Loading drivers/char/adsprpc.c +29 −7 Original line number Diff line number Diff line Loading @@ -358,6 +358,8 @@ struct fastrpc_channel_ctx { void *rh_dump_dev; /* Indicates, if channel is restricted to secure node only */ int secure; /* Indicates whether the channel supports unsigned PD */ bool unsigned_support; struct fastrpc_dsp_capabilities dsp_cap_kernel; void *ipc_log_ctx; /* cpu capabilities shared to DSP */ Loading Loading @@ -2194,12 +2196,15 @@ static void fastrpc_init(struct fastrpc_apps *me) me->channel[i].sesscount = 0; /* All channels are secure by default except CDSP */ me->channel[i].secure = SECURE_CHANNEL; me->channel[i].unsigned_support = false; mutex_init(&me->channel[i].smd_mutex); mutex_init(&me->channel[i].rpmsg_mutex); spin_lock_init(&me->channel[i].ctxlock); } /* Set CDSP channel to non secure */ me->channel[CDSP_DOMAIN_ID].secure = NON_SECURE_CHANNEL; /* Set CDSP channel unsigned_support to true*/ me->channel[CDSP_DOMAIN_ID].unsigned_support = true; } static inline void fastrpc_pm_awake(struct fastrpc_file *fl, int channel_type) Loading Loading @@ -2492,6 +2497,20 @@ static int fastrpc_init_process(struct fastrpc_file *fl, struct fastrpc_buf *imem = NULL; unsigned long imem_dma_attr = 0; char *proc_name = NULL; int unsigned_request = (uproc->attrs & FASTRPC_MODE_UNSIGNED_MODULE); int cid = fl->cid; struct fastrpc_channel_ctx *chan = &me->channel[cid]; if (chan->unsigned_support && fl->dev_minor == MINOR_NUM_DEV) { /* Make sure third party applications */ /* can spawn only unsigned PD when */ /* channel configured as secure. */ if (chan->secure && !unsigned_request) { err = -ECONNREFUSED; goto bail; } } VERIFY(err, 0 == (err = fastrpc_channel_open(fl))); if (err) Loading Loading @@ -4105,6 +4124,7 @@ static int fastrpc_get_info(struct fastrpc_file *fl, uint32_t *info) { int err = 0; uint32_t cid; struct fastrpc_apps *me = &gfa; VERIFY(err, fl != NULL); if (err) Loading @@ -4112,21 +4132,23 @@ static int fastrpc_get_info(struct fastrpc_file *fl, uint32_t *info) err = fastrpc_set_process_info(fl); if (err) goto bail; if (fl->cid == -1) { cid = *info; if (fl->cid == -1) { struct fastrpc_channel_ctx *chan = &me->channel[cid]; VERIFY(err, cid < NUM_CHANNELS); if (err) goto bail; /* Check to see if the device node is non-secure */ if (fl->dev_minor == MINOR_NUM_DEV) { /* * For non secure device node check and make sure that * the channel allows non-secure access * If not, bail. Session will not start. * cid will remain -1 and client will not be able to * invoke any other methods without failure * If an app is trying to offload to a secure remote * channel by opening the non-secure device node, allow * the access if the subsystem supports unsigned * offload. Untrusted apps will be restricted. */ if (fl->apps->channel[cid].secure == SECURE_CHANNEL) { if (chan->secure == SECURE_CHANNEL && !chan->unsigned_support) { err = -EACCES; goto bail; } Loading drivers/char/adsprpc_shared.h +16 −0 Original line number Diff line number Diff line Loading @@ -350,4 +350,20 @@ static inline struct smq_phy_page *smq_phy_page_start(uint32_t sc, return (struct smq_phy_page *)(&buf[nTotal]); } enum fastrpc_proc_attr { /* Macro for Debug attr */ FASTRPC_MODE_DEBUG = 1 << 0, /* Macro for Ptrace */ FASTRPC_MODE_PTRACE = 1 << 1, /* Macro for CRC Check */ FASTRPC_MODE_CRC = 1 << 2, /* Macro for Unsigned PD */ FASTRPC_MODE_UNSIGNED_MODULE = 1 << 3, /* Macro for Adaptive QoS */ FASTRPC_MODE_ADAPTIVE_QOS = 1 << 4, /* Macro for System Process */ FASTRPC_MODE_SYSTEM_PROCESS = 1 << 5, }; #endif Loading
drivers/char/adsprpc.c +29 −7 Original line number Diff line number Diff line Loading @@ -358,6 +358,8 @@ struct fastrpc_channel_ctx { void *rh_dump_dev; /* Indicates, if channel is restricted to secure node only */ int secure; /* Indicates whether the channel supports unsigned PD */ bool unsigned_support; struct fastrpc_dsp_capabilities dsp_cap_kernel; void *ipc_log_ctx; /* cpu capabilities shared to DSP */ Loading Loading @@ -2194,12 +2196,15 @@ static void fastrpc_init(struct fastrpc_apps *me) me->channel[i].sesscount = 0; /* All channels are secure by default except CDSP */ me->channel[i].secure = SECURE_CHANNEL; me->channel[i].unsigned_support = false; mutex_init(&me->channel[i].smd_mutex); mutex_init(&me->channel[i].rpmsg_mutex); spin_lock_init(&me->channel[i].ctxlock); } /* Set CDSP channel to non secure */ me->channel[CDSP_DOMAIN_ID].secure = NON_SECURE_CHANNEL; /* Set CDSP channel unsigned_support to true*/ me->channel[CDSP_DOMAIN_ID].unsigned_support = true; } static inline void fastrpc_pm_awake(struct fastrpc_file *fl, int channel_type) Loading Loading @@ -2492,6 +2497,20 @@ static int fastrpc_init_process(struct fastrpc_file *fl, struct fastrpc_buf *imem = NULL; unsigned long imem_dma_attr = 0; char *proc_name = NULL; int unsigned_request = (uproc->attrs & FASTRPC_MODE_UNSIGNED_MODULE); int cid = fl->cid; struct fastrpc_channel_ctx *chan = &me->channel[cid]; if (chan->unsigned_support && fl->dev_minor == MINOR_NUM_DEV) { /* Make sure third party applications */ /* can spawn only unsigned PD when */ /* channel configured as secure. */ if (chan->secure && !unsigned_request) { err = -ECONNREFUSED; goto bail; } } VERIFY(err, 0 == (err = fastrpc_channel_open(fl))); if (err) Loading Loading @@ -4105,6 +4124,7 @@ static int fastrpc_get_info(struct fastrpc_file *fl, uint32_t *info) { int err = 0; uint32_t cid; struct fastrpc_apps *me = &gfa; VERIFY(err, fl != NULL); if (err) Loading @@ -4112,21 +4132,23 @@ static int fastrpc_get_info(struct fastrpc_file *fl, uint32_t *info) err = fastrpc_set_process_info(fl); if (err) goto bail; if (fl->cid == -1) { cid = *info; if (fl->cid == -1) { struct fastrpc_channel_ctx *chan = &me->channel[cid]; VERIFY(err, cid < NUM_CHANNELS); if (err) goto bail; /* Check to see if the device node is non-secure */ if (fl->dev_minor == MINOR_NUM_DEV) { /* * For non secure device node check and make sure that * the channel allows non-secure access * If not, bail. Session will not start. * cid will remain -1 and client will not be able to * invoke any other methods without failure * If an app is trying to offload to a secure remote * channel by opening the non-secure device node, allow * the access if the subsystem supports unsigned * offload. Untrusted apps will be restricted. */ if (fl->apps->channel[cid].secure == SECURE_CHANNEL) { if (chan->secure == SECURE_CHANNEL && !chan->unsigned_support) { err = -EACCES; goto bail; } Loading
drivers/char/adsprpc_shared.h +16 −0 Original line number Diff line number Diff line Loading @@ -350,4 +350,20 @@ static inline struct smq_phy_page *smq_phy_page_start(uint32_t sc, return (struct smq_phy_page *)(&buf[nTotal]); } enum fastrpc_proc_attr { /* Macro for Debug attr */ FASTRPC_MODE_DEBUG = 1 << 0, /* Macro for Ptrace */ FASTRPC_MODE_PTRACE = 1 << 1, /* Macro for CRC Check */ FASTRPC_MODE_CRC = 1 << 2, /* Macro for Unsigned PD */ FASTRPC_MODE_UNSIGNED_MODULE = 1 << 3, /* Macro for Adaptive QoS */ FASTRPC_MODE_ADAPTIVE_QOS = 1 << 4, /* Macro for System Process */ FASTRPC_MODE_SYSTEM_PROCESS = 1 << 5, }; #endif
