1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #include <linux/errno.h> 7 #include <linux/io.h> 8 #include <linux/module.h> 9 #include <linux/slab.h> 10 #include <linux/string.h> 11 #include <linux/device.h> 12 #include <linux/tee_drv.h> 13 #include <linux/types.h> 14 #include <linux/mm.h> 15 #include <linux/uaccess.h> 16 #include <linux/firmware.h> 17 #include "amdtee_private.h" 18 #include "../tee_private.h" 19 #include <linux/psp-tee.h> 20 21 static struct amdtee_driver_data *drv_data; 22 static DEFINE_MUTEX(session_list_mutex); 23 24 static void amdtee_get_version(struct tee_device *teedev, 25 struct tee_ioctl_version_data *vers) 26 { 27 struct tee_ioctl_version_data v = { 28 .impl_id = TEE_IMPL_ID_AMDTEE, 29 .impl_caps = 0, 30 .gen_caps = TEE_GEN_CAP_GP, 31 }; 32 *vers = v; 33 } 34 35 static int amdtee_open(struct tee_context *ctx) 36 { 37 struct amdtee_context_data *ctxdata; 38 39 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 40 if (!ctxdata) 41 return -ENOMEM; 42 43 INIT_LIST_HEAD(&ctxdata->sess_list); 44 INIT_LIST_HEAD(&ctxdata->shm_list); 45 46 ctx->data = ctxdata; 47 return 0; 48 } 49 50 static void release_session(struct amdtee_session *sess) 51 { 52 int i; 53 54 /* Close any open session */ 55 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 56 /* Check if session entry 'i' is valid */ 57 if (!test_bit(i, sess->sess_mask)) 58 continue; 59 60 handle_close_session(sess->ta_handle, sess->session_info[i]); 61 } 62 63 /* Unload Trusted Application once all sessions are closed */ 64 handle_unload_ta(sess->ta_handle); 65 kfree(sess); 66 } 67 68 static void amdtee_release(struct tee_context *ctx) 69 { 70 struct amdtee_context_data *ctxdata = ctx->data; 71 72 if (!ctxdata) 73 return; 74 75 while (true) { 76 struct amdtee_session *sess; 77 78 sess = list_first_entry_or_null(&ctxdata->sess_list, 79 struct amdtee_session, 80 list_node); 81 82 if (!sess) 83 break; 84 85 list_del(&sess->list_node); 86 release_session(sess); 87 } 88 kfree(ctxdata); 89 90 ctx->data = NULL; 91 } 92 93 /** 94 * alloc_session() - Allocate a session structure 95 * @ctxdata: TEE Context data structure 96 * @session: Session ID for which 'struct amdtee_session' structure is to be 97 * allocated. 98 * 99 * Scans the TEE context's session list to check if TA is already loaded in to 100 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 101 * initializes a new 'session' structure and adds it to context's session list. 102 * 103 * The caller must hold a mutex. 104 * 105 * Returns: 106 * 'struct amdtee_session *' on success and NULL on failure. 107 */ 108 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 109 u32 session) 110 { 111 struct amdtee_session *sess; 112 u32 ta_handle = get_ta_handle(session); 113 114 /* Scan session list to check if TA is already loaded in to TEE */ 115 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 116 if (sess->ta_handle == ta_handle) { 117 kref_get(&sess->refcount); 118 return sess; 119 } 120 121 /* Allocate a new session and add to list */ 122 sess = kzalloc(sizeof(*sess), GFP_KERNEL); 123 if (sess) { 124 sess->ta_handle = ta_handle; 125 kref_init(&sess->refcount); 126 spin_lock_init(&sess->lock); 127 list_add(&sess->list_node, &ctxdata->sess_list); 128 } 129 130 return sess; 131 } 132 133 /* Requires mutex to be held */ 134 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 135 u32 session) 136 { 137 u32 ta_handle = get_ta_handle(session); 138 u32 index = get_session_index(session); 139 struct amdtee_session *sess; 140 141 if (index >= TEE_NUM_SESSIONS) 142 return NULL; 143 144 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 145 if (ta_handle == sess->ta_handle && 146 test_bit(index, sess->sess_mask)) 147 return sess; 148 149 return NULL; 150 } 151 152 u32 get_buffer_id(struct tee_shm *shm) 153 { 154 struct amdtee_context_data *ctxdata = shm->ctx->data; 155 struct amdtee_shm_data *shmdata; 156 u32 buf_id = 0; 157 158 list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node) 159 if (shmdata->kaddr == shm->kaddr) { 160 buf_id = shmdata->buf_id; 161 break; 162 } 163 164 return buf_id; 165 } 166 167 static DEFINE_MUTEX(drv_mutex); 168 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 169 size_t *ta_size) 170 { 171 const struct firmware *fw; 172 char fw_name[TA_PATH_MAX]; 173 struct { 174 u32 lo; 175 u16 mid; 176 u16 hi_ver; 177 u8 seq_n[8]; 178 } *uuid = ptr; 179 int n, rc = 0; 180 181 n = snprintf(fw_name, TA_PATH_MAX, 182 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 183 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 184 uuid->seq_n[0], uuid->seq_n[1], 185 uuid->seq_n[2], uuid->seq_n[3], 186 uuid->seq_n[4], uuid->seq_n[5], 187 uuid->seq_n[6], uuid->seq_n[7]); 188 if (n < 0 || n >= TA_PATH_MAX) { 189 pr_err("failed to get firmware name\n"); 190 return -EINVAL; 191 } 192 193 mutex_lock(&drv_mutex); 194 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 195 if (n) { 196 pr_err("failed to load firmware %s\n", fw_name); 197 rc = -ENOMEM; 198 goto unlock; 199 } 200 201 *ta_size = roundup(fw->size, PAGE_SIZE); 202 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 203 if (IS_ERR(*ta)) { 204 pr_err("%s: get_free_pages failed 0x%llx\n", __func__, 205 (u64)*ta); 206 rc = -ENOMEM; 207 goto rel_fw; 208 } 209 210 memcpy(*ta, fw->data, fw->size); 211 rel_fw: 212 release_firmware(fw); 213 unlock: 214 mutex_unlock(&drv_mutex); 215 return rc; 216 } 217 218 static void destroy_session(struct kref *ref) 219 { 220 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 221 refcount); 222 223 /* Unload the TA from TEE */ 224 handle_unload_ta(sess->ta_handle); 225 mutex_lock(&session_list_mutex); 226 list_del(&sess->list_node); 227 mutex_unlock(&session_list_mutex); 228 kfree(sess); 229 } 230 231 int amdtee_open_session(struct tee_context *ctx, 232 struct tee_ioctl_open_session_arg *arg, 233 struct tee_param *param) 234 { 235 struct amdtee_context_data *ctxdata = ctx->data; 236 struct amdtee_session *sess = NULL; 237 u32 session_info; 238 size_t ta_size; 239 int rc, i; 240 void *ta; 241 242 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 243 pr_err("unsupported client login method\n"); 244 return -EINVAL; 245 } 246 247 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 248 if (rc) { 249 pr_err("failed to copy TA binary\n"); 250 return rc; 251 } 252 253 /* Load the TA binary into TEE environment */ 254 handle_load_ta(ta, ta_size, arg); 255 if (arg->ret != TEEC_SUCCESS) 256 goto out; 257 258 mutex_lock(&session_list_mutex); 259 sess = alloc_session(ctxdata, arg->session); 260 mutex_unlock(&session_list_mutex); 261 262 if (!sess) { 263 rc = -ENOMEM; 264 goto out; 265 } 266 267 /* Find an empty session index for the given TA */ 268 spin_lock(&sess->lock); 269 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 270 if (i < TEE_NUM_SESSIONS) 271 set_bit(i, sess->sess_mask); 272 spin_unlock(&sess->lock); 273 274 if (i >= TEE_NUM_SESSIONS) { 275 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 276 kref_put(&sess->refcount, destroy_session); 277 rc = -ENOMEM; 278 goto out; 279 } 280 281 /* Open session with loaded TA */ 282 handle_open_session(arg, &session_info, param); 283 if (arg->ret != TEEC_SUCCESS) { 284 pr_err("open_session failed %d\n", arg->ret); 285 spin_lock(&sess->lock); 286 clear_bit(i, sess->sess_mask); 287 spin_unlock(&sess->lock); 288 kref_put(&sess->refcount, destroy_session); 289 goto out; 290 } 291 292 sess->session_info[i] = session_info; 293 set_session_id(sess->ta_handle, i, &arg->session); 294 out: 295 free_pages((u64)ta, get_order(ta_size)); 296 return rc; 297 } 298 299 int amdtee_close_session(struct tee_context *ctx, u32 session) 300 { 301 struct amdtee_context_data *ctxdata = ctx->data; 302 u32 i, ta_handle, session_info; 303 struct amdtee_session *sess; 304 305 pr_debug("%s: sid = 0x%x\n", __func__, session); 306 307 /* 308 * Check that the session is valid and clear the session 309 * usage bit 310 */ 311 mutex_lock(&session_list_mutex); 312 sess = find_session(ctxdata, session); 313 if (sess) { 314 ta_handle = get_ta_handle(session); 315 i = get_session_index(session); 316 session_info = sess->session_info[i]; 317 spin_lock(&sess->lock); 318 clear_bit(i, sess->sess_mask); 319 spin_unlock(&sess->lock); 320 } 321 mutex_unlock(&session_list_mutex); 322 323 if (!sess) 324 return -EINVAL; 325 326 /* Close the session */ 327 handle_close_session(ta_handle, session_info); 328 329 kref_put(&sess->refcount, destroy_session); 330 331 return 0; 332 } 333 334 int amdtee_map_shmem(struct tee_shm *shm) 335 { 336 struct amdtee_context_data *ctxdata; 337 struct amdtee_shm_data *shmnode; 338 struct shmem_desc shmem; 339 int rc, count; 340 u32 buf_id; 341 342 if (!shm) 343 return -EINVAL; 344 345 shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL); 346 if (!shmnode) 347 return -ENOMEM; 348 349 count = 1; 350 shmem.kaddr = shm->kaddr; 351 shmem.size = shm->size; 352 353 /* 354 * Send a MAP command to TEE and get the corresponding 355 * buffer Id 356 */ 357 rc = handle_map_shmem(count, &shmem, &buf_id); 358 if (rc) { 359 pr_err("map_shmem failed: ret = %d\n", rc); 360 kfree(shmnode); 361 return rc; 362 } 363 364 shmnode->kaddr = shm->kaddr; 365 shmnode->buf_id = buf_id; 366 ctxdata = shm->ctx->data; 367 list_add(&shmnode->shm_node, &ctxdata->shm_list); 368 369 pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr); 370 371 return 0; 372 } 373 374 void amdtee_unmap_shmem(struct tee_shm *shm) 375 { 376 struct amdtee_context_data *ctxdata; 377 struct amdtee_shm_data *shmnode; 378 u32 buf_id; 379 380 if (!shm) 381 return; 382 383 buf_id = get_buffer_id(shm); 384 /* Unmap the shared memory from TEE */ 385 handle_unmap_shmem(buf_id); 386 387 ctxdata = shm->ctx->data; 388 list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node) 389 if (buf_id == shmnode->buf_id) { 390 list_del(&shmnode->shm_node); 391 kfree(shmnode); 392 break; 393 } 394 } 395 396 int amdtee_invoke_func(struct tee_context *ctx, 397 struct tee_ioctl_invoke_arg *arg, 398 struct tee_param *param) 399 { 400 struct amdtee_context_data *ctxdata = ctx->data; 401 struct amdtee_session *sess; 402 u32 i, session_info; 403 404 /* Check that the session is valid */ 405 mutex_lock(&session_list_mutex); 406 sess = find_session(ctxdata, arg->session); 407 if (sess) { 408 i = get_session_index(arg->session); 409 session_info = sess->session_info[i]; 410 } 411 mutex_unlock(&session_list_mutex); 412 413 if (!sess) 414 return -EINVAL; 415 416 handle_invoke_cmd(arg, session_info, param); 417 418 return 0; 419 } 420 421 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 422 { 423 return -EINVAL; 424 } 425 426 static const struct tee_driver_ops amdtee_ops = { 427 .get_version = amdtee_get_version, 428 .open = amdtee_open, 429 .release = amdtee_release, 430 .open_session = amdtee_open_session, 431 .close_session = amdtee_close_session, 432 .invoke_func = amdtee_invoke_func, 433 .cancel_req = amdtee_cancel_req, 434 }; 435 436 static const struct tee_desc amdtee_desc = { 437 .name = DRIVER_NAME "-clnt", 438 .ops = &amdtee_ops, 439 .owner = THIS_MODULE, 440 }; 441 442 static int __init amdtee_driver_init(void) 443 { 444 struct tee_device *teedev; 445 struct tee_shm_pool *pool; 446 struct amdtee *amdtee; 447 int rc; 448 449 rc = psp_check_tee_status(); 450 if (rc) { 451 pr_err("amd-tee driver: tee not present\n"); 452 return rc; 453 } 454 455 drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL); 456 if (!drv_data) 457 return -ENOMEM; 458 459 amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL); 460 if (!amdtee) { 461 rc = -ENOMEM; 462 goto err_kfree_drv_data; 463 } 464 465 pool = amdtee_config_shm(); 466 if (IS_ERR(pool)) { 467 pr_err("shared pool configuration error\n"); 468 rc = PTR_ERR(pool); 469 goto err_kfree_amdtee; 470 } 471 472 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 473 if (IS_ERR(teedev)) { 474 rc = PTR_ERR(teedev); 475 goto err_free_pool; 476 } 477 amdtee->teedev = teedev; 478 479 rc = tee_device_register(amdtee->teedev); 480 if (rc) 481 goto err_device_unregister; 482 483 amdtee->pool = pool; 484 485 drv_data->amdtee = amdtee; 486 487 pr_info("amd-tee driver initialization successful\n"); 488 return 0; 489 490 err_device_unregister: 491 tee_device_unregister(amdtee->teedev); 492 493 err_free_pool: 494 tee_shm_pool_free(pool); 495 496 err_kfree_amdtee: 497 kfree(amdtee); 498 499 err_kfree_drv_data: 500 kfree(drv_data); 501 drv_data = NULL; 502 503 pr_err("amd-tee driver initialization failed\n"); 504 return rc; 505 } 506 module_init(amdtee_driver_init); 507 508 static void __exit amdtee_driver_exit(void) 509 { 510 struct amdtee *amdtee; 511 512 if (!drv_data || !drv_data->amdtee) 513 return; 514 515 amdtee = drv_data->amdtee; 516 517 tee_device_unregister(amdtee->teedev); 518 tee_shm_pool_free(amdtee->pool); 519 } 520 module_exit(amdtee_driver_exit); 521 522 MODULE_AUTHOR(DRIVER_AUTHOR); 523 MODULE_DESCRIPTION("AMD-TEE driver"); 524 MODULE_VERSION("1.0"); 525 MODULE_LICENSE("Dual MIT/GPL"); 526