From 1ae45b2dce20d22df54b4d03ecb1c4dc99cbc59f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Tue, 21 Jun 2022 10:11:27 +0800 Subject: [PATCH 1/7] modify tzdriver README Signed-off-by: YuanHao --- README.md | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index a277830..37198d0 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,14 @@ -iTrustee OS tzdriver -介绍 +# iTrustee OS tzdriver # +### 介绍 ### iTrustee OS 非安全侧driver,支持与iTrustee OS通信 -环境准备 - 1)准备一台ARM服务器,比如鲲鹏920 - 2)下载kernel代码 - 3)下载libboundscheck库,下载地址https://gitee.com/openeuler/libboundscheck -编译教程 - 1)解压libboundscheck,放到源码目录,结构如下: - +### 环境准备 ### + 1.准备一台ARM服务器,比如鲲鹏920 + 2.下载kernel代码 + 3.下载libboundscheck库,下载地址https://gitee.com/openeuler/libboundscheck +### 编译教程 ### + 1.解压libboundscheck,放到源码目录,结构如下: +``` |--Makefile |--core |--...... @@ -16,12 +16,13 @@ iTrustee OS 非安全侧driver,支持与iTrustee OS通信 |--src |--include |--Makefile - 2)cd xxx(driver 源码路径) - 3)make -C libboundscheck - 4)make +``` + 2.cd xxx(driver 源码路径) + 3.make -C libboundscheck + 4.make 编译出tzdriver.ko文件 -使用说明 - 1)确保ARM 服务器已经运行iTrustee OS - 2)使用root用户,执行insmod tzdriver.ko - 3)使用root用户,执行/usr/bin/teecd& - 4)运行测试CA 和TA +### 使用说明 ### + 1.确保ARM 服务器已经运行iTrustee OS + 2.使用root用户,执行insmod tzdriver.ko + 3.使用root用户,执行/usr/bin/teecd& + 4.运行测试CA 和TA -- Gitee From 170a2d4f668289cc4a574b8124fb6e1b5d1312fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:11:44 +0800 Subject: [PATCH 2/7] mailbox bugfix Signed-off-by: YuanHao --- core/mailbox_mempool.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/core/mailbox_mempool.c b/core/mailbox_mempool.c index 078206d..0d844d9 100644 --- a/core/mailbox_mempool.c +++ b/core/mailbox_mempool.c @@ -340,6 +340,7 @@ static struct dentry *g_mb_dbg_dentry; static unsigned int mb_dbg_add_entry(void *ptr) { struct mb_dbg_entry *new_entry = NULL; + unsigned int index = 0; new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL); if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)new_entry)) { @@ -355,9 +356,10 @@ static unsigned int mb_dbg_add_entry(void *ptr) if ((g_mb_dbg_entry_count++) == 0) g_mb_dbg_entry_count++; list_add_tail(&new_entry->node, &mb_dbg_list); + index = new_entry->idx; mutex_unlock(&mb_dbg_lock); - return new_entry->idx; + return index; } static void mb_dbg_remove_entry(unsigned int idx) @@ -556,6 +558,15 @@ free_smc_cmd: return ret; } +static void mailbox_debug_init(void) +{ + g_mb_dbg_dentry = debugfs_create_dir("tz_mailbox", NULL); +#ifdef DEF_ENG + debugfs_create_file("opt", OPT_MODE, g_mb_dbg_dentry, NULL, &g_mb_dbg_opt_fops); +#endif + debugfs_create_file("state", STATE_MODE, g_mb_dbg_dentry, NULL, &g_mb_dbg_state_fops); +} + int mailbox_mempool_init(void) { int i; @@ -609,11 +620,7 @@ int mailbox_mempool_init(void) list_add_tail(&mb_page->node, &area->page_list); g_m_zone->all_pages = all_pages; mutex_init(&g_mb_lock); - g_mb_dbg_dentry = debugfs_create_dir("tz_mailbox", NULL); - debugfs_create_file("opt", OPT_MODE, g_mb_dbg_dentry, NULL, - &g_mb_dbg_opt_fops); - debugfs_create_file("state", STATE_MODE, g_mb_dbg_dentry, NULL, - &g_mb_dbg_state_fops); + mailbox_debug_init(); return 0; } -- Gitee From bb15b721ae8da619190642fc82ae34830a025f3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:13:31 +0800 Subject: [PATCH 3/7] add invalid addr def Signed-off-by: YuanHao --- teek_ns_client.h | 1 + 1 file changed, 1 insertion(+) diff --git a/teek_ns_client.h b/teek_ns_client.h index b9271e8..86990ab 100644 --- a/teek_ns_client.h +++ b/teek_ns_client.h @@ -63,6 +63,7 @@ struct tc_uuid { uint8_t clockseq_and_node[8]; /* clock len is 8 */ }; +#define INVALID_MAP_ADDR ((void*)-1) struct tc_ns_shared_mem { void *kernel_addr; void *user_addr; -- Gitee From 0a873adbbcc6c95c933eb310655209864bc19229 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:17:56 +0800 Subject: [PATCH 4/7] bugfix for invalid length Signed-off-by: YuanHao --- core/tc_client_driver.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index a429855..4b05d02 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -155,16 +155,18 @@ static int tc_ns_get_tee_version(const struct tc_ns_dev_file *dev_file, static int get_pack_name_len(struct tc_ns_dev_file *dev_file, const uint8_t *cert_buffer) { - if (memcpy_s(&dev_file->pkg_name_len, sizeof(dev_file->pkg_name_len), - cert_buffer, sizeof(dev_file->pkg_name_len))) + uint32_t tmp_len = 0; + + dev_file->pkg_name_len = 0; + if (memcpy_s(&tmp_len, sizeof(tmp_len), cert_buffer, sizeof(tmp_len))) return -EFAULT; - if (!dev_file->pkg_name_len || - dev_file->pkg_name_len >= MAX_PACKAGE_NAME_LEN) { - tloge("invalid pack name len: %u\n", dev_file->pkg_name_len); + if (tmp_len == 0 || tmp_len >= MAX_PACKAGE_NAME_LEN) { + tloge("invalid pack name len: %u\n", tmp_len); return -EINVAL; } + dev_file->pkg_name_len = tmp_len; tlogd("package name len is %u\n", dev_file->pkg_name_len); return 0; @@ -173,15 +175,18 @@ static int get_pack_name_len(struct tc_ns_dev_file *dev_file, static int get_public_key_len(struct tc_ns_dev_file *dev_file, const uint8_t *cert_buffer) { - if (memcpy_s(&dev_file->pub_key_len, sizeof(dev_file->pub_key_len), - cert_buffer, sizeof(dev_file->pub_key_len))) + uint32_t tmp_len = 0; + + dev_file->pub_key_len = 0; + if (memcpy_s(&tmp_len, sizeof(tmp_len), cert_buffer, sizeof(tmp_len))) return -EFAULT; - if (dev_file->pub_key_len > MAX_PUBKEY_LEN) { - tloge("invalid public key len: %u\n", dev_file->pub_key_len); + if (tmp_len > MAX_PUBKEY_LEN) { + tloge("invalid public key len: %u\n", tmp_len); return -EINVAL; } + dev_file->pub_key_len = tmp_len; tlogd("publick key len is %u\n", dev_file->pub_key_len); return 0; -- Gitee From 3ada118f6818bd86592a9ac3df59b73e810a3df0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:22:01 +0800 Subject: [PATCH 5/7] bugfix for map unmap Signed-off-by: YuanHao --- core/mem.c | 6 +++--- core/tc_client_driver.c | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/core/mem.c b/core/mem.c index 45ee168..1e2034b 100644 --- a/core/mem.c +++ b/core/mem.c @@ -71,8 +71,8 @@ struct tc_ns_shared_mem *tc_mem_allocate(size_t len) } shared_mem->kernel_addr = addr; shared_mem->len = len; - shared_mem->user_addr = NULL; - shared_mem->user_addr_ca = NULL; + shared_mem->user_addr = INVALID_MAP_ADDR; + shared_mem->user_addr_ca = INVALID_MAP_ADDR; atomic_set(&shared_mem->usage, 0); return shared_mem; -} \ No newline at end of file +} diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 4b05d02..3c61e20 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -419,16 +419,16 @@ static void release_vma_shared_mem(struct tc_ns_dev_file *dev_file, if (shared_mem) { if (shared_mem->user_addr == (void *)(uintptr_t)vma->vm_start) { - shared_mem->user_addr = NULL; + shared_mem->user_addr = INVALID_MAP_ADDR; find = true; } else if (shared_mem->user_addr_ca == (void *)(uintptr_t)vma->vm_start) { - shared_mem->user_addr_ca = NULL; + shared_mem->user_addr_ca = INVALID_MAP_ADDR; find = true; } - if (!shared_mem->user_addr && - !shared_mem->user_addr_ca) + if ((shared_mem->user_addr == INVALID_MAP_ADDR) && + (shared_mem->user_addr_ca == INVALID_MAP_ADDR)) list_del(&shared_mem->head); /* pair with tc client mmap */ @@ -490,8 +490,8 @@ static struct tc_ns_shared_mem *find_sharedmem( * 1. this shared mem is already mapped * 2. remap a different size shared_mem */ - if (shm_tmp->user_addr_ca || - vma->vm_end - vma->vm_start != shm_tmp->len) { + if ((shm_tmp->user_addr_ca != INVALID_MAP_ADDR) || + (vma->vm_end - vma->vm_start != shm_tmp->len)) { tloge("already remap once!\n"); return NULL; } -- Gitee From 31338a6f60a59d567252231d3df3ae7b9ad63b0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:27:01 +0800 Subject: [PATCH 6/7] modify reuse agent node Signed-off-by: YuanHao --- core/agent.c | 36 ++++++++++-------------------------- core/agent.h | 2 -- core/tc_client_driver.c | 1 - 3 files changed, 10 insertions(+), 29 deletions(-) diff --git a/core/agent.c b/core/agent.c index dd1b3cc..4f5f0d9 100644 --- a/core/agent.c +++ b/core/agent.c @@ -702,7 +702,6 @@ static void init_restart_agent_node(struct tc_ns_dev_file *dev_file, tloge("agent: 0x%x restarting\n", event_data->agent_id); event_data->ret_flag = 0; event_data->owner = dev_file; - event_data->pid = current->tgid; atomic_set(&event_data->agent_ready, AGENT_REGISTERED); init_waitqueue_head(&(event_data->wait_event_wq)); init_waitqueue_head(&(event_data->send_response_wq)); @@ -732,7 +731,6 @@ static int create_new_agent_node(struct tc_ns_dev_file *dev_file, (*event_data)->agent_buff_kernel = *agent_buff; (*event_data)->agent_buff_size = agent_buff_size; (*event_data)->owner = dev_file; - (*event_data)->pid = current->tgid; atomic_set(&(*event_data)->agent_ready, AGENT_REGISTERED); init_waitqueue_head(&(*event_data)->wait_event_wq); init_waitqueue_head(&(*event_data)->send_response_wq); @@ -808,21 +806,8 @@ static bool is_valid_agent(unsigned int agent_id, return true; } -void clean_agent_pid_info(struct tc_ns_dev_file *dev_file) -{ - struct smc_event_data *agent_node = NULL; - unsigned long flags; - - spin_lock_irqsave(&g_agent_control.lock, flags); - list_for_each_entry(agent_node, &g_agent_control.agent_list, head) { - if (agent_node->owner == dev_file) - agent_node->pid = 0; - } - spin_unlock_irqrestore(&g_agent_control.lock, flags); -} - -static int is_agent_already_exist(unsigned int agent_id, - struct smc_event_data **event_data, bool *find_flag) +static int reuse_agent_node(unsigned int agent_id, + struct smc_event_data **event_data, struct tc_ns_dev_file *dev_file, bool *find_flag) { unsigned long flags; bool flag = false; @@ -831,13 +816,18 @@ static int is_agent_already_exist(unsigned int agent_id, spin_lock_irqsave(&g_agent_control.lock, flags); list_for_each_entry(agent_node, &g_agent_control.agent_list, head) { if (agent_node->agent_id == agent_id) { - if (agent_node->pid == current->tgid) { + if (atomic_read(&agent_node->agent_ready) != AGENT_CRASHED) { tloge("no allow agent proc to reg twice\n"); spin_unlock_irqrestore(&g_agent_control.lock, flags); return -EINVAL; } flag = true; get_agent_event(agent_node); + /* + * We find agent event_data already in agent list, it indicate agent + * didn't unregister normally, so the event_data will be reused. + */ + init_restart_agent_node(dev_file, agent_node); break; } } @@ -934,15 +924,9 @@ int tc_ns_register_agent(struct tc_ns_dev_file *dev_file, size_align = ALIGN(buffer_size, SZ_4K); - if (is_agent_already_exist(agent_id, &event_data, &find_flag)) + if (reuse_agent_node(agent_id, &event_data, dev_file, &find_flag)) return ret; - /* - * We find the agent event_data aready in agent_list, it indicate agent - * didn't unregister normally, so the event_data will be reused. - */ - if (find_flag) { - init_restart_agent_node(dev_file, event_data); - } else { + if (!find_flag) { ret = create_new_agent_node(dev_file, &event_data, agent_id, &agent_buff, size_align); if (ret) diff --git a/core/agent.h b/core/agent.h index 209016b..1e88b3b 100644 --- a/core/agent.h +++ b/core/agent.h @@ -52,7 +52,6 @@ struct smc_event_data { struct list_head head; struct tc_ns_smc_cmd cmd; struct tc_ns_dev_file *owner; - pid_t pid; void *agent_buff_kernel; void *agent_buff_user; /* used for unmap */ unsigned int agent_buff_size; @@ -117,6 +116,5 @@ int tee_agent_kernel_register(struct tee_agent_kernel_ops *new_agent); bool is_system_agent(const struct tc_ns_dev_file *dev_file); void tee_agent_clear_dev_owner(const struct tc_ns_dev_file *dev_file); char *get_proc_dpath(char *path, int path_len); -void clean_agent_pid_info(struct tc_ns_dev_file *dev_file); #endif diff --git a/core/tc_client_driver.c b/core/tc_client_driver.c index 3c61e20..d805d5e 100644 --- a/core/tc_client_driver.c +++ b/core/tc_client_driver.c @@ -794,7 +794,6 @@ static int tc_client_close(struct inode *inode, struct file *file) int ret = 0; struct tc_ns_dev_file *dev = file->private_data; - clean_agent_pid_info(dev); if (g_teecd_task == current->group_leader && !tc_ns_get_uid()) { /* for teecd close fd */ if ((g_teecd_task->flags & PF_EXITING) || -- Gitee From 3dac1d30c48661d6c45a4a57311adfa7cf3fee33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B5=A9?= Date: Sun, 7 Aug 2022 16:29:28 +0800 Subject: [PATCH 7/7] clear context param after open session Signed-off-by: YuanHao --- core/session_manager.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/core/session_manager.c b/core/session_manager.c index 0fae3e8..87fa709 100644 --- a/core/session_manager.c +++ b/core/session_manager.c @@ -915,6 +915,14 @@ void free_session_token_buf(struct tc_ns_session *session) #endif } +static void clear_context_param(struct tc_ns_client_context *context) +{ + context->params[2].memref.size_addr = 0; + context->params[2].memref.buffer = 0; + context->params[3].memref.size_addr = 0; + context->params[3].memref.buffer = 0; +} + int tc_ns_open_session(struct tc_ns_dev_file *dev_file, struct tc_ns_client_context *context) { @@ -930,14 +938,15 @@ int tc_ns_open_session(struct tc_ns_dev_file *dev_file, ret = check_login_method(dev_file, context, &flags); if (ret) - return ret; + goto clear_param; context->cmd_id = GLOBAL_CMD_ID_OPEN_SESSION; service = find_service(dev_file, context); if (!service) { tloge("find service failed\n"); - return -ENOMEM; + ret = -ENOMEM; + goto clear_param; } session = kzalloc(sizeof(*session), GFP_KERNEL); @@ -946,13 +955,14 @@ int tc_ns_open_session(struct tc_ns_dev_file *dev_file, mutex_lock(&dev_file->service_lock); del_service_from_dev(dev_file, service); mutex_unlock(&dev_file->service_lock); - return -ENOMEM; + ret = -ENOMEM; + goto clear_param; } mutex_init(&session->ta_session_lock); ret = proc_open_session(dev_file, context, service, session, flags); if (!ret) - return ret; + goto clear_param; free_session_token_buf(session); mutex_lock(&dev_file->service_lock); @@ -960,6 +970,8 @@ int tc_ns_open_session(struct tc_ns_dev_file *dev_file, mutex_unlock(&dev_file->service_lock); kfree(session); +clear_param: + clear_context_param(context); return ret; } -- Gitee