[Xen-devel] [PATCH v3 01/11] arm: add generic TEE mediator framework

[Volodymyr Babchuk]

This patch adds basic framework for TEE mediators. Guests can't talk
to TEE directly, we need some entity that will intercept request
and decide what to do with them. "TEE mediator" is a such entity.

This is how it works: user can build XEN with multiple TEE mediators
(see the next patches, where OP-TEE mediator is introduced).
TEE mediator register self with REGISTER_TEE_MEDIATOR() macro in the
same way, as device drivers use DT_DEVICE_START()/DT_DEVICE_END()
macros.
In run-time, during initialization, framework calls probe() function
for each available mediator driver to find which TEE is installed
on the platform. Then generic vSMC handler will call selected mediator
when it intercept SMC/HVC that belongs to TEE OS or TEE application.

Currently TEE mediator is enabled only for Dom0.

Signed-off-by: Volodymyr Babchuk 
---
 Changes from v2:
  - Removed empty tee/Kconfig file

 Changes from v1:
  - Removed tee_remove() function
  - CONFIG_TEE depends on EXPERT
  - tee_domain_created() converted to tee_enable()
  - tee_init() is called using initcall() mechanism
  - tee_handle_smc() renamed to tee_handle_call()

 Changes from "RFC" version:
  - renamed CONFIG_ARM_TEE to CONFIG_TEE
  - changed discovery mechanism: instead of UUID mathing, TEE-specific
 probing is used

 MAINTAINERS   |  6 +++
 xen/arch/arm/Kconfig  |  7 +++
 xen/arch/arm/Makefile |  1 +
 xen/arch/arm/domain.c |  4 ++
 xen/arch/arm/domain_build.c   |  4 ++
 xen/arch/arm/setup.c  |  1 +
 xen/arch/arm/shutdown.c   |  1 +
 xen/arch/arm/tee/Makefile |  1 +
 xen/arch/arm/tee/tee.c| 69 ++
 xen/arch/arm/vsmc.c   |  5 ++
 xen/arch/arm/xen.lds.S|  7 +++
 xen/include/asm-arm/tee/tee.h | 91 +++
 12 files changed, 197 insertions(+)
 create mode 100644 xen/arch/arm/tee/Makefile
 create mode 100644 xen/arch/arm/tee/tee.c
 create mode 100644 xen/include/asm-arm/tee/tee.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 96a0518f49..eac2b40fdf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -376,6 +376,12 @@ F: config/Stubdom.mk.in
 F: m4/stubdom.m4
 F: stubdom/
 
+TEE MEDIATORS
+M: Volodymyr Babchuk 
+S: Supported
+F: xen/arch/arm/tee/
+F: xen/include/asm-arm/tee
+
 TOOLSTACK
 M: Ian Jackson 
 M: Wei Liu 
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 581de67b6b..e527b2f885 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -105,6 +105,13 @@ config HARDEN_BRANCH_PREDICTOR
 
  If unsure, say Y.
 
+config TEE
+   bool "Enable TEE mediators support" if EXPERT = "y"
+   default n
+   help
+ This option enables generic TEE mediators support. It allows guests
+ to access real TEE via one of TEE mediators implemented in XEN.
+
 endmenu
 
 menu "ARM errata workaround via the alternative framework"
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index cb902cb6fe..5c2aa34557 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -5,6 +5,7 @@ subdir-$(CONFIG_ACPI) += acpi
 ifneq ($(CONFIG_NO_PLAT),y)
 subdir-y += platforms
 endif
+subdir-$(CONFIG_TEE) += tee
 
 obj-$(CONFIG_HAS_ALTERNATIVE) += alternative.o
 obj-y += bootfdt.init.o
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 1d926dcb29..11b618515b 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -32,6 +32,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -931,6 +932,9 @@ int domain_relinquish_resources(struct domain *d)
  */
 domain_vpl011_deinit(d);
 
+/* Free TEE mediator resources */
+tee_domain_destroy(d);
+
 d->arch.relmem = RELMEM_xen;
 /* Fallthrough */
 
diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index b0ec3f0b72..39a887b505 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -1962,6 +1963,9 @@ static int __init construct_domain(struct domain *d, 
struct kernel_info *kinfo)
 set_current(saved_current);
 p2m_restore_state(saved_current);
 
+/* Enable TEE */
+tee_enable(d);
+
 memset(regs, 0, sizeof(*regs));
 
 regs->pc = (register_t)kinfo->entry;
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index e83221ab79..cad568d432 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -48,6 +48,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
diff --git a/xen/arch/arm/shutdown.c b/xen/arch/arm/shutdown.c
index b32f07ec0e..30c69506ff 100644
--- a/xen/arch/arm/shutdown.c
+++ b/xen/arch/arm/shutdown.c
@@ -5,6 +5,7 @@
 #include 
 #include 
 #include 
+#include 
 
 static void noreturn halt_this_cpu(void *arg)
 {
diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile
new file mode 100644
index 00..c54d4796ff
--- /dev/null
+++ b/xen/ar

Re: [Xen-devel] [PATCH v3 01/11] arm: add generic TEE mediator framework

[Julien Grall]

Hi Volodymyr,

On 12/18/18 9:11 PM, Volodymyr Babchuk wrote:

This patch adds basic framework for TEE mediators. Guests can't talk
to TEE directly, we need some entity that will intercept request
and decide what to do with them. "TEE mediator" is a such entity.

This is how it works: user can build XEN with multiple TEE mediators
(see the next patches, where OP-TEE mediator is introduced).
TEE mediator register self with REGISTER_TEE_MEDIATOR() macro in the
same way, as device drivers use DT_DEVICE_START()/DT_DEVICE_END()
macros.
In run-time, during initialization, framework calls probe() function
for each available mediator driver to find which TEE is installed
on the platform. Then generic vSMC handler will call selected mediator
when it intercept SMC/HVC that belongs to TEE OS or TEE application.

Currently TEE mediator is enabled only for Dom0.

Signed-off-by: Volodymyr Babchuk 
---
  Changes from v2:
   - Removed empty tee/Kconfig file

  Changes from v1:
   - Removed tee_remove() function
   - CONFIG_TEE depends on EXPERT
   - tee_domain_created() converted to tee_enable()
   - tee_init() is called using initcall() mechanism
   - tee_handle_smc() renamed to tee_handle_call()

  Changes from "RFC" version:
   - renamed CONFIG_ARM_TEE to CONFIG_TEE
   - changed discovery mechanism: instead of UUID mathing, TEE-specific
  probing is used

  MAINTAINERS   |  6 +++
  xen/arch/arm/Kconfig  |  7 +++
  xen/arch/arm/Makefile |  1 +
  xen/arch/arm/domain.c |  4 ++
  xen/arch/arm/domain_build.c   |  4 ++
  xen/arch/arm/setup.c  |  1 +
  xen/arch/arm/shutdown.c   |  1 +
  xen/arch/arm/tee/Makefile |  1 +
  xen/arch/arm/tee/tee.c| 69 ++
  xen/arch/arm/vsmc.c   |  5 ++
  xen/arch/arm/xen.lds.S|  7 +++
  xen/include/asm-arm/tee/tee.h | 91 +++
  12 files changed, 197 insertions(+)
  create mode 100644 xen/arch/arm/tee/Makefile
  create mode 100644 xen/arch/arm/tee/tee.c
  create mode 100644 xen/include/asm-arm/tee/tee.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 96a0518f49..eac2b40fdf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -376,6 +376,12 @@ F: config/Stubdom.mk.in
  F:m4/stubdom.m4
  F:stubdom/
  
+TEE MEDIATORS

+M: Volodymyr Babchuk 
+S: Supported
+F: xen/arch/arm/tee/
+F: xen/include/asm-arm/tee
+
  TOOLSTACK
  M:Ian Jackson 
  M:Wei Liu 
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 581de67b6b..e527b2f885 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -105,6 +105,13 @@ config HARDEN_BRANCH_PREDICTOR
  
  	  If unsure, say Y.
  
+config TEE

+   bool "Enable TEE mediators support" if EXPERT = "y"
+   default n
+   help
+ This option enables generic TEE mediators support. It allows guests
+ to access real TEE via one of TEE mediators implemented in XEN.
+
  endmenu
  
  menu "ARM errata workaround via the alternative framework"

diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index cb902cb6fe..5c2aa34557 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -5,6 +5,7 @@ subdir-$(CONFIG_ACPI) += acpi
  ifneq ($(CONFIG_NO_PLAT),y)
  subdir-y += platforms
  endif
+subdir-$(CONFIG_TEE) += tee
  
  obj-$(CONFIG_HAS_ALTERNATIVE) += alternative.o

  obj-y += bootfdt.init.o
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 1d926dcb29..11b618515b 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -32,6 +32,7 @@
  #include 
  #include 
  #include 
+#include 
  #include 
  #include 
  #include 
@@ -931,6 +932,9 @@ int domain_relinquish_resources(struct domain *d)
   */
  domain_vpl011_deinit(d);
  
+/* Free TEE mediator resources */

+tee_domain_destroy(d);
+


AFAIR, OP-TEE may have a lot of resources attached to it. So I think it 
would be best if we introduce a new RELMEM_* for it and make 
tee_domain_destroy return an int to handle preemption.



  d->arch.relmem = RELMEM_xen;
  /* Fallthrough */
  
diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c

index b0ec3f0b72..39a887b505 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -24,6 +24,7 @@
  #include 
  #include 
  #include 
+#include 
  
  #include 

  #include 
@@ -1962,6 +1963,9 @@ static int __init construct_domain(struct domain *d, 
struct kernel_info *kinfo)
  set_current(saved_current);
  p2m_restore_state(saved_current);
  
+/* Enable TEE */

+tee_enable(d);


Why do you need to call TEE here? This should be done through 
arch_domain_create as for any other domain.



+
  memset(regs, 0, sizeof(*regs));
  
  regs->pc = (register_t)kinfo->entry;

diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index e83221ab79..cad568d432 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -48,6 +48,7 @@
  #include 
  #include 
  #include 
+#inclu