1 // SPDX-License-Identifier: MIT 2 /* 3 * Copyright 2019 Advanced Micro Devices, Inc. 4 */ 5 6 #include <linux/errno.h> 7 #include <linux/io.h> 8 #include <linux/module.h> 9 #include <linux/slab.h> 10 #include <linux/string.h> 11 #include <linux/device.h> 12 #include <linux/tee_drv.h> 13 #include <linux/types.h> 14 #include <linux/mm.h> 15 #include <linux/uaccess.h> 16 #include <linux/firmware.h> 17 #include "amdtee_private.h" 18 #include "../tee_private.h" 19 #include <linux/psp-tee.h> 20 21 static struct amdtee_driver_data *drv_data; 22 static DEFINE_MUTEX(session_list_mutex); 23 static struct amdtee_shm_context shmctx; 24 25 static void amdtee_get_version(struct tee_device *teedev, 26 struct tee_ioctl_version_data *vers) 27 { 28 struct tee_ioctl_version_data v = { 29 .impl_id = TEE_IMPL_ID_AMDTEE, 30 .impl_caps = 0, 31 .gen_caps = TEE_GEN_CAP_GP, 32 }; 33 *vers = v; 34 } 35 36 static int amdtee_open(struct tee_context *ctx) 37 { 38 struct amdtee_context_data *ctxdata; 39 40 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 41 if (!ctxdata) 42 return -ENOMEM; 43 44 INIT_LIST_HEAD(&ctxdata->sess_list); 45 INIT_LIST_HEAD(&shmctx.shmdata_list); 46 47 ctx->data = ctxdata; 48 return 0; 49 } 50 51 static void release_session(struct amdtee_session *sess) 52 { 53 int i; 54 55 /* Close any open session */ 56 for (i = 0; i < TEE_NUM_SESSIONS; ++i) { 57 /* Check if session entry 'i' is valid */ 58 if (!test_bit(i, sess->sess_mask)) 59 continue; 60 61 handle_close_session(sess->ta_handle, sess->session_info[i]); 62 } 63 64 /* Unload Trusted Application once all sessions are closed */ 65 handle_unload_ta(sess->ta_handle); 66 kfree(sess); 67 } 68 69 static void amdtee_release(struct tee_context *ctx) 70 { 71 struct amdtee_context_data *ctxdata = ctx->data; 72 73 if (!ctxdata) 74 return; 75 76 while (true) { 77 struct amdtee_session *sess; 78 79 sess = list_first_entry_or_null(&ctxdata->sess_list, 80 struct amdtee_session, 81 list_node); 82 83 if (!sess) 84 break; 85 86 list_del(&sess->list_node); 87 release_session(sess); 88 } 89 kfree(ctxdata); 90 91 ctx->data = NULL; 92 } 93 94 /** 95 * alloc_session() - Allocate a session structure 96 * @ctxdata: TEE Context data structure 97 * @session: Session ID for which 'struct amdtee_session' structure is to be 98 * allocated. 99 * 100 * Scans the TEE context's session list to check if TA is already loaded in to 101 * TEE. If yes, returns the 'session' structure for that TA. Else allocates, 102 * initializes a new 'session' structure and adds it to context's session list. 103 * 104 * The caller must hold a mutex. 105 * 106 * Returns: 107 * 'struct amdtee_session *' on success and NULL on failure. 108 */ 109 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata, 110 u32 session) 111 { 112 struct amdtee_session *sess; 113 u32 ta_handle = get_ta_handle(session); 114 115 /* Scan session list to check if TA is already loaded in to TEE */ 116 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 117 if (sess->ta_handle == ta_handle) { 118 kref_get(&sess->refcount); 119 return sess; 120 } 121 122 /* Allocate a new session and add to list */ 123 sess = kzalloc(sizeof(*sess), GFP_KERNEL); 124 if (sess) { 125 sess->ta_handle = ta_handle; 126 kref_init(&sess->refcount); 127 spin_lock_init(&sess->lock); 128 list_add(&sess->list_node, &ctxdata->sess_list); 129 } 130 131 return sess; 132 } 133 134 /* Requires mutex to be held */ 135 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata, 136 u32 session) 137 { 138 u32 ta_handle = get_ta_handle(session); 139 u32 index = get_session_index(session); 140 struct amdtee_session *sess; 141 142 list_for_each_entry(sess, &ctxdata->sess_list, list_node) 143 if (ta_handle == sess->ta_handle && 144 test_bit(index, sess->sess_mask)) 145 return sess; 146 147 return NULL; 148 } 149 150 u32 get_buffer_id(struct tee_shm *shm) 151 { 152 u32 buf_id = 0; 153 struct amdtee_shm_data *shmdata; 154 155 list_for_each_entry(shmdata, &shmctx.shmdata_list, shm_node) 156 if (shmdata->kaddr == shm->kaddr) { 157 buf_id = shmdata->buf_id; 158 break; 159 } 160 161 return buf_id; 162 } 163 164 static DEFINE_MUTEX(drv_mutex); 165 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, 166 size_t *ta_size) 167 { 168 const struct firmware *fw; 169 char fw_name[TA_PATH_MAX]; 170 struct { 171 u32 lo; 172 u16 mid; 173 u16 hi_ver; 174 u8 seq_n[8]; 175 } *uuid = ptr; 176 int n, rc = 0; 177 178 n = snprintf(fw_name, TA_PATH_MAX, 179 "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin", 180 TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver, 181 uuid->seq_n[0], uuid->seq_n[1], 182 uuid->seq_n[2], uuid->seq_n[3], 183 uuid->seq_n[4], uuid->seq_n[5], 184 uuid->seq_n[6], uuid->seq_n[7]); 185 if (n < 0 || n >= TA_PATH_MAX) { 186 pr_err("failed to get firmware name\n"); 187 return -EINVAL; 188 } 189 190 mutex_lock(&drv_mutex); 191 n = request_firmware(&fw, fw_name, &ctx->teedev->dev); 192 if (n) { 193 pr_err("failed to load firmware %s\n", fw_name); 194 rc = -ENOMEM; 195 goto unlock; 196 } 197 198 *ta_size = roundup(fw->size, PAGE_SIZE); 199 *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size)); 200 if (IS_ERR(*ta)) { 201 pr_err("%s: get_free_pages failed 0x%llx\n", __func__, 202 (u64)*ta); 203 rc = -ENOMEM; 204 goto rel_fw; 205 } 206 207 memcpy(*ta, fw->data, fw->size); 208 rel_fw: 209 release_firmware(fw); 210 unlock: 211 mutex_unlock(&drv_mutex); 212 return rc; 213 } 214 215 int amdtee_open_session(struct tee_context *ctx, 216 struct tee_ioctl_open_session_arg *arg, 217 struct tee_param *param) 218 { 219 struct amdtee_context_data *ctxdata = ctx->data; 220 struct amdtee_session *sess = NULL; 221 u32 session_info; 222 size_t ta_size; 223 int rc, i; 224 void *ta; 225 226 if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) { 227 pr_err("unsupported client login method\n"); 228 return -EINVAL; 229 } 230 231 rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size); 232 if (rc) { 233 pr_err("failed to copy TA binary\n"); 234 return rc; 235 } 236 237 /* Load the TA binary into TEE environment */ 238 handle_load_ta(ta, ta_size, arg); 239 if (arg->ret == TEEC_SUCCESS) { 240 mutex_lock(&session_list_mutex); 241 sess = alloc_session(ctxdata, arg->session); 242 mutex_unlock(&session_list_mutex); 243 } 244 245 if (arg->ret != TEEC_SUCCESS) 246 goto out; 247 248 if (!sess) { 249 rc = -ENOMEM; 250 goto out; 251 } 252 253 /* Find an empty session index for the given TA */ 254 spin_lock(&sess->lock); 255 i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); 256 if (i < TEE_NUM_SESSIONS) 257 set_bit(i, sess->sess_mask); 258 spin_unlock(&sess->lock); 259 260 if (i >= TEE_NUM_SESSIONS) { 261 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); 262 rc = -ENOMEM; 263 goto out; 264 } 265 266 /* Open session with loaded TA */ 267 handle_open_session(arg, &session_info, param); 268 269 if (arg->ret == TEEC_SUCCESS) { 270 sess->session_info[i] = session_info; 271 set_session_id(sess->ta_handle, i, &arg->session); 272 } else { 273 pr_err("open_session failed %d\n", arg->ret); 274 spin_lock(&sess->lock); 275 clear_bit(i, sess->sess_mask); 276 spin_unlock(&sess->lock); 277 } 278 out: 279 free_pages((u64)ta, get_order(ta_size)); 280 return rc; 281 } 282 283 static void destroy_session(struct kref *ref) 284 { 285 struct amdtee_session *sess = container_of(ref, struct amdtee_session, 286 refcount); 287 288 /* Unload the TA from TEE */ 289 handle_unload_ta(sess->ta_handle); 290 mutex_lock(&session_list_mutex); 291 list_del(&sess->list_node); 292 mutex_unlock(&session_list_mutex); 293 kfree(sess); 294 } 295 296 int amdtee_close_session(struct tee_context *ctx, u32 session) 297 { 298 struct amdtee_context_data *ctxdata = ctx->data; 299 u32 i, ta_handle, session_info; 300 struct amdtee_session *sess; 301 302 pr_debug("%s: sid = 0x%x\n", __func__, session); 303 304 /* 305 * Check that the session is valid and clear the session 306 * usage bit 307 */ 308 mutex_lock(&session_list_mutex); 309 sess = find_session(ctxdata, session); 310 if (sess) { 311 ta_handle = get_ta_handle(session); 312 i = get_session_index(session); 313 session_info = sess->session_info[i]; 314 spin_lock(&sess->lock); 315 clear_bit(i, sess->sess_mask); 316 spin_unlock(&sess->lock); 317 } 318 mutex_unlock(&session_list_mutex); 319 320 if (!sess) 321 return -EINVAL; 322 323 /* Close the session */ 324 handle_close_session(ta_handle, session_info); 325 326 kref_put(&sess->refcount, destroy_session); 327 328 return 0; 329 } 330 331 int amdtee_map_shmem(struct tee_shm *shm) 332 { 333 struct shmem_desc shmem; 334 struct amdtee_shm_data *shmnode; 335 int rc, count; 336 u32 buf_id; 337 338 if (!shm) 339 return -EINVAL; 340 341 shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL); 342 if (!shmnode) 343 return -ENOMEM; 344 345 count = 1; 346 shmem.kaddr = shm->kaddr; 347 shmem.size = shm->size; 348 349 /* 350 * Send a MAP command to TEE and get the corresponding 351 * buffer Id 352 */ 353 rc = handle_map_shmem(count, &shmem, &buf_id); 354 if (rc) { 355 pr_err("map_shmem failed: ret = %d\n", rc); 356 kfree(shmnode); 357 return rc; 358 } 359 360 shmnode->kaddr = shm->kaddr; 361 shmnode->buf_id = buf_id; 362 list_add(&shmnode->shm_node, &shmctx.shmdata_list); 363 364 pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr); 365 366 return 0; 367 } 368 369 void amdtee_unmap_shmem(struct tee_shm *shm) 370 { 371 struct amdtee_shm_data *shmnode; 372 u32 buf_id; 373 374 if (!shm) 375 return; 376 377 buf_id = get_buffer_id(shm); 378 /* Unmap the shared memory from TEE */ 379 handle_unmap_shmem(buf_id); 380 381 list_for_each_entry(shmnode, &shmctx.shmdata_list, shm_node) 382 if (buf_id == shmnode->buf_id) { 383 list_del(&shmnode->shm_node); 384 kfree(shmnode); 385 break; 386 } 387 } 388 389 int amdtee_invoke_func(struct tee_context *ctx, 390 struct tee_ioctl_invoke_arg *arg, 391 struct tee_param *param) 392 { 393 struct amdtee_context_data *ctxdata = ctx->data; 394 struct amdtee_session *sess; 395 u32 i, session_info; 396 397 /* Check that the session is valid */ 398 mutex_lock(&session_list_mutex); 399 sess = find_session(ctxdata, arg->session); 400 if (sess) { 401 i = get_session_index(arg->session); 402 session_info = sess->session_info[i]; 403 } 404 mutex_unlock(&session_list_mutex); 405 406 if (!sess) 407 return -EINVAL; 408 409 handle_invoke_cmd(arg, session_info, param); 410 411 return 0; 412 } 413 414 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session) 415 { 416 return -EINVAL; 417 } 418 419 static const struct tee_driver_ops amdtee_ops = { 420 .get_version = amdtee_get_version, 421 .open = amdtee_open, 422 .release = amdtee_release, 423 .open_session = amdtee_open_session, 424 .close_session = amdtee_close_session, 425 .invoke_func = amdtee_invoke_func, 426 .cancel_req = amdtee_cancel_req, 427 }; 428 429 static const struct tee_desc amdtee_desc = { 430 .name = DRIVER_NAME "-clnt", 431 .ops = &amdtee_ops, 432 .owner = THIS_MODULE, 433 }; 434 435 static int __init amdtee_driver_init(void) 436 { 437 struct tee_device *teedev; 438 struct tee_shm_pool *pool; 439 struct amdtee *amdtee; 440 int rc; 441 442 rc = psp_check_tee_status(); 443 if (rc) { 444 pr_err("amd-tee driver: tee not present\n"); 445 return rc; 446 } 447 448 drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL); 449 if (!drv_data) 450 return -ENOMEM; 451 452 amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL); 453 if (!amdtee) { 454 rc = -ENOMEM; 455 goto err_kfree_drv_data; 456 } 457 458 pool = amdtee_config_shm(); 459 if (IS_ERR(pool)) { 460 pr_err("shared pool configuration error\n"); 461 rc = PTR_ERR(pool); 462 goto err_kfree_amdtee; 463 } 464 465 teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee); 466 if (IS_ERR(teedev)) { 467 rc = PTR_ERR(teedev); 468 goto err_free_pool; 469 } 470 amdtee->teedev = teedev; 471 472 rc = tee_device_register(amdtee->teedev); 473 if (rc) 474 goto err_device_unregister; 475 476 amdtee->pool = pool; 477 478 drv_data->amdtee = amdtee; 479 480 pr_info("amd-tee driver initialization successful\n"); 481 return 0; 482 483 err_device_unregister: 484 tee_device_unregister(amdtee->teedev); 485 486 err_free_pool: 487 tee_shm_pool_free(pool); 488 489 err_kfree_amdtee: 490 kfree(amdtee); 491 492 err_kfree_drv_data: 493 kfree(drv_data); 494 drv_data = NULL; 495 496 pr_err("amd-tee driver initialization failed\n"); 497 return rc; 498 } 499 module_init(amdtee_driver_init); 500 501 static void __exit amdtee_driver_exit(void) 502 { 503 struct amdtee *amdtee; 504 505 if (!drv_data || !drv_data->amdtee) 506 return; 507 508 amdtee = drv_data->amdtee; 509 510 tee_device_unregister(amdtee->teedev); 511 tee_shm_pool_free(amdtee->pool); 512 } 513 module_exit(amdtee_driver_exit); 514 515 MODULE_AUTHOR(DRIVER_AUTHOR); 516 MODULE_DESCRIPTION("AMD-TEE driver"); 517 MODULE_VERSION("1.0"); 518 MODULE_LICENSE("Dual MIT/GPL"); 519