ANDROID: trusty: Allow TRUSTY_LEND of buffers

Attempt to trigger dynamic security transition on TRUSTY_LEND.

Signed-off-by: Matthew Maurer <mmaurer@google.com>
Bug: 117221195
Change-Id: I7f09877a6d8e99966c2ca29e3ecbb235fcfc24a7

3 files changed, 22 insertions, 12 deletions

diff --git a/drivers/trusty/trusty-ipc.c b/drivers/trusty/trusty-ipc.c
index 1f4ce70..91e8b11 100644
--- a/drivers/trusty/trusty-ipc.c
+++ b/drivers/trusty/trusty-ipc.c
@@ -1098,6 +1098,7 @@ static int dn_connect_ioctl(struct tipc_dn_chan *dn, char __user *usr_name)
 }
 
 static int dn_share_fd(struct tipc_dn_chan *dn, int fd,
+		       bool lend,
 		       struct tipc_shared_handle **out)
 {
 	int ret = 0;
@@ -1165,7 +1166,7 @@ static int dn_share_fd(struct tipc_dn_chan *dn, int fd,
 				     &shared_handle->tipc.obj_id,
 				     shared_handle->sgt->sgl,
 				     shared_handle->sgt->orig_nents, prot,
-				     tag);
+				     tag, lend);
 
 	if (ret < 0) {
 		dev_dbg(dev, "Transferring memory failed: %d\n", ret);
@@ -1248,6 +1249,7 @@ static long filp_send_ioctl(struct file *filp,
 	long ret = 0;
 	ssize_t data_len = 0;
 	ssize_t shm_len = 0;
+	bool lend = false;
 
 	if (copy_from_user(&req, arg, sizeof(req)))
 		return -EFAULT;
@@ -1282,19 +1284,24 @@ static long filp_send_ioctl(struct file *filp,
 	for (shm_idx = 0; shm_idx < req.shm_cnt; shm_idx++) {
 		switch (shm[shm_idx].transfer) {
 		case TRUSTY_SHARE:
-			ret = dn_share_fd(dn, shm[shm_idx].fd,
-					  &shm_handles[shm_idx]);
-			if (ret) {
-				dev_dbg(dev, "Forwarding shared memory failed\n"
-					);
-				goto shm_share_failed;
-			}
+			lend = false;
+			break;
+		case TRUSTY_LEND:
+			lend = true;
 			break;
 		default:
 			dev_err(dev, "Unknown transfer type: 0x%x\n",
 				shm[shm_idx].transfer);
 			goto shm_share_failed;
 		}
+		ret = dn_share_fd(dn, shm[shm_idx].fd,
+				  lend,
+				  &shm_handles[shm_idx]);
+		if (ret) {
+			dev_dbg(dev, "Forwarding memory failed\n"
+				);
+			goto shm_share_failed;
+		}
 	}
 
 	if (filp->f_flags & O_NONBLOCK)
diff --git a/drivers/trusty/trusty.c b/drivers/trusty/trusty.c
index 27c5eb8..7817635 100644
--- a/drivers/trusty/trusty.c
+++ b/drivers/trusty/trusty.c
@@ -226,13 +226,14 @@ int trusty_share_memory(struct device *dev, u64 *id,
 			struct scatterlist *sglist, unsigned int nents,
 			pgprot_t pgprot)
 {
-	return trusty_transfer_memory(dev, id, sglist, nents, pgprot, 0);
+	return trusty_transfer_memory(dev, id, sglist, nents, pgprot, 0,
+				      false);
 }
 EXPORT_SYMBOL(trusty_share_memory);
 
 int trusty_transfer_memory(struct device *dev, u64 *id,
 			   struct scatterlist *sglist, unsigned int nents,
-			   pgprot_t pgprot, u64 tag)
+			   pgprot_t pgprot, u64 tag, bool lend)
 {
 	struct trusty_state *s = platform_get_drvdata(to_platform_device(dev));
 	int ret;
@@ -329,8 +330,10 @@ int trusty_transfer_memory(struct device *dev, u64 *id,
 		}
 		count -= lcount;
 		if (cons_mrd_offset) {
+			u32 smc = lend ? SMC_FC_FFA_MEM_LEND :
+					 SMC_FC_FFA_MEM_SHARE;
 			/* First fragment */
-			smc_ret = trusty_smc8(SMC_FC_FFA_MEM_SHARE, total_len,
+			smc_ret = trusty_smc8(smc, total_len,
 					      fragment_len, 0, 0, 0, 0, 0);
 		} else {
 			smc_ret = trusty_smc8(SMC_FC_FFA_MEM_FRAG_TX,
diff --git a/include/linux/trusty/trusty.h b/include/linux/trusty/trusty.h
index adf3c20..ec53eb2 100644
--- a/include/linux/trusty/trusty.h
+++ b/include/linux/trusty/trusty.h
@@ -71,7 +71,7 @@ int trusty_share_memory_compat(struct device *dev, trusty_shared_mem_id_t *id,
 			       pgprot_t pgprot);
 int trusty_transfer_memory(struct device *dev, u64 *id,
 			   struct scatterlist *sglist, unsigned int nents,
-			   pgprot_t pgprot, u64 tag);
+			   pgprot_t pgprot, u64 tag, bool lend);
 int trusty_reclaim_memory(struct device *dev, trusty_shared_mem_id_t id,
 			  struct scatterlist *sglist, unsigned int nents);