1 /* 2 * Thunderbolt bus support 3 * 4 * Copyright (C) 2017, Intel Corporation 5 * Author: Mika Westerberg <mika.westerberg@linux.intel.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 12 #include <linux/device.h> 13 #include <linux/idr.h> 14 #include <linux/module.h> 15 #include <linux/slab.h> 16 #include <linux/random.h> 17 #include <crypto/hash.h> 18 19 #include "tb.h" 20 21 static DEFINE_IDA(tb_domain_ida); 22 23 static const char * const tb_security_names[] = { 24 [TB_SECURITY_NONE] = "none", 25 [TB_SECURITY_USER] = "user", 26 [TB_SECURITY_SECURE] = "secure", 27 [TB_SECURITY_DPONLY] = "dponly", 28 }; 29 30 static ssize_t security_show(struct device *dev, struct device_attribute *attr, 31 char *buf) 32 { 33 struct tb *tb = container_of(dev, struct tb, dev); 34 35 return sprintf(buf, "%s\n", tb_security_names[tb->security_level]); 36 } 37 static DEVICE_ATTR_RO(security); 38 39 static struct attribute *domain_attrs[] = { 40 &dev_attr_security.attr, 41 NULL, 42 }; 43 44 static struct attribute_group domain_attr_group = { 45 .attrs = domain_attrs, 46 }; 47 48 static const struct attribute_group *domain_attr_groups[] = { 49 &domain_attr_group, 50 NULL, 51 }; 52 53 struct bus_type tb_bus_type = { 54 .name = "thunderbolt", 55 }; 56 57 static void tb_domain_release(struct device *dev) 58 { 59 struct tb *tb = container_of(dev, struct tb, dev); 60 61 tb_ctl_free(tb->ctl); 62 destroy_workqueue(tb->wq); 63 ida_simple_remove(&tb_domain_ida, tb->index); 64 mutex_destroy(&tb->lock); 65 kfree(tb); 66 } 67 68 struct device_type tb_domain_type = { 69 .name = "thunderbolt_domain", 70 .release = tb_domain_release, 71 }; 72 73 /** 74 * tb_domain_alloc() - Allocate a domain 75 * @nhi: Pointer to the host controller 76 * @privsize: Size of the connection manager private data 77 * 78 * Allocates and initializes a new Thunderbolt domain. Connection 79 * managers are expected to call this and then fill in @cm_ops 80 * accordingly. 81 * 82 * Call tb_domain_put() to release the domain before it has been added 83 * to the system. 84 * 85 * Return: allocated domain structure on %NULL in case of error 86 */ 87 struct tb *tb_domain_alloc(struct tb_nhi *nhi, size_t privsize) 88 { 89 struct tb *tb; 90 91 /* 92 * Make sure the structure sizes map with that the hardware 93 * expects because bit-fields are being used. 94 */ 95 BUILD_BUG_ON(sizeof(struct tb_regs_switch_header) != 5 * 4); 96 BUILD_BUG_ON(sizeof(struct tb_regs_port_header) != 8 * 4); 97 BUILD_BUG_ON(sizeof(struct tb_regs_hop) != 2 * 4); 98 99 tb = kzalloc(sizeof(*tb) + privsize, GFP_KERNEL); 100 if (!tb) 101 return NULL; 102 103 tb->nhi = nhi; 104 mutex_init(&tb->lock); 105 106 tb->index = ida_simple_get(&tb_domain_ida, 0, 0, GFP_KERNEL); 107 if (tb->index < 0) 108 goto err_free; 109 110 tb->wq = alloc_ordered_workqueue("thunderbolt%d", 0, tb->index); 111 if (!tb->wq) 112 goto err_remove_ida; 113 114 tb->dev.parent = &nhi->pdev->dev; 115 tb->dev.bus = &tb_bus_type; 116 tb->dev.type = &tb_domain_type; 117 tb->dev.groups = domain_attr_groups; 118 dev_set_name(&tb->dev, "domain%d", tb->index); 119 device_initialize(&tb->dev); 120 121 return tb; 122 123 err_remove_ida: 124 ida_simple_remove(&tb_domain_ida, tb->index); 125 err_free: 126 kfree(tb); 127 128 return NULL; 129 } 130 131 static void tb_domain_event_cb(void *data, enum tb_cfg_pkg_type type, 132 const void *buf, size_t size) 133 { 134 struct tb *tb = data; 135 136 if (!tb->cm_ops->handle_event) { 137 tb_warn(tb, "domain does not have event handler\n"); 138 return; 139 } 140 141 tb->cm_ops->handle_event(tb, type, buf, size); 142 } 143 144 /** 145 * tb_domain_add() - Add domain to the system 146 * @tb: Domain to add 147 * 148 * Starts the domain and adds it to the system. Hotplugging devices will 149 * work after this has been returned successfully. In order to remove 150 * and release the domain after this function has been called, call 151 * tb_domain_remove(). 152 * 153 * Return: %0 in case of success and negative errno in case of error 154 */ 155 int tb_domain_add(struct tb *tb) 156 { 157 int ret; 158 159 if (WARN_ON(!tb->cm_ops)) 160 return -EINVAL; 161 162 mutex_lock(&tb->lock); 163 164 tb->ctl = tb_ctl_alloc(tb->nhi, tb_domain_event_cb, tb); 165 if (!tb->ctl) { 166 ret = -ENOMEM; 167 goto err_unlock; 168 } 169 170 /* 171 * tb_schedule_hotplug_handler may be called as soon as the config 172 * channel is started. Thats why we have to hold the lock here. 173 */ 174 tb_ctl_start(tb->ctl); 175 176 if (tb->cm_ops->driver_ready) { 177 ret = tb->cm_ops->driver_ready(tb); 178 if (ret) 179 goto err_ctl_stop; 180 } 181 182 ret = device_add(&tb->dev); 183 if (ret) 184 goto err_ctl_stop; 185 186 /* Start the domain */ 187 if (tb->cm_ops->start) { 188 ret = tb->cm_ops->start(tb); 189 if (ret) 190 goto err_domain_del; 191 } 192 193 /* This starts event processing */ 194 mutex_unlock(&tb->lock); 195 196 return 0; 197 198 err_domain_del: 199 device_del(&tb->dev); 200 err_ctl_stop: 201 tb_ctl_stop(tb->ctl); 202 err_unlock: 203 mutex_unlock(&tb->lock); 204 205 return ret; 206 } 207 208 /** 209 * tb_domain_remove() - Removes and releases a domain 210 * @tb: Domain to remove 211 * 212 * Stops the domain, removes it from the system and releases all 213 * resources once the last reference has been released. 214 */ 215 void tb_domain_remove(struct tb *tb) 216 { 217 mutex_lock(&tb->lock); 218 if (tb->cm_ops->stop) 219 tb->cm_ops->stop(tb); 220 /* Stop the domain control traffic */ 221 tb_ctl_stop(tb->ctl); 222 mutex_unlock(&tb->lock); 223 224 flush_workqueue(tb->wq); 225 device_unregister(&tb->dev); 226 } 227 228 /** 229 * tb_domain_suspend_noirq() - Suspend a domain 230 * @tb: Domain to suspend 231 * 232 * Suspends all devices in the domain and stops the control channel. 233 */ 234 int tb_domain_suspend_noirq(struct tb *tb) 235 { 236 int ret = 0; 237 238 /* 239 * The control channel interrupt is left enabled during suspend 240 * and taking the lock here prevents any events happening before 241 * we actually have stopped the domain and the control channel. 242 */ 243 mutex_lock(&tb->lock); 244 if (tb->cm_ops->suspend_noirq) 245 ret = tb->cm_ops->suspend_noirq(tb); 246 if (!ret) 247 tb_ctl_stop(tb->ctl); 248 mutex_unlock(&tb->lock); 249 250 return ret; 251 } 252 253 /** 254 * tb_domain_resume_noirq() - Resume a domain 255 * @tb: Domain to resume 256 * 257 * Re-starts the control channel, and resumes all devices connected to 258 * the domain. 259 */ 260 int tb_domain_resume_noirq(struct tb *tb) 261 { 262 int ret = 0; 263 264 mutex_lock(&tb->lock); 265 tb_ctl_start(tb->ctl); 266 if (tb->cm_ops->resume_noirq) 267 ret = tb->cm_ops->resume_noirq(tb); 268 mutex_unlock(&tb->lock); 269 270 return ret; 271 } 272 273 int tb_domain_suspend(struct tb *tb) 274 { 275 int ret; 276 277 mutex_lock(&tb->lock); 278 if (tb->cm_ops->suspend) { 279 ret = tb->cm_ops->suspend(tb); 280 if (ret) { 281 mutex_unlock(&tb->lock); 282 return ret; 283 } 284 } 285 mutex_unlock(&tb->lock); 286 return 0; 287 } 288 289 void tb_domain_complete(struct tb *tb) 290 { 291 mutex_lock(&tb->lock); 292 if (tb->cm_ops->complete) 293 tb->cm_ops->complete(tb); 294 mutex_unlock(&tb->lock); 295 } 296 297 /** 298 * tb_domain_approve_switch() - Approve switch 299 * @tb: Domain the switch belongs to 300 * @sw: Switch to approve 301 * 302 * This will approve switch by connection manager specific means. In 303 * case of success the connection manager will create tunnels for all 304 * supported protocols. 305 */ 306 int tb_domain_approve_switch(struct tb *tb, struct tb_switch *sw) 307 { 308 struct tb_switch *parent_sw; 309 310 if (!tb->cm_ops->approve_switch) 311 return -EPERM; 312 313 /* The parent switch must be authorized before this one */ 314 parent_sw = tb_to_switch(sw->dev.parent); 315 if (!parent_sw || !parent_sw->authorized) 316 return -EINVAL; 317 318 return tb->cm_ops->approve_switch(tb, sw); 319 } 320 321 /** 322 * tb_domain_approve_switch_key() - Approve switch and add key 323 * @tb: Domain the switch belongs to 324 * @sw: Switch to approve 325 * 326 * For switches that support secure connect, this function first adds 327 * key to the switch NVM using connection manager specific means. If 328 * adding the key is successful, the switch is approved and connected. 329 * 330 * Return: %0 on success and negative errno in case of failure. 331 */ 332 int tb_domain_approve_switch_key(struct tb *tb, struct tb_switch *sw) 333 { 334 struct tb_switch *parent_sw; 335 int ret; 336 337 if (!tb->cm_ops->approve_switch || !tb->cm_ops->add_switch_key) 338 return -EPERM; 339 340 /* The parent switch must be authorized before this one */ 341 parent_sw = tb_to_switch(sw->dev.parent); 342 if (!parent_sw || !parent_sw->authorized) 343 return -EINVAL; 344 345 ret = tb->cm_ops->add_switch_key(tb, sw); 346 if (ret) 347 return ret; 348 349 return tb->cm_ops->approve_switch(tb, sw); 350 } 351 352 /** 353 * tb_domain_challenge_switch_key() - Challenge and approve switch 354 * @tb: Domain the switch belongs to 355 * @sw: Switch to approve 356 * 357 * For switches that support secure connect, this function generates 358 * random challenge and sends it to the switch. The switch responds to 359 * this and if the response matches our random challenge, the switch is 360 * approved and connected. 361 * 362 * Return: %0 on success and negative errno in case of failure. 363 */ 364 int tb_domain_challenge_switch_key(struct tb *tb, struct tb_switch *sw) 365 { 366 u8 challenge[TB_SWITCH_KEY_SIZE]; 367 u8 response[TB_SWITCH_KEY_SIZE]; 368 u8 hmac[TB_SWITCH_KEY_SIZE]; 369 struct tb_switch *parent_sw; 370 struct crypto_shash *tfm; 371 struct shash_desc *shash; 372 int ret; 373 374 if (!tb->cm_ops->approve_switch || !tb->cm_ops->challenge_switch_key) 375 return -EPERM; 376 377 /* The parent switch must be authorized before this one */ 378 parent_sw = tb_to_switch(sw->dev.parent); 379 if (!parent_sw || !parent_sw->authorized) 380 return -EINVAL; 381 382 get_random_bytes(challenge, sizeof(challenge)); 383 ret = tb->cm_ops->challenge_switch_key(tb, sw, challenge, response); 384 if (ret) 385 return ret; 386 387 tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); 388 if (IS_ERR(tfm)) 389 return PTR_ERR(tfm); 390 391 ret = crypto_shash_setkey(tfm, sw->key, TB_SWITCH_KEY_SIZE); 392 if (ret) 393 goto err_free_tfm; 394 395 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(tfm), 396 GFP_KERNEL); 397 if (!shash) { 398 ret = -ENOMEM; 399 goto err_free_tfm; 400 } 401 402 shash->tfm = tfm; 403 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 404 405 memset(hmac, 0, sizeof(hmac)); 406 ret = crypto_shash_digest(shash, challenge, sizeof(hmac), hmac); 407 if (ret) 408 goto err_free_shash; 409 410 /* The returned HMAC must match the one we calculated */ 411 if (memcmp(response, hmac, sizeof(hmac))) { 412 ret = -EKEYREJECTED; 413 goto err_free_shash; 414 } 415 416 crypto_free_shash(tfm); 417 kfree(shash); 418 419 return tb->cm_ops->approve_switch(tb, sw); 420 421 err_free_shash: 422 kfree(shash); 423 err_free_tfm: 424 crypto_free_shash(tfm); 425 426 return ret; 427 } 428 429 /** 430 * tb_domain_disconnect_pcie_paths() - Disconnect all PCIe paths 431 * @tb: Domain whose PCIe paths to disconnect 432 * 433 * This needs to be called in preparation for NVM upgrade of the host 434 * controller. Makes sure all PCIe paths are disconnected. 435 * 436 * Return %0 on success and negative errno in case of error. 437 */ 438 int tb_domain_disconnect_pcie_paths(struct tb *tb) 439 { 440 if (!tb->cm_ops->disconnect_pcie_paths) 441 return -EPERM; 442 443 return tb->cm_ops->disconnect_pcie_paths(tb); 444 } 445 446 int tb_domain_init(void) 447 { 448 return bus_register(&tb_bus_type); 449 } 450 451 void tb_domain_exit(void) 452 { 453 bus_unregister(&tb_bus_type); 454 ida_destroy(&tb_domain_ida); 455 tb_switch_exit(); 456 } 457