1 // SPDX-License-Identifier: MIT
2 /*
3 * AMD Trusted Execution Environment (TEE) interface
4 *
5 * Author: Rijo Thomas <Rijo-john.Thomas@amd.com>
6 * Author: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com>
7 *
8 * Copyright (C) 2019,2021 Advanced Micro Devices, Inc.
9 */
10
11 #include <linux/bitfield.h>
12 #include <linux/types.h>
13 #include <linux/mutex.h>
14 #include <linux/delay.h>
15 #include <linux/slab.h>
16 #include <linux/gfp.h>
17 #include <linux/psp.h>
18 #include <linux/psp-tee.h>
19
20 #include "psp-dev.h"
21 #include "tee-dev.h"
22
23 static bool psp_dead;
24
tee_alloc_ring(struct psp_tee_device * tee,int ring_size)25 static int tee_alloc_ring(struct psp_tee_device *tee, int ring_size)
26 {
27 struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
28 void *start_addr;
29
30 if (!ring_size)
31 return -EINVAL;
32
33 /* We need actual physical address instead of DMA address, since
34 * Trusted OS running on AMD Secure Processor will map this region
35 */
36 start_addr = (void *)__get_free_pages(GFP_KERNEL, get_order(ring_size));
37 if (!start_addr)
38 return -ENOMEM;
39
40 memset(start_addr, 0x0, ring_size);
41 rb_mgr->ring_start = start_addr;
42 rb_mgr->ring_size = ring_size;
43 rb_mgr->ring_pa = __psp_pa(start_addr);
44 mutex_init(&rb_mgr->mutex);
45
46 return 0;
47 }
48
tee_free_ring(struct psp_tee_device * tee)49 static void tee_free_ring(struct psp_tee_device *tee)
50 {
51 struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
52
53 if (!rb_mgr->ring_start)
54 return;
55
56 free_pages((unsigned long)rb_mgr->ring_start,
57 get_order(rb_mgr->ring_size));
58
59 rb_mgr->ring_start = NULL;
60 rb_mgr->ring_size = 0;
61 rb_mgr->ring_pa = 0;
62 mutex_destroy(&rb_mgr->mutex);
63 }
64
tee_wait_cmd_poll(struct psp_tee_device * tee,unsigned int timeout,unsigned int * reg)65 static int tee_wait_cmd_poll(struct psp_tee_device *tee, unsigned int timeout,
66 unsigned int *reg)
67 {
68 /* ~10ms sleep per loop => nloop = timeout * 100 */
69 int nloop = timeout * 100;
70
71 while (--nloop) {
72 *reg = ioread32(tee->io_regs + tee->vdata->cmdresp_reg);
73 if (FIELD_GET(PSP_CMDRESP_RESP, *reg))
74 return 0;
75
76 usleep_range(10000, 10100);
77 }
78
79 dev_err(tee->dev, "tee: command timed out, disabling PSP\n");
80 psp_dead = true;
81
82 return -ETIMEDOUT;
83 }
84
85 static
tee_alloc_cmd_buffer(struct psp_tee_device * tee)86 struct tee_init_ring_cmd *tee_alloc_cmd_buffer(struct psp_tee_device *tee)
87 {
88 struct tee_init_ring_cmd *cmd;
89
90 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
91 if (!cmd)
92 return NULL;
93
94 cmd->hi_addr = upper_32_bits(tee->rb_mgr.ring_pa);
95 cmd->low_addr = lower_32_bits(tee->rb_mgr.ring_pa);
96 cmd->size = tee->rb_mgr.ring_size;
97
98 dev_dbg(tee->dev, "tee: ring address: high = 0x%x low = 0x%x size = %u\n",
99 cmd->hi_addr, cmd->low_addr, cmd->size);
100
101 return cmd;
102 }
103
tee_free_cmd_buffer(struct tee_init_ring_cmd * cmd)104 static inline void tee_free_cmd_buffer(struct tee_init_ring_cmd *cmd)
105 {
106 kfree(cmd);
107 }
108
tee_init_ring(struct psp_tee_device * tee)109 static int tee_init_ring(struct psp_tee_device *tee)
110 {
111 int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
112 struct tee_init_ring_cmd *cmd;
113 phys_addr_t cmd_buffer;
114 unsigned int reg;
115 int ret;
116
117 BUILD_BUG_ON(sizeof(struct tee_ring_cmd) != 1024);
118
119 ret = tee_alloc_ring(tee, ring_size);
120 if (ret) {
121 dev_err(tee->dev, "tee: ring allocation failed %d\n", ret);
122 return ret;
123 }
124
125 tee->rb_mgr.wptr = 0;
126
127 cmd = tee_alloc_cmd_buffer(tee);
128 if (!cmd) {
129 tee_free_ring(tee);
130 return -ENOMEM;
131 }
132
133 cmd_buffer = __psp_pa((void *)cmd);
134
135 /* Send command buffer details to Trusted OS by writing to
136 * CPU-PSP message registers
137 */
138
139 iowrite32(lower_32_bits(cmd_buffer),
140 tee->io_regs + tee->vdata->cmdbuff_addr_lo_reg);
141 iowrite32(upper_32_bits(cmd_buffer),
142 tee->io_regs + tee->vdata->cmdbuff_addr_hi_reg);
143 iowrite32(TEE_RING_INIT_CMD,
144 tee->io_regs + tee->vdata->cmdresp_reg);
145
146 ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, ®);
147 if (ret) {
148 dev_err(tee->dev, "tee: ring init command timed out\n");
149 tee_free_ring(tee);
150 goto free_buf;
151 }
152
153 if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
154 dev_err(tee->dev, "tee: ring init command failed (%#010lx)\n",
155 FIELD_GET(PSP_CMDRESP_STS, reg));
156 tee_free_ring(tee);
157 ret = -EIO;
158 }
159
160 free_buf:
161 tee_free_cmd_buffer(cmd);
162
163 return ret;
164 }
165
tee_destroy_ring(struct psp_tee_device * tee)166 static void tee_destroy_ring(struct psp_tee_device *tee)
167 {
168 unsigned int reg;
169 int ret;
170
171 if (!tee->rb_mgr.ring_start)
172 return;
173
174 if (psp_dead)
175 goto free_ring;
176
177 iowrite32(TEE_RING_DESTROY_CMD,
178 tee->io_regs + tee->vdata->cmdresp_reg);
179
180 ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, ®);
181 if (ret) {
182 dev_err(tee->dev, "tee: ring destroy command timed out\n");
183 } else if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
184 dev_err(tee->dev, "tee: ring destroy command failed (%#010lx)\n",
185 FIELD_GET(PSP_CMDRESP_STS, reg));
186 }
187
188 free_ring:
189 tee_free_ring(tee);
190 }
191
tee_dev_init(struct psp_device * psp)192 int tee_dev_init(struct psp_device *psp)
193 {
194 struct device *dev = psp->dev;
195 struct psp_tee_device *tee;
196 int ret;
197
198 ret = -ENOMEM;
199 tee = devm_kzalloc(dev, sizeof(*tee), GFP_KERNEL);
200 if (!tee)
201 goto e_err;
202
203 psp->tee_data = tee;
204
205 tee->dev = dev;
206 tee->psp = psp;
207
208 tee->io_regs = psp->io_regs;
209
210 tee->vdata = (struct tee_vdata *)psp->vdata->tee;
211 if (!tee->vdata) {
212 ret = -ENODEV;
213 dev_err(dev, "tee: missing driver data\n");
214 goto e_err;
215 }
216
217 ret = tee_init_ring(tee);
218 if (ret) {
219 dev_err(dev, "tee: failed to init ring buffer\n");
220 goto e_err;
221 }
222
223 dev_notice(dev, "tee enabled\n");
224
225 return 0;
226
227 e_err:
228 psp->tee_data = NULL;
229
230 dev_notice(dev, "tee initialization failed\n");
231
232 return ret;
233 }
234
tee_dev_destroy(struct psp_device * psp)235 void tee_dev_destroy(struct psp_device *psp)
236 {
237 struct psp_tee_device *tee = psp->tee_data;
238
239 if (!tee)
240 return;
241
242 tee_destroy_ring(tee);
243 }
244
tee_submit_cmd(struct psp_tee_device * tee,enum tee_cmd_id cmd_id,void * buf,size_t len,struct tee_ring_cmd ** resp)245 static int tee_submit_cmd(struct psp_tee_device *tee, enum tee_cmd_id cmd_id,
246 void *buf, size_t len, struct tee_ring_cmd **resp)
247 {
248 struct tee_ring_cmd *cmd;
249 int nloop = 1000, ret = 0;
250 u32 rptr;
251
252 *resp = NULL;
253
254 mutex_lock(&tee->rb_mgr.mutex);
255
256 /* Loop until empty entry found in ring buffer */
257 do {
258 /* Get pointer to ring buffer command entry */
259 cmd = (struct tee_ring_cmd *)
260 (tee->rb_mgr.ring_start + tee->rb_mgr.wptr);
261
262 rptr = ioread32(tee->io_regs + tee->vdata->ring_rptr_reg);
263
264 /* Check if ring buffer is full or command entry is waiting
265 * for response from TEE
266 */
267 if (!(tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
268 cmd->flag == CMD_WAITING_FOR_RESPONSE))
269 break;
270
271 dev_dbg(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
272 rptr, tee->rb_mgr.wptr);
273
274 /* Wait if ring buffer is full or TEE is processing data */
275 mutex_unlock(&tee->rb_mgr.mutex);
276 schedule_timeout_interruptible(msecs_to_jiffies(10));
277 mutex_lock(&tee->rb_mgr.mutex);
278
279 } while (--nloop);
280
281 if (!nloop &&
282 (tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
283 cmd->flag == CMD_WAITING_FOR_RESPONSE)) {
284 dev_err(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u response flag %u\n",
285 rptr, tee->rb_mgr.wptr, cmd->flag);
286 ret = -EBUSY;
287 goto unlock;
288 }
289
290 /* Do not submit command if PSP got disabled while processing any
291 * command in another thread
292 */
293 if (psp_dead) {
294 ret = -EBUSY;
295 goto unlock;
296 }
297
298 /* Write command data into ring buffer */
299 cmd->cmd_id = cmd_id;
300 cmd->cmd_state = TEE_CMD_STATE_INIT;
301 memset(&cmd->buf[0], 0, sizeof(cmd->buf));
302 memcpy(&cmd->buf[0], buf, len);
303
304 /* Indicate driver is waiting for response */
305 cmd->flag = CMD_WAITING_FOR_RESPONSE;
306
307 /* Update local copy of write pointer */
308 tee->rb_mgr.wptr += sizeof(struct tee_ring_cmd);
309 if (tee->rb_mgr.wptr >= tee->rb_mgr.ring_size)
310 tee->rb_mgr.wptr = 0;
311
312 /* Trigger interrupt to Trusted OS */
313 iowrite32(tee->rb_mgr.wptr, tee->io_regs + tee->vdata->ring_wptr_reg);
314
315 /* The response is provided by Trusted OS in same
316 * location as submitted data entry within ring buffer.
317 */
318 *resp = cmd;
319
320 unlock:
321 mutex_unlock(&tee->rb_mgr.mutex);
322
323 return ret;
324 }
325
tee_wait_cmd_completion(struct psp_tee_device * tee,struct tee_ring_cmd * resp,unsigned int timeout)326 static int tee_wait_cmd_completion(struct psp_tee_device *tee,
327 struct tee_ring_cmd *resp,
328 unsigned int timeout)
329 {
330 /* ~1ms sleep per loop => nloop = timeout * 1000 */
331 int nloop = timeout * 1000;
332
333 while (--nloop) {
334 if (resp->cmd_state == TEE_CMD_STATE_COMPLETED)
335 return 0;
336
337 usleep_range(1000, 1100);
338 }
339
340 dev_err(tee->dev, "tee: command 0x%x timed out, disabling PSP\n",
341 resp->cmd_id);
342
343 psp_dead = true;
344
345 return -ETIMEDOUT;
346 }
347
psp_tee_process_cmd(enum tee_cmd_id cmd_id,void * buf,size_t len,u32 * status)348 int psp_tee_process_cmd(enum tee_cmd_id cmd_id, void *buf, size_t len,
349 u32 *status)
350 {
351 struct psp_device *psp = psp_get_master_device();
352 struct psp_tee_device *tee;
353 struct tee_ring_cmd *resp;
354 int ret;
355
356 if (!buf || !status || !len || len > sizeof(resp->buf))
357 return -EINVAL;
358
359 *status = 0;
360
361 if (!psp || !psp->tee_data)
362 return -ENODEV;
363
364 if (psp_dead)
365 return -EBUSY;
366
367 tee = psp->tee_data;
368
369 ret = tee_submit_cmd(tee, cmd_id, buf, len, &resp);
370 if (ret)
371 return ret;
372
373 ret = tee_wait_cmd_completion(tee, resp, TEE_DEFAULT_TIMEOUT);
374 if (ret) {
375 resp->flag = CMD_RESPONSE_TIMEDOUT;
376 return ret;
377 }
378
379 memcpy(buf, &resp->buf[0], len);
380 *status = resp->status;
381
382 resp->flag = CMD_RESPONSE_COPIED;
383
384 return 0;
385 }
386 EXPORT_SYMBOL(psp_tee_process_cmd);
387
psp_check_tee_status(void)388 int psp_check_tee_status(void)
389 {
390 struct psp_device *psp = psp_get_master_device();
391
392 if (!psp || !psp->tee_data)
393 return -ENODEV;
394
395 return 0;
396 }
397 EXPORT_SYMBOL(psp_check_tee_status);
398