1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 8 #include <linux/errno.h> 9 #include <linux/device.h> 10 #include <linux/firmware.h> 11 #include <linux/io.h> 12 #include <linux/mm.h> 13 #include <linux/module.h> 14 #include <linux/psp-tee.h> 15 #include <linux/slab.h> 16 #include <linux/string.h> 17 #include <linux/tee_core.h> 18 #include <linux/types.h> 19 #include <linux/uaccess.h> 20 21 #include "amdtee_private.h" 22 23 static struct amdtee_driver_data *drv_data; 24 static DEFINE_MUTEX(session_list_mutex); 25 26 static void amdtee_get_version(struct tee_device *teedev, 27 struct tee_ioctl_version_data *vers) 28 { 29 struct tee_ioctl_version_data v = { 30 .impl_id = TEE_IMPL_ID_AMDTEE, 31 .impl_caps = 0, 32 .gen_caps = TEE_GEN_CAP_GP, 33 }; 34 *vers = v; 35 } 36 37 static int amdtee_open(struct tee_context *ctx) 38 { 39 struct amdtee_context_data *ctxdata; 40 41 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 42 if (!ctxdata) 43 return -ENOMEM; 44 45 INIT_LIST_HEAD(&ctxdata->sess_list); 46 INIT_LIST_HEAD(&ctxdata->shm_list); 47 mutex_init(&ctxdata->shm_mutex); 48 49 ctx->data = ctxdata; 50 return 0; 51 } 52 53 static void release_session(struct amdtee_session *sess) 54 { 55 int i; 56 57 /* Close any open session */ 58 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 59 /* Check if session entry 'i' is valid */ 60 if (!test_bit(i, sess->sess_mask)) 61 continue; 62 63 handle_close_session(sess->ta_handle, sess->session_info[i]); 64 handle_unload_ta(sess->ta_handle); 65 } 66 67 kfree(sess); 68 } 69 70 static void amdtee_release(struct tee_context *ctx) 71 { 72 struct amdtee_context_data *ctxdata = ctx->data; 73 74 if (!ctxdata) 75 return; 76 77 while (true) { 78 struct amdtee_session *sess; 79 80 sess = list_first_entry_or_null(&ctxdata->sess_list, 81 struct amdtee_session, 82 list_node); 83 84 if (!sess) 85 break; 86 87 list_del(&sess->list_node); 88 release_session(sess); 89 } 90 mutex_destroy(&ctxdata->shm_mutex); 91 kfree(ctxdata); 92 93 ctx->data = NULL; 94 } 95 96 /** 97 * alloc_session() - Allocate a session structure 98 * @ctxdata: TEE Context data structure 99 * @session: Session ID for which 'struct amdtee_session' structure is to be 100 * allocated. 101 * 102 * Scans the TEE context's session list to check if TA is already loaded in to 103 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 104 * initializes a new 'session' structure and adds it to context's session list. 105 * 106 * The caller must hold a mutex. 107 * 108 * Returns: 109 * 'struct amdtee_session *' on success and NULL on failure. 110 */ 111 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 112 u32 session) 113 { 114 struct amdtee_session *sess; 115 u32 ta_handle = get_ta_handle(session); 116 117 /* Scan session list to check if TA is already loaded in to TEE */ 118 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 119 if (sess->ta_handle == ta_handle) { 120 kref_get(&sess->refcount); 121 return sess; 122 } 123 124 /* Allocate a new session and add to list */ 125 sess = kzalloc(sizeof(*sess), GFP_KERNEL); 126 if (sess) { 127 sess->ta_handle = ta_handle; 128 kref_init(&sess->refcount); 129 spin_lock_init(&sess->lock); 130 list_add(&sess->list_node, &ctxdata->sess_list); 131 } 132 133 return sess; 134 } 135 136 /* Requires mutex to be held */ 137 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 138 u32 session) 139 { 140 u32 ta_handle = get_ta_handle(session); 141 u32 index = get_session_index(session); 142 struct amdtee_session *sess; 143 144 if (index >= TEE_NUM_SESSIONS) 145 return NULL; 146 147 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 148 if (ta_handle == sess->ta_handle && 149 test_bit(index, sess->sess_mask)) 150 return sess; 151 152 return NULL; 153 } 154 155 u32 get_buffer_id(struct tee_shm *shm) 156 { 157 struct amdtee_context_data *ctxdata = shm->ctx->data; 158 struct amdtee_shm_data *shmdata; 159 u32 buf_id = 0; 160 161 mutex_lock(&ctxdata->shm_mutex); 162 list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node) 163 if (shmdata->kaddr == shm->kaddr) { 164 buf_id = shmdata->buf_id; 165 break; 166 } 167 mutex_unlock(&ctxdata->shm_mutex); 168 169 return buf_id; 170 } 171 172 static DEFINE_MUTEX(drv_mutex); 173 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 174 size_t *ta_size) 175 { 176 const struct firmware *fw; 177 char fw_name[TA_PATH_MAX]; 178 struct { 179 u32 lo; 180 u16 mid; 181 u16 hi_ver; 182 u8 seq_n[8]; 183 } *uuid = ptr; 184 int n, rc = 0; 185 186 n = snprintf(fw_name, TA_PATH_MAX, 187 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 188 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 189 uuid->seq_n[0], uuid->seq_n[1], 190 uuid->seq_n[2], uuid->seq_n[3], 191 uuid->seq_n[4], uuid->seq_n[5], 192 uuid->seq_n[6], uuid->seq_n[7]); 193 if (n < 0 || n >= TA_PATH_MAX) { 194 pr_err("failed to get firmware name\n"); 195 return -EINVAL; 196 } 197 198 mutex_lock(&drv_mutex); 199 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 200 if (n) { 201 pr_err("failed to load firmware %s\n", fw_name); 202 rc = -ENOMEM; 203 goto unlock; 204 } 205 206 *ta_size = roundup(fw->size, PAGE_SIZE); 207 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 208 if (!*ta) { 209 pr_err("%s: get_free_pages failed\n", __func__); 210 rc = -ENOMEM; 211 goto rel_fw; 212 } 213 214 memcpy(*ta, fw->data, fw->size); 215 rel_fw: 216 release_firmware(fw); 217 unlock: 218 mutex_unlock(&drv_mutex); 219 return rc; 220 } 221 222 /* mutex must be held by caller */ 223 static void destroy_session(struct kref *ref) 224 { 225 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 226 refcount); 227 228 list_del(&sess->list_node); 229 mutex_unlock(&session_list_mutex); 230 kfree(sess); 231 } 232 233 int amdtee_open_session(struct tee_context *ctx, 234 struct tee_ioctl_open_session_arg *arg, 235 struct tee_param *param) 236 { 237 struct amdtee_context_data *ctxdata = ctx->data; 238 struct amdtee_session *sess = NULL; 239 u32 session_info, ta_handle; 240 size_t ta_size; 241 int rc, i; 242 void *ta; 243 244 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 245 pr_err("unsupported client login method\n"); 246 return -EINVAL; 247 } 248 249 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 250 if (rc) { 251 pr_err("failed to copy TA binary\n"); 252 return rc; 253 } 254 255 /* Load the TA binary into TEE environment */ 256 handle_load_ta(ta, ta_size, arg); 257 if (arg->ret != TEEC_SUCCESS) 258 goto out; 259 260 ta_handle = get_ta_handle(arg->session); 261 262 mutex_lock(&session_list_mutex); 263 sess = alloc_session(ctxdata, arg->session); 264 mutex_unlock(&session_list_mutex); 265 266 if (!sess) { 267 handle_unload_ta(ta_handle); 268 rc = -ENOMEM; 269 goto out; 270 } 271 272 /* Open session with loaded TA */ 273 handle_open_session(arg, &session_info, param); 274 if (arg->ret != TEEC_SUCCESS) { 275 pr_err("open_session failed %d\n", arg->ret); 276 handle_unload_ta(ta_handle); 277 kref_put_mutex(&sess->refcount, destroy_session, 278 &session_list_mutex); 279 goto out; 280 } 281 282 /* Find an empty session index for the given TA */ 283 spin_lock(&sess->lock); 284 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 285 if (i < TEE_NUM_SESSIONS) { 286 sess->session_info[i] = session_info; 287 set_session_id(ta_handle, i, &arg->session); 288 set_bit(i, sess->sess_mask); 289 } 290 spin_unlock(&sess->lock); 291 292 if (i >= TEE_NUM_SESSIONS) { 293 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 294 handle_close_session(ta_handle, session_info); 295 handle_unload_ta(ta_handle); 296 kref_put_mutex(&sess->refcount, destroy_session, 297 &session_list_mutex); 298 rc = -ENOMEM; 299 goto out; 300 } 301 302 out: 303 free_pages((u64)ta, get_order(ta_size)); 304 return rc; 305 } 306 307 int amdtee_close_session(struct tee_context *ctx, u32 session) 308 { 309 struct amdtee_context_data *ctxdata = ctx->data; 310 u32 i, ta_handle, session_info; 311 struct amdtee_session *sess; 312 313 pr_debug("%s: sid = 0x%x\n", __func__, session); 314 315 /* 316 * Check that the session is valid and clear the session 317 * usage bit 318 */ 319 mutex_lock(&session_list_mutex); 320 sess = find_session(ctxdata, session); 321 if (sess) { 322 ta_handle = get_ta_handle(session); 323 i = get_session_index(session); 324 session_info = sess->session_info[i]; 325 spin_lock(&sess->lock); 326 clear_bit(i, sess->sess_mask); 327 spin_unlock(&sess->lock); 328 } 329 mutex_unlock(&session_list_mutex); 330 331 if (!sess) 332 return -EINVAL; 333 334 /* Close the session */ 335 handle_close_session(ta_handle, session_info); 336 handle_unload_ta(ta_handle); 337 338 kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex); 339 340 return 0; 341 } 342 343 int amdtee_map_shmem(struct tee_shm *shm) 344 { 345 struct amdtee_context_data *ctxdata; 346 struct amdtee_shm_data *shmnode; 347 struct shmem_desc shmem; 348 int rc, count; 349 u32 buf_id; 350 351 if (!shm) 352 return -EINVAL; 353 354 shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL); 355 if (!shmnode) 356 return -ENOMEM; 357 358 count = 1; 359 shmem.kaddr = shm->kaddr; 360 shmem.size = shm->size; 361 362 /* 363 * Send a MAP command to TEE and get the corresponding 364 * buffer Id 365 */ 366 rc = handle_map_shmem(count, &shmem, &buf_id); 367 if (rc) { 368 pr_err("map_shmem failed: ret = %d\n", rc); 369 kfree(shmnode); 370 return rc; 371 } 372 373 shmnode->kaddr = shm->kaddr; 374 shmnode->buf_id = buf_id; 375 ctxdata = shm->ctx->data; 376 mutex_lock(&ctxdata->shm_mutex); 377 list_add(&shmnode->shm_node, &ctxdata->shm_list); 378 mutex_unlock(&ctxdata->shm_mutex); 379 380 pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr); 381 382 return 0; 383 } 384 385 void amdtee_unmap_shmem(struct tee_shm *shm) 386 { 387 struct amdtee_context_data *ctxdata; 388 struct amdtee_shm_data *shmnode; 389 u32 buf_id; 390 391 if (!shm) 392 return; 393 394 buf_id = get_buffer_id(shm); 395 /* Unmap the shared memory from TEE */ 396 handle_unmap_shmem(buf_id); 397 398 ctxdata = shm->ctx->data; 399 mutex_lock(&ctxdata->shm_mutex); 400 list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node) 401 if (buf_id == shmnode->buf_id) { 402 list_del(&shmnode->shm_node); 403 kfree(shmnode); 404 break; 405 } 406 mutex_unlock(&ctxdata->shm_mutex); 407 } 408 409 int amdtee_invoke_func(struct tee_context *ctx, 410 struct tee_ioctl_invoke_arg *arg, 411 struct tee_param *param) 412 { 413 struct amdtee_context_data *ctxdata = ctx->data; 414 struct amdtee_session *sess; 415 u32 i, session_info; 416 417 /* Check that the session is valid */ 418 mutex_lock(&session_list_mutex); 419 sess = find_session(ctxdata, arg->session); 420 if (sess) { 421 i = get_session_index(arg->session); 422 session_info = sess->session_info[i]; 423 } 424 mutex_unlock(&session_list_mutex); 425 426 if (!sess) 427 return -EINVAL; 428 429 handle_invoke_cmd(arg, session_info, param); 430 431 return 0; 432 } 433 434 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 435 { 436 return -EINVAL; 437 } 438 439 static const struct tee_driver_ops amdtee_ops = { 440 .get_version = amdtee_get_version, 441 .open = amdtee_open, 442 .release = amdtee_release, 443 .open_session = amdtee_open_session, 444 .close_session = amdtee_close_session, 445 .invoke_func = amdtee_invoke_func, 446 .cancel_req = amdtee_cancel_req, 447 }; 448 449 static const struct tee_desc amdtee_desc = { 450 .name = DRIVER_NAME "-clnt", 451 .ops = &amdtee_ops, 452 .owner = THIS_MODULE, 453 }; 454 455 static int __init amdtee_driver_init(void) 456 { 457 struct tee_device *teedev; 458 struct tee_shm_pool *pool; 459 struct amdtee *amdtee; 460 int rc; 461 462 rc = psp_check_tee_status(); 463 if (rc) { 464 pr_err("tee not present\n"); 465 return rc; 466 } 467 468 drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL); 469 if (!drv_data) 470 return -ENOMEM; 471 472 amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL); 473 if (!amdtee) { 474 rc = -ENOMEM; 475 goto err_kfree_drv_data; 476 } 477 478 pool = amdtee_config_shm(); 479 if (IS_ERR(pool)) { 480 pr_err("shared pool configuration error\n"); 481 rc = PTR_ERR(pool); 482 goto err_kfree_amdtee; 483 } 484 485 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 486 if (IS_ERR(teedev)) { 487 rc = PTR_ERR(teedev); 488 goto err_free_pool; 489 } 490 amdtee->teedev = teedev; 491 492 rc = tee_device_register(amdtee->teedev); 493 if (rc) 494 goto err_device_unregister; 495 496 amdtee->pool = pool; 497 498 drv_data->amdtee = amdtee; 499 500 return 0; 501 502 err_device_unregister: 503 tee_device_unregister(amdtee->teedev); 504 505 err_free_pool: 506 tee_shm_pool_free(pool); 507 508 err_kfree_amdtee: 509 kfree(amdtee); 510 511 err_kfree_drv_data: 512 kfree(drv_data); 513 drv_data = NULL; 514 515 pr_err("initialization failed\n"); 516 return rc; 517 } 518 module_init(amdtee_driver_init); 519 520 static void __exit amdtee_driver_exit(void) 521 { 522 struct amdtee *amdtee; 523 524 if (!drv_data || !drv_data->amdtee) 525 return; 526 527 amdtee = drv_data->amdtee; 528 529 tee_device_unregister(amdtee->teedev); 530 tee_shm_pool_free(amdtee->pool); 531 } 532 module_exit(amdtee_driver_exit); 533 534 MODULE_AUTHOR(DRIVER_AUTHOR); 535 MODULE_DESCRIPTION("AMD-TEE driver"); 536 MODULE_VERSION("1.0"); 537 MODULE_LICENSE("Dual MIT/GPL"); 538