1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2015, Linaro Limited 4 */ 5 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 8 #include <linux/arm-smccc.h> 9 #include <linux/crash_dump.h> 10 #include <linux/errno.h> 11 #include <linux/io.h> 12 #include <linux/module.h> 13 #include <linux/of.h> 14 #include <linux/of_platform.h> 15 #include <linux/platform_device.h> 16 #include <linux/slab.h> 17 #include <linux/string.h> 18 #include <linux/tee_drv.h> 19 #include <linux/types.h> 20 #include <linux/uaccess.h> 21 #include <linux/workqueue.h> 22 #include "optee_private.h" 23 #include "optee_smc.h" 24 #include "shm_pool.h" 25 26 #define DRIVER_NAME "optee" 27 28 #define OPTEE_SHM_NUM_PRIV_PAGES CONFIG_OPTEE_SHM_NUM_PRIV_PAGES 29 30 /** 31 * optee_from_msg_param() - convert from OPTEE_MSG parameters to 32 * struct tee_param 33 * @params: subsystem internal parameter representation 34 * @num_params: number of elements in the parameter arrays 35 * @msg_params: OPTEE_MSG parameters 36 * Returns 0 on success or <0 on failure 37 */ 38 int optee_from_msg_param(struct tee_param *params, size_t num_params, 39 const struct optee_msg_param *msg_params) 40 { 41 int rc; 42 size_t n; 43 struct tee_shm *shm; 44 phys_addr_t pa; 45 46 for (n = 0; n < num_params; n++) { 47 struct tee_param *p = params + n; 48 const struct optee_msg_param *mp = msg_params + n; 49 u32 attr = mp->attr & OPTEE_MSG_ATTR_TYPE_MASK; 50 51 switch (attr) { 52 case OPTEE_MSG_ATTR_TYPE_NONE: 53 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE; 54 memset(&p->u, 0, sizeof(p->u)); 55 break; 56 case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: 57 case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: 58 case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: 59 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT + 60 attr - OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; 61 p->u.value.a = mp->u.value.a; 62 p->u.value.b = mp->u.value.b; 63 p->u.value.c = mp->u.value.c; 64 break; 65 case OPTEE_MSG_ATTR_TYPE_TMEM_INPUT: 66 case OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT: 67 case OPTEE_MSG_ATTR_TYPE_TMEM_INOUT: 68 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + 69 attr - OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; 70 p->u.memref.size = mp->u.tmem.size; 71 shm = (struct tee_shm *)(unsigned long) 72 mp->u.tmem.shm_ref; 73 if (!shm) { 74 p->u.memref.shm_offs = 0; 75 p->u.memref.shm = NULL; 76 break; 77 } 78 rc = tee_shm_get_pa(shm, 0, &pa); 79 if (rc) 80 return rc; 81 p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; 82 p->u.memref.shm = shm; 83 break; 84 case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: 85 case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: 86 case OPTEE_MSG_ATTR_TYPE_RMEM_INOUT: 87 p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + 88 attr - OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; 89 p->u.memref.size = mp->u.rmem.size; 90 shm = (struct tee_shm *)(unsigned long) 91 mp->u.rmem.shm_ref; 92 93 if (!shm) { 94 p->u.memref.shm_offs = 0; 95 p->u.memref.shm = NULL; 96 break; 97 } 98 p->u.memref.shm_offs = mp->u.rmem.offs; 99 p->u.memref.shm = shm; 100 101 break; 102 103 default: 104 return -EINVAL; 105 } 106 } 107 return 0; 108 } 109 110 static int to_msg_param_tmp_mem(struct optee_msg_param *mp, 111 const struct tee_param *p) 112 { 113 int rc; 114 phys_addr_t pa; 115 116 mp->attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT + p->attr - 117 TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; 118 119 mp->u.tmem.shm_ref = (unsigned long)p->u.memref.shm; 120 mp->u.tmem.size = p->u.memref.size; 121 122 if (!p->u.memref.shm) { 123 mp->u.tmem.buf_ptr = 0; 124 return 0; 125 } 126 127 rc = tee_shm_get_pa(p->u.memref.shm, p->u.memref.shm_offs, &pa); 128 if (rc) 129 return rc; 130 131 mp->u.tmem.buf_ptr = pa; 132 mp->attr |= OPTEE_MSG_ATTR_CACHE_PREDEFINED << 133 OPTEE_MSG_ATTR_CACHE_SHIFT; 134 135 return 0; 136 } 137 138 static int to_msg_param_reg_mem(struct optee_msg_param *mp, 139 const struct tee_param *p) 140 { 141 mp->attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT + p->attr - 142 TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; 143 144 mp->u.rmem.shm_ref = (unsigned long)p->u.memref.shm; 145 mp->u.rmem.size = p->u.memref.size; 146 mp->u.rmem.offs = p->u.memref.shm_offs; 147 return 0; 148 } 149 150 /** 151 * optee_to_msg_param() - convert from struct tee_params to OPTEE_MSG parameters 152 * @msg_params: OPTEE_MSG parameters 153 * @num_params: number of elements in the parameter arrays 154 * @params: subsystem itnernal parameter representation 155 * Returns 0 on success or <0 on failure 156 */ 157 int optee_to_msg_param(struct optee_msg_param *msg_params, size_t num_params, 158 const struct tee_param *params) 159 { 160 int rc; 161 size_t n; 162 163 for (n = 0; n < num_params; n++) { 164 const struct tee_param *p = params + n; 165 struct optee_msg_param *mp = msg_params + n; 166 167 switch (p->attr) { 168 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 169 mp->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE; 170 memset(&mp->u, 0, sizeof(mp->u)); 171 break; 172 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 173 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 174 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 175 mp->attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + p->attr - 176 TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; 177 mp->u.value.a = p->u.value.a; 178 mp->u.value.b = p->u.value.b; 179 mp->u.value.c = p->u.value.c; 180 break; 181 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 182 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 183 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 184 if (tee_shm_is_registered(p->u.memref.shm)) 185 rc = to_msg_param_reg_mem(mp, p); 186 else 187 rc = to_msg_param_tmp_mem(mp, p); 188 if (rc) 189 return rc; 190 break; 191 default: 192 return -EINVAL; 193 } 194 } 195 return 0; 196 } 197 198 static void optee_get_version(struct tee_device *teedev, 199 struct tee_ioctl_version_data *vers) 200 { 201 struct tee_ioctl_version_data v = { 202 .impl_id = TEE_IMPL_ID_OPTEE, 203 .impl_caps = TEE_OPTEE_CAP_TZ, 204 .gen_caps = TEE_GEN_CAP_GP, 205 }; 206 struct optee *optee = tee_get_drvdata(teedev); 207 208 if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) 209 v.gen_caps |= TEE_GEN_CAP_REG_MEM; 210 if (optee->sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL) 211 v.gen_caps |= TEE_GEN_CAP_MEMREF_NULL; 212 *vers = v; 213 } 214 215 static void optee_bus_scan(struct work_struct *work) 216 { 217 WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP)); 218 } 219 220 static int optee_open(struct tee_context *ctx) 221 { 222 struct optee_context_data *ctxdata; 223 struct tee_device *teedev = ctx->teedev; 224 struct optee *optee = tee_get_drvdata(teedev); 225 226 ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); 227 if (!ctxdata) 228 return -ENOMEM; 229 230 if (teedev == optee->supp_teedev) { 231 bool busy = true; 232 233 mutex_lock(&optee->supp.mutex); 234 if (!optee->supp.ctx) { 235 busy = false; 236 optee->supp.ctx = ctx; 237 } 238 mutex_unlock(&optee->supp.mutex); 239 if (busy) { 240 kfree(ctxdata); 241 return -EBUSY; 242 } 243 244 if (!optee->scan_bus_done) { 245 INIT_WORK(&optee->scan_bus_work, optee_bus_scan); 246 optee->scan_bus_wq = create_workqueue("optee_bus_scan"); 247 if (!optee->scan_bus_wq) { 248 kfree(ctxdata); 249 return -ECHILD; 250 } 251 queue_work(optee->scan_bus_wq, &optee->scan_bus_work); 252 optee->scan_bus_done = true; 253 } 254 } 255 mutex_init(&ctxdata->mutex); 256 INIT_LIST_HEAD(&ctxdata->sess_list); 257 258 if (optee->sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL) 259 ctx->cap_memref_null = true; 260 else 261 ctx->cap_memref_null = false; 262 263 ctx->data = ctxdata; 264 return 0; 265 } 266 267 static void optee_release(struct tee_context *ctx) 268 { 269 struct optee_context_data *ctxdata = ctx->data; 270 struct tee_device *teedev = ctx->teedev; 271 struct optee *optee = tee_get_drvdata(teedev); 272 struct tee_shm *shm; 273 struct optee_msg_arg *arg = NULL; 274 phys_addr_t parg; 275 struct optee_session *sess; 276 struct optee_session *sess_tmp; 277 278 if (!ctxdata) 279 return; 280 281 shm = tee_shm_alloc(ctx, sizeof(struct optee_msg_arg), 282 TEE_SHM_MAPPED | TEE_SHM_PRIV); 283 if (!IS_ERR(shm)) { 284 arg = tee_shm_get_va(shm, 0); 285 /* 286 * If va2pa fails for some reason, we can't call into 287 * secure world, only free the memory. Secure OS will leak 288 * sessions and finally refuse more sessions, but we will 289 * at least let normal world reclaim its memory. 290 */ 291 if (!IS_ERR(arg)) 292 if (tee_shm_va2pa(shm, arg, &parg)) 293 arg = NULL; /* prevent usage of parg below */ 294 } 295 296 list_for_each_entry_safe(sess, sess_tmp, &ctxdata->sess_list, 297 list_node) { 298 list_del(&sess->list_node); 299 if (!IS_ERR_OR_NULL(arg)) { 300 memset(arg, 0, sizeof(*arg)); 301 arg->cmd = OPTEE_MSG_CMD_CLOSE_SESSION; 302 arg->session = sess->session_id; 303 optee_do_call_with_arg(ctx, parg); 304 } 305 kfree(sess); 306 } 307 kfree(ctxdata); 308 309 if (!IS_ERR(shm)) 310 tee_shm_free(shm); 311 312 ctx->data = NULL; 313 314 if (teedev == optee->supp_teedev) { 315 if (optee->scan_bus_wq) { 316 destroy_workqueue(optee->scan_bus_wq); 317 optee->scan_bus_wq = NULL; 318 } 319 optee_supp_release(&optee->supp); 320 } 321 } 322 323 static const struct tee_driver_ops optee_ops = { 324 .get_version = optee_get_version, 325 .open = optee_open, 326 .release = optee_release, 327 .open_session = optee_open_session, 328 .close_session = optee_close_session, 329 .invoke_func = optee_invoke_func, 330 .cancel_req = optee_cancel_req, 331 .shm_register = optee_shm_register, 332 .shm_unregister = optee_shm_unregister, 333 }; 334 335 static const struct tee_desc optee_desc = { 336 .name = DRIVER_NAME "-clnt", 337 .ops = &optee_ops, 338 .owner = THIS_MODULE, 339 }; 340 341 static const struct tee_driver_ops optee_supp_ops = { 342 .get_version = optee_get_version, 343 .open = optee_open, 344 .release = optee_release, 345 .supp_recv = optee_supp_recv, 346 .supp_send = optee_supp_send, 347 .shm_register = optee_shm_register_supp, 348 .shm_unregister = optee_shm_unregister_supp, 349 }; 350 351 static const struct tee_desc optee_supp_desc = { 352 .name = DRIVER_NAME "-supp", 353 .ops = &optee_supp_ops, 354 .owner = THIS_MODULE, 355 .flags = TEE_DESC_PRIVILEGED, 356 }; 357 358 static bool optee_msg_api_uid_is_optee_api(optee_invoke_fn *invoke_fn) 359 { 360 struct arm_smccc_res res; 361 362 invoke_fn(OPTEE_SMC_CALLS_UID, 0, 0, 0, 0, 0, 0, 0, &res); 363 364 if (res.a0 == OPTEE_MSG_UID_0 && res.a1 == OPTEE_MSG_UID_1 && 365 res.a2 == OPTEE_MSG_UID_2 && res.a3 == OPTEE_MSG_UID_3) 366 return true; 367 return false; 368 } 369 370 static void optee_msg_get_os_revision(optee_invoke_fn *invoke_fn) 371 { 372 union { 373 struct arm_smccc_res smccc; 374 struct optee_smc_call_get_os_revision_result result; 375 } res = { 376 .result = { 377 .build_id = 0 378 } 379 }; 380 381 invoke_fn(OPTEE_SMC_CALL_GET_OS_REVISION, 0, 0, 0, 0, 0, 0, 0, 382 &res.smccc); 383 384 if (res.result.build_id) 385 pr_info("revision %lu.%lu (%08lx)", res.result.major, 386 res.result.minor, res.result.build_id); 387 else 388 pr_info("revision %lu.%lu", res.result.major, res.result.minor); 389 } 390 391 static bool optee_msg_api_revision_is_compatible(optee_invoke_fn *invoke_fn) 392 { 393 union { 394 struct arm_smccc_res smccc; 395 struct optee_smc_calls_revision_result result; 396 } res; 397 398 invoke_fn(OPTEE_SMC_CALLS_REVISION, 0, 0, 0, 0, 0, 0, 0, &res.smccc); 399 400 if (res.result.major == OPTEE_MSG_REVISION_MAJOR && 401 (int)res.result.minor >= OPTEE_MSG_REVISION_MINOR) 402 return true; 403 return false; 404 } 405 406 static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn, 407 u32 *sec_caps) 408 { 409 union { 410 struct arm_smccc_res smccc; 411 struct optee_smc_exchange_capabilities_result result; 412 } res; 413 u32 a1 = 0; 414 415 /* 416 * TODO This isn't enough to tell if it's UP system (from kernel 417 * point of view) or not, is_smp() returns the the information 418 * needed, but can't be called directly from here. 419 */ 420 if (!IS_ENABLED(CONFIG_SMP) || nr_cpu_ids == 1) 421 a1 |= OPTEE_SMC_NSEC_CAP_UNIPROCESSOR; 422 423 invoke_fn(OPTEE_SMC_EXCHANGE_CAPABILITIES, a1, 0, 0, 0, 0, 0, 0, 424 &res.smccc); 425 426 if (res.result.status != OPTEE_SMC_RETURN_OK) 427 return false; 428 429 *sec_caps = res.result.capabilities; 430 return true; 431 } 432 433 static struct tee_shm_pool *optee_config_dyn_shm(void) 434 { 435 struct tee_shm_pool_mgr *priv_mgr; 436 struct tee_shm_pool_mgr *dmabuf_mgr; 437 void *rc; 438 439 rc = optee_shm_pool_alloc_pages(); 440 if (IS_ERR(rc)) 441 return rc; 442 priv_mgr = rc; 443 444 rc = optee_shm_pool_alloc_pages(); 445 if (IS_ERR(rc)) { 446 tee_shm_pool_mgr_destroy(priv_mgr); 447 return rc; 448 } 449 dmabuf_mgr = rc; 450 451 rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr); 452 if (IS_ERR(rc)) { 453 tee_shm_pool_mgr_destroy(priv_mgr); 454 tee_shm_pool_mgr_destroy(dmabuf_mgr); 455 } 456 457 return rc; 458 } 459 460 static struct tee_shm_pool * 461 optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm) 462 { 463 union { 464 struct arm_smccc_res smccc; 465 struct optee_smc_get_shm_config_result result; 466 } res; 467 unsigned long vaddr; 468 phys_addr_t paddr; 469 size_t size; 470 phys_addr_t begin; 471 phys_addr_t end; 472 void *va; 473 struct tee_shm_pool_mgr *priv_mgr; 474 struct tee_shm_pool_mgr *dmabuf_mgr; 475 void *rc; 476 const int sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE; 477 478 invoke_fn(OPTEE_SMC_GET_SHM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc); 479 if (res.result.status != OPTEE_SMC_RETURN_OK) { 480 pr_err("static shm service not available\n"); 481 return ERR_PTR(-ENOENT); 482 } 483 484 if (res.result.settings != OPTEE_SMC_SHM_CACHED) { 485 pr_err("only normal cached shared memory supported\n"); 486 return ERR_PTR(-EINVAL); 487 } 488 489 begin = roundup(res.result.start, PAGE_SIZE); 490 end = rounddown(res.result.start + res.result.size, PAGE_SIZE); 491 paddr = begin; 492 size = end - begin; 493 494 if (size < 2 * OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE) { 495 pr_err("too small shared memory area\n"); 496 return ERR_PTR(-EINVAL); 497 } 498 499 va = memremap(paddr, size, MEMREMAP_WB); 500 if (!va) { 501 pr_err("shared memory ioremap failed\n"); 502 return ERR_PTR(-EINVAL); 503 } 504 vaddr = (unsigned long)va; 505 506 rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz, 507 3 /* 8 bytes aligned */); 508 if (IS_ERR(rc)) 509 goto err_memunmap; 510 priv_mgr = rc; 511 512 vaddr += sz; 513 paddr += sz; 514 size -= sz; 515 516 rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, size, PAGE_SHIFT); 517 if (IS_ERR(rc)) 518 goto err_free_priv_mgr; 519 dmabuf_mgr = rc; 520 521 rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr); 522 if (IS_ERR(rc)) 523 goto err_free_dmabuf_mgr; 524 525 *memremaped_shm = va; 526 527 return rc; 528 529 err_free_dmabuf_mgr: 530 tee_shm_pool_mgr_destroy(dmabuf_mgr); 531 err_free_priv_mgr: 532 tee_shm_pool_mgr_destroy(priv_mgr); 533 err_memunmap: 534 memunmap(va); 535 return rc; 536 } 537 538 /* Simple wrapper functions to be able to use a function pointer */ 539 static void optee_smccc_smc(unsigned long a0, unsigned long a1, 540 unsigned long a2, unsigned long a3, 541 unsigned long a4, unsigned long a5, 542 unsigned long a6, unsigned long a7, 543 struct arm_smccc_res *res) 544 { 545 arm_smccc_smc(a0, a1, a2, a3, a4, a5, a6, a7, res); 546 } 547 548 static void optee_smccc_hvc(unsigned long a0, unsigned long a1, 549 unsigned long a2, unsigned long a3, 550 unsigned long a4, unsigned long a5, 551 unsigned long a6, unsigned long a7, 552 struct arm_smccc_res *res) 553 { 554 arm_smccc_hvc(a0, a1, a2, a3, a4, a5, a6, a7, res); 555 } 556 557 static optee_invoke_fn *get_invoke_func(struct device *dev) 558 { 559 const char *method; 560 561 pr_info("probing for conduit method.\n"); 562 563 if (device_property_read_string(dev, "method", &method)) { 564 pr_warn("missing \"method\" property\n"); 565 return ERR_PTR(-ENXIO); 566 } 567 568 if (!strcmp("hvc", method)) 569 return optee_smccc_hvc; 570 else if (!strcmp("smc", method)) 571 return optee_smccc_smc; 572 573 pr_warn("invalid \"method\" property: %s\n", method); 574 return ERR_PTR(-EINVAL); 575 } 576 577 /* optee_remove - Device Removal Routine 578 * @pdev: platform device information struct 579 * 580 * optee_remove is called by platform subsystem to alert the driver 581 * that it should release the device 582 */ 583 584 static int optee_remove(struct platform_device *pdev) 585 { 586 struct optee *optee = platform_get_drvdata(pdev); 587 588 /* 589 * Ask OP-TEE to free all cached shared memory objects to decrease 590 * reference counters and also avoid wild pointers in secure world 591 * into the old shared memory range. 592 */ 593 optee_disable_shm_cache(optee); 594 595 /* 596 * The two devices have to be unregistered before we can free the 597 * other resources. 598 */ 599 tee_device_unregister(optee->supp_teedev); 600 tee_device_unregister(optee->teedev); 601 602 tee_shm_pool_free(optee->pool); 603 if (optee->memremaped_shm) 604 memunmap(optee->memremaped_shm); 605 optee_wait_queue_exit(&optee->wait_queue); 606 optee_supp_uninit(&optee->supp); 607 mutex_destroy(&optee->call_queue.mutex); 608 609 kfree(optee); 610 611 return 0; 612 } 613 614 /* optee_shutdown - Device Removal Routine 615 * @pdev: platform device information struct 616 * 617 * platform_shutdown is called by the platform subsystem to alert 618 * the driver that a shutdown, reboot, or kexec is happening and 619 * device must be disabled. 620 */ 621 static void optee_shutdown(struct platform_device *pdev) 622 { 623 optee_disable_shm_cache(platform_get_drvdata(pdev)); 624 } 625 626 static int optee_probe(struct platform_device *pdev) 627 { 628 optee_invoke_fn *invoke_fn; 629 struct tee_shm_pool *pool = ERR_PTR(-EINVAL); 630 struct optee *optee = NULL; 631 void *memremaped_shm = NULL; 632 struct tee_device *teedev; 633 u32 sec_caps; 634 int rc; 635 636 /* 637 * The kernel may have crashed at the same time that all available 638 * secure world threads were suspended and we cannot reschedule the 639 * suspended threads without access to the crashed kernel's wait_queue. 640 * Therefore, we cannot reliably initialize the OP-TEE driver in the 641 * kdump kernel. 642 */ 643 if (is_kdump_kernel()) 644 return -ENODEV; 645 646 invoke_fn = get_invoke_func(&pdev->dev); 647 if (IS_ERR(invoke_fn)) 648 return PTR_ERR(invoke_fn); 649 650 if (!optee_msg_api_uid_is_optee_api(invoke_fn)) { 651 pr_warn("api uid mismatch\n"); 652 return -EINVAL; 653 } 654 655 optee_msg_get_os_revision(invoke_fn); 656 657 if (!optee_msg_api_revision_is_compatible(invoke_fn)) { 658 pr_warn("api revision mismatch\n"); 659 return -EINVAL; 660 } 661 662 if (!optee_msg_exchange_capabilities(invoke_fn, &sec_caps)) { 663 pr_warn("capabilities mismatch\n"); 664 return -EINVAL; 665 } 666 667 /* 668 * Try to use dynamic shared memory if possible 669 */ 670 if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) 671 pool = optee_config_dyn_shm(); 672 673 /* 674 * If dynamic shared memory is not available or failed - try static one 675 */ 676 if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) 677 pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm); 678 679 if (IS_ERR(pool)) 680 return PTR_ERR(pool); 681 682 optee = kzalloc(sizeof(*optee), GFP_KERNEL); 683 if (!optee) { 684 rc = -ENOMEM; 685 goto err; 686 } 687 688 optee->invoke_fn = invoke_fn; 689 optee->sec_caps = sec_caps; 690 691 teedev = tee_device_alloc(&optee_desc, NULL, pool, optee); 692 if (IS_ERR(teedev)) { 693 rc = PTR_ERR(teedev); 694 goto err; 695 } 696 optee->teedev = teedev; 697 698 teedev = tee_device_alloc(&optee_supp_desc, NULL, pool, optee); 699 if (IS_ERR(teedev)) { 700 rc = PTR_ERR(teedev); 701 goto err; 702 } 703 optee->supp_teedev = teedev; 704 705 rc = tee_device_register(optee->teedev); 706 if (rc) 707 goto err; 708 709 rc = tee_device_register(optee->supp_teedev); 710 if (rc) 711 goto err; 712 713 mutex_init(&optee->call_queue.mutex); 714 INIT_LIST_HEAD(&optee->call_queue.waiters); 715 optee_wait_queue_init(&optee->wait_queue); 716 optee_supp_init(&optee->supp); 717 optee->memremaped_shm = memremaped_shm; 718 optee->pool = pool; 719 720 /* 721 * Ensure that there are no pre-existing shm objects before enabling 722 * the shm cache so that there's no chance of receiving an invalid 723 * address during shutdown. This could occur, for example, if we're 724 * kexec booting from an older kernel that did not properly cleanup the 725 * shm cache. 726 */ 727 optee_disable_unmapped_shm_cache(optee); 728 729 optee_enable_shm_cache(optee); 730 731 if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) 732 pr_info("dynamic shared memory is enabled\n"); 733 734 platform_set_drvdata(pdev, optee); 735 736 rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES); 737 if (rc) { 738 optee_remove(pdev); 739 return rc; 740 } 741 742 pr_info("initialized driver\n"); 743 return 0; 744 err: 745 if (optee) { 746 /* 747 * tee_device_unregister() is safe to call even if the 748 * devices hasn't been registered with 749 * tee_device_register() yet. 750 */ 751 tee_device_unregister(optee->supp_teedev); 752 tee_device_unregister(optee->teedev); 753 kfree(optee); 754 } 755 if (pool) 756 tee_shm_pool_free(pool); 757 if (memremaped_shm) 758 memunmap(memremaped_shm); 759 return rc; 760 } 761 762 static const struct of_device_id optee_dt_match[] = { 763 { .compatible = "linaro,optee-tz" }, 764 {}, 765 }; 766 MODULE_DEVICE_TABLE(of, optee_dt_match); 767 768 static struct platform_driver optee_driver = { 769 .probe = optee_probe, 770 .remove = optee_remove, 771 .shutdown = optee_shutdown, 772 .driver = { 773 .name = "optee", 774 .of_match_table = optee_dt_match, 775 }, 776 }; 777 module_platform_driver(optee_driver); 778 779 MODULE_AUTHOR("Linaro"); 780 MODULE_DESCRIPTION("OP-TEE driver"); 781 MODULE_VERSION("1.0"); 782 MODULE_LICENSE("GPL v2"); 783 MODULE_ALIAS("platform:optee"); 784