diff --git a/trustzone-awared-vm/Host/itrustee_tzdriver.patch b/trustzone-awared-vm/Host/itrustee_tzdriver.patch index cc47efdfd96c56a7fea0de1be190afa39d284ad7..7356e6fb34a64e317fbc20c736bfd794e3dbf006 100644 --- a/trustzone-awared-vm/Host/itrustee_tzdriver.patch +++ b/trustzone-awared-vm/Host/itrustee_tzdriver.patch @@ -1,11 +1,11 @@ -diff -Naur '--exclude=.git' itrustee_tzdriver/auth/auth_base_impl.c itrustee_tzdriver_new/auth/auth_base_impl.c ---- itrustee_tzdriver/auth/auth_base_impl.c 2023-11-24 16:18:54.355641440 +0800 -+++ itrustee_tzdriver_new/auth/auth_base_impl.c 2023-11-24 16:29:26.000000000 +0800 -@@ -332,11 +332,26 @@ - - return CHECK_ACCESS_SUCC; +diff -uprN itrustee_tzdriver/auth/auth_base_impl.c itrustee_tzdriver_new/auth/auth_base_impl.c +--- itrustee_tzdriver/auth/auth_base_impl.c 2024-07-12 11:08:59.353629380 +0800 ++++ itrustee_tzdriver_new/auth/auth_base_impl.c 2024-07-12 10:51:32.889629380 +0800 +@@ -336,11 +336,25 @@ int check_teecd_auth(void) + + +return CHECK_ACCESS_SUCC; } -+ +int check_proxy_auth(void) +{ + int ret = check_proc_uid_path(PROXY_PATH_UID_AUTH_CTX); @@ -18,7 +18,7 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/auth/auth_base_impl.c itrustee_tzd #else int check_teecd_auth(void) { - return 0; + return 0; } + +int check_proxy_auth(void) @@ -26,128 +26,136 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/auth/auth_base_impl.c itrustee_tzd + return 0; +} #endif - - #ifdef CONFIG_TEE_TELEPORT_AUTH -diff -Naur '--exclude=.git' itrustee_tzdriver/auth/auth_base_impl.h itrustee_tzdriver_new/auth/auth_base_impl.h ---- itrustee_tzdriver/auth/auth_base_impl.h 2023-11-24 16:18:54.355641440 +0800 -+++ itrustee_tzdriver_new/auth/auth_base_impl.h 2023-11-24 16:30:00.000000000 +0800 -@@ -84,6 +84,7 @@ + + +#ifdef CONFIG_TEE_TELEPORT_AUTH +diff -uprN itrustee_tzdriver/auth/auth_base_impl.h itrustee_tzdriver_new/auth/auth_base_impl.h +--- itrustee_tzdriver/auth/auth_base_impl.h 2024-07-12 11:08:59.353629380 +0800 ++++ itrustee_tzdriver_new/auth/auth_base_impl.h 2024-07-12 10:51:32.885629380 +0800 +@@ -84,6 +84,7 @@ void mutex_crypto_hash_lock(void); void mutex_crypto_hash_unlock(void); int check_hidl_auth(void); int check_teecd_auth(void); +int check_proxy_auth(void); #else - - static inline void free_shash_handle(void) -@@ -100,6 +101,11 @@ + + +static inline void free_shash_handle(void) +@@ -100,6 +101,11 @@ int check_teecd_auth(void) { - return 0; + return 0; } + +int check_proxy_auth(void) +{ + return 0; +} - - #endif /* CLIENT_AUTH || TEECD_AUTH */ - -diff -Naur '--exclude=.git' itrustee_tzdriver/core/agent.c itrustee_tzdriver_new/core/agent.c ---- itrustee_tzdriver/core/agent.c 2023-11-24 16:18:54.459641440 +0800 -+++ itrustee_tzdriver_new/core/agent.c 2023-11-25 20:40:44.109797330 +0800 -@@ -296,7 +296,8 @@ - return ret; + + +#endif /* CLIENT_AUTH || TEECD_AUTH */ + + +diff -uprN itrustee_tzdriver/core/agent.c itrustee_tzdriver_new/core/agent.c +--- itrustee_tzdriver/core/agent.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/agent.c 2024-07-12 10:51:32.865629380 +0800 +@@ -298,7 +298,8 @@ int tc_ns_set_native_hash(unsigned long + return ret; } - + + -int tc_ns_late_init(unsigned long arg) +int tc_ns_late_init(const struct tc_ns_dev_file *dev_file, + unsigned long arg) { - int ret = 0; - struct tc_ns_smc_cmd smc_cmd = { {0}, 0 }; -@@ -318,6 +319,8 @@ - smc_cmd.operation_h_phys = - (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; - + int ret = 0; + struct tc_ns_smc_cmd smc_cmd = { {0}, 0 }; +@@ -320,6 +321,8 @@ int tc_ns_late_init(unsigned long arg) + smc_cmd.operation_h_phys = + (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; + + + if (dev_file->isVM) + smc_cmd.nsid = dev_file->nsid; - if (tc_ns_smc(&smc_cmd)) { - ret = -EPERM; - tloge("late int failed\n"); -@@ -595,7 +598,8 @@ - return ret; + if (tc_ns_smc(&smc_cmd)) { + ret = -EPERM; + tloge("late int failed\n"); +@@ -597,7 +600,8 @@ int tc_ns_wait_event(unsigned int agent_ + return ret; } - + + -int tc_ns_sync_sys_time(const struct tc_ns_client_time *tc_ns_time) +int tc_ns_sync_sys_time(const struct tc_ns_dev_file *dev_file, + const struct tc_ns_client_time *tc_ns_time) { - struct tc_ns_smc_cmd smc_cmd = { {0}, 0 }; - int ret = 0; -@@ -621,6 +625,8 @@ - smc_cmd.operation_phys = mailbox_virt_to_phys((uintptr_t)&mb_pack->operation); - smc_cmd.operation_h_phys = - (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; + struct tc_ns_smc_cmd smc_cmd = { {0}, 0 }; + int ret = 0; +@@ -623,6 +627,8 @@ int tc_ns_sync_sys_time(const struct tc_ + smc_cmd.operation_phys = mailbox_virt_to_phys((uintptr_t)&mb_pack->operation); + smc_cmd.operation_h_phys = + (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; + if (dev_file && dev_file->isVM) + smc_cmd.nsid = dev_file->nsid; - if (tc_ns_smc(&smc_cmd)) { - tloge("tee adjust time failed, return error\n"); - ret = -EPERM; -@@ -630,7 +636,8 @@ - return ret; + if (tc_ns_smc(&smc_cmd)) { + tloge("tee adjust time failed, return error\n"); + ret = -EPERM; +@@ -632,7 +638,8 @@ int tc_ns_sync_sys_time(const struct tc_ + return ret; } - + + -int sync_system_time_from_user(const struct tc_ns_client_time *user_time) +int sync_system_time_from_user(const struct tc_ns_dev_file *dev_file, + const struct tc_ns_client_time *user_time) { - int ret = 0; - struct tc_ns_client_time time = { 0 }; -@@ -645,7 +652,7 @@ - return -EFAULT; - } - + int ret = 0; + struct tc_ns_client_time time = { 0 }; +@@ -647,7 +654,7 @@ int sync_system_time_from_user(const str + return -EFAULT; + } + + - ret = tc_ns_sync_sys_time(&time); + ret = tc_ns_sync_sys_time(dev_file, &time); - if (ret != 0) - tloge("sync system time from user failed, ret = 0x%x\n", ret); - -@@ -663,7 +670,7 @@ - time.seconds = (uint32_t)kernel_time.ts.tv_sec; - time.millis = (uint32_t)(kernel_time.ts.tv_nsec / MS_TO_NS); - + if (ret != 0) + tloge("sync system time from user failed, ret = 0x%x\n", ret); + + +@@ -665,7 +672,7 @@ void sync_system_time_from_kernel(void) + time.seconds = (uint32_t)kernel_time.ts.tv_sec; + time.millis = (uint32_t)(kernel_time.ts.tv_nsec / MS_TO_NS); + + - ret = tc_ns_sync_sys_time(&time); + ret = tc_ns_sync_sys_time(NULL, &time); - if (ret != 0) - tloge("sync system time from kernel failed, ret = 0x%x\n", ret); - -@@ -947,6 +954,8 @@ - nsid = task_active_pid_ns(current)->ns.inum; - if (dev_file != NULL && dev_file->nsid == 0) - dev_file->nsid = nsid; + if (ret != 0) + tloge("sync system time from kernel failed, ret = 0x%x\n", ret); + + +@@ -949,6 +956,8 @@ int tc_ns_register_agent(struct tc_ns_de + nsid = task_active_pid_ns(current)->ns.inum; + if (dev_file != NULL && dev_file->nsid == 0) + dev_file->nsid = nsid; + if (dev_file->isVM) + nsid = dev_file->nsid; #endif - - if (is_agent_already_exist(agent_id, nsid, &event_data, dev_file, &find_flag)) -@@ -1384,3 +1393,4 @@ - put_agent_event(event_data); - } - } -+ -diff -Naur '--exclude=.git' itrustee_tzdriver/core/agent.h itrustee_tzdriver_new/core/agent.h ---- itrustee_tzdriver/core/agent.h 2023-11-24 16:18:54.459641440 +0800 -+++ itrustee_tzdriver_new/core/agent.h 2023-11-24 16:33:18.000000000 +0800 -@@ -118,7 +118,8 @@ - unsigned int agent_id, unsigned int nsid); + + +if (is_agent_already_exist(agent_id, nsid, &event_data, dev_file, &find_flag)) +diff -uprN itrustee_tzdriver/core/agent.h itrustee_tzdriver_new/core/agent.h +--- itrustee_tzdriver/core/agent.h 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/agent.h 2024-07-12 10:51:32.861629380 +0800 +@@ -118,7 +118,8 @@ int agent_process_work(const struct tc_n + unsigned int agent_id, unsigned int nsid); int is_agent_alive(unsigned int agent_id, unsigned int nsid); int tc_ns_set_native_hash(unsigned long arg, unsigned int cmd_id); -int tc_ns_late_init(unsigned long arg); +int tc_ns_late_init(const struct tc_ns_dev_file *dev_file, + unsigned long arg); int tc_ns_register_agent(struct tc_ns_dev_file *dev_file, unsigned int agent_id, - unsigned int buffer_size, void **buffer, bool user_agent); + unsigned int buffer_size, void **buffer, bool user_agent); int tc_ns_unregister_agent(unsigned int agent_id, unsigned int nsid); -@@ -126,7 +127,8 @@ +@@ -126,7 +127,8 @@ void send_crashed_event_response_all(con int tc_ns_wait_event(unsigned int agent_id, unsigned int nsid); int tc_ns_send_event_response(unsigned int agent_id, unsigned int nsid); void send_crashed_event_response_single(const struct tc_ns_dev_file *dev_file); @@ -156,14 +164,15 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/agent.h itrustee_tzdriver_new + const struct tc_ns_client_time *user_time); void sync_system_time_from_kernel(void); int tee_agent_clear_work(struct tc_ns_client_context *context, - unsigned int dev_file_id); -diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_new/core/gp_ops.c ---- itrustee_tzdriver/core/gp_ops.c 2023-11-24 16:18:54.459641440 +0800 -+++ itrustee_tzdriver_new/core/gp_ops.c 2023-11-24 16:40:48.000000000 +0800 -@@ -312,6 +312,84 @@ - return 0; + unsigned int dev_file_id); +diff -uprN itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_new/core/gp_ops.c +--- itrustee_tzdriver/core/gp_ops.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/gp_ops.c 2024-07-12 10:51:32.845629380 +0800 +@@ -231,6 +231,84 @@ int write_to_client(void __user *dest, s + return 0; } - + + +int read_from_VMclient(void *dest, size_t dest_size, + const void __user *src, size_t size, pid_t vm_pid) +{ @@ -244,21 +253,23 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne + static bool is_input_tempmem(unsigned int param_type) { - if (param_type == TEEC_MEMREF_TEMP_INPUT || -@@ -321,7 +399,8 @@ - return false; + if (param_type == TEEC_MEMREF_TEMP_INPUT || +@@ -240,7 +318,8 @@ static bool is_input_tempmem(unsigned in + return false; } - + + -static int update_input_data(const union tc_ns_client_param *client_param, +static int update_input_data(const struct tc_call_params *call_params, + const union tc_ns_client_param *client_param, - uint32_t buffer_size, void *temp_buf, - unsigned int param_type, uint8_t kernel_params) + uint32_t buffer_size, void *temp_buf, + unsigned int param_type, uint8_t kernel_params) { -@@ -331,11 +410,22 @@ - - buffer_addr = client_param->memref.buffer | - ((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM); +@@ -250,11 +329,22 @@ static int update_input_data(const union + + +buffer_addr = client_param->memref.buffer | + ((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM); - if (read_from_client(temp_buf, buffer_size, - (void *)(uintptr_t)buffer_addr, - buffer_size, kernel_params) != 0) { @@ -280,43 +291,49 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne + tloge("copy memref buffer failed\n"); + return -EFAULT; + } - } - return 0; + } + return 0; } -@@ -393,7 +483,7 @@ - op_params->local_tmpbuf[index].temp_buffer = temp_buf; - op_params->local_tmpbuf[index].size = buffer_size; - +@@ -312,7 +402,7 @@ static int alloc_for_tmp_mem(const struc + op_params->local_tmpbuf[index].temp_buffer = temp_buf; + op_params->local_tmpbuf[index].size = buffer_size; + + - if (update_input_data(client_param, buffer_size, temp_buf, + if (update_input_data(call_params, client_param, buffer_size, temp_buf, - param_type, kernel_params) != 0) - return -EFAULT; - -@@ -405,8 +495,9 @@ - return 0; + param_type, kernel_params) != 0) + return -EFAULT; + + +@@ -324,8 +414,9 @@ static int alloc_for_tmp_mem(const struc + return 0; } - + + -static int check_buffer_for_ref(uint32_t *buffer_size, - const union tc_ns_client_param *client_param, uint8_t kernel_params) +static int check_buffer_for_ref(const struct tc_call_params *call_params, + uint32_t *buffer_size, const union tc_ns_client_param *client_param, + uint8_t kernel_params) { - uint64_t size_addr = client_param->memref.size_addr | - ((uint64_t)client_param->memref.size_h_addr << ADDR_TRANS_NUM); -@@ -497,7 +588,7 @@ - return -EINVAL; - - client_param = &(call_params->context->params[index]); + uint64_t size_addr = client_param->memref.size_addr | + ((uint64_t)client_param->memref.size_h_addr << ADDR_TRANS_NUM); +@@ -416,7 +507,7 @@ static int alloc_for_ref_mem(const struc + return -EINVAL; + + +client_param = &(call_params->context->params[index]); - if (check_buffer_for_ref(&buffer_size, client_param, kernel_params) != 0) + if (check_buffer_for_ref(call_params, &buffer_size, client_param, kernel_params) != 0) - return -EINVAL; - - op_params->mb_pack->operation.params[index].memref.buffer = 0; -@@ -572,6 +663,134 @@ - return 0; + return -EINVAL; + + +op_params->mb_pack->operation.params[index].memref.buffer = 0; +@@ -491,6 +582,134 @@ static int check_buffer_for_sharedmem(ui + return 0; } - + + +typedef union { + struct{ + uint64_t user_addr; @@ -446,28 +463,27 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne +} + static int transfer_shared_mem(const struct tc_call_params *call_params, - struct tc_op_params *op_params, uint8_t kernel_params, - uint32_t param_type, unsigned int index) -@@ -580,10 +799,11 @@ - void *start_vaddr = NULL; - union tc_ns_client_param *client_param = NULL; - uint32_t buffer_size; + struct tc_op_params *op_params, uint8_t kernel_params, + uint32_t param_type, unsigned int index) +@@ -499,10 +718,11 @@ static int transfer_shared_mem(const str + void *start_vaddr = NULL; + union tc_ns_client_param *client_param = NULL; + uint32_t buffer_size; - uint32_t pages_no; + uint32_t pages_no = 0; - uint32_t offset; - uint32_t buff_len; - uint64_t buffer_addr; + uint32_t offset; + uint32_t buff_len; + uint64_t buffer_addr; + uint32_t i; - - if (index >= TEE_PARAM_NUM) - return -EINVAL; -@@ -591,22 +811,59 @@ - client_param = &(call_params->context->params[index]); - if (check_buffer_for_sharedmem(&buffer_size, client_param, kernel_params)) - return -EINVAL; -- - buffer_addr = client_param->memref.buffer | - ((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM); + + +if (index >= TEE_PARAM_NUM) + return -EINVAL; +@@ -513,19 +733,57 @@ static int transfer_shared_mem(const str + + +buffer_addr = client_param->memref.buffer | + ((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM); - buff = (void *)(uint64_t)(buffer_addr + client_param->memref.offset); - start_vaddr = (void *)(((uint64_t)buff) & PAGE_MASK); - offset = ((uint32_t)(uintptr_t)buff) & (~PAGE_MASK); @@ -477,7 +493,8 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne - buff = mailbox_alloc(buff_len, MB_FLAG_ZERO); - if (buff == NULL) - return -EFAULT; - + + - if (fill_shared_mem_info((uint64_t)start_vaddr, pages_no, offset, buffer_size, (uint64_t)buff)) { - mailbox_free(buff); - return -EFAULT; @@ -531,13 +548,14 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne + mailbox_free(buff); + return -EFAULT; + } - } - - op_params->local_tmpbuf[index].temp_buffer = buff; -@@ -775,13 +1032,24 @@ - if (buffer_size == 0) - return 0; - /* Only update the buffer when the buffer size is valid in complete case */ + } + + +op_params->local_tmpbuf[index].temp_buffer = buff; +@@ -695,13 +953,24 @@ static int update_tmp_mem(const struct t + if (buffer_size == 0) + return 0; + /* Only update the buffer when the buffer size is valid in complete case */ - if (write_to_client((void *)(uintptr_t)buffer_addr, - operation->params[index].memref.size, - op_params->local_tmpbuf[index].temp_buffer, @@ -563,25 +581,25 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_ne + tloge("copy tempbuf failed\n"); + return -ENOMEM; + } - } - return 0; + } + return 0; } -@@ -958,7 +1226,10 @@ - } else if (param_type == TEEC_MEMREF_SHARED_INOUT) { +@@ -871,7 +1140,10 @@ static void free_operation_params(const #ifdef CONFIG_NOCOPY_SHAREDMEM - temp_buf = local_tmpbuf[index].temp_buffer; + tlogd("free_operation_params release nocopy or register shm\n"); + temp_buf = local_tmpbuf[index].temp_buffer; - if (temp_buf != NULL) { + if (temp_buf != NULL && call_params->dev->isVM) { + release_vm_shared_mem_page(temp_buf, local_tmpbuf[index].size, call_params->dev->vm_page_size); + mailbox_free(temp_buf); + } else if (temp_buf != NULL && !call_params->dev->isVM) { - release_shared_mem_page(temp_buf, local_tmpbuf[index].size); - mailbox_free(temp_buf); - } -diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.h itrustee_tzdriver_new/core/gp_ops.h ---- itrustee_tzdriver/core/gp_ops.h 2023-11-24 16:18:54.459641440 +0800 -+++ itrustee_tzdriver_new/core/gp_ops.h 2023-11-24 16:41:14.000000000 +0800 -@@ -30,5 +30,9 @@ + release_shared_mem_page(temp_buf, local_tmpbuf[index].size); + mailbox_free(temp_buf); + } +diff -uprN itrustee_tzdriver/core/gp_ops.h itrustee_tzdriver_new/core/gp_ops.h +--- itrustee_tzdriver/core/gp_ops.h 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/gp_ops.h 2024-07-12 10:51:32.841629380 +0800 +@@ -28,5 +28,9 @@ int tc_client_call(const struct tc_call_ bool is_tmp_mem(uint32_t param_type); bool is_ref_mem(uint32_t param_type); bool is_val_param(uint32_t param_type); @@ -589,32 +607,35 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/gp_ops.h itrustee_tzdriver_ne + const void *src, size_t size, pid_t vm_pid); +int read_from_VMclient(void *dest, size_t dest_size, + const void __user *src, size_t size, pid_t vm_pid); - - #endif -diff -Naur '--exclude=.git' itrustee_tzdriver/core/session_manager.c itrustee_tzdriver_new/core/session_manager.c ---- itrustee_tzdriver/core/session_manager.c 2023-11-24 16:18:54.459641440 +0800 -+++ itrustee_tzdriver_new/core/session_manager.c 2023-11-24 16:45:46.000000000 +0800 -@@ -595,7 +595,7 @@ + + +#endif +diff -uprN itrustee_tzdriver/core/session_manager.c itrustee_tzdriver_new/core/session_manager.c +--- itrustee_tzdriver/core/session_manager.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/session_manager.c 2024-07-12 10:51:32.801629380 +0800 +@@ -589,7 +589,7 @@ static struct tc_ns_service *tc_ref_serv } - - static int tc_ns_service_init(const unsigned char *uuid, uint32_t uuid_len, + + +static int tc_ns_service_init(const unsigned char *uuid, uint32_t uuid_len, - struct tc_ns_service **new_service) + struct tc_ns_service **new_service, uint32_t nsid) { - int ret = 0; - struct tc_ns_service *service = NULL; -@@ -616,7 +616,7 @@ - } - - #ifdef CONFIG_CONFIDENTIAL_CONTAINER + int ret = 0; + struct tc_ns_service *service = NULL; +@@ -610,7 +610,7 @@ static int tc_ns_service_init(const unsi + } + + +#ifdef CONFIG_CONFIDENTIAL_CONTAINER - service->nsid = task_active_pid_ns(current)->ns.inum; + service->nsid = nsid; #else - service->nsid = PROC_PID_INIT_INO; + service->nsid = PROC_PID_INIT_INO; #endif -@@ -654,7 +654,11 @@ - struct tc_ns_service *service = NULL; - bool is_full = false; +@@ -648,7 +648,11 @@ static struct tc_ns_service *find_servic + struct tc_ns_service *service = NULL; + bool is_full = false; #ifdef CONFIG_CONFIDENTIAL_CONTAINER - unsigned int nsid = task_active_pid_ns(current)->ns.inum; + unsigned int nsid; @@ -623,21 +644,21 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/session_manager.c itrustee_tz + else + nsid = task_active_pid_ns(current)->ns.inum; #else - unsigned int nsid = PROC_PID_INIT_INO; + unsigned int nsid = PROC_PID_INIT_INO; #endif -@@ -683,7 +687,7 @@ - goto add_service; - } - /* Create a new service if we couldn't find it in list */ +@@ -677,7 +681,7 @@ static struct tc_ns_service *find_servic + goto add_service; + } + /* Create a new service if we couldn't find it in list */ - ret = tc_ns_service_init(context->uuid, UUID_LEN, &service); + ret = tc_ns_service_init(context->uuid, UUID_LEN, &service, nsid); - /* unlock after init to make sure find service from all is correct */ - mutex_unlock(&g_service_list_lock); - if (ret != 0) { -@@ -797,10 +801,19 @@ - } - return 0; - } + /* unlock after init to make sure find service from all is correct */ + mutex_unlock(&g_service_list_lock); + if (ret != 0) { +@@ -791,10 +795,19 @@ static int32_t load_image_copy_file(stru + } + return 0; + } - if (copy_from_user(params->mb_load_mem + sizeof(load_flag), - (const void __user *)params->file_buffer + loaded_size, load_size)) { - tloge("file buf get fail\n"); @@ -655,13 +676,14 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/session_manager.c itrustee_tz + tloge("file buf get failed \n"); + return -EFAULT; + } - } - return 0; + } + return 0; } -@@ -1379,10 +1392,109 @@ - return ret; +@@ -1387,10 +1400,109 @@ find_session: + return ret; } - + + +static int process_vm_ref(struct tc_ns_dev_file *dev_file, + struct tc_ns_client_context *context, unsigned long long *vm_buffers) +{ @@ -755,9 +777,9 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/session_manager.c itrustee_tz +} + static int ioctl_session_send_cmd(struct tc_ns_dev_file *dev_file, - struct tc_ns_client_context *context, void *argp) + struct tc_ns_client_context *context, void *argp) { - int ret; + int ret; + unsigned long long vm_buffers[TEE_PARAM_NUM]={0}; + + if (dev_file->isVM && @@ -765,27 +787,29 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/session_manager.c itrustee_tz + tloge("copy from VM memref failed\n"); + return -EFAULT; + } - - ret = tc_ns_send_cmd(dev_file, context); - if (ret != 0) -@@ -1391,6 +1503,11 @@ - if (ret == 0) - ret = -EFAULT; - } + + +ret = tc_ns_send_cmd(dev_file, context); + if (ret != 0) +@@ -1399,6 +1511,11 @@ static int ioctl_session_send_cmd(struct + if (ret == 0) + ret = -EFAULT; + } + if (ret ==0 && dev_file->isVM && + process_vm_ref_end(dev_file, context, vm_buffers)) { + tloge("copy to VM memref failed\n"); + return -EFAULT; + } - return ret; + return ret; } - -diff -Naur '--exclude=.git' itrustee_tzdriver/core/shared_mem.c itrustee_tzdriver_new/core/shared_mem.c ---- itrustee_tzdriver/core/shared_mem.c 2023-11-24 16:18:54.463641440 +0800 -+++ itrustee_tzdriver_new/core/shared_mem.c 2023-11-24 16:46:18.000000000 +0800 -@@ -116,6 +116,35 @@ - put_page(page); - } + + +diff -uprN itrustee_tzdriver/core/shared_mem.c itrustee_tzdriver_new/core/shared_mem.c +--- itrustee_tzdriver/core/shared_mem.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/shared_mem.c 2024-07-12 10:51:32.793629380 +0800 +@@ -120,6 +120,36 @@ void release_shared_mem_page(uint64_t bu + put_page(page); + } } + + @@ -816,54 +840,60 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/shared_mem.c itrustee_tzdrive + last_page = page; + } +} - #endif - - #ifdef CONFIG_SHARED_MEM_RESERVED -diff -Naur '--exclude=.git' itrustee_tzdriver/core/shared_mem.h itrustee_tzdriver_new/core/shared_mem.h ---- itrustee_tzdriver/core/shared_mem.h 2023-11-24 16:18:54.463641440 +0800 -+++ itrustee_tzdriver_new/core/shared_mem.h 2023-11-24 16:46:46.000000000 +0800 -@@ -65,5 +65,6 @@ ++ + #else + + +int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, +diff -uprN itrustee_tzdriver/core/shared_mem.h itrustee_tzdriver_new/core/shared_mem.h +--- itrustee_tzdriver/core/shared_mem.h 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/shared_mem.h 2024-07-12 10:51:32.789629380 +0800 +@@ -64,5 +64,5 @@ void free_spi_mem(uint64_t spi_vaddr); int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no, - uint32_t offset, uint32_t buffer_size, uint64_t info_addr); + uint32_t offset, uint32_t buffer_size, uint64_t info_addr); void release_shared_mem_page(uint64_t buf, uint32_t buf_size); +- +void release_vm_shared_mem_page(uint64_t buf, uint32_t buf_size, uint32_t vm_page_size); #endif - #endif -diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_tzdriver_new/core/tc_client_driver.c ---- itrustee_tzdriver/core/tc_client_driver.c 2023-11-24 16:18:54.463641440 +0800 -+++ itrustee_tzdriver_new/core/tc_client_driver.c 2023-11-24 16:53:12.000000000 +0800 -@@ -181,6 +181,8 @@ - smc_cmd.operation_h_phys = - (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; - +diff -uprN itrustee_tzdriver/core/tc_client_driver.c itrustee_tzdriver_new/core/tc_client_driver.c +--- itrustee_tzdriver/core/tc_client_driver.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/tc_client_driver.c 2024-07-12 10:51:32.749629380 +0800 +@@ -186,6 +186,8 @@ static int tc_ns_get_tee_version(const s + smc_cmd.operation_h_phys = + (uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM; + + + if (dev_file->isVM) + smc_cmd.nsid = dev_file->nsid; - if (tc_ns_smc(&smc_cmd) != 0) { - ret = -EPERM; - tloge("smc call returns error ret 0x%x\n", smc_cmd.ret_val); -@@ -307,10 +309,14 @@ - - static int tc_login_check(const struct tc_ns_dev_file *dev_file) + if (tc_ns_smc(&smc_cmd) != 0) { + ret = -EPERM; + tloge("smc call returns error ret 0x%x\n", smc_cmd.ret_val); +@@ -312,10 +314,14 @@ static int client_login_prepare(uint8_t + + +static int tc_login_check(const struct tc_ns_dev_file *dev_file) { - int ret = check_teecd_auth(); - if (ret != 0) { - tloge("teec auth failed, ret %d\n", ret); - return -EACCES; + int ret; -+ ret =check_proxy_auth(); ++ ret = check_proxy_auth(); + if (ret) { + ret = check_teecd_auth(); + if (ret != 0) { + tloge("teec auth failed, ret %d\n", ret); + return -EACCES; + } - } - - if (!dev_file) -@@ -713,12 +719,55 @@ - return ret; + } + + +if (!dev_file) +@@ -718,12 +724,55 @@ static int ioctl_check_is_ccos(void __us + return ret; } - + + +static int copy_buf_to_VM(unsigned int agent_id, unsigned int nsid, + unsigned long buffer_addr, unsigned int vmpid) +{ @@ -909,16 +939,16 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t /* ioctls for the secure storage daemon */ int public_ioctl(const struct file *file, unsigned int cmd, unsigned long arg, bool is_from_client_node) { - int ret = -EINVAL; - struct tc_ns_dev_file *dev_file = NULL; - uint32_t nsid = get_nsid(); + int ret = -EINVAL; + struct tc_ns_dev_file *dev_file = NULL; + uint32_t nsid = get_nsid(); + unsigned long tmp[2]; - void *argp = (void __user *)(uintptr_t)arg; - if (file == NULL || file->private_data == NULL) { - tloge("invalid params\n"); -@@ -726,18 +775,34 @@ - } - dev_file = file->private_data; + void *argp = (void __user *)(uintptr_t)arg; + if (file == NULL || file->private_data == NULL) { + tloge("invalid params\n"); +@@ -731,18 +780,34 @@ int public_ioctl(const struct file *file + } + dev_file = file->private_data; #ifdef CONFIG_CONFIDENTIAL_CONTAINER - dev_file->nsid = nsid; + if (dev_file != NULL && dev_file->nsid == 0) @@ -926,7 +956,8 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t + if (dev_file->isVM) + nsid = dev_file->nsid; #endif - + + + if (dev_file->isVM) { + if (copy_from_user(tmp, (void *)(uintptr_t)arg, sizeof(tmp)) != 0) { + tloge("copy agent args failed\n"); @@ -934,28 +965,29 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t + } + arg = tmp[0]; + } - switch (cmd) { - case TC_NS_CLIENT_IOCTL_WAIT_EVENT: - if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0) - return -EINVAL; - ret = tc_ns_wait_event((unsigned int)arg, nsid); + switch (cmd) { + case TC_NS_CLIENT_IOCTL_WAIT_EVENT: + if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0) + return -EINVAL; + ret = tc_ns_wait_event((unsigned int)arg, nsid); + if (!ret && dev_file->isVM) { + ret = copy_buf_to_VM(tmp[0], nsid, tmp[1], dev_file->vmpid); + } - break; - case TC_NS_CLIENT_IOCTL_SEND_EVENT_RESPONSE: - if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0) - return -EINVAL; + break; + case TC_NS_CLIENT_IOCTL_SEND_EVENT_RESPONSE: + if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0) + return -EINVAL; + if (dev_file->isVM) { + ret = copy_buf_from_VM(tmp[0], nsid, tmp[1], dev_file->vmpid); + } - ret = tc_ns_send_event_response((unsigned int)arg, nsid); - break; - case TC_NS_CLIENT_IOCTL_REGISTER_AGENT: -@@ -834,6 +899,14 @@ - return ret; + ret = tc_ns_send_event_response((unsigned int)arg, nsid); + break; + case TC_NS_CLIENT_IOCTL_REGISTER_AGENT: +@@ -839,6 +904,14 @@ static int tc_client_agent_ioctl(const s + return ret; } - + + +int set_vm_flag(struct tc_ns_dev_file *dev_file, int vmid) +{ + dev_file->nsid = vmid; @@ -966,49 +998,51 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t + void handle_cmd_prepare(unsigned int cmd) { - if (cmd != TC_NS_CLIENT_IOCTL_WAIT_EVENT && -@@ -853,6 +926,10 @@ + if (cmd != TC_NS_CLIENT_IOCTL_WAIT_EVENT && +@@ -858,6 +931,10 @@ static long tc_private_ioctl(struct file { - int ret = -EFAULT; - void *argp = (void __user *)(uintptr_t)arg; + int ret = -EFAULT; + void *argp = (void __user *)(uintptr_t)arg; + if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) { + tlogd(" before set_vm_flag \n"); + return set_vm_flag(file->private_data, (int)arg); + } - handle_cmd_prepare(cmd); - switch (cmd) { - case TC_NS_CLIENT_IOCTL_GET_TEE_VERSION: -@@ -867,10 +944,10 @@ - mutex_unlock(&g_set_ca_hash_lock); - break; - case TC_NS_CLIENT_IOCTL_LATEINIT: + handle_cmd_prepare(cmd); + switch (cmd) { + case TC_NS_CLIENT_IOCTL_GET_TEE_VERSION: +@@ -872,10 +949,10 @@ static long tc_private_ioctl(struct file + mutex_unlock(&g_set_ca_hash_lock); + break; + case TC_NS_CLIENT_IOCTL_LATEINIT: - ret = tc_ns_late_init(arg); + ret = tc_ns_late_init(file->private_data, arg); - break; - case TC_NS_CLIENT_IOCTL_SYC_SYS_TIME: + break; + case TC_NS_CLIENT_IOCTL_SYC_SYS_TIME: - ret = sync_system_time_from_user( + ret = sync_system_time_from_user(file->private_data, - (struct tc_ns_client_time *)(uintptr_t)arg); - break; - default: -@@ -889,6 +966,10 @@ - int ret = -EFAULT; - void *argp = (void __user *)(uintptr_t)arg; - + (struct tc_ns_client_time *)(uintptr_t)arg); + break; + default: +@@ -894,6 +971,10 @@ static long tc_client_ioctl(struct file + int ret = -EFAULT; + void *argp = (void __user *)(uintptr_t)arg; + + + if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) { + tlogd(" before set_vm_flag \n"); + return set_vm_flag(file->private_data, (int)arg); + } - handle_cmd_prepare(cmd); - switch (cmd) { - case TC_NS_CLIENT_IOCTL_SES_OPEN_REQ: -@@ -920,20 +1001,30 @@ + handle_cmd_prepare(cmd); + switch (cmd) { + case TC_NS_CLIENT_IOCTL_SES_OPEN_REQ: +@@ -925,20 +1006,30 @@ static int tc_client_open(struct inode * { - int ret; - struct tc_ns_dev_file *dev = NULL; + int ret; + struct tc_ns_dev_file *dev = NULL; + int vm = 0; - (void)inode; - + (void)inode; + + - ret = check_teecd_auth(); - if (ret != 0) { - tloge("teec auth failed, ret %d\n", ret); @@ -1022,13 +1056,14 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t + } + } else { + vm = 1; - } - - file->private_data = NULL; - ret = tc_ns_client_open(&dev, TEE_REQ_FROM_USER_MODE); + } + + +file->private_data = NULL; + ret = tc_ns_client_open(&dev, TEE_REQ_FROM_USER_MODE); - if (ret == 0) + if (ret == 0) { - file->private_data = dev; + file->private_data = dev; + if (vm) + dev->isVM = true; + } @@ -1037,133 +1072,136 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.c itrustee_t + if (!vm && check_teecd_auth() == 0) + get_teecd_pid(); #endif - return ret; + return ret; } -diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_client_driver.h itrustee_tzdriver_new/core/tc_client_driver.h ---- itrustee_tzdriver/core/tc_client_driver.h 2023-11-24 16:18:54.463641440 +0800 -+++ itrustee_tzdriver_new/core/tc_client_driver.h 2023-11-24 16:53:36.000000000 +0800 -@@ -38,6 +38,7 @@ +diff -uprN itrustee_tzdriver/core/tc_client_driver.h itrustee_tzdriver_new/core/tc_client_driver.h +--- itrustee_tzdriver/core/tc_client_driver.h 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/tc_client_driver.h 2024-07-12 10:51:32.741629380 +0800 +@@ -47,6 +47,7 @@ int tc_ns_client_open(struct tc_ns_dev_f int tc_ns_client_close(struct tc_ns_dev_file *dev); int is_agent_alive(unsigned int agent_id, unsigned int nsid); int tc_ns_register_host_nsid(void); +int set_vm_flag(struct tc_ns_dev_file *dev_file, int vmid); - - #if defined(CONFIG_CONFIDENTIAL_CONTAINER) || defined(CONFIG_TEE_TELEPORT_SUPPORT) - const struct file_operations *get_cvm_fops(void); -diff -Naur '--exclude=.git' itrustee_tzdriver/core/tc_cvm_driver.c itrustee_tzdriver_new/core/tc_cvm_driver.c ---- itrustee_tzdriver/core/tc_cvm_driver.c 2023-11-24 16:18:54.463641440 +0800 -+++ itrustee_tzdriver_new/core/tc_cvm_driver.c 2023-11-24 16:56:40.000000000 +0800 -@@ -57,6 +57,10 @@ + int init_dev_node(struct dev_node *node, const char *node_name, + struct class *driver_class, const struct file_operations *fops); + void destory_dev_node(struct dev_node *node, struct class *driver_class); +diff -uprN itrustee_tzdriver/core/tc_cvm_driver.c itrustee_tzdriver_new/core/tc_cvm_driver.c +--- itrustee_tzdriver/core/tc_cvm_driver.c 2024-07-12 11:08:59.357629380 +0800 ++++ itrustee_tzdriver_new/core/tc_cvm_driver.c 2024-07-12 10:51:32.737629380 +0800 +@@ -104,6 +104,10 @@ static long tc_cvm_ioctl(struct file *fi { - int ret = -EFAULT; - void *argp = (void __user *)(uintptr_t)arg; + int ret = -EFAULT; + void *argp = (void __user *)(uintptr_t)arg; + if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) { + tlogd(" before set_vm_flag \n"); + return set_vm_flag(file->private_data, (int)arg); + } - handle_cmd_prepare(cmd); - - switch (cmd) { -diff -Naur '--exclude=.git' itrustee_tzdriver/Makefile itrustee_tzdriver_new/Makefile ---- itrustee_tzdriver/Makefile 2023-11-24 16:18:54.007641440 +0800 -+++ itrustee_tzdriver_new/Makefile 2023-11-24 16:58:48.000000000 +0800 -@@ -37,8 +37,8 @@ libboundscheck/src/securecutil.o libboundscheck/src/secureprintoutput_a.o libbou - endif - - # you should config right path according to your run-time environment --KPATH := /usr/src/kernels --KDIR := $(KPATH)/$(shell ls $(KPATH)) -+KERN_VER = $(shell uname -r) -+KDIR = /lib/modules/$(KERN_VER)/build - - EXTRA_CFLAGS += -isystem /usr/lib/gcc/aarch64-linux-gnu/10.3.1/include - EXTRA_CFLAGS += -isystem /usr/lib/gcc/aarch64-openEuler-linux-gnu/12/include -@@ -49,6 +49,7 @@ EXTRA_CFLAGS += -DCONFIG_CPU_AFF_NR=0 -DCONFIG_BIG_SESSION=100 -DCONFIG_NOTIFY_P - EXTRA_CFLAGS += -DCONFIG_TEE_LOG_ACHIVE_PATH=\"/var/log/tee/last_teemsg\" - EXTRA_CFLAGS += -DNOT_TRIGGER_AP_RESET -DLAST_TEE_MSG_ROOT_GID -DCONFIG_NOCOPY_SHAREDMEM -DCONFIG_TA_AFFINITY=y -DCONFIG_TA_AFFINITY_CPU_NUMS=128 - EXTRA_CFLAGS += -DTEECD_PATH_UID_AUTH_CTX=\"/usr/bin/teecd:0\" -+EXTRA_CFLAGS += -DPROXY_PATH_UID_AUTH_CTX=\"/usr/bin/vtz_proxy:0\" + handle_cmd_prepare(cmd); + + +switch (cmd) { +diff -uprN itrustee_tzdriver/Makefile itrustee_tzdriver_new/Makefile +--- itrustee_tzdriver/Makefile 2024-07-12 11:08:59.353629380 +0800 ++++ itrustee_tzdriver_new/Makefile 2024-07-12 10:51:32.641629380 +0800 +@@ -54,6 +54,7 @@ EXTRA_CFLAGS += -DCONFIG_CPU_AFF_NR=0 -D + EXTRA_CFLAGS += -DCONFIG_TEE_LOG_ACHIVE_PATH="/var/log/tee/last_teemsg" + EXTRA_CFLAGS += -DNOT_TRIGGER_AP_RESET -DLAST_TEE_MSG_ROOT_GID -DCONFIG_NOCOPY_SHAREDMEM -DCONFIG_REGISTER_SHAREDMEM -DCONFIG_TA_AFFINITY=y -DCONFIG_TA_AFFINITY_CPU_NUMS=128 + EXTRA_CFLAGS += -DTEECD_PATH_UID_AUTH_CTX="/usr/bin/teecd:0" ++EXTRA_CFLAGS += -DPROXY_PATH_UID_AUTH_CTX="/usr/bin/vtz_proxy:0" EXTRA_CFLAGS += -DCONFIG_AUTH_SUPPORT_UNAME -DCONFIG_AUTH_HASH -std=gnu99 EXTRA_CFLAGS += -DCONFIG_TEE_UPGRADE -DCONFIG_TEE_REBOOT -DCONFIG_CONFIDENTIAL_TEE EXTRA_CFLAGS += -I$(PWD)/tzdriver_internal/tee_reboot -diff -Naur '--exclude=.git' itrustee_tzdriver/tc_ns_client.h itrustee_tzdriver_new/tc_ns_client.h ---- itrustee_tzdriver/tc_ns_client.h 2023-11-24 16:18:53.627641440 +0800 -+++ itrustee_tzdriver_new/tc_ns_client.h 2023-11-24 16:59:38.000000000 +0800 -@@ -210,6 +210,9 @@ +diff -uprN itrustee_tzdriver/modules.order itrustee_tzdriver_new/modules.order +--- itrustee_tzdriver/modules.order 1970-01-01 08:00:00.000000000 +0800 ++++ itrustee_tzdriver_new/modules.order 2024-07-12 10:54:21.957629380 +0800 +@@ -0,0 +1 @@ ++kernel//home/z50040113/target/itrustee_tzdriver/tzdriver.ko +diff -uprN itrustee_tzdriver/tc_ns_client.h itrustee_tzdriver_new/tc_ns_client.h +--- itrustee_tzdriver/tc_ns_client.h 2024-07-12 11:08:59.361629380 +0800 ++++ itrustee_tzdriver_new/tc_ns_client.h 2024-07-12 10:51:32.625629380 +0800 +@@ -230,6 +230,8 @@ struct tc_ns_log_pool { #define TC_NS_CLIENT_IOCTL_GET_TEE_INFO \ - _IOWR(TC_NS_CLIENT_IOC_MAGIC, 26, struct tc_ns_tee_info) - + _IOWR(TC_NS_CLIENT_IOC_MAGIC, 26, struct tc_ns_tee_info) + + +#define TC_NS_CLIENT_IOCTL_SET_VM_FLAG \ + _IOWR(TC_NS_CLIENT_IOC_MAGIC, 27, int) -+ #define TC_NS_CLIENT_IOCTL_CHECK_CCOS \ - _IOWR(TC_NS_CLIENT_IOC_MAGIC, 32, unsigned int) - -diff -Naur '--exclude=.git' itrustee_tzdriver/teek_ns_client.h itrustee_tzdriver_new/teek_ns_client.h ---- itrustee_tzdriver/teek_ns_client.h 2023-11-24 16:18:53.719641440 +0800 -+++ itrustee_tzdriver_new/teek_ns_client.h 2023-11-24 17:00:18.000000000 +0800 -@@ -129,6 +129,9 @@ - int load_app_flag; + _IOWR(TC_NS_CLIENT_IOC_MAGIC, 32, unsigned int) + + +diff -uprN itrustee_tzdriver/teek_ns_client.h itrustee_tzdriver_new/teek_ns_client.h +--- itrustee_tzdriver/teek_ns_client.h 2024-07-12 11:08:59.361629380 +0800 ++++ itrustee_tzdriver_new/teek_ns_client.h 2024-07-12 10:51:32.597629380 +0800 +@@ -129,6 +129,9 @@ struct tc_ns_dev_file { + int load_app_flag; #ifdef CONFIG_CONFIDENTIAL_CONTAINER - uint32_t nsid; + uint32_t nsid; + uint32_t vmpid; + bool isVM; + uint32_t vm_page_size; #endif - struct completion close_comp; /* for kthread close unclosed session */ + struct completion close_comp; /* for kthread close unclosed session */ #ifdef CONFIG_TEE_TELEPORT_SUPPORT -diff -Naur '--exclude=.git' itrustee_tzdriver/tlogger/tlogger.c itrustee_tzdriver_new/tlogger/tlogger.c ---- itrustee_tzdriver/tlogger/tlogger.c 2023-11-24 16:18:54.927641440 +0800 -+++ itrustee_tzdriver_new/tlogger/tlogger.c 2023-11-24 17:03:54.000000000 +0800 +diff -uprN itrustee_tzdriver/tlogger/tlogger.c itrustee_tzdriver_new/tlogger/tlogger.c +--- itrustee_tzdriver/tlogger/tlogger.c 2024-07-12 11:08:59.361629380 +0800 ++++ itrustee_tzdriver_new/tlogger/tlogger.c 2024-07-12 10:51:32.581629380 +0800 @@ -61,6 +61,7 @@ #define SET_TLOGCAT_STAT_BASE 7 #define GET_TLOGCAT_STAT_BASE 8 #define GET_TEE_INFO_BASE 9 +#define SET_VM_FLAG 10 - - /* get tee verison */ + + +/* get tee verison */ #define MAX_TEE_VERSION_LEN 256 @@ -75,6 +76,8 @@ - _IO(LOGGERIOCTL, GET_TLOGCAT_STAT_BASE) + _IO(LOGGERIOCTL, GET_TLOGCAT_STAT_BASE) #define TEELOGGER_GET_TEE_INFO \ - _IOR(LOGGERIOCTL, GET_TEE_INFO_BASE, struct tc_ns_tee_info) + _IOR(LOGGERIOCTL, GET_TEE_INFO_BASE, struct tc_ns_tee_info) +#define TEELOGGER_SET_VM_FLAG \ + _IOR(LOGGERIOCTL, SET_VM_FLAG, int) - - int g_tlogcat_f = 0; - -@@ -515,7 +518,7 @@ + + +int g_tlogcat_f = 0; + + +@@ -515,7 +518,7 @@ void recycle_tlogcat_processes(void) } #endif - + + -static struct tlogger_group *get_tlogger_group(void) +static struct tlogger_group *get_tlogger_group(uint32_t vmpid) { - struct tlogger_group *group = NULL; + struct tlogger_group *group = NULL; #ifdef CONFIG_CONFIDENTIAL_CONTAINER -@@ -524,6 +527,9 @@ - uint32_t nsid = PROC_PID_INIT_INO; +@@ -524,6 +527,9 @@ static struct tlogger_group *get_tlogger + uint32_t nsid = PROC_PID_INIT_INO; #endif - + + + if (vmpid) + nsid = vmpid; + - list_for_each_entry(group, &g_reader_group_list, node) { - if (group->nsid == nsid) - return group; -@@ -596,7 +602,7 @@ - return -ENODEV; - - mutex_lock(&g_reader_group_mutex); + list_for_each_entry(group, &g_reader_group_list, node) { + if (group->nsid == nsid) + return group; +@@ -596,7 +602,7 @@ static int process_tlogger_open(struct i + return -ENODEV; + + +mutex_lock(&g_reader_group_mutex); - group = get_tlogger_group(); + group = get_tlogger_group(0); - if (group == NULL) { - group = kzalloc(sizeof(*group), GFP_KERNEL); - if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)group)) { -@@ -828,6 +834,35 @@ - return 0; + if (group == NULL) { + group = kzalloc(sizeof(*group), GFP_KERNEL); + if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)group)) { +@@ -808,6 +814,35 @@ static int get_teeos_version(uint32_t cm + return 0; } - + + +int set_tlog_vm_flag(struct file *file, uint32_t vmpid) +{ + struct tlogger_reader *reader = NULL; @@ -1194,22 +1232,23 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/tlogger/tlogger.c itrustee_tzdrive +} + static long process_tlogger_ioctl(struct file *file, - unsigned int cmd, unsigned long arg) + unsigned int cmd, unsigned long arg) { -@@ -865,6 +900,9 @@ - case TEELOGGER_GET_TEE_INFO: - ret = tc_ns_get_tee_info(file, (void *)(uintptr_t)arg); - break; +@@ -845,6 +880,9 @@ static long process_tlogger_ioctl(struct + case TEELOGGER_GET_TEE_INFO: + ret = tc_ns_get_tee_info(file, (void *)(uintptr_t)arg); + break; + case TEELOGGER_SET_VM_FLAG: + ret = set_tlog_vm_flag(file, (int)arg); + break; - default: - tloge("ioctl error default\n"); - break; -@@ -1043,11 +1081,13 @@ - - while (next_item && read_off <= read_off_end) { - item_len = next_item->buffer_len + sizeof(*next_item); + default: + tloge("ioctl error default\n"); + break; +@@ -1023,11 +1061,13 @@ static int write_part_log_to_msg(struct + + +while (next_item && read_off <= read_off_end) { + item_len = next_item->buffer_len + sizeof(*next_item); - write_len = kernel_write(filep, next_item->log_buffer, - next_item->real_len, pos); - if (write_len < 0) { @@ -1222,6 +1261,7 @@ diff -Naur '--exclude=.git' itrustee_tzdriver/tlogger/tlogger.c itrustee_tzdrive + tloge("Failed to write last teemsg %zd\n", write_len); + return -1; + } - } - - tlogd("Succeed to Write last teemsg, len=%zd\n", write_len); + } + + +tlogd("Succeed to Write last teemsg, len=%zd\n", write_len); \ No newline at end of file diff --git a/trustzone-awared-vm/Host/qemu.patch b/trustzone-awared-vm/Host/qemu.patch index 50735c87a332f2b03a64c1da315d116f50f7deb6..7459a409be2eab492d5596d685351020bf15d232 100644 --- a/trustzone-awared-vm/Host/qemu.patch +++ b/trustzone-awared-vm/Host/qemu.patch @@ -1,6 +1,6 @@ -diff -Naur '--exclude=.git' qemu/hw/char/tc_ns_client.h qemu_after/hw/char/tc_ns_client.h +diff -ruNp qemu/hw/char/tc_ns_client.h qemu-after/hw/char/tc_ns_client.h --- qemu/hw/char/tc_ns_client.h 1970-01-01 08:00:00.000000000 +0800 -+++ qemu_after/hw/char/tc_ns_client.h 2023-10-23 15:09:10.840630820 +0800 ++++ qemu-after/hw/char/tc_ns_client.h 2024-07-12 17:36:25.179832480 +0800 @@ -0,0 +1,162 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2012-2023. All rights reserved. @@ -164,9 +164,9 @@ diff -Naur '--exclude=.git' qemu/hw/char/tc_ns_client.h qemu_after/hw/char/tc_ns +#endif + + -diff -Naur '--exclude=.git' qemu/hw/char/tee_client_constants.h qemu_after/hw/char/tee_client_constants.h +diff -ruNp qemu/hw/char/tee_client_constants.h qemu-after/hw/char/tee_client_constants.h --- qemu/hw/char/tee_client_constants.h 1970-01-01 08:00:00.000000000 +0800 -+++ qemu_after/hw/char/tee_client_constants.h 2023-10-23 15:09:10.840630820 +0800 ++++ qemu-after/hw/char/tee_client_constants.h 2024-07-12 17:36:25.171832480 +0800 @@ -0,0 +1,126 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2022. All rights reserved. @@ -294,9 +294,9 @@ diff -Naur '--exclude=.git' qemu/hw/char/tee_client_constants.h qemu_after/hw/ch + +#define TEEC_PARAM_NUM 4 /* teec param max number */ +#endif -diff -Naur '--exclude=.git' qemu/hw/char/tee_client_list.h qemu_after/hw/char/tee_client_list.h +diff -ruNp qemu/hw/char/tee_client_list.h qemu-after/hw/char/tee_client_list.h --- qemu/hw/char/tee_client_list.h 1970-01-01 08:00:00.000000000 +0800 -+++ qemu_after/hw/char/tee_client_list.h 2023-10-23 15:09:10.840630820 +0800 ++++ qemu-after/hw/char/tee_client_list.h 2024-07-12 17:36:25.163832480 +0800 @@ -0,0 +1,101 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2021. All rights reserved. @@ -399,9 +399,9 @@ diff -Naur '--exclude=.git' qemu/hw/char/tee_client_list.h qemu_after/hw/char/te +#endif + + -diff -Naur '--exclude=.git' qemu/hw/char/tee_client_type.h qemu_after/hw/char/tee_client_type.h +diff -ruNp qemu/hw/char/tee_client_type.h qemu-after/hw/char/tee_client_type.h --- qemu/hw/char/tee_client_type.h 1970-01-01 08:00:00.000000000 +0800 -+++ qemu_after/hw/char/tee_client_type.h 2023-10-23 15:09:10.840630820 +0800 ++++ qemu-after/hw/char/tee_client_type.h 2024-07-12 17:36:25.155832480 +0800 @@ -0,0 +1,134 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2022. All rights reserved. @@ -537,14 +537,14 @@ diff -Naur '--exclude=.git' qemu/hw/char/tee_client_type.h qemu_after/hw/char/te +#endif + + -diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/virtio-console.c ---- qemu/hw/char/virtio-console.c 2023-10-15 17:28:44.746034090 +0800 -+++ qemu_after/hw/char/virtio-console.c 2023-10-23 15:11:13.312630820 +0800 -@@ -20,6 +20,14 @@ - #include "qapi/error.h" +diff -ruNp qemu/hw/char/virtio-console.c qemu-after/hw/char/virtio-console.c +--- qemu/hw/char/virtio-console.c 2024-07-12 17:36:25.127832480 +0800 ++++ qemu-after/hw/char/virtio-console.c 2024-07-12 17:36:25.151832480 +0800 +@@ -22,6 +22,13 @@ #include "qapi/qapi-events-char.h" - -+#include "qom/object.h" + #include "qom/object.h" + + +#include "hw/core/cpu.h" +#include "sysemu/hw_accel.h" +#include "monitor/monitor.h" @@ -553,12 +553,13 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir +#include "tc_ns_client.h" + #define TYPE_VIRTIO_CONSOLE_SERIAL_PORT "virtserialport" - #define VIRTIO_CONSOLE(obj) \ - OBJECT_CHECK(VirtConsole, (obj), TYPE_VIRTIO_CONSOLE_SERIAL_PORT) -@@ -44,6 +52,133 @@ - virtio_serial_throttle_port(VIRTIO_SERIAL_PORT(vcon), false); + typedef struct VirtConsole VirtConsole; + DECLARE_INSTANCE_CHECKER(VirtConsole, VIRTIO_CONSOLE, +@@ -48,18 +55,327 @@ static gboolean chr_write_unblocked(void return FALSE; } + + +//#define DEBUG 1 + +#ifdef DEBUG @@ -686,10 +687,10 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + uint32_t page_num; + uint32_t frag_flag; +}struct_page_block; - ++ /* Callback function that's called when the guest sends us data */ static ssize_t flush_buf(VirtIOSerialPort *port, -@@ -51,12 +186,193 @@ + const uint8_t *buf, ssize_t len) { VirtConsole *vcon = VIRTIO_CONSOLE(port); ssize_t ret; @@ -707,7 +708,8 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir /* If there's no backend, we can just say we consumed all data. */ return len; } - + + + debug("\n"); + debug("debug, %s, %s, %d \n", __FILE__, __func__, __LINE__); + debug(" virtio-console virtserialport name = %s, id = %d \n", port->name, (int)port->id); @@ -733,7 +735,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + struct_packet_cmd_load_sec* vtzf_packet_cmd = (struct_packet_cmd_load_sec *)buf; + debug(" vtzf_packet_cmd->cliContext.file_buffer = 0x%016lx \n", vtzf_packet_cmd->ioctlArg.fileBuffer); + hwaddr gpa = (uint64_t)vtzf_packet_cmd->ioctlArg.fileBuffer; -+ ptr_hva = gpa2hva(&mr, gpa, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa, 1, &local_err); + if (local_err) { + debug(" gpa2hva failed \n"); + } else { @@ -751,7 +753,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + struct_packet_cmd_regagent* vtzf_packet_cmd = (struct_packet_cmd_regagent *)buf; + debug(" vtzf_packet_cmd->cliContext.file_buffer = 0x%016lx \n", vtzf_packet_cmd->vmaddr); + hwaddr gpa = (uint64_t)vtzf_packet_cmd->vmaddr; -+ ptr_hva = gpa2hva(&mr, gpa, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa, 1, &local_err); + if (local_err) { + debug(" gpa2hva failed \n"); + } else { @@ -773,7 +775,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + vtzf_packet_cmd->cliContext.file_size); + debug(" vtzf_packet_cmd->cliContext.file_buffer = 0x%016lx \n", vtzf_packet_cmd->cliContext.file_buffer); + hwaddr gpa = (uint64_t)vtzf_packet_cmd->cliContext.file_buffer; -+ ptr_hva = gpa2hva(&mr, gpa, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa, 1, &local_err); + if (local_err) { + debug(" gpa2hva failed \n"); + } else { @@ -803,7 +805,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + check_value = (param_type == TEEC_ION_INPUT || param_type == TEEC_ION_SGLIST_INPUT); + if (IS_TEMP_MEM(param_type)) { + gpa_param = (uint64_t)vtzf_packet_cmd->cliContext.params[i].memref.buffer; -+ ptr_hva = gpa2hva(&mr, gpa_param, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa_param, 1, &local_err); + if (local_err) { + debug(" gpa2hva params[%d].memref.buffer failed \n", i); + } else { @@ -815,7 +817,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + } + } else if (IS_PARTIAL_MEM(param_type)) { + gpa_param = (uint64_t)vtzf_packet_cmd->cliContext.params[i].memref.buffer; -+ ptr_hva = gpa2hva(&mr, gpa_param, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa_param, 1, &local_err); + if (local_err) { + debug(" gpa2hva params[%d].memref.buffer failed \n", i); + } else { @@ -840,7 +842,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + for(j = 0; j < fragment_block_num; j++){ + gpa_param = page_block[j].phy_addr; + debug("page_block[%d].phy_addr = %llx\n", j, page_block[j].phy_addr); -+ ptr_hva = gpa2hva(&mr, gpa_param, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa_param, 1, &local_err); + if (local_err) { + debug(" gpa2hva params[%d].memref.buffer failed \n", i); + } else { @@ -863,7 +865,7 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + for(j = 0; j < fragment_block_num; j++){ + gpa_param = page_block[j].phy_addr; + debug("page_block[%d].phy_addr = %llx\n", j, page_block[j].phy_addr); -+ ptr_hva = gpa2hva(&mr, gpa_param, &local_err); ++ ptr_hva = gpa2hva(&mr, gpa_param, 1, &local_err); + if (local_err) { + debug(" gpa2hva params[%d].memref.buffer failed \n", i); + } else { @@ -883,52 +885,4 @@ diff -Naur '--exclude=.git' qemu/hw/char/virtio-console.c qemu_after/hw/char/vir + ret = qemu_chr_fe_write(&vcon->chr, buf, len); trace_virtio_console_flush_buf(port->id, len, ret); - -@@ -304,3 +620,10 @@ - } - - type_init(virtconsole_register_types) -+ -+ -+ -+ -+ -+ -+ -diff -Naur '--exclude=.git' qemu/include/monitor/monitor.h qemu_after/include/monitor/monitor.h ---- qemu/include/monitor/monitor.h 2023-10-15 17:28:44.802034090 +0800 -+++ qemu_after/include/monitor/monitor.h 2023-10-23 15:09:10.840630820 +0800 -@@ -4,6 +4,7 @@ - #include "block/block.h" - #include "qapi/qapi-types-misc.h" - #include "qemu/readline.h" -+#include "exec/hwaddr.h" - - extern __thread Monitor *cur_mon; - typedef struct MonitorHMP MonitorHMP; -@@ -36,6 +37,8 @@ - int monitor_set_cpu(int cpu_index); - int monitor_get_cpu_index(void); - -+void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp); -+ - void monitor_read_command(MonitorHMP *mon, int show_prompt); - int monitor_read_password(MonitorHMP *mon, ReadLineFunc *readline_func, - void *opaque); -@@ -49,3 +52,4 @@ - int64_t monitor_fdset_dup_fd_find(int dup_fd); - - #endif /* MONITOR_H */ -+ -diff -Naur '--exclude=.git' qemu/monitor/misc.c qemu_after/monitor/misc.c ---- qemu/monitor/misc.c 2023-10-15 17:28:44.826034090 +0800 -+++ qemu_after/monitor/misc.c 2023-10-23 15:09:10.840630820 +0800 -@@ -674,7 +674,7 @@ - memory_dump(mon, count, format, size, addr, 1); - } - --static void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp) -+void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp) - { - MemoryRegionSection mrs = memory_region_find(get_system_memory(), - addr, 1); +