1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2015-2016, Linaro Limited 4 */ 5 6 #define pr_fmt(fmt) "%s: " fmt, __func__ 7 8 #include <linux/cdev.h> 9 #include <linux/cred.h> 10 #include <linux/fs.h> 11 #include <linux/idr.h> 12 #include <linux/module.h> 13 #include <linux/overflow.h> 14 #include <linux/slab.h> 15 #include <linux/tee_core.h> 16 #include <linux/uaccess.h> 17 #include <crypto/sha1.h> 18 #include "tee_private.h" 19 20 #define TEE_NUM_DEVICES 32 21 22 #define TEE_IOCTL_PARAM_SIZE(x) (size_mul(sizeof(struct tee_param), (x))) 23 24 #define TEE_UUID_NS_NAME_SIZE 128 25 26 /* 27 * TEE Client UUID name space identifier (UUIDv4) 28 * 29 * Value here is random UUID that is allocated as name space identifier for 30 * forming Client UUID's for TEE environment using UUIDv5 scheme. 31 */ 32 static const uuid_t tee_client_uuid_ns = UUID_INIT(0x58ac9ca0, 0x2086, 0x4683, 33 0xa1, 0xb8, 0xec, 0x4b, 34 0xc0, 0x8e, 0x01, 0xb6); 35 36 /* 37 * Unprivileged devices in the lower half range and privileged devices in 38 * the upper half range. 39 */ 40 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES); 41 static DEFINE_SPINLOCK(driver_lock); 42 43 static const struct class tee_class; 44 static dev_t tee_devt; 45 46 struct tee_context *teedev_open(struct tee_device *teedev) 47 { 48 int rc; 49 struct tee_context *ctx; 50 51 if (!tee_device_get(teedev)) 52 return ERR_PTR(-EINVAL); 53 54 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 55 if (!ctx) { 56 rc = -ENOMEM; 57 goto err; 58 } 59 60 kref_init(&ctx->refcount); 61 ctx->teedev = teedev; 62 rc = teedev->desc->ops->open(ctx); 63 if (rc) 64 goto err; 65 66 return ctx; 67 err: 68 kfree(ctx); 69 tee_device_put(teedev); 70 return ERR_PTR(rc); 71 72 } 73 EXPORT_SYMBOL_GPL(teedev_open); 74 75 void teedev_ctx_get(struct tee_context *ctx) 76 { 77 if (ctx->releasing) 78 return; 79 80 kref_get(&ctx->refcount); 81 } 82 EXPORT_SYMBOL_GPL(teedev_ctx_get); 83 84 static void teedev_ctx_release(struct kref *ref) 85 { 86 struct tee_context *ctx = container_of(ref, struct tee_context, 87 refcount); 88 ctx->releasing = true; 89 ctx->teedev->desc->ops->release(ctx); 90 kfree(ctx); 91 } 92 93 void teedev_ctx_put(struct tee_context *ctx) 94 { 95 if (ctx->releasing) 96 return; 97 98 kref_put(&ctx->refcount, teedev_ctx_release); 99 } 100 EXPORT_SYMBOL_GPL(teedev_ctx_put); 101 102 void teedev_close_context(struct tee_context *ctx) 103 { 104 struct tee_device *teedev = ctx->teedev; 105 106 if (teedev->desc->ops->close_context) 107 teedev->desc->ops->close_context(ctx); 108 109 teedev_ctx_put(ctx); 110 tee_device_put(teedev); 111 } 112 EXPORT_SYMBOL_GPL(teedev_close_context); 113 114 static int tee_open(struct inode *inode, struct file *filp) 115 { 116 struct tee_context *ctx; 117 118 ctx = teedev_open(container_of(inode->i_cdev, struct tee_device, cdev)); 119 if (IS_ERR(ctx)) 120 return PTR_ERR(ctx); 121 122 /* 123 * Default user-space behaviour is to wait for tee-supplicant 124 * if not present for any requests in this context. 125 */ 126 ctx->supp_nowait = false; 127 filp->private_data = ctx; 128 return 0; 129 } 130 131 static int tee_release(struct inode *inode, struct file *filp) 132 { 133 teedev_close_context(filp->private_data); 134 return 0; 135 } 136 137 /** 138 * uuid_v5() - Calculate UUIDv5 139 * @uuid: Resulting UUID 140 * @ns: Name space ID for UUIDv5 function 141 * @name: Name for UUIDv5 function 142 * @size: Size of name 143 * 144 * UUIDv5 is specific in RFC 4122. 145 * 146 * This implements section (for SHA-1): 147 * 4.3. Algorithm for Creating a Name-Based UUID 148 */ 149 static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name, 150 size_t size) 151 { 152 unsigned char hash[SHA1_DIGEST_SIZE]; 153 struct sha1_ctx ctx; 154 155 sha1_init(&ctx); 156 sha1_update(&ctx, (const u8 *)ns, sizeof(*ns)); 157 sha1_update(&ctx, (const u8 *)name, size); 158 sha1_final(&ctx, hash); 159 160 memcpy(uuid->b, hash, UUID_SIZE); 161 162 /* Tag for version 5 */ 163 uuid->b[6] = (hash[6] & 0x0F) | 0x50; 164 uuid->b[8] = (hash[8] & 0x3F) | 0x80; 165 } 166 167 int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, 168 const u8 connection_data[TEE_IOCTL_UUID_LEN]) 169 { 170 gid_t ns_grp = (gid_t)-1; 171 kgid_t grp = INVALID_GID; 172 char *name = NULL; 173 int name_len; 174 int rc = 0; 175 176 if (connection_method == TEE_IOCTL_LOGIN_PUBLIC || 177 connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) { 178 /* Nil UUID to be passed to TEE environment */ 179 uuid_copy(uuid, &uuid_null); 180 return 0; 181 } 182 183 /* 184 * In Linux environment client UUID is based on UUIDv5. 185 * 186 * Determine client UUID with following semantics for 'name': 187 * 188 * For TEEC_LOGIN_USER: 189 * uid=<uid> 190 * 191 * For TEEC_LOGIN_GROUP: 192 * gid=<gid> 193 * 194 */ 195 196 name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); 197 if (!name) 198 return -ENOMEM; 199 200 switch (connection_method) { 201 case TEE_IOCTL_LOGIN_USER: 202 name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x", 203 current_euid().val); 204 if (name_len >= TEE_UUID_NS_NAME_SIZE) { 205 rc = -E2BIG; 206 goto out_free_name; 207 } 208 break; 209 210 case TEE_IOCTL_LOGIN_GROUP: 211 memcpy(&ns_grp, connection_data, sizeof(gid_t)); 212 grp = make_kgid(current_user_ns(), ns_grp); 213 if (!gid_valid(grp) || !in_egroup_p(grp)) { 214 rc = -EPERM; 215 goto out_free_name; 216 } 217 218 name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x", 219 grp.val); 220 if (name_len >= TEE_UUID_NS_NAME_SIZE) { 221 rc = -E2BIG; 222 goto out_free_name; 223 } 224 break; 225 226 default: 227 rc = -EINVAL; 228 goto out_free_name; 229 } 230 231 uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); 232 out_free_name: 233 kfree(name); 234 235 return rc; 236 } 237 EXPORT_SYMBOL_GPL(tee_session_calc_client_uuid); 238 239 static int tee_ioctl_version(struct tee_context *ctx, 240 struct tee_ioctl_version_data __user *uvers) 241 { 242 struct tee_ioctl_version_data vers; 243 244 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers); 245 246 if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED) 247 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED; 248 249 if (copy_to_user(uvers, &vers, sizeof(vers))) 250 return -EFAULT; 251 252 return 0; 253 } 254 255 static int tee_ioctl_shm_alloc(struct tee_context *ctx, 256 struct tee_ioctl_shm_alloc_data __user *udata) 257 { 258 long ret; 259 struct tee_ioctl_shm_alloc_data data; 260 struct tee_shm *shm; 261 262 if (copy_from_user(&data, udata, sizeof(data))) 263 return -EFAULT; 264 265 /* Currently no input flags are supported */ 266 if (data.flags) 267 return -EINVAL; 268 269 shm = tee_shm_alloc_user_buf(ctx, data.size); 270 if (IS_ERR(shm)) 271 return PTR_ERR(shm); 272 273 data.id = shm->id; 274 data.size = shm->size; 275 276 if (copy_to_user(udata, &data, sizeof(data))) 277 ret = -EFAULT; 278 else 279 ret = tee_shm_get_fd(shm); 280 281 /* 282 * When user space closes the file descriptor the shared memory 283 * should be freed or if tee_shm_get_fd() failed then it will 284 * be freed immediately. 285 */ 286 tee_shm_put(shm); 287 return ret; 288 } 289 290 static int 291 tee_ioctl_shm_register(struct tee_context *ctx, 292 struct tee_ioctl_shm_register_data __user *udata) 293 { 294 long ret; 295 struct tee_ioctl_shm_register_data data; 296 struct tee_shm *shm; 297 298 if (copy_from_user(&data, udata, sizeof(data))) 299 return -EFAULT; 300 301 /* Currently no input flags are supported */ 302 if (data.flags) 303 return -EINVAL; 304 305 shm = tee_shm_register_user_buf(ctx, data.addr, data.length); 306 if (IS_ERR(shm)) 307 return PTR_ERR(shm); 308 309 data.id = shm->id; 310 data.length = shm->size; 311 312 if (copy_to_user(udata, &data, sizeof(data))) 313 ret = -EFAULT; 314 else 315 ret = tee_shm_get_fd(shm); 316 /* 317 * When user space closes the file descriptor the shared memory 318 * should be freed or if tee_shm_get_fd() failed then it will 319 * be freed immediately. 320 */ 321 tee_shm_put(shm); 322 return ret; 323 } 324 325 static int 326 tee_ioctl_shm_register_fd(struct tee_context *ctx, 327 struct tee_ioctl_shm_register_fd_data __user *udata) 328 { 329 struct tee_ioctl_shm_register_fd_data data; 330 struct tee_shm *shm; 331 long ret; 332 333 if (copy_from_user(&data, udata, sizeof(data))) 334 return -EFAULT; 335 336 /* Currently no input flags are supported */ 337 if (data.flags) 338 return -EINVAL; 339 340 shm = tee_shm_register_fd(ctx, data.fd); 341 if (IS_ERR(shm)) 342 return -EINVAL; 343 344 data.id = shm->id; 345 data.flags = shm->flags; 346 data.size = shm->size; 347 348 if (copy_to_user(udata, &data, sizeof(data))) 349 ret = -EFAULT; 350 else 351 ret = tee_shm_get_fd(shm); 352 353 /* 354 * When user space closes the file descriptor the shared memory 355 * should be freed or if tee_shm_get_fd() failed then it will 356 * be freed immediately. 357 */ 358 tee_shm_put(shm); 359 return ret; 360 } 361 362 static int param_from_user_memref(struct tee_context *ctx, 363 struct tee_param_memref *memref, 364 struct tee_ioctl_param *ip) 365 { 366 struct tee_shm *shm; 367 size_t offs = 0; 368 369 /* 370 * If a NULL pointer is passed to a TA in the TEE, 371 * the ip.c IOCTL parameters is set to TEE_MEMREF_NULL 372 * indicating a NULL memory reference. 373 */ 374 if (ip->c != TEE_MEMREF_NULL) { 375 /* 376 * If we fail to get a pointer to a shared 377 * memory object (and increase the ref count) 378 * from an identifier we return an error. All 379 * pointers that has been added in params have 380 * an increased ref count. It's the callers 381 * responibility to do tee_shm_put() on all 382 * resolved pointers. 383 */ 384 shm = tee_shm_get_from_id(ctx, ip->c); 385 if (IS_ERR(shm)) 386 return PTR_ERR(shm); 387 388 /* 389 * Ensure offset + size does not overflow 390 * offset and does not overflow the size of 391 * the referred shared memory object. 392 */ 393 if ((ip->a + ip->b) < ip->a || 394 (ip->a + ip->b) > shm->size) { 395 tee_shm_put(shm); 396 return -EINVAL; 397 } 398 399 if (shm->flags & TEE_SHM_DMA_BUF) { 400 struct tee_shm_dmabuf_ref *ref; 401 402 ref = container_of(shm, struct tee_shm_dmabuf_ref, shm); 403 if (ref->parent_shm) { 404 /* 405 * The shm already has one reference to 406 * ref->parent_shm so we are clear of 0. 407 * We're getting another reference since 408 * this shm will be used in the parameter 409 * list instead of the shm we got with 410 * tee_shm_get_from_id() above. 411 */ 412 refcount_inc(&ref->parent_shm->refcount); 413 tee_shm_put(shm); 414 shm = ref->parent_shm; 415 offs = ref->offset; 416 } 417 } 418 } else if (ctx->cap_memref_null) { 419 /* Pass NULL pointer to OP-TEE */ 420 shm = NULL; 421 } else { 422 return -EINVAL; 423 } 424 425 memref->shm_offs = ip->a + offs; 426 memref->size = ip->b; 427 memref->shm = shm; 428 429 return 0; 430 } 431 432 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 433 size_t num_params, 434 struct tee_ioctl_param __user *uparams) 435 { 436 size_t n; 437 438 for (n = 0; n < num_params; n++) { 439 struct tee_ioctl_param ip; 440 int rc; 441 442 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 443 return -EFAULT; 444 445 /* All unused attribute bits has to be zero */ 446 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 447 return -EINVAL; 448 449 params[n].attr = ip.attr; 450 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 451 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 452 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 453 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 454 break; 455 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 456 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 457 params[n].u.value.a = ip.a; 458 params[n].u.value.b = ip.b; 459 params[n].u.value.c = ip.c; 460 break; 461 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: 462 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 463 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 464 params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); 465 params[n].u.ubuf.size = ip.b; 466 467 if (!access_ok(params[n].u.ubuf.uaddr, 468 params[n].u.ubuf.size)) 469 return -EFAULT; 470 471 break; 472 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT: 473 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 474 params[n].u.objref.id = ip.a; 475 params[n].u.objref.flags = ip.b; 476 break; 477 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 478 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 479 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 480 rc = param_from_user_memref(ctx, ¶ms[n].u.memref, 481 &ip); 482 if (rc) 483 return rc; 484 break; 485 default: 486 /* Unknown attribute */ 487 return -EINVAL; 488 } 489 } 490 return 0; 491 } 492 493 static int params_to_user(struct tee_ioctl_param __user *uparams, 494 size_t num_params, struct tee_param *params) 495 { 496 size_t n; 497 498 for (n = 0; n < num_params; n++) { 499 struct tee_ioctl_param __user *up = uparams + n; 500 struct tee_param *p = params + n; 501 502 switch (p->attr) { 503 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 504 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 505 if (put_user(p->u.value.a, &up->a) || 506 put_user(p->u.value.b, &up->b) || 507 put_user(p->u.value.c, &up->c)) 508 return -EFAULT; 509 break; 510 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 511 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 512 if (put_user((u64)p->u.ubuf.size, &up->b)) 513 return -EFAULT; 514 break; 515 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 516 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 517 if (put_user(p->u.objref.id, &up->a) || 518 put_user(p->u.objref.flags, &up->b)) 519 return -EFAULT; 520 break; 521 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 522 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 523 if (put_user((u64)p->u.memref.size, &up->b)) 524 return -EFAULT; 525 break; 526 default: 527 break; 528 } 529 } 530 return 0; 531 } 532 533 static int tee_ioctl_open_session(struct tee_context *ctx, 534 struct tee_ioctl_buf_data __user *ubuf) 535 { 536 int rc; 537 size_t n; 538 struct tee_ioctl_buf_data buf; 539 struct tee_ioctl_open_session_arg __user *uarg; 540 struct tee_ioctl_open_session_arg arg; 541 struct tee_ioctl_param __user *uparams = NULL; 542 struct tee_param *params = NULL; 543 bool have_session = false; 544 545 if (!ctx->teedev->desc->ops->open_session) 546 return -EINVAL; 547 548 if (copy_from_user(&buf, ubuf, sizeof(buf))) 549 return -EFAULT; 550 551 if (buf.buf_len > TEE_MAX_ARG_SIZE || 552 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg)) 553 return -EINVAL; 554 555 uarg = u64_to_user_ptr(buf.buf_ptr); 556 if (copy_from_user(&arg, uarg, sizeof(arg))) 557 return -EFAULT; 558 559 if (size_add(sizeof(arg), TEE_IOCTL_PARAM_SIZE(arg.num_params)) != buf.buf_len) 560 return -EINVAL; 561 562 if (arg.num_params) { 563 params = kcalloc(arg.num_params, sizeof(struct tee_param), 564 GFP_KERNEL); 565 if (!params) 566 return -ENOMEM; 567 uparams = uarg->params; 568 rc = params_from_user(ctx, params, arg.num_params, uparams); 569 if (rc) 570 goto out; 571 } 572 573 if (arg.clnt_login >= TEE_IOCTL_LOGIN_REE_KERNEL_MIN && 574 arg.clnt_login <= TEE_IOCTL_LOGIN_REE_KERNEL_MAX) { 575 pr_debug("login method not allowed for user-space client\n"); 576 rc = -EPERM; 577 goto out; 578 } 579 580 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); 581 if (rc) 582 goto out; 583 have_session = true; 584 585 if (put_user(arg.session, &uarg->session) || 586 put_user(arg.ret, &uarg->ret) || 587 put_user(arg.ret_origin, &uarg->ret_origin)) { 588 rc = -EFAULT; 589 goto out; 590 } 591 rc = params_to_user(uparams, arg.num_params, params); 592 out: 593 /* 594 * If we've succeeded to open the session but failed to communicate 595 * it back to user space, close the session again to avoid leakage. 596 */ 597 if (rc && have_session && ctx->teedev->desc->ops->close_session) 598 ctx->teedev->desc->ops->close_session(ctx, arg.session); 599 600 if (params) { 601 /* Decrease ref count for all valid shared memory pointers */ 602 for (n = 0; n < arg.num_params; n++) 603 if (tee_param_is_memref(params + n) && 604 params[n].u.memref.shm) 605 tee_shm_put(params[n].u.memref.shm); 606 kfree(params); 607 } 608 609 return rc; 610 } 611 612 static int tee_ioctl_invoke(struct tee_context *ctx, 613 struct tee_ioctl_buf_data __user *ubuf) 614 { 615 int rc; 616 size_t n; 617 struct tee_ioctl_buf_data buf; 618 struct tee_ioctl_invoke_arg __user *uarg; 619 struct tee_ioctl_invoke_arg arg; 620 struct tee_ioctl_param __user *uparams = NULL; 621 struct tee_param *params = NULL; 622 623 if (!ctx->teedev->desc->ops->invoke_func) 624 return -EINVAL; 625 626 if (copy_from_user(&buf, ubuf, sizeof(buf))) 627 return -EFAULT; 628 629 if (buf.buf_len > TEE_MAX_ARG_SIZE || 630 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg)) 631 return -EINVAL; 632 633 uarg = u64_to_user_ptr(buf.buf_ptr); 634 if (copy_from_user(&arg, uarg, sizeof(arg))) 635 return -EFAULT; 636 637 if (size_add(sizeof(arg), TEE_IOCTL_PARAM_SIZE(arg.num_params)) != buf.buf_len) 638 return -EINVAL; 639 640 if (arg.num_params) { 641 params = kcalloc(arg.num_params, sizeof(struct tee_param), 642 GFP_KERNEL); 643 if (!params) 644 return -ENOMEM; 645 uparams = uarg->params; 646 rc = params_from_user(ctx, params, arg.num_params, uparams); 647 if (rc) 648 goto out; 649 } 650 651 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params); 652 if (rc) 653 goto out; 654 655 if (put_user(arg.ret, &uarg->ret) || 656 put_user(arg.ret_origin, &uarg->ret_origin)) { 657 rc = -EFAULT; 658 goto out; 659 } 660 rc = params_to_user(uparams, arg.num_params, params); 661 out: 662 if (params) { 663 /* Decrease ref count for all valid shared memory pointers */ 664 for (n = 0; n < arg.num_params; n++) 665 if (tee_param_is_memref(params + n) && 666 params[n].u.memref.shm) 667 tee_shm_put(params[n].u.memref.shm); 668 kfree(params); 669 } 670 return rc; 671 } 672 673 static int tee_ioctl_object_invoke(struct tee_context *ctx, 674 struct tee_ioctl_buf_data __user *ubuf) 675 { 676 int rc; 677 size_t n; 678 struct tee_ioctl_buf_data buf; 679 struct tee_ioctl_object_invoke_arg __user *uarg; 680 struct tee_ioctl_object_invoke_arg arg; 681 struct tee_ioctl_param __user *uparams = NULL; 682 struct tee_param *params = NULL; 683 684 if (!ctx->teedev->desc->ops->object_invoke_func) 685 return -EINVAL; 686 687 if (copy_from_user(&buf, ubuf, sizeof(buf))) 688 return -EFAULT; 689 690 if (buf.buf_len > TEE_MAX_ARG_SIZE || 691 buf.buf_len < sizeof(struct tee_ioctl_object_invoke_arg)) 692 return -EINVAL; 693 694 uarg = u64_to_user_ptr(buf.buf_ptr); 695 if (copy_from_user(&arg, uarg, sizeof(arg))) 696 return -EFAULT; 697 698 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 699 return -EINVAL; 700 701 if (arg.num_params) { 702 params = kcalloc(arg.num_params, sizeof(struct tee_param), 703 GFP_KERNEL); 704 if (!params) 705 return -ENOMEM; 706 uparams = uarg->params; 707 rc = params_from_user(ctx, params, arg.num_params, uparams); 708 if (rc) 709 goto out; 710 } 711 712 rc = ctx->teedev->desc->ops->object_invoke_func(ctx, &arg, params); 713 if (rc) 714 goto out; 715 716 if (put_user(arg.ret, &uarg->ret)) { 717 rc = -EFAULT; 718 goto out; 719 } 720 rc = params_to_user(uparams, arg.num_params, params); 721 out: 722 if (params) { 723 /* Decrease ref count for all valid shared memory pointers */ 724 for (n = 0; n < arg.num_params; n++) 725 if (tee_param_is_memref(params + n) && 726 params[n].u.memref.shm) 727 tee_shm_put(params[n].u.memref.shm); 728 kfree(params); 729 } 730 return rc; 731 } 732 733 static int tee_ioctl_cancel(struct tee_context *ctx, 734 struct tee_ioctl_cancel_arg __user *uarg) 735 { 736 struct tee_ioctl_cancel_arg arg; 737 738 if (!ctx->teedev->desc->ops->cancel_req) 739 return -EINVAL; 740 741 if (copy_from_user(&arg, uarg, sizeof(arg))) 742 return -EFAULT; 743 744 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id, 745 arg.session); 746 } 747 748 static int 749 tee_ioctl_close_session(struct tee_context *ctx, 750 struct tee_ioctl_close_session_arg __user *uarg) 751 { 752 struct tee_ioctl_close_session_arg arg; 753 754 if (!ctx->teedev->desc->ops->close_session) 755 return -EINVAL; 756 757 if (copy_from_user(&arg, uarg, sizeof(arg))) 758 return -EFAULT; 759 760 return ctx->teedev->desc->ops->close_session(ctx, arg.session); 761 } 762 763 static int params_to_supp(struct tee_context *ctx, 764 struct tee_ioctl_param __user *uparams, 765 size_t num_params, struct tee_param *params) 766 { 767 size_t n; 768 769 for (n = 0; n < num_params; n++) { 770 struct tee_ioctl_param ip; 771 struct tee_param *p = params + n; 772 773 ip.attr = p->attr; 774 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 775 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 776 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 777 ip.a = p->u.value.a; 778 ip.b = p->u.value.b; 779 ip.c = p->u.value.c; 780 break; 781 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: 782 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 783 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 784 ip.a = (__force unsigned long)p->u.ubuf.uaddr; 785 ip.b = p->u.ubuf.size; 786 ip.c = 0; 787 break; 788 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT: 789 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 790 ip.a = p->u.objref.id; 791 ip.b = p->u.objref.flags; 792 ip.c = 0; 793 break; 794 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 795 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 796 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 797 ip.b = p->u.memref.size; 798 if (!p->u.memref.shm) { 799 ip.a = 0; 800 ip.c = (u64)-1; /* invalid shm id */ 801 break; 802 } 803 ip.a = p->u.memref.shm_offs; 804 ip.c = p->u.memref.shm->id; 805 break; 806 default: 807 ip.a = 0; 808 ip.b = 0; 809 ip.c = 0; 810 break; 811 } 812 813 if (copy_to_user(uparams + n, &ip, sizeof(ip))) 814 return -EFAULT; 815 } 816 817 return 0; 818 } 819 820 static int tee_ioctl_supp_recv(struct tee_context *ctx, 821 struct tee_ioctl_buf_data __user *ubuf) 822 { 823 int rc; 824 struct tee_ioctl_buf_data buf; 825 struct tee_iocl_supp_recv_arg __user *uarg; 826 struct tee_param *params; 827 u32 num_params; 828 u32 func; 829 830 if (!ctx->teedev->desc->ops->supp_recv) 831 return -EINVAL; 832 833 if (copy_from_user(&buf, ubuf, sizeof(buf))) 834 return -EFAULT; 835 836 if (buf.buf_len > TEE_MAX_ARG_SIZE || 837 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg)) 838 return -EINVAL; 839 840 uarg = u64_to_user_ptr(buf.buf_ptr); 841 if (get_user(num_params, &uarg->num_params)) 842 return -EFAULT; 843 844 if (size_add(sizeof(*uarg), TEE_IOCTL_PARAM_SIZE(num_params)) != buf.buf_len) 845 return -EINVAL; 846 847 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 848 if (!params) 849 return -ENOMEM; 850 851 rc = params_from_user(ctx, params, num_params, uarg->params); 852 if (rc) 853 goto out; 854 855 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); 856 if (rc) 857 goto out; 858 859 if (put_user(func, &uarg->func) || 860 put_user(num_params, &uarg->num_params)) { 861 rc = -EFAULT; 862 goto out; 863 } 864 865 rc = params_to_supp(ctx, uarg->params, num_params, params); 866 out: 867 kfree(params); 868 return rc; 869 } 870 871 static int params_from_supp(struct tee_param *params, size_t num_params, 872 struct tee_ioctl_param __user *uparams) 873 { 874 size_t n; 875 876 for (n = 0; n < num_params; n++) { 877 struct tee_param *p = params + n; 878 struct tee_ioctl_param ip; 879 880 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 881 return -EFAULT; 882 883 /* All unused attribute bits has to be zero */ 884 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 885 return -EINVAL; 886 887 p->attr = ip.attr; 888 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 889 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 890 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 891 /* Only out and in/out values can be updated */ 892 p->u.value.a = ip.a; 893 p->u.value.b = ip.b; 894 p->u.value.c = ip.c; 895 break; 896 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: 897 case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: 898 p->u.ubuf.uaddr = u64_to_user_ptr(ip.a); 899 p->u.ubuf.size = ip.b; 900 901 if (!access_ok(params[n].u.ubuf.uaddr, 902 params[n].u.ubuf.size)) 903 return -EFAULT; 904 905 break; 906 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_OUTPUT: 907 case TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INOUT: 908 p->u.objref.id = ip.a; 909 p->u.objref.flags = ip.b; 910 break; 911 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 912 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 913 /* 914 * Only the size of the memref can be updated. 915 * Since we don't have access to the original 916 * parameters here, only store the supplied size. 917 * The driver will copy the updated size into the 918 * original parameters. 919 */ 920 p->u.memref.shm = NULL; 921 p->u.memref.shm_offs = 0; 922 p->u.memref.size = ip.b; 923 break; 924 default: 925 memset(&p->u, 0, sizeof(p->u)); 926 break; 927 } 928 } 929 return 0; 930 } 931 932 static int tee_ioctl_supp_send(struct tee_context *ctx, 933 struct tee_ioctl_buf_data __user *ubuf) 934 { 935 long rc; 936 struct tee_ioctl_buf_data buf; 937 struct tee_iocl_supp_send_arg __user *uarg; 938 struct tee_param *params; 939 u32 num_params; 940 u32 ret; 941 942 /* Not valid for this driver */ 943 if (!ctx->teedev->desc->ops->supp_send) 944 return -EINVAL; 945 946 if (copy_from_user(&buf, ubuf, sizeof(buf))) 947 return -EFAULT; 948 949 if (buf.buf_len > TEE_MAX_ARG_SIZE || 950 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg)) 951 return -EINVAL; 952 953 uarg = u64_to_user_ptr(buf.buf_ptr); 954 if (get_user(ret, &uarg->ret) || 955 get_user(num_params, &uarg->num_params)) 956 return -EFAULT; 957 958 if (size_add(sizeof(*uarg), TEE_IOCTL_PARAM_SIZE(num_params)) > buf.buf_len) 959 return -EINVAL; 960 961 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 962 if (!params) 963 return -ENOMEM; 964 965 rc = params_from_supp(params, num_params, uarg->params); 966 if (rc) 967 goto out; 968 969 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params); 970 out: 971 kfree(params); 972 return rc; 973 } 974 975 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 976 { 977 struct tee_context *ctx = filp->private_data; 978 void __user *uarg = (void __user *)arg; 979 980 switch (cmd) { 981 case TEE_IOC_VERSION: 982 return tee_ioctl_version(ctx, uarg); 983 case TEE_IOC_SHM_ALLOC: 984 return tee_ioctl_shm_alloc(ctx, uarg); 985 case TEE_IOC_SHM_REGISTER: 986 return tee_ioctl_shm_register(ctx, uarg); 987 case TEE_IOC_SHM_REGISTER_FD: 988 return tee_ioctl_shm_register_fd(ctx, uarg); 989 case TEE_IOC_OPEN_SESSION: 990 return tee_ioctl_open_session(ctx, uarg); 991 case TEE_IOC_INVOKE: 992 return tee_ioctl_invoke(ctx, uarg); 993 case TEE_IOC_OBJECT_INVOKE: 994 return tee_ioctl_object_invoke(ctx, uarg); 995 case TEE_IOC_CANCEL: 996 return tee_ioctl_cancel(ctx, uarg); 997 case TEE_IOC_CLOSE_SESSION: 998 return tee_ioctl_close_session(ctx, uarg); 999 case TEE_IOC_SUPPL_RECV: 1000 return tee_ioctl_supp_recv(ctx, uarg); 1001 case TEE_IOC_SUPPL_SEND: 1002 return tee_ioctl_supp_send(ctx, uarg); 1003 default: 1004 return -EINVAL; 1005 } 1006 } 1007 1008 static const struct file_operations tee_fops = { 1009 .owner = THIS_MODULE, 1010 .open = tee_open, 1011 .release = tee_release, 1012 .unlocked_ioctl = tee_ioctl, 1013 .compat_ioctl = compat_ptr_ioctl, 1014 }; 1015 1016 static void tee_release_device(struct device *dev) 1017 { 1018 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1019 1020 spin_lock(&driver_lock); 1021 clear_bit(teedev->id, dev_mask); 1022 spin_unlock(&driver_lock); 1023 mutex_destroy(&teedev->mutex); 1024 idr_destroy(&teedev->idr); 1025 kfree(teedev); 1026 } 1027 1028 /** 1029 * tee_device_alloc() - Allocate a new struct tee_device instance 1030 * @teedesc: Descriptor for this driver 1031 * @dev: Parent device for this device 1032 * @pool: Shared memory pool, NULL if not used 1033 * @driver_data: Private driver data for this device 1034 * 1035 * Allocates a new struct tee_device instance. The device is 1036 * removed by tee_device_unregister(). 1037 * 1038 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure 1039 */ 1040 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, 1041 struct device *dev, 1042 struct tee_shm_pool *pool, 1043 void *driver_data) 1044 { 1045 struct tee_device *teedev; 1046 void *ret; 1047 int rc, max_id; 1048 int offs = 0; 1049 1050 if (!teedesc || !teedesc->name || !teedesc->ops || 1051 !teedesc->ops->get_version || !teedesc->ops->open || 1052 !teedesc->ops->release) 1053 return ERR_PTR(-EINVAL); 1054 1055 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL); 1056 if (!teedev) { 1057 ret = ERR_PTR(-ENOMEM); 1058 goto err; 1059 } 1060 1061 max_id = TEE_NUM_DEVICES / 2; 1062 1063 if (teedesc->flags & TEE_DESC_PRIVILEGED) { 1064 offs = TEE_NUM_DEVICES / 2; 1065 max_id = TEE_NUM_DEVICES; 1066 } 1067 1068 spin_lock(&driver_lock); 1069 teedev->id = find_next_zero_bit(dev_mask, max_id, offs); 1070 if (teedev->id < max_id) 1071 set_bit(teedev->id, dev_mask); 1072 spin_unlock(&driver_lock); 1073 1074 if (teedev->id >= max_id) { 1075 ret = ERR_PTR(-ENOMEM); 1076 goto err; 1077 } 1078 1079 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d", 1080 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "", 1081 teedev->id - offs); 1082 1083 teedev->dev.class = &tee_class; 1084 teedev->dev.release = tee_release_device; 1085 teedev->dev.parent = dev; 1086 1087 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id); 1088 1089 rc = dev_set_name(&teedev->dev, "%s", teedev->name); 1090 if (rc) { 1091 ret = ERR_PTR(rc); 1092 goto err_devt; 1093 } 1094 1095 cdev_init(&teedev->cdev, &tee_fops); 1096 teedev->cdev.owner = teedesc->owner; 1097 1098 dev_set_drvdata(&teedev->dev, driver_data); 1099 device_initialize(&teedev->dev); 1100 1101 /* 1 as tee_device_unregister() does one final tee_device_put() */ 1102 teedev->num_users = 1; 1103 init_completion(&teedev->c_no_users); 1104 mutex_init(&teedev->mutex); 1105 idr_init(&teedev->idr); 1106 1107 teedev->desc = teedesc; 1108 teedev->pool = pool; 1109 1110 return teedev; 1111 err_devt: 1112 unregister_chrdev_region(teedev->dev.devt, 1); 1113 err: 1114 pr_err("could not register %s driver\n", 1115 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client"); 1116 if (teedev && teedev->id < TEE_NUM_DEVICES) { 1117 spin_lock(&driver_lock); 1118 clear_bit(teedev->id, dev_mask); 1119 spin_unlock(&driver_lock); 1120 } 1121 kfree(teedev); 1122 return ret; 1123 } 1124 EXPORT_SYMBOL_GPL(tee_device_alloc); 1125 1126 void tee_device_set_dev_groups(struct tee_device *teedev, 1127 const struct attribute_group **dev_groups) 1128 { 1129 teedev->dev.groups = dev_groups; 1130 } 1131 EXPORT_SYMBOL_GPL(tee_device_set_dev_groups); 1132 1133 static ssize_t implementation_id_show(struct device *dev, 1134 struct device_attribute *attr, char *buf) 1135 { 1136 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1137 struct tee_ioctl_version_data vers; 1138 1139 teedev->desc->ops->get_version(teedev, &vers); 1140 return sysfs_emit(buf, "%d\n", vers.impl_id); 1141 } 1142 static DEVICE_ATTR_RO(implementation_id); 1143 1144 static struct attribute *tee_dev_attrs[] = { 1145 &dev_attr_implementation_id.attr, 1146 NULL 1147 }; 1148 1149 ATTRIBUTE_GROUPS(tee_dev); 1150 1151 static const struct class tee_class = { 1152 .name = "tee", 1153 .dev_groups = tee_dev_groups, 1154 }; 1155 1156 /** 1157 * tee_device_register() - Registers a TEE device 1158 * @teedev: Device to register 1159 * 1160 * tee_device_unregister() need to be called to remove the @teedev if 1161 * this function fails. 1162 * 1163 * @returns < 0 on failure 1164 */ 1165 int tee_device_register(struct tee_device *teedev) 1166 { 1167 int rc; 1168 1169 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 1170 dev_err(&teedev->dev, "attempt to register twice\n"); 1171 return -EINVAL; 1172 } 1173 1174 rc = cdev_device_add(&teedev->cdev, &teedev->dev); 1175 if (rc) { 1176 dev_err(&teedev->dev, 1177 "unable to cdev_device_add() %s, major %d, minor %d, err=%d\n", 1178 teedev->name, MAJOR(teedev->dev.devt), 1179 MINOR(teedev->dev.devt), rc); 1180 return rc; 1181 } 1182 1183 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED; 1184 return 0; 1185 } 1186 EXPORT_SYMBOL_GPL(tee_device_register); 1187 1188 void tee_device_put(struct tee_device *teedev) 1189 { 1190 mutex_lock(&teedev->mutex); 1191 /* Shouldn't put in this state */ 1192 if (!WARN_ON(!teedev->desc)) { 1193 teedev->num_users--; 1194 if (!teedev->num_users) { 1195 teedev->desc = NULL; 1196 complete(&teedev->c_no_users); 1197 } 1198 } 1199 mutex_unlock(&teedev->mutex); 1200 } 1201 EXPORT_SYMBOL_GPL(tee_device_put); 1202 1203 bool tee_device_get(struct tee_device *teedev) 1204 { 1205 mutex_lock(&teedev->mutex); 1206 if (!teedev->desc) { 1207 mutex_unlock(&teedev->mutex); 1208 return false; 1209 } 1210 teedev->num_users++; 1211 mutex_unlock(&teedev->mutex); 1212 return true; 1213 } 1214 EXPORT_SYMBOL_GPL(tee_device_get); 1215 1216 /** 1217 * tee_device_unregister() - Removes a TEE device 1218 * @teedev: Device to unregister 1219 * 1220 * This function should be called to remove the @teedev even if 1221 * tee_device_register() hasn't been called yet. Does nothing if 1222 * @teedev is NULL. 1223 */ 1224 void tee_device_unregister(struct tee_device *teedev) 1225 { 1226 if (!teedev) 1227 return; 1228 1229 tee_device_put_all_dma_heaps(teedev); 1230 1231 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) 1232 cdev_device_del(&teedev->cdev, &teedev->dev); 1233 1234 tee_device_put(teedev); 1235 wait_for_completion(&teedev->c_no_users); 1236 1237 /* 1238 * No need to take a mutex any longer now since teedev->desc was 1239 * set to NULL before teedev->c_no_users was completed. 1240 */ 1241 1242 teedev->pool = NULL; 1243 1244 put_device(&teedev->dev); 1245 } 1246 EXPORT_SYMBOL_GPL(tee_device_unregister); 1247 1248 /** 1249 * tee_get_drvdata() - Return driver_data pointer 1250 * @teedev: Device containing the driver_data pointer 1251 * @returns the driver_data pointer supplied to tee_device_alloc(). 1252 */ 1253 void *tee_get_drvdata(struct tee_device *teedev) 1254 { 1255 return dev_get_drvdata(&teedev->dev); 1256 } 1257 EXPORT_SYMBOL_GPL(tee_get_drvdata); 1258 1259 struct match_dev_data { 1260 struct tee_ioctl_version_data *vers; 1261 const void *data; 1262 int (*match)(struct tee_ioctl_version_data *, const void *); 1263 }; 1264 1265 static int match_dev(struct device *dev, const void *data) 1266 { 1267 const struct match_dev_data *match_data = data; 1268 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 1269 1270 teedev->desc->ops->get_version(teedev, match_data->vers); 1271 return match_data->match(match_data->vers, match_data->data); 1272 } 1273 1274 struct tee_context * 1275 tee_client_open_context(struct tee_context *start, 1276 int (*match)(struct tee_ioctl_version_data *, 1277 const void *), 1278 const void *data, struct tee_ioctl_version_data *vers) 1279 { 1280 struct device *dev = NULL; 1281 struct device *put_dev = NULL; 1282 struct tee_context *ctx = NULL; 1283 struct tee_ioctl_version_data v; 1284 struct match_dev_data match_data = { vers ? vers : &v, data, match }; 1285 1286 if (start) 1287 dev = &start->teedev->dev; 1288 1289 do { 1290 dev = class_find_device(&tee_class, dev, &match_data, match_dev); 1291 if (!dev) { 1292 ctx = ERR_PTR(-ENOENT); 1293 break; 1294 } 1295 1296 put_device(put_dev); 1297 put_dev = dev; 1298 1299 ctx = teedev_open(container_of(dev, struct tee_device, dev)); 1300 } while (IS_ERR(ctx) && PTR_ERR(ctx) != -ENOMEM); 1301 1302 put_device(put_dev); 1303 /* 1304 * Default behaviour for in kernel client is to not wait for 1305 * tee-supplicant if not present for any requests in this context. 1306 * Also this flag could be configured again before call to 1307 * tee_client_open_session() if any in kernel client requires 1308 * different behaviour. 1309 */ 1310 if (!IS_ERR(ctx)) 1311 ctx->supp_nowait = true; 1312 1313 return ctx; 1314 } 1315 EXPORT_SYMBOL_GPL(tee_client_open_context); 1316 1317 void tee_client_close_context(struct tee_context *ctx) 1318 { 1319 teedev_close_context(ctx); 1320 } 1321 EXPORT_SYMBOL_GPL(tee_client_close_context); 1322 1323 void tee_client_get_version(struct tee_context *ctx, 1324 struct tee_ioctl_version_data *vers) 1325 { 1326 ctx->teedev->desc->ops->get_version(ctx->teedev, vers); 1327 } 1328 EXPORT_SYMBOL_GPL(tee_client_get_version); 1329 1330 int tee_client_open_session(struct tee_context *ctx, 1331 struct tee_ioctl_open_session_arg *arg, 1332 struct tee_param *param) 1333 { 1334 if (!ctx->teedev->desc->ops->open_session) 1335 return -EINVAL; 1336 return ctx->teedev->desc->ops->open_session(ctx, arg, param); 1337 } 1338 EXPORT_SYMBOL_GPL(tee_client_open_session); 1339 1340 int tee_client_close_session(struct tee_context *ctx, u32 session) 1341 { 1342 if (!ctx->teedev->desc->ops->close_session) 1343 return -EINVAL; 1344 return ctx->teedev->desc->ops->close_session(ctx, session); 1345 } 1346 EXPORT_SYMBOL_GPL(tee_client_close_session); 1347 1348 int tee_client_system_session(struct tee_context *ctx, u32 session) 1349 { 1350 if (!ctx->teedev->desc->ops->system_session) 1351 return -EINVAL; 1352 return ctx->teedev->desc->ops->system_session(ctx, session); 1353 } 1354 EXPORT_SYMBOL_GPL(tee_client_system_session); 1355 1356 int tee_client_invoke_func(struct tee_context *ctx, 1357 struct tee_ioctl_invoke_arg *arg, 1358 struct tee_param *param) 1359 { 1360 if (!ctx->teedev->desc->ops->invoke_func) 1361 return -EINVAL; 1362 return ctx->teedev->desc->ops->invoke_func(ctx, arg, param); 1363 } 1364 EXPORT_SYMBOL_GPL(tee_client_invoke_func); 1365 1366 int tee_client_cancel_req(struct tee_context *ctx, 1367 struct tee_ioctl_cancel_arg *arg) 1368 { 1369 if (!ctx->teedev->desc->ops->cancel_req) 1370 return -EINVAL; 1371 return ctx->teedev->desc->ops->cancel_req(ctx, arg->cancel_id, 1372 arg->session); 1373 } 1374 1375 static int tee_client_device_match(struct device *dev, 1376 const struct device_driver *drv) 1377 { 1378 const struct tee_client_device_id *id_table; 1379 struct tee_client_device *tee_device; 1380 1381 id_table = to_tee_client_driver(drv)->id_table; 1382 tee_device = to_tee_client_device(dev); 1383 1384 while (!uuid_is_null(&id_table->uuid)) { 1385 if (uuid_equal(&tee_device->id.uuid, &id_table->uuid)) 1386 return 1; 1387 id_table++; 1388 } 1389 1390 return 0; 1391 } 1392 1393 static int tee_client_device_uevent(const struct device *dev, 1394 struct kobj_uevent_env *env) 1395 { 1396 uuid_t *dev_id = &to_tee_client_device(dev)->id.uuid; 1397 1398 return add_uevent_var(env, "MODALIAS=tee:%pUb", dev_id); 1399 } 1400 1401 const struct bus_type tee_bus_type = { 1402 .name = "tee", 1403 .match = tee_client_device_match, 1404 .uevent = tee_client_device_uevent, 1405 }; 1406 EXPORT_SYMBOL_GPL(tee_bus_type); 1407 1408 static int __init tee_init(void) 1409 { 1410 int rc; 1411 1412 rc = class_register(&tee_class); 1413 if (rc) { 1414 pr_err("couldn't create class\n"); 1415 return rc; 1416 } 1417 1418 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee"); 1419 if (rc) { 1420 pr_err("failed to allocate char dev region\n"); 1421 goto out_unreg_class; 1422 } 1423 1424 rc = bus_register(&tee_bus_type); 1425 if (rc) { 1426 pr_err("failed to register tee bus\n"); 1427 goto out_unreg_chrdev; 1428 } 1429 1430 return 0; 1431 1432 out_unreg_chrdev: 1433 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 1434 out_unreg_class: 1435 class_unregister(&tee_class); 1436 1437 return rc; 1438 } 1439 1440 static void __exit tee_exit(void) 1441 { 1442 bus_unregister(&tee_bus_type); 1443 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 1444 class_unregister(&tee_class); 1445 } 1446 1447 subsys_initcall(tee_init); 1448 module_exit(tee_exit); 1449 1450 MODULE_AUTHOR("Linaro"); 1451 MODULE_DESCRIPTION("TEE Driver"); 1452 MODULE_VERSION("1.0"); 1453 MODULE_LICENSE("GPL v2"); 1454 MODULE_IMPORT_NS("DMA_BUF"); 1455 MODULE_IMPORT_NS("DMA_BUF_HEAP"); 1456