1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 8 #include <linux/errno.h> 9 #include <linux/device.h> 10 #include <linux/firmware.h> 11 #include <linux/io.h> 12 #include <linux/mm.h> 13 #include <linux/module.h> 14 #include <linux/psp-tee.h> 15 #include <linux/slab.h> 16 #include <linux/string.h> 17 #include <linux/tee_core.h> 18 #include <linux/types.h> 19 #include <linux/uaccess.h> 20 21 #include "amdtee_private.h" 22 23 static struct amdtee_driver_data *drv_data; 24 static DEFINE_MUTEX(session_list_mutex); 25 26 static void amdtee_get_version(struct tee_device *teedev, 27 struct tee_ioctl_version_data *vers) 28 { 29 struct tee_ioctl_version_data v = { 30 .impl_id = TEE_IMPL_ID_AMDTEE, 31 .impl_caps = 0, 32 .gen_caps = TEE_GEN_CAP_GP, 33 }; 34 *vers = v; 35 } 36 37 static int amdtee_open(struct tee_context *ctx) 38 { 39 struct amdtee_context_data *ctxdata; 40 41 ctxdata = kzalloc_obj(*ctxdata); 42 if (!ctxdata) 43 return -ENOMEM; 44 45 INIT_LIST_HEAD(&ctxdata->sess_list); 46 47 ctx->data = ctxdata; 48 return 0; 49 } 50 51 static void release_session(struct amdtee_session *sess) 52 { 53 int i; 54 55 /* Close any open session */ 56 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 57 /* Check if session entry 'i' is valid */ 58 if (!test_bit(i, sess->sess_mask)) 59 continue; 60 61 handle_close_session(sess->ta_handle, sess->session_info[i]); 62 handle_unload_ta(sess->ta_handle); 63 } 64 65 kfree(sess); 66 } 67 68 static void amdtee_release(struct tee_context *ctx) 69 { 70 struct amdtee_context_data *ctxdata = ctx->data; 71 72 if (!ctxdata) 73 return; 74 75 while (true) { 76 struct amdtee_session *sess; 77 78 sess = list_first_entry_or_null(&ctxdata->sess_list, 79 struct amdtee_session, 80 list_node); 81 82 if (!sess) 83 break; 84 85 list_del(&sess->list_node); 86 release_session(sess); 87 } 88 kfree(ctxdata); 89 90 ctx->data = NULL; 91 } 92 93 /** 94 * alloc_session() - Allocate a session structure 95 * @ctxdata: TEE Context data structure 96 * @session: Session ID for which 'struct amdtee_session' structure is to be 97 * allocated. 98 * 99 * Scans the TEE context's session list to check if TA is already loaded in to 100 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 101 * initializes a new 'session' structure and adds it to context's session list. 102 * 103 * The caller must hold a mutex. 104 * 105 * Returns: 106 * 'struct amdtee_session *' on success and NULL on failure. 107 */ 108 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 109 u32 session) 110 { 111 struct amdtee_session *sess; 112 u32 ta_handle = get_ta_handle(session); 113 114 /* Scan session list to check if TA is already loaded in to TEE */ 115 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 116 if (sess->ta_handle == ta_handle) { 117 kref_get(&sess->refcount); 118 return sess; 119 } 120 121 /* Allocate a new session and add to list */ 122 sess = kzalloc_obj(*sess); 123 if (sess) { 124 sess->ta_handle = ta_handle; 125 kref_init(&sess->refcount); 126 spin_lock_init(&sess->lock); 127 list_add(&sess->list_node, &ctxdata->sess_list); 128 } 129 130 return sess; 131 } 132 133 /* Requires mutex to be held */ 134 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 135 u32 session) 136 { 137 u32 ta_handle = get_ta_handle(session); 138 u32 index = get_session_index(session); 139 struct amdtee_session *sess; 140 141 if (index >= TEE_NUM_SESSIONS) 142 return NULL; 143 144 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 145 if (ta_handle == sess->ta_handle && 146 test_bit(index, sess->sess_mask)) 147 return sess; 148 149 return NULL; 150 } 151 152 static DEFINE_MUTEX(drv_mutex); 153 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 154 size_t *ta_size) 155 { 156 const struct firmware *fw; 157 char fw_name[TA_PATH_MAX]; 158 struct { 159 u32 lo; 160 u16 mid; 161 u16 hi_ver; 162 u8 seq_n[8]; 163 } *uuid = ptr; 164 int n, rc = 0; 165 166 n = snprintf(fw_name, TA_PATH_MAX, 167 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 168 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 169 uuid->seq_n[0], uuid->seq_n[1], 170 uuid->seq_n[2], uuid->seq_n[3], 171 uuid->seq_n[4], uuid->seq_n[5], 172 uuid->seq_n[6], uuid->seq_n[7]); 173 if (n < 0 || n >= TA_PATH_MAX) { 174 pr_err("failed to get firmware name\n"); 175 return -EINVAL; 176 } 177 178 mutex_lock(&drv_mutex); 179 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 180 if (n) { 181 pr_err("failed to load firmware %s\n", fw_name); 182 rc = -ENOMEM; 183 goto unlock; 184 } 185 186 *ta_size = roundup(fw->size, PAGE_SIZE); 187 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 188 if (!*ta) { 189 pr_err("%s: get_free_pages failed\n", __func__); 190 rc = -ENOMEM; 191 goto rel_fw; 192 } 193 194 memcpy(*ta, fw->data, fw->size); 195 rel_fw: 196 release_firmware(fw); 197 unlock: 198 mutex_unlock(&drv_mutex); 199 return rc; 200 } 201 202 /* mutex must be held by caller */ 203 static void destroy_session(struct kref *ref) 204 { 205 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 206 refcount); 207 208 list_del(&sess->list_node); 209 mutex_unlock(&session_list_mutex); 210 kfree(sess); 211 } 212 213 int amdtee_open_session(struct tee_context *ctx, 214 struct tee_ioctl_open_session_arg *arg, 215 struct tee_param *param) 216 { 217 struct amdtee_context_data *ctxdata = ctx->data; 218 struct amdtee_session *sess = NULL; 219 u32 session_info, ta_handle; 220 size_t ta_size; 221 int rc, i; 222 void *ta; 223 224 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 225 pr_err("unsupported client login method\n"); 226 return -EINVAL; 227 } 228 229 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 230 if (rc) { 231 pr_err("failed to copy TA binary\n"); 232 return rc; 233 } 234 235 /* Load the TA binary into TEE environment */ 236 handle_load_ta(ta, ta_size, arg); 237 if (arg->ret != TEEC_SUCCESS) 238 goto out; 239 240 ta_handle = get_ta_handle(arg->session); 241 242 mutex_lock(&session_list_mutex); 243 sess = alloc_session(ctxdata, arg->session); 244 mutex_unlock(&session_list_mutex); 245 246 if (!sess) { 247 handle_unload_ta(ta_handle); 248 rc = -ENOMEM; 249 goto out; 250 } 251 252 /* Open session with loaded TA */ 253 handle_open_session(arg, &session_info, param); 254 if (arg->ret != TEEC_SUCCESS) { 255 pr_err("open_session failed %d\n", arg->ret); 256 handle_unload_ta(ta_handle); 257 kref_put_mutex(&sess->refcount, destroy_session, 258 &session_list_mutex); 259 goto out; 260 } 261 262 /* Find an empty session index for the given TA */ 263 spin_lock(&sess->lock); 264 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 265 if (i < TEE_NUM_SESSIONS) { 266 sess->session_info[i] = session_info; 267 set_session_id(ta_handle, i, &arg->session); 268 set_bit(i, sess->sess_mask); 269 } 270 spin_unlock(&sess->lock); 271 272 if (i >= TEE_NUM_SESSIONS) { 273 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 274 handle_close_session(ta_handle, session_info); 275 handle_unload_ta(ta_handle); 276 kref_put_mutex(&sess->refcount, destroy_session, 277 &session_list_mutex); 278 rc = -ENOMEM; 279 goto out; 280 } 281 282 out: 283 free_pages((u64)ta, get_order(ta_size)); 284 return rc; 285 } 286 287 int amdtee_close_session(struct tee_context *ctx, u32 session) 288 { 289 struct amdtee_context_data *ctxdata = ctx->data; 290 u32 i, ta_handle, session_info; 291 struct amdtee_session *sess; 292 293 pr_debug("%s: sid = 0x%x\n", __func__, session); 294 295 /* 296 * Check that the session is valid and clear the session 297 * usage bit 298 */ 299 mutex_lock(&session_list_mutex); 300 sess = find_session(ctxdata, session); 301 if (sess) { 302 ta_handle = get_ta_handle(session); 303 i = get_session_index(session); 304 session_info = sess->session_info[i]; 305 spin_lock(&sess->lock); 306 clear_bit(i, sess->sess_mask); 307 spin_unlock(&sess->lock); 308 } 309 mutex_unlock(&session_list_mutex); 310 311 if (!sess) 312 return -EINVAL; 313 314 /* Close the session */ 315 handle_close_session(ta_handle, session_info); 316 handle_unload_ta(ta_handle); 317 318 kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex); 319 320 return 0; 321 } 322 323 int amdtee_map_shmem(struct tee_shm *shm) 324 { 325 struct shmem_desc shmem; 326 int rc, count; 327 u32 buf_id; 328 329 if (!shm) 330 return -EINVAL; 331 332 count = 1; 333 shmem.kaddr = shm->kaddr; 334 shmem.size = shm->size; 335 336 /* 337 * Send a MAP command to TEE and get the corresponding 338 * buffer Id 339 */ 340 rc = handle_map_shmem(count, &shmem, &buf_id); 341 if (rc) { 342 pr_err("map_shmem failed: ret = %d\n", rc); 343 return rc; 344 } 345 346 shm->sec_world_id = buf_id; 347 348 pr_debug("buf_id :[%x] kaddr[%p]\n", buf_id, shm->kaddr); 349 350 return 0; 351 } 352 353 void amdtee_unmap_shmem(struct tee_shm *shm) 354 { 355 u32 buf_id; 356 357 if (!shm) 358 return; 359 360 buf_id = (u32)shm->sec_world_id; 361 handle_unmap_shmem(buf_id); 362 shm->sec_world_id = 0; 363 } 364 365 int amdtee_invoke_func(struct tee_context *ctx, 366 struct tee_ioctl_invoke_arg *arg, 367 struct tee_param *param) 368 { 369 struct amdtee_context_data *ctxdata = ctx->data; 370 struct amdtee_session *sess; 371 u32 i, session_info; 372 373 /* Check that the session is valid */ 374 mutex_lock(&session_list_mutex); 375 sess = find_session(ctxdata, arg->session); 376 if (sess) { 377 i = get_session_index(arg->session); 378 session_info = sess->session_info[i]; 379 } 380 mutex_unlock(&session_list_mutex); 381 382 if (!sess) 383 return -EINVAL; 384 385 handle_invoke_cmd(arg, session_info, param); 386 387 return 0; 388 } 389 390 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 391 { 392 return -EINVAL; 393 } 394 395 static const struct tee_driver_ops amdtee_ops = { 396 .get_version = amdtee_get_version, 397 .open = amdtee_open, 398 .release = amdtee_release, 399 .open_session = amdtee_open_session, 400 .close_session = amdtee_close_session, 401 .invoke_func = amdtee_invoke_func, 402 .cancel_req = amdtee_cancel_req, 403 }; 404 405 static const struct tee_desc amdtee_desc = { 406 .name = DRIVER_NAME "-clnt", 407 .ops = &amdtee_ops, 408 .owner = THIS_MODULE, 409 }; 410 411 static int __init amdtee_driver_init(void) 412 { 413 struct tee_device *teedev; 414 struct tee_shm_pool *pool; 415 struct amdtee *amdtee; 416 int rc; 417 418 rc = psp_check_tee_status(); 419 if (rc) { 420 pr_err("tee not present\n"); 421 return rc; 422 } 423 424 drv_data = kzalloc_obj(*drv_data); 425 if (!drv_data) 426 return -ENOMEM; 427 428 amdtee = kzalloc_obj(*amdtee); 429 if (!amdtee) { 430 rc = -ENOMEM; 431 goto err_kfree_drv_data; 432 } 433 434 pool = amdtee_config_shm(); 435 if (IS_ERR(pool)) { 436 pr_err("shared pool configuration error\n"); 437 rc = PTR_ERR(pool); 438 goto err_kfree_amdtee; 439 } 440 441 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 442 if (IS_ERR(teedev)) { 443 rc = PTR_ERR(teedev); 444 goto err_free_pool; 445 } 446 amdtee->teedev = teedev; 447 448 rc = tee_device_register(amdtee->teedev); 449 if (rc) 450 goto err_device_unregister; 451 452 amdtee->pool = pool; 453 454 drv_data->amdtee = amdtee; 455 456 return 0; 457 458 err_device_unregister: 459 tee_device_unregister(amdtee->teedev); 460 461 err_free_pool: 462 tee_shm_pool_free(pool); 463 464 err_kfree_amdtee: 465 kfree(amdtee); 466 467 err_kfree_drv_data: 468 kfree(drv_data); 469 drv_data = NULL; 470 471 pr_err("initialization failed\n"); 472 return rc; 473 } 474 module_init(amdtee_driver_init); 475 476 static void __exit amdtee_driver_exit(void) 477 { 478 struct amdtee *amdtee; 479 480 if (!drv_data || !drv_data->amdtee) 481 return; 482 483 amdtee = drv_data->amdtee; 484 485 tee_device_unregister(amdtee->teedev); 486 tee_shm_pool_free(amdtee->pool); 487 } 488 module_exit(amdtee_driver_exit); 489 490 MODULE_AUTHOR(DRIVER_AUTHOR); 491 MODULE_DESCRIPTION("AMD-TEE driver"); 492 MODULE_VERSION("1.0"); 493 MODULE_LICENSE("Dual MIT/GPL"); 494