[PATCH OLK-5.10] cvm: delete dead code and resolve macro definition holes - Kernel

31 Jul 2024

virtcca inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I9TM0T
--------------------------------
delete dead code and resolve macro definition holes
Signed-off-by: Ju Fu fuju1@huawei.com
---
diff -uprN itrustee_tzdriver/auth/auth_base_impl.c itrustee_tzdriver_new/auth/auth_base_impl.c

--- itrustee_tzdriver/auth/auth_base_impl.c	2024-07-12 11:08:59.353629380 +0800
+++ itrustee_tzdriver_new/auth/auth_base_impl.c	2024-07-12 10:51:32.889629380 +0800
@@ -336,11 +336,25 @@ int check_teecd_auth(void)
return CHECK_ACCESS_SUCC;
 }
+int check_proxy_auth(void)
+{
+	int ret = check_proc_uid_path(PROXY_PATH_UID_AUTH_CTX);
+	if (ret != 0) {
+		return ret;
+	}
+
+	return CHECK_ACCESS_SUCC;
+}
 #else
 int check_teecd_auth(void)
 {
    return 0;
 }
+
+int check_proxy_auth(void)
+{
+	return 0;
+}
 #endif
#ifdef CONFIG_TEE_TELEPORT_AUTH
diff -uprN itrustee_tzdriver/auth/auth_base_impl.h itrustee_tzdriver_new/auth/auth_base_impl.h
--- itrustee_tzdriver/auth/auth_base_impl.h	2024-07-12 11:08:59.353629380 +0800
+++ itrustee_tzdriver_new/auth/auth_base_impl.h	2024-07-12 10:51:32.885629380 +0800
@@ -84,6 +84,7 @@ void mutex_crypto_hash_lock(void);
 void mutex_crypto_hash_unlock(void);
 int check_hidl_auth(void);
 int check_teecd_auth(void);
+int check_proxy_auth(void);
 #else
static inline void free_shash_handle(void)
@@ -100,6 +101,11 @@ int check_teecd_auth(void)
 {
    return 0;
 }
+
+int check_proxy_auth(void)
+{
+	return 0;
+}
#endif /* CLIENT_AUTH || TEECD_AUTH */
diff -uprN itrustee_tzdriver/core/agent.c itrustee_tzdriver_new/core/agent.c
--- itrustee_tzdriver/core/agent.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/agent.c	2024-07-12 10:51:32.865629380 +0800
@@ -298,7 +298,8 @@ int tc_ns_set_native_hash(unsigned long
    return ret;
 }
-int tc_ns_late_init(unsigned long arg)
+int tc_ns_late_init(const struct tc_ns_dev_file *dev_file,
+	unsigned long arg)
 {
    int ret = 0;
    struct tc_ns_smc_cmd smc_cmd = { {0}, 0 };
@@ -320,6 +321,8 @@ int tc_ns_late_init(unsigned long arg)
    smc_cmd.operation_h_phys =
    	(uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM;
+	if (dev_file->isVM)
+		smc_cmd.nsid = dev_file->nsid;
    if (tc_ns_smc(&smc_cmd)) {
    	ret = -EPERM;
    	tloge("late int failed\n");
@@ -597,7 +600,8 @@ int tc_ns_wait_event(unsigned int agent_
    return ret;
 }
-int tc_ns_sync_sys_time(const struct tc_ns_client_time *tc_ns_time)
+int tc_ns_sync_sys_time(const struct tc_ns_dev_file *dev_file,
+	const struct tc_ns_client_time *tc_ns_time)
 {
    struct tc_ns_smc_cmd smc_cmd = { {0}, 0 };
    int ret = 0;
@@ -623,6 +627,8 @@ int tc_ns_sync_sys_time(const struct tc_
    smc_cmd.operation_phys = mailbox_virt_to_phys((uintptr_t)&mb_pack->operation);
    smc_cmd.operation_h_phys =
    	(uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM;
+	if (dev_file && dev_file->isVM)
+		smc_cmd.nsid = dev_file->nsid;
    if (tc_ns_smc(&smc_cmd)) {
    	tloge("tee adjust time failed, return error\n");
    	ret = -EPERM;
@@ -632,7 +638,8 @@ int tc_ns_sync_sys_time(const struct tc_
    return ret;
 }
-int sync_system_time_from_user(const struct tc_ns_client_time *user_time)
+int sync_system_time_from_user(const struct tc_ns_dev_file *dev_file,
+	const struct tc_ns_client_time *user_time)
 {
    int ret = 0;
    struct tc_ns_client_time time = { 0 };
@@ -647,7 +654,7 @@ int sync_system_time_from_user(const str
    	return -EFAULT;
    }
-	ret = tc_ns_sync_sys_time(&time);
+	ret = tc_ns_sync_sys_time(dev_file, &time);
    if (ret != 0)
    	tloge("sync system time from user failed, ret = 0x%x\n", ret);
@@ -665,7 +672,7 @@ void sync_system_time_from_kernel(void)
    time.seconds = (uint32_t)kernel_time.ts.tv_sec;
    time.millis = (uint32_t)(kernel_time.ts.tv_nsec / MS_TO_NS);
-	ret = tc_ns_sync_sys_time(&time);
+	ret = tc_ns_sync_sys_time(NULL, &time);
    if (ret != 0)
    	tloge("sync system time from kernel failed, ret = 0x%x\n", ret);
@@ -949,6 +956,8 @@ int tc_ns_register_agent(struct tc_ns_de
    nsid = task_active_pid_ns(current)->ns.inum;
    if (dev_file != NULL && dev_file->nsid == 0)
    	dev_file->nsid = nsid;
+	if (dev_file->isVM)
+		nsid = dev_file->nsid;
 #endif
if (is_agent_already_exist(agent_id, nsid, &event_data, dev_file, &find_flag))
diff -uprN itrustee_tzdriver/core/agent.h itrustee_tzdriver_new/core/agent.h
--- itrustee_tzdriver/core/agent.h	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/agent.h	2024-07-12 10:51:32.861629380 +0800
@@ -118,7 +118,8 @@ int agent_process_work(const struct tc_n
    unsigned int agent_id, unsigned int nsid);
 int is_agent_alive(unsigned int agent_id, unsigned int nsid);
 int tc_ns_set_native_hash(unsigned long arg, unsigned int cmd_id);
-int tc_ns_late_init(unsigned long arg);
+int tc_ns_late_init(const struct tc_ns_dev_file *dev_file,
+	unsigned long arg);
 int tc_ns_register_agent(struct tc_ns_dev_file *dev_file, unsigned int agent_id,
    unsigned int buffer_size, void **buffer, bool user_agent);
 int tc_ns_unregister_agent(unsigned int agent_id, unsigned int nsid);
@@ -126,7 +127,8 @@ void send_crashed_event_response_all(con
 int tc_ns_wait_event(unsigned int agent_id, unsigned int nsid);
 int tc_ns_send_event_response(unsigned int agent_id, unsigned int nsid);
 void send_crashed_event_response_single(const struct tc_ns_dev_file *dev_file);
-int sync_system_time_from_user(const struct tc_ns_client_time *user_time);
+int sync_system_time_from_user(const struct tc_ns_dev_file *dev_file,
+	const struct tc_ns_client_time *user_time);
 void sync_system_time_from_kernel(void);
 int tee_agent_clear_work(struct tc_ns_client_context *context,
    unsigned int dev_file_id);
diff -uprN itrustee_tzdriver/core/gp_ops.c itrustee_tzdriver_new/core/gp_ops.c
--- itrustee_tzdriver/core/gp_ops.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/gp_ops.c	2024-07-12 10:51:32.845629380 +0800
@@ -231,6 +231,84 @@ int write_to_client(void __user *dest, s
    return 0;
 }
+int read_from_VMclient(void *dest, size_t dest_size,
+	const void __user *src, size_t size, pid_t vm_pid)
+{
+	struct task_struct *vmp_task;
+    int i_rdlen;
+	int i_index;
+	int ret;
+
+	if (!dest || !src) {
+		tloge("src or dest is NULL input buffer\n");
+		return -EINVAL;
+	}
+
+	if (size > dest_size) {
+		tloge("size is larger than dest_size or size is 0\n");
+		return -EINVAL;
+	}
+	if (!size)
+		return 0;
+
+	tlogv("django verbose, execute access_process_vm");
+	vmp_task = get_pid_task(find_get_pid(vm_pid), PIDTYPE_PID);
+	if (vmp_task == NULL) {
+		tloge("no task for pid %d \n", vm_pid);
+		return  -EFAULT;
+	}
+	tlogv("django verbose, task_struct * for pid %d is 0x%px", vm_pid, vmp_task);
+
+	i_rdlen = access_process_vm(vmp_task,  (unsigned long)(src), dest, size, FOLL_FORCE);
+	if (i_rdlen != size) {
+		tloge("only read %d of %ld bytes by access_process_vm \n", i_rdlen, size);
+		return  -EFAULT;
+	}
+	tlogv("django verbose, read %d byes by access_process_vm succeed", 
+			i_rdlen);
+	for (i_index = 0; i_index < 32 && i_index < size; i_index ++) {
+         tlogv("django verbose, *(dest +  i_index) + %d) = %2.2x", 
+               i_index, *((char*)dest +  i_index));
+    }
+	return 0;
+}
+
+int write_to_VMclient(void __user *dest, size_t dest_size,
+	const void *src, size_t size, pid_t vm_pid)
+{
+	struct task_struct *vmp_task;
+    int i_wtlen;
+	int i_index;
+	int ret;
+
+	if (!dest || !src) {
+		tloge("src or dest is NULL input buffer\n");
+		return -EINVAL;
+	}
+
+	if (size > dest_size) {
+		tloge("size is larger than dest_size or size is 0\n");
+		return -EINVAL;
+	}
+	if (!size)
+		return 0;
+
+	vmp_task = get_pid_task(find_get_pid(vm_pid), PIDTYPE_PID);
+	if (vmp_task == NULL) {
+		tloge("no task for pid %d \n", vm_pid);
+		return  -EFAULT;
+	}
+
+	i_wtlen = access_process_vm(vmp_task,  (unsigned long)(dest), src, size, FOLL_FORCE | FOLL_WRITE);
+	if (i_wtlen != size) {
+		tloge("only write %d of %ld bytes by access_process_vm \n", i_wtlen, size);
+		return  -EFAULT;
+	}
+	tlogv("django verbose, write %d byes by access_process_vm succeed", 
+			i_wtlen);
+	return 0;
+}
+
 static bool is_input_tempmem(unsigned int param_type)
 {
    if (param_type == TEEC_MEMREF_TEMP_INPUT ||
@@ -240,7 +318,8 @@ static bool is_input_tempmem(unsigned in
    return false;
 }
-static int update_input_data(const union tc_ns_client_param *client_param,
+static int update_input_data(const struct tc_call_params *call_params,
+	const union tc_ns_client_param *client_param,
    uint32_t buffer_size, void *temp_buf,
    unsigned int param_type, uint8_t kernel_params)
 {
@@ -250,11 +329,22 @@ static int update_input_data(const union
buffer_addr = client_param->memref.buffer |
    	((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM);
-	if (read_from_client(temp_buf, buffer_size,
-		(void *)(uintptr_t)buffer_addr,
-		buffer_size, kernel_params) != 0) {
-		tloge("copy memref buffer failed\n");
-		return -EFAULT;
+	if (call_params->dev->isVM && !kernel_params) {
+		tlogd("is VM\n");
+		if (read_from_VMclient(temp_buf, buffer_size,
+			(void *)(uintptr_t)buffer_addr,
+			buffer_size, call_params->dev->vmpid) != 0) {
+			tloge("copy memref buffer failed\n");
+			return -EFAULT;
+		}
+	} else {
+		tlogd("is not VM\n");
+		if (read_from_client(temp_buf, buffer_size,
+			(void *)(uintptr_t)buffer_addr,
+			buffer_size, kernel_params) != 0) {
+			tloge("copy memref buffer failed\n");
+			return -EFAULT;
+		}
    }
    return 0;
 }
@@ -312,7 +402,7 @@ static int alloc_for_tmp_mem(const struc
    op_params->local_tmpbuf[index].temp_buffer = temp_buf;
    op_params->local_tmpbuf[index].size = buffer_size;
-	if (update_input_data(client_param, buffer_size, temp_buf,
+	if (update_input_data(call_params, client_param, buffer_size, temp_buf,
    	param_type, kernel_params) != 0)
    	return -EFAULT;
@@ -324,8 +414,9 @@ static int alloc_for_tmp_mem(const struc
    return 0;
 }
-static int check_buffer_for_ref(uint32_t *buffer_size,
-	const union tc_ns_client_param *client_param, uint8_t kernel_params)
+static int check_buffer_for_ref(const struct tc_call_params *call_params,
+	uint32_t *buffer_size, const union tc_ns_client_param *client_param,
+	uint8_t kernel_params)
 {
    uint64_t size_addr = client_param->memref.size_addr |
    	((uint64_t)client_param->memref.size_h_addr << ADDR_TRANS_NUM);
@@ -416,7 +507,7 @@ static int alloc_for_ref_mem(const struc
    	return -EINVAL;
client_param = &(call_params->context->params[index]);
-	if (check_buffer_for_ref(&buffer_size, client_param, kernel_params) != 0)
+	if (check_buffer_for_ref(call_params, &buffer_size, client_param, kernel_params) != 0)
    	return -EINVAL;
op_params->mb_pack->operation.params[index].memref.buffer = 0;
@@ -491,6 +582,134 @@ static int check_buffer_for_sharedmem(ui
    return 0;
 }
+typedef union {
+    struct{
+        uint64_t user_addr;
+        uint64_t page_num;
+    }block;
+    struct{
+        uint64_t vm_page_size;
+        uint64_t shared_mem_size;        
+    }share;
+}struct_page_block;
+
+int fill_vm_shared_mem_info_block(uint64_t block_buf, uint32_t block_nums,
+	uint32_t offset, uint32_t buffer_size, uint64_t info_addr, uint32_t vm_page_size,pid_t vm_pid)
+{
+	struct pagelist_info *page_info = NULL;
+	struct page **host_pages = NULL;
+	uint64_t *phys_addr = NULL;
+	uint32_t host_page_num;
+	uint32_t i;
+	uint32_t j;
+	uint32_t k;
+	uint32_t block_page_total_no = 0;
+	struct task_struct *vmp_task;
+	uint32_t vm_pages_no = 0;
+	uint32_t host_pages_no = 0;
+	uint32_t host_offset = 0;
+	uint64_t vm_start_vaddr;
+	void *host_start_vaddr;
+	uint32_t page_total_no = 0;
+	uint32_t vm_pages_total_size = 0;
+	vmp_task = get_pid_task(find_get_pid(vm_pid), PIDTYPE_PID);
+	if (vmp_task == NULL) {
+		tloge("no task for pid %d", vm_pid);
+		return  -EFAULT;
+	}
+	uint32_t expect_page_num = PAGE_ALIGN(buffer_size + (offset & (~PAGE_MASK))) / PAGE_SIZE;
+	struct_page_block *page_block = (struct_page_block *)(uintptr_t)block_buf;
+	for (i = 0; i < block_nums; i++){
+		vm_start_vaddr = page_block[i].block.user_addr;
+		vm_pages_no = page_block[i].block.page_num;
+
+		if (i==0 && vm_page_size > PAGE_SIZE) {
+			vm_start_vaddr += (offset & PAGE_MASK);
+			vm_pages_total_size = vm_pages_no * vm_page_size - (offset & PAGE_MASK);
+		} else {
+			vm_pages_total_size = vm_pages_no * vm_page_size;
+		}
+		
+		host_offset = ((uint32_t)(uintptr_t)vm_start_vaddr) & (~PAGE_MASK);
+		host_start_vaddr = (void *)(((uint64_t)vm_start_vaddr) & PAGE_MASK);
+		host_pages_no = PAGE_ALIGN(host_offset + vm_pages_total_size) / PAGE_SIZE;
+		if (i== block_nums -1 && vm_page_size > PAGE_SIZE)
+			host_pages_no = expect_page_num - page_total_no;
+
+		host_pages = (struct page **)vmalloc(host_pages_no * sizeof(uint64_t));
+		if (host_pages == NULL)
+			return -EFAULT;	
+		tlogd("page_block[%u].block.user_addr = %llx, page_block[%u].block.page_num = %llx\n", i, vm_start_vaddr, i, vm_pages_no);
+
+		#if (KERNEL_VERSION(6, 5, 0) <= LINUX_VERSION_CODE)
+			host_page_num = get_user_pages_remote(vmp_task->mm, host_start_vaddr,
+						(unsigned long)host_pages_no,
+						FOLL_FORCE, host_pages, NULL);
+		#elif (KERNEL_VERSION(5, 9, 0) <= LINUX_VERSION_CODE)
+			host_page_num = get_user_pages_remote(vmp_task->mm, host_start_vaddr,
+						(unsigned long)host_pages_no,
+						FOLL_FORCE, host_pages,
+						NULL, NULL);
+		#elif (KERNEL_VERSION(4, 10, 0) <= LINUX_VERSION_CODE)
+			host_page_num = get_user_pages_remote(vmp_task, vmp_task->mm, 
+						host_start_vaddr, (unsigned long)host_pages_no, FOLL_FORCE,
+						host_pages, NULL, NULL);
+		#elif (KERNEL_VERSION(4, 9, 0) <= LINUX_VERSION_CODE)
+			host_page_num = get_user_pages_remote(vmp_task, vmp_task->mm,
+						host_start_vaddr, (unsigned long)host_pages_no,
+						FOLL_FORCE, host_pages, NULL);
+		#else 
+			host_page_num = get_user_pages_remote(vmp_task, vmp_task->mm,
+						host_start_vaddr, (unsigned long)host_pages_no,
+						1, 1, host_pages, NULL);
+		#endif
+		if (host_page_num != host_pages_no) {
+			tloge("get pages failed, page_num = %u, expect %u\n", host_page_num, host_pages_no);
+			if (host_page_num > 0) {
+				release_pages(host_pages, host_page_num);
+			}
+			vfree(host_pages);
+			return -EFAULT;
+		}
+
+		phys_addr = (uint64_t *)(uintptr_t)info_addr + (sizeof(*page_info) / sizeof(uint64_t));
+		phys_addr = (uint64_t *)((char *)phys_addr +  page_total_no * sizeof(uint64_t));
+		block_page_total_no = 0;
+		for (j = 0; j < host_pages_no; j++) {
+			struct page *page = NULL;
+			page = host_pages[j];
+			if (page == NULL) {
+				release_pages(host_pages, host_page_num);
+				vfree(host_pages);
+				tloge("page == NULL \n");
+				return -EFAULT;
+			}
+			void *host_page_phy = (uintptr_t)page_to_phys(page);
+			if (vm_page_size <  PAGE_SIZE) {
+				if (j !=0)
+					host_offset = 0;
+				uint32_t litil_page_num = (PAGE_SIZE - host_offset) / vm_page_size;
+				uint64_t host_page_start_addr = (uint64_t)host_page_phy + host_offset;
+				for (k = 0; k < litil_page_num && block_page_total_no < vm_pages_no;k++) {
+					phys_addr[block_page_total_no++] = host_page_start_addr + k * vm_page_size;
+				}
+			} else if (vm_page_size >=  PAGE_SIZE){
+				phys_addr[j] = (uintptr_t)page_to_phys(page);
+			}
+		}
+		page_total_no += (vm_page_size >= PAGE_SIZE ? host_pages_no : vm_pages_no);
+		vfree(host_pages);
+	}
+
+	page_info = (struct pagelist_info *)(uintptr_t)info_addr;
+	page_info->page_num = page_total_no;
+	page_info->page_size = (vm_page_size > PAGE_SIZE ? PAGE_SIZE : vm_page_size);
+	page_info->sharedmem_offset = offset & (~PAGE_MASK);
+	page_info->sharedmem_size = buffer_size;
+
+	return 0;
+}
+
 static int transfer_shared_mem(const struct tc_call_params *call_params,
    struct tc_op_params *op_params, uint8_t kernel_params,
    uint32_t param_type, unsigned int index)
@@ -499,10 +718,11 @@ static int transfer_shared_mem(const str
    void *start_vaddr = NULL;
    union tc_ns_client_param *client_param = NULL;
    uint32_t buffer_size;
-	uint32_t pages_no;
+	uint32_t pages_no = 0;
    uint32_t offset;
    uint32_t buff_len;
    uint64_t buffer_addr;
+	uint32_t i;
if (index >= TEE_PARAM_NUM)
    	return -EINVAL;
@@ -513,19 +733,57 @@ static int transfer_shared_mem(const str
buffer_addr = client_param->memref.buffer |
    	((uint64_t)client_param->memref.buffer_h_addr << ADDR_TRANS_NUM);
-	buff = (void *)(uint64_t)(buffer_addr + client_param->memref.offset);
-	start_vaddr = (void *)(((uint64_t)buff) & PAGE_MASK);
-	offset = ((uint32_t)(uintptr_t)buff) & (~PAGE_MASK);
-	pages_no = PAGE_ALIGN(offset + buffer_size) / PAGE_SIZE;
-
-	buff_len = sizeof(struct pagelist_info) + (sizeof(uint64_t) * pages_no);
-	buff = mailbox_alloc(buff_len, MB_FLAG_ZERO);
-	if (buff == NULL)
-		return -EFAULT;
-	if (fill_shared_mem_info((uint64_t)start_vaddr, pages_no, offset, buffer_size, (uint64_t)buff)) {
-		mailbox_free(buff);
-		return -EFAULT;
+	if (call_params->dev->isVM) {
+		uint32_t block_buf_size = buffer_size - sizeof(struct_page_block);
+		void *tmp_buf = kzalloc(buffer_size, GFP_KERNEL);
+		if (read_from_client(tmp_buf, buffer_size, buffer_addr, buffer_size, 0)) {
+			tloge("copy blocks failed\n");
+			return -EFAULT;
+		}
+		struct_page_block *block_buf = (struct_page_block *)((char *)tmp_buf + sizeof(struct_page_block));
+		uint32_t block_nums = block_buf_size / sizeof(struct_page_block);
+		uint32_t share_mem_size = ((struct_page_block *)tmp_buf)->share.shared_mem_size;
+		uint32_t vm_page_size = ((struct_page_block *)tmp_buf)->share.vm_page_size;
+
+		call_params->dev->vm_page_size = vm_page_size;
+		offset = (uint64_t)(client_param->memref.h_offset + client_param->memref.offset);
+		for(i = 0;i < block_nums; i++){
+			pages_no += block_buf[i].block.page_num;			
+		}
+		if (vm_page_size > PAGE_SIZE){
+			buff = (void *)(uint64_t)(client_param->memref.h_offset + client_param->memref.offset);	
+			pages_no = PAGE_ALIGN((((uint32_t)(uintptr_t)buff) & (~PAGE_MASK)) + share_mem_size) / PAGE_SIZE;
+			tlogd("page_no = %u \n", pages_no);
+		}
+
+		buff_len = sizeof(struct pagelist_info) + (sizeof(uint64_t) * pages_no);
+		buff = mailbox_alloc(buff_len, MB_FLAG_ZERO);
+		if (buff == NULL) {
+			kfree(tmp_buf);
+			return -EFAULT;
+		}
+		if (fill_vm_shared_mem_info_block((uint64_t)block_buf, block_nums, offset,
+			share_mem_size, (uint64_t)buff, vm_page_size, call_params->dev->vmpid)) {
+			kfree(tmp_buf);
+			mailbox_free(buff);
+			return -EFAULT;
+		}
+		kfree(tmp_buf);
+	} else {
+		buff = (void *)(uint64_t)(buffer_addr + client_param->memref.offset);
+		start_vaddr = (void *)(((uint64_t)buff) & PAGE_MASK);
+		offset = ((uint32_t)(uintptr_t)buff) & (~PAGE_MASK);
+		pages_no = PAGE_ALIGN(offset + buffer_size) / PAGE_SIZE;
+
+		buff_len = sizeof(struct pagelist_info) + (sizeof(uint64_t) * pages_no);
+		buff = mailbox_alloc(buff_len, MB_FLAG_ZERO);
+		if (buff == NULL)
+			return -EFAULT;
+		if (fill_shared_mem_info((uint64_t)start_vaddr, pages_no, offset, buffer_size, (uint64_t)buff)) {
+			mailbox_free(buff);
+			return -EFAULT;
+		}
    }
op_params->local_tmpbuf[index].temp_buffer = buff;
@@ -695,13 +953,24 @@ static int update_tmp_mem(const struct t
    if (buffer_size == 0)
    	return 0;
    /* Only update the buffer when the buffer size is valid in complete case */
-	if (write_to_client((void *)(uintptr_t)buffer_addr,
-		operation->params[index].memref.size,
-		op_params->local_tmpbuf[index].temp_buffer,
-		operation->params[index].memref.size,
-		call_params->dev->kernel_api) != 0) {
-		tloge("copy tempbuf failed\n");
-		return -ENOMEM;
+	if (call_params->dev->isVM && !call_params->dev->kernel_api) {
+		if (write_to_VMclient((void *)(uintptr_t)buffer_addr,
+			operation->params[index].memref.size,
+			op_params->local_tmpbuf[index].temp_buffer,
+			operation->params[index].memref.size,
+			call_params->dev->vmpid) != 0) {
+			tloge("copy tempbuf failed\n");
+			return -ENOMEM;
+		}
+	} else {
+		if (write_to_client((void *)(uintptr_t)buffer_addr,
+			operation->params[index].memref.size,
+			op_params->local_tmpbuf[index].temp_buffer,
+			operation->params[index].memref.size,
+			call_params->dev->kernel_api) != 0) {
+			tloge("copy tempbuf failed\n");
+			return -ENOMEM;
+		}
    }
    return 0;
 }
@@ -871,7 +1140,10 @@ static void free_operation_params(const
 #ifdef CONFIG_NOCOPY_SHAREDMEM
    		tlogd("free_operation_params release nocopy or register shm\n");
    		temp_buf = local_tmpbuf[index].temp_buffer;
-			if (temp_buf != NULL) {
+			if (temp_buf != NULL && call_params->dev->isVM) {
+				release_vm_shared_mem_page(temp_buf, local_tmpbuf[index].size, call_params->dev->vm_page_size);				
+				mailbox_free(temp_buf);				
+			} else if (temp_buf != NULL && !call_params->dev->isVM) {
    			release_shared_mem_page(temp_buf, local_tmpbuf[index].size);
    			mailbox_free(temp_buf);
    		}
diff -uprN itrustee_tzdriver/core/gp_ops.h itrustee_tzdriver_new/core/gp_ops.h
--- itrustee_tzdriver/core/gp_ops.h	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/gp_ops.h	2024-07-12 10:51:32.841629380 +0800
@@ -28,5 +28,9 @@ int tc_client_call(const struct tc_call_
 bool is_tmp_mem(uint32_t param_type);
 bool is_ref_mem(uint32_t param_type);
 bool is_val_param(uint32_t param_type);
+int write_to_VMclient(void __user *dest, size_t dest_size,
+	const void *src, size_t size, pid_t vm_pid);
+int read_from_VMclient(void *dest, size_t dest_size,
+	const void __user *src, size_t size, pid_t vm_pid);
#endif
diff -uprN itrustee_tzdriver/core/session_manager.c itrustee_tzdriver_new/core/session_manager.c
--- itrustee_tzdriver/core/session_manager.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/session_manager.c	2024-07-12 10:51:32.801629380 +0800
@@ -589,7 +589,7 @@ static struct tc_ns_service *tc_ref_serv
 }
static int tc_ns_service_init(const unsigned char *uuid, uint32_t uuid_len,
-	struct tc_ns_service **new_service)
+	struct tc_ns_service **new_service, uint32_t nsid)
 {
    int ret = 0;
    struct tc_ns_service *service = NULL;
@@ -610,7 +610,7 @@ static int tc_ns_service_init(const unsi
    }
#ifdef CONFIG_CONFIDENTIAL_CONTAINER
-	service->nsid = task_active_pid_ns(current)->ns.inum;
+	service->nsid = nsid;
 #else
    service->nsid = PROC_PID_INIT_INO;
 #endif
@@ -648,7 +648,11 @@ static struct tc_ns_service *find_servic
    struct tc_ns_service *service = NULL;
    bool is_full = false;
 #ifdef CONFIG_CONFIDENTIAL_CONTAINER
-	unsigned int nsid = task_active_pid_ns(current)->ns.inum;
+	unsigned int nsid;
+	if (dev_file->isVM)
+		nsid = dev_file->nsid;
+	else
+		nsid = task_active_pid_ns(current)->ns.inum;
 #else
    unsigned int nsid = PROC_PID_INIT_INO;
 #endif
@@ -677,7 +681,7 @@ static struct tc_ns_service *find_servic
    	goto add_service;
    }
    /* Create a new service if we couldn't find it in list */
-	ret = tc_ns_service_init(context->uuid, UUID_LEN, &service);
+	ret = tc_ns_service_init(context->uuid, UUID_LEN, &service, nsid);
    /* unlock after init to make sure find service from all is correct */
    mutex_unlock(&g_service_list_lock);
    if (ret != 0) {
@@ -791,10 +795,19 @@ static int32_t load_image_copy_file(stru
    	}
    	return 0;
    }
-	if (copy_from_user(params->mb_load_mem + sizeof(load_flag),
-		(const void __user *)params->file_buffer + loaded_size, load_size)) {
-		tloge("file buf get fail\n");
-		return  -EFAULT;
+	if (params->dev_file->isVM) {
+		if (read_from_VMclient(params->mb_load_mem + sizeof(load_flag),
+			load_size, (const void __user *)(params->file_buffer + loaded_size),
+			load_size, (pid_t)params->dev_file->vmpid)) {
+			tloge("file buf get failed \n");
+			return  -EFAULT;
+		}
+	} else {
+		if (copy_from_user(params->mb_load_mem + sizeof(load_flag),
+			(const void __user *)(params->file_buffer + loaded_size), load_size)) {
+			tloge("file buf get failed \n");
+			return  -EFAULT;
+		}
    }
    return 0;
 }
@@ -1387,10 +1400,109 @@ find_session:
    return ret;
 }
+static int process_vm_ref(struct tc_ns_dev_file *dev_file,
+	struct tc_ns_client_context *context, unsigned long long *vm_buffers)
+{
+	struct tc_ns_shared_mem *shared_mem = NULL;
+	int index = 0;
+	uint32_t buffer_size;
+	unsigned int offset = 0;
+	void *buffer_addr = NULL;
+	void *size_addr = NULL;
+	unsigned long long vm_hvas[TEE_PARAM_NUM]={0};
+
+	if (!dev_file->isVM || !context->file_buffer)
+		return 0;
+
+	if (copy_from_user(vm_hvas, context->file_buffer, context->file_size) != 0) {
+		tloge("copy from user failed\n");
+		return -EFAULT;
+	}
+
+	mutex_lock(&dev_file->shared_mem_lock);
+	list_for_each_entry(shared_mem, &dev_file->shared_mem_list, head) {
+		for (index = 0; index < TEE_PARAM_NUM; index++) {
+			buffer_addr = (void *)(uintptr_t)(context->params[index].memref.buffer |
+				((uint64_t)context->params[index].memref.buffer_h_addr << ADDR_TRANS_NUM));
+			if (shared_mem->user_addr == buffer_addr) {
+				buffer_addr = (void *)(uintptr_t)(shared_mem->kernel_addr);
+				size_addr = (void *)(uintptr_t)(context->params[index].memref.size_addr |
+					((uint64_t)context->params[index].memref.size_h_addr << ADDR_TRANS_NUM));
+				offset = context->params[index].memref.offset;
+
+				if (copy_from_user(&buffer_size, size_addr, sizeof(uint32_t))) {
+					tloge("copy memref.size_addr failed\n");
+					return -EFAULT;
+				}
+
+				if (read_from_VMclient(buffer_addr + offset, buffer_size,
+					(uint32_t __user *)(uintptr_t)(vm_hvas[index] + offset),
+					buffer_size, dev_file->vmpid)) {
+					tloge("copy memref.buffer failed\n");
+					return -EFAULT;
+				}
+				vm_buffers[index] = vm_hvas[index];
+			}
+		}
+	}
+	mutex_unlock(&dev_file->shared_mem_lock);
+	return 0;
+}
+
+static int process_vm_ref_end(struct tc_ns_dev_file *dev_file,
+	struct tc_ns_client_context *context, unsigned long long *vm_buffers)
+{
+	int ret = 0;
+	struct tc_ns_shared_mem *shared_mem = NULL;
+	int index = 0;
+	uint32_t buffer_size;
+	unsigned int offset = 0;
+	void *buffer_addr = NULL;
+	void *size_addr = NULL;
+
+	if (!dev_file->isVM)
+		return 0;
+
+	mutex_lock(&dev_file->shared_mem_lock);
+	list_for_each_entry(shared_mem, &dev_file->shared_mem_list, head) {
+		for (index = 0; index < TEE_PARAM_NUM; index++) {
+			buffer_addr = (void *)(uintptr_t)(context->params[index].memref.buffer |
+				((uint64_t)context->params[index].memref.buffer_h_addr << ADDR_TRANS_NUM));
+			if (shared_mem->user_addr == buffer_addr) {
+				buffer_addr = (void *)(uintptr_t)(shared_mem->kernel_addr);
+				size_addr = (void *)(uintptr_t)(context->params[index].memref.size_addr |
+					((uint64_t)context->params[index].memref.size_h_addr << ADDR_TRANS_NUM));
+				offset = context->params[index].memref.offset;
+
+				if (copy_from_user(&buffer_size, size_addr, sizeof(uint32_t))) {
+					tloge("copy memref.size_addr failed\n");
+					return -EFAULT;
+				}
+
+				if (write_to_VMclient((void *)(uintptr_t)(vm_buffers[index] + offset),
+					buffer_size, (void *)(uintptr_t)(buffer_addr + offset), 
+					buffer_size, dev_file->vmpid)) {
+					tloge("copy buf size failed\n");
+					return -EFAULT;
+				}
+			}
+		}
+	}
+	mutex_unlock(&dev_file->shared_mem_lock);
+	return ret;
+}
+
 static int ioctl_session_send_cmd(struct tc_ns_dev_file *dev_file,
    struct tc_ns_client_context *context, void *argp)
 {
    int ret;
+	unsigned long long vm_buffers[TEE_PARAM_NUM]={0};
+
+	if (dev_file->isVM &&
+		process_vm_ref(dev_file, context, vm_buffers)) {
+		tloge("copy from VM memref failed\n");
+		return -EFAULT;
+	}
ret = tc_ns_send_cmd(dev_file, context);
    if (ret != 0)
@@ -1399,6 +1511,11 @@ static int ioctl_session_send_cmd(struct
    	if (ret == 0)
    		ret = -EFAULT;
    }
+	if (ret ==0 && dev_file->isVM && 
+		process_vm_ref_end(dev_file, context, vm_buffers)) {
+		tloge("copy to VM memref failed\n");
+		return -EFAULT;
+	}
    return ret;
 }
diff -uprN itrustee_tzdriver/core/shared_mem.c itrustee_tzdriver_new/core/shared_mem.c
--- itrustee_tzdriver/core/shared_mem.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/shared_mem.c	2024-07-12 10:51:32.793629380 +0800
@@ -120,6 +120,36 @@ void release_shared_mem_page(uint64_t bu
    	put_page(page);
    }
 }
+
+
+void release_vm_shared_mem_page(uint64_t buf, uint32_t buf_size, uint32_t vm_page_size)
+{
+	uint32_t i;
+	uint64_t *phys_addr = NULL;
+	struct pagelist_info *page_info = NULL;
+	struct page *page = NULL;
+	struct page *last_page = NULL;
+
+	page_info = (struct pagelist_info *)(uintptr_t)buf;
+	phys_addr = (uint64_t *)(uintptr_t)buf + (sizeof(*page_info) / sizeof(uint64_t));
+
+	if (buf_size != sizeof(*page_info) + sizeof(uint64_t) * page_info->page_num) {
+		tloge("bad size, cannot release page\n");
+		return;
+	}
+
+	for (i = 0; i < page_info->page_num; i++) {
+		page = (struct page *)(uintptr_t)phys_to_page(phys_addr[i]);
+		if (page == NULL)
+			continue;
+		if (last_page != page) {
+			set_bit(PG_dirty, &page->flags);
+			put_page(page);
+		}
+		last_page = page;
+	}		
+}
+
 #else
int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no,
diff -uprN itrustee_tzdriver/core/shared_mem.h itrustee_tzdriver_new/core/shared_mem.h
--- itrustee_tzdriver/core/shared_mem.h	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/shared_mem.h	2024-07-12 10:51:32.789629380 +0800
@@ -64,5 +64,5 @@ void free_spi_mem(uint64_t spi_vaddr);
 int fill_shared_mem_info(uint64_t start_vaddr, uint32_t pages_no,
    uint32_t offset, uint32_t buffer_size, uint64_t info_addr);
 void release_shared_mem_page(uint64_t buf, uint32_t buf_size);
-
+void release_vm_shared_mem_page(uint64_t buf, uint32_t buf_size, uint32_t vm_page_size);
 #endif
diff -uprN itrustee_tzdriver/core/tc_client_driver.c itrustee_tzdriver_new/core/tc_client_driver.c
--- itrustee_tzdriver/core/tc_client_driver.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/tc_client_driver.c	2024-07-12 10:51:32.749629380 +0800
@@ -186,6 +186,8 @@ static int tc_ns_get_tee_version(const s
    smc_cmd.operation_h_phys =
    	(uint64_t)mailbox_virt_to_phys((uintptr_t)&mb_pack->operation) >> ADDR_TRANS_NUM;
+	if (dev_file->isVM)
+		smc_cmd.nsid = dev_file->nsid;
    if (tc_ns_smc(&smc_cmd) != 0) {
    	ret = -EPERM;
    	tloge("smc call returns error ret 0x%x\n", smc_cmd.ret_val);
@@ -312,10 +314,14 @@ static int client_login_prepare(uint8_t
static int tc_login_check(const struct tc_ns_dev_file *dev_file)
 {
-	int ret = check_teecd_auth();
-	if (ret != 0) {
-		tloge("teec auth failed, ret %d\n", ret);
-		return -EACCES;
+	int ret;
+	ret = check_proxy_auth();
+	if (ret) {
+		ret = check_teecd_auth();
+		if (ret != 0) {
+			tloge("teec auth failed, ret %d\n", ret);
+			return -EACCES;
+		}
    }
if (!dev_file)
@@ -718,12 +724,55 @@ static int ioctl_check_is_ccos(void __us
    return ret;
 }
+static int copy_buf_to_VM(unsigned int agent_id, unsigned int nsid,
+	unsigned long buffer_addr, unsigned int vmpid)
+{
+	int ret = 0;
+	struct smc_event_data *event_data = NULL;
+
+	event_data = find_event_control(agent_id, nsid);
+	if (!event_data)
+		return -EINVAL;
+
+	if (write_to_VMclient((void *)(uintptr_t)buffer_addr,
+		event_data->agent_buff_size,
+		event_data->agent_buff_kernel,
+		event_data->agent_buff_size,
+		vmpid) != 0) {
+		tloge("copy agent buffer failed\n");
+		return -ENOMEM;
+	}
+	return ret;
+}
+
+static int copy_buf_from_VM(unsigned int agent_id, unsigned int nsid,
+	unsigned long buffer_addr, unsigned int vmpid)
+{
+	int ret = 0;
+	struct smc_event_data *event_data = NULL;
+
+	event_data = find_event_control(agent_id, nsid);
+	if (!event_data)
+		return -EINVAL;
+
+	if (read_from_VMclient(event_data->agent_buff_kernel,
+		event_data->agent_buff_size,
+		(void *)(uintptr_t)buffer_addr,
+		event_data->agent_buff_size,
+		vmpid) != 0) {
+		tloge("copy agent buffer failed\n");
+		return -EFAULT;
+	}
+	return ret;
+}
+
 /* ioctls for the secure storage daemon */
 int public_ioctl(const struct file *file, unsigned int cmd, unsigned long arg, bool is_from_client_node)
 {
    int ret = -EINVAL;
    struct tc_ns_dev_file *dev_file = NULL;
    uint32_t nsid = get_nsid();
+	unsigned long tmp[2];
    void *argp = (void __user *)(uintptr_t)arg;
    if (file == NULL || file->private_data == NULL) {
    	tloge("invalid params\n");
@@ -731,18 +780,34 @@ int public_ioctl(const struct file *file
    }
    dev_file = file->private_data;
 #ifdef CONFIG_CONFIDENTIAL_CONTAINER
-	dev_file->nsid = nsid;
+	if (dev_file != NULL && dev_file->nsid == 0)
+		dev_file->nsid = nsid;
+	if (dev_file->isVM)
+		nsid = dev_file->nsid;
 #endif
+	if (dev_file->isVM) {
+		if (copy_from_user(tmp, (void *)(uintptr_t)arg, sizeof(tmp)) != 0) {
+			tloge("copy agent args failed\n");
+			return -EFAULT;
+		}
+		arg = tmp[0];
+	}
    switch (cmd) {
    case TC_NS_CLIENT_IOCTL_WAIT_EVENT:
    	if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0)
    		return -EINVAL;
    	ret = tc_ns_wait_event((unsigned int)arg, nsid);
+		if (!ret && dev_file->isVM) {
+			ret = copy_buf_to_VM(tmp[0], nsid, tmp[1], dev_file->vmpid);
+		}
    	break;
    case TC_NS_CLIENT_IOCTL_SEND_EVENT_RESPONSE:
    	if (ioctl_check_agent_owner(dev_file, (unsigned int)arg, nsid) != 0)
    		return -EINVAL;
+		if (dev_file->isVM) {
+			ret = copy_buf_from_VM(tmp[0], nsid, tmp[1], dev_file->vmpid);
+		}
    	ret = tc_ns_send_event_response((unsigned int)arg, nsid);
    	break;
    case TC_NS_CLIENT_IOCTL_REGISTER_AGENT:
@@ -839,6 +904,14 @@ static int tc_client_agent_ioctl(const s
    return ret;
 }
+int set_vm_flag(struct tc_ns_dev_file *dev_file, int vmid)
+{
+	dev_file->nsid = vmid;
+	dev_file->vmpid = vmid;
+	tlogd(" dev_file->vmpid %d\n", (int)dev_file->vmpid);
+	return 0;
+}
+
 void handle_cmd_prepare(unsigned int cmd)
 {
    if (cmd != TC_NS_CLIENT_IOCTL_WAIT_EVENT &&
@@ -858,6 +931,10 @@ static long tc_private_ioctl(struct file
 {
    int ret = -EFAULT;
    void *argp = (void __user *)(uintptr_t)arg;
+	if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) {
+		tlogd(" before set_vm_flag \n");
+		return set_vm_flag(file->private_data, (int)arg);
+	}
    handle_cmd_prepare(cmd);
    switch (cmd) {
    case TC_NS_CLIENT_IOCTL_GET_TEE_VERSION:
@@ -872,10 +949,10 @@ static long tc_private_ioctl(struct file
    	mutex_unlock(&g_set_ca_hash_lock);
    	break;
    case TC_NS_CLIENT_IOCTL_LATEINIT:
-		ret = tc_ns_late_init(arg);
+		ret = tc_ns_late_init(file->private_data, arg);
    	break;
    case TC_NS_CLIENT_IOCTL_SYC_SYS_TIME:
-		ret = sync_system_time_from_user(
+		ret = sync_system_time_from_user(file->private_data,
    		(struct tc_ns_client_time *)(uintptr_t)arg);
    	break;
    default:
@@ -894,6 +971,10 @@ static long tc_client_ioctl(struct file
    int ret = -EFAULT;
    void *argp = (void __user *)(uintptr_t)arg;
+	if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) {
+		tlogd(" before set_vm_flag \n");
+		return set_vm_flag(file->private_data, (int)arg);
+	}
    handle_cmd_prepare(cmd);
    switch (cmd) {
    case TC_NS_CLIENT_IOCTL_SES_OPEN_REQ:
@@ -925,20 +1006,30 @@ static int tc_client_open(struct inode *
 {
    int ret;
    struct tc_ns_dev_file *dev = NULL;
+	int vm = 0;
    (void)inode;
-	ret = check_teecd_auth();
-	if (ret != 0) {
-		tloge("teec auth failed, ret %d\n", ret);
-		return -EACCES;
+	ret =check_proxy_auth();
+	if (ret) {
+		ret = check_teecd_auth();
+		if (ret != 0) {
+			tloge("teec auth failed, ret %d\n", ret);
+			return -EACCES;
+		}
+	} else {
+		vm = 1;
    }
file->private_data = NULL;
    ret = tc_ns_client_open(&dev, TEE_REQ_FROM_USER_MODE);
-	if (ret == 0)
+	if (ret == 0) {
    	file->private_data = dev;
+		if (vm)
+			dev->isVM = true;
+	}
 #ifdef CONFIG_TEE_REBOOT
-	get_teecd_pid();
+	if (!vm && check_teecd_auth() == 0)
+		get_teecd_pid();
 #endif
    return ret;
 }
diff -uprN itrustee_tzdriver/core/tc_client_driver.h itrustee_tzdriver_new/core/tc_client_driver.h
--- itrustee_tzdriver/core/tc_client_driver.h	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/tc_client_driver.h	2024-07-12 10:51:32.741629380 +0800
@@ -47,6 +47,7 @@ int tc_ns_client_open(struct tc_ns_dev_f
 int tc_ns_client_close(struct tc_ns_dev_file *dev);
 int is_agent_alive(unsigned int agent_id, unsigned int nsid);
 int tc_ns_register_host_nsid(void);
+int set_vm_flag(struct tc_ns_dev_file *dev_file, int vmid);
 int init_dev_node(struct dev_node *node, const char *node_name,
    	struct class *driver_class, const struct file_operations *fops);
 void destory_dev_node(struct dev_node *node, struct class *driver_class);
diff -uprN itrustee_tzdriver/core/tc_cvm_driver.c itrustee_tzdriver_new/core/tc_cvm_driver.c
--- itrustee_tzdriver/core/tc_cvm_driver.c	2024-07-12 11:08:59.357629380 +0800
+++ itrustee_tzdriver_new/core/tc_cvm_driver.c	2024-07-12 10:51:32.737629380 +0800
@@ -104,6 +104,10 @@ static long tc_cvm_ioctl(struct file *fi
 {
    int ret = -EFAULT;
    void *argp = (void __user *)(uintptr_t)arg;
+	if (cmd == TC_NS_CLIENT_IOCTL_SET_VM_FLAG) {
+		tlogd(" before set_vm_flag \n");
+		return set_vm_flag(file->private_data, (int)arg);
+	}
    handle_cmd_prepare(cmd);
switch (cmd) {
diff -uprN itrustee_tzdriver/Makefile itrustee_tzdriver_new/Makefile
--- itrustee_tzdriver/Makefile	2024-07-12 11:08:59.353629380 +0800
+++ itrustee_tzdriver_new/Makefile	2024-07-12 10:51:32.641629380 +0800
@@ -54,6 +54,7 @@ EXTRA_CFLAGS += -DCONFIG_CPU_AFF_NR=0 -D
 EXTRA_CFLAGS += -DCONFIG_TEE_LOG_ACHIVE_PATH="/var/log/tee/last_teemsg"
 EXTRA_CFLAGS += -DNOT_TRIGGER_AP_RESET -DLAST_TEE_MSG_ROOT_GID -DCONFIG_NOCOPY_SHAREDMEM -DCONFIG_REGISTER_SHAREDMEM -DCONFIG_TA_AFFINITY=y -DCONFIG_TA_AFFINITY_CPU_NUMS=128
 EXTRA_CFLAGS += -DTEECD_PATH_UID_AUTH_CTX="/usr/bin/teecd:0"
+EXTRA_CFLAGS += -DPROXY_PATH_UID_AUTH_CTX="/usr/bin/vtz_proxy:0"
 EXTRA_CFLAGS += -DCONFIG_AUTH_SUPPORT_UNAME -DCONFIG_AUTH_HASH -std=gnu99
 EXTRA_CFLAGS += -DCONFIG_TEE_UPGRADE -DCONFIG_TEE_REBOOT -DCONFIG_CONFIDENTIAL_TEE
 EXTRA_CFLAGS += -I$(PWD)/tzdriver_internal/tee_reboot
diff -uprN itrustee_tzdriver/modules.order itrustee_tzdriver_new/modules.order
--- itrustee_tzdriver/modules.order	1970-01-01 08:00:00.000000000 +0800
+++ itrustee_tzdriver_new/modules.order	2024-07-12 10:54:21.957629380 +0800
@@ -0,0 +1 @@
+kernel//home/z50040113/target/itrustee_tzdriver/tzdriver.ko
diff -uprN itrustee_tzdriver/tc_ns_client.h itrustee_tzdriver_new/tc_ns_client.h
--- itrustee_tzdriver/tc_ns_client.h	2024-07-12 11:08:59.361629380 +0800
+++ itrustee_tzdriver_new/tc_ns_client.h	2024-07-12 10:51:32.625629380 +0800
@@ -230,6 +230,8 @@ struct tc_ns_log_pool {
 #define TC_NS_CLIENT_IOCTL_GET_TEE_INFO \
    _IOWR(TC_NS_CLIENT_IOC_MAGIC, 26, struct tc_ns_tee_info)
+#define TC_NS_CLIENT_IOCTL_SET_VM_FLAG \
+	_IOWR(TC_NS_CLIENT_IOC_MAGIC, 27, int)
 #define TC_NS_CLIENT_IOCTL_CHECK_CCOS \
    _IOWR(TC_NS_CLIENT_IOC_MAGIC, 32, unsigned int)
diff -uprN itrustee_tzdriver/teek_ns_client.h itrustee_tzdriver_new/teek_ns_client.h
--- itrustee_tzdriver/teek_ns_client.h	2024-07-12 11:08:59.361629380 +0800
+++ itrustee_tzdriver_new/teek_ns_client.h	2024-07-12 10:51:32.597629380 +0800
@@ -129,6 +129,9 @@ struct tc_ns_dev_file {
    int load_app_flag;
 #ifdef CONFIG_CONFIDENTIAL_CONTAINER
    uint32_t nsid;
+	uint32_t vmpid;
+	bool isVM;
+	uint32_t vm_page_size;
 #endif
    struct completion close_comp; /* for kthread close unclosed session */
 #ifdef CONFIG_TEE_TELEPORT_SUPPORT
diff -uprN itrustee_tzdriver/tlogger/tlogger.c itrustee_tzdriver_new/tlogger/tlogger.c
--- itrustee_tzdriver/tlogger/tlogger.c	2024-07-12 11:08:59.361629380 +0800
+++ itrustee_tzdriver_new/tlogger/tlogger.c	2024-07-12 10:51:32.581629380 +0800
@@ -61,6 +61,7 @@
 #define SET_TLOGCAT_STAT_BASE  7
 #define GET_TLOGCAT_STAT_BASE  8
 #define GET_TEE_INFO_BASE      9
+#define SET_VM_FLAG            10
/* get tee verison */
 #define MAX_TEE_VERSION_LEN     256
@@ -75,6 +76,8 @@
    _IO(LOGGERIOCTL, GET_TLOGCAT_STAT_BASE)
 #define TEELOGGER_GET_TEE_INFO \
    _IOR(LOGGERIOCTL, GET_TEE_INFO_BASE, struct tc_ns_tee_info)
+#define TEELOGGER_SET_VM_FLAG \
+	_IOR(LOGGERIOCTL, SET_VM_FLAG, int)
int g_tlogcat_f = 0;
@@ -515,7 +518,7 @@ void recycle_tlogcat_processes(void)
 }
 #endif
-static struct tlogger_group *get_tlogger_group(void)
+static struct tlogger_group *get_tlogger_group(uint32_t vmpid)
 {
    struct tlogger_group *group = NULL;
 #ifdef CONFIG_CONFIDENTIAL_CONTAINER
@@ -524,6 +527,9 @@ static struct tlogger_group *get_tlogger
    uint32_t nsid = PROC_PID_INIT_INO;
 #endif
+	if (vmpid)
+		nsid = vmpid;
+
    list_for_each_entry(group, &g_reader_group_list, node) {
    	if (group->nsid == nsid)
    		return group;
@@ -596,7 +602,7 @@ static int process_tlogger_open(struct i
    	return -ENODEV;
mutex_lock(&g_reader_group_mutex);
-	group = get_tlogger_group();
+	group = get_tlogger_group(0);
    if (group == NULL) {
    	group = kzalloc(sizeof(*group), GFP_KERNEL);
    	if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)group)) {
@@ -808,6 +814,35 @@ static int get_teeos_version(uint32_t cm
    return 0;
 }
+int set_tlog_vm_flag(struct file *file, uint32_t vmpid)
+{
+	struct tlogger_reader *reader = NULL;
+	struct tlogger_group *group = NULL;
+
+	if (!file || !file->private_data) {
+		return -1;
+	}
+
+	reader = file->private_data;
+	mutex_lock(&g_reader_group_mutex);
+	group = get_tlogger_group(vmpid);
+	if (group == NULL) {
+		group = kzalloc(sizeof(*group), GFP_KERNEL);
+		if (ZERO_OR_NULL_PTR((unsigned long)(uintptr_t)group)) {
+			mutex_unlock(&g_reader_group_mutex);
+			return -ENOMEM;
+		}
+		init_tlogger_group(group);
+		group->nsid = vmpid;
+		list_add_tail(&group->node, &g_reader_group_list);
+	} else {
+		group->reader_cnt++;
+	}
+	mutex_unlock(&g_reader_group_mutex);
+	reader->group = group;
+	return 0;
+}
+
 static long process_tlogger_ioctl(struct file *file,
    unsigned int cmd, unsigned long arg)
 {
@@ -845,6 +880,9 @@ static long process_tlogger_ioctl(struct
    case TEELOGGER_GET_TEE_INFO:
    	ret = tc_ns_get_tee_info(file, (void *)(uintptr_t)arg);
    	break;
+	case TEELOGGER_SET_VM_FLAG:
+		ret = set_tlog_vm_flag(file, (int)arg);
+		break;
    default:
    	tloge("ioctl error default\n");
    	break;
@@ -1023,11 +1061,13 @@ static int write_part_log_to_msg(struct
while (next_item && read_off <= read_off_end) {
    	item_len = next_item->buffer_len + sizeof(*next_item);
-		write_len = kernel_write(filep, next_item->log_buffer,
-			next_item->real_len, pos);
-		if (write_len < 0) {
-			tloge("Failed to write last teemsg %zd\n", write_len);
-			return -1;
+		if (next_item->nsid == 0) {
+			write_len = kernel_write(filep, next_item->log_buffer,
+				next_item->real_len, pos);
+			if (write_len < 0) {
+				tloge("Failed to write last teemsg %zd\n", write_len);
+				return -1;
+			}
    	}
tlogd("Succeed to Write last teemsg, len=%zd\n", write_len);

    