portal_unregister(const void *owner); diff --git a/tzdriver_internal/tee_reboot/reboot.c b/tzdriver_internal/tee_reboot/reboot.c index 520e7cc..e539825 100644 --- a/tzdriver_internal/tee_reboot/reboot.c +++ b/tzdriver_internal/tee_reboot/reboot.c @@ -29,6 +29,7 @@ #include "ko_adapt.h" #include "tz_kthread_affinity.h" #include "tc_client_driver.h" +#include "tee_compat_check.h" #include #include @@ -333,6 +334,13 @@ int tee_reboot(void) tee_alarm_clear(TEE_CRASH); kill_teecd_and_tlogcat(); +#if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) + if (is_ccos()) { + (void)init_cvm_node(); + (void)init_cvm_node_file(); + } +#endif + return 0; err: -- Gitee From 197a299906ba7fe17cc200e3ebdb42ffb62a5bad Mon Sep 17 00:00:00 2001 From: typhoonow Date: Fri, 26 Apr 2024 02:19:15 +0000 Subject: [PATCH 05/15] update core/tc_cvm_driver.c. Signed-off-by: typhoonow --- core/tc_cvm_driver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index 99a7c3a..8e92ee9 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -71,7 +71,10 @@ static int teleport_ioctl(struct file *file, unsigned int cmd, unsigned long arg #ifdef CONFIG_CONFIDENTIAL_CONTAINER nsid = task_active_pid_ns(current)->ns.inum; - ((struct tc_ns_dev_file *)file->private_data)->nsid = nsid; + if (file->private_data != NULL) + ((struct tc_ns_dev_file *)file->private_data)->nsid = nsid; + else + return ret; #else nsid = PROC_PID_INIT_INO; #endif -- Gitee From 99afc2c0d461df342a06e7c3fbfa6aa6feb918d4 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Fri, 26 Apr 2024 02:23:23 +0000 Subject: [PATCH 06/15] update core/tee_portal.c. Signed-off-by: typhoonow --- core/tee_portal.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/tee_portal.c b/core/tee_portal.c index 566047b..81bd67f 100644 --- a/core/tee_portal.c +++ b/core/tee_portal.c @@ -235,6 +235,9 @@ int tee_portal_work(const void *owner) int ret = -EFAULT; bool found = false; + if (owner == NULL) + return ret; + mutex_lock(&g_portal_lock); list_for_each_entry(pos, &g_portal_head.list, list) { if (pos->owner == owner) { -- Gitee From 16d2137f35726a908833424c2bda10d04e1d4e6b Mon Sep 17 00:00:00 2001 From: typhoonow Date: Mon, 29 Apr 2024 02:42:41 +0000 Subject: [PATCH 07/15] add LICENSE. Signed-off-by: typhoonow --- LICENSE | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ee58399 --- /dev/null +++ b/LICENSE @@ -0,0 +1,127 @@ + 木兰宽松许可证, 第2版 + + 木兰宽松许可证, 第2版 + 2020年1月 http://license.coscl.org.cn/MulanPSL2 + + + 您对“软件”的复制、使用、修改及分发受木兰宽松许可证,第2版(“本许可证”)的如下条款的约束: + + 0. 定义 + + “软件”是指由“贡献”构成的许可在“本许可证”下的程序和相关文档的集合。 + + “贡献”是指由任一“贡献者”许可在“本许可证”下的受版权法保护的作品。 + + “贡献者”是指将受版权法保护的作品许可在“本许可证”下的自然人或“法人实体”。 + + “法人实体”是指提交贡献的机构及其“关联实体”。 + + “关联实体”是指,对“本许可证”下的行为方而言,控制、受控制或与其共同受控制的机构,此处的控制是指有受控方或共同受控方至少50%直接或间接的投票权、资金或其他有价证券。 + + 1. 授予版权许可 + + 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的版权许可,您可以复制、使用、修改、分发其“贡献”,不论修改与否。 + + 2. 授予专利许可 + + 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的(根据本条规定撤销除外)专利许可,供您制造、委托制造、使用、许诺销售、销售、进口其“贡献”或以其他方式转移其“贡献”。前述专利许可仅限于“贡献者”现在或将来拥有或控制的其“贡献”本身或其“贡献”与许可“贡献”时的“软件”结合而将必然会侵犯的专利权利要求,不包括对“贡献”的修改或包含“贡献”的其他结合。如果您或您的“关联实体”直接或间接地,就“软件”或其中的“贡献”对任何人发起专利侵权诉讼(包括反诉或交叉诉讼)或其他专利维权行动,指控其侵犯专利权,则“本许可证”授予您对“软件”的专利许可自您提起诉讼或发起维权行动之日终止。 + + 3. 无商标许可 + + “本许可证”不提供对“贡献者”的商品名称、商标、服务标志或产品名称的商标许可,但您为满足第4条规定的声明义务而必须使用除外。 + + 4. 分发限制 + + 您可以在任何媒介中将“软件”以源程序形式或可执行形式重新分发,不论修改与否,但您必须向接收者提供“本许可证”的副本,并保留“软件”中的版权、商标、专利及免责声明。 + + 5. 免责声明与责任限制 + + “软件”及其中的“贡献”在提供时不带任何明示或默示的担保。在任何情况下,“贡献者”或版权所有者不对任何人因使用“软件”或其中的“贡献”而引发的任何直接或间接损失承担责任,不论因何种原因导致或者基于何种法律理论,即使其曾被建议有此种损失的可能性。 + + 6. 语言 + “本许可证”以中英文双语表述,中英文版本具有同等法律效力。如果中英文版本存在任何冲突不一致,以中文版为准。 + + 条款结束 + + 如何将木兰宽松许可证,第2版,应用到您的软件 + + 如果您希望将木兰宽松许可证,第2版,应用到您的新软件,为了方便接收者查阅,建议您完成如下三步: + + 1, 请您补充如下声明中的空白,包括软件名、软件的首次发表年份以及您作为版权人的名字; + + 2, 请您在软件包的一级目录下创建以“LICENSE”为名的文件,将整个许可证文本放入该文件中; + + 3, 请将如下声明文本放入每个源文件的头部注释中。 + + Copyright (c) [Year] [name of copyright holder] + [Software Name] is licensed under Mulan PSL v2. + You can use this software according to the terms and conditions of the Mulan PSL v2. + You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 + THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + See the Mulan PSL v2 for more details. + + + Mulan Permissive Software License,Version 2 + + Mulan Permissive Software License,Version 2 (Mulan PSL v2) + January 2020 http://license.coscl.org.cn/MulanPSL2 + + Your reproduction, use, modification and distribution of the Software shall be subject to Mulan PSL v2 (this License) with the following terms and conditions: + + 0. Definition + + Software means the program and related documents which are licensed under this License and comprise all Contribution(s). + + Contribution means the copyrightable work licensed by a particular Contributor under this License. + + Contributor means the Individual or Legal Entity who licenses its copyrightable work under this License. + + Legal Entity means the entity making a Contribution and all its Affiliates. + + Affiliates means entities that control, are controlled by, or are under common control with the acting entity under this License, ‘control’ means direct or indirect ownership of at least fifty percent (50%) of the voting power, capital or other securities of controlled or commonly controlled entity. + + 1. Grant of Copyright License + + Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable copyright license to reproduce, use, modify, or distribute its Contribution, with modification or not. + + 2. Grant of Patent License + + Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (except for revocation under this Section) patent license to make, have made, use, offer for sale, sell, import or otherwise transfer its Contribution, where such patent license is only limited to the patent claims owned or controlled by such Contributor now or in future which will be necessarily infringed by its Contribution alone, or by combination of the Contribution with the Software to which the Contribution was contributed. The patent license shall not apply to any modification of the Contribution, and any other combination which includes the Contribution. If you or your Affiliates directly or indirectly institute patent litigation (including a cross claim or counterclaim in a litigation) or other patent enforcement activities against any individual or entity by alleging that the Software or any Contribution in it infringes patents, then any patent license granted to you under this License for the Software shall terminate as of the date such litigation or activity is filed or taken. + + 3. No Trademark License + + No trademark license is granted to use the trade names, trademarks, service marks, or product names of Contributor, except as required to fulfill notice requirements in Section 4. + + 4. Distribution Restriction + + You may distribute the Software in any medium with or without modification, whether in source or executable forms, provided that you provide recipients with a copy of this License and retain copyright, patent, trademark and disclaimer statements in the Software. + + 5. Disclaimer of Warranty and Limitation of Liability + + THE SOFTWARE AND CONTRIBUTION IN IT ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL ANY CONTRIBUTOR OR COPYRIGHT HOLDER BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO ANY DIRECT, OR INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OR INABILITY TO USE THE SOFTWARE OR THE CONTRIBUTION IN IT, NO MATTER HOW IT’S CAUSED OR BASED ON WHICH LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + + 6. Language + + THIS LICENSE IS WRITTEN IN BOTH CHINESE AND ENGLISH, AND THE CHINESE VERSION AND ENGLISH VERSION SHALL HAVE THE SAME LEGAL EFFECT. IN THE CASE OF DIVERGENCE BETWEEN THE CHINESE AND ENGLISH VERSIONS, THE CHINESE VERSION SHALL PREVAIL. + + END OF THE TERMS AND CONDITIONS + + How to Apply the Mulan Permissive Software License,Version 2 (Mulan PSL v2) to Your Software + + To apply the Mulan PSL v2 to your work, for easy identification by recipients, you are suggested to complete following three steps: + + i Fill in the blanks in following statement, including insert your software name, the year of the first publication of your software, and your name identified as the copyright owner; + + ii Create a file named “LICENSE” which contains the whole context of this License in the first directory of your software package; + + iii Attach the statement to the appropriate annotated syntax at the beginning of each source file. + + + Copyright (c) [Year] [name of copyright holder] + [Software Name] is licensed under Mulan PSL v2. + You can use this software according to the terms and conditions of the Mulan PSL v2. + You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 + THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + See the Mulan PSL v2 for more details. -- Gitee From deb41845ee8ac7f7b02fc05ddb2c388bb97945e7 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Mon, 29 Apr 2024 02:44:53 +0000 Subject: [PATCH 08/15] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20LI?= =?UTF-8?q?CENSE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- LICENSE | 127 -------------------------------------------------------- 1 file changed, 127 deletions(-) delete mode 100644 LICENSE diff --git a/LICENSE b/LICENSE deleted file mode 100644 index ee58399..0000000 --- a/LICENSE +++ /dev/null @@ -1,127 +0,0 @@ - 木兰宽松许可证, 第2版 - - 木兰宽松许可证, 第2版 - 2020年1月 http://license.coscl.org.cn/MulanPSL2 - - - 您对“软件”的复制、使用、修改及分发受木兰宽松许可证,第2版(“本许可证”)的如下条款的约束: - - 0. 定义 - - “软件”是指由“贡献”构成的许可在“本许可证”下的程序和相关文档的集合。 - - “贡献”是指由任一“贡献者”许可在“本许可证”下的受版权法保护的作品。 - - “贡献者”是指将受版权法保护的作品许可在“本许可证”下的自然人或“法人实体”。 - - “法人实体”是指提交贡献的机构及其“关联实体”。 - - “关联实体”是指,对“本许可证”下的行为方而言,控制、受控制或与其共同受控制的机构,此处的控制是指有受控方或共同受控方至少50%直接或间接的投票权、资金或其他有价证券。 - - 1. 授予版权许可 - - 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的版权许可,您可以复制、使用、修改、分发其“贡献”,不论修改与否。 - - 2. 授予专利许可 - - 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的(根据本条规定撤销除外)专利许可,供您制造、委托制造、使用、许诺销售、销售、进口其“贡献”或以其他方式转移其“贡献”。前述专利许可仅限于“贡献者”现在或将来拥有或控制的其“贡献”本身或其“贡献”与许可“贡献”时的“软件”结合而将必然会侵犯的专利权利要求,不包括对“贡献”的修改或包含“贡献”的其他结合。如果您或您的“关联实体”直接或间接地,就“软件”或其中的“贡献”对任何人发起专利侵权诉讼(包括反诉或交叉诉讼)或其他专利维权行动,指控其侵犯专利权,则“本许可证”授予您对“软件”的专利许可自您提起诉讼或发起维权行动之日终止。 - - 3. 无商标许可 - - “本许可证”不提供对“贡献者”的商品名称、商标、服务标志或产品名称的商标许可,但您为满足第4条规定的声明义务而必须使用除外。 - - 4. 分发限制 - - 您可以在任何媒介中将“软件”以源程序形式或可执行形式重新分发,不论修改与否,但您必须向接收者提供“本许可证”的副本,并保留“软件”中的版权、商标、专利及免责声明。 - - 5. 免责声明与责任限制 - - “软件”及其中的“贡献”在提供时不带任何明示或默示的担保。在任何情况下,“贡献者”或版权所有者不对任何人因使用“软件”或其中的“贡献”而引发的任何直接或间接损失承担责任,不论因何种原因导致或者基于何种法律理论,即使其曾被建议有此种损失的可能性。 - - 6. 语言 - “本许可证”以中英文双语表述,中英文版本具有同等法律效力。如果中英文版本存在任何冲突不一致,以中文版为准。 - - 条款结束 - - 如何将木兰宽松许可证,第2版,应用到您的软件 - - 如果您希望将木兰宽松许可证,第2版,应用到您的新软件,为了方便接收者查阅,建议您完成如下三步: - - 1, 请您补充如下声明中的空白,包括软件名、软件的首次发表年份以及您作为版权人的名字; - - 2, 请您在软件包的一级目录下创建以“LICENSE”为名的文件,将整个许可证文本放入该文件中; - - 3, 请将如下声明文本放入每个源文件的头部注释中。 - - Copyright (c) [Year] [name of copyright holder] - [Software Name] is licensed under Mulan PSL v2. - You can use this software according to the terms and conditions of the Mulan PSL v2. - You may obtain a copy of Mulan PSL v2 at: - http://license.coscl.org.cn/MulanPSL2 - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - See the Mulan PSL v2 for more details. - - - Mulan Permissive Software License,Version 2 - - Mulan Permissive Software License,Version 2 (Mulan PSL v2) - January 2020 http://license.coscl.org.cn/MulanPSL2 - - Your reproduction, use, modification and distribution of the Software shall be subject to Mulan PSL v2 (this License) with the following terms and conditions: - - 0. Definition - - Software means the program and related documents which are licensed under this License and comprise all Contribution(s). - - Contribution means the copyrightable work licensed by a particular Contributor under this License. - - Contributor means the Individual or Legal Entity who licenses its copyrightable work under this License. - - Legal Entity means the entity making a Contribution and all its Affiliates. - - Affiliates means entities that control, are controlled by, or are under common control with the acting entity under this License, ‘control’ means direct or indirect ownership of at least fifty percent (50%) of the voting power, capital or other securities of controlled or commonly controlled entity. - - 1. Grant of Copyright License - - Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable copyright license to reproduce, use, modify, or distribute its Contribution, with modification or not. - - 2. Grant of Patent License - - Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (except for revocation under this Section) patent license to make, have made, use, offer for sale, sell, import or otherwise transfer its Contribution, where such patent license is only limited to the patent claims owned or controlled by such Contributor now or in future which will be necessarily infringed by its Contribution alone, or by combination of the Contribution with the Software to which the Contribution was contributed. The patent license shall not apply to any modification of the Contribution, and any other combination which includes the Contribution. If you or your Affiliates directly or indirectly institute patent litigation (including a cross claim or counterclaim in a litigation) or other patent enforcement activities against any individual or entity by alleging that the Software or any Contribution in it infringes patents, then any patent license granted to you under this License for the Software shall terminate as of the date such litigation or activity is filed or taken. - - 3. No Trademark License - - No trademark license is granted to use the trade names, trademarks, service marks, or product names of Contributor, except as required to fulfill notice requirements in Section 4. - - 4. Distribution Restriction - - You may distribute the Software in any medium with or without modification, whether in source or executable forms, provided that you provide recipients with a copy of this License and retain copyright, patent, trademark and disclaimer statements in the Software. - - 5. Disclaimer of Warranty and Limitation of Liability - - THE SOFTWARE AND CONTRIBUTION IN IT ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL ANY CONTRIBUTOR OR COPYRIGHT HOLDER BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO ANY DIRECT, OR INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OR INABILITY TO USE THE SOFTWARE OR THE CONTRIBUTION IN IT, NO MATTER HOW IT’S CAUSED OR BASED ON WHICH LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - - 6. Language - - THIS LICENSE IS WRITTEN IN BOTH CHINESE AND ENGLISH, AND THE CHINESE VERSION AND ENGLISH VERSION SHALL HAVE THE SAME LEGAL EFFECT. IN THE CASE OF DIVERGENCE BETWEEN THE CHINESE AND ENGLISH VERSIONS, THE CHINESE VERSION SHALL PREVAIL. - - END OF THE TERMS AND CONDITIONS - - How to Apply the Mulan Permissive Software License,Version 2 (Mulan PSL v2) to Your Software - - To apply the Mulan PSL v2 to your work, for easy identification by recipients, you are suggested to complete following three steps: - - i Fill in the blanks in following statement, including insert your software name, the year of the first publication of your software, and your name identified as the copyright owner; - - ii Create a file named “LICENSE” which contains the whole context of this License in the first directory of your software package; - - iii Attach the statement to the appropriate annotated syntax at the beginning of each source file. - - - Copyright (c) [Year] [name of copyright holder] - [Software Name] is licensed under Mulan PSL v2. - You can use this software according to the terms and conditions of the Mulan PSL v2. - You may obtain a copy of Mulan PSL v2 at: - http://license.coscl.org.cn/MulanPSL2 - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - See the Mulan PSL v2 for more details. -- Gitee From ddfc10ee9a75d13f309217af427a3d1865fa18af Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:36:32 +0000 Subject: [PATCH 09/15] update core/tee_posix_proxy.c. Signed-off-by: typhoonow --- core/tee_posix_proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index 2e691f7..388f21a 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -35,7 +35,7 @@ struct posix_proxy_node { struct list_head head; unsigned int nsid; /* namesapce id */ pid_t tp_pid; /* teleport pid, owner of posix_proxy_node with nsid */ - pid_t tp_ppid; /*teleport parent pid */ + pid_t tp_ppid; /* teleport parent pid */ struct posix_proxy_shm *ctrl_shm; struct posix_proxy_shm *data_shm; uint32_t event; -- Gitee From 0973c10915a528ac2440e723fd04c6fd5f167f39 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:38:34 +0000 Subject: [PATCH 10/15] update tc_ns_client.h. Signed-off-by: typhoonow --- tc_ns_client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tc_ns_client.h b/tc_ns_client.h index d928580..fc329f0 100644 --- a/tc_ns_client.h +++ b/tc_ns_client.h @@ -138,7 +138,7 @@ struct posix_proxy_ioctl_args { enum posix_proxy_shm_type shm_type; uint32_t buffer_size; union { - void * buffer; + void *buffer; unsigned long long addr; }; }; -- Gitee From 41d71bd26303944205e67036a9d0906be9be36ca Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:39:19 +0000 Subject: [PATCH 11/15] update core/tee_posix_proxy.c. Signed-off-by: typhoonow --- core/tee_posix_proxy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index 388f21a..6cc8f34 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -196,7 +196,6 @@ static int send_posix_proxy_smc(const struct posix_proxy_node *posix_proxy, cons /* smc_cmd.ca_pid and smc_cmd.nsid will set in tc_ns_smc() */ ret = tc_ns_smc(&smc_cmd); - if (ret != 0) { tloge("smc calll return error, ret 0x%x\n", smc_cmd.ret_val); if (smc_cmd.ret_val == TEEC_ERROR_SERVICE_NOT_EXIST) -- Gitee From 8d6cbdf6e67c274b74f533ff8dea406ae43443af Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:41:04 +0000 Subject: [PATCH 12/15] update core/tc_client_driver.c. Signed-off-by: typhoonow --- core/tc_client_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index ebca46a..ccc4651 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -1133,7 +1133,7 @@ static int create_dev_node(struct dev_node *node) return ret; } node->class_dev = device_create(node->driver_class, NULL, node->devt, - NULL, "%s", node->node_name); + NULL, "%s", node->node_name); if (IS_ERR_OR_NULL(node->class_dev)) { tloge("class device create failed"); ret = -ENOMEM; -- Gitee From 33772b38c27cbce3b7ca02caa203778f5772ba70 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:41:51 +0000 Subject: [PATCH 13/15] update core/tc_cvm_driver.c. Signed-off-by: typhoonow --- core/tc_cvm_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index 8e92ee9..ec208e8 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -233,7 +233,7 @@ int init_cvm_node_file(void) return 0; ret = cdev_add(&(g_tc_cvm.char_dev), - MKDEV(MAJOR(g_tc_cvm.devt), 0), 1); + MKDEV(MAJOR(g_tc_cvm.devt), 0), 1); if (ret < 0) { tloge("create /dev/tc_ns_cvm device node file failed\n"); driver_class = get_driver_class(); -- Gitee From 1c12e5639a32ecd872f31842c6eeec9e77da53cd Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:42:28 +0000 Subject: [PATCH 14/15] update core/tc_cvm_driver.c. Signed-off-by: typhoonow --- core/tc_cvm_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/tc_cvm_driver.c b/core/tc_cvm_driver.c index ec208e8..076aab1 100644 --- a/core/tc_cvm_driver.c +++ b/core/tc_cvm_driver.c @@ -79,7 +79,7 @@ static int teleport_ioctl(struct file *file, unsigned int cmd, unsigned long arg nsid = PROC_PID_INIT_INO; #endif - switch(cmd) { + switch (cmd) { #ifdef CONFIG_TEE_TELEPORT_SUPPORT case TC_NS_CLIENT_IOCTL_PORTAL_REGISTER: ret = tee_portal_register(file->private_data, argp); -- Gitee From 6d73a3a2aa7a75f3293531d47fa79e6113bd933c Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 30 Apr 2024 07:43:44 +0000 Subject: [PATCH 15/15] update core/tee_posix_proxy.c. Signed-off-by: typhoonow --- core/tee_posix_proxy.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/tee_posix_proxy.c b/core/tee_posix_proxy.c index 6cc8f34..698c206 100644 --- a/core/tee_posix_proxy.c +++ b/core/tee_posix_proxy.c @@ -104,7 +104,7 @@ static void destroy_posix_proxy_shm(struct posix_proxy_shm *shm) if (shm == NULL) return; - if(shm->buffer != NULL) { + if (shm->buffer != NULL) { release_shared_mem_page((uint64_t)(uintptr_t)shm->buffer, shm->size); kfree(shm->buffer); } @@ -156,9 +156,9 @@ static void deref_posix_proxy(struct posix_proxy_node *posix_proxy) if (atomic_dec_and_test(&posix_proxy->ref_cnt)) { if (list_empty(&posix_proxy->head) == 0) list_del(&posix_proxy->head); - if(posix_proxy->ctrl_shm != NULL) + if (posix_proxy->ctrl_shm != NULL) destroy_posix_proxy_shm(posix_proxy->ctrl_shm); - if(posix_proxy->data_shm != NULL) + if (posix_proxy->data_shm != NULL) destroy_posix_proxy_shm(posix_proxy->data_shm); kfree(posix_proxy); -- Gitee