xref: /openbmc/linux/drivers/tee/amdtee/core.c (revision 75020f2d)
1 // SPDX-License-Identifier: MIT
2 /*
3  * Copyright 2019 Advanced Micro Devices, Inc.
4  */
5 
6 #include <linux/errno.h>
7 #include <linux/io.h>
8 #include <linux/module.h>
9 #include <linux/slab.h>
10 #include <linux/string.h>
11 #include <linux/device.h>
12 #include <linux/tee_drv.h>
13 #include <linux/types.h>
14 #include <linux/mm.h>
15 #include <linux/uaccess.h>
16 #include <linux/firmware.h>
17 #include "amdtee_private.h"
18 #include "../tee_private.h"
19 #include <linux/psp-tee.h>
20 
21 static struct amdtee_driver_data *drv_data;
22 static DEFINE_MUTEX(session_list_mutex);
23 
24 static void amdtee_get_version(struct tee_device *teedev,
25 			       struct tee_ioctl_version_data *vers)
26 {
27 	struct tee_ioctl_version_data v = {
28 		.impl_id = TEE_IMPL_ID_AMDTEE,
29 		.impl_caps = 0,
30 		.gen_caps = TEE_GEN_CAP_GP,
31 	};
32 	*vers = v;
33 }
34 
35 static int amdtee_open(struct tee_context *ctx)
36 {
37 	struct amdtee_context_data *ctxdata;
38 
39 	ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL);
40 	if (!ctxdata)
41 		return -ENOMEM;
42 
43 	INIT_LIST_HEAD(&ctxdata->sess_list);
44 	INIT_LIST_HEAD(&ctxdata->shm_list);
45 	mutex_init(&ctxdata->shm_mutex);
46 
47 	ctx->data = ctxdata;
48 	return 0;
49 }
50 
51 static void release_session(struct amdtee_session *sess)
52 {
53 	int i;
54 
55 	/* Close any open session */
56 	for (i = 0; i < TEE_NUM_SESSIONS; ++i) {
57 		/* Check if session entry 'i' is valid */
58 		if (!test_bit(i, sess->sess_mask))
59 			continue;
60 
61 		handle_close_session(sess->ta_handle, sess->session_info[i]);
62 		handle_unload_ta(sess->ta_handle);
63 	}
64 
65 	kfree(sess);
66 }
67 
68 static void amdtee_release(struct tee_context *ctx)
69 {
70 	struct amdtee_context_data *ctxdata = ctx->data;
71 
72 	if (!ctxdata)
73 		return;
74 
75 	while (true) {
76 		struct amdtee_session *sess;
77 
78 		sess = list_first_entry_or_null(&ctxdata->sess_list,
79 						struct amdtee_session,
80 						list_node);
81 
82 		if (!sess)
83 			break;
84 
85 		list_del(&sess->list_node);
86 		release_session(sess);
87 	}
88 	mutex_destroy(&ctxdata->shm_mutex);
89 	kfree(ctxdata);
90 
91 	ctx->data = NULL;
92 }
93 
94 /**
95  * alloc_session() - Allocate a session structure
96  * @ctxdata:    TEE Context data structure
97  * @session:    Session ID for which 'struct amdtee_session' structure is to be
98  *              allocated.
99  *
100  * Scans the TEE context's session list to check if TA is already loaded in to
101  * TEE. If yes, returns the 'session' structure for that TA. Else allocates,
102  * initializes a new 'session' structure and adds it to context's session list.
103  *
104  * The caller must hold a mutex.
105  *
106  * Returns:
107  * 'struct amdtee_session *' on success and NULL on failure.
108  */
109 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata,
110 					    u32 session)
111 {
112 	struct amdtee_session *sess;
113 	u32 ta_handle = get_ta_handle(session);
114 
115 	/* Scan session list to check if TA is already loaded in to TEE */
116 	list_for_each_entry(sess, &ctxdata->sess_list, list_node)
117 		if (sess->ta_handle == ta_handle) {
118 			kref_get(&sess->refcount);
119 			return sess;
120 		}
121 
122 	/* Allocate a new session and add to list */
123 	sess = kzalloc(sizeof(*sess), GFP_KERNEL);
124 	if (sess) {
125 		sess->ta_handle = ta_handle;
126 		kref_init(&sess->refcount);
127 		spin_lock_init(&sess->lock);
128 		list_add(&sess->list_node, &ctxdata->sess_list);
129 	}
130 
131 	return sess;
132 }
133 
134 /* Requires mutex to be held */
135 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata,
136 					   u32 session)
137 {
138 	u32 ta_handle = get_ta_handle(session);
139 	u32 index = get_session_index(session);
140 	struct amdtee_session *sess;
141 
142 	if (index >= TEE_NUM_SESSIONS)
143 		return NULL;
144 
145 	list_for_each_entry(sess, &ctxdata->sess_list, list_node)
146 		if (ta_handle == sess->ta_handle &&
147 		    test_bit(index, sess->sess_mask))
148 			return sess;
149 
150 	return NULL;
151 }
152 
153 u32 get_buffer_id(struct tee_shm *shm)
154 {
155 	struct amdtee_context_data *ctxdata = shm->ctx->data;
156 	struct amdtee_shm_data *shmdata;
157 	u32 buf_id = 0;
158 
159 	mutex_lock(&ctxdata->shm_mutex);
160 	list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node)
161 		if (shmdata->kaddr == shm->kaddr) {
162 			buf_id = shmdata->buf_id;
163 			break;
164 		}
165 	mutex_unlock(&ctxdata->shm_mutex);
166 
167 	return buf_id;
168 }
169 
170 static DEFINE_MUTEX(drv_mutex);
171 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta,
172 			  size_t *ta_size)
173 {
174 	const struct firmware *fw;
175 	char fw_name[TA_PATH_MAX];
176 	struct {
177 		u32 lo;
178 		u16 mid;
179 		u16 hi_ver;
180 		u8 seq_n[8];
181 	} *uuid = ptr;
182 	int n, rc = 0;
183 
184 	n = snprintf(fw_name, TA_PATH_MAX,
185 		     "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin",
186 		     TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver,
187 		     uuid->seq_n[0], uuid->seq_n[1],
188 		     uuid->seq_n[2], uuid->seq_n[3],
189 		     uuid->seq_n[4], uuid->seq_n[5],
190 		     uuid->seq_n[6], uuid->seq_n[7]);
191 	if (n < 0 || n >= TA_PATH_MAX) {
192 		pr_err("failed to get firmware name\n");
193 		return -EINVAL;
194 	}
195 
196 	mutex_lock(&drv_mutex);
197 	n = request_firmware(&fw, fw_name, &ctx->teedev->dev);
198 	if (n) {
199 		pr_err("failed to load firmware %s\n", fw_name);
200 		rc = -ENOMEM;
201 		goto unlock;
202 	}
203 
204 	*ta_size = roundup(fw->size, PAGE_SIZE);
205 	*ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size));
206 	if (IS_ERR(*ta)) {
207 		pr_err("%s: get_free_pages failed 0x%llx\n", __func__,
208 		       (u64)*ta);
209 		rc = -ENOMEM;
210 		goto rel_fw;
211 	}
212 
213 	memcpy(*ta, fw->data, fw->size);
214 rel_fw:
215 	release_firmware(fw);
216 unlock:
217 	mutex_unlock(&drv_mutex);
218 	return rc;
219 }
220 
221 static void destroy_session(struct kref *ref)
222 {
223 	struct amdtee_session *sess = container_of(ref, struct amdtee_session,
224 						   refcount);
225 
226 	mutex_lock(&session_list_mutex);
227 	list_del(&sess->list_node);
228 	mutex_unlock(&session_list_mutex);
229 	kfree(sess);
230 }
231 
232 int amdtee_open_session(struct tee_context *ctx,
233 			struct tee_ioctl_open_session_arg *arg,
234 			struct tee_param *param)
235 {
236 	struct amdtee_context_data *ctxdata = ctx->data;
237 	struct amdtee_session *sess = NULL;
238 	u32 session_info, ta_handle;
239 	size_t ta_size;
240 	int rc, i;
241 	void *ta;
242 
243 	if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) {
244 		pr_err("unsupported client login method\n");
245 		return -EINVAL;
246 	}
247 
248 	rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size);
249 	if (rc) {
250 		pr_err("failed to copy TA binary\n");
251 		return rc;
252 	}
253 
254 	/* Load the TA binary into TEE environment */
255 	handle_load_ta(ta, ta_size, arg);
256 	if (arg->ret != TEEC_SUCCESS)
257 		goto out;
258 
259 	ta_handle = get_ta_handle(arg->session);
260 
261 	mutex_lock(&session_list_mutex);
262 	sess = alloc_session(ctxdata, arg->session);
263 	mutex_unlock(&session_list_mutex);
264 
265 	if (!sess) {
266 		handle_unload_ta(ta_handle);
267 		rc = -ENOMEM;
268 		goto out;
269 	}
270 
271 	/* Find an empty session index for the given TA */
272 	spin_lock(&sess->lock);
273 	i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS);
274 	if (i < TEE_NUM_SESSIONS)
275 		set_bit(i, sess->sess_mask);
276 	spin_unlock(&sess->lock);
277 
278 	if (i >= TEE_NUM_SESSIONS) {
279 		pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS);
280 		handle_unload_ta(ta_handle);
281 		kref_put(&sess->refcount, destroy_session);
282 		rc = -ENOMEM;
283 		goto out;
284 	}
285 
286 	/* Open session with loaded TA */
287 	handle_open_session(arg, &session_info, param);
288 	if (arg->ret != TEEC_SUCCESS) {
289 		pr_err("open_session failed %d\n", arg->ret);
290 		spin_lock(&sess->lock);
291 		clear_bit(i, sess->sess_mask);
292 		spin_unlock(&sess->lock);
293 		handle_unload_ta(ta_handle);
294 		kref_put(&sess->refcount, destroy_session);
295 		goto out;
296 	}
297 
298 	sess->session_info[i] = session_info;
299 	set_session_id(ta_handle, i, &arg->session);
300 out:
301 	free_pages((u64)ta, get_order(ta_size));
302 	return rc;
303 }
304 
305 int amdtee_close_session(struct tee_context *ctx, u32 session)
306 {
307 	struct amdtee_context_data *ctxdata = ctx->data;
308 	u32 i, ta_handle, session_info;
309 	struct amdtee_session *sess;
310 
311 	pr_debug("%s: sid = 0x%x\n", __func__, session);
312 
313 	/*
314 	 * Check that the session is valid and clear the session
315 	 * usage bit
316 	 */
317 	mutex_lock(&session_list_mutex);
318 	sess = find_session(ctxdata, session);
319 	if (sess) {
320 		ta_handle = get_ta_handle(session);
321 		i = get_session_index(session);
322 		session_info = sess->session_info[i];
323 		spin_lock(&sess->lock);
324 		clear_bit(i, sess->sess_mask);
325 		spin_unlock(&sess->lock);
326 	}
327 	mutex_unlock(&session_list_mutex);
328 
329 	if (!sess)
330 		return -EINVAL;
331 
332 	/* Close the session */
333 	handle_close_session(ta_handle, session_info);
334 	handle_unload_ta(ta_handle);
335 
336 	kref_put(&sess->refcount, destroy_session);
337 
338 	return 0;
339 }
340 
341 int amdtee_map_shmem(struct tee_shm *shm)
342 {
343 	struct amdtee_context_data *ctxdata;
344 	struct amdtee_shm_data *shmnode;
345 	struct shmem_desc shmem;
346 	int rc, count;
347 	u32 buf_id;
348 
349 	if (!shm)
350 		return -EINVAL;
351 
352 	shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL);
353 	if (!shmnode)
354 		return -ENOMEM;
355 
356 	count = 1;
357 	shmem.kaddr = shm->kaddr;
358 	shmem.size = shm->size;
359 
360 	/*
361 	 * Send a MAP command to TEE and get the corresponding
362 	 * buffer Id
363 	 */
364 	rc = handle_map_shmem(count, &shmem, &buf_id);
365 	if (rc) {
366 		pr_err("map_shmem failed: ret = %d\n", rc);
367 		kfree(shmnode);
368 		return rc;
369 	}
370 
371 	shmnode->kaddr = shm->kaddr;
372 	shmnode->buf_id = buf_id;
373 	ctxdata = shm->ctx->data;
374 	mutex_lock(&ctxdata->shm_mutex);
375 	list_add(&shmnode->shm_node, &ctxdata->shm_list);
376 	mutex_unlock(&ctxdata->shm_mutex);
377 
378 	pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
379 
380 	return 0;
381 }
382 
383 void amdtee_unmap_shmem(struct tee_shm *shm)
384 {
385 	struct amdtee_context_data *ctxdata;
386 	struct amdtee_shm_data *shmnode;
387 	u32 buf_id;
388 
389 	if (!shm)
390 		return;
391 
392 	buf_id = get_buffer_id(shm);
393 	/* Unmap the shared memory from TEE */
394 	handle_unmap_shmem(buf_id);
395 
396 	ctxdata = shm->ctx->data;
397 	mutex_lock(&ctxdata->shm_mutex);
398 	list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node)
399 		if (buf_id == shmnode->buf_id) {
400 			list_del(&shmnode->shm_node);
401 			kfree(shmnode);
402 			break;
403 		}
404 	mutex_unlock(&ctxdata->shm_mutex);
405 }
406 
407 int amdtee_invoke_func(struct tee_context *ctx,
408 		       struct tee_ioctl_invoke_arg *arg,
409 		       struct tee_param *param)
410 {
411 	struct amdtee_context_data *ctxdata = ctx->data;
412 	struct amdtee_session *sess;
413 	u32 i, session_info;
414 
415 	/* Check that the session is valid */
416 	mutex_lock(&session_list_mutex);
417 	sess = find_session(ctxdata, arg->session);
418 	if (sess) {
419 		i = get_session_index(arg->session);
420 		session_info = sess->session_info[i];
421 	}
422 	mutex_unlock(&session_list_mutex);
423 
424 	if (!sess)
425 		return -EINVAL;
426 
427 	handle_invoke_cmd(arg, session_info, param);
428 
429 	return 0;
430 }
431 
432 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session)
433 {
434 	return -EINVAL;
435 }
436 
437 static const struct tee_driver_ops amdtee_ops = {
438 	.get_version = amdtee_get_version,
439 	.open = amdtee_open,
440 	.release = amdtee_release,
441 	.open_session = amdtee_open_session,
442 	.close_session = amdtee_close_session,
443 	.invoke_func = amdtee_invoke_func,
444 	.cancel_req = amdtee_cancel_req,
445 };
446 
447 static const struct tee_desc amdtee_desc = {
448 	.name = DRIVER_NAME "-clnt",
449 	.ops = &amdtee_ops,
450 	.owner = THIS_MODULE,
451 };
452 
453 static int __init amdtee_driver_init(void)
454 {
455 	struct tee_device *teedev;
456 	struct tee_shm_pool *pool;
457 	struct amdtee *amdtee;
458 	int rc;
459 
460 	rc = psp_check_tee_status();
461 	if (rc) {
462 		pr_err("amd-tee driver: tee not present\n");
463 		return rc;
464 	}
465 
466 	drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL);
467 	if (!drv_data)
468 		return -ENOMEM;
469 
470 	amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL);
471 	if (!amdtee) {
472 		rc = -ENOMEM;
473 		goto err_kfree_drv_data;
474 	}
475 
476 	pool = amdtee_config_shm();
477 	if (IS_ERR(pool)) {
478 		pr_err("shared pool configuration error\n");
479 		rc = PTR_ERR(pool);
480 		goto err_kfree_amdtee;
481 	}
482 
483 	teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee);
484 	if (IS_ERR(teedev)) {
485 		rc = PTR_ERR(teedev);
486 		goto err_free_pool;
487 	}
488 	amdtee->teedev = teedev;
489 
490 	rc = tee_device_register(amdtee->teedev);
491 	if (rc)
492 		goto err_device_unregister;
493 
494 	amdtee->pool = pool;
495 
496 	drv_data->amdtee = amdtee;
497 
498 	pr_info("amd-tee driver initialization successful\n");
499 	return 0;
500 
501 err_device_unregister:
502 	tee_device_unregister(amdtee->teedev);
503 
504 err_free_pool:
505 	tee_shm_pool_free(pool);
506 
507 err_kfree_amdtee:
508 	kfree(amdtee);
509 
510 err_kfree_drv_data:
511 	kfree(drv_data);
512 	drv_data = NULL;
513 
514 	pr_err("amd-tee driver initialization failed\n");
515 	return rc;
516 }
517 module_init(amdtee_driver_init);
518 
519 static void __exit amdtee_driver_exit(void)
520 {
521 	struct amdtee *amdtee;
522 
523 	if (!drv_data || !drv_data->amdtee)
524 		return;
525 
526 	amdtee = drv_data->amdtee;
527 
528 	tee_device_unregister(amdtee->teedev);
529 	tee_shm_pool_free(amdtee->pool);
530 }
531 module_exit(amdtee_driver_exit);
532 
533 MODULE_AUTHOR(DRIVER_AUTHOR);
534 MODULE_DESCRIPTION("AMD-TEE driver");
535 MODULE_VERSION("1.0");
536 MODULE_LICENSE("Dual MIT/GPL");
537