drivers/crypto/ccp/tee-dev.c

   1 // SPDX-License-Identifier: MIT
   2 /*
   3  * AMD Trusted Execution Environment (TEE) interface
   4  *
   5  * Author: Rijo Thomas <[email protected]>
   6  * Author: Devaraj Rangasamy <[email protected]>
   7  *
   8  * Copyright (C) 2019,2021 Advanced Micro Devices, Inc.
   9  */
  10
  11 #include <linux/bitfield.h>
  12 #include <linux/types.h>
  13 #include <linux/mutex.h>
  14 #include <linux/delay.h>
  15 #include <linux/slab.h>
  16 #include <linux/gfp.h>
  17 #include <linux/psp.h>
  18 #include <linux/psp-tee.h>
  19
  20 #include "psp-dev.h"
  21 #include "tee-dev.h"
  22
  23 static bool psp_dead;
  24
  25 static int tee_alloc_ring(struct psp_tee_device *tee, int ring_size)
  26 {
  27         struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
  28         void *start_addr;
  29
  30         if (!ring_size)
  31                 return -EINVAL;
  32
  33         /* We need actual physical address instead of DMA address, since
  34          * Trusted OS running on AMD Secure Processor will map this region
  35          */
  36         start_addr = (void *)__get_free_pages(GFP_KERNEL, get_order(ring_size));
  37         if (!start_addr)
  38                 return -ENOMEM;
  39
  40         memset(start_addr, 0x0, ring_size);
  41         rb_mgr->ring_start = start_addr;
  42         rb_mgr->ring_size = ring_size;
  43         rb_mgr->ring_pa = __psp_pa(start_addr);
  44         mutex_init(&rb_mgr->mutex);
  45
  46         return 0;
  47 }
  48
  49 static void tee_free_ring(struct psp_tee_device *tee)
  50 {
  51         struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
  52
  53         if (!rb_mgr->ring_start)
  54                 return;
  55
  56         free_pages((unsigned long)rb_mgr->ring_start,
  57                    get_order(rb_mgr->ring_size));
  58
  59         rb_mgr->ring_start = NULL;
  60         rb_mgr->ring_size = 0;
  61         rb_mgr->ring_pa = 0;
  62         mutex_destroy(&rb_mgr->mutex);
  63 }
  64
  65 static int tee_wait_cmd_poll(struct psp_tee_device *tee, unsigned int timeout,
  66                              unsigned int *reg)
  67 {
  68         /* ~10ms sleep per loop => nloop = timeout * 100 */
  69         int nloop = timeout * 100;
  70
  71         while (--nloop) {
  72                 *reg = ioread32(tee->io_regs + tee->vdata->cmdresp_reg);
  73                 if (FIELD_GET(PSP_CMDRESP_RESP, *reg))
  74                         return 0;
  75
  76                 usleep_range(10000, 10100);
  77         }
  78
  79         dev_err(tee->dev, "tee: command timed out, disabling PSP\n");
  80         psp_dead = true;
  81
  82         return -ETIMEDOUT;
  83 }
  84
  85 static
  86 struct tee_init_ring_cmd *tee_alloc_cmd_buffer(struct psp_tee_device *tee)
  87 {
  88         struct tee_init_ring_cmd *cmd;
  89
  90         cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
  91         if (!cmd)
  92                 return NULL;
  93
  94         cmd->hi_addr = upper_32_bits(tee->rb_mgr.ring_pa);
  95         cmd->low_addr = lower_32_bits(tee->rb_mgr.ring_pa);
  96         cmd->size = tee->rb_mgr.ring_size;
  97
  98         dev_dbg(tee->dev, "tee: ring address: high = 0x%x low = 0x%x size = %u\n",
  99                 cmd->hi_addr, cmd->low_addr, cmd->size);
 100
 101         return cmd;
 102 }
 103
 104 static inline void tee_free_cmd_buffer(struct tee_init_ring_cmd *cmd)
 105 {
 106         kfree(cmd);
 107 }
 108
 109 static int tee_init_ring(struct psp_tee_device *tee)
 110 {
 111         int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
 112         struct tee_init_ring_cmd *cmd;
 113         phys_addr_t cmd_buffer;
 114         unsigned int reg;
 115         int ret;
 116
 117         BUILD_BUG_ON(sizeof(struct tee_ring_cmd) != 1024);
 118
 119         ret = tee_alloc_ring(tee, ring_size);
 120         if (ret) {
 121                 dev_err(tee->dev, "tee: ring allocation failed %d\n", ret);
 122                 return ret;
 123         }
 124
 125         tee->rb_mgr.wptr = 0;
 126
 127         cmd = tee_alloc_cmd_buffer(tee);
 128         if (!cmd) {
 129                 tee_free_ring(tee);
 130                 return -ENOMEM;
 131         }
 132
 133         cmd_buffer = __psp_pa((void *)cmd);
 134
 135         /* Send command buffer details to Trusted OS by writing to
 136          * CPU-PSP message registers
 137          */
 138
 139         iowrite32(lower_32_bits(cmd_buffer),
 140                   tee->io_regs + tee->vdata->cmdbuff_addr_lo_reg);
 141         iowrite32(upper_32_bits(cmd_buffer),
 142                   tee->io_regs + tee->vdata->cmdbuff_addr_hi_reg);
 143         iowrite32(TEE_RING_INIT_CMD,
 144                   tee->io_regs + tee->vdata->cmdresp_reg);
 145
 146         ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
 147         if (ret) {
 148                 dev_err(tee->dev, "tee: ring init command timed out\n");
 149                 tee_free_ring(tee);
 150                 goto free_buf;
 151         }
 152
 153         if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
 154                 dev_err(tee->dev, "tee: ring init command failed (%#010lx)\n",
 155                         FIELD_GET(PSP_CMDRESP_STS, reg));
 156                 tee_free_ring(tee);
 157                 ret = -EIO;
 158         }
 159
 160 free_buf:
 161         tee_free_cmd_buffer(cmd);
 162
 163         return ret;
 164 }
 165
 166 static void tee_destroy_ring(struct psp_tee_device *tee)
 167 {
 168         unsigned int reg;
 169         int ret;
 170
 171         if (!tee->rb_mgr.ring_start)
 172                 return;
 173
 174         if (psp_dead)
 175                 goto free_ring;
 176
 177         iowrite32(TEE_RING_DESTROY_CMD,
 178                   tee->io_regs + tee->vdata->cmdresp_reg);
 179
 180         ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
 181         if (ret) {
 182                 dev_err(tee->dev, "tee: ring destroy command timed out\n");
 183         } else if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
 184                 dev_err(tee->dev, "tee: ring destroy command failed (%#010lx)\n",
 185                         FIELD_GET(PSP_CMDRESP_STS, reg));
 186         }
 187
 188 free_ring:
 189         tee_free_ring(tee);
 190 }
 191
 192 int tee_dev_init(struct psp_device *psp)
 193 {
 194         struct device *dev = psp->dev;
 195         struct psp_tee_device *tee;
 196         int ret;
 197
 198         ret = -ENOMEM;
 199         tee = devm_kzalloc(dev, sizeof(*tee), GFP_KERNEL);
 200         if (!tee)
 201                 goto e_err;
 202
 203         psp->tee_data = tee;
 204
 205         tee->dev = dev;
 206         tee->psp = psp;
 207
 208         tee->io_regs = psp->io_regs;
 209
 210         tee->vdata = (struct tee_vdata *)psp->vdata->tee;
 211         if (!tee->vdata) {
 212                 ret = -ENODEV;
 213                 dev_err(dev, "tee: missing driver data\n");
 214                 goto e_err;
 215         }
 216
 217         ret = tee_init_ring(tee);
 218         if (ret) {
 219                 dev_err(dev, "tee: failed to init ring buffer\n");
 220                 goto e_err;
 221         }
 222
 223         dev_notice(dev, "tee enabled\n");
 224
 225         return 0;
 226
 227 e_err:
 228         psp->tee_data = NULL;
 229
 230         dev_notice(dev, "tee initialization failed\n");
 231
 232         return ret;
 233 }
 234
 235 void tee_dev_destroy(struct psp_device *psp)
 236 {
 237         struct psp_tee_device *tee = psp->tee_data;
 238
 239         if (!tee)
 240                 return;
 241
 242         tee_destroy_ring(tee);
 243 }
 244
 245 static int tee_submit_cmd(struct psp_tee_device *tee, enum tee_cmd_id cmd_id,
 246                           void *buf, size_t len, struct tee_ring_cmd **resp)
 247 {
 248         struct tee_ring_cmd *cmd;
 249         int nloop = 1000, ret = 0;
 250         u32 rptr;
 251
 252         *resp = NULL;
 253
 254         mutex_lock(&tee->rb_mgr.mutex);
 255
 256         /* Loop until empty entry found in ring buffer */
 257         do {
 258                 /* Get pointer to ring buffer command entry */
 259                 cmd = (struct tee_ring_cmd *)
 260                         (tee->rb_mgr.ring_start + tee->rb_mgr.wptr);
 261
 262                 rptr = ioread32(tee->io_regs + tee->vdata->ring_rptr_reg);
 263
 264                 /* Check if ring buffer is full or command entry is waiting
 265                  * for response from TEE
 266                  */
 267                 if (!(tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
 268                       cmd->flag == CMD_WAITING_FOR_RESPONSE))
 269                         break;
 270
 271                 dev_dbg(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
 272                         rptr, tee->rb_mgr.wptr);
 273
 274                 /* Wait if ring buffer is full or TEE is processing data */
 275                 mutex_unlock(&tee->rb_mgr.mutex);
 276                 schedule_timeout_interruptible(msecs_to_jiffies(10));
 277                 mutex_lock(&tee->rb_mgr.mutex);
 278
 279         } while (--nloop);
 280
 281         if (!nloop &&
 282             (tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
 283              cmd->flag == CMD_WAITING_FOR_RESPONSE)) {
 284                 dev_err(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u response flag %u\n",
 285                         rptr, tee->rb_mgr.wptr, cmd->flag);
 286                 ret = -EBUSY;
 287                 goto unlock;
 288         }
 289
 290         /* Do not submit command if PSP got disabled while processing any
 291          * command in another thread
 292          */
 293         if (psp_dead) {
 294                 ret = -EBUSY;
 295                 goto unlock;
 296         }
 297
 298         /* Write command data into ring buffer */
 299         cmd->cmd_id = cmd_id;
 300         cmd->cmd_state = TEE_CMD_STATE_INIT;
 301         memset(&cmd->buf[0], 0, sizeof(cmd->buf));
 302         memcpy(&cmd->buf[0], buf, len);
 303
 304         /* Indicate driver is waiting for response */
 305         cmd->flag = CMD_WAITING_FOR_RESPONSE;
 306
 307         /* Update local copy of write pointer */
 308         tee->rb_mgr.wptr += sizeof(struct tee_ring_cmd);
 309         if (tee->rb_mgr.wptr >= tee->rb_mgr.ring_size)
 310                 tee->rb_mgr.wptr = 0;
 311
 312         /* Trigger interrupt to Trusted OS */
 313         iowrite32(tee->rb_mgr.wptr, tee->io_regs + tee->vdata->ring_wptr_reg);
 314
 315         /* The response is provided by Trusted OS in same
 316          * location as submitted data entry within ring buffer.
 317          */
 318         *resp = cmd;
 319
 320 unlock:
 321         mutex_unlock(&tee->rb_mgr.mutex);
 322
 323         return ret;
 324 }
 325
 326 static int tee_wait_cmd_completion(struct psp_tee_device *tee,
 327                                    struct tee_ring_cmd *resp,
 328                                    unsigned int timeout)
 329 {
 330         /* ~1ms sleep per loop => nloop = timeout * 1000 */
 331         int nloop = timeout * 1000;
 332
 333         while (--nloop) {
 334                 if (resp->cmd_state == TEE_CMD_STATE_COMPLETED)
 335                         return 0;
 336
 337                 usleep_range(1000, 1100);
 338         }
 339
 340         dev_err(tee->dev, "tee: command 0x%x timed out, disabling PSP\n",
 341                 resp->cmd_id);
 342
 343         psp_dead = true;
 344
 345         return -ETIMEDOUT;
 346 }
 347
 348 int psp_tee_process_cmd(enum tee_cmd_id cmd_id, void *buf, size_t len,
 349                         u32 *status)
 350 {
 351         struct psp_device *psp = psp_get_master_device();
 352         struct psp_tee_device *tee;
 353         struct tee_ring_cmd *resp;
 354         int ret;
 355
 356         if (!buf || !status || !len || len > sizeof(resp->buf))
 357                 return -EINVAL;
 358
 359         *status = 0;
 360
 361         if (!psp || !psp->tee_data)
 362                 return -ENODEV;
 363
 364         if (psp_dead)
 365                 return -EBUSY;
 366
 367         tee = psp->tee_data;
 368
 369         ret = tee_submit_cmd(tee, cmd_id, buf, len, &resp);
 370         if (ret)
 371                 return ret;
 372
 373         ret = tee_wait_cmd_completion(tee, resp, TEE_DEFAULT_TIMEOUT);
 374         if (ret) {
 375                 resp->flag = CMD_RESPONSE_TIMEDOUT;
 376                 return ret;
 377         }
 378
 379         memcpy(buf, &resp->buf[0], len);
 380         *status = resp->status;
 381
 382         resp->flag = CMD_RESPONSE_COPIED;
 383
 384         return 0;
 385 }
 386 EXPORT_SYMBOL(psp_tee_process_cmd);
 387
 388 int psp_check_tee_status(void)
 389 {
 390         struct psp_device *psp = psp_get_master_device();
 391
 392         if (!psp || !psp->tee_data)
 393                 return -ENODEV;
 394
 395         return 0;
 396 }
 397 EXPORT_SYMBOL(psp_check_tee_status);