xref: /linux/drivers/gpu/drm/i915/pxp/intel_pxp_tee.c (revision fd7d598270724cc787982ea48bbe17ad383a8b7f)
1 // SPDX-License-Identifier: MIT
2 /*
3  * Copyright(c) 2020 Intel Corporation.
4  */
5 
6 #include <linux/component.h>
7 
8 #include <drm/i915_pxp_tee_interface.h>
9 #include <drm/i915_component.h>
10 
11 #include "gem/i915_gem_lmem.h"
12 #include "gt/intel_gt_print.h"
13 
14 #include "i915_drv.h"
15 #include "gt/intel_gt.h"
16 
17 #include "intel_pxp.h"
18 #include "intel_pxp_cmd_interface_42.h"
19 #include "intel_pxp_huc.h"
20 #include "intel_pxp_session.h"
21 #include "intel_pxp_tee.h"
22 #include "intel_pxp_types.h"
23 
24 static bool
25 is_fw_err_platform_config(struct intel_pxp *pxp, u32 type)
26 {
27 	switch (type) {
28 	case PXP_STATUS_ERROR_API_VERSION:
29 	case PXP_STATUS_PLATFCONFIG_KF1_NOVERIF:
30 	case PXP_STATUS_PLATFCONFIG_KF1_BAD:
31 		pxp->platform_cfg_is_bad = true;
32 		return true;
33 	default:
34 		break;
35 	}
36 	return false;
37 }
38 
39 static const char *
40 fw_err_to_string(u32 type)
41 {
42 	switch (type) {
43 	case PXP_STATUS_ERROR_API_VERSION:
44 		return "ERR_API_VERSION";
45 	case PXP_STATUS_NOT_READY:
46 		return "ERR_NOT_READY";
47 	case PXP_STATUS_PLATFCONFIG_KF1_NOVERIF:
48 	case PXP_STATUS_PLATFCONFIG_KF1_BAD:
49 		return "ERR_PLATFORM_CONFIG";
50 	default:
51 		break;
52 	}
53 	return NULL;
54 }
55 
56 static int intel_pxp_tee_io_message(struct intel_pxp *pxp,
57 				    void *msg_in, u32 msg_in_size,
58 				    void *msg_out, u32 msg_out_max_size,
59 				    u32 *msg_out_rcv_size)
60 {
61 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
62 	struct i915_pxp_component *pxp_component = pxp->pxp_component;
63 	int ret = 0;
64 
65 	mutex_lock(&pxp->tee_mutex);
66 
67 	/*
68 	 * The binding of the component is asynchronous from i915 probe, so we
69 	 * can't be sure it has happened.
70 	 */
71 	if (!pxp_component) {
72 		ret = -ENODEV;
73 		goto unlock;
74 	}
75 
76 	ret = pxp_component->ops->send(pxp_component->tee_dev, msg_in, msg_in_size);
77 	if (ret) {
78 		drm_err(&i915->drm, "Failed to send PXP TEE message\n");
79 		goto unlock;
80 	}
81 
82 	ret = pxp_component->ops->recv(pxp_component->tee_dev, msg_out, msg_out_max_size);
83 	if (ret < 0) {
84 		drm_err(&i915->drm, "Failed to receive PXP TEE message\n");
85 		goto unlock;
86 	}
87 
88 	if (ret > msg_out_max_size) {
89 		drm_err(&i915->drm,
90 			"Failed to receive PXP TEE message due to unexpected output size\n");
91 		ret = -ENOSPC;
92 		goto unlock;
93 	}
94 
95 	if (msg_out_rcv_size)
96 		*msg_out_rcv_size = ret;
97 
98 	ret = 0;
99 unlock:
100 	mutex_unlock(&pxp->tee_mutex);
101 	return ret;
102 }
103 
104 int intel_pxp_tee_stream_message(struct intel_pxp *pxp,
105 				 u8 client_id, u32 fence_id,
106 				 void *msg_in, size_t msg_in_len,
107 				 void *msg_out, size_t msg_out_len)
108 {
109 	/* TODO: for bigger objects we need to use a sg of 4k pages */
110 	const size_t max_msg_size = PAGE_SIZE;
111 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
112 	struct i915_pxp_component *pxp_component = pxp->pxp_component;
113 	unsigned int offset = 0;
114 	struct scatterlist *sg;
115 	int ret;
116 
117 	if (msg_in_len > max_msg_size || msg_out_len > max_msg_size)
118 		return -ENOSPC;
119 
120 	mutex_lock(&pxp->tee_mutex);
121 
122 	if (unlikely(!pxp_component || !pxp_component->ops->gsc_command)) {
123 		ret = -ENODEV;
124 		goto unlock;
125 	}
126 
127 	GEM_BUG_ON(!pxp->stream_cmd.obj);
128 
129 	sg = i915_gem_object_get_sg_dma(pxp->stream_cmd.obj, 0, &offset);
130 
131 	memcpy(pxp->stream_cmd.vaddr, msg_in, msg_in_len);
132 
133 	ret = pxp_component->ops->gsc_command(pxp_component->tee_dev, client_id,
134 					      fence_id, sg, msg_in_len, sg);
135 	if (ret < 0)
136 		drm_err(&i915->drm, "Failed to send PXP TEE gsc command\n");
137 	else
138 		memcpy(msg_out, pxp->stream_cmd.vaddr, msg_out_len);
139 
140 unlock:
141 	mutex_unlock(&pxp->tee_mutex);
142 	return ret;
143 }
144 
145 /**
146  * i915_pxp_tee_component_bind - bind function to pass the function pointers to pxp_tee
147  * @i915_kdev: pointer to i915 kernel device
148  * @tee_kdev: pointer to tee kernel device
149  * @data: pointer to pxp_tee_master containing the function pointers
150  *
151  * This bind function is called during the system boot or resume from system sleep.
152  *
153  * Return: return 0 if successful.
154  */
155 static int i915_pxp_tee_component_bind(struct device *i915_kdev,
156 				       struct device *tee_kdev, void *data)
157 {
158 	struct drm_i915_private *i915 = kdev_to_i915(i915_kdev);
159 	struct intel_pxp *pxp = i915->pxp;
160 	struct intel_gt *gt = pxp->ctrl_gt;
161 	struct intel_uc *uc = &gt->uc;
162 	intel_wakeref_t wakeref;
163 	int ret = 0;
164 
165 	if (!HAS_HECI_PXP(i915)) {
166 		pxp->dev_link = device_link_add(i915_kdev, tee_kdev, DL_FLAG_STATELESS);
167 		if (drm_WARN_ON(&i915->drm, !pxp->dev_link))
168 			return -ENODEV;
169 	}
170 
171 	mutex_lock(&pxp->tee_mutex);
172 	pxp->pxp_component = data;
173 	pxp->pxp_component->tee_dev = tee_kdev;
174 	mutex_unlock(&pxp->tee_mutex);
175 
176 	if (intel_uc_uses_huc(uc) && intel_huc_is_loaded_by_gsc(&uc->huc)) {
177 		with_intel_runtime_pm(&i915->runtime_pm, wakeref) {
178 			/* load huc via pxp */
179 			ret = intel_huc_fw_load_and_auth_via_gsc(&uc->huc);
180 			if (ret < 0)
181 				gt_probe_error(gt, "failed to load huc via gsc %d\n", ret);
182 		}
183 	}
184 
185 	/* if we are suspended, the HW will be re-initialized on resume */
186 	wakeref = intel_runtime_pm_get_if_in_use(&i915->runtime_pm);
187 	if (!wakeref)
188 		return 0;
189 
190 	/* the component is required to fully start the PXP HW */
191 	if (intel_pxp_is_enabled(pxp))
192 		intel_pxp_init_hw(pxp);
193 
194 	intel_runtime_pm_put(&i915->runtime_pm, wakeref);
195 
196 	return ret;
197 }
198 
199 static void i915_pxp_tee_component_unbind(struct device *i915_kdev,
200 					  struct device *tee_kdev, void *data)
201 {
202 	struct drm_i915_private *i915 = kdev_to_i915(i915_kdev);
203 	struct intel_pxp *pxp = i915->pxp;
204 	intel_wakeref_t wakeref;
205 
206 	if (intel_pxp_is_enabled(pxp))
207 		with_intel_runtime_pm_if_in_use(&i915->runtime_pm, wakeref)
208 			intel_pxp_fini_hw(pxp);
209 
210 	mutex_lock(&pxp->tee_mutex);
211 	pxp->pxp_component = NULL;
212 	mutex_unlock(&pxp->tee_mutex);
213 
214 	if (pxp->dev_link) {
215 		device_link_del(pxp->dev_link);
216 		pxp->dev_link = NULL;
217 	}
218 }
219 
220 static const struct component_ops i915_pxp_tee_component_ops = {
221 	.bind   = i915_pxp_tee_component_bind,
222 	.unbind = i915_pxp_tee_component_unbind,
223 };
224 
225 static int alloc_streaming_command(struct intel_pxp *pxp)
226 {
227 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
228 	struct drm_i915_gem_object *obj = NULL;
229 	void *cmd;
230 	int err;
231 
232 	pxp->stream_cmd.obj = NULL;
233 	pxp->stream_cmd.vaddr = NULL;
234 
235 	if (!IS_DGFX(i915))
236 		return 0;
237 
238 	/* allocate lmem object of one page for PXP command memory and store it */
239 	obj = i915_gem_object_create_lmem(i915, PAGE_SIZE, I915_BO_ALLOC_CONTIGUOUS);
240 	if (IS_ERR(obj)) {
241 		drm_err(&i915->drm, "Failed to allocate pxp streaming command!\n");
242 		return PTR_ERR(obj);
243 	}
244 
245 	err = i915_gem_object_pin_pages_unlocked(obj);
246 	if (err) {
247 		drm_err(&i915->drm, "Failed to pin gsc message page!\n");
248 		goto out_put;
249 	}
250 
251 	/* map the lmem into the virtual memory pointer */
252 	cmd = i915_gem_object_pin_map_unlocked(obj,
253 					       intel_gt_coherent_map_type(pxp->ctrl_gt,
254 									  obj, true));
255 	if (IS_ERR(cmd)) {
256 		drm_err(&i915->drm, "Failed to map gsc message page!\n");
257 		err = PTR_ERR(cmd);
258 		goto out_unpin;
259 	}
260 
261 	memset(cmd, 0, obj->base.size);
262 
263 	pxp->stream_cmd.obj = obj;
264 	pxp->stream_cmd.vaddr = cmd;
265 
266 	return 0;
267 
268 out_unpin:
269 	i915_gem_object_unpin_pages(obj);
270 out_put:
271 	i915_gem_object_put(obj);
272 	return err;
273 }
274 
275 static void free_streaming_command(struct intel_pxp *pxp)
276 {
277 	struct drm_i915_gem_object *obj = fetch_and_zero(&pxp->stream_cmd.obj);
278 
279 	if (!obj)
280 		return;
281 
282 	i915_gem_object_unpin_map(obj);
283 	i915_gem_object_unpin_pages(obj);
284 	i915_gem_object_put(obj);
285 }
286 
287 int intel_pxp_tee_component_init(struct intel_pxp *pxp)
288 {
289 	int ret;
290 	struct intel_gt *gt = pxp->ctrl_gt;
291 	struct drm_i915_private *i915 = gt->i915;
292 
293 	ret = alloc_streaming_command(pxp);
294 	if (ret)
295 		return ret;
296 
297 	ret = component_add_typed(i915->drm.dev, &i915_pxp_tee_component_ops,
298 				  I915_COMPONENT_PXP);
299 	if (ret < 0) {
300 		drm_err(&i915->drm, "Failed to add PXP component (%d)\n", ret);
301 		goto out_free;
302 	}
303 
304 	pxp->pxp_component_added = true;
305 
306 	return 0;
307 
308 out_free:
309 	free_streaming_command(pxp);
310 	return ret;
311 }
312 
313 void intel_pxp_tee_component_fini(struct intel_pxp *pxp)
314 {
315 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
316 
317 	if (!pxp->pxp_component_added)
318 		return;
319 
320 	component_del(i915->drm.dev, &i915_pxp_tee_component_ops);
321 	pxp->pxp_component_added = false;
322 
323 	free_streaming_command(pxp);
324 }
325 
326 int intel_pxp_tee_cmd_create_arb_session(struct intel_pxp *pxp,
327 					 int arb_session_id)
328 {
329 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
330 	struct pxp42_create_arb_in msg_in = {};
331 	struct pxp42_create_arb_out msg_out = {};
332 	int ret;
333 
334 	msg_in.header.api_version = PXP_APIVER(4, 2);
335 	msg_in.header.command_id = PXP42_CMDID_INIT_SESSION;
336 	msg_in.header.buffer_len = sizeof(msg_in) - sizeof(msg_in.header);
337 	msg_in.protection_mode = PXP42_ARB_SESSION_MODE_HEAVY;
338 	msg_in.session_id = arb_session_id;
339 
340 	ret = intel_pxp_tee_io_message(pxp,
341 				       &msg_in, sizeof(msg_in),
342 				       &msg_out, sizeof(msg_out),
343 				       NULL);
344 
345 	if (ret) {
346 		drm_err(&i915->drm, "Failed to send tee msg init arb session, ret=[%d]\n", ret);
347 	} else if (msg_out.header.status != 0) {
348 		if (is_fw_err_platform_config(pxp, msg_out.header.status)) {
349 			drm_info_once(&i915->drm,
350 				      "PXP init-arb-session-%d failed due to BIOS/SOC:0x%08x:%s\n",
351 				      arb_session_id, msg_out.header.status,
352 				      fw_err_to_string(msg_out.header.status));
353 		} else {
354 			drm_dbg(&i915->drm, "PXP init-arb-session--%d failed 0x%08x:%st:\n",
355 				arb_session_id, msg_out.header.status,
356 				fw_err_to_string(msg_out.header.status));
357 			drm_dbg(&i915->drm, "     cmd-detail: ID=[0x%08x],API-Ver-[0x%08x]\n",
358 				msg_in.header.command_id, msg_in.header.api_version);
359 		}
360 	}
361 
362 	return ret;
363 }
364 
365 void intel_pxp_tee_end_arb_fw_session(struct intel_pxp *pxp, u32 session_id)
366 {
367 	struct drm_i915_private *i915 = pxp->ctrl_gt->i915;
368 	struct pxp42_inv_stream_key_in msg_in = {};
369 	struct pxp42_inv_stream_key_out msg_out = {};
370 	int ret, trials = 0;
371 
372 try_again:
373 	memset(&msg_in, 0, sizeof(msg_in));
374 	memset(&msg_out, 0, sizeof(msg_out));
375 	msg_in.header.api_version = PXP_APIVER(4, 2);
376 	msg_in.header.command_id = PXP42_CMDID_INVALIDATE_STREAM_KEY;
377 	msg_in.header.buffer_len = sizeof(msg_in) - sizeof(msg_in.header);
378 
379 	msg_in.header.stream_id = FIELD_PREP(PXP_CMDHDR_EXTDATA_SESSION_VALID, 1);
380 	msg_in.header.stream_id |= FIELD_PREP(PXP_CMDHDR_EXTDATA_APP_TYPE, 0);
381 	msg_in.header.stream_id |= FIELD_PREP(PXP_CMDHDR_EXTDATA_SESSION_ID, session_id);
382 
383 	ret = intel_pxp_tee_io_message(pxp,
384 				       &msg_in, sizeof(msg_in),
385 				       &msg_out, sizeof(msg_out),
386 				       NULL);
387 
388 	/* Cleanup coherency between GT and Firmware is critical, so try again if it fails */
389 	if ((ret || msg_out.header.status != 0x0) && ++trials < 3)
390 		goto try_again;
391 
392 	if (ret) {
393 		drm_err(&i915->drm, "Failed to send tee msg for inv-stream-key-%u, ret=[%d]\n",
394 			session_id, ret);
395 	} else if (msg_out.header.status != 0) {
396 		if (is_fw_err_platform_config(pxp, msg_out.header.status)) {
397 			drm_info_once(&i915->drm,
398 				      "PXP inv-stream-key-%u failed due to BIOS/SOC :0x%08x:%s\n",
399 				      session_id, msg_out.header.status,
400 				      fw_err_to_string(msg_out.header.status));
401 		} else {
402 			drm_dbg(&i915->drm, "PXP inv-stream-key-%u failed 0x%08x:%s:\n",
403 				session_id, msg_out.header.status,
404 				fw_err_to_string(msg_out.header.status));
405 			drm_dbg(&i915->drm, "     cmd-detail: ID=[0x%08x],API-Ver-[0x%08x]\n",
406 				msg_in.header.command_id, msg_in.header.api_version);
407 		}
408 	}
409 }
410