xref: /openbmc/linux/drivers/tee/amdtee/call.c (revision be58f710)
1 // SPDX-License-Identifier: MIT
2 /*
3  * Copyright 2019 Advanced Micro Devices, Inc.
4  */
5 
6 #include <linux/device.h>
7 #include <linux/tee.h>
8 #include <linux/tee_drv.h>
9 #include <linux/psp-tee.h>
10 #include <linux/slab.h>
11 #include <linux/psp-sev.h>
12 #include "amdtee_if.h"
13 #include "amdtee_private.h"
14 
15 static int tee_params_to_amd_params(struct tee_param *tee, u32 count,
16 				    struct tee_operation *amd)
17 {
18 	int i, ret = 0;
19 	u32 type;
20 
21 	if (!count)
22 		return 0;
23 
24 	if (!tee || !amd || count > TEE_MAX_PARAMS)
25 		return -EINVAL;
26 
27 	amd->param_types = 0;
28 	for (i = 0; i < count; i++) {
29 		/* AMD TEE does not support meta parameter */
30 		if (tee[i].attr > TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT)
31 			return -EINVAL;
32 
33 		amd->param_types |= ((tee[i].attr & 0xF) << i * 4);
34 	}
35 
36 	for (i = 0; i < count; i++) {
37 		type = TEE_PARAM_TYPE_GET(amd->param_types, i);
38 		pr_debug("%s: type[%d] = 0x%x\n", __func__, i, type);
39 
40 		if (type == TEE_OP_PARAM_TYPE_INVALID)
41 			return -EINVAL;
42 
43 		if (type == TEE_OP_PARAM_TYPE_NONE)
44 			continue;
45 
46 		/* It is assumed that all values are within 2^32-1 */
47 		if (type > TEE_OP_PARAM_TYPE_VALUE_INOUT) {
48 			u32 buf_id = get_buffer_id(tee[i].u.memref.shm);
49 
50 			amd->params[i].mref.buf_id = buf_id;
51 			amd->params[i].mref.offset = tee[i].u.memref.shm_offs;
52 			amd->params[i].mref.size = tee[i].u.memref.size;
53 			pr_debug("%s: bufid[%d] = 0x%x, offset[%d] = 0x%x, size[%d] = 0x%x\n",
54 				 __func__,
55 				 i, amd->params[i].mref.buf_id,
56 				 i, amd->params[i].mref.offset,
57 				 i, amd->params[i].mref.size);
58 		} else {
59 			if (tee[i].u.value.c)
60 				pr_warn("%s: Discarding value c", __func__);
61 
62 			amd->params[i].val.a = tee[i].u.value.a;
63 			amd->params[i].val.b = tee[i].u.value.b;
64 			pr_debug("%s: a[%d] = 0x%x, b[%d] = 0x%x\n", __func__,
65 				 i, amd->params[i].val.a,
66 				 i, amd->params[i].val.b);
67 		}
68 	}
69 	return ret;
70 }
71 
72 static int amd_params_to_tee_params(struct tee_param *tee, u32 count,
73 				    struct tee_operation *amd)
74 {
75 	int i, ret = 0;
76 	u32 type;
77 
78 	if (!count)
79 		return 0;
80 
81 	if (!tee || !amd || count > TEE_MAX_PARAMS)
82 		return -EINVAL;
83 
84 	/* Assumes amd->param_types is valid */
85 	for (i = 0; i < count; i++) {
86 		type = TEE_PARAM_TYPE_GET(amd->param_types, i);
87 		pr_debug("%s: type[%d] = 0x%x\n", __func__, i, type);
88 
89 		if (type == TEE_OP_PARAM_TYPE_INVALID ||
90 		    type > TEE_OP_PARAM_TYPE_MEMREF_INOUT)
91 			return -EINVAL;
92 
93 		if (type == TEE_OP_PARAM_TYPE_NONE ||
94 		    type == TEE_OP_PARAM_TYPE_VALUE_INPUT ||
95 		    type == TEE_OP_PARAM_TYPE_MEMREF_INPUT)
96 			continue;
97 
98 		/*
99 		 * It is assumed that buf_id remains unchanged for
100 		 * both open_session and invoke_cmd call
101 		 */
102 		if (type > TEE_OP_PARAM_TYPE_MEMREF_INPUT) {
103 			tee[i].u.memref.shm_offs = amd->params[i].mref.offset;
104 			tee[i].u.memref.size = amd->params[i].mref.size;
105 			pr_debug("%s: bufid[%d] = 0x%x, offset[%d] = 0x%x, size[%d] = 0x%x\n",
106 				 __func__,
107 				 i, amd->params[i].mref.buf_id,
108 				 i, amd->params[i].mref.offset,
109 				 i, amd->params[i].mref.size);
110 		} else {
111 			/* field 'c' not supported by AMD TEE */
112 			tee[i].u.value.a = amd->params[i].val.a;
113 			tee[i].u.value.b = amd->params[i].val.b;
114 			tee[i].u.value.c = 0;
115 			pr_debug("%s: a[%d] = 0x%x, b[%d] = 0x%x\n",
116 				 __func__,
117 				 i, amd->params[i].val.a,
118 				 i, amd->params[i].val.b);
119 		}
120 	}
121 	return ret;
122 }
123 
124 static DEFINE_MUTEX(ta_refcount_mutex);
125 static struct list_head ta_list = LIST_HEAD_INIT(ta_list);
126 
127 static u32 get_ta_refcount(u32 ta_handle)
128 {
129 	struct amdtee_ta_data *ta_data;
130 	u32 count = 0;
131 
132 	/* Caller must hold a mutex */
133 	list_for_each_entry(ta_data, &ta_list, list_node)
134 		if (ta_data->ta_handle == ta_handle)
135 			return ++ta_data->refcount;
136 
137 	ta_data = kzalloc(sizeof(*ta_data), GFP_KERNEL);
138 	if (ta_data) {
139 		ta_data->ta_handle = ta_handle;
140 		ta_data->refcount = 1;
141 		count = ta_data->refcount;
142 		list_add(&ta_data->list_node, &ta_list);
143 	}
144 
145 	return count;
146 }
147 
148 static u32 put_ta_refcount(u32 ta_handle)
149 {
150 	struct amdtee_ta_data *ta_data;
151 	u32 count = 0;
152 
153 	/* Caller must hold a mutex */
154 	list_for_each_entry(ta_data, &ta_list, list_node)
155 		if (ta_data->ta_handle == ta_handle) {
156 			count = --ta_data->refcount;
157 			if (count == 0) {
158 				list_del(&ta_data->list_node);
159 				kfree(ta_data);
160 				break;
161 			}
162 		}
163 
164 	return count;
165 }
166 
167 int handle_unload_ta(u32 ta_handle)
168 {
169 	struct tee_cmd_unload_ta cmd = {0};
170 	u32 status, count;
171 	int ret;
172 
173 	if (!ta_handle)
174 		return -EINVAL;
175 
176 	mutex_lock(&ta_refcount_mutex);
177 
178 	count = put_ta_refcount(ta_handle);
179 
180 	if (count) {
181 		pr_debug("unload ta: not unloading %u count %u\n",
182 			 ta_handle, count);
183 		ret = -EBUSY;
184 		goto unlock;
185 	}
186 
187 	cmd.ta_handle = ta_handle;
188 
189 	ret = psp_tee_process_cmd(TEE_CMD_ID_UNLOAD_TA, (void *)&cmd,
190 				  sizeof(cmd), &status);
191 	if (!ret && status != 0) {
192 		pr_err("unload ta: status = 0x%x\n", status);
193 		ret = -EBUSY;
194 	} else {
195 		pr_debug("unloaded ta handle %u\n", ta_handle);
196 	}
197 
198 unlock:
199 	mutex_unlock(&ta_refcount_mutex);
200 	return ret;
201 }
202 
203 int handle_close_session(u32 ta_handle, u32 info)
204 {
205 	struct tee_cmd_close_session cmd = {0};
206 	u32 status;
207 	int ret;
208 
209 	if (ta_handle == 0)
210 		return -EINVAL;
211 
212 	cmd.ta_handle = ta_handle;
213 	cmd.session_info = info;
214 
215 	ret = psp_tee_process_cmd(TEE_CMD_ID_CLOSE_SESSION, (void *)&cmd,
216 				  sizeof(cmd), &status);
217 	if (!ret && status != 0) {
218 		pr_err("close session: status = 0x%x\n", status);
219 		ret = -EBUSY;
220 	}
221 
222 	return ret;
223 }
224 
225 void handle_unmap_shmem(u32 buf_id)
226 {
227 	struct tee_cmd_unmap_shared_mem cmd = {0};
228 	u32 status;
229 	int ret;
230 
231 	cmd.buf_id = buf_id;
232 
233 	ret = psp_tee_process_cmd(TEE_CMD_ID_UNMAP_SHARED_MEM, (void *)&cmd,
234 				  sizeof(cmd), &status);
235 	if (!ret)
236 		pr_debug("unmap shared memory: buf_id %u status = 0x%x\n",
237 			 buf_id, status);
238 }
239 
240 int handle_invoke_cmd(struct tee_ioctl_invoke_arg *arg, u32 sinfo,
241 		      struct tee_param *p)
242 {
243 	struct tee_cmd_invoke_cmd cmd = {0};
244 	int ret;
245 
246 	if (!arg || (!p && arg->num_params))
247 		return -EINVAL;
248 
249 	arg->ret_origin = TEEC_ORIGIN_COMMS;
250 
251 	if (arg->session == 0) {
252 		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
253 		return -EINVAL;
254 	}
255 
256 	ret = tee_params_to_amd_params(p, arg->num_params, &cmd.op);
257 	if (ret) {
258 		pr_err("invalid Params. Abort invoke command\n");
259 		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
260 		return ret;
261 	}
262 
263 	cmd.ta_handle = get_ta_handle(arg->session);
264 	cmd.cmd_id = arg->func;
265 	cmd.session_info = sinfo;
266 
267 	ret = psp_tee_process_cmd(TEE_CMD_ID_INVOKE_CMD, (void *)&cmd,
268 				  sizeof(cmd), &arg->ret);
269 	if (ret) {
270 		arg->ret = TEEC_ERROR_COMMUNICATION;
271 	} else {
272 		ret = amd_params_to_tee_params(p, arg->num_params, &cmd.op);
273 		if (unlikely(ret)) {
274 			pr_err("invoke command: failed to copy output\n");
275 			arg->ret = TEEC_ERROR_GENERIC;
276 			return ret;
277 		}
278 		arg->ret_origin = cmd.return_origin;
279 		pr_debug("invoke command: RO = 0x%x ret = 0x%x\n",
280 			 arg->ret_origin, arg->ret);
281 	}
282 
283 	return ret;
284 }
285 
286 int handle_map_shmem(u32 count, struct shmem_desc *start, u32 *buf_id)
287 {
288 	struct tee_cmd_map_shared_mem *cmd;
289 	phys_addr_t paddr;
290 	int ret, i;
291 	u32 status;
292 
293 	if (!count || !start || !buf_id)
294 		return -EINVAL;
295 
296 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
297 	if (!cmd)
298 		return -ENOMEM;
299 
300 	/* Size must be page aligned */
301 	for (i = 0; i < count ; i++) {
302 		if (!start[i].kaddr || (start[i].size & (PAGE_SIZE - 1))) {
303 			ret = -EINVAL;
304 			goto free_cmd;
305 		}
306 
307 		if ((u64)start[i].kaddr & (PAGE_SIZE - 1)) {
308 			pr_err("map shared memory: page unaligned. addr 0x%llx",
309 			       (u64)start[i].kaddr);
310 			ret = -EINVAL;
311 			goto free_cmd;
312 		}
313 	}
314 
315 	cmd->sg_list.count = count;
316 
317 	/* Create buffer list */
318 	for (i = 0; i < count ; i++) {
319 		paddr = __psp_pa(start[i].kaddr);
320 		cmd->sg_list.buf[i].hi_addr = upper_32_bits(paddr);
321 		cmd->sg_list.buf[i].low_addr = lower_32_bits(paddr);
322 		cmd->sg_list.buf[i].size = start[i].size;
323 		cmd->sg_list.size += cmd->sg_list.buf[i].size;
324 
325 		pr_debug("buf[%d]:hi addr = 0x%x\n", i,
326 			 cmd->sg_list.buf[i].hi_addr);
327 		pr_debug("buf[%d]:low addr = 0x%x\n", i,
328 			 cmd->sg_list.buf[i].low_addr);
329 		pr_debug("buf[%d]:size = 0x%x\n", i, cmd->sg_list.buf[i].size);
330 		pr_debug("list size = 0x%x\n", cmd->sg_list.size);
331 	}
332 
333 	*buf_id = 0;
334 
335 	ret = psp_tee_process_cmd(TEE_CMD_ID_MAP_SHARED_MEM, (void *)cmd,
336 				  sizeof(*cmd), &status);
337 	if (!ret && !status) {
338 		*buf_id = cmd->buf_id;
339 		pr_debug("mapped buffer ID = 0x%x\n", *buf_id);
340 	} else {
341 		pr_err("map shared memory: status = 0x%x\n", status);
342 		ret = -ENOMEM;
343 	}
344 
345 free_cmd:
346 	kfree(cmd);
347 
348 	return ret;
349 }
350 
351 int handle_open_session(struct tee_ioctl_open_session_arg *arg, u32 *info,
352 			struct tee_param *p)
353 {
354 	struct tee_cmd_open_session cmd = {0};
355 	int ret;
356 
357 	if (!arg || !info || (!p && arg->num_params))
358 		return -EINVAL;
359 
360 	arg->ret_origin = TEEC_ORIGIN_COMMS;
361 
362 	if (arg->session == 0) {
363 		arg->ret = TEEC_ERROR_GENERIC;
364 		return -EINVAL;
365 	}
366 
367 	ret = tee_params_to_amd_params(p, arg->num_params, &cmd.op);
368 	if (ret) {
369 		pr_err("invalid Params. Abort open session\n");
370 		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
371 		return ret;
372 	}
373 
374 	cmd.ta_handle = get_ta_handle(arg->session);
375 	*info = 0;
376 
377 	ret = psp_tee_process_cmd(TEE_CMD_ID_OPEN_SESSION, (void *)&cmd,
378 				  sizeof(cmd), &arg->ret);
379 	if (ret) {
380 		arg->ret = TEEC_ERROR_COMMUNICATION;
381 	} else {
382 		ret = amd_params_to_tee_params(p, arg->num_params, &cmd.op);
383 		if (unlikely(ret)) {
384 			pr_err("open session: failed to copy output\n");
385 			arg->ret = TEEC_ERROR_GENERIC;
386 			return ret;
387 		}
388 		arg->ret_origin = cmd.return_origin;
389 		*info = cmd.session_info;
390 		pr_debug("open session: session info = 0x%x\n", *info);
391 	}
392 
393 	pr_debug("open session: ret = 0x%x RO = 0x%x\n", arg->ret,
394 		 arg->ret_origin);
395 
396 	return ret;
397 }
398 
399 int handle_load_ta(void *data, u32 size, struct tee_ioctl_open_session_arg *arg)
400 {
401 	struct tee_cmd_unload_ta unload_cmd = {};
402 	struct tee_cmd_load_ta load_cmd = {};
403 	phys_addr_t blob;
404 	int ret;
405 
406 	if (size == 0 || !data || !arg)
407 		return -EINVAL;
408 
409 	blob = __psp_pa(data);
410 	if (blob & (PAGE_SIZE - 1)) {
411 		pr_err("load TA: page unaligned. blob 0x%llx", blob);
412 		return -EINVAL;
413 	}
414 
415 	load_cmd.hi_addr = upper_32_bits(blob);
416 	load_cmd.low_addr = lower_32_bits(blob);
417 	load_cmd.size = size;
418 
419 	mutex_lock(&ta_refcount_mutex);
420 
421 	ret = psp_tee_process_cmd(TEE_CMD_ID_LOAD_TA, (void *)&load_cmd,
422 				  sizeof(load_cmd), &arg->ret);
423 	if (ret) {
424 		arg->ret_origin = TEEC_ORIGIN_COMMS;
425 		arg->ret = TEEC_ERROR_COMMUNICATION;
426 	} else if (arg->ret == TEEC_SUCCESS) {
427 		ret = get_ta_refcount(load_cmd.ta_handle);
428 		if (!ret) {
429 			arg->ret_origin = TEEC_ORIGIN_COMMS;
430 			arg->ret = TEEC_ERROR_OUT_OF_MEMORY;
431 
432 			/* Unload the TA on error */
433 			unload_cmd.ta_handle = load_cmd.ta_handle;
434 			psp_tee_process_cmd(TEE_CMD_ID_UNLOAD_TA,
435 					    (void *)&unload_cmd,
436 					    sizeof(unload_cmd), &ret);
437 		} else {
438 			set_session_id(load_cmd.ta_handle, 0, &arg->session);
439 		}
440 	}
441 	mutex_unlock(&ta_refcount_mutex);
442 
443 	pr_debug("load TA: TA handle = 0x%x, RO = 0x%x, ret = 0x%x\n",
444 		 load_cmd.ta_handle, arg->ret_origin, arg->ret);
445 
446 	return 0;
447 }
448