Merge pull request #15 from qc-azarrabi/mem-object

Mem object

Author: harshaldev27

libqcomtee/CMakeLists.txt

@@ -20,8 +20,9 @@ include_directories(${QCBOR_INCLUDE_DIRS})
 # ''Source files''.
 
 set(SRC
-        src/qcomtee_object.c
-        src/objects/credentials_obj.c
+	src/qcomtee_object.c
+	src/objects/credentials_obj.c
+	src/objects/mem_obj.c
 )
 
 add_library(qcomtee ${SRC})

libqcomtee/include/qcomtee_object.h

@@ -23,11 +23,23 @@ typedef uint32_t qcomtee_op_t;
  * @{
  */
 
+/**
+  * @def QCOMTEE_OBJREF_TEE
+  * @brief It indicates that the object is hosted in QTEE.
+  */
+#define QCOMTEE_OBJREF_TEE (1 << 0)
+
 /**
  * @def QCOMTEE_OBJREF_USER
  * @brief It indicates that the object is hosted in userspace.
  */
-#define QCOMTEE_OBJREF_USER (1 << 0)
+#define QCOMTEE_OBJREF_USER (1 << 1)
+
+/**
+ * @def QCOMTEE_OBJREF_MEM
+ * @brief It indicates that the object is a memory object.
+ */
+#define QCOMTEE_OBJREF_MEM (1 << 2)
 
 /** @} */ // end of ObjRefFlags
 
@@ -44,7 +56,7 @@ typedef uint32_t qcomtee_op_t;
  * @brief Release object.
  * 
  */
-#define QCOMTEE_OBJREF_OP_RELEASE ((qcomtee_op_t)(65536))
+#define QCOMTEE_OBJREF_OP_RELEASE ((qcomtee_op_t)(65535))
 
 /** @} */ // end of ObjRefOperations
 
@@ -130,6 +142,7 @@ typedef enum {
 	QCOMTEE_OBJECT_TYPE_TEE, /**< It is an object hosted in QTEE. */
 	QCOMTEE_OBJECT_TYPE_ROOT, /**< It is a root object. */
 	QCOMTEE_OBJECT_TYPE_CB, /**< It is a callback object. */
+	QCOMTEE_OBJECT_TYPE_MEMORY, /**< It is a memory object. */
 } qcomtee_object_type_t;
 
 /**
@@ -195,6 +208,7 @@ struct qcomtee_object_ops {
 struct qcomtee_object {
 	atomic_int refs; /**< Number of references to this object. */
 	uint64_t object_id; /**< ID assigned to this object. */
+	uint64_t tee_object_id; /**< ID assigned to this object for QTEE. */
 	qcomtee_object_type_t object_type; /**< Object Type. */
 
 	/**
@@ -244,10 +258,23 @@ qcomtee_object_typeof(struct qcomtee_object *object)
 /**
  * @brief Increase object reference count.
  * @param object The object being incremented.
+ * @return On success, returns 0;
+ *         Otherwise, returns -1.
  */
-static inline void qcomtee_object_refs_inc(struct qcomtee_object *object)
+static inline int qcomtee_object_refs_inc(struct qcomtee_object *object)
 {
-	atomic_fetch_add(&object->refs, 1);
+	int old;
+
+	if (object == QCOMTEE_OBJECT_NULL)
+		return -1;
+
+	old = atomic_load(&object->refs);
+	do {
+		if (old == 0)
+			return -1;
+	} while (!atomic_compare_exchange_weak(&object->refs, &old, old + 1));
+
+	return 0;
 }
 
 /**
@@ -256,9 +283,16 @@ static inline void qcomtee_object_refs_inc(struct qcomtee_object *object)
  */
 void qcomtee_object_refs_dec(struct qcomtee_object *object);
 
+#ifdef __GLIBC__
+typedef int (*tee_call_t)(int, unsigned long, ...);
+#else
+typedef int (*tee_call_t)(int, int, ...);
+#endif
+
 /**
  * @brief Create a root object.
  * @param dev TEE device file pathname.
+ * @param tee_call API to call to TEE driver (e.g. ioctl()).
  * @param release Called on destruction of this root object.
  * @param arg Argument passed to release.
  *
@@ -268,8 +302,10 @@ void qcomtee_object_refs_dec(struct qcomtee_object *object);
  * @return On success, returns the object;
  *         Otherwise, returns @ref QCOMTEE_OBJECT_NULL.
  */
-struct qcomtee_object *
-qcomtee_object_root_init(const char *dev, void (*release)(void *), void *arg);
+struct qcomtee_object *qcomtee_object_root_init(const char *dev,
+						tee_call_t tee_call,
+						void (*release)(void *),
+						void *arg);
 
 /**
  * @brief Initialize a callback objet.
@@ -282,12 +318,6 @@ int qcomtee_object_cb_init(struct qcomtee_object *object,
 			   struct qcomtee_object_ops *ops,
 			   struct qcomtee_object *root);
 
-#ifdef __GLIBC__
-typedef int (*tee_call_t)(int, unsigned long, ...);
-#else
-typedef int (*tee_call_t)(int, int, ...);
-#endif
-
 /**
  * @brief Invoke an Object.
  *
@@ -299,12 +329,11 @@ typedef int (*tee_call_t)(int, int, ...);
  * @param params Input parameter array to the requested operation.
  * @param num_params Number of parameter in the input array.
  * @param result Result of operation.
- * @param tee_call Submit request to kernel driver.
  * @return On success, 0; Otherwise, returns -1.
  */
 int qcomtee_object_invoke(struct qcomtee_object *object, qcomtee_op_t op,
 			  struct qcomtee_param *params, int num_params,
-			  qcomtee_result_t *result, tee_call_t tee_call);
+			  qcomtee_result_t *result);
 
 /**
  * @brief Process single request.
@@ -317,15 +346,13 @@ int qcomtee_object_invoke(struct qcomtee_object *object, qcomtee_op_t op,
  * operation. Therefore, if it is being executed by a pthread, it is not
  * safe to use PTHREAD_CANCEL_ASYNCHRONOUS.
  *
- * The tee_call function should implement support for reading a new request
- * (i.e., TEE_IOC_SUPPL_RECV) and submitting the response
+ * The @ref qcomtee_object::tee_call function should implement support for
+ * reading a new request (i.e., TEE_IOC_SUPPL_RECV) and submitting the response
  * (i.e., TEE_IOC_SUPPL_SEND).
  * 
  * @param root The root object for which the request queue is checked.
- * @param tee_call Read a request and submit response to kernel driver.
  * @return On success, 0; Otherwise, returns -1.
  */
-int qcomtee_object_process_one(struct qcomtee_object *root,
-			       tee_call_t tee_call);
+int qcomtee_object_process_one(struct qcomtee_object *root);
 
 #endif // _QCOMTEE_OBJECT_H

libqcomtee/include/qcomtee_object_types.h

@@ -8,13 +8,67 @@
 
 /**
  * @brief Get a credentials object.
- * @param root_object The root object to which this object belongs.
+ * @param root The root object to which this object belongs.
  * @param object Credentials object.
  * @return On success returns @ref QCOMTEE_OK;
  *         Otherwise @ref QCOMTEE_ERROR_MEM.
  */
 qcomtee_result_t
-qcomtee_object_credentials_init(struct qcomtee_object *root_object,
+qcomtee_object_credentials_init(struct qcomtee_object *root,
 				struct qcomtee_object **object);
 
+/* Select qcomtee_memory_object_alloc vs. qcomtee_memory_object_register. */
+#define qcomtee_memory_object_tee_api_select(a, b, c, d, fun, ...) fun
+
+/**
+ * @brief Allocate a memory object.
+ *
+ * Memory object is owned by the caller and should be released using
+ * @ref qcomtee_memory_object_release.
+ *
+ * If sent to QTEE, a copy of the object is made and the owner keep their copy.
+ * In most usecases, the object owner needs to share memory with QTEE rather
+ * to donating it.
+ *
+ * For instance, if the memory object sent to QTEE in two different invocations,
+ * their would be three copies of the object:
+ *   - The owner copy.
+ *   - The two copies sent to QTEE in the invocations.
+ * Owner should release their copy using @ref qcomtee_memory_object_release.
+ * QTEE will release its two copies.
+ *
+ * If the owner wants to donate the memory they can release their copy
+ * @ref qcomtee_memory_object_release after the invocation to send the object.
+ *
+ * QTEE can only reference the memory objects that user owns. If the owner
+ * releases the object (so they hold no copy), they can not receive it
+ * back from QTEE.
+ *
+ *   - If the owner donates a memory object to QTEE, they can not receive
+ *     it from QTEE as @ref QCOMTEE_OBJREF_OUTPUT.
+ *   - If the owner shared a memory object to QTEE, they can receive it
+ *     from QTEE (a copy of the object is made and should be release
+ *     separately using @ref qcomtee_memory_object_release by the receiver).
+ *
+ * At any time, the owner can call @ref qcomtee_object_refs_inc to create a
+ * copy of the object. This copy should be released using
+ * @ref qcomtee_memory_object_release.
+ *
+ * @param size Size of the memory object.
+ * @param root The root object to which this object belongs.
+ * @param object Memory object.
+ * @return On success, returns 0; Otherwise, returns -1.
+ */
+int qcomtee_memory_object_alloc(size_t size, struct qcomtee_object *root,
+				struct qcomtee_object **object);
+
+void *qcomtee_memory_object_addr(struct qcomtee_object *object);
+size_t qcomtee_memory_object_size(struct qcomtee_object *object);
+
+/**
+ * @brief Release a memory object.
+ * @param object The object being released.
+ */
+void qcomtee_memory_object_release(struct qcomtee_object *object);
+
 #endif // _QCOMTEE_OBJECT_TYPES_H

libqcomtee/src/objects/credentials_obj.c

@@ -140,7 +140,7 @@ static struct qcomtee_object_ops ops = {
 };
 
 qcomtee_result_t
-qcomtee_object_credentials_init(struct qcomtee_object *root_object,
+qcomtee_object_credentials_init(struct qcomtee_object *root,
 				struct qcomtee_object **object)
 {
 	struct qcomtee_credentials *qcomtee_cred;
@@ -149,7 +149,7 @@ qcomtee_object_credentials_init(struct qcomtee_object *root_object,
 	if (!qcomtee_cred)
 		return QCOMTEE_ERROR_MEM;
 
-	qcomtee_object_cb_init(&qcomtee_cred->object, &ops, root_object);
+	qcomtee_object_cb_init(&qcomtee_cred->object, &ops, root);
 	/* INIT the credentials buffer. */
 	if (credentials_init(&qcomtee_cred->ubuf)) {
 		free(qcomtee_cred);

libqcomtee/src/objects/mem_obj.c

@@ -0,0 +1,134 @@
+// Copyright (c) 2025, Qualcomm Innovation Center, Inc. All rights reserved.
+// SPDX-License-Identifier: BSD-3-Clause
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <linux/tee.h>
+#include <qcomtee_object_types.h>
+#include <qcomtee_object_private.h>
+
+/* Which TEE API was used to prepare the memory object: */
+enum qcomtee_memory_type {
+	QCOMTEE_MEMORY_TEE_ALLOC = 1,
+	QCOMTEE_MEMORY_TEE_REGISTER
+};
+
+/**
+ * @brief Structure representing a memory object in TEE diver.
+ *
+ * This structure encapsulates information about a memory object
+ * used in TEE driver.
+ */
+struct qcomtee_memory {
+	struct qcomtee_object object;
+	enum qcomtee_memory_type type;
+	int fd; /**< File descriptor for TEE driver shm. */
+	struct {
+		void *addr; /**< mmaped address. */
+		size_t size; /**< size of memory. */
+	} mem_info;
+};
+
+#define MEMORY(o) container_of((o), struct qcomtee_memory, object)
+
+static void qcomtee_memory_release(struct qcomtee_object *object)
+{
+	struct qcomtee_memory *qcomtee_mem = MEMORY(object);
+
+	if (qcomtee_mem->type == QCOMTEE_MEMORY_TEE_ALLOC)
+		munmap(qcomtee_mem->mem_info.addr, qcomtee_mem->mem_info.size);
+
+	/* Release TEE shm. */
+	if (qcomtee_mem->fd != -1)
+		close(qcomtee_mem->fd);
+
+	free(qcomtee_mem);
+}
+
+/**
+ * @brief Allocate and initialize an empty memory object.
+ *
+ * The object has no physical memory assigned to it.
+ *
+ * @return On success, returns @ref qcomtee_memory; Otherwise, NULL.
+ */
+static struct qcomtee_memory *qcomtee_memory_alloc(void)
+{
+	struct qcomtee_memory *qcomtee_mem;
+	static struct qcomtee_object_ops ops = {
+		.release = qcomtee_memory_release,
+	};
+
+	qcomtee_mem = calloc(1, sizeof(*qcomtee_mem));
+	if (qcomtee_mem) {
+		QCOMTEE_OBJECT_INIT(&qcomtee_mem->object,
+				    QCOMTEE_OBJECT_TYPE_MEMORY);
+		qcomtee_mem->object.ops = &ops;
+		/* TEE shm not assigned yet. */
+		qcomtee_mem->fd = -1;
+	}
+
+	return qcomtee_mem;
+}
+
+int qcomtee_memory_object_alloc(size_t size, struct qcomtee_object *root,
+				struct qcomtee_object **object)
+{
+	struct root_object *root_object = ROOT_OBJECT(root);
+	struct tee_ioctl_shm_alloc_data data;
+	struct qcomtee_memory *qcomtee_mem;
+	void *addr;
+	int fd;
+
+	qcomtee_mem = qcomtee_memory_alloc();
+	if (!qcomtee_mem)
+		return -1;
+
+	data.size = size;
+	data.flags = 0;
+	data.id = 0;
+	fd = root_object->tee_call(root_object->fd, TEE_IOC_SHM_ALLOC, &data);
+	if (fd < 0)
+		goto err_release;
+
+	/* Assign TEE shm. */
+	qcomtee_mem->object.tee_object_id = data.id;
+	qcomtee_mem->fd = fd;
+
+	addr = mmap(NULL, data.size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	if (addr == MAP_FAILED)
+		goto err_release;
+
+	/* INIT the memory object. */
+	qcomtee_mem->mem_info.addr = addr;
+	qcomtee_mem->mem_info.size = data.size;
+	qcomtee_mem->type = QCOMTEE_MEMORY_TEE_ALLOC;
+	/* Keep a copy of root object; released in qcomtee_object_refs_dec. */
+	qcomtee_object_refs_inc(root);
+	qcomtee_mem->object.root = root;
+
+	*object = &qcomtee_mem->object;
+
+	return 0;
+
+err_release:
+	qcomtee_memory_object_release(&qcomtee_mem->object);
+
+	return -1;
+}
+
+void *qcomtee_memory_object_addr(struct qcomtee_object *object)
+{
+	return MEMORY(object)->mem_info.addr;
+}
+
+size_t qcomtee_memory_object_size(struct qcomtee_object *object)
+{
+	return MEMORY(object)->mem_info.size;
+}
+
+void qcomtee_memory_object_release(struct qcomtee_object *object)
+{
+	qcomtee_object_refs_dec(object);
+}