1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 8 #include <linux/errno.h> 9 #include <linux/io.h> 10 #include <linux/module.h> 11 #include <linux/slab.h> 12 #include <linux/string.h> 13 #include <linux/device.h> 14 #include <linux/tee_core.h> 15 #include <linux/types.h> 16 #include <linux/mm.h> 17 #include <linux/uaccess.h> 18 #include <linux/firmware.h> 19 #include "amdtee_private.h" 20 #include <linux/psp-tee.h> 21 22 static struct amdtee_driver_data *drv_data; 23 static DEFINE_MUTEX(session_list_mutex); 24 25 static void amdtee_get_version(struct tee_device *teedev, 26 struct tee_ioctl_version_data *vers) 27 { 28 struct tee_ioctl_version_data v = { 29 .impl_id = TEE_IMPL_ID_AMDTEE, 30 .impl_caps = 0, 31 .gen_caps = TEE_GEN_CAP_GP, 32 }; 33 *vers = v; 34 } 35 36 static int amdtee_open(struct tee_context *ctx) 37 { 38 struct amdtee_context_data *ctxdata; 39 40 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 41 if (!ctxdata) 42 return -ENOMEM; 43 44 INIT_LIST_HEAD(&ctxdata->sess_list); 45 INIT_LIST_HEAD(&ctxdata->shm_list); 46 mutex_init(&ctxdata->shm_mutex); 47 48 ctx->data = ctxdata; 49 return 0; 50 } 51 52 static void release_session(struct amdtee_session *sess) 53 { 54 int i; 55 56 /* Close any open session */ 57 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 58 /* Check if session entry 'i' is valid */ 59 if (!test_bit(i, sess->sess_mask)) 60 continue; 61 62 handle_close_session(sess->ta_handle, sess->session_info[i]); 63 handle_unload_ta(sess->ta_handle); 64 } 65 66 kfree(sess); 67 } 68 69 static void amdtee_release(struct tee_context *ctx) 70 { 71 struct amdtee_context_data *ctxdata = ctx->data; 72 73 if (!ctxdata) 74 return; 75 76 while (true) { 77 struct amdtee_session *sess; 78 79 sess = list_first_entry_or_null(&ctxdata->sess_list, 80 struct amdtee_session, 81 list_node); 82 83 if (!sess) 84 break; 85 86 list_del(&sess->list_node); 87 release_session(sess); 88 } 89 mutex_destroy(&ctxdata->shm_mutex); 90 kfree(ctxdata); 91 92 ctx->data = NULL; 93 } 94 95 /** 96 * alloc_session() - Allocate a session structure 97 * @ctxdata: TEE Context data structure 98 * @session: Session ID for which 'struct amdtee_session' structure is to be 99 * allocated. 100 * 101 * Scans the TEE context's session list to check if TA is already loaded in to 102 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 103 * initializes a new 'session' structure and adds it to context's session list. 104 * 105 * The caller must hold a mutex. 106 * 107 * Returns: 108 * 'struct amdtee_session *' on success and NULL on failure. 109 */ 110 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 111 u32 session) 112 { 113 struct amdtee_session *sess; 114 u32 ta_handle = get_ta_handle(session); 115 116 /* Scan session list to check if TA is already loaded in to TEE */ 117 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 118 if (sess->ta_handle == ta_handle) { 119 kref_get(&sess->refcount); 120 return sess; 121 } 122 123 /* Allocate a new session and add to list */ 124 sess = kzalloc(sizeof(*sess), GFP_KERNEL); 125 if (sess) { 126 sess->ta_handle = ta_handle; 127 kref_init(&sess->refcount); 128 spin_lock_init(&sess->lock); 129 list_add(&sess->list_node, &ctxdata->sess_list); 130 } 131 132 return sess; 133 } 134 135 /* Requires mutex to be held */ 136 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 137 u32 session) 138 { 139 u32 ta_handle = get_ta_handle(session); 140 u32 index = get_session_index(session); 141 struct amdtee_session *sess; 142 143 if (index >= TEE_NUM_SESSIONS) 144 return NULL; 145 146 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 147 if (ta_handle == sess->ta_handle && 148 test_bit(index, sess->sess_mask)) 149 return sess; 150 151 return NULL; 152 } 153 154 u32 get_buffer_id(struct tee_shm *shm) 155 { 156 struct amdtee_context_data *ctxdata = shm->ctx->data; 157 struct amdtee_shm_data *shmdata; 158 u32 buf_id = 0; 159 160 mutex_lock(&ctxdata->shm_mutex); 161 list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node) 162 if (shmdata->kaddr == shm->kaddr) { 163 buf_id = shmdata->buf_id; 164 break; 165 } 166 mutex_unlock(&ctxdata->shm_mutex); 167 168 return buf_id; 169 } 170 171 static DEFINE_MUTEX(drv_mutex); 172 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 173 size_t *ta_size) 174 { 175 const struct firmware *fw; 176 char fw_name[TA_PATH_MAX]; 177 struct { 178 u32 lo; 179 u16 mid; 180 u16 hi_ver; 181 u8 seq_n[8]; 182 } *uuid = ptr; 183 int n, rc = 0; 184 185 n = snprintf(fw_name, TA_PATH_MAX, 186 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 187 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 188 uuid->seq_n[0], uuid->seq_n[1], 189 uuid->seq_n[2], uuid->seq_n[3], 190 uuid->seq_n[4], uuid->seq_n[5], 191 uuid->seq_n[6], uuid->seq_n[7]); 192 if (n < 0 || n >= TA_PATH_MAX) { 193 pr_err("failed to get firmware name\n"); 194 return -EINVAL; 195 } 196 197 mutex_lock(&drv_mutex); 198 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 199 if (n) { 200 pr_err("failed to load firmware %s\n", fw_name); 201 rc = -ENOMEM; 202 goto unlock; 203 } 204 205 *ta_size = roundup(fw->size, PAGE_SIZE); 206 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 207 if (!*ta) { 208 pr_err("%s: get_free_pages failed\n", __func__); 209 rc = -ENOMEM; 210 goto rel_fw; 211 } 212 213 memcpy(*ta, fw->data, fw->size); 214 rel_fw: 215 release_firmware(fw); 216 unlock: 217 mutex_unlock(&drv_mutex); 218 return rc; 219 } 220 221 /* mutex must be held by caller */ 222 static void destroy_session(struct kref *ref) 223 { 224 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 225 refcount); 226 227 list_del(&sess->list_node); 228 mutex_unlock(&session_list_mutex); 229 kfree(sess); 230 } 231 232 int amdtee_open_session(struct tee_context *ctx, 233 struct tee_ioctl_open_session_arg *arg, 234 struct tee_param *param) 235 { 236 struct amdtee_context_data *ctxdata = ctx->data; 237 struct amdtee_session *sess = NULL; 238 u32 session_info, ta_handle; 239 size_t ta_size; 240 int rc, i; 241 void *ta; 242 243 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 244 pr_err("unsupported client login method\n"); 245 return -EINVAL; 246 } 247 248 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 249 if (rc) { 250 pr_err("failed to copy TA binary\n"); 251 return rc; 252 } 253 254 /* Load the TA binary into TEE environment */ 255 handle_load_ta(ta, ta_size, arg); 256 if (arg->ret != TEEC_SUCCESS) 257 goto out; 258 259 ta_handle = get_ta_handle(arg->session); 260 261 mutex_lock(&session_list_mutex); 262 sess = alloc_session(ctxdata, arg->session); 263 mutex_unlock(&session_list_mutex); 264 265 if (!sess) { 266 handle_unload_ta(ta_handle); 267 rc = -ENOMEM; 268 goto out; 269 } 270 271 /* Open session with loaded TA */ 272 handle_open_session(arg, &session_info, param); 273 if (arg->ret != TEEC_SUCCESS) { 274 pr_err("open_session failed %d\n", arg->ret); 275 handle_unload_ta(ta_handle); 276 kref_put_mutex(&sess->refcount, destroy_session, 277 &session_list_mutex); 278 goto out; 279 } 280 281 /* Find an empty session index for the given TA */ 282 spin_lock(&sess->lock); 283 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 284 if (i < TEE_NUM_SESSIONS) { 285 sess->session_info[i] = session_info; 286 set_session_id(ta_handle, i, &arg->session); 287 set_bit(i, sess->sess_mask); 288 } 289 spin_unlock(&sess->lock); 290 291 if (i >= TEE_NUM_SESSIONS) { 292 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 293 handle_close_session(ta_handle, session_info); 294 handle_unload_ta(ta_handle); 295 kref_put_mutex(&sess->refcount, destroy_session, 296 &session_list_mutex); 297 rc = -ENOMEM; 298 goto out; 299 } 300 301 out: 302 free_pages((u64)ta, get_order(ta_size)); 303 return rc; 304 } 305 306 int amdtee_close_session(struct tee_context *ctx, u32 session) 307 { 308 struct amdtee_context_data *ctxdata = ctx->data; 309 u32 i, ta_handle, session_info; 310 struct amdtee_session *sess; 311 312 pr_debug("%s: sid = 0x%x\n", __func__, session); 313 314 /* 315 * Check that the session is valid and clear the session 316 * usage bit 317 */ 318 mutex_lock(&session_list_mutex); 319 sess = find_session(ctxdata, session); 320 if (sess) { 321 ta_handle = get_ta_handle(session); 322 i = get_session_index(session); 323 session_info = sess->session_info[i]; 324 spin_lock(&sess->lock); 325 clear_bit(i, sess->sess_mask); 326 spin_unlock(&sess->lock); 327 } 328 mutex_unlock(&session_list_mutex); 329 330 if (!sess) 331 return -EINVAL; 332 333 /* Close the session */ 334 handle_close_session(ta_handle, session_info); 335 handle_unload_ta(ta_handle); 336 337 kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex); 338 339 return 0; 340 } 341 342 int amdtee_map_shmem(struct tee_shm *shm) 343 { 344 struct amdtee_context_data *ctxdata; 345 struct amdtee_shm_data *shmnode; 346 struct shmem_desc shmem; 347 int rc, count; 348 u32 buf_id; 349 350 if (!shm) 351 return -EINVAL; 352 353 shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL); 354 if (!shmnode) 355 return -ENOMEM; 356 357 count = 1; 358 shmem.kaddr = shm->kaddr; 359 shmem.size = shm->size; 360 361 /* 362 * Send a MAP command to TEE and get the corresponding 363 * buffer Id 364 */ 365 rc = handle_map_shmem(count, &shmem, &buf_id); 366 if (rc) { 367 pr_err("map_shmem failed: ret = %d\n", rc); 368 kfree(shmnode); 369 return rc; 370 } 371 372 shmnode->kaddr = shm->kaddr; 373 shmnode->buf_id = buf_id; 374 ctxdata = shm->ctx->data; 375 mutex_lock(&ctxdata->shm_mutex); 376 list_add(&shmnode->shm_node, &ctxdata->shm_list); 377 mutex_unlock(&ctxdata->shm_mutex); 378 379 pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr); 380 381 return 0; 382 } 383 384 void amdtee_unmap_shmem(struct tee_shm *shm) 385 { 386 struct amdtee_context_data *ctxdata; 387 struct amdtee_shm_data *shmnode; 388 u32 buf_id; 389 390 if (!shm) 391 return; 392 393 buf_id = get_buffer_id(shm); 394 /* Unmap the shared memory from TEE */ 395 handle_unmap_shmem(buf_id); 396 397 ctxdata = shm->ctx->data; 398 mutex_lock(&ctxdata->shm_mutex); 399 list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node) 400 if (buf_id == shmnode->buf_id) { 401 list_del(&shmnode->shm_node); 402 kfree(shmnode); 403 break; 404 } 405 mutex_unlock(&ctxdata->shm_mutex); 406 } 407 408 int amdtee_invoke_func(struct tee_context *ctx, 409 struct tee_ioctl_invoke_arg *arg, 410 struct tee_param *param) 411 { 412 struct amdtee_context_data *ctxdata = ctx->data; 413 struct amdtee_session *sess; 414 u32 i, session_info; 415 416 /* Check that the session is valid */ 417 mutex_lock(&session_list_mutex); 418 sess = find_session(ctxdata, arg->session); 419 if (sess) { 420 i = get_session_index(arg->session); 421 session_info = sess->session_info[i]; 422 } 423 mutex_unlock(&session_list_mutex); 424 425 if (!sess) 426 return -EINVAL; 427 428 handle_invoke_cmd(arg, session_info, param); 429 430 return 0; 431 } 432 433 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 434 { 435 return -EINVAL; 436 } 437 438 static const struct tee_driver_ops amdtee_ops = { 439 .get_version = amdtee_get_version, 440 .open = amdtee_open, 441 .release = amdtee_release, 442 .open_session = amdtee_open_session, 443 .close_session = amdtee_close_session, 444 .invoke_func = amdtee_invoke_func, 445 .cancel_req = amdtee_cancel_req, 446 }; 447 448 static const struct tee_desc amdtee_desc = { 449 .name = DRIVER_NAME "-clnt", 450 .ops = &amdtee_ops, 451 .owner = THIS_MODULE, 452 }; 453 454 static int __init amdtee_driver_init(void) 455 { 456 struct tee_device *teedev; 457 struct tee_shm_pool *pool; 458 struct amdtee *amdtee; 459 int rc; 460 461 rc = psp_check_tee_status(); 462 if (rc) { 463 pr_err("tee not present\n"); 464 return rc; 465 } 466 467 drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL); 468 if (!drv_data) 469 return -ENOMEM; 470 471 amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL); 472 if (!amdtee) { 473 rc = -ENOMEM; 474 goto err_kfree_drv_data; 475 } 476 477 pool = amdtee_config_shm(); 478 if (IS_ERR(pool)) { 479 pr_err("shared pool configuration error\n"); 480 rc = PTR_ERR(pool); 481 goto err_kfree_amdtee; 482 } 483 484 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 485 if (IS_ERR(teedev)) { 486 rc = PTR_ERR(teedev); 487 goto err_free_pool; 488 } 489 amdtee->teedev = teedev; 490 491 rc = tee_device_register(amdtee->teedev); 492 if (rc) 493 goto err_device_unregister; 494 495 amdtee->pool = pool; 496 497 drv_data->amdtee = amdtee; 498 499 return 0; 500 501 err_device_unregister: 502 tee_device_unregister(amdtee->teedev); 503 504 err_free_pool: 505 tee_shm_pool_free(pool); 506 507 err_kfree_amdtee: 508 kfree(amdtee); 509 510 err_kfree_drv_data: 511 kfree(drv_data); 512 drv_data = NULL; 513 514 pr_err("initialization failed\n"); 515 return rc; 516 } 517 module_init(amdtee_driver_init); 518 519 static void __exit amdtee_driver_exit(void) 520 { 521 struct amdtee *amdtee; 522 523 if (!drv_data || !drv_data->amdtee) 524 return; 525 526 amdtee = drv_data->amdtee; 527 528 tee_device_unregister(amdtee->teedev); 529 tee_shm_pool_free(amdtee->pool); 530 } 531 module_exit(amdtee_driver_exit); 532 533 MODULE_AUTHOR(DRIVER_AUTHOR); 534 MODULE_DESCRIPTION("AMD-TEE driver"); 535 MODULE_VERSION("1.0"); 536 MODULE_LICENSE("Dual MIT/GPL"); 537