368 lines
10 KiB
Diff
368 lines
10 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Riley Andrews <riandrews@google.com>
|
|
Date: Thu, 5 May 2016 14:42:41 -0700
|
|
Subject: [PATCH] trusty: Add trusty logging driver.
|
|
|
|
This driver is the consumer side of a ringbuffer of log data
|
|
that the secure operating system dumps prints into. Trusty
|
|
printfs will be dumped into the kernel log after smc calls
|
|
and during panics.
|
|
|
|
Change-Id: Iadc939b60940330e8fe02a52f3e397da7833c2fa
|
|
---
|
|
drivers/trusty/Kconfig | 5 +
|
|
drivers/trusty/Makefile | 1 +
|
|
drivers/trusty/trusty-log.c | 274 ++++++++++++++++++++++++++++++++++
|
|
drivers/trusty/trusty-log.h | 22 +++
|
|
include/linux/trusty/smcall.h | 1 +
|
|
5 files changed, 303 insertions(+)
|
|
create mode 100644 drivers/trusty/trusty-log.c
|
|
create mode 100644 drivers/trusty/trusty-log.h
|
|
|
|
diff --git a/drivers/trusty/Kconfig b/drivers/trusty/Kconfig
|
|
index fc1061d..ea75813 100644
|
|
--- a/drivers/trusty/Kconfig
|
|
+++ b/drivers/trusty/Kconfig
|
|
@@ -28,4 +28,9 @@ config TRUSTY_FIQ_ARM64
|
|
select TRUSTY_FIQ
|
|
default y
|
|
|
|
+config TRUSTY_LOG
|
|
+ tristate
|
|
+ depends on TRUSTY
|
|
+ default y
|
|
+
|
|
endmenu
|
|
diff --git a/drivers/trusty/Makefile b/drivers/trusty/Makefile
|
|
index e162a40..641ee2a 100644
|
|
--- a/drivers/trusty/Makefile
|
|
+++ b/drivers/trusty/Makefile
|
|
@@ -7,3 +7,4 @@ obj-$(CONFIG_TRUSTY) += trusty-irq.o
|
|
obj-$(CONFIG_TRUSTY_FIQ) += trusty-fiq.o
|
|
obj-$(CONFIG_TRUSTY_FIQ_ARM) += trusty-fiq-arm.o
|
|
obj-$(CONFIG_TRUSTY_FIQ_ARM64) += trusty-fiq-arm64.o trusty-fiq-arm64-glue.o
|
|
+obj-$(CONFIG_TRUSTY_LOG) += trusty-log.o
|
|
diff --git a/drivers/trusty/trusty-log.c b/drivers/trusty/trusty-log.c
|
|
new file mode 100644
|
|
index 0000000..e8dcced
|
|
--- /dev/null
|
|
+++ b/drivers/trusty/trusty-log.c
|
|
@@ -0,0 +1,274 @@
|
|
+/*
|
|
+ * Copyright (C) 2015 Google, Inc.
|
|
+ *
|
|
+ * This software is licensed under the terms of the GNU General Public
|
|
+ * License version 2, as published by the Free Software Foundation, and
|
|
+ * may be copied, distributed, and modified under those terms.
|
|
+ *
|
|
+ * This program is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ */
|
|
+#include <linux/platform_device.h>
|
|
+#include <linux/trusty/smcall.h>
|
|
+#include <linux/trusty/trusty.h>
|
|
+#include <linux/notifier.h>
|
|
+#include <linux/slab.h>
|
|
+#include <linux/mm.h>
|
|
+#include <linux/module.h>
|
|
+#include <linux/log2.h>
|
|
+#include <asm/page.h>
|
|
+#include "trusty-log.h"
|
|
+
|
|
+#define TRUSTY_LOG_SIZE (PAGE_SIZE * 2)
|
|
+#define TRUSTY_LINE_BUFFER_SIZE 256
|
|
+
|
|
+struct trusty_log_state {
|
|
+ struct device *dev;
|
|
+ struct device *trusty_dev;
|
|
+
|
|
+ /*
|
|
+ * This lock is here to ensure only one consumer will read
|
|
+ * from the log ring buffer at a time.
|
|
+ */
|
|
+ spinlock_t lock;
|
|
+ struct log_rb *log;
|
|
+ uint32_t get;
|
|
+
|
|
+ struct page *log_pages;
|
|
+
|
|
+ struct notifier_block call_notifier;
|
|
+ struct notifier_block panic_notifier;
|
|
+ char line_buffer[TRUSTY_LINE_BUFFER_SIZE];
|
|
+};
|
|
+
|
|
+static int log_read_line(struct trusty_log_state *s, int put, int get)
|
|
+{
|
|
+ struct log_rb *log = s->log;
|
|
+ int i;
|
|
+ char c = '\0';
|
|
+ size_t max_to_read = min((size_t)(put - get),
|
|
+ sizeof(s->line_buffer) - 1);
|
|
+ size_t mask = log->sz - 1;
|
|
+
|
|
+ for (i = 0; i < max_to_read && c != '\n';)
|
|
+ s->line_buffer[i++] = c = log->data[get++ & mask];
|
|
+ s->line_buffer[i] = '\0';
|
|
+
|
|
+ return i;
|
|
+}
|
|
+
|
|
+static void trusty_dump_logs(struct trusty_log_state *s)
|
|
+{
|
|
+ struct log_rb *log = s->log;
|
|
+ uint32_t get, put, alloc;
|
|
+ int read_chars;
|
|
+
|
|
+ BUG_ON(!is_power_of_2(log->sz));
|
|
+
|
|
+ /*
|
|
+ * For this ring buffer, at any given point, alloc >= put >= get.
|
|
+ * The producer side of the buffer is not locked, so the put and alloc
|
|
+ * pointers must be read in a defined order (put before alloc) so
|
|
+ * that the above condition is maintained. A read barrier is needed
|
|
+ * to make sure the hardware and compiler keep the reads ordered.
|
|
+ */
|
|
+ get = s->get;
|
|
+ while ((put = log->put) != get) {
|
|
+ /* Make sure that the read of put occurs before the read of log data */
|
|
+ rmb();
|
|
+
|
|
+ /* Read a line from the log */
|
|
+ read_chars = log_read_line(s, put, get);
|
|
+
|
|
+ /* Force the loads from log_read_line to complete. */
|
|
+ rmb();
|
|
+ alloc = log->alloc;
|
|
+
|
|
+ /*
|
|
+ * Discard the line that was just read if the data could
|
|
+ * have been corrupted by the producer.
|
|
+ */
|
|
+ if (alloc - get > log->sz) {
|
|
+ pr_err("trusty: log overflow.");
|
|
+ get = alloc - log->sz;
|
|
+ continue;
|
|
+ }
|
|
+ pr_info("trusty: %s", s->line_buffer);
|
|
+ get += read_chars;
|
|
+ }
|
|
+ s->get = get;
|
|
+}
|
|
+
|
|
+static int trusty_log_call_notify(struct notifier_block *nb,
|
|
+ unsigned long action, void *data)
|
|
+{
|
|
+ struct trusty_log_state *s;
|
|
+ unsigned long flags;
|
|
+
|
|
+ if (action != TRUSTY_CALL_RETURNED)
|
|
+ return NOTIFY_DONE;
|
|
+
|
|
+ s = container_of(nb, struct trusty_log_state, call_notifier);
|
|
+ spin_lock_irqsave(&s->lock, flags);
|
|
+ trusty_dump_logs(s);
|
|
+ spin_unlock_irqrestore(&s->lock, flags);
|
|
+ return NOTIFY_OK;
|
|
+}
|
|
+
|
|
+static int trusty_log_panic_notify(struct notifier_block *nb,
|
|
+ unsigned long action, void *data)
|
|
+{
|
|
+ struct trusty_log_state *s;
|
|
+
|
|
+ /*
|
|
+ * Don't grab the spin lock to hold up the panic notifier, even
|
|
+ * though this is racy.
|
|
+ */
|
|
+ s = container_of(nb, struct trusty_log_state, panic_notifier);
|
|
+ pr_info("trusty-log panic notifier - trusty version %s",
|
|
+ trusty_version_str_get(s->trusty_dev));
|
|
+ trusty_dump_logs(s);
|
|
+ return NOTIFY_OK;
|
|
+}
|
|
+
|
|
+static bool trusty_supports_logging(struct device *device)
|
|
+{
|
|
+ int result;
|
|
+
|
|
+ result = trusty_std_call32(device, SMC_SC_SHARED_LOG_VERSION,
|
|
+ TRUSTY_LOG_API_VERSION, 0, 0);
|
|
+ if (result == SM_ERR_UNDEFINED_SMC) {
|
|
+ pr_info("trusty-log not supported on secure side.\n");
|
|
+ return false;
|
|
+ } else if (result < 0) {
|
|
+ pr_err("trusty std call (SMC_SC_SHARED_LOG_VERSION) failed: %d\n",
|
|
+ result);
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ if (result == TRUSTY_LOG_API_VERSION) {
|
|
+ return true;
|
|
+ } else {
|
|
+ pr_info("trusty-log unsupported api version: %d, supported: %d\n",
|
|
+ result, TRUSTY_LOG_API_VERSION);
|
|
+ return false;
|
|
+ }
|
|
+}
|
|
+
|
|
+static int trusty_log_probe(struct platform_device *pdev)
|
|
+{
|
|
+ struct trusty_log_state *s;
|
|
+ int result;
|
|
+ phys_addr_t pa;
|
|
+
|
|
+ dev_dbg(&pdev->dev, "%s\n", __func__);
|
|
+ if (!trusty_supports_logging(pdev->dev.parent)) {
|
|
+ return -ENXIO;
|
|
+ }
|
|
+
|
|
+ s = kzalloc(sizeof(*s), GFP_KERNEL);
|
|
+ if (!s) {
|
|
+ result = -ENOMEM;
|
|
+ goto error_alloc_state;
|
|
+ }
|
|
+
|
|
+ spin_lock_init(&s->lock);
|
|
+ s->dev = &pdev->dev;
|
|
+ s->trusty_dev = s->dev->parent;
|
|
+ s->get = 0;
|
|
+ s->log_pages = alloc_pages(GFP_KERNEL | __GFP_ZERO,
|
|
+ get_order(TRUSTY_LOG_SIZE));
|
|
+ if (!s->log_pages) {
|
|
+ result = -ENOMEM;
|
|
+ goto error_alloc_log;
|
|
+ }
|
|
+ s->log = page_address(s->log_pages);
|
|
+
|
|
+ pa = page_to_phys(s->log_pages);
|
|
+ result = trusty_std_call32(s->trusty_dev,
|
|
+ SMC_SC_SHARED_LOG_ADD,
|
|
+ (u32)(pa), (u32)(pa >> 32),
|
|
+ TRUSTY_LOG_SIZE);
|
|
+ if (result < 0) {
|
|
+ pr_err("trusty std call (SMC_SC_SHARED_LOG_ADD) failed: %d %pa\n",
|
|
+ result, &pa);
|
|
+ goto error_std_call;
|
|
+ }
|
|
+
|
|
+ s->call_notifier.notifier_call = trusty_log_call_notify;
|
|
+ result = trusty_call_notifier_register(s->trusty_dev,
|
|
+ &s->call_notifier);
|
|
+ if (result < 0) {
|
|
+ dev_err(&pdev->dev,
|
|
+ "failed to register trusty call notifier\n");
|
|
+ goto error_call_notifier;
|
|
+ }
|
|
+
|
|
+ s->panic_notifier.notifier_call = trusty_log_panic_notify;
|
|
+ result = atomic_notifier_chain_register(&panic_notifier_list,
|
|
+ &s->panic_notifier);
|
|
+ if (result < 0) {
|
|
+ dev_err(&pdev->dev,
|
|
+ "failed to register panic notifier\n");
|
|
+ goto error_panic_notifier;
|
|
+ }
|
|
+ platform_set_drvdata(pdev, s);
|
|
+
|
|
+ return 0;
|
|
+
|
|
+error_panic_notifier:
|
|
+ trusty_call_notifier_unregister(s->trusty_dev, &s->call_notifier);
|
|
+error_call_notifier:
|
|
+ trusty_std_call32(s->trusty_dev, SMC_SC_SHARED_LOG_RM,
|
|
+ (u32)pa, (u32)(pa >> 32), 0);
|
|
+error_std_call:
|
|
+ __free_pages(s->log_pages, get_order(TRUSTY_LOG_SIZE));
|
|
+error_alloc_log:
|
|
+ kfree(s);
|
|
+error_alloc_state:
|
|
+ return result;
|
|
+}
|
|
+
|
|
+static int trusty_log_remove(struct platform_device *pdev)
|
|
+{
|
|
+ int result;
|
|
+ struct trusty_log_state *s = platform_get_drvdata(pdev);
|
|
+ phys_addr_t pa = page_to_phys(s->log_pages);
|
|
+
|
|
+ dev_dbg(&pdev->dev, "%s\n", __func__);
|
|
+
|
|
+ atomic_notifier_chain_unregister(&panic_notifier_list,
|
|
+ &s->panic_notifier);
|
|
+ trusty_call_notifier_unregister(s->trusty_dev, &s->call_notifier);
|
|
+
|
|
+ result = trusty_std_call32(s->trusty_dev, SMC_SC_SHARED_LOG_RM,
|
|
+ (u32)pa, (u32)(pa >> 32), 0);
|
|
+ if (result) {
|
|
+ pr_err("trusty std call (SMC_SC_SHARED_LOG_RM) failed: %d\n",
|
|
+ result);
|
|
+ }
|
|
+ __free_pages(s->log_pages, get_order(TRUSTY_LOG_SIZE));
|
|
+ kfree(s);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static const struct of_device_id trusty_test_of_match[] = {
|
|
+ { .compatible = "android,trusty-log-v1", },
|
|
+ {},
|
|
+};
|
|
+
|
|
+static struct platform_driver trusty_log_driver = {
|
|
+ .probe = trusty_log_probe,
|
|
+ .remove = trusty_log_remove,
|
|
+ .driver = {
|
|
+ .name = "trusty-log",
|
|
+ .owner = THIS_MODULE,
|
|
+ .of_match_table = trusty_test_of_match,
|
|
+ },
|
|
+};
|
|
+
|
|
+module_platform_driver(trusty_log_driver);
|
|
diff --git a/drivers/trusty/trusty-log.h b/drivers/trusty/trusty-log.h
|
|
new file mode 100644
|
|
index 0000000..09f6021
|
|
--- /dev/null
|
|
+++ b/drivers/trusty/trusty-log.h
|
|
@@ -0,0 +1,22 @@
|
|
+#ifndef _TRUSTY_LOG_H_
|
|
+#define _TRUSTY_LOG_H_
|
|
+
|
|
+/*
|
|
+ * Ring buffer that supports one secure producer thread and one
|
|
+ * linux side consumer thread.
|
|
+ */
|
|
+struct log_rb {
|
|
+ volatile uint32_t alloc;
|
|
+ volatile uint32_t put;
|
|
+ uint32_t sz;
|
|
+ volatile char data[0];
|
|
+} __packed;
|
|
+
|
|
+#define SMC_SC_SHARED_LOG_VERSION SMC_STDCALL_NR(SMC_ENTITY_LOGGING, 0)
|
|
+#define SMC_SC_SHARED_LOG_ADD SMC_STDCALL_NR(SMC_ENTITY_LOGGING, 1)
|
|
+#define SMC_SC_SHARED_LOG_RM SMC_STDCALL_NR(SMC_ENTITY_LOGGING, 2)
|
|
+
|
|
+#define TRUSTY_LOG_API_VERSION 1
|
|
+
|
|
+#endif
|
|
+
|
|
diff --git a/include/linux/trusty/smcall.h b/include/linux/trusty/smcall.h
|
|
index e870497..aaad5ce 100644
|
|
--- a/include/linux/trusty/smcall.h
|
|
+++ b/include/linux/trusty/smcall.h
|
|
@@ -51,6 +51,7 @@
|
|
#define SMC_ENTITY_RESERVED 5 /* Reserved for future use */
|
|
#define SMC_ENTITY_TRUSTED_APP 48 /* Trusted Application calls */
|
|
#define SMC_ENTITY_TRUSTED_OS 50 /* Trusted OS calls */
|
|
+#define SMC_ENTITY_LOGGING 51 /* Used for secure -> nonsecure logging */
|
|
#define SMC_ENTITY_SECURE_MONITOR 60 /* Trusted OS calls internal to secure monitor */
|
|
|
|
/* FC = Fast call, SC = Standard call */
|
|
--
|
|
https://clearlinux.org
|
|
|