core.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537
  1. // SPDX-License-Identifier: MIT
  2. /*
  3. * Copyright 2019 Advanced Micro Devices, Inc.
  4. */
  5. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  6. #include <linux/errno.h>
  7. #include <linux/device.h>
  8. #include <linux/firmware.h>
  9. #include <linux/io.h>
  10. #include <linux/mm.h>
  11. #include <linux/module.h>
  12. #include <linux/psp-tee.h>
  13. #include <linux/slab.h>
  14. #include <linux/string.h>
  15. #include <linux/tee_core.h>
  16. #include <linux/types.h>
  17. #include <linux/uaccess.h>
  18. #include "amdtee_private.h"
  19. static struct amdtee_driver_data *drv_data;
  20. static DEFINE_MUTEX(session_list_mutex);
  21. static void amdtee_get_version(struct tee_device *teedev,
  22. struct tee_ioctl_version_data *vers)
  23. {
  24. struct tee_ioctl_version_data v = {
  25. .impl_id = TEE_IMPL_ID_AMDTEE,
  26. .impl_caps = 0,
  27. .gen_caps = TEE_GEN_CAP_GP,
  28. };
  29. *vers = v;
  30. }
  31. static int amdtee_open(struct tee_context *ctx)
  32. {
  33. struct amdtee_context_data *ctxdata;
  34. ctxdata = kzalloc_obj(*ctxdata);
  35. if (!ctxdata)
  36. return -ENOMEM;
  37. INIT_LIST_HEAD(&ctxdata->sess_list);
  38. INIT_LIST_HEAD(&ctxdata->shm_list);
  39. mutex_init(&ctxdata->shm_mutex);
  40. ctx->data = ctxdata;
  41. return 0;
  42. }
  43. static void release_session(struct amdtee_session *sess)
  44. {
  45. int i;
  46. /* Close any open session */
  47. for (i = 0; i < TEE_NUM_SESSIONS; ++i) {
  48. /* Check if session entry 'i' is valid */
  49. if (!test_bit(i, sess->sess_mask))
  50. continue;
  51. handle_close_session(sess->ta_handle, sess->session_info[i]);
  52. handle_unload_ta(sess->ta_handle);
  53. }
  54. kfree(sess);
  55. }
  56. static void amdtee_release(struct tee_context *ctx)
  57. {
  58. struct amdtee_context_data *ctxdata = ctx->data;
  59. if (!ctxdata)
  60. return;
  61. while (true) {
  62. struct amdtee_session *sess;
  63. sess = list_first_entry_or_null(&ctxdata->sess_list,
  64. struct amdtee_session,
  65. list_node);
  66. if (!sess)
  67. break;
  68. list_del(&sess->list_node);
  69. release_session(sess);
  70. }
  71. mutex_destroy(&ctxdata->shm_mutex);
  72. kfree(ctxdata);
  73. ctx->data = NULL;
  74. }
  75. /**
  76. * alloc_session() - Allocate a session structure
  77. * @ctxdata: TEE Context data structure
  78. * @session: Session ID for which 'struct amdtee_session' structure is to be
  79. * allocated.
  80. *
  81. * Scans the TEE context's session list to check if TA is already loaded in to
  82. * TEE. If yes, returns the 'session' structure for that TA. Else allocates,
  83. * initializes a new 'session' structure and adds it to context's session list.
  84. *
  85. * The caller must hold a mutex.
  86. *
  87. * Returns:
  88. * 'struct amdtee_session *' on success and NULL on failure.
  89. */
  90. static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata,
  91. u32 session)
  92. {
  93. struct amdtee_session *sess;
  94. u32 ta_handle = get_ta_handle(session);
  95. /* Scan session list to check if TA is already loaded in to TEE */
  96. list_for_each_entry(sess, &ctxdata->sess_list, list_node)
  97. if (sess->ta_handle == ta_handle) {
  98. kref_get(&sess->refcount);
  99. return sess;
  100. }
  101. /* Allocate a new session and add to list */
  102. sess = kzalloc_obj(*sess);
  103. if (sess) {
  104. sess->ta_handle = ta_handle;
  105. kref_init(&sess->refcount);
  106. spin_lock_init(&sess->lock);
  107. list_add(&sess->list_node, &ctxdata->sess_list);
  108. }
  109. return sess;
  110. }
  111. /* Requires mutex to be held */
  112. static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata,
  113. u32 session)
  114. {
  115. u32 ta_handle = get_ta_handle(session);
  116. u32 index = get_session_index(session);
  117. struct amdtee_session *sess;
  118. if (index >= TEE_NUM_SESSIONS)
  119. return NULL;
  120. list_for_each_entry(sess, &ctxdata->sess_list, list_node)
  121. if (ta_handle == sess->ta_handle &&
  122. test_bit(index, sess->sess_mask))
  123. return sess;
  124. return NULL;
  125. }
  126. u32 get_buffer_id(struct tee_shm *shm)
  127. {
  128. struct amdtee_context_data *ctxdata = shm->ctx->data;
  129. struct amdtee_shm_data *shmdata;
  130. u32 buf_id = 0;
  131. mutex_lock(&ctxdata->shm_mutex);
  132. list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node)
  133. if (shmdata->kaddr == shm->kaddr) {
  134. buf_id = shmdata->buf_id;
  135. break;
  136. }
  137. mutex_unlock(&ctxdata->shm_mutex);
  138. return buf_id;
  139. }
  140. static DEFINE_MUTEX(drv_mutex);
  141. static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta,
  142. size_t *ta_size)
  143. {
  144. const struct firmware *fw;
  145. char fw_name[TA_PATH_MAX];
  146. struct {
  147. u32 lo;
  148. u16 mid;
  149. u16 hi_ver;
  150. u8 seq_n[8];
  151. } *uuid = ptr;
  152. int n, rc = 0;
  153. n = snprintf(fw_name, TA_PATH_MAX,
  154. "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin",
  155. TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver,
  156. uuid->seq_n[0], uuid->seq_n[1],
  157. uuid->seq_n[2], uuid->seq_n[3],
  158. uuid->seq_n[4], uuid->seq_n[5],
  159. uuid->seq_n[6], uuid->seq_n[7]);
  160. if (n < 0 || n >= TA_PATH_MAX) {
  161. pr_err("failed to get firmware name\n");
  162. return -EINVAL;
  163. }
  164. mutex_lock(&drv_mutex);
  165. n = request_firmware(&fw, fw_name, &ctx->teedev->dev);
  166. if (n) {
  167. pr_err("failed to load firmware %s\n", fw_name);
  168. rc = -ENOMEM;
  169. goto unlock;
  170. }
  171. *ta_size = roundup(fw->size, PAGE_SIZE);
  172. *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size));
  173. if (!*ta) {
  174. pr_err("%s: get_free_pages failed\n", __func__);
  175. rc = -ENOMEM;
  176. goto rel_fw;
  177. }
  178. memcpy(*ta, fw->data, fw->size);
  179. rel_fw:
  180. release_firmware(fw);
  181. unlock:
  182. mutex_unlock(&drv_mutex);
  183. return rc;
  184. }
  185. /* mutex must be held by caller */
  186. static void destroy_session(struct kref *ref)
  187. {
  188. struct amdtee_session *sess = container_of(ref, struct amdtee_session,
  189. refcount);
  190. list_del(&sess->list_node);
  191. mutex_unlock(&session_list_mutex);
  192. kfree(sess);
  193. }
  194. int amdtee_open_session(struct tee_context *ctx,
  195. struct tee_ioctl_open_session_arg *arg,
  196. struct tee_param *param)
  197. {
  198. struct amdtee_context_data *ctxdata = ctx->data;
  199. struct amdtee_session *sess = NULL;
  200. u32 session_info, ta_handle;
  201. size_t ta_size;
  202. int rc, i;
  203. void *ta;
  204. if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) {
  205. pr_err("unsupported client login method\n");
  206. return -EINVAL;
  207. }
  208. rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size);
  209. if (rc) {
  210. pr_err("failed to copy TA binary\n");
  211. return rc;
  212. }
  213. /* Load the TA binary into TEE environment */
  214. handle_load_ta(ta, ta_size, arg);
  215. if (arg->ret != TEEC_SUCCESS)
  216. goto out;
  217. ta_handle = get_ta_handle(arg->session);
  218. mutex_lock(&session_list_mutex);
  219. sess = alloc_session(ctxdata, arg->session);
  220. mutex_unlock(&session_list_mutex);
  221. if (!sess) {
  222. handle_unload_ta(ta_handle);
  223. rc = -ENOMEM;
  224. goto out;
  225. }
  226. /* Open session with loaded TA */
  227. handle_open_session(arg, &session_info, param);
  228. if (arg->ret != TEEC_SUCCESS) {
  229. pr_err("open_session failed %d\n", arg->ret);
  230. handle_unload_ta(ta_handle);
  231. kref_put_mutex(&sess->refcount, destroy_session,
  232. &session_list_mutex);
  233. goto out;
  234. }
  235. /* Find an empty session index for the given TA */
  236. spin_lock(&sess->lock);
  237. i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS);
  238. if (i < TEE_NUM_SESSIONS) {
  239. sess->session_info[i] = session_info;
  240. set_session_id(ta_handle, i, &arg->session);
  241. set_bit(i, sess->sess_mask);
  242. }
  243. spin_unlock(&sess->lock);
  244. if (i >= TEE_NUM_SESSIONS) {
  245. pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS);
  246. handle_close_session(ta_handle, session_info);
  247. handle_unload_ta(ta_handle);
  248. kref_put_mutex(&sess->refcount, destroy_session,
  249. &session_list_mutex);
  250. rc = -ENOMEM;
  251. goto out;
  252. }
  253. out:
  254. free_pages((u64)ta, get_order(ta_size));
  255. return rc;
  256. }
  257. int amdtee_close_session(struct tee_context *ctx, u32 session)
  258. {
  259. struct amdtee_context_data *ctxdata = ctx->data;
  260. u32 i, ta_handle, session_info;
  261. struct amdtee_session *sess;
  262. pr_debug("%s: sid = 0x%x\n", __func__, session);
  263. /*
  264. * Check that the session is valid and clear the session
  265. * usage bit
  266. */
  267. mutex_lock(&session_list_mutex);
  268. sess = find_session(ctxdata, session);
  269. if (sess) {
  270. ta_handle = get_ta_handle(session);
  271. i = get_session_index(session);
  272. session_info = sess->session_info[i];
  273. spin_lock(&sess->lock);
  274. clear_bit(i, sess->sess_mask);
  275. spin_unlock(&sess->lock);
  276. }
  277. mutex_unlock(&session_list_mutex);
  278. if (!sess)
  279. return -EINVAL;
  280. /* Close the session */
  281. handle_close_session(ta_handle, session_info);
  282. handle_unload_ta(ta_handle);
  283. kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex);
  284. return 0;
  285. }
  286. int amdtee_map_shmem(struct tee_shm *shm)
  287. {
  288. struct amdtee_context_data *ctxdata;
  289. struct amdtee_shm_data *shmnode;
  290. struct shmem_desc shmem;
  291. int rc, count;
  292. u32 buf_id;
  293. if (!shm)
  294. return -EINVAL;
  295. shmnode = kmalloc_obj(*shmnode);
  296. if (!shmnode)
  297. return -ENOMEM;
  298. count = 1;
  299. shmem.kaddr = shm->kaddr;
  300. shmem.size = shm->size;
  301. /*
  302. * Send a MAP command to TEE and get the corresponding
  303. * buffer Id
  304. */
  305. rc = handle_map_shmem(count, &shmem, &buf_id);
  306. if (rc) {
  307. pr_err("map_shmem failed: ret = %d\n", rc);
  308. kfree(shmnode);
  309. return rc;
  310. }
  311. shmnode->kaddr = shm->kaddr;
  312. shmnode->buf_id = buf_id;
  313. ctxdata = shm->ctx->data;
  314. mutex_lock(&ctxdata->shm_mutex);
  315. list_add(&shmnode->shm_node, &ctxdata->shm_list);
  316. mutex_unlock(&ctxdata->shm_mutex);
  317. pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
  318. return 0;
  319. }
  320. void amdtee_unmap_shmem(struct tee_shm *shm)
  321. {
  322. struct amdtee_context_data *ctxdata;
  323. struct amdtee_shm_data *shmnode;
  324. u32 buf_id;
  325. if (!shm)
  326. return;
  327. buf_id = get_buffer_id(shm);
  328. /* Unmap the shared memory from TEE */
  329. handle_unmap_shmem(buf_id);
  330. ctxdata = shm->ctx->data;
  331. mutex_lock(&ctxdata->shm_mutex);
  332. list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node)
  333. if (buf_id == shmnode->buf_id) {
  334. list_del(&shmnode->shm_node);
  335. kfree(shmnode);
  336. break;
  337. }
  338. mutex_unlock(&ctxdata->shm_mutex);
  339. }
  340. int amdtee_invoke_func(struct tee_context *ctx,
  341. struct tee_ioctl_invoke_arg *arg,
  342. struct tee_param *param)
  343. {
  344. struct amdtee_context_data *ctxdata = ctx->data;
  345. struct amdtee_session *sess;
  346. u32 i, session_info;
  347. /* Check that the session is valid */
  348. mutex_lock(&session_list_mutex);
  349. sess = find_session(ctxdata, arg->session);
  350. if (sess) {
  351. i = get_session_index(arg->session);
  352. session_info = sess->session_info[i];
  353. }
  354. mutex_unlock(&session_list_mutex);
  355. if (!sess)
  356. return -EINVAL;
  357. handle_invoke_cmd(arg, session_info, param);
  358. return 0;
  359. }
  360. int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session)
  361. {
  362. return -EINVAL;
  363. }
  364. static const struct tee_driver_ops amdtee_ops = {
  365. .get_version = amdtee_get_version,
  366. .open = amdtee_open,
  367. .release = amdtee_release,
  368. .open_session = amdtee_open_session,
  369. .close_session = amdtee_close_session,
  370. .invoke_func = amdtee_invoke_func,
  371. .cancel_req = amdtee_cancel_req,
  372. };
  373. static const struct tee_desc amdtee_desc = {
  374. .name = DRIVER_NAME "-clnt",
  375. .ops = &amdtee_ops,
  376. .owner = THIS_MODULE,
  377. };
  378. static int __init amdtee_driver_init(void)
  379. {
  380. struct tee_device *teedev;
  381. struct tee_shm_pool *pool;
  382. struct amdtee *amdtee;
  383. int rc;
  384. rc = psp_check_tee_status();
  385. if (rc) {
  386. pr_err("tee not present\n");
  387. return rc;
  388. }
  389. drv_data = kzalloc_obj(*drv_data);
  390. if (!drv_data)
  391. return -ENOMEM;
  392. amdtee = kzalloc_obj(*amdtee);
  393. if (!amdtee) {
  394. rc = -ENOMEM;
  395. goto err_kfree_drv_data;
  396. }
  397. pool = amdtee_config_shm();
  398. if (IS_ERR(pool)) {
  399. pr_err("shared pool configuration error\n");
  400. rc = PTR_ERR(pool);
  401. goto err_kfree_amdtee;
  402. }
  403. teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee);
  404. if (IS_ERR(teedev)) {
  405. rc = PTR_ERR(teedev);
  406. goto err_free_pool;
  407. }
  408. amdtee->teedev = teedev;
  409. rc = tee_device_register(amdtee->teedev);
  410. if (rc)
  411. goto err_device_unregister;
  412. amdtee->pool = pool;
  413. drv_data->amdtee = amdtee;
  414. return 0;
  415. err_device_unregister:
  416. tee_device_unregister(amdtee->teedev);
  417. err_free_pool:
  418. tee_shm_pool_free(pool);
  419. err_kfree_amdtee:
  420. kfree(amdtee);
  421. err_kfree_drv_data:
  422. kfree(drv_data);
  423. drv_data = NULL;
  424. pr_err("initialization failed\n");
  425. return rc;
  426. }
  427. module_init(amdtee_driver_init);
  428. static void __exit amdtee_driver_exit(void)
  429. {
  430. struct amdtee *amdtee;
  431. if (!drv_data || !drv_data->amdtee)
  432. return;
  433. amdtee = drv_data->amdtee;
  434. tee_device_unregister(amdtee->teedev);
  435. tee_shm_pool_free(amdtee->pool);
  436. }
  437. module_exit(amdtee_driver_exit);
  438. MODULE_AUTHOR(DRIVER_AUTHOR);
  439. MODULE_DESCRIPTION("AMD-TEE driver");
  440. MODULE_VERSION("1.0");
  441. MODULE_LICENSE("Dual MIT/GPL");