drivers/tee/amdtee/core.c

   1 // SPDX-License-Identifier: MIT
   2 /*
   3  * Copyright 2019 Advanced Micro Devices, Inc.
   4  */
   5
   6 #include <linux/errno.h>
   7 #include <linux/io.h>
   8 #include <linux/module.h>
   9 #include <linux/slab.h>
  10 #include <linux/string.h>
  11 #include <linux/device.h>
  12 #include <linux/tee_core.h>
  13 #include <linux/types.h>
  14 #include <linux/mm.h>
  15 #include <linux/uaccess.h>
  16 #include <linux/firmware.h>
  17 #include "amdtee_private.h"
  18 #include <linux/psp-tee.h>
  19
  20 static struct amdtee_driver_data *drv_data;
  21 static DEFINE_MUTEX(session_list_mutex);
  22
  23 static void amdtee_get_version(struct tee_device *teedev,
  24                                struct tee_ioctl_version_data *vers)
  25 {
  26         struct tee_ioctl_version_data v = {
  27                 .impl_id = TEE_IMPL_ID_AMDTEE,
  28                 .impl_caps = 0,
  29                 .gen_caps = TEE_GEN_CAP_GP,
  30         };
  31         *vers = v;
  32 }
  33
  34 static int amdtee_open(struct tee_context *ctx)
  35 {
  36         struct amdtee_context_data *ctxdata;
  37
  38         ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL);
  39         if (!ctxdata)
  40                 return -ENOMEM;
  41
  42         INIT_LIST_HEAD(&ctxdata->sess_list);
  43         INIT_LIST_HEAD(&ctxdata->shm_list);
  44         mutex_init(&ctxdata->shm_mutex);
  45
  46         ctx->data = ctxdata;
  47         return 0;
  48 }
  49
  50 static void release_session(struct amdtee_session *sess)
  51 {
  52         int i;
  53
  54         /* Close any open session */
  55         for (i = 0; i < TEE_NUM_SESSIONS; ++i) {
  56                 /* Check if session entry 'i' is valid */
  57                 if (!test_bit(i, sess->sess_mask))
  58                         continue;
  59
  60                 handle_close_session(sess->ta_handle, sess->session_info[i]);
  61                 handle_unload_ta(sess->ta_handle);
  62         }
  63
  64         kfree(sess);
  65 }
  66
  67 static void amdtee_release(struct tee_context *ctx)
  68 {
  69         struct amdtee_context_data *ctxdata = ctx->data;
  70
  71         if (!ctxdata)
  72                 return;
  73
  74         while (true) {
  75                 struct amdtee_session *sess;
  76
  77                 sess = list_first_entry_or_null(&ctxdata->sess_list,
  78                                                 struct amdtee_session,
  79                                                 list_node);
  80
  81                 if (!sess)
  82                         break;
  83
  84                 list_del(&sess->list_node);
  85                 release_session(sess);
  86         }
  87         mutex_destroy(&ctxdata->shm_mutex);
  88         kfree(ctxdata);
  89
  90         ctx->data = NULL;
  91 }
  92
  93 /**
  94  * alloc_session() - Allocate a session structure
  95  * @ctxdata:    TEE Context data structure
  96  * @session:    Session ID for which 'struct amdtee_session' structure is to be
  97  *              allocated.
  98  *
  99  * Scans the TEE context's session list to check if TA is already loaded in to
 100  * TEE. If yes, returns the 'session' structure for that TA. Else allocates,
 101  * initializes a new 'session' structure and adds it to context's session list.
 102  *
 103  * The caller must hold a mutex.
 104  *
 105  * Returns:
 106  * 'struct amdtee_session *' on success and NULL on failure.
 107  */
 108 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata,
 109                                             u32 session)
 110 {
 111         struct amdtee_session *sess;
 112         u32 ta_handle = get_ta_handle(session);
 113
 114         /* Scan session list to check if TA is already loaded in to TEE */
 115         list_for_each_entry(sess, &ctxdata->sess_list, list_node)
 116                 if (sess->ta_handle == ta_handle) {
 117                         kref_get(&sess->refcount);
 118                         return sess;
 119                 }
 120
 121         /* Allocate a new session and add to list */
 122         sess = kzalloc(sizeof(*sess), GFP_KERNEL);
 123         if (sess) {
 124                 sess->ta_handle = ta_handle;
 125                 kref_init(&sess->refcount);
 126                 spin_lock_init(&sess->lock);
 127                 list_add(&sess->list_node, &ctxdata->sess_list);
 128         }
 129
 130         return sess;
 131 }
 132
 133 /* Requires mutex to be held */
 134 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata,
 135                                            u32 session)
 136 {
 137         u32 ta_handle = get_ta_handle(session);
 138         u32 index = get_session_index(session);
 139         struct amdtee_session *sess;
 140
 141         if (index >= TEE_NUM_SESSIONS)
 142                 return NULL;
 143
 144         list_for_each_entry(sess, &ctxdata->sess_list, list_node)
 145                 if (ta_handle == sess->ta_handle &&
 146                     test_bit(index, sess->sess_mask))
 147                         return sess;
 148
 149         return NULL;
 150 }
 151
 152 u32 get_buffer_id(struct tee_shm *shm)
 153 {
 154         struct amdtee_context_data *ctxdata = shm->ctx->data;
 155         struct amdtee_shm_data *shmdata;
 156         u32 buf_id = 0;
 157
 158         mutex_lock(&ctxdata->shm_mutex);
 159         list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node)
 160                 if (shmdata->kaddr == shm->kaddr) {
 161                         buf_id = shmdata->buf_id;
 162                         break;
 163                 }
 164         mutex_unlock(&ctxdata->shm_mutex);
 165
 166         return buf_id;
 167 }
 168
 169 static DEFINE_MUTEX(drv_mutex);
 170 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta,
 171                           size_t *ta_size)
 172 {
 173         const struct firmware *fw;
 174         char fw_name[TA_PATH_MAX];
 175         struct {
 176                 u32 lo;
 177                 u16 mid;
 178                 u16 hi_ver;
 179                 u8 seq_n[8];
 180         } *uuid = ptr;
 181         int n, rc = 0;
 182
 183         n = snprintf(fw_name, TA_PATH_MAX,
 184                      "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin",
 185                      TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver,
 186                      uuid->seq_n[0], uuid->seq_n[1],
 187                      uuid->seq_n[2], uuid->seq_n[3],
 188                      uuid->seq_n[4], uuid->seq_n[5],
 189                      uuid->seq_n[6], uuid->seq_n[7]);
 190         if (n < 0 || n >= TA_PATH_MAX) {
 191                 pr_err("failed to get firmware name\n");
 192                 return -EINVAL;
 193         }
 194
 195         mutex_lock(&drv_mutex);
 196         n = request_firmware(&fw, fw_name, &ctx->teedev->dev);
 197         if (n) {
 198                 pr_err("failed to load firmware %s\n", fw_name);
 199                 rc = -ENOMEM;
 200                 goto unlock;
 201         }
 202
 203         *ta_size = roundup(fw->size, PAGE_SIZE);
 204         *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size));
 205         if (!*ta) {
 206                 pr_err("%s: get_free_pages failed\n", __func__);
 207                 rc = -ENOMEM;
 208                 goto rel_fw;
 209         }
 210
 211         memcpy(*ta, fw->data, fw->size);
 212 rel_fw:
 213         release_firmware(fw);
 214 unlock:
 215         mutex_unlock(&drv_mutex);
 216         return rc;
 217 }
 218
 219 /* mutex must be held by caller */
 220 static void destroy_session(struct kref *ref)
 221 {
 222         struct amdtee_session *sess = container_of(ref, struct amdtee_session,
 223                                                    refcount);
 224
 225         list_del(&sess->list_node);
 226         mutex_unlock(&session_list_mutex);
 227         kfree(sess);
 228 }
 229
 230 int amdtee_open_session(struct tee_context *ctx,
 231                         struct tee_ioctl_open_session_arg *arg,
 232                         struct tee_param *param)
 233 {
 234         struct amdtee_context_data *ctxdata = ctx->data;
 235         struct amdtee_session *sess = NULL;
 236         u32 session_info, ta_handle;
 237         size_t ta_size;
 238         int rc, i;
 239         void *ta;
 240
 241         if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) {
 242                 pr_err("unsupported client login method\n");
 243                 return -EINVAL;
 244         }
 245
 246         rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size);
 247         if (rc) {
 248                 pr_err("failed to copy TA binary\n");
 249                 return rc;
 250         }
 251
 252         /* Load the TA binary into TEE environment */
 253         handle_load_ta(ta, ta_size, arg);
 254         if (arg->ret != TEEC_SUCCESS)
 255                 goto out;
 256
 257         ta_handle = get_ta_handle(arg->session);
 258
 259         mutex_lock(&session_list_mutex);
 260         sess = alloc_session(ctxdata, arg->session);
 261         mutex_unlock(&session_list_mutex);
 262
 263         if (!sess) {
 264                 handle_unload_ta(ta_handle);
 265                 rc = -ENOMEM;
 266                 goto out;
 267         }
 268
 269         /* Open session with loaded TA */
 270         handle_open_session(arg, &session_info, param);
 271         if (arg->ret != TEEC_SUCCESS) {
 272                 pr_err("open_session failed %d\n", arg->ret);
 273                 handle_unload_ta(ta_handle);
 274                 kref_put_mutex(&sess->refcount, destroy_session,
 275                                &session_list_mutex);
 276                 goto out;
 277         }
 278
 279         /* Find an empty session index for the given TA */
 280         spin_lock(&sess->lock);
 281         i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS);
 282         if (i < TEE_NUM_SESSIONS) {
 283                 sess->session_info[i] = session_info;
 284                 set_session_id(ta_handle, i, &arg->session);
 285                 set_bit(i, sess->sess_mask);
 286         }
 287         spin_unlock(&sess->lock);
 288
 289         if (i >= TEE_NUM_SESSIONS) {
 290                 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS);
 291                 handle_close_session(ta_handle, session_info);
 292                 handle_unload_ta(ta_handle);
 293                 kref_put_mutex(&sess->refcount, destroy_session,
 294                                &session_list_mutex);
 295                 rc = -ENOMEM;
 296                 goto out;
 297         }
 298
 299 out:
 300         free_pages((u64)ta, get_order(ta_size));
 301         return rc;
 302 }
 303
 304 int amdtee_close_session(struct tee_context *ctx, u32 session)
 305 {
 306         struct amdtee_context_data *ctxdata = ctx->data;
 307         u32 i, ta_handle, session_info;
 308         struct amdtee_session *sess;
 309
 310         pr_debug("%s: sid = 0x%x\n", __func__, session);
 311
 312         /*
 313          * Check that the session is valid and clear the session
 314          * usage bit
 315          */
 316         mutex_lock(&session_list_mutex);
 317         sess = find_session(ctxdata, session);
 318         if (sess) {
 319                 ta_handle = get_ta_handle(session);
 320                 i = get_session_index(session);
 321                 session_info = sess->session_info[i];
 322                 spin_lock(&sess->lock);
 323                 clear_bit(i, sess->sess_mask);
 324                 spin_unlock(&sess->lock);
 325         }
 326         mutex_unlock(&session_list_mutex);
 327
 328         if (!sess)
 329                 return -EINVAL;
 330
 331         /* Close the session */
 332         handle_close_session(ta_handle, session_info);
 333         handle_unload_ta(ta_handle);
 334
 335         kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex);
 336
 337         return 0;
 338 }
 339
 340 int amdtee_map_shmem(struct tee_shm *shm)
 341 {
 342         struct amdtee_context_data *ctxdata;
 343         struct amdtee_shm_data *shmnode;
 344         struct shmem_desc shmem;
 345         int rc, count;
 346         u32 buf_id;
 347
 348         if (!shm)
 349                 return -EINVAL;
 350
 351         shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL);
 352         if (!shmnode)
 353                 return -ENOMEM;
 354
 355         count = 1;
 356         shmem.kaddr = shm->kaddr;
 357         shmem.size = shm->size;
 358
 359         /*
 360          * Send a MAP command to TEE and get the corresponding
 361          * buffer Id
 362          */
 363         rc = handle_map_shmem(count, &shmem, &buf_id);
 364         if (rc) {
 365                 pr_err("map_shmem failed: ret = %d\n", rc);
 366                 kfree(shmnode);
 367                 return rc;
 368         }
 369
 370         shmnode->kaddr = shm->kaddr;
 371         shmnode->buf_id = buf_id;
 372         ctxdata = shm->ctx->data;
 373         mutex_lock(&ctxdata->shm_mutex);
 374         list_add(&shmnode->shm_node, &ctxdata->shm_list);
 375         mutex_unlock(&ctxdata->shm_mutex);
 376
 377         pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
 378
 379         return 0;
 380 }
 381
 382 void amdtee_unmap_shmem(struct tee_shm *shm)
 383 {
 384         struct amdtee_context_data *ctxdata;
 385         struct amdtee_shm_data *shmnode;
 386         u32 buf_id;
 387
 388         if (!shm)
 389                 return;
 390
 391         buf_id = get_buffer_id(shm);
 392         /* Unmap the shared memory from TEE */
 393         handle_unmap_shmem(buf_id);
 394
 395         ctxdata = shm->ctx->data;
 396         mutex_lock(&ctxdata->shm_mutex);
 397         list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node)
 398                 if (buf_id == shmnode->buf_id) {
 399                         list_del(&shmnode->shm_node);
 400                         kfree(shmnode);
 401                         break;
 402                 }
 403         mutex_unlock(&ctxdata->shm_mutex);
 404 }
 405
 406 int amdtee_invoke_func(struct tee_context *ctx,
 407                        struct tee_ioctl_invoke_arg *arg,
 408                        struct tee_param *param)
 409 {
 410         struct amdtee_context_data *ctxdata = ctx->data;
 411         struct amdtee_session *sess;
 412         u32 i, session_info;
 413
 414         /* Check that the session is valid */
 415         mutex_lock(&session_list_mutex);
 416         sess = find_session(ctxdata, arg->session);
 417         if (sess) {
 418                 i = get_session_index(arg->session);
 419                 session_info = sess->session_info[i];
 420         }
 421         mutex_unlock(&session_list_mutex);
 422
 423         if (!sess)
 424                 return -EINVAL;
 425
 426         handle_invoke_cmd(arg, session_info, param);
 427
 428         return 0;
 429 }
 430
 431 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session)
 432 {
 433         return -EINVAL;
 434 }
 435
 436 static const struct tee_driver_ops amdtee_ops = {
 437         .get_version = amdtee_get_version,
 438         .open = amdtee_open,
 439         .release = amdtee_release,
 440         .open_session = amdtee_open_session,
 441         .close_session = amdtee_close_session,
 442         .invoke_func = amdtee_invoke_func,
 443         .cancel_req = amdtee_cancel_req,
 444 };
 445
 446 static const struct tee_desc amdtee_desc = {
 447         .name = DRIVER_NAME "-clnt",
 448         .ops = &amdtee_ops,
 449         .owner = THIS_MODULE,
 450 };
 451
 452 static int __init amdtee_driver_init(void)
 453 {
 454         struct tee_device *teedev;
 455         struct tee_shm_pool *pool;
 456         struct amdtee *amdtee;
 457         int rc;
 458
 459         rc = psp_check_tee_status();
 460         if (rc) {
 461                 pr_err("amd-tee driver: tee not present\n");
 462                 return rc;
 463         }
 464
 465         drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL);
 466         if (!drv_data)
 467                 return -ENOMEM;
 468
 469         amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL);
 470         if (!amdtee) {
 471                 rc = -ENOMEM;
 472                 goto err_kfree_drv_data;
 473         }
 474
 475         pool = amdtee_config_shm();
 476         if (IS_ERR(pool)) {
 477                 pr_err("shared pool configuration error\n");
 478                 rc = PTR_ERR(pool);
 479                 goto err_kfree_amdtee;
 480         }
 481
 482         teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee);
 483         if (IS_ERR(teedev)) {
 484                 rc = PTR_ERR(teedev);
 485                 goto err_free_pool;
 486         }
 487         amdtee->teedev = teedev;
 488
 489         rc = tee_device_register(amdtee->teedev);
 490         if (rc)
 491                 goto err_device_unregister;
 492
 493         amdtee->pool = pool;
 494
 495         drv_data->amdtee = amdtee;
 496
 497         pr_info("amd-tee driver initialization successful\n");
 498         return 0;
 499
 500 err_device_unregister:
 501         tee_device_unregister(amdtee->teedev);
 502
 503 err_free_pool:
 504         tee_shm_pool_free(pool);
 505
 506 err_kfree_amdtee:
 507         kfree(amdtee);
 508
 509 err_kfree_drv_data:
 510         kfree(drv_data);
 511         drv_data = NULL;
 512
 513         pr_err("amd-tee driver initialization failed\n");
 514         return rc;
 515 }
 516 module_init(amdtee_driver_init);
 517
 518 static void __exit amdtee_driver_exit(void)
 519 {
 520         struct amdtee *amdtee;
 521
 522         if (!drv_data || !drv_data->amdtee)
 523                 return;
 524
 525         amdtee = drv_data->amdtee;
 526
 527         tee_device_unregister(amdtee->teedev);
 528         tee_shm_pool_free(amdtee->pool);
 529 }
 530 module_exit(amdtee_driver_exit);
 531
 532 MODULE_AUTHOR(DRIVER_AUTHOR);
 533 MODULE_DESCRIPTION("AMD-TEE driver");
 534 MODULE_VERSION("1.0");
 535 MODULE_LICENSE("Dual MIT/GPL");