tf_driver: integrate latest TL release

V9 version for Tegra3: TF_TEGRA3_AB02.02.38127
V9 version for Tegra4: TF_TEGRA4_AC02.01e1.38186

This package is the first release of Trusted Foundations v9
It supports all the features supported by TFv8 (i.e. TF_TEGRA3_AB01.13)
1) Dynamic loading of secure services is supported
2) ARM generic and Tegra specific code are regrouped in HAL driversthat can be repostlinked
3) The fix for imprecise abort observed during Widvine session

bug 969937
bug 969981

Change-Id: I1fd0d0df21ead84fb226ba2e0a6b3cf463472a26
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/147176
GVS: Gerrit_Virtual_Submit
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>

6 files changed, 188 insertions, 5 deletions

diff --git a/security/tf_driver/Makefile b/security/tf_driver/Makefile
index a4fac547e10a..2261b1f99886 100644
--- a/security/tf_driver/Makefile
+++ b/security/tf_driver/Makefile
@@ -21,7 +21,7 @@
 # debug options
 #EXTRA_CFLAGS += -O0 -DDEBUG -D_DEBUG -DCONFIG_TF_DRIVER_DEBUG_SUPPORT
 EXTRA_CFLAGS += -DNDEBUG
-EXTRA_CFLAGS += -DLINUX -DCONFIG_TF_TRUSTZONE -DCONFIG_TFN -DCONFIG_SECURE_TRACES
+EXTRA_CFLAGS += -DLINUX -DCONFIG_TF_TRUSTZONE -DCONFIG_TFN -DCONFIG_SECURE_TRACES -DCONFIG_TF_TEEC
 
 ifdef S_VERSION_BUILD
 EXTRA_CFLAGS += -DS_VERSION_BUILD=$(S_VERSION_BUILD)
diff --git a/security/tf_driver/s_version.h b/security/tf_driver/s_version.h
index 2ed6210cf231..88f3153ba670 100644
--- a/security/tf_driver/s_version.h
+++ b/security/tf_driver/s_version.h
@@ -38,7 +38,7 @@
 /*
  * This version number must be updated for each new release
  */
-#define S_VERSION_MAIN  "01.16"
+#define S_VERSION_MAIN  "02.02"
 
 /*
 * If this is a patch or engineering version use the following
diff --git a/security/tf_driver/tf_conn.c b/security/tf_driver/tf_conn.c
index 3148fec46358..781d2db32eee 100644
--- a/security/tf_driver/tf_conn.c
+++ b/security/tf_driver/tf_conn.c
@@ -36,6 +36,7 @@
 #include "tf_conn.h"
 
 #ifdef CONFIG_TF_ZEBRA
+#include "tf_zebra.h"
 #include "tf_crypto.h"
 #endif
 
@@ -133,6 +134,22 @@ int tf_map_shmem(
 					(void *) buffer,
 					flags);
 
+	/*
+	 * Added temporary to avoid kernel stack buffer
+	 */
+	if (!in_user_space) {
+		if (object_is_on_stack((void *)buffer) != 0) {
+			dprintk(KERN_ERR
+				"tf_map_shmem: "
+				"kernel stack buffers "
+				"(addr=0x%08X) "
+				"are not supported",
+				buffer);
+			error = -ENOSYS;
+			goto error;
+		}
+	}
+
 	mutex_lock(&(connection->shmem_mutex));
 
 	/*
@@ -1234,7 +1251,6 @@ error:
 
 }
 
-
 /*
  * Invokes a client command to the Secure World
  */
@@ -1246,6 +1262,9 @@ int tf_invoke_client_command(
 	int error = 0;
 	struct tf_shmem_desc *shmem_desc[4] = {NULL};
 	int i;
+#ifdef CONFIG_TF_ION
+	struct ion_handle *new_handle = NULL;
+#endif /* CONFIG_TF_ION */
 
 	dprintk(KERN_INFO "tf_invoke_client_command(%p)\n", connection);
 
@@ -1265,8 +1284,9 @@ int tf_invoke_client_command(
 	for (i = 0; i < 4; i++) {
 		int param_type = TF_GET_PARAM_TYPE(
 			command->invoke_client_command.param_types, i);
+
 		if ((param_type & (TF_PARAM_TYPE_MEMREF_FLAG |
-				   TF_PARAM_TYPE_REGISTERED_MEMREF_FLAG))
+					TF_PARAM_TYPE_REGISTERED_MEMREF_FLAG))
 				== TF_PARAM_TYPE_MEMREF_FLAG) {
 			/* A temporary memref: map it */
 			error = tf_map_temp_shmem(connection,
@@ -1281,6 +1301,78 @@ int tf_invoke_client_command(
 				goto error;
 			}
 		}
+#ifdef CONFIG_TF_ION
+		else if (param_type == TF_PARAM_TYPE_MEMREF_ION_HANDLE) {
+			struct tf_command_invoke_client_command *invoke;
+			ion_phys_addr_t ion_addr;
+			size_t ion_len;
+			struct ion_buffer *buffer;
+
+			if (connection->ion_client == NULL) {
+				connection->ion_client = ion_client_create(
+					zebra_ion_device,
+					(1 << ION_HEAP_TYPE_CARVEOUT),
+					"tf");
+			}
+			if (connection->ion_client == NULL) {
+				dprintk(KERN_ERR "%s(%p): "
+					"unable to create ion client\n",
+					__func__, connection);
+				error = -EFAULT;
+				goto error;
+			}
+
+			invoke = &command->invoke_client_command;
+
+			dprintk(KERN_INFO "ion_handle %x",
+				invoke->params[i].value.a);
+			buffer = ion_share(connection->ion_client,
+				(struct ion_handle *)invoke->params[i].value.a);
+			if (buffer == NULL) {
+				dprintk(KERN_ERR "%s(%p): "
+					"unable to share ion handle\n",
+					__func__, connection);
+				error = -EFAULT;
+				goto error;
+			}
+
+			dprintk(KERN_INFO "ion_buffer %p", buffer);
+			new_handle = ion_import(connection->ion_client, buffer);
+			if (new_handle == NULL) {
+				dprintk(KERN_ERR "%s(%p): "
+					"unable to import ion buffer\n",
+					__func__, connection);
+				error = -EFAULT;
+				goto error;
+			}
+
+			dprintk(KERN_INFO "new_handle %x", new_handle);
+			error = ion_phys(connection->ion_client,
+					new_handle,
+					&ion_addr,
+					&ion_len);
+			if (error) {
+				dprintk(KERN_ERR
+				"%s: unable to convert ion handle "
+				"0x%08X (error code 0x%08X)\n",
+				__func__,
+				new_handle,
+				error);
+				error = -EINVAL;
+				goto error;
+			}
+			dprintk(KERN_INFO
+			"%s: handle=0x%08x phys_add=0x%08x length=0x%08x\n",
+			__func__, invoke->params[i].value.a, ion_addr, ion_len);
+
+			invoke->params[i].value.a = (u32) ion_addr;
+			invoke->params[i].value.b = (u32) ion_len;
+
+			invoke->param_types &= ~((0xF) << (4*i));
+			invoke->param_types |=
+				TF_PARAM_TYPE_VALUE_INPUT << (4*i);
+		}
+#endif /* CONFIG_TF_ION */
 	}
 
 	command->invoke_client_command.device_context =
@@ -1290,11 +1382,16 @@ int tf_invoke_client_command(
 		answer, connection, true);
 
 error:
+#ifdef CONFIG_TF_ION
+	if (new_handle != NULL)
+		ion_free(connection->ion_client, new_handle);
+#endif /* CONFIG_TF_ION */
 	/* Unmap de temp mem refs */
 	for (i = 0; i < 4; i++) {
 		if (shmem_desc[i] != NULL) {
 			dprintk(KERN_INFO "tf_invoke_client_command: "
 				"UnMatemp_memref %d\n ", i);
+
 			tf_unmap_shmem(connection, shmem_desc[i], 0);
 		}
 	}
diff --git a/security/tf_driver/tf_defs.h b/security/tf_driver/tf_defs.h
index ac209370c55d..7ec4978c63ef 100644
--- a/security/tf_driver/tf_defs.h
+++ b/security/tf_driver/tf_defs.h
@@ -36,6 +36,11 @@
 
 #include "tf_protocol.h"
 
+#ifdef CONFIG_TF_ION
+#include <linux/ion.h>
+#include <linux/omap_ion.h>
+#endif
+
 /*----------------------------------------------------------------------------*/
 
 #define SIZE_1KB 0x400
@@ -491,6 +496,10 @@ struct tf_connection {
 	/* Lock to protect concurrent accesses to shortcut_list */
 	spinlock_t shortcut_list_lock;
 #endif
+
+#ifdef CONFIG_TF_ION
+	struct ion_client *ion_client;
+#endif
 };
 
 /*----------------------------------------------------------------------------*/
diff --git a/security/tf_driver/tf_device.c b/security/tf_driver/tf_device.c
index 74af4a642e55..1bdf5acb177d 100644
--- a/security/tf_driver/tf_device.c
+++ b/security/tf_driver/tf_device.c
@@ -393,7 +393,7 @@ static int __init tf_device_register(void)
 	}
 
 #ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
-	error = tf_self_test_post_init(&(dev_stats->kobj));
+	error = tf_self_test_post_init(&(g_tf_dev.kobj));
 	/* N.B. error > 0 indicates a POST failure, which will not
 	   prevent the module from loading. */
 	if (error < 0) {
@@ -582,6 +582,78 @@ static long tf_device_ioctl(struct file *file, unsigned int ioctl_num,
 		result = TF_DRIVER_INTERFACE_VERSION;
 		goto exit;
 
+#ifdef CONFIG_TF_ION
+	case IOCTL_TF_ION_REGISTER: {
+		int ion_register;
+		/* ioctl is asking to register an ion handle */
+		if (copy_from_user(&ion_register,
+				(int *) ioctl_param,
+				sizeof(int))) {
+			dprintk(KERN_ERR "tf_device_ioctl(%p): "
+				"copy_from_user failed\n",
+				file);
+			result = -EFAULT;
+			goto exit;
+		}
+
+		connection = tf_conn_from_file(file);
+		BUG_ON(connection == NULL);
+
+		/* Initialize ION connection */
+		if (connection->ion_client == NULL) {
+			connection->ion_client = ion_client_create(
+						zebra_ion_device,
+						(1 << ION_HEAP_TYPE_CARVEOUT),
+						"tf");
+		}
+
+		if (connection->ion_client == NULL) {
+			dprintk(KERN_ERR "tf_device_ioctl(%p): "
+				"unable to create ion client\n",
+				file);
+			result = -EFAULT;
+			goto exit;
+		}
+
+		/*
+		 * TODO: We should use a reference count on this handle in order
+		 * to not unregistered it while using it.
+		 */
+	       return (long)ion_import_fd(connection->ion_client, ion_register);
+	}
+
+	case IOCTL_TF_ION_UNREGISTER: {
+		int ion_register;
+		/* ioctl is asking to unregister an ion handle */
+
+		if (copy_from_user(&ion_register,
+				(int *) ioctl_param,
+				sizeof(int))) {
+			dprintk(KERN_ERR "tf_device_ioctl(%p): "
+				"copy_from_user failed\n",
+				file);
+			result = -EFAULT;
+			goto exit;
+		}
+
+		connection = tf_conn_from_file(file);
+		BUG_ON(connection == NULL);
+
+		if (connection->ion_client == NULL) {
+			dprintk(KERN_ERR "tf_device_ioctl(%p): "
+				"ion client does not exist\n",
+				file);
+			result = -EFAULT;
+			goto exit;
+		}
+
+		ion_free(connection->ion_client,
+			(struct ion_handle *) ion_register);
+
+		return S_SUCCESS;
+	}
+#endif
+
 	case IOCTL_TF_EXCHANGE:
 		/*
 		 * ioctl is asking to perform a message exchange with the Secure
diff --git a/security/tf_driver/tf_protocol.h b/security/tf_driver/tf_protocol.h
index e39842bd6e16..cd2300df6e02 100644
--- a/security/tf_driver/tf_protocol.h
+++ b/security/tf_driver/tf_protocol.h
@@ -238,6 +238,7 @@ union tf_answer_param {
 #define TF_PARAM_TYPE_MEMREF_TEMP_INPUT  0x5
 #define TF_PARAM_TYPE_MEMREF_TEMP_OUTPUT 0x6
 #define TF_PARAM_TYPE_MEMREF_TEMP_INOUT  0x7
+#define TF_PARAM_TYPE_MEMREF_ION_HANDLE  0xB
 #define TF_PARAM_TYPE_MEMREF_INPUT       0xD
 #define TF_PARAM_TYPE_MEMREF_OUTPUT      0xE
 #define TF_PARAM_TYPE_MEMREF_INOUT       0xF
@@ -690,5 +691,9 @@ struct tf_version_information_buffer {
 #define IOCTL_TF_EXCHANGE        _IOWR('z', 1, union tf_command)
 #define IOCTL_TF_GET_DESCRIPTION _IOR('z', 2, \
 	struct tf_version_information_buffer)
+#ifdef CONFIG_TF_ION
+#define IOCTL_TF_ION_REGISTER    _IOR('z', 254, int)
+#define IOCTL_TF_ION_UNREGISTER  _IOR('z', 255, int)
+#endif
 
 #endif  /* !defined(__TF_PROTOCOL_H__) */