AMD-TEE driver bug fixes
AMD-TEE driver keeps track of shared memory buffers and their corresponding buffer id's in a global linked list. These buffers are used to share data between x86 and AMD Secure Processor. This pull request fixes issues related to maintaining mapped buffers in a shared linked list. -----BEGIN PGP SIGNATURE----- iQJOBAABCgA4FiEEFV+gSSXZJY9ZyuB5LinzTIcAHJcFAl+o9ugaHGplbnMud2lr bGFuZGVyQGxpbmFyby5vcmcACgkQLinzTIcAHJevIA/7BGyE7xPy7oNh+0LPX4NH sUr7OUFvQ/XcHtFtGIF4UwFnA22mKq1hHGjITSphucW9TJZHKQFt++B+wB+XoUWk LCSaQR1zr3/LS5O4fIhAaKenEQmfSz2DCaMuGcV5dhlmsegsWQUWQe06ttoFNsR1 VTFIVvLGVdWPDVwSk/LsdJgESnBMalB+eDORIdyC5Gt6MaJxO/okQAWqC1T9VM7I HYS1xfczKjfmz8jlcR3S1Ea1oB9yK87LiUsI3wIYbi5TpcbHFS7eL5H6n2tIDh4N 57bBqwwV6qdLixWqSFA+3lIADf+vU5HkZPqbSxOPo9aiMXp6tYEE9zbtxJI8i4G9 pKVdUN905OCLPxFxo8TsVREUfAc8iMifF/YMtFqh3nVQeWbv7RknRRADbMs1m7Np 72nEWeIfZYINqDPcJFzD+gWbUfiqHrApkfL+dRZZrVbRN6hNPbjarzKMmltZRkKy FRQChnDf6BlVAl4Cb9vXllMUTqDaIPmhcNa22S4XQI32dRxOOTkHF1zEcELZSNr+ RfdKwb/u75uW5r0mze8TsuZdCIfvIXLpi4Am6ECwOAQ42vb41axeESKWNhl8E1Y6 bXG0SAnWX9gqy7ewJtCz7eQb6UasVrXmjkU22x38f6qsa5Xw7SAB1E+7cXeZozPg 2hlyomINmI/5IjoyLtvjHgg= =kkLP -----END PGP SIGNATURE----- Merge tag 'amdtee-fixes-for-5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/fixes AMD-TEE driver bug fixes AMD-TEE driver keeps track of shared memory buffers and their corresponding buffer id's in a global linked list. These buffers are used to share data between x86 and AMD Secure Processor. This pull request fixes issues related to maintaining mapped buffers in a shared linked list. * tag 'amdtee-fixes-for-5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee: tee: amdtee: synchronize access to shm list tee: amdtee: fix memory leak due to reset of global shm list Link: https://lore.kernel.org/r/20201109080809.GA3862873@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
Arnd Bergmann
commit
0461a1ae98
@ -64,9 +64,13 @@ struct amdtee_session {
|
|||||||
/**
|
/**
|
||||||
* struct amdtee_context_data - AMD-TEE driver context data
|
* struct amdtee_context_data - AMD-TEE driver context data
|
||||||
* @sess_list: Keeps track of sessions opened in current TEE context
|
* @sess_list: Keeps track of sessions opened in current TEE context
|
||||||
|
* @shm_list: Keeps track of buffers allocated and mapped in current TEE
|
||||||
|
* context
|
||||||
*/
|
*/
|
||||||
struct amdtee_context_data {
|
struct amdtee_context_data {
|
||||||
struct list_head sess_list;
|
struct list_head sess_list;
|
||||||
|
struct list_head shm_list;
|
||||||
|
struct mutex shm_mutex; /* synchronizes access to @shm_list */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct amdtee_driver_data {
|
struct amdtee_driver_data {
|
||||||
@ -89,10 +93,6 @@ struct amdtee_shm_data {
|
|||||||
u32 buf_id;
|
u32 buf_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct amdtee_shm_context {
|
|
||||||
struct list_head shmdata_list;
|
|
||||||
};
|
|
||||||
|
|
||||||
#define LOWER_TWO_BYTE_MASK 0x0000FFFF
|
#define LOWER_TWO_BYTE_MASK 0x0000FFFF
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -20,7 +20,6 @@
|
|||||||
|
|
||||||
static struct amdtee_driver_data *drv_data;
|
static struct amdtee_driver_data *drv_data;
|
||||||
static DEFINE_MUTEX(session_list_mutex);
|
static DEFINE_MUTEX(session_list_mutex);
|
||||||
static struct amdtee_shm_context shmctx;
|
|
||||||
|
|
||||||
static void amdtee_get_version(struct tee_device *teedev,
|
static void amdtee_get_version(struct tee_device *teedev,
|
||||||
struct tee_ioctl_version_data *vers)
|
struct tee_ioctl_version_data *vers)
|
||||||
@ -42,7 +41,8 @@ static int amdtee_open(struct tee_context *ctx)
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
INIT_LIST_HEAD(&ctxdata->sess_list);
|
INIT_LIST_HEAD(&ctxdata->sess_list);
|
||||||
INIT_LIST_HEAD(&shmctx.shmdata_list);
|
INIT_LIST_HEAD(&ctxdata->shm_list);
|
||||||
|
mutex_init(&ctxdata->shm_mutex);
|
||||||
|
|
||||||
ctx->data = ctxdata;
|
ctx->data = ctxdata;
|
||||||
return 0;
|
return 0;
|
||||||
@ -86,6 +86,7 @@ static void amdtee_release(struct tee_context *ctx)
|
|||||||
list_del(&sess->list_node);
|
list_del(&sess->list_node);
|
||||||
release_session(sess);
|
release_session(sess);
|
||||||
}
|
}
|
||||||
|
mutex_destroy(&ctxdata->shm_mutex);
|
||||||
kfree(ctxdata);
|
kfree(ctxdata);
|
||||||
|
|
||||||
ctx->data = NULL;
|
ctx->data = NULL;
|
||||||
@ -152,14 +153,17 @@ static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata,
|
|||||||
|
|
||||||
u32 get_buffer_id(struct tee_shm *shm)
|
u32 get_buffer_id(struct tee_shm *shm)
|
||||||
{
|
{
|
||||||
u32 buf_id = 0;
|
struct amdtee_context_data *ctxdata = shm->ctx->data;
|
||||||
struct amdtee_shm_data *shmdata;
|
struct amdtee_shm_data *shmdata;
|
||||||
|
u32 buf_id = 0;
|
||||||
|
|
||||||
list_for_each_entry(shmdata, &shmctx.shmdata_list, shm_node)
|
mutex_lock(&ctxdata->shm_mutex);
|
||||||
|
list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node)
|
||||||
if (shmdata->kaddr == shm->kaddr) {
|
if (shmdata->kaddr == shm->kaddr) {
|
||||||
buf_id = shmdata->buf_id;
|
buf_id = shmdata->buf_id;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
mutex_unlock(&ctxdata->shm_mutex);
|
||||||
|
|
||||||
return buf_id;
|
return buf_id;
|
||||||
}
|
}
|
||||||
@ -333,8 +337,9 @@ int amdtee_close_session(struct tee_context *ctx, u32 session)
|
|||||||
|
|
||||||
int amdtee_map_shmem(struct tee_shm *shm)
|
int amdtee_map_shmem(struct tee_shm *shm)
|
||||||
{
|
{
|
||||||
struct shmem_desc shmem;
|
struct amdtee_context_data *ctxdata;
|
||||||
struct amdtee_shm_data *shmnode;
|
struct amdtee_shm_data *shmnode;
|
||||||
|
struct shmem_desc shmem;
|
||||||
int rc, count;
|
int rc, count;
|
||||||
u32 buf_id;
|
u32 buf_id;
|
||||||
|
|
||||||
@ -362,7 +367,10 @@ int amdtee_map_shmem(struct tee_shm *shm)
|
|||||||
|
|
||||||
shmnode->kaddr = shm->kaddr;
|
shmnode->kaddr = shm->kaddr;
|
||||||
shmnode->buf_id = buf_id;
|
shmnode->buf_id = buf_id;
|
||||||
list_add(&shmnode->shm_node, &shmctx.shmdata_list);
|
ctxdata = shm->ctx->data;
|
||||||
|
mutex_lock(&ctxdata->shm_mutex);
|
||||||
|
list_add(&shmnode->shm_node, &ctxdata->shm_list);
|
||||||
|
mutex_unlock(&ctxdata->shm_mutex);
|
||||||
|
|
||||||
pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
|
pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
|
||||||
|
|
||||||
@ -371,6 +379,7 @@ int amdtee_map_shmem(struct tee_shm *shm)
|
|||||||
|
|
||||||
void amdtee_unmap_shmem(struct tee_shm *shm)
|
void amdtee_unmap_shmem(struct tee_shm *shm)
|
||||||
{
|
{
|
||||||
|
struct amdtee_context_data *ctxdata;
|
||||||
struct amdtee_shm_data *shmnode;
|
struct amdtee_shm_data *shmnode;
|
||||||
u32 buf_id;
|
u32 buf_id;
|
||||||
|
|
||||||
@ -381,12 +390,15 @@ void amdtee_unmap_shmem(struct tee_shm *shm)
|
|||||||
/* Unmap the shared memory from TEE */
|
/* Unmap the shared memory from TEE */
|
||||||
handle_unmap_shmem(buf_id);
|
handle_unmap_shmem(buf_id);
|
||||||
|
|
||||||
list_for_each_entry(shmnode, &shmctx.shmdata_list, shm_node)
|
ctxdata = shm->ctx->data;
|
||||||
|
mutex_lock(&ctxdata->shm_mutex);
|
||||||
|
list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node)
|
||||||
if (buf_id == shmnode->buf_id) {
|
if (buf_id == shmnode->buf_id) {
|
||||||
list_del(&shmnode->shm_node);
|
list_del(&shmnode->shm_node);
|
||||||
kfree(shmnode);
|
kfree(shmnode);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
mutex_unlock(&ctxdata->shm_mutex);
|
||||||
}
|
}
|
||||||
|
|
||||||
int amdtee_invoke_func(struct tee_context *ctx,
|
int amdtee_invoke_func(struct tee_context *ctx,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user