Merge 5c778942e710c5927a4172ee167e9bc88fc8d5c0 on remote branch

Change-Id: I5a60eb3e28bf80c581a2e1ad6c000d348c094e95

hdcp/hdcp_smcinvoke.c

@@ -3,9 +3,8 @@
  * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
-#include <include/linux/smcinvoke.h>
+#include "smcinvoke_object.h"
 #include <include/linux/IClientEnv.h>
-#include <include/linux/smcinvoke_object.h>
 #include <include/smci/uid/CAppClient.h>
 #include <include/smci/uid/CAppLoader.h>
 #include <include/smci/interface/IAppClient.h>

qseecom/qseecom.c

@@ -424,7 +424,7 @@ struct qseecom_client_handle {
 
 struct qseecom_listener_handle {
 	u32               id;
-	bool              unregister_pending;
+	bool              register_pending;
 	bool              release_called;
 };
 
@@ -1562,6 +1562,11 @@ static int qseecom_register_listener(struct qseecom_dev_handle *data,
 	struct qseecom_registered_listener_list *new_entry;
 	struct qseecom_registered_listener_list *ptr_svc;
 
+	if (data->listener.register_pending) {
+		pr_err("Already a listner registration is in process on this FD\n");
+		return -EINVAL;
+	}
+
 	ret = copy_from_user(&rcvd_lstnr, argp, sizeof(rcvd_lstnr));
 	if (ret) {
 		pr_err("copy_from_user failed\n");
@@ -1571,6 +1576,12 @@ static int qseecom_register_listener(struct qseecom_dev_handle *data,
 			rcvd_lstnr.sb_size))
 		return -EFAULT;
 
+	ptr_svc = __qseecom_find_svc(data->listener.id);
+	if (ptr_svc) {
+		pr_err("Already a listener registered on this data: lid=%d\n", data->listener.id);
+		return -EINVAL;
+	}
+
 	ptr_svc = __qseecom_find_svc(rcvd_lstnr.listener_id);
 	if (ptr_svc) {
 		if (!ptr_svc->unregister_pending) {
@@ -1614,13 +1625,16 @@ static int qseecom_register_listener(struct qseecom_dev_handle *data,
 	new_entry->svc.listener_id = rcvd_lstnr.listener_id;
 	new_entry->sb_length = rcvd_lstnr.sb_size;
 	new_entry->user_virt_sb_base = rcvd_lstnr.virt_sb_base;
+	data->listener.register_pending = true;
 	if (__qseecom_set_sb_memory(new_entry, data, &rcvd_lstnr)) {
 		pr_err("qseecom_set_sb_memory failed for listener %d, size %d\n",
 				rcvd_lstnr.listener_id, rcvd_lstnr.sb_size);
 		__qseecom_free_tzbuf(&new_entry->sglistinfo_shm);
 		kfree_sensitive(new_entry);
+		data->listener.register_pending = false;
 		return -ENOMEM;
 	}
+	data->listener.register_pending = false;
 
 	init_waitqueue_head(&new_entry->rcv_req_wq);
 	init_waitqueue_head(&new_entry->listener_block_app_wq);
@@ -3118,7 +3132,7 @@ static int qseecom_unload_app(struct qseecom_dev_handle *data,
 
 	ret = __qseecom_cleanup_app(data);
 	if (ret && !app_crash) {
-		pr_err("cleanup app failed, pending ioctl:%d\n", data->ioctl_count);
+		pr_err("cleanup app failed, pending ioctl:%d\n", data->ioctl_count.counter);
 		return ret;
 	}
 
@@ -9542,19 +9556,19 @@ static int qseecom_register_heap_shmbridge(struct platform_device *pdev,
 
 	node = of_parse_phandle(pdev->dev.of_node, heap_mem_region_name, 0);
 	if (!node) {
-		pr_err("unable to parse memory-region of heap %d\n", heap_mem_region_name);
+		pr_err("unable to parse memory-region of heap %s\n", heap_mem_region_name);
 		return -EINVAL;
 	}
 	rmem = of_reserved_mem_lookup(node);
 	if (!rmem) {
-		pr_err("unable to acquire memory-region of heap %d\n", heap_mem_region_name);
+		pr_err("unable to acquire memory-region of heap %s\n", heap_mem_region_name);
 		return -EINVAL;
 	}
 
 	heap_pa = rmem->base;
 	heap_size = (size_t)rmem->size;
 
-	pr_debug("get heap %d info: shmbridge created\n", heap_mem_region_name);
+	pr_debug("get heap %s info: shmbridge created\n", heap_mem_region_name);
 	return qtee_shmbridge_register(heap_pa,
 			heap_size, ns_vmids, ns_vm_perms, 1,
 			PERM_READ | PERM_WRITE, handle);

securemsm_kernel_vendor_board.mk

@@ -22,7 +22,6 @@ BOARD_VENDOR_RAMDISK_KERNEL_MODULES += $(KERNEL_MODULES_OUT)/hdcp_qseecom_dlkm.k
 ifeq ($(TARGET_USES_SMMU_PROXY), true)
 BOARD_VENDOR_KERNEL_MODULES += $(KERNEL_MODULES_OUT)/smmu_proxy_dlkm.ko
 endif
-endif #ENABLE_SECUREMSM_DLKM
 
 ifeq ($(ENABLE_SECUREMSM_QTEE_DLKM), true)
 
@@ -40,3 +39,4 @@ BOARD_VENDOR_RAMDISK_KERNEL_MODULES += $(KERNEL_MODULES_OUT)/qseecom_dlkm.ko
 BOARD_VENDOR_RAMDISK_RECOVERY_KERNEL_MODULES_LOAD += $(KERNEL_MODULES_OUT)/qseecom_dlkm.ko
 
 endif #ENABLE_SECUREMSM_QTEE_DLKM
+endif #ENABLE_SECUREMSM_DLKM

smcinvoke/smcinvoke.c

@@ -538,7 +538,7 @@ static void smcinvoke_shmbridge_post_process(void)
 			do {
 				ret = qtee_shmbridge_deregister(handle);
 				if (unlikely(ret)) {
-					pr_err_ratelimited("SHM failed: ret:%d ptr:0x%x h:%#llx\n",
+					pr_err_ratelimited("SHM failed: ret:%d ptr:0x%p h:%#llx\n",
 							ret,
 							dmabuf_to_free,
 							handle);
@@ -831,10 +831,10 @@ static inline void free_mem_obj_locked(struct smcinvoke_mem_obj *mem_obj)
 	if (shmbridge_handle)
 		ret = qtee_shmbridge_deregister(shmbridge_handle);
 	if (ret) {
-		pr_err("Error:%d delete bridge failed leaking memory 0x%x\n",
+		pr_err("Error:%d delete bridge failed leaking memory 0x%p\n",
 				ret, dmabuf_to_free);
 		if (ret == -EBUSY) {
-			pr_err("EBUSY: we postpone it 0x%x\n",
+			pr_err("EBUSY: we postpone it 0x%p\n",
 					dmabuf_to_free);
 			entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 			if (entry) {
@@ -1193,7 +1193,7 @@ static int32_t smcinvoke_map_mem_region_locked(struct smcinvoke_mem_obj* mem_obj
 
 		sgt = dma_buf_map_attachment(buf_attach, DMA_BIDIRECTIONAL);
 		if (IS_ERR(sgt)) {
-			pr_err("mapping dma buffers failed, ret: %d\n",
+			pr_err("mapping dma buffers failed, ret: %ld\n",
 					PTR_ERR(sgt));
 			ret = OBJECT_ERROR_KMEM;
 			goto out;
@@ -1614,7 +1614,7 @@ static void process_tzcb_req(void *buf, size_t buf_len, struct file **arr_filp)
 	uint16_t server_id = 0;
 
 	if (buf_len < sizeof(struct smcinvoke_tzcb_req)) {
-		pr_err("smaller buffer length : %u\n", buf_len);
+		pr_err("smaller buffer length : %zu\n", buf_len);
 		return;
 	}
 
@@ -1890,6 +1890,59 @@ static bool is_inbound_req(int val)
 		val == QSEOS_RESULT_BLOCKED_ON_LISTENER);
 }
 
+static void process_piggyback_cb_data(uint8_t *outbuf, size_t buf_len)
+{
+	struct smcinvoke_tzcb_req *msg = NULL;
+	uint32_t max_offset = 0;
+	uint32_t buffer_size_max_offset = 0;
+	void *piggyback_buf = NULL;
+	size_t piggyback_buf_size;
+	size_t piggyback_offset = 0;
+	int i = 0;
+
+	if (outbuf == NULL) {
+		pr_err("%s: outbuf is NULL\n", __func__);
+		return;
+	}
+
+	msg = (void *) outbuf;
+	if ((buf_len < msg->args[0].b.offset) ||
+		(buf_len - msg->args[0].b.offset < msg->args[0].b.size)) {
+		pr_err("%s: invalid scenario\n", __func__);
+		return;
+	}
+
+	FOR_ARGS(i, msg->hdr.counts, BI)
+	{
+		if (msg->args[i].b.offset > max_offset) {
+			max_offset = msg->args[i].b.offset;
+			buffer_size_max_offset = msg->args[i].b.size;
+		}
+	}
+
+	FOR_ARGS(i, msg->hdr.counts, BO)
+	{
+		if (msg->args[i].b.offset > max_offset) {
+			max_offset = msg->args[i].b.offset;
+			buffer_size_max_offset = msg->args[i].b.size;
+		}
+	}
+
+	//Take out the offset after BI and BO objects end
+	if (max_offset)
+		piggyback_offset = max_offset + buffer_size_max_offset;
+	else
+		piggyback_offset = TZCB_BUF_OFFSET(msg);
+
+	piggyback_offset = size_align(piggyback_offset, SMCINVOKE_ARGS_ALIGN_SIZE);
+
+	// Jump to piggy back data offset
+	piggyback_buf = (uint8_t *)msg + piggyback_offset;
+	piggyback_buf_size = g_max_cb_buf_size - piggyback_offset;
+
+	process_piggyback_data(piggyback_buf, piggyback_buf_size);
+}
+
 static int prepare_send_scm_msg(const uint8_t *in_buf, phys_addr_t in_paddr,
 		size_t in_buf_len,
 		uint8_t *out_buf, phys_addr_t out_paddr,
@@ -1969,6 +2022,7 @@ static int prepare_send_scm_msg(const uint8_t *in_buf, phys_addr_t in_paddr,
 
 		if (response_type == SMCINVOKE_RESULT_INBOUND_REQ_NEEDED) {
 			trace_status(__func__, "looks like inbnd req reqd");
+			process_piggyback_cb_data(out_buf, out_buf_len);
 			process_tzcb_req(out_buf, out_buf_len, arr_filp);
 			cmd = SMCINVOKE_CB_RSP_CMD;
 		}
@@ -2413,7 +2467,7 @@ static void add_mem_obj_info_to_async_side_channel_locked(void *buf, size_t buf_
 
 	msg->count = index;
 
-	pr_debug("Added %d memory objects to the side channel, total size = %d\n", index, used);
+	pr_debug("Added %lu memory objects to the side channel, total size = %zu\n", index, used);
 
 	return;
 }
@@ -2592,7 +2646,7 @@ static long process_accept_req(struct file *filp, unsigned int cmd,
 		 * new cb requests.
 		 */
 		if (!cb_txn) {
-			pr_err_ratelimited("%s txn %d either invalid or removed from Q\n",
+			pr_err_ratelimited("%s txn %llu either invalid or removed from Q\n",
 					__func__, user_args.txn_id);
 			goto start_waiting_for_requests;
 		}
@@ -3043,7 +3097,7 @@ int smcinvoke_release_filp(struct file *filp)
 		mutex_lock(&object_postprocess_lock);
 		list_add_tail(&entry->list, &g_object_postprocess);
 		mutex_unlock(&object_postprocess_lock);
-		pr_debug("Object release list: added a handle:0x%lx\n", tzhandle);
+		pr_debug("Object release list: added a handle:%u\n", tzhandle);
 		__wakeup_postprocess_kthread(&smcinvoke[OBJECT_WORKER_THREAD]);
 	}
 

smcinvoke/smcinvoke_kernel.c

@@ -254,7 +254,7 @@ static int invoke_over_smcinvoke(void *cxt,
 			struct smcinvoke_obj obj = argptr[i].o;
 
 			if (obj.fd >= 0) {
-				pr_err("Close OO[%zu].fd = %d\n", i, obj.fd);
+				pr_err("Close OO[%zu].fd = %lld\n", i, obj.fd);
 				close_fd(obj.fd);
 			}
 		}
@@ -383,7 +383,7 @@ static int __qseecom_start_app(struct qseecom_handle **handle,
 	int ret = 0;
 	struct qseecom_compat_context *cxt = NULL;
 
-	pr_warn("%s, start app %s, size %zu\n",
+	pr_warn("%s, start app %s, size %u\n",
 		__func__, app_name, size);
 	if (app_name == NULL || handle == NULL) {
 		pr_err("app_name is null or invalid handle\n");
@@ -478,7 +478,7 @@ static int __qseecom_send_command(struct qseecom_handle *handle, void *send_buf,
 		__func__, sbuf_len, rbuf_len);
 
 	if (!handle || !send_buf || !resp_buf || !sbuf_len || !rbuf_len) {
-		pr_err("One of params is invalid. %s, handle %x, send_buf %x,resp_buf %x,sbuf_len %u, rbuf_len %u\n",
+		pr_err("One of params is invalid. %s, handle %p, send_buf %p,resp_buf %p,sbuf_len %u, rbuf_len %u\n",
 			 __func__, handle, send_buf, resp_buf, sbuf_len, rbuf_len);
 		return -EINVAL;
 	}

smcinvoke/trace_smcinvoke.h

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 /*
  * Copyright (c) 2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #undef TRACE_SYSTEM
@@ -60,7 +61,7 @@ TRACE_EVENT(invoke_cmd_handler,
 		__entry->ret		= ret;
 		__entry->cmd		= cmd;
 	),
-	TP_printk("cmd=0x%x (%d), response_type=%ld, result=0x%x (%d), ret=%d",
+	TP_printk("cmd=0x%x (%d), response_type=%llu, result=0x%x (%d), ret=%d",
 			__entry->cmd, __entry->cmd, __entry->response_type,
 			__entry->result, __entry->result, __entry->ret)
 );
@@ -166,7 +167,7 @@ TRACE_EVENT(prepare_send_scm_msg,
 		__entry->response_type	= response_type;
 		__entry->result		= result;
 	),
-	TP_printk("response_type=0x%lx (%ld), result=0x%x (%d)",
+	TP_printk("response_type=%llu (%llu), result=0x%x (%d)",
 			__entry->response_type, __entry->response_type,
 			__entry->result, __entry->result)
 );
@@ -186,7 +187,7 @@ TRACE_EVENT(marshal_in_invoke_req,
 		__entry->cb_server_fd	= cb_server_fd;
 		__entry->tzhandle	= tzhandle;
 	),
-	TP_printk("OI[%d]: fd=0x%x cb_server_fd=0x%x tzhandle=0x%x",
+	TP_printk("OI[%d]: fd=%lld cb_server_fd=0x%x tzhandle=0x%x",
 			__entry->i, __entry->fd, __entry->cb_server_fd, __entry->tzhandle)
 );
 

smmu-proxy/qti-smmu-proxy-common.c

@@ -5,7 +5,7 @@
 
 #include <linux/cdev.h>
 #include "qti-smmu-proxy-common.h"
-#include "smcinvoke.h"
+#include "smcinvoke_object.h"
 #include "../include/linux/ITrustedCameraDriver.h"
 #include "../include/linux/CTrustedCameraDriver.h"
 #include "../include/linux/IClientEnv.h"

smmu-proxy/qti-smmu-proxy-tvm.c

@@ -322,6 +322,7 @@ static int process_map_request(struct smmu_proxy_map_req *req, size_t size)
 		goto free_vmids;
 	}
 
+	retrieve_arg.fd_flags = O_RDWR;
 	retrieve_arg.memparcel_hdl = req->hdl;
 	retrieve_arg.sender_vmid = VMID_HLOS;
 	retrieve_arg.nr_acl_entries = n_acl_entries;
@@ -549,7 +550,7 @@ static int smmu_proxy_get_dma_buf(struct smmu_proxy_get_dma_buf_ctl *get_dma_buf
 	}
 
 	get_dma_buf(buf_state->dmabuf);
-	fd = dma_buf_fd(buf_state->dmabuf, O_RDWR | O_CLOEXEC);
+	fd = dma_buf_fd(buf_state->dmabuf, O_CLOEXEC);
 	if (fd < 0) {
 		ret = fd;
 		pr_err("%s: Failed to install FD for dma-buf rc: %d\n", __func__,

tz_log/tz_log.c

@@ -1358,7 +1358,7 @@ static ssize_t tzdbg_fs_read_encrypted(int tz_id, char __user *buf,
 	stat->display_offset += ret;
 	stat->display_len -= ret;
 	pr_debug("ret = %d, offset = %d\n", ret, (int)(*offp));
-	pr_debug("display_len = %d, offset = %d\n",
+	pr_debug("display_len = %lu, offset = %lu\n",
 			stat->display_len, stat->display_offset);
 	return ret;
 }
@@ -1479,7 +1479,7 @@ static int tzdbg_register_qsee_log_buf(struct platform_device *pdev)
 	ret = qcom_scm_register_qsee_log_buf(coh_pmem, qseelog_buf_size);
 	if (ret != QSEOS_RESULT_SUCCESS) {
 		pr_err(
-		"%s: scm_call to register log buf failed, resp result =%lld\n",
+		"%s: scm_call to register log buf failed, resp result =%d\n",
 		__func__, ret);
 		goto exit_dereg_bridge;
 	}
@@ -1697,7 +1697,7 @@ static int __update_rmlog_base(struct platform_device *pdev,
 					rmlog_address,
 					rmlog_size);
 	if (!tzdbg.rmlog_virt_iobase) {
-		dev_err(&pdev->dev, "ERROR could not ioremap: start=%pr, len=%u\n",
+		dev_err(&pdev->dev, "ERROR could not ioremap: start=%u, len=%u\n",
 			rmlog_address, tzdbg.rmlog_rw_buf_size);
 		return -ENXIO;
 	}
@@ -1729,7 +1729,7 @@ static int tzdbg_get_tz_version(void)
 				__func__, ret);
 		return ret;
 	}
-	pr_warn("tz diag version is %x\n", version);
+	pr_warn("tz diag version is %llu\n", version);
 	tzdbg.tz_diag_major_version =
 		((version >> TZBSP_FVER_MAJOR_SHIFT) & TZBSP_FVER_MAJOR_MINOR_MASK);
 	tzdbg.tz_diag_minor_version =
@@ -1763,7 +1763,7 @@ static void tzdbg_query_encrypted_log(void)
 			pr_err("scm_call QUERY_ENCR_LOG_FEATURE failed ret %d\n", ret);
 		tzdbg.is_encrypted_log_enabled = false;
 	} else {
-		pr_warn("encrypted qseelog enabled is %d\n", enabled);
+		pr_warn("encrypted qseelog enabled is %llu\n", enabled);
 		tzdbg.is_encrypted_log_enabled = enabled;
 	}
 }