Unverified Commit a2c7a5a5 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14056 virtcca feature : security rectification 

Merge Pull Request from: @bob_1211 
 
virtcca feature : security rectification 
 
Link:https://gitee.com/openeuler/kernel/pulls/14056

 

Reviewed-by: default avatarHe Jingxian <hejingxian@huawei.com>
Reviewed-by: default avatarZhang Peng <zhangpeng362@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 8a512be8 64eaac09

arch/arm64/include/asm/kvm_tmi.h

+1 −1
Original line number Diff line number Diff line
@@ -405,7 +405,7 @@ u64 tmi_mmio_unmap(u64 rd, u64 map_addr, u64 level); 
u64 tmi_mmio_write(u64 addr, u64 val, u64 bits, u64 dev_num);

u64 tmi_mmio_read(u64 addr, u64 bits, u64 dev_num);

u64 tmi_dev_delegate(u64 params);

u64 tmi_dev_attach(u64 vdev, u64 rd, u64 smmu_id);

u64 tmi_dev_attach(u64 vdev, u64 rd, u64 smmu_id, u64 smmu_vmid);

u64 tmi_handle_s_evtq(u64 smmu_id);

u64 tmi_smmu_device_reset(u64 params);

u64 tmi_smmu_pcie_core_check(u64 smmu_base);

arch/arm64/include/asm/virtcca_coda.h

+2 −1
Original line number Diff line number Diff line
@@ -24,7 +24,8 @@ 


#define SMMU_DOMAIN_IS_SAME     0x2



int virtcca_attach_secure_dev(struct iommu_domain *domain, struct iommu_group *group);

int virtcca_attach_secure_dev(struct iommu_domain *domain, struct iommu_group *group,

	bool iommu_secure);



u64 virtcca_get_iommu_device_msi_addr(struct iommu_group *iommu_group);

int virtcca_iommu_group_set_dev_msi_addr(struct iommu_group *iommu_group, unsigned long *iova);

arch/arm64/kvm/tmi.c

+3 −2
Original line number Diff line number Diff line
@@ -269,12 +269,13 @@ EXPORT_SYMBOL(tmi_dev_delegate); 
 * @vdev:	Device bdf number

 * @rd:	CVM handle

 * @smmu_id:	SMMU ID

 * @smmu_vmid:	SMMU vmid

 */

u64 tmi_dev_attach(u64 vdev, u64 rd, u64 smmu_id)

u64 tmi_dev_attach(u64 vdev, u64 rd, u64 smmu_id, u64 smmu_vmid)

{

	struct arm_smccc_res res;



	arm_smccc_1_1_smc(TMI_TMM_DEV_ATTACH, vdev, rd, smmu_id, &res);

	arm_smccc_1_1_smc(TMI_TMM_DEV_ATTACH, vdev, rd, smmu_id, smmu_vmid, &res);

	return res.a1;

}

EXPORT_SYMBOL(tmi_dev_attach);

drivers/coda/coda.c

+12 −3
Original line number Diff line number Diff line
@@ -292,7 +292,8 @@ u32 virtcca_tmi_dev_attach(struct arm_smmu_domain *arm_smmu_domain, struct kvm * 
				if (j < i)

					continue;

				ret = tmi_dev_attach(sid, virtcca_cvm->rd,

					arm_smmu_domain->smmu->s_smmu_id);

					arm_smmu_domain->smmu->s_smmu_id,

					arm_smmu_domain->s2_cfg.vmid);

				if (ret) {

					dev_err(arm_smmu_domain->smmu->dev, "CoDA: dev protected failed!\n");

					ret = -ENXIO;
@@ -536,6 +537,7 @@ EXPORT_SYMBOL_GPL(virtcca_secure_dev_operator); 
 * group to confidential virtual machine

 * @domain: The handle of iommu domain

 * @group: Iommu group

 * @iommu_secure : Whether the iommu is secure or not

 *

 * Returns:

 * %0 if attach the all devices success
@@ -543,9 +545,16 @@ EXPORT_SYMBOL_GPL(virtcca_secure_dev_operator); 
 * %-ENOMEM if the device create secure ste failed

 * %-ENOENT if the device does not have fwspec

 */

int virtcca_attach_secure_dev(struct iommu_domain *domain, struct iommu_group *group)

int virtcca_attach_secure_dev(struct iommu_domain *domain, struct iommu_group *group,

	bool iommu_secure)

{

	int ret;

	int ret = 0;



	if (!is_virtcca_cvm_enable())

		return ret;



	if (!iommu_secure)

		return ret;



	ret = iommu_group_for_each_dev(group, (void *)domain, virtcca_secure_dev_operator);

drivers/iommu/arm/arm-smmu-v3/arm-s-smmu-v3.c

+4 −39
Original line number Diff line number Diff line
@@ -248,42 +248,6 @@ static int virtcca_smmu_write_reg_sync(struct arm_smmu_device *smmu, u32 val, 
				       smmu->ioaddr, ack_off, ARM_S_SMMU_REG_32_BIT);

}



/**

 * virtcca_smmu_update_gbpa - Write values to glabal bypass register

 * @smmu: An SMMUv3 instance

 * @set: Number of bits to be set

 * @clr: Number of bits to be clear

 *

 * Returns:

 * %0 update gbpa register success

 */

static int virtcca_smmu_update_gbpa(struct arm_smmu_device *smmu, u32 set, u32 clr)

{

	int ret;

	u32 reg;



	ret = virtcca_cvm_read_poll_timeout_atomic(tmi_smmu_read, reg, !(reg & S_GBPA_UPDATE),

				       1, ARM_SMMU_POLL_TIMEOUT_US, false,

				       smmu->ioaddr, ARM_SMMU_S_GBPA, ARM_S_SMMU_REG_32_BIT);

	if (ret)

		return ret;



	reg &= ~clr;

	reg |= set;



	ret = tmi_smmu_write(smmu->ioaddr, ARM_SMMU_S_GBPA,

		reg | S_GBPA_UPDATE, ARM_S_SMMU_REG_32_BIT);

	if (ret)

		return ret;



	ret = virtcca_cvm_read_poll_timeout_atomic(tmi_smmu_read, reg, !(reg & S_GBPA_UPDATE),

			1, ARM_SMMU_POLL_TIMEOUT_US, false,

			smmu->ioaddr, ARM_SMMU_S_GBPA, ARM_S_SMMU_REG_32_BIT);

	if (ret)

		dev_err(smmu->dev, "S_SMMU: s_gbpa not responding to update\n");

	return ret;

}



/**

 * virtcca_smmu_device_disable - Disable the secure smmu

 * @smmu: An SMMUv3 instance
@@ -721,8 +685,9 @@ void virtcca_smmu_device_init(struct platform_device *pdev, struct arm_smmu_devi 


	rv = rv & ARM_S_SMMU_MASK_UPPER_32_BIT;

	if (rv & S_CR0_SMMUEN) {

		dev_warn(smmu->dev, "S_SMMU: secure smmu currently enabled! resetting...\n");

		virtcca_smmu_update_gbpa(smmu, S_GBPA_ABORT, 0);

		dev_warn(smmu->dev, "S_SMMU: secure smmu does not support hot reset!\n");

		smmu->s_smmu_id = ARM_S_SMMU_INVALID_ID;

		return;

	}



	ret = virtcca_smmu_device_disable(smmu);
@@ -794,7 +759,7 @@ void virtcca_smmu_device_init(struct platform_device *pdev, struct arm_smmu_devi 
	enables |= CR0_EVTQEN;



	/* Secure event queue */

	memset(params_ptr, 0, sizeof(struct tmi_smmu_ste_params));

	memset(params_ptr, 0, sizeof(struct tmi_smmu_cfg_params));

	params_ptr->is_cmd_queue = 0;

	params_ptr->ioaddr = smmu->ioaddr;

	params_ptr->smmu_id = smmu->s_smmu_id;