xref: /linux/drivers/crypto/ccp/tee-dev.c (revision 4b132aacb0768ac1e652cf517097ea6f237214b9) 
1 // SPDX-License-Identifier: MIT
2 /*
3  * AMD Trusted Execution Environment (TEE) interface
4  *
5  * Author: Rijo Thomas <Rijo-john.Thomas@amd.com>
6  * Author: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com>
7  *
8  * Copyright (C) 2019,2021 Advanced Micro Devices, Inc.
9  */
10 
11 #include <linux/bitfield.h>
12 #include <linux/types.h>
13 #include <linux/mutex.h>
14 #include <linux/delay.h>
15 #include <linux/slab.h>
16 #include <linux/gfp.h>
17 #include <linux/psp.h>
18 #include <linux/psp-tee.h>
19 
20 #include "psp-dev.h"
21 #include "tee-dev.h"
22 
23 static bool psp_dead;
24 
25 static int tee_alloc_ring(struct psp_tee_device *tee, int ring_size)
26 {
27 	struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
28 	void *start_addr;
29 
30 	if (!ring_size)
31 		return -EINVAL;
32 
33 	/* We need actual physical address instead of DMA address, since
34 	 * Trusted OS running on AMD Secure Processor will map this region
35 	 */
36 	start_addr = (void *)__get_free_pages(GFP_KERNEL, get_order(ring_size));
37 	if (!start_addr)
38 		return -ENOMEM;
39 
40 	memset(start_addr, 0x0, ring_size);
41 	rb_mgr->ring_start = start_addr;
42 	rb_mgr->ring_size = ring_size;
43 	rb_mgr->ring_pa = __psp_pa(start_addr);
44 	mutex_init(&rb_mgr->mutex);
45 
46 	return 0;
47 }
48 
49 static void tee_free_ring(struct psp_tee_device *tee)
50 {
51 	struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
52 
53 	if (!rb_mgr->ring_start)
54 		return;
55 
56 	free_pages((unsigned long)rb_mgr->ring_start,
57 		   get_order(rb_mgr->ring_size));
58 
59 	rb_mgr->ring_start = NULL;
60 	rb_mgr->ring_size = 0;
61 	rb_mgr->ring_pa = 0;
62 	mutex_destroy(&rb_mgr->mutex);
63 }
64 
65 static
66 struct tee_init_ring_cmd *tee_alloc_cmd_buffer(struct psp_tee_device *tee)
67 {
68 	struct tee_init_ring_cmd *cmd;
69 
70 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
71 	if (!cmd)
72 		return NULL;
73 
74 	cmd->hi_addr = upper_32_bits(tee->rb_mgr.ring_pa);
75 	cmd->low_addr = lower_32_bits(tee->rb_mgr.ring_pa);
76 	cmd->size = tee->rb_mgr.ring_size;
77 
78 	dev_dbg(tee->dev, "tee: ring address: high = 0x%x low = 0x%x size = %u\n",
79 		cmd->hi_addr, cmd->low_addr, cmd->size);
80 
81 	return cmd;
82 }
83 
84 static inline void tee_free_cmd_buffer(struct tee_init_ring_cmd *cmd)
85 {
86 	kfree(cmd);
87 }
88 
89 static int tee_init_ring(struct psp_tee_device *tee)
90 {
91 	int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
92 	struct tee_init_ring_cmd *cmd;
93 	unsigned int reg;
94 	int ret;
95 
96 	BUILD_BUG_ON(sizeof(struct tee_ring_cmd) != 1024);
97 
98 	ret = tee_alloc_ring(tee, ring_size);
99 	if (ret) {
100 		dev_err(tee->dev, "tee: ring allocation failed %d\n", ret);
101 		return ret;
102 	}
103 
104 	tee->rb_mgr.wptr = 0;
105 
106 	cmd = tee_alloc_cmd_buffer(tee);
107 	if (!cmd) {
108 		tee_free_ring(tee);
109 		return -ENOMEM;
110 	}
111 
112 	/* Send command buffer details to Trusted OS by writing to
113 	 * CPU-PSP message registers
114 	 */
115 	ret = psp_mailbox_command(tee->psp, PSP_CMD_TEE_RING_INIT, cmd,
116 				  TEE_DEFAULT_CMD_TIMEOUT, &reg);
117 	if (ret) {
118 		dev_err(tee->dev, "tee: ring init command timed out, disabling TEE support\n");
119 		tee_free_ring(tee);
120 		psp_dead = true;
121 		goto free_buf;
122 	}
123 
124 	if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
125 		dev_err(tee->dev, "tee: ring init command failed (%#010lx)\n",
126 			FIELD_GET(PSP_CMDRESP_STS, reg));
127 		tee_free_ring(tee);
128 		ret = -EIO;
129 	}
130 
131 free_buf:
132 	tee_free_cmd_buffer(cmd);
133 
134 	return ret;
135 }
136 
137 static void tee_destroy_ring(struct psp_tee_device *tee)
138 {
139 	unsigned int reg;
140 	int ret;
141 
142 	if (!tee->rb_mgr.ring_start)
143 		return;
144 
145 	if (psp_dead)
146 		goto free_ring;
147 
148 	ret = psp_mailbox_command(tee->psp, PSP_CMD_TEE_RING_DESTROY, NULL,
149 				  TEE_DEFAULT_CMD_TIMEOUT, &reg);
150 	if (ret) {
151 		dev_err(tee->dev, "tee: ring destroy command timed out, disabling TEE support\n");
152 		psp_dead = true;
153 	} else if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
154 		dev_err(tee->dev, "tee: ring destroy command failed (%#010lx)\n",
155 			FIELD_GET(PSP_CMDRESP_STS, reg));
156 	}
157 
158 free_ring:
159 	tee_free_ring(tee);
160 }
161 
162 int tee_dev_init(struct psp_device *psp)
163 {
164 	struct device *dev = psp->dev;
165 	struct psp_tee_device *tee;
166 	int ret;
167 
168 	ret = -ENOMEM;
169 	tee = devm_kzalloc(dev, sizeof(*tee), GFP_KERNEL);
170 	if (!tee)
171 		goto e_err;
172 
173 	psp->tee_data = tee;
174 
175 	tee->dev = dev;
176 	tee->psp = psp;
177 
178 	tee->io_regs = psp->io_regs;
179 
180 	tee->vdata = (struct tee_vdata *)psp->vdata->tee;
181 	if (!tee->vdata) {
182 		ret = -ENODEV;
183 		dev_err(dev, "tee: missing driver data\n");
184 		goto e_err;
185 	}
186 
187 	ret = tee_init_ring(tee);
188 	if (ret) {
189 		dev_err(dev, "tee: failed to init ring buffer\n");
190 		goto e_err;
191 	}
192 
193 	dev_notice(dev, "tee enabled\n");
194 
195 	return 0;
196 
197 e_err:
198 	psp->tee_data = NULL;
199 
200 	dev_notice(dev, "tee initialization failed\n");
201 
202 	return ret;
203 }
204 
205 void tee_dev_destroy(struct psp_device *psp)
206 {
207 	struct psp_tee_device *tee = psp->tee_data;
208 
209 	if (!tee)
210 		return;
211 
212 	tee_destroy_ring(tee);
213 }
214 
215 static int tee_submit_cmd(struct psp_tee_device *tee, enum tee_cmd_id cmd_id,
216 			  void *buf, size_t len, struct tee_ring_cmd **resp)
217 {
218 	struct tee_ring_cmd *cmd;
219 	int nloop = 1000, ret = 0;
220 	u32 rptr;
221 
222 	*resp = NULL;
223 
224 	mutex_lock(&tee->rb_mgr.mutex);
225 
226 	/* Loop until empty entry found in ring buffer */
227 	do {
228 		/* Get pointer to ring buffer command entry */
229 		cmd = (struct tee_ring_cmd *)
230 			(tee->rb_mgr.ring_start + tee->rb_mgr.wptr);
231 
232 		rptr = ioread32(tee->io_regs + tee->vdata->ring_rptr_reg);
233 
234 		/* Check if ring buffer is full or command entry is waiting
235 		 * for response from TEE
236 		 */
237 		if (!(tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
238 		      cmd->flag == CMD_WAITING_FOR_RESPONSE))
239 			break;
240 
241 		dev_dbg(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
242 			rptr, tee->rb_mgr.wptr);
243 
244 		/* Wait if ring buffer is full or TEE is processing data */
245 		mutex_unlock(&tee->rb_mgr.mutex);
246 		schedule_timeout_interruptible(msecs_to_jiffies(10));
247 		mutex_lock(&tee->rb_mgr.mutex);
248 
249 	} while (--nloop);
250 
251 	if (!nloop &&
252 	    (tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
253 	     cmd->flag == CMD_WAITING_FOR_RESPONSE)) {
254 		dev_err(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u response flag %u\n",
255 			rptr, tee->rb_mgr.wptr, cmd->flag);
256 		ret = -EBUSY;
257 		goto unlock;
258 	}
259 
260 	/* Do not submit command if PSP got disabled while processing any
261 	 * command in another thread
262 	 */
263 	if (psp_dead) {
264 		ret = -EBUSY;
265 		goto unlock;
266 	}
267 
268 	/* Write command data into ring buffer */
269 	cmd->cmd_id = cmd_id;
270 	cmd->cmd_state = TEE_CMD_STATE_INIT;
271 	memset(&cmd->buf[0], 0, sizeof(cmd->buf));
272 	memcpy(&cmd->buf[0], buf, len);
273 
274 	/* Indicate driver is waiting for response */
275 	cmd->flag = CMD_WAITING_FOR_RESPONSE;
276 
277 	/* Update local copy of write pointer */
278 	tee->rb_mgr.wptr += sizeof(struct tee_ring_cmd);
279 	if (tee->rb_mgr.wptr >= tee->rb_mgr.ring_size)
280 		tee->rb_mgr.wptr = 0;
281 
282 	/* Trigger interrupt to Trusted OS */
283 	iowrite32(tee->rb_mgr.wptr, tee->io_regs + tee->vdata->ring_wptr_reg);
284 
285 	/* The response is provided by Trusted OS in same
286 	 * location as submitted data entry within ring buffer.
287 	 */
288 	*resp = cmd;
289 
290 unlock:
291 	mutex_unlock(&tee->rb_mgr.mutex);
292 
293 	return ret;
294 }
295 
296 static int tee_wait_cmd_completion(struct psp_tee_device *tee,
297 				   struct tee_ring_cmd *resp,
298 				   unsigned int timeout)
299 {
300 	/* ~1ms sleep per loop => nloop = timeout * 1000 */
301 	int nloop = timeout * 1000;
302 
303 	while (--nloop) {
304 		if (resp->cmd_state == TEE_CMD_STATE_COMPLETED)
305 			return 0;
306 
307 		usleep_range(1000, 1100);
308 	}
309 
310 	dev_err(tee->dev, "tee: command 0x%x timed out, disabling PSP\n",
311 		resp->cmd_id);
312 
313 	psp_dead = true;
314 
315 	return -ETIMEDOUT;
316 }
317 
318 int psp_tee_process_cmd(enum tee_cmd_id cmd_id, void *buf, size_t len,
319 			u32 *status)
320 {
321 	struct psp_device *psp = psp_get_master_device();
322 	struct psp_tee_device *tee;
323 	struct tee_ring_cmd *resp;
324 	int ret;
325 
326 	if (!buf || !status || !len || len > sizeof(resp->buf))
327 		return -EINVAL;
328 
329 	*status = 0;
330 
331 	if (!psp || !psp->tee_data)
332 		return -ENODEV;
333 
334 	if (psp_dead)
335 		return -EBUSY;
336 
337 	tee = psp->tee_data;
338 
339 	ret = tee_submit_cmd(tee, cmd_id, buf, len, &resp);
340 	if (ret)
341 		return ret;
342 
343 	ret = tee_wait_cmd_completion(tee, resp, TEE_DEFAULT_RING_TIMEOUT);
344 	if (ret) {
345 		resp->flag = CMD_RESPONSE_TIMEDOUT;
346 		return ret;
347 	}
348 
349 	memcpy(buf, &resp->buf[0], len);
350 	*status = resp->status;
351 
352 	resp->flag = CMD_RESPONSE_COPIED;
353 
354 	return 0;
355 }
356 EXPORT_SYMBOL(psp_tee_process_cmd);
357 
358 int psp_check_tee_status(void)
359 {
360 	struct psp_device *psp = psp_get_master_device();
361 
362 	if (!psp || !psp->tee_data)
363 		return -ENODEV;
364 
365 	return 0;
366 }
367 EXPORT_SYMBOL(psp_check_tee_status);
368