1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (c) 2015-2021, 2023 Linaro Limited
4 * Copyright (c) 2016, EPAM Systems
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9 #include <linux/arm-smccc.h>
10 #include <linux/cpuhotplug.h>
11 #include <linux/errno.h>
12 #include <linux/firmware.h>
13 #include <linux/interrupt.h>
15 #include <linux/irqdomain.h>
16 #include <linux/kernel.h>
18 #include <linux/module.h>
20 #include <linux/of_irq.h>
21 #include <linux/of_platform.h>
22 #include <linux/platform_device.h>
23 #include <linux/rpmb.h>
24 #include <linux/sched.h>
25 #include <linux/slab.h>
26 #include <linux/string.h>
27 #include <linux/tee_core.h>
28 #include <linux/types.h>
29 #include <linux/workqueue.h>
30 #include "optee_private.h"
31 #include "optee_smc.h"
32 #include "optee_rpc_cmd.h"
33 #include <linux/kmemleak.h>
34 #define CREATE_TRACE_POINTS
35 #include "optee_trace.h"
38 * This file implement the SMC ABI used when communicating with secure world
39 * OP-TEE OS via raw SMCs.
40 * This file is divided into the following sections:
41 * 1. Convert between struct tee_param and struct optee_msg_param
42 * 2. Low level support functions to register shared memory in secure world
43 * 3. Dynamic shared memory pool based on alloc_pages()
44 * 4. Do a normal scheduled call into secure world
45 * 5. Asynchronous notification
46 * 6. Driver initialization.
50 * A typical OP-TEE private shm allocation is 224 bytes (argument struct
51 * with 6 parameters, needed for open session). So with an alignment of 512
52 * we'll waste a bit more than 50%. However, it's only expected that we'll
53 * have a handful of these structs allocated at a time. Most memory will
54 * be allocated aligned to the page size, So all in all this should scale
55 * up and down quite well.
57 #define OPTEE_MIN_STATIC_POOL_ALIGN 9 /* 512 bytes aligned */
59 /* SMC ABI considers at most a single TEE firmware */
60 static unsigned int pcpu_irq_num;
62 static int optee_cpuhp_enable_pcpu_irq(unsigned int cpu)
64 enable_percpu_irq(pcpu_irq_num, IRQ_TYPE_NONE);
69 static int optee_cpuhp_disable_pcpu_irq(unsigned int cpu)
71 disable_percpu_irq(pcpu_irq_num);
77 * 1. Convert between struct tee_param and struct optee_msg_param
79 * optee_from_msg_param() and optee_to_msg_param() are the main
83 static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr,
84 const struct optee_msg_param *mp)
90 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT +
91 attr - OPTEE_MSG_ATTR_TYPE_TMEM_INPUT;
92 p->u.memref.size = mp->u.tmem.size;
93 shm = (struct tee_shm *)(unsigned long)mp->u.tmem.shm_ref;
95 p->u.memref.shm_offs = 0;
96 p->u.memref.shm = NULL;
100 rc = tee_shm_get_pa(shm, 0, &pa);
104 p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;
105 p->u.memref.shm = shm;
110 static void from_msg_param_reg_mem(struct tee_param *p, u32 attr,
111 const struct optee_msg_param *mp)
115 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT +
116 attr - OPTEE_MSG_ATTR_TYPE_RMEM_INPUT;
117 p->u.memref.size = mp->u.rmem.size;
118 shm = (struct tee_shm *)(unsigned long)mp->u.rmem.shm_ref;
121 p->u.memref.shm_offs = mp->u.rmem.offs;
122 p->u.memref.shm = shm;
124 p->u.memref.shm_offs = 0;
125 p->u.memref.shm = NULL;
130 * optee_from_msg_param() - convert from OPTEE_MSG parameters to
132 * @optee: main service struct
133 * @params: subsystem internal parameter representation
134 * @num_params: number of elements in the parameter arrays
135 * @msg_params: OPTEE_MSG parameters
136 * Returns 0 on success or <0 on failure
138 static int optee_from_msg_param(struct optee *optee, struct tee_param *params,
140 const struct optee_msg_param *msg_params)
145 for (n = 0; n < num_params; n++) {
146 struct tee_param *p = params + n;
147 const struct optee_msg_param *mp = msg_params + n;
148 u32 attr = mp->attr & OPTEE_MSG_ATTR_TYPE_MASK;
151 case OPTEE_MSG_ATTR_TYPE_NONE:
152 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE;
153 memset(&p->u, 0, sizeof(p->u));
155 case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT:
156 case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT:
157 case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT:
158 optee_from_msg_param_value(p, attr, mp);
160 case OPTEE_MSG_ATTR_TYPE_TMEM_INPUT:
161 case OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT:
162 case OPTEE_MSG_ATTR_TYPE_TMEM_INOUT:
163 rc = from_msg_param_tmp_mem(p, attr, mp);
167 case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT:
168 case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT:
169 case OPTEE_MSG_ATTR_TYPE_RMEM_INOUT:
170 from_msg_param_reg_mem(p, attr, mp);
180 static int to_msg_param_tmp_mem(struct optee_msg_param *mp,
181 const struct tee_param *p)
186 mp->attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT + p->attr -
187 TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
189 mp->u.tmem.shm_ref = (unsigned long)p->u.memref.shm;
190 mp->u.tmem.size = p->u.memref.size;
192 if (!p->u.memref.shm) {
193 mp->u.tmem.buf_ptr = 0;
197 rc = tee_shm_get_pa(p->u.memref.shm, p->u.memref.shm_offs, &pa);
201 mp->u.tmem.buf_ptr = pa;
202 mp->attr |= OPTEE_MSG_ATTR_CACHE_PREDEFINED <<
203 OPTEE_MSG_ATTR_CACHE_SHIFT;
208 static int to_msg_param_reg_mem(struct optee_msg_param *mp,
209 const struct tee_param *p)
211 mp->attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT + p->attr -
212 TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
214 mp->u.rmem.shm_ref = (unsigned long)p->u.memref.shm;
215 mp->u.rmem.size = p->u.memref.size;
216 mp->u.rmem.offs = p->u.memref.shm_offs;
221 * optee_to_msg_param() - convert from struct tee_params to OPTEE_MSG parameters
222 * @optee: main service struct
223 * @msg_params: OPTEE_MSG parameters
224 * @num_params: number of elements in the parameter arrays
225 * @params: subsystem itnernal parameter representation
226 * Returns 0 on success or <0 on failure
228 static int optee_to_msg_param(struct optee *optee,
229 struct optee_msg_param *msg_params,
230 size_t num_params, const struct tee_param *params)
235 for (n = 0; n < num_params; n++) {
236 const struct tee_param *p = params + n;
237 struct optee_msg_param *mp = msg_params + n;
240 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
241 mp->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE;
242 memset(&mp->u, 0, sizeof(mp->u));
244 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
245 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
246 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
247 optee_to_msg_param_value(mp, p);
249 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
250 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
251 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
252 if (tee_shm_is_dynamic(p->u.memref.shm))
253 rc = to_msg_param_reg_mem(mp, p);
255 rc = to_msg_param_tmp_mem(mp, p);
267 * 2. Low level support functions to register shared memory in secure world
269 * Functions to enable/disable shared memory caching in secure world, that
270 * is, lazy freeing of previously allocated shared memory. Freeing is
271 * performed when a request has been compled.
273 * Functions to register and unregister shared memory both for normal
274 * clients and for tee-supplicant.
278 * optee_enable_shm_cache() - Enables caching of some shared memory allocation
280 * @optee: main service struct
282 static void optee_enable_shm_cache(struct optee *optee)
284 struct optee_call_waiter w;
286 /* We need to retry until secure world isn't busy. */
287 optee_cq_wait_init(&optee->call_queue, &w, false);
289 struct arm_smccc_res res;
291 optee->smc.invoke_fn(OPTEE_SMC_ENABLE_SHM_CACHE,
292 0, 0, 0, 0, 0, 0, 0, &res);
293 if (res.a0 == OPTEE_SMC_RETURN_OK)
295 optee_cq_wait_for_completion(&optee->call_queue, &w);
297 optee_cq_wait_final(&optee->call_queue, &w);
301 * __optee_disable_shm_cache() - Disables caching of some shared memory
302 * allocation in OP-TEE
303 * @optee: main service struct
304 * @is_mapped: true if the cached shared memory addresses were mapped by this
305 * kernel, are safe to dereference, and should be freed
307 static void __optee_disable_shm_cache(struct optee *optee, bool is_mapped)
309 struct optee_call_waiter w;
311 /* We need to retry until secure world isn't busy. */
312 optee_cq_wait_init(&optee->call_queue, &w, false);
315 struct arm_smccc_res smccc;
316 struct optee_smc_disable_shm_cache_result result;
319 optee->smc.invoke_fn(OPTEE_SMC_DISABLE_SHM_CACHE,
320 0, 0, 0, 0, 0, 0, 0, &res.smccc);
321 if (res.result.status == OPTEE_SMC_RETURN_ENOTAVAIL)
322 break; /* All shm's freed */
323 if (res.result.status == OPTEE_SMC_RETURN_OK) {
327 * Shared memory references that were not mapped by
328 * this kernel must be ignored to prevent a crash.
333 shm = reg_pair_to_ptr(res.result.shm_upper32,
334 res.result.shm_lower32);
337 optee_cq_wait_for_completion(&optee->call_queue, &w);
340 optee_cq_wait_final(&optee->call_queue, &w);
344 * optee_disable_shm_cache() - Disables caching of mapped shared memory
345 * allocations in OP-TEE
346 * @optee: main service struct
348 static void optee_disable_shm_cache(struct optee *optee)
350 return __optee_disable_shm_cache(optee, true);
354 * optee_disable_unmapped_shm_cache() - Disables caching of shared memory
355 * allocations in OP-TEE which are not
357 * @optee: main service struct
359 static void optee_disable_unmapped_shm_cache(struct optee *optee)
361 return __optee_disable_shm_cache(optee, false);
364 #define PAGELIST_ENTRIES_PER_PAGE \
365 ((OPTEE_MSG_NONCONTIG_PAGE_SIZE / sizeof(u64)) - 1)
368 * The final entry in each pagelist page is a pointer to the next
371 static size_t get_pages_list_size(size_t num_entries)
373 int pages = DIV_ROUND_UP(num_entries, PAGELIST_ENTRIES_PER_PAGE);
375 return pages * OPTEE_MSG_NONCONTIG_PAGE_SIZE;
378 static u64 *optee_allocate_pages_list(size_t num_entries)
380 return alloc_pages_exact(get_pages_list_size(num_entries), GFP_KERNEL);
383 static void optee_free_pages_list(void *list, size_t num_entries)
385 free_pages_exact(list, get_pages_list_size(num_entries));
389 * optee_fill_pages_list() - write list of user pages to given shared
392 * @dst: page-aligned buffer where list of pages will be stored
393 * @pages: array of pages that represents shared buffer
394 * @num_pages: number of entries in @pages
395 * @page_offset: offset of user buffer from page start
397 * @dst should be big enough to hold list of user page addresses and
398 * links to the next pages of buffer
400 static void optee_fill_pages_list(u64 *dst, struct page **pages, int num_pages,
404 phys_addr_t optee_page;
406 * Refer to OPTEE_MSG_ATTR_NONCONTIG description in optee_msg.h
410 u64 pages_list[PAGELIST_ENTRIES_PER_PAGE];
415 * Currently OP-TEE uses 4k page size and it does not looks
416 * like this will change in the future. On other hand, there are
417 * no know ARM architectures with page size < 4k.
418 * Thus the next built assert looks redundant. But the following
419 * code heavily relies on this assumption, so it is better be
422 BUILD_BUG_ON(PAGE_SIZE < OPTEE_MSG_NONCONTIG_PAGE_SIZE);
424 pages_data = (void *)dst;
426 * If linux page is bigger than 4k, and user buffer offset is
427 * larger than 4k/8k/12k/etc this will skip first 4k pages,
428 * because they bear no value data for OP-TEE.
430 optee_page = page_to_phys(*pages) +
431 round_down(page_offset, OPTEE_MSG_NONCONTIG_PAGE_SIZE);
434 pages_data->pages_list[n++] = optee_page;
436 if (n == PAGELIST_ENTRIES_PER_PAGE) {
437 pages_data->next_page_data =
438 virt_to_phys(pages_data + 1);
443 optee_page += OPTEE_MSG_NONCONTIG_PAGE_SIZE;
444 if (!(optee_page & ~PAGE_MASK)) {
448 optee_page = page_to_phys(*pages);
453 static int optee_shm_register(struct tee_context *ctx, struct tee_shm *shm,
454 struct page **pages, size_t num_pages,
457 struct optee *optee = tee_get_drvdata(ctx->teedev);
458 struct optee_msg_arg *msg_arg;
459 struct tee_shm *shm_arg;
467 rc = optee_check_mem_type(start, num_pages);
471 pages_list = optee_allocate_pages_list(num_pages);
476 * We're about to register shared memory we can't register shared
477 * memory for this request or there's a catch-22.
479 * So in this we'll have to do the good old temporary private
480 * allocation instead of using optee_get_msg_arg().
482 sz = optee_msg_arg_size(optee->rpc_param_count);
483 shm_arg = tee_shm_alloc_priv_buf(ctx, sz);
484 if (IS_ERR(shm_arg)) {
485 rc = PTR_ERR(shm_arg);
488 msg_arg = tee_shm_get_va(shm_arg, 0);
489 if (IS_ERR(msg_arg)) {
490 rc = PTR_ERR(msg_arg);
494 optee_fill_pages_list(pages_list, pages, num_pages,
495 tee_shm_get_page_offset(shm));
497 memset(msg_arg, 0, OPTEE_MSG_GET_ARG_SIZE(1));
498 msg_arg->num_params = 1;
499 msg_arg->cmd = OPTEE_MSG_CMD_REGISTER_SHM;
500 msg_arg->params->attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT |
501 OPTEE_MSG_ATTR_NONCONTIG;
502 msg_arg->params->u.tmem.shm_ref = (unsigned long)shm;
503 msg_arg->params->u.tmem.size = tee_shm_get_size(shm);
505 * In the least bits of msg_arg->params->u.tmem.buf_ptr we
506 * store buffer offset from 4k page, as described in OP-TEE ABI.
508 msg_arg->params->u.tmem.buf_ptr = virt_to_phys(pages_list) |
509 (tee_shm_get_page_offset(shm) & (OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1));
511 if (optee->ops->do_call_with_arg(ctx, shm_arg, 0, false) ||
512 msg_arg->ret != TEEC_SUCCESS)
515 tee_shm_free(shm_arg);
517 optee_free_pages_list(pages_list, num_pages);
521 static int optee_shm_unregister(struct tee_context *ctx, struct tee_shm *shm)
523 struct optee *optee = tee_get_drvdata(ctx->teedev);
524 struct optee_msg_arg *msg_arg;
525 struct tee_shm *shm_arg;
530 * We're about to unregister shared memory and we may not be able
531 * register shared memory for this request in case we're called
532 * from optee_shm_arg_cache_uninit().
534 * So in order to keep things simple in this function just as in
535 * optee_shm_register() we'll use temporary private allocation
536 * instead of using optee_get_msg_arg().
538 sz = optee_msg_arg_size(optee->rpc_param_count);
539 shm_arg = tee_shm_alloc_priv_buf(ctx, sz);
541 return PTR_ERR(shm_arg);
542 msg_arg = tee_shm_get_va(shm_arg, 0);
543 if (IS_ERR(msg_arg)) {
544 rc = PTR_ERR(msg_arg);
548 memset(msg_arg, 0, sz);
549 msg_arg->num_params = 1;
550 msg_arg->cmd = OPTEE_MSG_CMD_UNREGISTER_SHM;
551 msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT;
552 msg_arg->params[0].u.rmem.shm_ref = (unsigned long)shm;
554 if (optee->ops->do_call_with_arg(ctx, shm_arg, 0, false) ||
555 msg_arg->ret != TEEC_SUCCESS)
558 tee_shm_free(shm_arg);
562 static int optee_shm_register_supp(struct tee_context *ctx, struct tee_shm *shm,
563 struct page **pages, size_t num_pages,
567 * We don't want to register supplicant memory in OP-TEE.
568 * Instead information about it will be passed in RPC code.
570 return optee_check_mem_type(start, num_pages);
573 static int optee_shm_unregister_supp(struct tee_context *ctx,
580 * 3. Dynamic shared memory pool based on alloc_pages()
582 * Implements an OP-TEE specific shared memory pool which is used
583 * when dynamic shared memory is supported by secure world.
585 * The main function is optee_shm_pool_alloc_pages().
588 static int pool_op_alloc(struct tee_shm_pool *pool,
589 struct tee_shm *shm, size_t size, size_t align)
592 * Shared memory private to the OP-TEE driver doesn't need
593 * to be registered with OP-TEE.
595 if (shm->flags & TEE_SHM_PRIV)
596 return tee_dyn_shm_alloc_helper(shm, size, align, NULL);
598 return tee_dyn_shm_alloc_helper(shm, size, align, optee_shm_register);
601 static void pool_op_free(struct tee_shm_pool *pool,
604 if (!(shm->flags & TEE_SHM_PRIV))
605 tee_dyn_shm_free_helper(shm, optee_shm_unregister);
607 tee_dyn_shm_free_helper(shm, NULL);
610 static void pool_op_destroy_pool(struct tee_shm_pool *pool)
615 static const struct tee_shm_pool_ops pool_ops = {
616 .alloc = pool_op_alloc,
617 .free = pool_op_free,
618 .destroy_pool = pool_op_destroy_pool,
622 * optee_shm_pool_alloc_pages() - create page-based allocator pool
624 * This pool is used when OP-TEE supports dymanic SHM. In this case
625 * command buffers and such are allocated from kernel's own memory.
627 static struct tee_shm_pool *optee_shm_pool_alloc_pages(void)
629 struct tee_shm_pool *pool = kzalloc(sizeof(*pool), GFP_KERNEL);
632 return ERR_PTR(-ENOMEM);
634 pool->ops = &pool_ops;
640 * 4. Do a normal scheduled call into secure world
642 * The function optee_smc_do_call_with_arg() performs a normal scheduled
643 * call into secure world. During this call may normal world request help
644 * from normal world using RPCs, Remote Procedure Calls. This includes
645 * delivery of non-secure interrupts to for instance allow rescheduling of
649 static void handle_rpc_func_cmd_shm_free(struct tee_context *ctx,
650 struct optee_msg_arg *arg)
654 arg->ret_origin = TEEC_ORIGIN_COMMS;
656 if (arg->num_params != 1 ||
657 arg->params[0].attr != OPTEE_MSG_ATTR_TYPE_VALUE_INPUT) {
658 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
662 shm = (struct tee_shm *)(unsigned long)arg->params[0].u.value.b;
663 switch (arg->params[0].u.value.a) {
664 case OPTEE_RPC_SHM_TYPE_APPL:
665 optee_rpc_cmd_free_suppl(ctx, shm);
667 case OPTEE_RPC_SHM_TYPE_KERNEL:
671 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
673 arg->ret = TEEC_SUCCESS;
676 static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx,
678 struct optee_msg_arg *arg,
679 struct optee_call_ctx *call_ctx)
687 arg->ret_origin = TEEC_ORIGIN_COMMS;
689 if (!arg->num_params ||
690 arg->params[0].attr != OPTEE_MSG_ATTR_TYPE_VALUE_INPUT) {
691 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
695 for (n = 1; n < arg->num_params; n++) {
696 if (arg->params[n].attr != OPTEE_MSG_ATTR_TYPE_NONE) {
697 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
702 sz = arg->params[0].u.value.b;
703 switch (arg->params[0].u.value.a) {
704 case OPTEE_RPC_SHM_TYPE_APPL:
705 shm = optee_rpc_cmd_alloc_suppl(ctx, sz);
707 case OPTEE_RPC_SHM_TYPE_KERNEL:
708 shm = tee_shm_alloc_priv_buf(optee->ctx, sz);
711 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
716 arg->ret = TEEC_ERROR_OUT_OF_MEMORY;
721 * If there are pages it's dynamically allocated shared memory (not
722 * from the reserved shared memory pool) and needs to be
725 pages = tee_shm_get_pages(shm, &page_count);
729 pages_list = optee_allocate_pages_list(page_count);
731 arg->ret = TEEC_ERROR_OUT_OF_MEMORY;
735 call_ctx->pages_list = pages_list;
736 call_ctx->num_entries = page_count;
738 arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT |
739 OPTEE_MSG_ATTR_NONCONTIG;
741 * In the least bits of u.tmem.buf_ptr we store buffer offset
742 * from 4k page, as described in OP-TEE ABI.
744 arg->params[0].u.tmem.buf_ptr = virt_to_phys(pages_list) |
745 (tee_shm_get_page_offset(shm) &
746 (OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1));
748 optee_fill_pages_list(pages_list, pages, page_count,
749 tee_shm_get_page_offset(shm));
753 if (tee_shm_get_pa(shm, 0, &pa)) {
754 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
758 arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT;
759 arg->params[0].u.tmem.buf_ptr = pa;
761 arg->params[0].u.tmem.size = tee_shm_get_size(shm);
762 arg->params[0].u.tmem.shm_ref = (unsigned long)shm;
764 arg->ret = TEEC_SUCCESS;
770 static void free_pages_list(struct optee_call_ctx *call_ctx)
772 if (call_ctx->pages_list) {
773 optee_free_pages_list(call_ctx->pages_list,
774 call_ctx->num_entries);
775 call_ctx->pages_list = NULL;
776 call_ctx->num_entries = 0;
780 static void optee_rpc_finalize_call(struct optee_call_ctx *call_ctx)
782 free_pages_list(call_ctx);
785 static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee,
786 struct optee_msg_arg *arg,
787 struct optee_call_ctx *call_ctx)
791 case OPTEE_RPC_CMD_SHM_ALLOC:
792 free_pages_list(call_ctx);
793 handle_rpc_func_cmd_shm_alloc(ctx, optee, arg, call_ctx);
795 case OPTEE_RPC_CMD_SHM_FREE:
796 handle_rpc_func_cmd_shm_free(ctx, arg);
799 optee_rpc_cmd(ctx, optee, arg);
804 * optee_handle_rpc() - handle RPC from secure world
805 * @ctx: context doing the RPC
806 * @rpc_arg: pointer to RPC arguments if any, or NULL if none
807 * @param: value of registers for the RPC
808 * @call_ctx: call context. Preserved during one OP-TEE invocation
810 * Result of RPC is written back into @param.
812 static void optee_handle_rpc(struct tee_context *ctx,
813 struct optee_msg_arg *rpc_arg,
814 struct optee_rpc_param *param,
815 struct optee_call_ctx *call_ctx)
817 struct tee_device *teedev = ctx->teedev;
818 struct optee *optee = tee_get_drvdata(teedev);
819 struct optee_msg_arg *arg;
823 switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) {
824 case OPTEE_SMC_RPC_FUNC_ALLOC:
825 shm = tee_shm_alloc_priv_buf(optee->ctx, param->a1);
826 if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) {
827 reg_pair_from_64(¶m->a1, ¶m->a2, pa);
828 reg_pair_from_64(¶m->a4, ¶m->a5,
836 kmemleak_not_leak(shm);
838 case OPTEE_SMC_RPC_FUNC_FREE:
839 shm = reg_pair_to_ptr(param->a1, param->a2);
842 case OPTEE_SMC_RPC_FUNC_FOREIGN_INTR:
844 * A foreign interrupt was raised while secure world was
845 * executing, since they are handled in Linux a dummy RPC is
846 * performed to let Linux take the interrupt through the normal
850 case OPTEE_SMC_RPC_FUNC_CMD:
854 shm = reg_pair_to_ptr(param->a1, param->a2);
855 arg = tee_shm_get_va(shm, 0);
857 pr_err("%s: tee_shm_get_va %p failed\n",
863 handle_rpc_func_cmd(ctx, optee, arg, call_ctx);
866 pr_warn("Unknown RPC func 0x%x\n",
867 (u32)OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0));
871 param->a0 = OPTEE_SMC_CALL_RETURN_FROM_RPC;
875 * optee_smc_do_call_with_arg() - Do an SMC to OP-TEE in secure world
876 * @ctx: calling context
877 * @shm: shared memory holding the message to pass to secure world
878 * @offs: offset of the message in @shm
879 * @system_thread: true if caller requests TEE system thread support
881 * Does and SMC to OP-TEE in secure world and handles eventual resulting
882 * Remote Procedure Calls (RPC) from OP-TEE.
884 * Returns return code from secure world, 0 is OK
886 static int optee_smc_do_call_with_arg(struct tee_context *ctx,
887 struct tee_shm *shm, u_int offs,
890 struct optee *optee = tee_get_drvdata(ctx->teedev);
891 struct optee_call_waiter w;
892 struct optee_rpc_param param = { };
893 struct optee_call_ctx call_ctx = { };
894 struct optee_msg_arg *rpc_arg = NULL;
897 if (optee->rpc_param_count) {
898 struct optee_msg_arg *arg;
899 unsigned int rpc_arg_offs;
901 arg = tee_shm_get_va(shm, offs);
905 rpc_arg_offs = OPTEE_MSG_GET_ARG_SIZE(arg->num_params);
906 rpc_arg = tee_shm_get_va(shm, offs + rpc_arg_offs);
908 return PTR_ERR(rpc_arg);
911 if (rpc_arg && tee_shm_is_dynamic(shm)) {
912 param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG;
913 reg_pair_from_64(¶m.a1, ¶m.a2, (u_long)shm);
918 rc = tee_shm_get_pa(shm, offs, &parg);
923 param.a0 = OPTEE_SMC_CALL_WITH_RPC_ARG;
925 param.a0 = OPTEE_SMC_CALL_WITH_ARG;
926 reg_pair_from_64(¶m.a1, ¶m.a2, parg);
928 /* Initialize waiter */
929 optee_cq_wait_init(&optee->call_queue, &w, system_thread);
931 struct arm_smccc_res res;
933 trace_optee_invoke_fn_begin(¶m);
934 optee->smc.invoke_fn(param.a0, param.a1, param.a2, param.a3,
935 param.a4, param.a5, param.a6, param.a7,
937 trace_optee_invoke_fn_end(¶m, &res);
939 if (res.a0 == OPTEE_SMC_RETURN_ETHREAD_LIMIT) {
941 * Out of threads in secure world, wait for a thread
944 optee_cq_wait_for_completion(&optee->call_queue, &w);
945 } else if (OPTEE_SMC_RETURN_IS_RPC(res.a0)) {
951 optee_handle_rpc(ctx, rpc_arg, ¶m, &call_ctx);
958 optee_rpc_finalize_call(&call_ctx);
960 * We're done with our thread in secure world, if there's any
961 * thread waiters wake up one.
963 optee_cq_wait_final(&optee->call_queue, &w);
969 * 5. Asynchronous notification
972 static u32 get_async_notif_value(optee_invoke_fn *invoke_fn, bool *value_valid,
975 struct arm_smccc_res res;
977 invoke_fn(OPTEE_SMC_GET_ASYNC_NOTIF_VALUE, 0, 0, 0, 0, 0, 0, 0, &res);
980 *value_valid = false;
983 *value_valid = (res.a2 & OPTEE_SMC_ASYNC_NOTIF_VALUE_VALID);
984 *value_pending = (res.a2 & OPTEE_SMC_ASYNC_NOTIF_VALUE_PENDING);
988 static irqreturn_t irq_handler(struct optee *optee)
990 bool do_bottom_half = false;
996 value = get_async_notif_value(optee->smc.invoke_fn,
997 &value_valid, &value_pending);
1001 if (value == OPTEE_SMC_ASYNC_NOTIF_VALUE_DO_BOTTOM_HALF)
1002 do_bottom_half = true;
1004 optee_notif_send(optee, value);
1005 } while (value_pending);
1008 return IRQ_WAKE_THREAD;
1012 static irqreturn_t notif_irq_handler(int irq, void *dev_id)
1014 struct optee *optee = dev_id;
1016 return irq_handler(optee);
1019 static irqreturn_t notif_irq_thread_fn(int irq, void *dev_id)
1021 struct optee *optee = dev_id;
1023 optee_do_bottom_half(optee->ctx);
1028 static int init_irq(struct optee *optee, u_int irq)
1032 rc = request_threaded_irq(irq, notif_irq_handler,
1033 notif_irq_thread_fn,
1034 0, "optee_notification", optee);
1038 optee->smc.notif_irq = irq;
1043 static irqreturn_t notif_pcpu_irq_handler(int irq, void *dev_id)
1045 struct optee_pcpu *pcpu = dev_id;
1046 struct optee *optee = pcpu->optee;
1048 if (irq_handler(optee) == IRQ_WAKE_THREAD)
1049 queue_work(optee->smc.notif_pcpu_wq,
1050 &optee->smc.notif_pcpu_work);
1055 static void notif_pcpu_irq_work_fn(struct work_struct *work)
1057 struct optee_smc *optee_smc = container_of(work, struct optee_smc,
1059 struct optee *optee = container_of(optee_smc, struct optee, smc);
1061 optee_do_bottom_half(optee->ctx);
1064 static int init_pcpu_irq(struct optee *optee, u_int irq)
1066 struct optee_pcpu __percpu *optee_pcpu;
1069 optee_pcpu = alloc_percpu(struct optee_pcpu);
1073 for_each_present_cpu(cpu)
1074 per_cpu_ptr(optee_pcpu, cpu)->optee = optee;
1076 rc = request_percpu_irq(irq, notif_pcpu_irq_handler,
1077 "optee_pcpu_notification", optee_pcpu);
1081 INIT_WORK(&optee->smc.notif_pcpu_work, notif_pcpu_irq_work_fn);
1082 optee->smc.notif_pcpu_wq = create_workqueue("optee_pcpu_notification");
1083 if (!optee->smc.notif_pcpu_wq) {
1085 goto err_free_pcpu_irq;
1088 optee->smc.optee_pcpu = optee_pcpu;
1089 optee->smc.notif_irq = irq;
1092 rc = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "optee/pcpu-notif:starting",
1093 optee_cpuhp_enable_pcpu_irq,
1094 optee_cpuhp_disable_pcpu_irq);
1098 goto err_free_pcpu_irq;
1100 optee->smc.notif_cpuhp_state = rc;
1105 free_percpu_irq(irq, optee_pcpu);
1107 free_percpu(optee_pcpu);
1112 static int optee_smc_notif_init_irq(struct optee *optee, u_int irq)
1114 if (irq_is_percpu_devid(irq))
1115 return init_pcpu_irq(optee, irq);
1117 return init_irq(optee, irq);
1120 static void uninit_pcpu_irq(struct optee *optee)
1122 cpuhp_remove_state(optee->smc.notif_cpuhp_state);
1124 destroy_workqueue(optee->smc.notif_pcpu_wq);
1126 free_percpu_irq(optee->smc.notif_irq, optee->smc.optee_pcpu);
1127 free_percpu(optee->smc.optee_pcpu);
1130 static void optee_smc_notif_uninit_irq(struct optee *optee)
1132 if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_ASYNC_NOTIF) {
1133 optee_stop_async_notif(optee->ctx);
1134 if (optee->smc.notif_irq) {
1135 if (irq_is_percpu_devid(optee->smc.notif_irq))
1136 uninit_pcpu_irq(optee);
1138 free_irq(optee->smc.notif_irq, optee);
1140 irq_dispose_mapping(optee->smc.notif_irq);
1146 * 6. Driver initialization
1148 * During driver initialization is secure world probed to find out which
1149 * features it supports so the driver can be initialized with a matching
1150 * configuration. This involves for instance support for dynamic shared
1151 * memory instead of a static memory carvout.
1154 static void optee_get_version(struct tee_device *teedev,
1155 struct tee_ioctl_version_data *vers)
1157 struct tee_ioctl_version_data v = {
1158 .impl_id = TEE_IMPL_ID_OPTEE,
1159 .impl_caps = TEE_OPTEE_CAP_TZ,
1160 .gen_caps = TEE_GEN_CAP_GP,
1162 struct optee *optee = tee_get_drvdata(teedev);
1164 if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
1165 v.gen_caps |= TEE_GEN_CAP_REG_MEM;
1166 if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL)
1167 v.gen_caps |= TEE_GEN_CAP_MEMREF_NULL;
1171 static int optee_smc_open(struct tee_context *ctx)
1173 struct optee *optee = tee_get_drvdata(ctx->teedev);
1174 u32 sec_caps = optee->smc.sec_caps;
1176 return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL);
1179 static const struct tee_driver_ops optee_clnt_ops = {
1180 .get_version = optee_get_version,
1181 .open = optee_smc_open,
1182 .release = optee_release,
1183 .open_session = optee_open_session,
1184 .close_session = optee_close_session,
1185 .system_session = optee_system_session,
1186 .invoke_func = optee_invoke_func,
1187 .cancel_req = optee_cancel_req,
1188 .shm_register = optee_shm_register,
1189 .shm_unregister = optee_shm_unregister,
1192 static const struct tee_desc optee_clnt_desc = {
1193 .name = DRIVER_NAME "-clnt",
1194 .ops = &optee_clnt_ops,
1195 .owner = THIS_MODULE,
1198 static const struct tee_driver_ops optee_supp_ops = {
1199 .get_version = optee_get_version,
1200 .open = optee_smc_open,
1201 .release = optee_release_supp,
1202 .supp_recv = optee_supp_recv,
1203 .supp_send = optee_supp_send,
1204 .shm_register = optee_shm_register_supp,
1205 .shm_unregister = optee_shm_unregister_supp,
1208 static const struct tee_desc optee_supp_desc = {
1209 .name = DRIVER_NAME "-supp",
1210 .ops = &optee_supp_ops,
1211 .owner = THIS_MODULE,
1212 .flags = TEE_DESC_PRIVILEGED,
1215 static const struct optee_ops optee_ops = {
1216 .do_call_with_arg = optee_smc_do_call_with_arg,
1217 .to_msg_param = optee_to_msg_param,
1218 .from_msg_param = optee_from_msg_param,
1221 static int enable_async_notif(optee_invoke_fn *invoke_fn)
1223 struct arm_smccc_res res;
1225 invoke_fn(OPTEE_SMC_ENABLE_ASYNC_NOTIF, 0, 0, 0, 0, 0, 0, 0, &res);
1232 static bool optee_msg_api_uid_is_optee_api(optee_invoke_fn *invoke_fn)
1234 struct arm_smccc_res res;
1236 invoke_fn(OPTEE_SMC_CALLS_UID, 0, 0, 0, 0, 0, 0, 0, &res);
1238 if (res.a0 == OPTEE_MSG_UID_0 && res.a1 == OPTEE_MSG_UID_1 &&
1239 res.a2 == OPTEE_MSG_UID_2 && res.a3 == OPTEE_MSG_UID_3)
1244 #ifdef CONFIG_OPTEE_INSECURE_LOAD_IMAGE
1245 static bool optee_msg_api_uid_is_optee_image_load(optee_invoke_fn *invoke_fn)
1247 struct arm_smccc_res res;
1249 invoke_fn(OPTEE_SMC_CALLS_UID, 0, 0, 0, 0, 0, 0, 0, &res);
1251 if (res.a0 == OPTEE_MSG_IMAGE_LOAD_UID_0 &&
1252 res.a1 == OPTEE_MSG_IMAGE_LOAD_UID_1 &&
1253 res.a2 == OPTEE_MSG_IMAGE_LOAD_UID_2 &&
1254 res.a3 == OPTEE_MSG_IMAGE_LOAD_UID_3)
1260 static void optee_msg_get_os_revision(optee_invoke_fn *invoke_fn)
1263 struct arm_smccc_res smccc;
1264 struct optee_smc_call_get_os_revision_result result;
1271 invoke_fn(OPTEE_SMC_CALL_GET_OS_REVISION, 0, 0, 0, 0, 0, 0, 0,
1274 if (res.result.build_id)
1275 pr_info("revision %lu.%lu (%08lx)", res.result.major,
1276 res.result.minor, res.result.build_id);
1278 pr_info("revision %lu.%lu", res.result.major, res.result.minor);
1281 static bool optee_msg_api_revision_is_compatible(optee_invoke_fn *invoke_fn)
1284 struct arm_smccc_res smccc;
1285 struct optee_smc_calls_revision_result result;
1288 invoke_fn(OPTEE_SMC_CALLS_REVISION, 0, 0, 0, 0, 0, 0, 0, &res.smccc);
1290 if (res.result.major == OPTEE_MSG_REVISION_MAJOR &&
1291 (int)res.result.minor >= OPTEE_MSG_REVISION_MINOR)
1296 static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn,
1297 u32 *sec_caps, u32 *max_notif_value,
1298 unsigned int *rpc_param_count)
1301 struct arm_smccc_res smccc;
1302 struct optee_smc_exchange_capabilities_result result;
1307 * TODO This isn't enough to tell if it's UP system (from kernel
1308 * point of view) or not, is_smp() returns the information
1309 * needed, but can't be called directly from here.
1311 if (!IS_ENABLED(CONFIG_SMP) || nr_cpu_ids == 1)
1312 a1 |= OPTEE_SMC_NSEC_CAP_UNIPROCESSOR;
1314 invoke_fn(OPTEE_SMC_EXCHANGE_CAPABILITIES, a1, 0, 0, 0, 0, 0, 0,
1317 if (res.result.status != OPTEE_SMC_RETURN_OK)
1320 *sec_caps = res.result.capabilities;
1321 if (*sec_caps & OPTEE_SMC_SEC_CAP_ASYNC_NOTIF)
1322 *max_notif_value = res.result.max_notif_value;
1324 *max_notif_value = OPTEE_DEFAULT_MAX_NOTIF_VALUE;
1325 if (*sec_caps & OPTEE_SMC_SEC_CAP_RPC_ARG)
1326 *rpc_param_count = (u8)res.result.data;
1328 *rpc_param_count = 0;
1333 static unsigned int optee_msg_get_thread_count(optee_invoke_fn *invoke_fn)
1335 struct arm_smccc_res res;
1337 invoke_fn(OPTEE_SMC_GET_THREAD_COUNT, 0, 0, 0, 0, 0, 0, 0, &res);
1343 static struct tee_shm_pool *
1344 optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm)
1347 struct arm_smccc_res smccc;
1348 struct optee_smc_get_shm_config_result result;
1350 unsigned long vaddr;
1358 invoke_fn(OPTEE_SMC_GET_SHM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc);
1359 if (res.result.status != OPTEE_SMC_RETURN_OK) {
1360 pr_err("static shm service not available\n");
1361 return ERR_PTR(-ENOENT);
1364 if (res.result.settings != OPTEE_SMC_SHM_CACHED) {
1365 pr_err("only normal cached shared memory supported\n");
1366 return ERR_PTR(-EINVAL);
1369 begin = roundup(res.result.start, PAGE_SIZE);
1370 end = rounddown(res.result.start + res.result.size, PAGE_SIZE);
1374 va = memremap(paddr, size, MEMREMAP_WB);
1376 pr_err("shared memory ioremap failed\n");
1377 return ERR_PTR(-EINVAL);
1379 vaddr = (unsigned long)va;
1381 rc = tee_shm_pool_alloc_res_mem(vaddr, paddr, size,
1382 OPTEE_MIN_STATIC_POOL_ALIGN);
1386 *memremaped_shm = va;
1391 /* Simple wrapper functions to be able to use a function pointer */
1392 static void optee_smccc_smc(unsigned long a0, unsigned long a1,
1393 unsigned long a2, unsigned long a3,
1394 unsigned long a4, unsigned long a5,
1395 unsigned long a6, unsigned long a7,
1396 struct arm_smccc_res *res)
1398 arm_smccc_smc(a0, a1, a2, a3, a4, a5, a6, a7, res);
1401 static void optee_smccc_hvc(unsigned long a0, unsigned long a1,
1402 unsigned long a2, unsigned long a3,
1403 unsigned long a4, unsigned long a5,
1404 unsigned long a6, unsigned long a7,
1405 struct arm_smccc_res *res)
1407 arm_smccc_hvc(a0, a1, a2, a3, a4, a5, a6, a7, res);
1410 static optee_invoke_fn *get_invoke_func(struct device *dev)
1414 pr_info("probing for conduit method.\n");
1416 if (device_property_read_string(dev, "method", &method)) {
1417 pr_warn("missing \"method\" property\n");
1418 return ERR_PTR(-ENXIO);
1421 if (!strcmp("hvc", method))
1422 return optee_smccc_hvc;
1423 else if (!strcmp("smc", method))
1424 return optee_smccc_smc;
1426 pr_warn("invalid \"method\" property: %s\n", method);
1427 return ERR_PTR(-EINVAL);
1430 /* optee_remove - Device Removal Routine
1431 * @pdev: platform device information struct
1433 * optee_remove is called by platform subsystem to alert the driver
1434 * that it should release the device
1436 static void optee_smc_remove(struct platform_device *pdev)
1438 struct optee *optee = platform_get_drvdata(pdev);
1441 * Ask OP-TEE to free all cached shared memory objects to decrease
1442 * reference counters and also avoid wild pointers in secure world
1443 * into the old shared memory range.
1445 if (!optee->rpc_param_count)
1446 optee_disable_shm_cache(optee);
1448 optee_smc_notif_uninit_irq(optee);
1450 optee_remove_common(optee);
1452 if (optee->smc.memremaped_shm)
1453 memunmap(optee->smc.memremaped_shm);
1458 /* optee_shutdown - Device Removal Routine
1459 * @pdev: platform device information struct
1461 * platform_shutdown is called by the platform subsystem to alert
1462 * the driver that a shutdown, reboot, or kexec is happening and
1463 * device must be disabled.
1465 static void optee_shutdown(struct platform_device *pdev)
1467 struct optee *optee = platform_get_drvdata(pdev);
1469 if (!optee->rpc_param_count)
1470 optee_disable_shm_cache(optee);
1473 #ifdef CONFIG_OPTEE_INSECURE_LOAD_IMAGE
1475 #define OPTEE_FW_IMAGE "optee/tee.bin"
1477 static optee_invoke_fn *cpuhp_invoke_fn;
1479 static int optee_cpuhp_probe(unsigned int cpu)
1482 * Invoking a call on a CPU will cause OP-TEE to perform the required
1483 * setup for that CPU. Just invoke the call to get the UID since that
1484 * has no side effects.
1486 if (optee_msg_api_uid_is_optee_api(cpuhp_invoke_fn))
1492 static int optee_load_fw(struct platform_device *pdev,
1493 optee_invoke_fn *invoke_fn)
1495 const struct firmware *fw = NULL;
1496 struct arm_smccc_res res;
1497 phys_addr_t data_pa;
1498 u8 *data_buf = NULL;
1500 u32 data_pa_high, data_pa_low;
1501 u32 data_size_high, data_size_low;
1505 if (!optee_msg_api_uid_is_optee_image_load(invoke_fn))
1508 rc = request_firmware(&fw, OPTEE_FW_IMAGE, &pdev->dev);
1511 * The firmware in the rootfs will not be accessible until we
1512 * are in the SYSTEM_RUNNING state, so return EPROBE_DEFER until
1515 if (system_state < SYSTEM_RUNNING)
1516 return -EPROBE_DEFER;
1520 data_size = fw->size;
1522 * This uses the GFP_DMA flag to ensure we are allocated memory in the
1523 * 32-bit space since TF-A cannot map memory beyond the 32-bit boundary.
1525 data_buf = kmemdup(fw->data, fw->size, GFP_KERNEL | GFP_DMA);
1530 data_pa = virt_to_phys(data_buf);
1531 reg_pair_from_64(&data_pa_high, &data_pa_low, data_pa);
1532 reg_pair_from_64(&data_size_high, &data_size_low, data_size);
1536 pr_warn("image loading failed\n");
1544 * Always invoke the SMC, even if loading the image fails, to indicate
1545 * to EL3 that we have passed the point where it should allow invoking
1548 pr_warn("OP-TEE image loaded from kernel, this can be insecure");
1549 invoke_fn(OPTEE_SMC_CALL_LOAD_IMAGE, data_size_high, data_size_low,
1550 data_pa_high, data_pa_low, 0, 0, 0, &res);
1554 release_firmware(fw);
1559 * We need to initialize OP-TEE on all other running cores as
1560 * well. Any cores that aren't running yet will get initialized
1561 * when they are brought up by the power management functions in
1562 * TF-A which are registered by the OP-TEE SPD. Due to that we
1563 * can un-register the callback right after registering it.
1565 cpuhp_invoke_fn = invoke_fn;
1566 hp_state = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "optee:probe",
1567 optee_cpuhp_probe, NULL);
1569 pr_warn("Failed with CPU hotplug setup for OP-TEE");
1572 cpuhp_remove_state(hp_state);
1573 cpuhp_invoke_fn = NULL;
1579 static inline int optee_load_fw(struct platform_device *pdev,
1580 optee_invoke_fn *invoke_fn)
1586 static int optee_probe(struct platform_device *pdev)
1588 optee_invoke_fn *invoke_fn;
1589 struct tee_shm_pool *pool = ERR_PTR(-EINVAL);
1590 struct optee *optee = NULL;
1591 void *memremaped_shm = NULL;
1592 unsigned int rpc_param_count;
1593 unsigned int thread_count;
1594 struct tee_device *teedev;
1595 struct tee_context *ctx;
1596 u32 max_notif_value;
1597 u32 arg_cache_flags;
1601 invoke_fn = get_invoke_func(&pdev->dev);
1602 if (IS_ERR(invoke_fn))
1603 return PTR_ERR(invoke_fn);
1605 rc = optee_load_fw(pdev, invoke_fn);
1609 if (!optee_msg_api_uid_is_optee_api(invoke_fn)) {
1610 pr_warn("api uid mismatch\n");
1614 optee_msg_get_os_revision(invoke_fn);
1616 if (!optee_msg_api_revision_is_compatible(invoke_fn)) {
1617 pr_warn("api revision mismatch\n");
1621 thread_count = optee_msg_get_thread_count(invoke_fn);
1622 if (!optee_msg_exchange_capabilities(invoke_fn, &sec_caps,
1624 &rpc_param_count)) {
1625 pr_warn("capabilities mismatch\n");
1630 * Try to use dynamic shared memory if possible
1632 if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) {
1634 * If we have OPTEE_SMC_SEC_CAP_RPC_ARG we can ask
1635 * optee_get_msg_arg() to pre-register (by having
1636 * OPTEE_SHM_ARG_ALLOC_PRIV cleared) the page used to pass
1637 * an argument struct.
1639 * With the page is pre-registered we can use a non-zero
1640 * offset for argument struct, this is indicated with
1641 * OPTEE_SHM_ARG_SHARED.
1643 * This means that optee_smc_do_call_with_arg() will use
1644 * OPTEE_SMC_CALL_WITH_REGD_ARG for pre-registered pages.
1646 if (sec_caps & OPTEE_SMC_SEC_CAP_RPC_ARG)
1647 arg_cache_flags = OPTEE_SHM_ARG_SHARED;
1649 arg_cache_flags = OPTEE_SHM_ARG_ALLOC_PRIV;
1651 pool = optee_shm_pool_alloc_pages();
1655 * If dynamic shared memory is not available or failed - try static one
1657 if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) {
1659 * The static memory pool can use non-zero page offsets so
1660 * let optee_get_msg_arg() know that with OPTEE_SHM_ARG_SHARED.
1662 * optee_get_msg_arg() should not pre-register the
1663 * allocated page used to pass an argument struct, this is
1664 * indicated with OPTEE_SHM_ARG_ALLOC_PRIV.
1666 * This means that optee_smc_do_call_with_arg() will use
1667 * OPTEE_SMC_CALL_WITH_ARG if rpc_param_count is 0, else
1668 * OPTEE_SMC_CALL_WITH_RPC_ARG.
1670 arg_cache_flags = OPTEE_SHM_ARG_SHARED |
1671 OPTEE_SHM_ARG_ALLOC_PRIV;
1672 pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm);
1676 return PTR_ERR(pool);
1678 optee = kzalloc(sizeof(*optee), GFP_KERNEL);
1684 optee->ops = &optee_ops;
1685 optee->smc.invoke_fn = invoke_fn;
1686 optee->smc.sec_caps = sec_caps;
1687 optee->rpc_param_count = rpc_param_count;
1689 if (IS_REACHABLE(CONFIG_RPMB) &&
1690 (sec_caps & OPTEE_SMC_SEC_CAP_RPMB_PROBE))
1691 optee->in_kernel_rpmb_routing = true;
1693 teedev = tee_device_alloc(&optee_clnt_desc, NULL, pool, optee);
1694 if (IS_ERR(teedev)) {
1695 rc = PTR_ERR(teedev);
1696 goto err_free_optee;
1698 optee->teedev = teedev;
1700 teedev = tee_device_alloc(&optee_supp_desc, NULL, pool, optee);
1701 if (IS_ERR(teedev)) {
1702 rc = PTR_ERR(teedev);
1703 goto err_unreg_teedev;
1705 optee->supp_teedev = teedev;
1707 optee_set_dev_group(optee);
1709 rc = tee_device_register(optee->teedev);
1711 goto err_unreg_supp_teedev;
1713 rc = tee_device_register(optee->supp_teedev);
1715 goto err_unreg_supp_teedev;
1717 optee_cq_init(&optee->call_queue, thread_count);
1718 optee_supp_init(&optee->supp);
1719 optee->smc.memremaped_shm = memremaped_shm;
1721 optee_shm_arg_cache_init(optee, arg_cache_flags);
1722 mutex_init(&optee->rpmb_dev_mutex);
1724 platform_set_drvdata(pdev, optee);
1725 ctx = teedev_open(optee->teedev);
1728 goto err_supp_uninit;
1731 rc = optee_notif_init(optee, max_notif_value);
1735 if (sec_caps & OPTEE_SMC_SEC_CAP_ASYNC_NOTIF) {
1738 rc = platform_get_irq(pdev, 0);
1740 pr_err("platform_get_irq: ret %d\n", rc);
1741 goto err_notif_uninit;
1745 rc = optee_smc_notif_init_irq(optee, irq);
1747 irq_dispose_mapping(irq);
1748 goto err_notif_uninit;
1750 enable_async_notif(optee->smc.invoke_fn);
1751 pr_info("Asynchronous notifications enabled\n");
1755 * Ensure that there are no pre-existing shm objects before enabling
1756 * the shm cache so that there's no chance of receiving an invalid
1757 * address during shutdown. This could occur, for example, if we're
1758 * kexec booting from an older kernel that did not properly cleanup the
1761 optee_disable_unmapped_shm_cache(optee);
1764 * Only enable the shm cache in case we're not able to pass the RPC
1765 * arg struct right after the normal arg struct.
1767 if (!optee->rpc_param_count)
1768 optee_enable_shm_cache(optee);
1770 if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
1771 pr_info("dynamic shared memory is enabled\n");
1773 rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES);
1775 goto err_disable_shm_cache;
1777 INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
1778 optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
1779 blocking_notifier_chain_register(&optee_rpmb_intf_added,
1781 pr_info("initialized driver\n");
1784 err_disable_shm_cache:
1785 if (!optee->rpc_param_count)
1786 optee_disable_shm_cache(optee);
1787 optee_smc_notif_uninit_irq(optee);
1788 optee_unregister_devices();
1790 optee_notif_uninit(optee);
1792 teedev_close_context(ctx);
1794 rpmb_dev_put(optee->rpmb_dev);
1795 mutex_destroy(&optee->rpmb_dev_mutex);
1796 optee_shm_arg_cache_uninit(optee);
1797 optee_supp_uninit(&optee->supp);
1798 mutex_destroy(&optee->call_queue.mutex);
1799 err_unreg_supp_teedev:
1800 tee_device_unregister(optee->supp_teedev);
1802 tee_device_unregister(optee->teedev);
1806 tee_shm_pool_free(pool);
1808 memunmap(memremaped_shm);
1812 static const struct of_device_id optee_dt_match[] = {
1813 { .compatible = "linaro,optee-tz" },
1816 MODULE_DEVICE_TABLE(of, optee_dt_match);
1818 static struct platform_driver optee_driver = {
1819 .probe = optee_probe,
1820 .remove = optee_smc_remove,
1821 .shutdown = optee_shutdown,
1824 .of_match_table = optee_dt_match,
1828 int optee_smc_abi_register(void)
1830 return platform_driver_register(&optee_driver);
1833 void optee_smc_abi_unregister(void)
1835 platform_driver_unregister(&optee_driver);
projects / J-linux.git / blob