1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2015-2016, Linaro Limited 4 */ 5 6 #define pr_fmt(fmt) "%s: " fmt, __func__ 7 8 #include <linux/cdev.h> 9 #include <linux/cred.h> 10 #include <linux/fs.h> 11 #include <linux/idr.h> 12 #include <linux/module.h> 13 #include <linux/overflow.h> 14 #include <linux/slab.h> 15 #include <linux/tee_core.h> 16 #include <linux/uaccess.h> 17 #include <crypto/sha1.h> 18 #include "tee_private.h" 19 20 #define TEE_NUM_DEVICES 32 21 22 #define TEE_IOCTL_PARAM_SIZE(x) (size_mul(sizeof(struct tee_param), (x))) 23 24 #define TEE_UUID_NS_NAME_SIZE 128 25 26 /* 27 * TEE Client UUID name space identifier (UUIDv4) 28 * 29 * Value here is random UUID that is allocated as name space identifier for 30 * forming Client UUID's for TEE environment using UUIDv5 scheme. 31 */ 32 static const uuid_t tee_client_uuid_ns = UUID_INIT(0x58ac9ca0, 0x2086, 0x4683, 33 0xa1, 0xb8, 0xec, 0x4b, 34 0xc0, 0x8e, 0x01, 0xb6); 35 36 /* 37 * Unprivileged devices in the lower half range and privileged devices in 38 * the upper half range. 39 */ 40 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES); 41 static DEFINE_SPINLOCK(driver_lock); 42 43 static const struct class tee_class; 44 static dev_t tee_devt; 45 46 struct tee_context *teedev_open(struct tee_device *teedev) 47 { 48 int rc; 49 struct tee_context *ctx; 50 51 if (!tee_device_get(teedev)) 52 return ERR_PTR(-EINVAL); 53 54 ctx = kzalloc_obj(*ctx); 55 if (!ctx) { 56 rc = -ENOMEM; 57 goto err; 58 } 59 60 kref_init(&ctx->refcount); 61 ctx->teedev = teedev; 62 rc = teedev->desc->ops->open(ctx); 63 if (rc) 64 goto err; 65 66 return ctx; 67 err: 68 kfree(ctx); 69 tee_device_put(teedev); 70 return ERR_PTR(rc); 71 72 } 73 EXPORT_SYMBOL_GPL(teedev_open); 74 75 void teedev_ctx_get(struct tee_context *ctx) 76 { 77 if (ctx->releasing) 78 return; 79 80 kref_get(&ctx->refcount); 81 } 82 EXPORT_SYMBOL_GPL(teedev_ctx_get); 83 84 static void teedev_ctx_release(struct kref *ref) 85 { 86 struct tee_context *ctx = container_of(ref, struct tee_context, 87 refcount); 88 ctx->releasing = true; 89 ctx->teedev->desc->ops->release(ctx); 90 kfree(ctx); 91 } 92 93 void teedev_ctx_put(struct tee_context *ctx) 94 { 95 if (ctx->releasing) 96 return; 97 98 kref_put(&ctx->refcount, teedev_ctx_release); 99 } 100 EXPORT_SYMBOL_GPL(teedev_ctx_put); 101 102 void teedev_close_context(struct tee_context *ctx) 103 { 104 struct tee_device *teedev = ctx->teedev; 105 106 if (teedev->desc->ops->close_context) 107 teedev->desc->ops->close_context(ctx); 108 109 teedev_ctx_put(ctx); 110 tee_device_put(teedev); 111 } 112 EXPORT_SYMBOL_GPL(teedev_close_context); 113 114 static int tee_open(struct inode *inode, struct file *filp) 115 { 116 struct tee_context *ctx; 117 118 ctx = teedev_open(container_of(inode->i_cdev, struct tee_device, cdev)); 119 if (IS_ERR(ctx)) 120 return PTR_ERR(ctx); 121 122 /* 123 * Default user-space behaviour is to wait for tee-supplicant 124 * if not present for any requests in this context. 125 */ 126 ctx->supp_nowait = false; 127 filp->private_data = ctx; 128 return 0; 129 } 130 131 static int tee_release(struct inode *inode, struct file *filp) 132 { 133 teedev_close_context(filp->private_data); 134 return 0; 135 } 136 137 /** 138 * uuid_v5() - Calculate UUIDv5 139 * @uuid: Resulting UUID 140 * @ns: Name space ID for UUIDv5 function 141 * @name: Name for UUIDv5 function 142 * @size: Size of name 143 * 144 * UUIDv5 is specific in RFC 4122. 145 * 146 * This implements section (for SHA-1): 147 * 4.3. Algorithm for Creating a Name-Based UUID 148 */ 149 static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name, 150 size_t size) 151 { 152 unsigned char hash[SHA1_DIGEST_SIZE]; 153 struct sha1_ctx ctx; 154 155 sha1_init(&ctx); 156 sha1_update(&ctx, (const u8 *)ns, sizeof(*ns)); 157 sha1_update(&ctx, (const u8 *)name, size); 158 sha1_final(&ctx, hash); 159 160 memcpy(uuid->b, hash, UUID_SIZE); 161 162 /* Tag for version 5 */ 163 uuid->b[6] = (hash[6] & 0x0F) | 0x50; 164 uuid->b[8] = (hash[8] & 0x3F) | 0x80; 165 } 166 167 int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, 168 const u8 connection_data[TEE_IOCTL_UUID_LEN]) 169 { 170 gid_t ns_grp = (gid_t)-1; 171 kgid_t grp = INVALID_GID; 172 char *name = NULL; 173 int name_len; 174 int rc = 0; 175 176 if (connection_method == TEE_IOCTL_LOGIN_PUBLIC || 177 connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) { 178 /* Nil UUID to be passed to TEE environment */ 179 uuid_copy(uuid, &uuid_null); 180 return 0; 181 } 182 183 /* 184 * In Linux environment client UUID is based on UUIDv5. 185 * 186 * Determine client UUID with following semantics for 'name': 187 * 188 * For TEEC_LOGIN_USER: 189 * uid=<uid> 190 * 191 * For TEEC_LOGIN_GROUP: 192 * gid=<gid> 193 * 194 */ 195 196 name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); 197 if (!name) 198 return -ENOMEM; 199 200 switch (connection_method) { 201 case TEE_IOCTL_LOGIN_USER: 202 name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x", 203 current_euid().val); 204 if (name_len >= TEE_UUID_NS_NAME_SIZE) { 205 rc = -E2BIG; 206 goto out_free_name; 207 } 208 break; 209 210 case TEE_IOCTL_LOGIN_GROUP: 211 memcpy(&ns_grp, connection_data, sizeof(gid_t)); 212 grp = make_kgid(current_user_ns(), ns_grp); 213 if (!gid_valid(grp) || !in_egroup_p(grp)) { 214 rc = -EPERM; 215 goto out_free_name; 216 } 217 218 name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x", 219 grp.val); 220 if (name_len >= TEE_UUID_NS_NAME_SIZE) { 221 rc = -E2BIG; 222 goto out_free_name; 223 } 224 break; 225 226 default: 227 rc = -EINVAL; 228 goto out_free_name; 229 } 230 231 uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); 232 out_free_name: 233 kfree(name); 234 235 return rc; 236 } 237 EXPORT_SYMBOL_GPL(tee_session_calc_client_uuid); 238 239 static int tee_ioctl_version(struct tee_context *ctx, 240 struct tee_ioctl_version_data __user *uvers) 241 { 242 struct tee_ioctl_version_data vers; 243 244 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers); 245 246 if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED) 247 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED; 248 249 if (copy_to_user(uvers, &vers, sizeof(vers))) 250 return -EFAULT; 251 252 return 0; 253 } 254 255 static int tee_ioctl_shm_alloc(struct tee_context *ctx, 256 struct tee_ioctl_shm_alloc_data __user *udata) 257 { 258 long ret; 259 struct tee_ioctl_shm_alloc_data data; 260 struct tee_shm *shm; 261 262 if (copy_from_user(&data, udata, sizeof(data))) 263 return -EFAULT; 264 265 /* Currently no input flags are supported */ 266 if (data.flags) 267 return -EINVAL; 268 269 shm = tee_shm_alloc_user_buf(ctx, data.size); 270 if (IS_ERR(shm)) 271 return PTR_ERR(shm); 272 273 data.id = shm->id; 274 data.size = shm->size; 275 276 if (copy_to_user(udata, &data, sizeof(data))) 277 ret = -EFAULT; 278 else 279 ret = tee_shm_get_fd(shm); 280 281 /* 282 * When user space closes the file descriptor the shared memory 283 * should be freed or if tee_shm_get_fd() failed then it will 284 * be freed immediately. 285 */ 286 tee_shm_put(shm); 287 return ret; 288 } 289 290 static int 291 tee_ioctl_shm_register(struct tee_context *ctx, 292 struct tee_ioctl_shm_register_data __user *udata) 293 { 294 long ret; 295 struct tee_ioctl_shm_register_data data; 296 struct tee_shm *shm; 297 298 if (copy_from_user(&data, udata, sizeof(data))) 299 return -EFAULT; 300 301 /* Currently no input flags are supported */ 302 if (data.flags) 303 return -EINVAL; 304 305 shm = tee_shm_register_user_buf(ctx, data.addr, data.length); 306 if (IS_ERR(shm)) 307 return PTR_ERR(shm); 308 309 data.id = shm->id; 310 data.length = shm->size; 311 312 if (copy_to_user(udata, &data, sizeof(data))) 313 ret = -EFAULT; 314 else 315 ret = tee_shm_get_fd(shm); 316 /* 317 * When user space closes the file descriptor the shared memory 318 * should be freed or if tee_shm_get_fd() failed then it will 319 * be freed immediately. 320 */ 321 tee_shm_put(shm); 322 return ret; 323 } 324 325 static int 326 tee_ioctl_shm_register_fd(struct tee_context *ctx, 327 struct tee_ioctl_shm_register_fd_data __user *udata) 328 { 329 struct tee_ioctl_shm_register_fd_data data; 330 struct tee_shm *shm; 331 long ret; 332 333 if (copy_from_user(&data, udata, sizeof(data))) 334 return -EFAULT; 335 336 /* Currently no input flags are supported */ 337 if (data.flags) 338 return -EINVAL; 339 340 shm = tee_shm_register_fd(ctx, data.fd); 341 if (IS_ERR(shm)) 342 return -EINVAL; 343 344 data.id = shm->id; 345 data.flags = shm->flags; 346 data.size = shm->size; 347 348 if (copy_to_user(udata, &data, sizeof(data))) 349 ret = -EFAULT; 350 else 351 ret = tee_shm_get_fd(shm); 352 353 /* 354 * When user space closes the file descriptor the shared memory 355 * should be freed or if tee_shm_get_fd() failed then it will 356 * be freed immediately. 357 */ 358 tee_shm_put(shm); 359 return ret; 360 } 361 362 static int param_from_user_memref(struct tee_context *ctx, 363 struct tee_param_memref *memref, 364 struct tee_ioctl_param *ip) 365 { 366 struct tee_shm *shm; 367 size_t offs = 0; 368 369 /* 370 * If a NULL pointer is passed to a TA in the TEE, 371 * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL 372 * indicating a NULL memory reference. 373 */ 374 if (ip->c != TEE_MEMREF_NULL) { 375 /* 376 * If we fail to get a pointer to a shared 377 * memory object (and increase the ref count) 378 * from an identifier we return an error. All 379 * pointers that has been added in params have 380 * an increased ref count. It's the callers 381 * responibility to do tee_shm_put() on all 382 * resolved pointers. 383 */ 384 shm = tee_shm_get_from_id(ctx, ip->c); 385 if (IS_ERR(shm)) 386 return PTR_ERR(shm); 387 388 /* 389 * Ensure offset + size does not overflow 390 * offset and does not overflow the size of 391 * the referred shared memory object. 392 */ 393 if ((ip->a + ip->b) < ip->a || 394 (ip->a + ip->b) > shm->size) { 395 tee_shm_put(shm); 396 return -EINVAL; 397 } 398 399 if (shm->flags & TEE_SHM_DMA_BUF) { 400 struct tee_shm_dmabuf_ref *ref; 401 402 ref = container_of(shm, struct tee_shm_dmabuf_ref, shm); 403 if (ref->parent_shm) { 404 /* 405 * The shm already has one reference to 406 * ref->parent_shm so we are clear of 0. 407 * We're getting another reference since 408 * this shm will be used in the parameter 409 * list instead of the shm we got with 410 * tee_shm_get_from_id() above. 411 */ 412 refcount_inc(&ref->parent_shm->refcount); 413 tee_shm_put(shm); 414 shm = ref->parent_shm; 415 offs = ref->offset; 416 } 417 } 418 } else if (ctx->cap_memref_null) { 419 /* Pass NULL pointer to OP-TEE */ 420 shm = NULL; 421 } else { 422 return -EINVAL; 423 } 424 425 memref->shm_offs = ip->a + offs; 426 memref->size = ip->b; 427 memref->shm = shm; 428 429 return 0; 430 } 431 432 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 433 size_t num_params, 434 struct tee_ioctl_param __user *uparams) 435 { 436 size_t n; 437 438 for (n = 0; n < num_params; n++) { 439 struct tee_ioctl_param ip; 440 int rc; 441 442 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 443 return -EFAULT; 444 445 /* All unused attribute bits has to be zero */ 446 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 447 return -EINVAL; 448 449 params[n].attr = ip.attr; 450 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 451 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 452 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 453 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 454 break; 455 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 456 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 457 params[n].u.value.a = ip.a; 458 params[n].u.value.b = ip.b; 459 params[n].u.value.c = ip.c; 460 break; 461 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: 462 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 463 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 464 params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); 465 params[n].u.ubuf.size = ip.b; 466 467 if (!access_ok(params[n].u.ubuf.uaddr, 468 params[n].u.ubuf.size)) 469 return -EFAULT; 470 471 break; 472 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT: 473 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 474 params[n].u.objref.id = ip.a; 475 params[n].u.objref.flags = ip.b; 476 break; 477 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 478 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 479 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 480 rc = param_from_user_memref(ctx, ¶ms[n].u.memref, 481 &ip); 482 if (rc) 483 return rc; 484 break; 485 default: 486 /* Unknown attribute */ 487 return -EINVAL; 488 } 489 } 490 return 0; 491 } 492 493 static int params_to_user(struct tee_ioctl_param __user *uparams, 494 size_t num_params, struct tee_param *params) 495 { 496 size_t n; 497 498 for (n = 0; n < num_params; n++) { 499 struct tee_ioctl_param __user *up = uparams + n; 500 struct tee_param *p = params + n; 501 502 switch (p->attr) { 503 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 504 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 505 if (put_user(p->u.value.a, &up->a) || 506 put_user(p->u.value.b, &up->b) || 507 put_user(p->u.value.c, &up->c)) 508 return -EFAULT; 509 break; 510 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 511 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 512 if (put_user((u64)p->u.ubuf.size, &up->b)) 513 return -EFAULT; 514 break; 515 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 516 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 517 if (put_user(p->u.objref.id, &up->a) || 518 put_user(p->u.objref.flags, &up->b)) 519 return -EFAULT; 520 break; 521 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 522 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 523 if (put_user((u64)p->u.memref.size, &up->b)) 524 return -EFAULT; 525 break; 526 default: 527 break; 528 } 529 } 530 return 0; 531 } 532 533 static void free_params(struct tee_param *params, size_t num_params) 534 { 535 size_t n; 536 537 if (!params) 538 return; 539 540 for (n = 0; n < num_params; n++) 541 if (tee_param_is_memref(params + n) && params[n].u.memref.shm) 542 tee_shm_put(params[n].u.memref.shm); 543 544 kfree(params); 545 } 546 547 static int tee_ioctl_open_session(struct tee_context *ctx, 548 struct tee_ioctl_buf_data __user *ubuf) 549 { 550 int rc; 551 struct tee_ioctl_buf_data buf; 552 struct tee_ioctl_open_session_arg __user *uarg; 553 struct tee_ioctl_open_session_arg arg; 554 struct tee_ioctl_param __user *uparams = NULL; 555 struct tee_param *params = NULL; 556 bool have_session = false; 557 558 if (!ctx->teedev->desc->ops->open_session) 559 return -EINVAL; 560 561 if (copy_from_user(&buf, ubuf, sizeof(buf))) 562 return -EFAULT; 563 564 if (buf.buf_len > TEE_MAX_ARG_SIZE || 565 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg)) 566 return -EINVAL; 567 568 uarg = u64_to_user_ptr(buf.buf_ptr); 569 if (copy_from_user(&arg, uarg, sizeof(arg))) 570 return -EFAULT; 571 572 if (size_add(sizeof(arg), TEE_IOCTL_PARAM_SIZE(arg.num_params)) != buf.buf_len) 573 return -EINVAL; 574 575 if (arg.num_params) { 576 params = kzalloc_objs(struct tee_param, arg.num_params); 577 if (!params) 578 return -ENOMEM; 579 uparams = uarg->params; 580 rc = params_from_user(ctx, params, arg.num_params, uparams); 581 if (rc) 582 goto out; 583 } 584 585 if (arg.clnt_login >= TEE_IOCTL_LOGIN_REE_KERNEL_MIN && 586 arg.clnt_login <= TEE_IOCTL_LOGIN_REE_KERNEL_MAX) { 587 pr_debug("login method not allowed for user-space client\n"); 588 rc = -EPERM; 589 goto out; 590 } 591 592 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); 593 if (rc) 594 goto out; 595 have_session = true; 596 597 if (put_user(arg.session, &uarg->session) || 598 put_user(arg.ret, &uarg->ret) || 599 put_user(arg.ret_origin, &uarg->ret_origin)) { 600 rc = -EFAULT; 601 goto out; 602 } 603 rc = params_to_user(uparams, arg.num_params, params); 604 out: 605 /* 606 * If we've succeeded to open the session but failed to communicate 607 * it back to user space, close the session again to avoid leakage. 608 */ 609 if (rc && have_session && ctx->teedev->desc->ops->close_session) 610 ctx->teedev->desc->ops->close_session(ctx, arg.session); 611 free_params(params, arg.num_params); 612 return rc; 613 } 614 615 static int tee_ioctl_invoke(struct tee_context *ctx, 616 struct tee_ioctl_buf_data __user *ubuf) 617 { 618 int rc; 619 struct tee_ioctl_buf_data buf; 620 struct tee_ioctl_invoke_arg __user *uarg; 621 struct tee_ioctl_invoke_arg arg; 622 struct tee_ioctl_param __user *uparams = NULL; 623 struct tee_param *params = NULL; 624 625 if (!ctx->teedev->desc->ops->invoke_func) 626 return -EINVAL; 627 628 if (copy_from_user(&buf, ubuf, sizeof(buf))) 629 return -EFAULT; 630 631 if (buf.buf_len > TEE_MAX_ARG_SIZE || 632 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg)) 633 return -EINVAL; 634 635 uarg = u64_to_user_ptr(buf.buf_ptr); 636 if (copy_from_user(&arg, uarg, sizeof(arg))) 637 return -EFAULT; 638 639 if (size_add(sizeof(arg), TEE_IOCTL_PARAM_SIZE(arg.num_params)) != buf.buf_len) 640 return -EINVAL; 641 642 if (arg.num_params) { 643 params = kzalloc_objs(struct tee_param, arg.num_params); 644 if (!params) 645 return -ENOMEM; 646 uparams = uarg->params; 647 rc = params_from_user(ctx, params, arg.num_params, uparams); 648 if (rc) 649 goto out; 650 } 651 652 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params); 653 if (rc) 654 goto out; 655 656 if (put_user(arg.ret, &uarg->ret) || 657 put_user(arg.ret_origin, &uarg->ret_origin)) { 658 rc = -EFAULT; 659 goto out; 660 } 661 rc = params_to_user(uparams, arg.num_params, params); 662 out: 663 free_params(params, arg.num_params); 664 return rc; 665 } 666 667 static int tee_ioctl_object_invoke(struct tee_context *ctx, 668 struct tee_ioctl_buf_data __user *ubuf) 669 { 670 int rc; 671 struct tee_ioctl_buf_data buf; 672 struct tee_ioctl_object_invoke_arg __user *uarg; 673 struct tee_ioctl_object_invoke_arg arg; 674 struct tee_ioctl_param __user *uparams = NULL; 675 struct tee_param *params = NULL; 676 677 if (!ctx->teedev->desc->ops->object_invoke_func) 678 return -EINVAL; 679 680 if (copy_from_user(&buf, ubuf, sizeof(buf))) 681 return -EFAULT; 682 683 if (buf.buf_len > TEE_MAX_ARG_SIZE || 684 buf.buf_len < sizeof(struct tee_ioctl_object_invoke_arg)) 685 return -EINVAL; 686 687 uarg = u64_to_user_ptr(buf.buf_ptr); 688 if (copy_from_user(&arg, uarg, sizeof(arg))) 689 return -EFAULT; 690 691 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 692 return -EINVAL; 693 694 if (arg.num_params) { 695 params = kzalloc_objs(struct tee_param, arg.num_params); 696 if (!params) 697 return -ENOMEM; 698 uparams = uarg->params; 699 rc = params_from_user(ctx, params, arg.num_params, uparams); 700 if (rc) 701 goto out; 702 } 703 704 rc = ctx->teedev->desc->ops->object_invoke_func(ctx, &arg, params); 705 if (rc) 706 goto out; 707 708 if (put_user(arg.ret, &uarg->ret)) { 709 rc = -EFAULT; 710 goto out; 711 } 712 rc = params_to_user(uparams, arg.num_params, params); 713 out: 714 free_params(params, arg.num_params); 715 return rc; 716 } 717 718 static int tee_ioctl_cancel(struct tee_context *ctx, 719 struct tee_ioctl_cancel_arg __user *uarg) 720 { 721 struct tee_ioctl_cancel_arg arg; 722 723 if (!ctx->teedev->desc->ops->cancel_req) 724 return -EINVAL; 725 726 if (copy_from_user(&arg, uarg, sizeof(arg))) 727 return -EFAULT; 728 729 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id, 730 arg.session); 731 } 732 733 static int 734 tee_ioctl_close_session(struct tee_context *ctx, 735 struct tee_ioctl_close_session_arg __user *uarg) 736 { 737 struct tee_ioctl_close_session_arg arg; 738 739 if (!ctx->teedev->desc->ops->close_session) 740 return -EINVAL; 741 742 if (copy_from_user(&arg, uarg, sizeof(arg))) 743 return -EFAULT; 744 745 return ctx->teedev->desc->ops->close_session(ctx, arg.session); 746 } 747 748 static int params_to_supp(struct tee_context *ctx, 749 struct tee_ioctl_param __user *uparams, 750 size_t num_params, struct tee_param *params) 751 { 752 size_t n; 753 754 for (n = 0; n < num_params; n++) { 755 struct tee_ioctl_param ip; 756 struct tee_param *p = params + n; 757 758 ip.attr = p->attr; 759 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 760 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 761 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 762 ip.a = p->u.value.a; 763 ip.b = p->u.value.b; 764 ip.c = p->u.value.c; 765 break; 766 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: 767 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 768 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 769 ip.a = (__force unsigned long)p->u.ubuf.uaddr; 770 ip.b = p->u.ubuf.size; 771 ip.c = 0; 772 break; 773 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT: 774 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 775 ip.a = p->u.objref.id; 776 ip.b = p->u.objref.flags; 777 ip.c = 0; 778 break; 779 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 780 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 781 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 782 ip.b = p->u.memref.size; 783 if (!p->u.memref.shm) { 784 ip.a = 0; 785 ip.c = (u64)-1; /* invalid shm id */ 786 break; 787 } 788 ip.a = p->u.memref.shm_offs; 789 ip.c = p->u.memref.shm->id; 790 break; 791 default: 792 ip.a = 0; 793 ip.b = 0; 794 ip.c = 0; 795 break; 796 } 797 798 if (copy_to_user(uparams + n, &ip, sizeof(ip))) 799 return -EFAULT; 800 } 801 802 return 0; 803 } 804 805 static int tee_ioctl_supp_recv(struct tee_context *ctx, 806 struct tee_ioctl_buf_data __user *ubuf) 807 { 808 int rc; 809 struct tee_ioctl_buf_data buf; 810 struct tee_iocl_supp_recv_arg __user *uarg; 811 struct tee_param *params; 812 u32 num_params; 813 u32 func; 814 815 if (!ctx->teedev->desc->ops->supp_recv) 816 return -EINVAL; 817 818 if (copy_from_user(&buf, ubuf, sizeof(buf))) 819 return -EFAULT; 820 821 if (buf.buf_len > TEE_MAX_ARG_SIZE || 822 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg)) 823 return -EINVAL; 824 825 uarg = u64_to_user_ptr(buf.buf_ptr); 826 if (get_user(num_params, &uarg->num_params)) 827 return -EFAULT; 828 829 if (size_add(sizeof(*uarg), TEE_IOCTL_PARAM_SIZE(num_params)) != buf.buf_len) 830 return -EINVAL; 831 832 params = kzalloc_objs(struct tee_param, num_params); 833 if (!params) 834 return -ENOMEM; 835 836 rc = params_from_user(ctx, params, num_params, uarg->params); 837 if (rc) { 838 free_params(params, num_params); 839 return rc; 840 } 841 842 /* 843 * supp_recv() may consume and replace the supplied parameters, so the 844 * final cleanup cannot use free_params() like the other ioctl paths. 845 */ 846 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); 847 if (rc) 848 goto out; 849 850 if (put_user(func, &uarg->func) || 851 put_user(num_params, &uarg->num_params)) { 852 rc = -EFAULT; 853 goto out; 854 } 855 856 rc = params_to_supp(ctx, uarg->params, num_params, params); 857 out: 858 kfree(params); 859 return rc; 860 } 861 862 static int params_from_supp(struct tee_param *params, size_t num_params, 863 struct tee_ioctl_param __user *uparams) 864 { 865 size_t n; 866 867 for (n = 0; n < num_params; n++) { 868 struct tee_param *p = params + n; 869 struct tee_ioctl_param ip; 870 871 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 872 return -EFAULT; 873 874 /* All unused attribute bits has to be zero */ 875 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 876 return -EINVAL; 877 878 p->attr = ip.attr; 879 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 880 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 881 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 882 /* Only out and in/out values can be updated */ 883 p->u.value.a = ip.a; 884 p->u.value.b = ip.b; 885 p->u.value.c = ip.c; 886 break; 887 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 888 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 889 p->u.ubuf.uaddr = u64_to_user_ptr(ip.a); 890 p->u.ubuf.size = ip.b; 891 892 if (!access_ok(params[n].u.ubuf.uaddr, 893 params[n].u.ubuf.size)) 894 return -EFAULT; 895 896 break; 897 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 898 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 899 p->u.objref.id = ip.a; 900 p->u.objref.flags = ip.b; 901 break; 902 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 903 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 904 /* 905 * Only the size of the memref can be updated. 906 * Since we don't have access to the original 907 * parameters here, only store the supplied size. 908 * The driver will copy the updated size into the 909 * original parameters. 910 */ 911 p->u.memref.shm = NULL; 912 p->u.memref.shm_offs = 0; 913 p->u.memref.size = ip.b; 914 break; 915 default: 916 memset(&p->u, 0, sizeof(p->u)); 917 break; 918 } 919 } 920 return 0; 921 } 922 923 static int tee_ioctl_supp_send(struct tee_context *ctx, 924 struct tee_ioctl_buf_data __user *ubuf) 925 { 926 long rc; 927 struct tee_ioctl_buf_data buf; 928 struct tee_iocl_supp_send_arg __user *uarg; 929 struct tee_param *params; 930 u32 num_params; 931 u32 ret; 932 933 /* Not valid for this driver */ 934 if (!ctx->teedev->desc->ops->supp_send) 935 return -EINVAL; 936 937 if (copy_from_user(&buf, ubuf, sizeof(buf))) 938 return -EFAULT; 939 940 if (buf.buf_len > TEE_MAX_ARG_SIZE || 941 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg)) 942 return -EINVAL; 943 944 uarg = u64_to_user_ptr(buf.buf_ptr); 945 if (get_user(ret, &uarg->ret) || 946 get_user(num_params, &uarg->num_params)) 947 return -EFAULT; 948 949 if (size_add(sizeof(*uarg), TEE_IOCTL_PARAM_SIZE(num_params)) > buf.buf_len) 950 return -EINVAL; 951 952 params = kzalloc_objs(struct tee_param, num_params); 953 if (!params) 954 return -ENOMEM; 955 956 rc = params_from_supp(params, num_params, uarg->params); 957 if (rc) 958 goto out; 959 960 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params); 961 out: 962 kfree(params); 963 return rc; 964 } 965 966 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 967 { 968 struct tee_context *ctx = filp->private_data; 969 void __user *uarg = (void __user *)arg; 970 971 switch (cmd) { 972 case TEE_IOC_VERSION: 973 return tee_ioctl_version(ctx, uarg); 974 case TEE_IOC_SHM_ALLOC: 975 return tee_ioctl_shm_alloc(ctx, uarg); 976 case TEE_IOC_SHM_REGISTER: 977 return tee_ioctl_shm_register(ctx, uarg); 978 case TEE_IOC_SHM_REGISTER_FD: 979 return tee_ioctl_shm_register_fd(ctx, uarg); 980 case TEE_IOC_OPEN_SESSION: 981 return tee_ioctl_open_session(ctx, uarg); 982 case TEE_IOC_INVOKE: 983 return tee_ioctl_invoke(ctx, uarg); 984 case TEE_IOC_OBJECT_INVOKE: 985 return tee_ioctl_object_invoke(ctx, uarg); 986 case TEE_IOC_CANCEL: 987 return tee_ioctl_cancel(ctx, uarg); 988 case TEE_IOC_CLOSE_SESSION: 989 return tee_ioctl_close_session(ctx, uarg); 990 case TEE_IOC_SUPPL_RECV: 991 return tee_ioctl_supp_recv(ctx, uarg); 992 case TEE_IOC_SUPPL_SEND: 993 return tee_ioctl_supp_send(ctx, uarg); 994 default: 995 return -EINVAL; 996 } 997 } 998 999 static const struct file_operations tee_fops = { 1000 .owner = THIS_MODULE, 1001 .open = tee_open, 1002 .release = tee_release, 1003 .unlocked_ioctl = tee_ioctl, 1004 .compat_ioctl = compat_ptr_ioctl, 1005 }; 1006 1007 static void tee_release_device(struct device *dev) 1008 { 1009 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1010 1011 spin_lock(&driver_lock); 1012 clear_bit(teedev->id, dev_mask); 1013 spin_unlock(&driver_lock); 1014 mutex_destroy(&teedev->mutex); 1015 idr_destroy(&teedev->idr); 1016 kfree(teedev); 1017 } 1018 1019 /** 1020 * tee_device_alloc() - Allocate a new struct tee_device instance 1021 * @teedesc: Descriptor for this driver 1022 * @dev: Parent device for this device 1023 * @pool: Shared memory pool, NULL if not used 1024 * @driver_data: Private driver data for this device 1025 * 1026 * Allocates a new struct tee_device instance. The device is 1027 * removed by tee_device_unregister(). 1028 * 1029 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure 1030 */ 1031 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, 1032 struct device *dev, 1033 struct tee_shm_pool *pool, 1034 void *driver_data) 1035 { 1036 struct tee_device *teedev; 1037 void *ret; 1038 int rc, max_id; 1039 int offs = 0; 1040 1041 if (!teedesc || !teedesc->name || !teedesc->ops || 1042 !teedesc->ops->get_version || !teedesc->ops->open || 1043 !teedesc->ops->release) 1044 return ERR_PTR(-EINVAL); 1045 1046 teedev = kzalloc_obj(*teedev); 1047 if (!teedev) { 1048 ret = ERR_PTR(-ENOMEM); 1049 goto err; 1050 } 1051 1052 max_id = TEE_NUM_DEVICES / 2; 1053 1054 if (teedesc->flags & TEE_DESC_PRIVILEGED) { 1055 offs = TEE_NUM_DEVICES / 2; 1056 max_id = TEE_NUM_DEVICES; 1057 } 1058 1059 spin_lock(&driver_lock); 1060 teedev->id = find_next_zero_bit(dev_mask, max_id, offs); 1061 if (teedev->id < max_id) 1062 set_bit(teedev->id, dev_mask); 1063 spin_unlock(&driver_lock); 1064 1065 if (teedev->id >= max_id) { 1066 ret = ERR_PTR(-ENOMEM); 1067 goto err; 1068 } 1069 1070 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d", 1071 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "", 1072 teedev->id - offs); 1073 1074 teedev->dev.class = &tee_class; 1075 teedev->dev.release = tee_release_device; 1076 teedev->dev.parent = dev; 1077 1078 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id); 1079 1080 rc = dev_set_name(&teedev->dev, "%s", teedev->name); 1081 if (rc) { 1082 ret = ERR_PTR(rc); 1083 goto err_devt; 1084 } 1085 1086 cdev_init(&teedev->cdev, &tee_fops); 1087 teedev->cdev.owner = teedesc->owner; 1088 1089 dev_set_drvdata(&teedev->dev, driver_data); 1090 device_initialize(&teedev->dev); 1091 1092 /* 1 as tee_device_unregister() does one final tee_device_put() */ 1093 teedev->num_users = 1; 1094 init_completion(&teedev->c_no_users); 1095 mutex_init(&teedev->mutex); 1096 idr_init(&teedev->idr); 1097 1098 teedev->desc = teedesc; 1099 teedev->pool = pool; 1100 1101 return teedev; 1102 err_devt: 1103 unregister_chrdev_region(teedev->dev.devt, 1); 1104 err: 1105 pr_err("could not register %s driver\n", 1106 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client"); 1107 if (teedev && teedev->id < TEE_NUM_DEVICES) { 1108 spin_lock(&driver_lock); 1109 clear_bit(teedev->id, dev_mask); 1110 spin_unlock(&driver_lock); 1111 } 1112 kfree(teedev); 1113 return ret; 1114 } 1115 EXPORT_SYMBOL_GPL(tee_device_alloc); 1116 1117 void tee_device_set_dev_groups(struct tee_device *teedev, 1118 const struct attribute_group **dev_groups) 1119 { 1120 teedev->dev.groups = dev_groups; 1121 } 1122 EXPORT_SYMBOL_GPL(tee_device_set_dev_groups); 1123 1124 static ssize_t implementation_id_show(struct device *dev, 1125 struct device_attribute *attr, char *buf) 1126 { 1127 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1128 struct tee_ioctl_version_data vers; 1129 1130 teedev->desc->ops->get_version(teedev, &vers); 1131 return sysfs_emit(buf, "%d\n", vers.impl_id); 1132 } 1133 static DEVICE_ATTR_RO(implementation_id); 1134 1135 static struct attribute *tee_dev_attrs[] = { 1136 &dev_attr_implementation_id.attr, 1137 NULL 1138 }; 1139 1140 static const struct attribute_group tee_dev_group = { 1141 .attrs = tee_dev_attrs, 1142 }; 1143 1144 static ssize_t revision_show(struct device *dev, 1145 struct device_attribute *attr, char *buf) 1146 { 1147 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1148 char version[TEE_REVISION_STR_SIZE]; 1149 int ret; 1150 1151 if (!teedev->desc->ops->get_tee_revision) 1152 return -ENODEV; 1153 1154 ret = teedev->desc->ops->get_tee_revision(teedev, version, 1155 sizeof(version)); 1156 if (ret) 1157 return ret; 1158 1159 return sysfs_emit(buf, "%s\n", version); 1160 } 1161 static DEVICE_ATTR_RO(revision); 1162 1163 static struct attribute *tee_revision_attrs[] = { 1164 &dev_attr_revision.attr, 1165 NULL 1166 }; 1167 1168 static umode_t tee_revision_attr_is_visible(struct kobject *kobj, 1169 struct attribute *attr, int n) 1170 { 1171 struct device *dev = kobj_to_dev(kobj); 1172 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1173 1174 if (teedev->desc->ops->get_tee_revision) 1175 return attr->mode; 1176 1177 return 0; 1178 } 1179 1180 static const struct attribute_group tee_revision_group = { 1181 .attrs = tee_revision_attrs, 1182 .is_visible = tee_revision_attr_is_visible, 1183 }; 1184 1185 static const struct attribute_group *tee_dev_groups[] = { 1186 &tee_dev_group, 1187 &tee_revision_group, 1188 NULL 1189 }; 1190 1191 static const struct class tee_class = { 1192 .name = "tee", 1193 .dev_groups = tee_dev_groups, 1194 }; 1195 1196 /** 1197 * tee_device_register() - Registers a TEE device 1198 * @teedev: Device to register 1199 * 1200 * tee_device_unregister() need to be called to remove the @teedev if 1201 * this function fails. 1202 * 1203 * @returns < 0 on failure 1204 */ 1205 int tee_device_register(struct tee_device *teedev) 1206 { 1207 int rc; 1208 1209 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 1210 dev_err(&teedev->dev, "attempt to register twice\n"); 1211 return -EINVAL; 1212 } 1213 1214 rc = cdev_device_add(&teedev->cdev, &teedev->dev); 1215 if (rc) { 1216 dev_err(&teedev->dev, 1217 "unable to cdev_device_add() %s, major %d, minor %d, err=%d\n", 1218 teedev->name, MAJOR(teedev->dev.devt), 1219 MINOR(teedev->dev.devt), rc); 1220 return rc; 1221 } 1222 1223 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED; 1224 return 0; 1225 } 1226 EXPORT_SYMBOL_GPL(tee_device_register); 1227 1228 void tee_device_put(struct tee_device *teedev) 1229 { 1230 mutex_lock(&teedev->mutex); 1231 /* Shouldn't put in this state */ 1232 if (!WARN_ON(!teedev->desc)) { 1233 teedev->num_users--; 1234 if (!teedev->num_users) { 1235 teedev->desc = NULL; 1236 complete(&teedev->c_no_users); 1237 } 1238 } 1239 mutex_unlock(&teedev->mutex); 1240 } 1241 EXPORT_SYMBOL_GPL(tee_device_put); 1242 1243 bool tee_device_get(struct tee_device *teedev) 1244 { 1245 mutex_lock(&teedev->mutex); 1246 if (!teedev->desc) { 1247 mutex_unlock(&teedev->mutex); 1248 return false; 1249 } 1250 teedev->num_users++; 1251 mutex_unlock(&teedev->mutex); 1252 return true; 1253 } 1254 EXPORT_SYMBOL_GPL(tee_device_get); 1255 1256 /** 1257 * tee_device_unregister() - Removes a TEE device 1258 * @teedev: Device to unregister 1259 * 1260 * This function should be called to remove the @teedev even if 1261 * tee_device_register() hasn't been called yet. Does nothing if 1262 * @teedev is NULL. 1263 */ 1264 void tee_device_unregister(struct tee_device *teedev) 1265 { 1266 if (!teedev) 1267 return; 1268 1269 tee_device_put_all_dma_heaps(teedev); 1270 1271 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) 1272 cdev_device_del(&teedev->cdev, &teedev->dev); 1273 1274 tee_device_put(teedev); 1275 wait_for_completion(&teedev->c_no_users); 1276 1277 /* 1278 * No need to take a mutex any longer now since teedev->desc was 1279 * set to NULL before teedev->c_no_users was completed. 1280 */ 1281 1282 teedev->pool = NULL; 1283 1284 put_device(&teedev->dev); 1285 } 1286 EXPORT_SYMBOL_GPL(tee_device_unregister); 1287 1288 /** 1289 * tee_get_drvdata() - Return driver_data pointer 1290 * @teedev: Device containing the driver_data pointer 1291 * @returns the driver_data pointer supplied to tee_device_alloc(). 1292 */ 1293 void *tee_get_drvdata(struct tee_device *teedev) 1294 { 1295 return dev_get_drvdata(&teedev->dev); 1296 } 1297 EXPORT_SYMBOL_GPL(tee_get_drvdata); 1298 1299 struct match_dev_data { 1300 struct tee_ioctl_version_data *vers; 1301 const void *data; 1302 int (*match)(struct tee_ioctl_version_data *, const void *); 1303 }; 1304 1305 static int match_dev(struct device *dev, const void *data) 1306 { 1307 const struct match_dev_data *match_data = data; 1308 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1309 1310 teedev->desc->ops->get_version(teedev, match_data->vers); 1311 return match_data->match(match_data->vers, match_data->data); 1312 } 1313 1314 struct tee_context * 1315 tee_client_open_context(struct tee_context *start, 1316 int (*match)(struct tee_ioctl_version_data *, 1317 const void *), 1318 const void *data, struct tee_ioctl_version_data *vers) 1319 { 1320 struct device *dev = NULL; 1321 struct device *put_dev = NULL; 1322 struct tee_context *ctx = NULL; 1323 struct tee_ioctl_version_data v; 1324 struct match_dev_data match_data = { vers ? vers : &v, data, match }; 1325 1326 if (start) 1327 dev = &start->teedev->dev; 1328 1329 do { 1330 dev = class_find_device(&tee_class, dev, &match_data, match_dev); 1331 if (!dev) { 1332 ctx = ERR_PTR(-ENOENT); 1333 break; 1334 } 1335 1336 put_device(put_dev); 1337 put_dev = dev; 1338 1339 ctx = teedev_open(container_of(dev, struct tee_device, dev)); 1340 } while (IS_ERR(ctx) && PTR_ERR(ctx) != -ENOMEM); 1341 1342 put_device(put_dev); 1343 /* 1344 * Default behaviour for in kernel client is to not wait for 1345 * tee-supplicant if not present for any requests in this context. 1346 * Also this flag could be configured again before call to 1347 * tee_client_open_session() if any in kernel client requires 1348 * different behaviour. 1349 */ 1350 if (!IS_ERR(ctx)) 1351 ctx->supp_nowait = true; 1352 1353 return ctx; 1354 } 1355 EXPORT_SYMBOL_GPL(tee_client_open_context); 1356 1357 void tee_client_close_context(struct tee_context *ctx) 1358 { 1359 teedev_close_context(ctx); 1360 } 1361 EXPORT_SYMBOL_GPL(tee_client_close_context); 1362 1363 void tee_client_get_version(struct tee_context *ctx, 1364 struct tee_ioctl_version_data *vers) 1365 { 1366 ctx->teedev->desc->ops->get_version(ctx->teedev, vers); 1367 } 1368 EXPORT_SYMBOL_GPL(tee_client_get_version); 1369 1370 int tee_client_open_session(struct tee_context *ctx, 1371 struct tee_ioctl_open_session_arg *arg, 1372 struct tee_param *param) 1373 { 1374 if (!ctx->teedev->desc->ops->open_session) 1375 return -EINVAL; 1376 return ctx->teedev->desc->ops->open_session(ctx, arg, param); 1377 } 1378 EXPORT_SYMBOL_GPL(tee_client_open_session); 1379 1380 int tee_client_close_session(struct tee_context *ctx, u32 session) 1381 { 1382 if (!ctx->teedev->desc->ops->close_session) 1383 return -EINVAL; 1384 return ctx->teedev->desc->ops->close_session(ctx, session); 1385 } 1386 EXPORT_SYMBOL_GPL(tee_client_close_session); 1387 1388 int tee_client_system_session(struct tee_context *ctx, u32 session) 1389 { 1390 if (!ctx->teedev->desc->ops->system_session) 1391 return -EINVAL; 1392 return ctx->teedev->desc->ops->system_session(ctx, session); 1393 } 1394 EXPORT_SYMBOL_GPL(tee_client_system_session); 1395 1396 int tee_client_invoke_func(struct tee_context *ctx, 1397 struct tee_ioctl_invoke_arg *arg, 1398 struct tee_param *param) 1399 { 1400 if (!ctx->teedev->desc->ops->invoke_func) 1401 return -EINVAL; 1402 return ctx->teedev->desc->ops->invoke_func(ctx, arg, param); 1403 } 1404 EXPORT_SYMBOL_GPL(tee_client_invoke_func); 1405 1406 int tee_client_cancel_req(struct tee_context *ctx, 1407 struct tee_ioctl_cancel_arg *arg) 1408 { 1409 if (!ctx->teedev->desc->ops->cancel_req) 1410 return -EINVAL; 1411 return ctx->teedev->desc->ops->cancel_req(ctx, arg->cancel_id, 1412 arg->session); 1413 } 1414 1415 static int tee_client_device_match(struct device *dev, 1416 const struct device_driver *drv) 1417 { 1418 const struct tee_client_device_id *id_table; 1419 struct tee_client_device *tee_device; 1420 1421 id_table = to_tee_client_driver(drv)->id_table; 1422 tee_device = to_tee_client_device(dev); 1423 1424 while (!uuid_is_null(&id_table->uuid)) { 1425 if (uuid_equal(&tee_device->id.uuid, &id_table->uuid)) 1426 return 1; 1427 id_table++; 1428 } 1429 1430 return 0; 1431 } 1432 1433 static int tee_client_device_uevent(const struct device *dev, 1434 struct kobj_uevent_env *env) 1435 { 1436 uuid_t *dev_id = &to_tee_client_device(dev)->id.uuid; 1437 1438 return add_uevent_var(env, "MODALIAS=tee:%pUb", dev_id); 1439 } 1440 1441 static int tee_client_device_probe(struct device *dev) 1442 { 1443 struct tee_client_device *tcdev = to_tee_client_device(dev); 1444 struct tee_client_driver *drv = to_tee_client_driver(dev->driver); 1445 1446 if (drv->probe) 1447 return drv->probe(tcdev); 1448 else 1449 return 0; 1450 } 1451 1452 static void tee_client_device_remove(struct device *dev) 1453 { 1454 struct tee_client_device *tcdev = to_tee_client_device(dev); 1455 struct tee_client_driver *drv = to_tee_client_driver(dev->driver); 1456 1457 if (drv->remove) 1458 drv->remove(tcdev); 1459 } 1460 1461 static void tee_client_device_shutdown(struct device *dev) 1462 { 1463 struct tee_client_device *tcdev = to_tee_client_device(dev); 1464 struct tee_client_driver *drv = to_tee_client_driver(dev->driver); 1465 1466 if (dev->driver && drv->shutdown) 1467 drv->shutdown(tcdev); 1468 } 1469 1470 const struct bus_type tee_bus_type = { 1471 .name = "tee", 1472 .match = tee_client_device_match, 1473 .uevent = tee_client_device_uevent, 1474 .probe = tee_client_device_probe, 1475 .remove = tee_client_device_remove, 1476 .shutdown = tee_client_device_shutdown, 1477 }; 1478 EXPORT_SYMBOL_GPL(tee_bus_type); 1479 1480 static int tee_client_device_probe_legacy(struct tee_client_device *tcdev) 1481 { 1482 struct device *dev = &tcdev->dev; 1483 struct device_driver *driver = dev->driver; 1484 1485 return driver->probe(dev); 1486 } 1487 1488 static void tee_client_device_remove_legacy(struct tee_client_device *tcdev) 1489 { 1490 struct device *dev = &tcdev->dev; 1491 struct device_driver *driver = dev->driver; 1492 1493 driver->remove(dev); 1494 } 1495 1496 static void tee_client_device_shutdown_legacy(struct tee_client_device *tcdev) 1497 { 1498 struct device *dev = &tcdev->dev; 1499 struct device_driver *driver = dev->driver; 1500 1501 driver->shutdown(dev); 1502 } 1503 1504 int __tee_client_driver_register(struct tee_client_driver *tee_driver, 1505 struct module *owner) 1506 { 1507 tee_driver->driver.owner = owner; 1508 tee_driver->driver.bus = &tee_bus_type; 1509 1510 /* 1511 * Drivers that have callbacks set for tee_driver->driver need updating 1512 * to use the callbacks in tee_driver instead. driver_register() warns 1513 * about that, so no need to warn here, too. 1514 */ 1515 if (!tee_driver->probe && tee_driver->driver.probe) 1516 tee_driver->probe = tee_client_device_probe_legacy; 1517 if (!tee_driver->remove && tee_driver->driver.remove) 1518 tee_driver->remove = tee_client_device_remove_legacy; 1519 if (!tee_driver->shutdown && tee_driver->driver.probe) 1520 tee_driver->shutdown = tee_client_device_shutdown_legacy; 1521 1522 return driver_register(&tee_driver->driver); 1523 } 1524 EXPORT_SYMBOL_GPL(__tee_client_driver_register); 1525 1526 void tee_client_driver_unregister(struct tee_client_driver *tee_driver) 1527 { 1528 driver_unregister(&tee_driver->driver); 1529 } 1530 EXPORT_SYMBOL_GPL(tee_client_driver_unregister); 1531 1532 static int __init tee_init(void) 1533 { 1534 int rc; 1535 1536 rc = class_register(&tee_class); 1537 if (rc) { 1538 pr_err("couldn't create class\n"); 1539 return rc; 1540 } 1541 1542 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee"); 1543 if (rc) { 1544 pr_err("failed to allocate char dev region\n"); 1545 goto out_unreg_class; 1546 } 1547 1548 rc = bus_register(&tee_bus_type); 1549 if (rc) { 1550 pr_err("failed to register tee bus\n"); 1551 goto out_unreg_chrdev; 1552 } 1553 1554 return 0; 1555 1556 out_unreg_chrdev: 1557 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 1558 out_unreg_class: 1559 class_unregister(&tee_class); 1560 1561 return rc; 1562 } 1563 1564 static void __exit tee_exit(void) 1565 { 1566 bus_unregister(&tee_bus_type); 1567 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 1568 class_unregister(&tee_class); 1569 } 1570 1571 subsys_initcall(tee_init); 1572 module_exit(tee_exit); 1573 1574 MODULE_AUTHOR("Linaro"); 1575 MODULE_DESCRIPTION("TEE Driver"); 1576 MODULE_VERSION("1.0"); 1577 MODULE_LICENSE("GPL v2"); 1578 MODULE_IMPORT_NS("DMA_BUF"); 1579 MODULE_IMPORT_NS("DMA_BUF_HEAP"); 1580