1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #include <linux/errno.h> 7 #include <linux/io.h> 8 #include <linux/module.h> 9 #include <linux/slab.h> 10 #include <linux/string.h> 11 #include <linux/device.h> 12 #include <linux/tee_drv.h> 13 #include <linux/types.h> 14 #include <linux/mm.h> 15 #include <linux/uaccess.h> 16 #include <linux/firmware.h> 17 #include "amdtee_private.h" 18 #include "../tee_private.h" 19 #include <linux/psp-tee.h> 20 21 static struct amdtee_driver_data *drv_data; 22 static DEFINE_MUTEX(session_list_mutex); 23 24 static void amdtee_get_version(struct tee_device *teedev, 25 struct tee_ioctl_version_data *vers) 26 { 27 struct tee_ioctl_version_data v = { 28 .impl_id = TEE_IMPL_ID_AMDTEE, 29 .impl_caps = 0, 30 .gen_caps = TEE_GEN_CAP_GP, 31 }; 32 *vers = v; 33 } 34 35 static int amdtee_open(struct tee_context *ctx) 36 { 37 struct amdtee_context_data *ctxdata; 38 39 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 40 if (!ctxdata) 41 return -ENOMEM; 42 43 INIT_LIST_HEAD(&ctxdata->sess_list); 44 INIT_LIST_HEAD(&ctxdata->shm_list); 45 mutex_init(&ctxdata->shm_mutex); 46 47 ctx->data = ctxdata; 48 return 0; 49 } 50 51 static void release_session(struct amdtee_session *sess) 52 { 53 int i; 54 55 /* Close any open session */ 56 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 57 /* Check if session entry 'i' is valid */ 58 if (!test_bit(i, sess->sess_mask)) 59 continue; 60 61 handle_close_session(sess->ta_handle, sess->session_info[i]); 62 } 63 64 /* Unload Trusted Application once all sessions are closed */ 65 handle_unload_ta(sess->ta_handle); 66 kfree(sess); 67 } 68 69 static void amdtee_release(struct tee_context *ctx) 70 { 71 struct amdtee_context_data *ctxdata = ctx->data; 72 73 if (!ctxdata) 74 return; 75 76 while (true) { 77 struct amdtee_session *sess; 78 79 sess = list_first_entry_or_null(&ctxdata->sess_list, 80 struct amdtee_session, 81 list_node); 82 83 if (!sess) 84 break; 85 86 list_del(&sess->list_node); 87 release_session(sess); 88 } 89 mutex_destroy(&ctxdata->shm_mutex); 90 kfree(ctxdata); 91 92 ctx->data = NULL; 93 } 94 95 /** 96 * alloc_session() - Allocate a session structure 97 * @ctxdata: TEE Context data structure 98 * @session: Session ID for which 'struct amdtee_session' structure is to be 99 * allocated. 100 * 101 * Scans the TEE context's session list to check if TA is already loaded in to 102 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 103 * initializes a new 'session' structure and adds it to context's session list. 104 * 105 * The caller must hold a mutex. 106 * 107 * Returns: 108 * 'struct amdtee_session *' on success and NULL on failure. 109 */ 110 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 111 u32 session) 112 { 113 struct amdtee_session *sess; 114 u32 ta_handle = get_ta_handle(session); 115 116 /* Scan session list to check if TA is already loaded in to TEE */ 117 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 118 if (sess->ta_handle == ta_handle) { 119 kref_get(&sess->refcount); 120 return sess; 121 } 122 123 /* Allocate a new session and add to list */ 124 sess = kzalloc(sizeof(*sess), GFP_KERNEL); 125 if (sess) { 126 sess->ta_handle = ta_handle; 127 kref_init(&sess->refcount); 128 spin_lock_init(&sess->lock); 129 list_add(&sess->list_node, &ctxdata->sess_list); 130 } 131 132 return sess; 133 } 134 135 /* Requires mutex to be held */ 136 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 137 u32 session) 138 { 139 u32 ta_handle = get_ta_handle(session); 140 u32 index = get_session_index(session); 141 struct amdtee_session *sess; 142 143 if (index >= TEE_NUM_SESSIONS) 144 return NULL; 145 146 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 147 if (ta_handle == sess->ta_handle && 148 test_bit(index, sess->sess_mask)) 149 return sess; 150 151 return NULL; 152 } 153 154 u32 get_buffer_id(struct tee_shm *shm) 155 { 156 struct amdtee_context_data *ctxdata = shm->ctx->data; 157 struct amdtee_shm_data *shmdata; 158 u32 buf_id = 0; 159 160 mutex_lock(&ctxdata->shm_mutex); 161 list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node) 162 if (shmdata->kaddr == shm->kaddr) { 163 buf_id = shmdata->buf_id; 164 break; 165 } 166 mutex_unlock(&ctxdata->shm_mutex); 167 168 return buf_id; 169 } 170 171 static DEFINE_MUTEX(drv_mutex); 172 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 173 size_t *ta_size) 174 { 175 const struct firmware *fw; 176 char fw_name[TA_PATH_MAX]; 177 struct { 178 u32 lo; 179 u16 mid; 180 u16 hi_ver; 181 u8 seq_n[8]; 182 } *uuid = ptr; 183 int n, rc = 0; 184 185 n = snprintf(fw_name, TA_PATH_MAX, 186 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 187 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 188 uuid->seq_n[0], uuid->seq_n[1], 189 uuid->seq_n[2], uuid->seq_n[3], 190 uuid->seq_n[4], uuid->seq_n[5], 191 uuid->seq_n[6], uuid->seq_n[7]); 192 if (n < 0 || n >= TA_PATH_MAX) { 193 pr_err("failed to get firmware name\n"); 194 return -EINVAL; 195 } 196 197 mutex_lock(&drv_mutex); 198 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 199 if (n) { 200 pr_err("failed to load firmware %s\n", fw_name); 201 rc = -ENOMEM; 202 goto unlock; 203 } 204 205 *ta_size = roundup(fw->size, PAGE_SIZE); 206 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 207 if (IS_ERR(*ta)) { 208 pr_err("%s: get_free_pages failed 0x%llx\n", __func__, 209 (u64)*ta); 210 rc = -ENOMEM; 211 goto rel_fw; 212 } 213 214 memcpy(*ta, fw->data, fw->size); 215 rel_fw: 216 release_firmware(fw); 217 unlock: 218 mutex_unlock(&drv_mutex); 219 return rc; 220 } 221 222 static void destroy_session(struct kref *ref) 223 { 224 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 225 refcount); 226 227 /* Unload the TA from TEE */ 228 handle_unload_ta(sess->ta_handle); 229 mutex_lock(&session_list_mutex); 230 list_del(&sess->list_node); 231 mutex_unlock(&session_list_mutex); 232 kfree(sess); 233 } 234 235 int amdtee_open_session(struct tee_context *ctx, 236 struct tee_ioctl_open_session_arg *arg, 237 struct tee_param *param) 238 { 239 struct amdtee_context_data *ctxdata = ctx->data; 240 struct amdtee_session *sess = NULL; 241 u32 session_info; 242 size_t ta_size; 243 int rc, i; 244 void *ta; 245 246 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 247 pr_err("unsupported client login method\n"); 248 return -EINVAL; 249 } 250 251 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 252 if (rc) { 253 pr_err("failed to copy TA binary\n"); 254 return rc; 255 } 256 257 /* Load the TA binary into TEE environment */ 258 handle_load_ta(ta, ta_size, arg); 259 if (arg->ret != TEEC_SUCCESS) 260 goto out; 261 262 mutex_lock(&session_list_mutex); 263 sess = alloc_session(ctxdata, arg->session); 264 mutex_unlock(&session_list_mutex); 265 266 if (!sess) { 267 rc = -ENOMEM; 268 goto out; 269 } 270 271 /* Find an empty session index for the given TA */ 272 spin_lock(&sess->lock); 273 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 274 if (i < TEE_NUM_SESSIONS) 275 set_bit(i, sess->sess_mask); 276 spin_unlock(&sess->lock); 277 278 if (i >= TEE_NUM_SESSIONS) { 279 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 280 kref_put(&sess->refcount, destroy_session); 281 rc = -ENOMEM; 282 goto out; 283 } 284 285 /* Open session with loaded TA */ 286 handle_open_session(arg, &session_info, param); 287 if (arg->ret != TEEC_SUCCESS) { 288 pr_err("open_session failed %d\n", arg->ret); 289 spin_lock(&sess->lock); 290 clear_bit(i, sess->sess_mask); 291 spin_unlock(&sess->lock); 292 kref_put(&sess->refcount, destroy_session); 293 goto out; 294 } 295 296 sess->session_info[i] = session_info; 297 set_session_id(sess->ta_handle, i, &arg->session); 298 out: 299 free_pages((u64)ta, get_order(ta_size)); 300 return rc; 301 } 302 303 int amdtee_close_session(struct tee_context *ctx, u32 session) 304 { 305 struct amdtee_context_data *ctxdata = ctx->data; 306 u32 i, ta_handle, session_info; 307 struct amdtee_session *sess; 308 309 pr_debug("%s: sid = 0x%x\n", __func__, session); 310 311 /* 312 * Check that the session is valid and clear the session 313 * usage bit 314 */ 315 mutex_lock(&session_list_mutex); 316 sess = find_session(ctxdata, session); 317 if (sess) { 318 ta_handle = get_ta_handle(session); 319 i = get_session_index(session); 320 session_info = sess->session_info[i]; 321 spin_lock(&sess->lock); 322 clear_bit(i, sess->sess_mask); 323 spin_unlock(&sess->lock); 324 } 325 mutex_unlock(&session_list_mutex); 326 327 if (!sess) 328 return -EINVAL; 329 330 /* Close the session */ 331 handle_close_session(ta_handle, session_info); 332 333 kref_put(&sess->refcount, destroy_session); 334 335 return 0; 336 } 337 338 int amdtee_map_shmem(struct tee_shm *shm) 339 { 340 struct amdtee_context_data *ctxdata; 341 struct amdtee_shm_data *shmnode; 342 struct shmem_desc shmem; 343 int rc, count; 344 u32 buf_id; 345 346 if (!shm) 347 return -EINVAL; 348 349 shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL); 350 if (!shmnode) 351 return -ENOMEM; 352 353 count = 1; 354 shmem.kaddr = shm->kaddr; 355 shmem.size = shm->size; 356 357 /* 358 * Send a MAP command to TEE and get the corresponding 359 * buffer Id 360 */ 361 rc = handle_map_shmem(count, &shmem, &buf_id); 362 if (rc) { 363 pr_err("map_shmem failed: ret = %d\n", rc); 364 kfree(shmnode); 365 return rc; 366 } 367 368 shmnode->kaddr = shm->kaddr; 369 shmnode->buf_id = buf_id; 370 ctxdata = shm->ctx->data; 371 mutex_lock(&ctxdata->shm_mutex); 372 list_add(&shmnode->shm_node, &ctxdata->shm_list); 373 mutex_unlock(&ctxdata->shm_mutex); 374 375 pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr); 376 377 return 0; 378 } 379 380 void amdtee_unmap_shmem(struct tee_shm *shm) 381 { 382 struct amdtee_context_data *ctxdata; 383 struct amdtee_shm_data *shmnode; 384 u32 buf_id; 385 386 if (!shm) 387 return; 388 389 buf_id = get_buffer_id(shm); 390 /* Unmap the shared memory from TEE */ 391 handle_unmap_shmem(buf_id); 392 393 ctxdata = shm->ctx->data; 394 mutex_lock(&ctxdata->shm_mutex); 395 list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node) 396 if (buf_id == shmnode->buf_id) { 397 list_del(&shmnode->shm_node); 398 kfree(shmnode); 399 break; 400 } 401 mutex_unlock(&ctxdata->shm_mutex); 402 } 403 404 int amdtee_invoke_func(struct tee_context *ctx, 405 struct tee_ioctl_invoke_arg *arg, 406 struct tee_param *param) 407 { 408 struct amdtee_context_data *ctxdata = ctx->data; 409 struct amdtee_session *sess; 410 u32 i, session_info; 411 412 /* Check that the session is valid */ 413 mutex_lock(&session_list_mutex); 414 sess = find_session(ctxdata, arg->session); 415 if (sess) { 416 i = get_session_index(arg->session); 417 session_info = sess->session_info[i]; 418 } 419 mutex_unlock(&session_list_mutex); 420 421 if (!sess) 422 return -EINVAL; 423 424 handle_invoke_cmd(arg, session_info, param); 425 426 return 0; 427 } 428 429 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 430 { 431 return -EINVAL; 432 } 433 434 static const struct tee_driver_ops amdtee_ops = { 435 .get_version = amdtee_get_version, 436 .open = amdtee_open, 437 .release = amdtee_release, 438 .open_session = amdtee_open_session, 439 .close_session = amdtee_close_session, 440 .invoke_func = amdtee_invoke_func, 441 .cancel_req = amdtee_cancel_req, 442 }; 443 444 static const struct tee_desc amdtee_desc = { 445 .name = DRIVER_NAME "-clnt", 446 .ops = &amdtee_ops, 447 .owner = THIS_MODULE, 448 }; 449 450 static int __init amdtee_driver_init(void) 451 { 452 struct tee_device *teedev; 453 struct tee_shm_pool *pool; 454 struct amdtee *amdtee; 455 int rc; 456 457 rc = psp_check_tee_status(); 458 if (rc) { 459 pr_err("amd-tee driver: tee not present\n"); 460 return rc; 461 } 462 463 drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL); 464 if (!drv_data) 465 return -ENOMEM; 466 467 amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL); 468 if (!amdtee) { 469 rc = -ENOMEM; 470 goto err_kfree_drv_data; 471 } 472 473 pool = amdtee_config_shm(); 474 if (IS_ERR(pool)) { 475 pr_err("shared pool configuration error\n"); 476 rc = PTR_ERR(pool); 477 goto err_kfree_amdtee; 478 } 479 480 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 481 if (IS_ERR(teedev)) { 482 rc = PTR_ERR(teedev); 483 goto err_free_pool; 484 } 485 amdtee->teedev = teedev; 486 487 rc = tee_device_register(amdtee->teedev); 488 if (rc) 489 goto err_device_unregister; 490 491 amdtee->pool = pool; 492 493 drv_data->amdtee = amdtee; 494 495 pr_info("amd-tee driver initialization successful\n"); 496 return 0; 497 498 err_device_unregister: 499 tee_device_unregister(amdtee->teedev); 500 501 err_free_pool: 502 tee_shm_pool_free(pool); 503 504 err_kfree_amdtee: 505 kfree(amdtee); 506 507 err_kfree_drv_data: 508 kfree(drv_data); 509 drv_data = NULL; 510 511 pr_err("amd-tee driver initialization failed\n"); 512 return rc; 513 } 514 module_init(amdtee_driver_init); 515 516 static void __exit amdtee_driver_exit(void) 517 { 518 struct amdtee *amdtee; 519 520 if (!drv_data || !drv_data->amdtee) 521 return; 522 523 amdtee = drv_data->amdtee; 524 525 tee_device_unregister(amdtee->teedev); 526 tee_shm_pool_free(amdtee->pool); 527 } 528 module_exit(amdtee_driver_exit); 529 530 MODULE_AUTHOR(DRIVER_AUTHOR); 531 MODULE_DESCRIPTION("AMD-TEE driver"); 532 MODULE_VERSION("1.0"); 533 MODULE_LICENSE("Dual MIT/GPL"); 534