Skip to content

Commit 81a37f5

Browse files
etienne-lmsjforissier
etienne-lms
authored and
jforissier
committed
tee: system session
Adds kernel client API function tee_client_system_session() for a client to request a system service entry in TEE context. This feature is needed to prevent a system deadlock when several TEE client applications invoke TEE, consuming all TEE thread contexts available in the secure world. The deadlock can happen in the OP-TEE driver for example if all these TEE threads issue an RPC call from TEE to Linux OS to access an eMMC RPMB partition (TEE secure storage) which device clock or regulator controller is accessed through an OP-TEE SCMI services. In that case, Linux SCMI driver must reach OP-TEE SCMI service without waiting until one of the consumed TEE threads is freed. Reviewed-by: Sumit Garg <[email protected]> Co-developed-by: Jens Wiklander <[email protected]> Signed-off-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
1 parent f2c6fe7 commit 81a37f5

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

drivers/tee/tee_core.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1170,6 +1170,14 @@ int tee_client_close_session(struct tee_context *ctx, u32 session)
11701170
}
11711171
EXPORT_SYMBOL_GPL(tee_client_close_session);
11721172

1173+
int tee_client_system_session(struct tee_context *ctx, u32 session)
1174+
{
1175+
if (!ctx->teedev->desc->ops->system_session)
1176+
return -EINVAL;
1177+
return ctx->teedev->desc->ops->system_session(ctx, session);
1178+
}
1179+
EXPORT_SYMBOL_GPL(tee_client_system_session);
1180+
11731181
int tee_client_invoke_func(struct tee_context *ctx,
11741182
struct tee_ioctl_invoke_arg *arg,
11751183
struct tee_param *param)

include/linux/tee_drv.h

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ struct tee_param {
8484
* @release: release this open file
8585
* @open_session: open a new session
8686
* @close_session: close a session
87+
* @system_session: declare session as a system session
8788
* @invoke_func: invoke a trusted function
8889
* @cancel_req: request cancel of an ongoing invoke or open
8990
* @supp_recv: called for supplicant to get a command
@@ -100,6 +101,7 @@ struct tee_driver_ops {
100101
struct tee_ioctl_open_session_arg *arg,
101102
struct tee_param *param);
102103
int (*close_session)(struct tee_context *ctx, u32 session);
104+
int (*system_session)(struct tee_context *ctx, u32 session);
103105
int (*invoke_func)(struct tee_context *ctx,
104106
struct tee_ioctl_invoke_arg *arg,
105107
struct tee_param *param);
@@ -429,6 +431,20 @@ int tee_client_open_session(struct tee_context *ctx,
429431
*/
430432
int tee_client_close_session(struct tee_context *ctx, u32 session);
431433

434+
/**
435+
* tee_client_system_session() - Declare session as a system session
436+
* @ctx: TEE Context
437+
* @session: Session id
438+
*
439+
* This function requests TEE to provision an entry context ready to use for
440+
* that session only. The provisioned entry context is used for command
441+
* invocation and session closure, not for command cancelling requests.
442+
* TEE releases the provisioned context upon session closure.
443+
*
444+
* Return < 0 on error else 0 if an entry context has been provisioned.
445+
*/
446+
int tee_client_system_session(struct tee_context *ctx, u32 session);
447+
432448
/**
433449
* tee_client_invoke_func() - Invoke a function in a Trusted Application
434450
* @ctx: TEE Context

0 commit comments

Comments
 (0)