1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (c) 2015-2021, Linaro Limited
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/delay.h>
10 #include <linux/rpmb.h>
11 #include <linux/slab.h>
12 #include <linux/tee_core.h>
13 #include "optee_private.h"
14 #include "optee_rpc_cmd.h"
16 static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg)
20 if (arg->num_params != 1)
22 if ((arg->params[0].attr & OPTEE_MSG_ATTR_TYPE_MASK) !=
23 OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT)
26 ktime_get_real_ts64(&ts);
27 arg->params[0].u.value.a = ts.tv_sec;
28 arg->params[0].u.value.b = ts.tv_nsec;
30 arg->ret = TEEC_SUCCESS;
33 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
36 #if IS_REACHABLE(CONFIG_I2C)
37 static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx,
38 struct optee_msg_arg *arg)
40 struct optee *optee = tee_get_drvdata(ctx->teedev);
41 struct tee_param *params;
42 struct i2c_adapter *adapter;
43 struct i2c_msg msg = { };
45 int ret = -EOPNOTSUPP;
47 TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT,
48 TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT,
49 TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT,
50 TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT,
53 if (arg->num_params != ARRAY_SIZE(attr)) {
54 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
58 params = kmalloc_array(arg->num_params, sizeof(struct tee_param),
61 arg->ret = TEEC_ERROR_OUT_OF_MEMORY;
65 if (optee->ops->from_msg_param(optee, params, arg->num_params,
69 for (i = 0; i < arg->num_params; i++) {
70 if (params[i].attr != attr[i])
74 adapter = i2c_get_adapter(params[0].u.value.b);
78 if (params[1].u.value.a & OPTEE_RPC_I2C_FLAGS_TEN_BIT) {
79 if (!i2c_check_functionality(adapter,
80 I2C_FUNC_10BIT_ADDR)) {
81 i2c_put_adapter(adapter);
85 msg.flags = I2C_M_TEN;
88 msg.addr = params[0].u.value.c;
89 msg.buf = params[2].u.memref.shm->kaddr;
90 msg.len = params[2].u.memref.size;
92 switch (params[0].u.value.a) {
93 case OPTEE_RPC_I2C_TRANSFER_RD:
94 msg.flags |= I2C_M_RD;
96 case OPTEE_RPC_I2C_TRANSFER_WR:
99 i2c_put_adapter(adapter);
103 ret = i2c_transfer(adapter, &msg, 1);
106 arg->ret = TEEC_ERROR_COMMUNICATION;
108 params[3].u.value.a = msg.len;
109 if (optee->ops->to_msg_param(optee, arg->params,
110 arg->num_params, params))
111 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
113 arg->ret = TEEC_SUCCESS;
116 i2c_put_adapter(adapter);
121 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
124 static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx,
125 struct optee_msg_arg *arg)
127 arg->ret = TEEC_ERROR_NOT_SUPPORTED;
131 static void handle_rpc_func_cmd_wq(struct optee *optee,
132 struct optee_msg_arg *arg)
136 if (arg->num_params != 1)
139 if ((arg->params[0].attr & OPTEE_MSG_ATTR_TYPE_MASK) !=
140 OPTEE_MSG_ATTR_TYPE_VALUE_INPUT)
143 switch (arg->params[0].u.value.a) {
144 case OPTEE_RPC_NOTIFICATION_WAIT:
145 rc = optee_notif_wait(optee, arg->params[0].u.value.b, arg->params[0].u.value.c);
149 case OPTEE_RPC_NOTIFICATION_SEND:
150 if (optee_notif_send(optee, arg->params[0].u.value.b))
157 arg->ret = TEEC_SUCCESS;
160 if (rc == -ETIMEDOUT)
161 arg->ret = TEE_ERROR_TIMEOUT;
163 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
166 static void handle_rpc_func_cmd_wait(struct optee_msg_arg *arg)
170 if (arg->num_params != 1)
173 if ((arg->params[0].attr & OPTEE_MSG_ATTR_TYPE_MASK) !=
174 OPTEE_MSG_ATTR_TYPE_VALUE_INPUT)
177 msec_to_wait = arg->params[0].u.value.a;
179 /* Go to interruptible sleep */
180 msleep_interruptible(msec_to_wait);
182 arg->ret = TEEC_SUCCESS;
185 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
188 static void handle_rpc_supp_cmd(struct tee_context *ctx, struct optee *optee,
189 struct optee_msg_arg *arg)
191 struct tee_param *params;
193 arg->ret_origin = TEEC_ORIGIN_COMMS;
195 params = kmalloc_array(arg->num_params, sizeof(struct tee_param),
198 arg->ret = TEEC_ERROR_OUT_OF_MEMORY;
202 if (optee->ops->from_msg_param(optee, params, arg->num_params,
204 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
208 arg->ret = optee_supp_thrd_req(ctx, arg->cmd, arg->num_params, params);
210 if (optee->ops->to_msg_param(optee, arg->params, arg->num_params,
212 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
217 struct tee_shm *optee_rpc_cmd_alloc_suppl(struct tee_context *ctx, size_t sz)
220 struct tee_param param;
221 struct optee *optee = tee_get_drvdata(ctx->teedev);
224 param.attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT;
225 param.u.value.a = OPTEE_RPC_SHM_TYPE_APPL;
226 param.u.value.b = sz;
229 ret = optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_ALLOC, 1, ¶m);
231 return ERR_PTR(-ENOMEM);
233 mutex_lock(&optee->supp.mutex);
234 /* Increases count as secure world doesn't have a reference */
235 shm = tee_shm_get_from_id(optee->supp.ctx, param.u.value.c);
236 mutex_unlock(&optee->supp.mutex);
240 void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
242 struct tee_param param;
244 param.attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT;
245 param.u.value.a = OPTEE_RPC_SHM_TYPE_APPL;
246 param.u.value.b = tee_shm_get_id(shm);
250 * Match the tee_shm_get_from_id() in cmd_alloc_suppl() as secure
251 * world has released its reference.
253 * It's better to do this before sending the request to supplicant
254 * as we'd like to let the process doing the initial allocation to
255 * do release the last reference too in order to avoid stacking
256 * many pending fput() on the client process. This could otherwise
257 * happen if secure world does many allocate and free in a single
262 optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, ¶m);
265 static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
267 struct optee_msg_arg *arg)
269 struct tee_param params[1];
271 if (arg->num_params != ARRAY_SIZE(params) ||
272 optee->ops->from_msg_param(optee, params, arg->num_params,
274 params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
275 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
279 params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
280 params[0].u.value.b = 0;
281 params[0].u.value.c = 0;
282 if (optee->ops->to_msg_param(optee, arg->params,
283 arg->num_params, params)) {
284 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
288 mutex_lock(&optee->rpmb_dev_mutex);
289 rpmb_dev_put(optee->rpmb_dev);
290 optee->rpmb_dev = NULL;
291 mutex_unlock(&optee->rpmb_dev_mutex);
293 arg->ret = TEEC_SUCCESS;
296 static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
300 return OPTEE_RPC_RPMB_EMMC;
302 return OPTEE_RPC_RPMB_UFS;
304 return OPTEE_RPC_RPMB_NVME;
310 static int rpc_rpmb_match(struct device *dev, const void *data)
312 struct rpmb_dev *rdev = to_rpmb_dev(dev);
314 return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
317 static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
319 struct optee_msg_arg *arg)
321 struct rpmb_dev *rdev;
322 struct tee_param params[2];
325 if (arg->num_params != ARRAY_SIZE(params) ||
326 optee->ops->from_msg_param(optee, params, arg->num_params,
328 params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
329 params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
330 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
333 buf = tee_shm_get_va(params[1].u.memref.shm,
334 params[1].u.memref.shm_offs);
336 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
340 mutex_lock(&optee->rpmb_dev_mutex);
341 rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
342 rpmb_dev_put(optee->rpmb_dev);
343 optee->rpmb_dev = rdev;
344 mutex_unlock(&optee->rpmb_dev_mutex);
347 arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
351 if (params[1].u.memref.size < rdev->descr.dev_id_len) {
352 arg->ret = TEEC_ERROR_SHORT_BUFFER;
355 memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
356 params[1].u.memref.size = rdev->descr.dev_id_len;
357 params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
358 params[0].u.value.b = rdev->descr.capacity;
359 params[0].u.value.c = rdev->descr.reliable_wr_count;
360 if (optee->ops->to_msg_param(optee, arg->params,
361 arg->num_params, params)) {
362 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
366 arg->ret = TEEC_SUCCESS;
369 static void handle_rpc_func_rpmb_frames(struct tee_context *ctx,
371 struct optee_msg_arg *arg)
373 struct tee_param params[2];
374 struct rpmb_dev *rdev;
377 mutex_lock(&optee->rpmb_dev_mutex);
378 rdev = rpmb_dev_get(optee->rpmb_dev);
379 mutex_unlock(&optee->rpmb_dev_mutex);
381 arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
385 if (arg->num_params != ARRAY_SIZE(params) ||
386 optee->ops->from_msg_param(optee, params, arg->num_params,
388 params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT ||
389 params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
390 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
394 p0 = tee_shm_get_va(params[0].u.memref.shm,
395 params[0].u.memref.shm_offs);
396 p1 = tee_shm_get_va(params[1].u.memref.shm,
397 params[1].u.memref.shm_offs);
398 if (rpmb_route_frames(rdev, p0, params[0].u.memref.size, p1,
399 params[1].u.memref.size)) {
400 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
403 if (optee->ops->to_msg_param(optee, arg->params,
404 arg->num_params, params)) {
405 arg->ret = TEEC_ERROR_BAD_PARAMETERS;
408 arg->ret = TEEC_SUCCESS;
413 void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
414 struct optee_msg_arg *arg)
417 case OPTEE_RPC_CMD_GET_TIME:
418 handle_rpc_func_cmd_get_time(arg);
420 case OPTEE_RPC_CMD_NOTIFICATION:
421 handle_rpc_func_cmd_wq(optee, arg);
423 case OPTEE_RPC_CMD_SUSPEND:
424 handle_rpc_func_cmd_wait(arg);
426 case OPTEE_RPC_CMD_I2C_TRANSFER:
427 handle_rpc_func_cmd_i2c_transfer(ctx, arg);
430 * optee->in_kernel_rpmb_routing true means that OP-TEE supports
431 * in-kernel RPMB routing _and_ that the RPMB subsystem is
432 * reachable. This is reported to user space with
433 * rpmb_routing_model=kernel in sysfs.
435 * rpmb_routing_model=kernel is also a promise to user space that
436 * RPMB access will not require supplicant support, hence the
439 case OPTEE_RPC_CMD_RPMB_PROBE_RESET:
440 if (optee->in_kernel_rpmb_routing)
441 handle_rpc_func_rpmb_probe_reset(ctx, optee, arg);
443 handle_rpc_supp_cmd(ctx, optee, arg);
445 case OPTEE_RPC_CMD_RPMB_PROBE_NEXT:
446 if (optee->in_kernel_rpmb_routing)
447 handle_rpc_func_rpmb_probe_next(ctx, optee, arg);
449 handle_rpc_supp_cmd(ctx, optee, arg);
451 case OPTEE_RPC_CMD_RPMB_FRAMES:
452 if (optee->in_kernel_rpmb_routing)
453 handle_rpc_func_rpmb_frames(ctx, optee, arg);
455 handle_rpc_supp_cmd(ctx, optee, arg);
458 handle_rpc_supp_cmd(ctx, optee, arg);
projects / linux.git / blob