qtee-shmbridge : Added trigger call to KP for enabling mem protection

Added Kernel Protect mem protection enable call to QTEE SHM bridge driver
After receiving added syscall, Kernel Protect (KP) will start memory
protection on vmlinux sections like .text, .rodata etc. Here KP sets up
appropriate privileges in EL2 page table for pre-defined vmlinux sections.
If any access other than set privileges occurred then a fault is
generated in hypervisor which is handled by KP's registered handler.
Here we record all these incidents and later on added in integrity report
in QSEE.

Change-Id: I0ce5e10dcadb4c312b43718a4e5f19d27e2e4347
Signed-off-by: Ashutosh Kaushik <quic_ashukaus@quicinc.com>

drivers/firmware/qcom_scm.c

@@ -2604,6 +2604,71 @@ static irqreturn_t qcom_scm_irq_handler(int irq, void *p)
 	return IRQ_HANDLED;
 }
 
+/**
+ * scm_mem_protection_init_do() - Makes core kernel bootup milestone call
+ *                                to Kernel Protect (KP) in Hypervisor
+ *                                to start kernel memory protection. KP will
+ *                                start protection on kernel sections like
+ *                                .text, .rodata, .bss, .data with applying
+ *                                permissions in EL2 page table.
+ *
+ * @pid_offset:       Offset of PID in task_struct structure to pass in
+ *                    hypervisor syscall.
+ * @task_name_offset: Offset of task name in task_struct structure to pass in
+ *                    hypervisor syscall.
+ *
+ * Returns 0 on success.
+ */
+int  scm_mem_protection_init_do(void)
+{
+	int ret = 0, resp;
+	uint32_t pid_offset = 0;
+	uint32_t task_name_offset = 0;
+	struct qcom_scm_desc desc = {
+		.svc = SCM_SVC_RTIC,
+		.cmd = TZ_HLOS_NOTIFY_CORE_KERNEL_BOOTUP,
+		.owner = ARM_SMCCC_OWNER_SIP,
+		.arginfo = QCOM_SCM_ARGS(2),
+	};
+
+	struct qcom_scm_res res;
+
+	if (!__scm) {
+		pr_err("SCM dev is not initialized\n");
+		ret = -1;
+		return ret;
+	}
+
+	/*
+	 * Fetching offset of PID and task_name from task_struct.
+	 * This will be used by fault handler of Kernel Protect (KP)
+	 * in hypervisor to read PID and task name of process for
+	 * which KP fault handler is triggered. This is required to
+	 * record PID and task name in integrity report of kernel.
+	 */
+	pid_offset = offsetof(struct task_struct, pid);
+	task_name_offset = offsetof(struct task_struct, comm);
+
+	pr_debug("offset of pid is %zu, offset of comm is %zu\n",
+			pid_offset, task_name_offset);
+	desc.args[0] = pid_offset,
+	desc.args[1] = task_name_offset,
+
+	ret = qcom_scm_call(__scm ? __scm->dev : NULL, &desc, &res);
+	resp = res.result[0];
+
+	pr_debug("SCM call values: ret %d, resp %d\n",
+			ret, resp);
+
+	if (ret || resp) {
+		pr_err("SCM call failed %d, resp %d\n", ret, resp);
+		if (ret)
+			return ret;
+	}
+
+	return resp;
+}
+
 static int qcom_scm_probe(struct platform_device *pdev)
 {
 	struct qcom_scm *scm;

drivers/firmware/qtee_shmbridge.c

@@ -362,6 +362,7 @@ static int qtee_shmbridge_init(struct platform_device *pdev)
 	uint32_t ns_vm_ids_hlos[] = {VMID_HLOS};
 	uint32_t ns_vm_ids_hyp[] = {};
 	uint32_t ns_vm_perms[] = {VM_PERM_R|VM_PERM_W};
+	int mem_protection_enabled = 0;
 
 	support_hyp = of_property_read_bool((&pdev->dev)->of_node,
 			"qcom,support-hypervisor");
@@ -451,6 +452,10 @@ static int qtee_shmbridge_init(struct platform_device *pdev)
 	pr_debug("qtee shmbridge registered default bridge with size %d bytes\n",
 			default_bridge.size);
 
+	mem_protection_enabled = scm_mem_protection_init_do();
+	pr_debug("MEM protection %s, %d\n",
+			(!mem_protection_enabled ? "Enabled" : "Not enabled"),
+			mem_protection_enabled);
 	return 0;
 
 exit_deregister_default_bridge:

drivers/firmware/qtee_shmbridge_internal.h

@@ -7,4 +7,7 @@
 int __init qtee_shmbridge_driver_init(void);
 void __exit qtee_shmbridge_driver_exit(void);
 
+#define SCM_SVC_RTIC                                0x19
+#define TZ_HLOS_NOTIFY_CORE_KERNEL_BOOTUP           0x7
+int scm_mem_protection_init_do(void);
 #endif