1 /* 2 * Copyright (c) 2015-2016, Linaro Limited 3 * 4 * This software is licensed under the terms of the GNU General Public 5 * License version 2, as published by the Free Software Foundation, and 6 * may be copied, distributed, and modified under those terms. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * GNU General Public License for more details. 12 * 13 */ 14 15 #define pr_fmt(fmt) "%s: " fmt, __func__ 16 17 #include <linux/cdev.h> 18 #include <linux/device.h> 19 #include <linux/fs.h> 20 #include <linux/idr.h> 21 #include <linux/module.h> 22 #include <linux/slab.h> 23 #include <linux/tee_drv.h> 24 #include <linux/uaccess.h> 25 #include "tee_private.h" 26 27 #define TEE_NUM_DEVICES 32 28 29 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) 30 31 /* 32 * Unprivileged devices in the lower half range and privileged devices in 33 * the upper half range. 34 */ 35 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES); 36 static DEFINE_SPINLOCK(driver_lock); 37 38 static struct class *tee_class; 39 static dev_t tee_devt; 40 41 static struct tee_context *teedev_open(struct tee_device *teedev) 42 { 43 int rc; 44 struct tee_context *ctx; 45 46 if (!tee_device_get(teedev)) 47 return ERR_PTR(-EINVAL); 48 49 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 50 if (!ctx) { 51 rc = -ENOMEM; 52 goto err; 53 } 54 55 kref_init(&ctx->refcount); 56 ctx->teedev = teedev; 57 INIT_LIST_HEAD(&ctx->list_shm); 58 rc = teedev->desc->ops->open(ctx); 59 if (rc) 60 goto err; 61 62 return ctx; 63 err: 64 kfree(ctx); 65 tee_device_put(teedev); 66 return ERR_PTR(rc); 67 68 } 69 70 void teedev_ctx_get(struct tee_context *ctx) 71 { 72 if (ctx->releasing) 73 return; 74 75 kref_get(&ctx->refcount); 76 } 77 78 static void teedev_ctx_release(struct kref *ref) 79 { 80 struct tee_context *ctx = container_of(ref, struct tee_context, 81 refcount); 82 ctx->releasing = true; 83 ctx->teedev->desc->ops->release(ctx); 84 kfree(ctx); 85 } 86 87 void teedev_ctx_put(struct tee_context *ctx) 88 { 89 if (ctx->releasing) 90 return; 91 92 kref_put(&ctx->refcount, teedev_ctx_release); 93 } 94 95 static void teedev_close_context(struct tee_context *ctx) 96 { 97 tee_device_put(ctx->teedev); 98 teedev_ctx_put(ctx); 99 } 100 101 static int tee_open(struct inode *inode, struct file *filp) 102 { 103 struct tee_context *ctx; 104 105 ctx = teedev_open(container_of(inode->i_cdev, struct tee_device, cdev)); 106 if (IS_ERR(ctx)) 107 return PTR_ERR(ctx); 108 109 filp->private_data = ctx; 110 return 0; 111 } 112 113 static int tee_release(struct inode *inode, struct file *filp) 114 { 115 teedev_close_context(filp->private_data); 116 return 0; 117 } 118 119 static int tee_ioctl_version(struct tee_context *ctx, 120 struct tee_ioctl_version_data __user *uvers) 121 { 122 struct tee_ioctl_version_data vers; 123 124 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers); 125 126 if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED) 127 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED; 128 129 if (copy_to_user(uvers, &vers, sizeof(vers))) 130 return -EFAULT; 131 132 return 0; 133 } 134 135 static int tee_ioctl_shm_alloc(struct tee_context *ctx, 136 struct tee_ioctl_shm_alloc_data __user *udata) 137 { 138 long ret; 139 struct tee_ioctl_shm_alloc_data data; 140 struct tee_shm *shm; 141 142 if (copy_from_user(&data, udata, sizeof(data))) 143 return -EFAULT; 144 145 /* Currently no input flags are supported */ 146 if (data.flags) 147 return -EINVAL; 148 149 shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF); 150 if (IS_ERR(shm)) 151 return PTR_ERR(shm); 152 153 data.id = shm->id; 154 data.flags = shm->flags; 155 data.size = shm->size; 156 157 if (copy_to_user(udata, &data, sizeof(data))) 158 ret = -EFAULT; 159 else 160 ret = tee_shm_get_fd(shm); 161 162 /* 163 * When user space closes the file descriptor the shared memory 164 * should be freed or if tee_shm_get_fd() failed then it will 165 * be freed immediately. 166 */ 167 tee_shm_put(shm); 168 return ret; 169 } 170 171 static int 172 tee_ioctl_shm_register(struct tee_context *ctx, 173 struct tee_ioctl_shm_register_data __user *udata) 174 { 175 long ret; 176 struct tee_ioctl_shm_register_data data; 177 struct tee_shm *shm; 178 179 if (copy_from_user(&data, udata, sizeof(data))) 180 return -EFAULT; 181 182 /* Currently no input flags are supported */ 183 if (data.flags) 184 return -EINVAL; 185 186 shm = tee_shm_register(ctx, data.addr, data.length, 187 TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED); 188 if (IS_ERR(shm)) 189 return PTR_ERR(shm); 190 191 data.id = shm->id; 192 data.flags = shm->flags; 193 data.length = shm->size; 194 195 if (copy_to_user(udata, &data, sizeof(data))) 196 ret = -EFAULT; 197 else 198 ret = tee_shm_get_fd(shm); 199 /* 200 * When user space closes the file descriptor the shared memory 201 * should be freed or if tee_shm_get_fd() failed then it will 202 * be freed immediately. 203 */ 204 tee_shm_put(shm); 205 return ret; 206 } 207 208 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 209 size_t num_params, 210 struct tee_ioctl_param __user *uparams) 211 { 212 size_t n; 213 214 for (n = 0; n < num_params; n++) { 215 struct tee_shm *shm; 216 struct tee_ioctl_param ip; 217 218 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 219 return -EFAULT; 220 221 /* All unused attribute bits has to be zero */ 222 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 223 return -EINVAL; 224 225 params[n].attr = ip.attr; 226 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 227 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 228 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 229 break; 230 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 231 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 232 params[n].u.value.a = ip.a; 233 params[n].u.value.b = ip.b; 234 params[n].u.value.c = ip.c; 235 break; 236 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 237 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 238 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 239 /* 240 * If we fail to get a pointer to a shared memory 241 * object (and increase the ref count) from an 242 * identifier we return an error. All pointers that 243 * has been added in params have an increased ref 244 * count. It's the callers responibility to do 245 * tee_shm_put() on all resolved pointers. 246 */ 247 shm = tee_shm_get_from_id(ctx, ip.c); 248 if (IS_ERR(shm)) 249 return PTR_ERR(shm); 250 251 /* 252 * Ensure offset + size does not overflow offset 253 * and does not overflow the size of the referred 254 * shared memory object. 255 */ 256 if ((ip.a + ip.b) < ip.a || 257 (ip.a + ip.b) > shm->size) { 258 tee_shm_put(shm); 259 return -EINVAL; 260 } 261 262 params[n].u.memref.shm_offs = ip.a; 263 params[n].u.memref.size = ip.b; 264 params[n].u.memref.shm = shm; 265 break; 266 default: 267 /* Unknown attribute */ 268 return -EINVAL; 269 } 270 } 271 return 0; 272 } 273 274 static int params_to_user(struct tee_ioctl_param __user *uparams, 275 size_t num_params, struct tee_param *params) 276 { 277 size_t n; 278 279 for (n = 0; n < num_params; n++) { 280 struct tee_ioctl_param __user *up = uparams + n; 281 struct tee_param *p = params + n; 282 283 switch (p->attr) { 284 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 285 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 286 if (put_user(p->u.value.a, &up->a) || 287 put_user(p->u.value.b, &up->b) || 288 put_user(p->u.value.c, &up->c)) 289 return -EFAULT; 290 break; 291 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 292 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 293 if (put_user((u64)p->u.memref.size, &up->b)) 294 return -EFAULT; 295 default: 296 break; 297 } 298 } 299 return 0; 300 } 301 302 static int tee_ioctl_open_session(struct tee_context *ctx, 303 struct tee_ioctl_buf_data __user *ubuf) 304 { 305 int rc; 306 size_t n; 307 struct tee_ioctl_buf_data buf; 308 struct tee_ioctl_open_session_arg __user *uarg; 309 struct tee_ioctl_open_session_arg arg; 310 struct tee_ioctl_param __user *uparams = NULL; 311 struct tee_param *params = NULL; 312 bool have_session = false; 313 314 if (!ctx->teedev->desc->ops->open_session) 315 return -EINVAL; 316 317 if (copy_from_user(&buf, ubuf, sizeof(buf))) 318 return -EFAULT; 319 320 if (buf.buf_len > TEE_MAX_ARG_SIZE || 321 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg)) 322 return -EINVAL; 323 324 uarg = u64_to_user_ptr(buf.buf_ptr); 325 if (copy_from_user(&arg, uarg, sizeof(arg))) 326 return -EFAULT; 327 328 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 329 return -EINVAL; 330 331 if (arg.num_params) { 332 params = kcalloc(arg.num_params, sizeof(struct tee_param), 333 GFP_KERNEL); 334 if (!params) 335 return -ENOMEM; 336 uparams = uarg->params; 337 rc = params_from_user(ctx, params, arg.num_params, uparams); 338 if (rc) 339 goto out; 340 } 341 342 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); 343 if (rc) 344 goto out; 345 have_session = true; 346 347 if (put_user(arg.session, &uarg->session) || 348 put_user(arg.ret, &uarg->ret) || 349 put_user(arg.ret_origin, &uarg->ret_origin)) { 350 rc = -EFAULT; 351 goto out; 352 } 353 rc = params_to_user(uparams, arg.num_params, params); 354 out: 355 /* 356 * If we've succeeded to open the session but failed to communicate 357 * it back to user space, close the session again to avoid leakage. 358 */ 359 if (rc && have_session && ctx->teedev->desc->ops->close_session) 360 ctx->teedev->desc->ops->close_session(ctx, arg.session); 361 362 if (params) { 363 /* Decrease ref count for all valid shared memory pointers */ 364 for (n = 0; n < arg.num_params; n++) 365 if (tee_param_is_memref(params + n) && 366 params[n].u.memref.shm) 367 tee_shm_put(params[n].u.memref.shm); 368 kfree(params); 369 } 370 371 return rc; 372 } 373 374 static int tee_ioctl_invoke(struct tee_context *ctx, 375 struct tee_ioctl_buf_data __user *ubuf) 376 { 377 int rc; 378 size_t n; 379 struct tee_ioctl_buf_data buf; 380 struct tee_ioctl_invoke_arg __user *uarg; 381 struct tee_ioctl_invoke_arg arg; 382 struct tee_ioctl_param __user *uparams = NULL; 383 struct tee_param *params = NULL; 384 385 if (!ctx->teedev->desc->ops->invoke_func) 386 return -EINVAL; 387 388 if (copy_from_user(&buf, ubuf, sizeof(buf))) 389 return -EFAULT; 390 391 if (buf.buf_len > TEE_MAX_ARG_SIZE || 392 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg)) 393 return -EINVAL; 394 395 uarg = u64_to_user_ptr(buf.buf_ptr); 396 if (copy_from_user(&arg, uarg, sizeof(arg))) 397 return -EFAULT; 398 399 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 400 return -EINVAL; 401 402 if (arg.num_params) { 403 params = kcalloc(arg.num_params, sizeof(struct tee_param), 404 GFP_KERNEL); 405 if (!params) 406 return -ENOMEM; 407 uparams = uarg->params; 408 rc = params_from_user(ctx, params, arg.num_params, uparams); 409 if (rc) 410 goto out; 411 } 412 413 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params); 414 if (rc) 415 goto out; 416 417 if (put_user(arg.ret, &uarg->ret) || 418 put_user(arg.ret_origin, &uarg->ret_origin)) { 419 rc = -EFAULT; 420 goto out; 421 } 422 rc = params_to_user(uparams, arg.num_params, params); 423 out: 424 if (params) { 425 /* Decrease ref count for all valid shared memory pointers */ 426 for (n = 0; n < arg.num_params; n++) 427 if (tee_param_is_memref(params + n) && 428 params[n].u.memref.shm) 429 tee_shm_put(params[n].u.memref.shm); 430 kfree(params); 431 } 432 return rc; 433 } 434 435 static int tee_ioctl_cancel(struct tee_context *ctx, 436 struct tee_ioctl_cancel_arg __user *uarg) 437 { 438 struct tee_ioctl_cancel_arg arg; 439 440 if (!ctx->teedev->desc->ops->cancel_req) 441 return -EINVAL; 442 443 if (copy_from_user(&arg, uarg, sizeof(arg))) 444 return -EFAULT; 445 446 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id, 447 arg.session); 448 } 449 450 static int 451 tee_ioctl_close_session(struct tee_context *ctx, 452 struct tee_ioctl_close_session_arg __user *uarg) 453 { 454 struct tee_ioctl_close_session_arg arg; 455 456 if (!ctx->teedev->desc->ops->close_session) 457 return -EINVAL; 458 459 if (copy_from_user(&arg, uarg, sizeof(arg))) 460 return -EFAULT; 461 462 return ctx->teedev->desc->ops->close_session(ctx, arg.session); 463 } 464 465 static int params_to_supp(struct tee_context *ctx, 466 struct tee_ioctl_param __user *uparams, 467 size_t num_params, struct tee_param *params) 468 { 469 size_t n; 470 471 for (n = 0; n < num_params; n++) { 472 struct tee_ioctl_param ip; 473 struct tee_param *p = params + n; 474 475 ip.attr = p->attr; 476 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 477 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 478 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 479 ip.a = p->u.value.a; 480 ip.b = p->u.value.b; 481 ip.c = p->u.value.c; 482 break; 483 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 484 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 485 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 486 ip.b = p->u.memref.size; 487 if (!p->u.memref.shm) { 488 ip.a = 0; 489 ip.c = (u64)-1; /* invalid shm id */ 490 break; 491 } 492 ip.a = p->u.memref.shm_offs; 493 ip.c = p->u.memref.shm->id; 494 break; 495 default: 496 ip.a = 0; 497 ip.b = 0; 498 ip.c = 0; 499 break; 500 } 501 502 if (copy_to_user(uparams + n, &ip, sizeof(ip))) 503 return -EFAULT; 504 } 505 506 return 0; 507 } 508 509 static int tee_ioctl_supp_recv(struct tee_context *ctx, 510 struct tee_ioctl_buf_data __user *ubuf) 511 { 512 int rc; 513 struct tee_ioctl_buf_data buf; 514 struct tee_iocl_supp_recv_arg __user *uarg; 515 struct tee_param *params; 516 u32 num_params; 517 u32 func; 518 519 if (!ctx->teedev->desc->ops->supp_recv) 520 return -EINVAL; 521 522 if (copy_from_user(&buf, ubuf, sizeof(buf))) 523 return -EFAULT; 524 525 if (buf.buf_len > TEE_MAX_ARG_SIZE || 526 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg)) 527 return -EINVAL; 528 529 uarg = u64_to_user_ptr(buf.buf_ptr); 530 if (get_user(num_params, &uarg->num_params)) 531 return -EFAULT; 532 533 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len) 534 return -EINVAL; 535 536 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 537 if (!params) 538 return -ENOMEM; 539 540 rc = params_from_user(ctx, params, num_params, uarg->params); 541 if (rc) 542 goto out; 543 544 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); 545 if (rc) 546 goto out; 547 548 if (put_user(func, &uarg->func) || 549 put_user(num_params, &uarg->num_params)) { 550 rc = -EFAULT; 551 goto out; 552 } 553 554 rc = params_to_supp(ctx, uarg->params, num_params, params); 555 out: 556 kfree(params); 557 return rc; 558 } 559 560 static int params_from_supp(struct tee_param *params, size_t num_params, 561 struct tee_ioctl_param __user *uparams) 562 { 563 size_t n; 564 565 for (n = 0; n < num_params; n++) { 566 struct tee_param *p = params + n; 567 struct tee_ioctl_param ip; 568 569 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 570 return -EFAULT; 571 572 /* All unused attribute bits has to be zero */ 573 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK) 574 return -EINVAL; 575 576 p->attr = ip.attr; 577 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 578 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 579 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 580 /* Only out and in/out values can be updated */ 581 p->u.value.a = ip.a; 582 p->u.value.b = ip.b; 583 p->u.value.c = ip.c; 584 break; 585 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 586 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 587 /* 588 * Only the size of the memref can be updated. 589 * Since we don't have access to the original 590 * parameters here, only store the supplied size. 591 * The driver will copy the updated size into the 592 * original parameters. 593 */ 594 p->u.memref.shm = NULL; 595 p->u.memref.shm_offs = 0; 596 p->u.memref.size = ip.b; 597 break; 598 default: 599 memset(&p->u, 0, sizeof(p->u)); 600 break; 601 } 602 } 603 return 0; 604 } 605 606 static int tee_ioctl_supp_send(struct tee_context *ctx, 607 struct tee_ioctl_buf_data __user *ubuf) 608 { 609 long rc; 610 struct tee_ioctl_buf_data buf; 611 struct tee_iocl_supp_send_arg __user *uarg; 612 struct tee_param *params; 613 u32 num_params; 614 u32 ret; 615 616 /* Not valid for this driver */ 617 if (!ctx->teedev->desc->ops->supp_send) 618 return -EINVAL; 619 620 if (copy_from_user(&buf, ubuf, sizeof(buf))) 621 return -EFAULT; 622 623 if (buf.buf_len > TEE_MAX_ARG_SIZE || 624 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg)) 625 return -EINVAL; 626 627 uarg = u64_to_user_ptr(buf.buf_ptr); 628 if (get_user(ret, &uarg->ret) || 629 get_user(num_params, &uarg->num_params)) 630 return -EFAULT; 631 632 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len) 633 return -EINVAL; 634 635 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 636 if (!params) 637 return -ENOMEM; 638 639 rc = params_from_supp(params, num_params, uarg->params); 640 if (rc) 641 goto out; 642 643 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params); 644 out: 645 kfree(params); 646 return rc; 647 } 648 649 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 650 { 651 struct tee_context *ctx = filp->private_data; 652 void __user *uarg = (void __user *)arg; 653 654 switch (cmd) { 655 case TEE_IOC_VERSION: 656 return tee_ioctl_version(ctx, uarg); 657 case TEE_IOC_SHM_ALLOC: 658 return tee_ioctl_shm_alloc(ctx, uarg); 659 case TEE_IOC_SHM_REGISTER: 660 return tee_ioctl_shm_register(ctx, uarg); 661 case TEE_IOC_OPEN_SESSION: 662 return tee_ioctl_open_session(ctx, uarg); 663 case TEE_IOC_INVOKE: 664 return tee_ioctl_invoke(ctx, uarg); 665 case TEE_IOC_CANCEL: 666 return tee_ioctl_cancel(ctx, uarg); 667 case TEE_IOC_CLOSE_SESSION: 668 return tee_ioctl_close_session(ctx, uarg); 669 case TEE_IOC_SUPPL_RECV: 670 return tee_ioctl_supp_recv(ctx, uarg); 671 case TEE_IOC_SUPPL_SEND: 672 return tee_ioctl_supp_send(ctx, uarg); 673 default: 674 return -EINVAL; 675 } 676 } 677 678 static const struct file_operations tee_fops = { 679 .owner = THIS_MODULE, 680 .open = tee_open, 681 .release = tee_release, 682 .unlocked_ioctl = tee_ioctl, 683 .compat_ioctl = tee_ioctl, 684 }; 685 686 static void tee_release_device(struct device *dev) 687 { 688 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 689 690 spin_lock(&driver_lock); 691 clear_bit(teedev->id, dev_mask); 692 spin_unlock(&driver_lock); 693 mutex_destroy(&teedev->mutex); 694 idr_destroy(&teedev->idr); 695 kfree(teedev); 696 } 697 698 /** 699 * tee_device_alloc() - Allocate a new struct tee_device instance 700 * @teedesc: Descriptor for this driver 701 * @dev: Parent device for this device 702 * @pool: Shared memory pool, NULL if not used 703 * @driver_data: Private driver data for this device 704 * 705 * Allocates a new struct tee_device instance. The device is 706 * removed by tee_device_unregister(). 707 * 708 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure 709 */ 710 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, 711 struct device *dev, 712 struct tee_shm_pool *pool, 713 void *driver_data) 714 { 715 struct tee_device *teedev; 716 void *ret; 717 int rc, max_id; 718 int offs = 0; 719 720 if (!teedesc || !teedesc->name || !teedesc->ops || 721 !teedesc->ops->get_version || !teedesc->ops->open || 722 !teedesc->ops->release || !pool) 723 return ERR_PTR(-EINVAL); 724 725 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL); 726 if (!teedev) { 727 ret = ERR_PTR(-ENOMEM); 728 goto err; 729 } 730 731 max_id = TEE_NUM_DEVICES / 2; 732 733 if (teedesc->flags & TEE_DESC_PRIVILEGED) { 734 offs = TEE_NUM_DEVICES / 2; 735 max_id = TEE_NUM_DEVICES; 736 } 737 738 spin_lock(&driver_lock); 739 teedev->id = find_next_zero_bit(dev_mask, max_id, offs); 740 if (teedev->id < max_id) 741 set_bit(teedev->id, dev_mask); 742 spin_unlock(&driver_lock); 743 744 if (teedev->id >= max_id) { 745 ret = ERR_PTR(-ENOMEM); 746 goto err; 747 } 748 749 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d", 750 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "", 751 teedev->id - offs); 752 753 teedev->dev.class = tee_class; 754 teedev->dev.release = tee_release_device; 755 teedev->dev.parent = dev; 756 757 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id); 758 759 rc = dev_set_name(&teedev->dev, "%s", teedev->name); 760 if (rc) { 761 ret = ERR_PTR(rc); 762 goto err_devt; 763 } 764 765 cdev_init(&teedev->cdev, &tee_fops); 766 teedev->cdev.owner = teedesc->owner; 767 teedev->cdev.kobj.parent = &teedev->dev.kobj; 768 769 dev_set_drvdata(&teedev->dev, driver_data); 770 device_initialize(&teedev->dev); 771 772 /* 1 as tee_device_unregister() does one final tee_device_put() */ 773 teedev->num_users = 1; 774 init_completion(&teedev->c_no_users); 775 mutex_init(&teedev->mutex); 776 idr_init(&teedev->idr); 777 778 teedev->desc = teedesc; 779 teedev->pool = pool; 780 781 return teedev; 782 err_devt: 783 unregister_chrdev_region(teedev->dev.devt, 1); 784 err: 785 pr_err("could not register %s driver\n", 786 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client"); 787 if (teedev && teedev->id < TEE_NUM_DEVICES) { 788 spin_lock(&driver_lock); 789 clear_bit(teedev->id, dev_mask); 790 spin_unlock(&driver_lock); 791 } 792 kfree(teedev); 793 return ret; 794 } 795 EXPORT_SYMBOL_GPL(tee_device_alloc); 796 797 static ssize_t implementation_id_show(struct device *dev, 798 struct device_attribute *attr, char *buf) 799 { 800 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 801 struct tee_ioctl_version_data vers; 802 803 teedev->desc->ops->get_version(teedev, &vers); 804 return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id); 805 } 806 static DEVICE_ATTR_RO(implementation_id); 807 808 static struct attribute *tee_dev_attrs[] = { 809 &dev_attr_implementation_id.attr, 810 NULL 811 }; 812 813 static const struct attribute_group tee_dev_group = { 814 .attrs = tee_dev_attrs, 815 }; 816 817 /** 818 * tee_device_register() - Registers a TEE device 819 * @teedev: Device to register 820 * 821 * tee_device_unregister() need to be called to remove the @teedev if 822 * this function fails. 823 * 824 * @returns < 0 on failure 825 */ 826 int tee_device_register(struct tee_device *teedev) 827 { 828 int rc; 829 830 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 831 dev_err(&teedev->dev, "attempt to register twice\n"); 832 return -EINVAL; 833 } 834 835 rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1); 836 if (rc) { 837 dev_err(&teedev->dev, 838 "unable to cdev_add() %s, major %d, minor %d, err=%d\n", 839 teedev->name, MAJOR(teedev->dev.devt), 840 MINOR(teedev->dev.devt), rc); 841 return rc; 842 } 843 844 rc = device_add(&teedev->dev); 845 if (rc) { 846 dev_err(&teedev->dev, 847 "unable to device_add() %s, major %d, minor %d, err=%d\n", 848 teedev->name, MAJOR(teedev->dev.devt), 849 MINOR(teedev->dev.devt), rc); 850 goto err_device_add; 851 } 852 853 rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group); 854 if (rc) { 855 dev_err(&teedev->dev, 856 "failed to create sysfs attributes, err=%d\n", rc); 857 goto err_sysfs_create_group; 858 } 859 860 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED; 861 return 0; 862 863 err_sysfs_create_group: 864 device_del(&teedev->dev); 865 err_device_add: 866 cdev_del(&teedev->cdev); 867 return rc; 868 } 869 EXPORT_SYMBOL_GPL(tee_device_register); 870 871 void tee_device_put(struct tee_device *teedev) 872 { 873 mutex_lock(&teedev->mutex); 874 /* Shouldn't put in this state */ 875 if (!WARN_ON(!teedev->desc)) { 876 teedev->num_users--; 877 if (!teedev->num_users) { 878 teedev->desc = NULL; 879 complete(&teedev->c_no_users); 880 } 881 } 882 mutex_unlock(&teedev->mutex); 883 } 884 885 bool tee_device_get(struct tee_device *teedev) 886 { 887 mutex_lock(&teedev->mutex); 888 if (!teedev->desc) { 889 mutex_unlock(&teedev->mutex); 890 return false; 891 } 892 teedev->num_users++; 893 mutex_unlock(&teedev->mutex); 894 return true; 895 } 896 897 /** 898 * tee_device_unregister() - Removes a TEE device 899 * @teedev: Device to unregister 900 * 901 * This function should be called to remove the @teedev even if 902 * tee_device_register() hasn't been called yet. Does nothing if 903 * @teedev is NULL. 904 */ 905 void tee_device_unregister(struct tee_device *teedev) 906 { 907 if (!teedev) 908 return; 909 910 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 911 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group); 912 cdev_del(&teedev->cdev); 913 device_del(&teedev->dev); 914 } 915 916 tee_device_put(teedev); 917 wait_for_completion(&teedev->c_no_users); 918 919 /* 920 * No need to take a mutex any longer now since teedev->desc was 921 * set to NULL before teedev->c_no_users was completed. 922 */ 923 924 teedev->pool = NULL; 925 926 put_device(&teedev->dev); 927 } 928 EXPORT_SYMBOL_GPL(tee_device_unregister); 929 930 /** 931 * tee_get_drvdata() - Return driver_data pointer 932 * @teedev: Device containing the driver_data pointer 933 * @returns the driver_data pointer supplied to tee_register(). 934 */ 935 void *tee_get_drvdata(struct tee_device *teedev) 936 { 937 return dev_get_drvdata(&teedev->dev); 938 } 939 EXPORT_SYMBOL_GPL(tee_get_drvdata); 940 941 struct match_dev_data { 942 struct tee_ioctl_version_data *vers; 943 const void *data; 944 int (*match)(struct tee_ioctl_version_data *, const void *); 945 }; 946 947 static int match_dev(struct device *dev, const void *data) 948 { 949 const struct match_dev_data *match_data = data; 950 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 951 952 teedev->desc->ops->get_version(teedev, match_data->vers); 953 return match_data->match(match_data->vers, match_data->data); 954 } 955 956 struct tee_context * 957 tee_client_open_context(struct tee_context *start, 958 int (*match)(struct tee_ioctl_version_data *, 959 const void *), 960 const void *data, struct tee_ioctl_version_data *vers) 961 { 962 struct device *dev = NULL; 963 struct device *put_dev = NULL; 964 struct tee_context *ctx = NULL; 965 struct tee_ioctl_version_data v; 966 struct match_dev_data match_data = { vers ? vers : &v, data, match }; 967 968 if (start) 969 dev = &start->teedev->dev; 970 971 do { 972 dev = class_find_device(tee_class, dev, &match_data, match_dev); 973 if (!dev) { 974 ctx = ERR_PTR(-ENOENT); 975 break; 976 } 977 978 put_device(put_dev); 979 put_dev = dev; 980 981 ctx = teedev_open(container_of(dev, struct tee_device, dev)); 982 } while (IS_ERR(ctx) && PTR_ERR(ctx) != -ENOMEM); 983 984 put_device(put_dev); 985 return ctx; 986 } 987 EXPORT_SYMBOL_GPL(tee_client_open_context); 988 989 void tee_client_close_context(struct tee_context *ctx) 990 { 991 teedev_close_context(ctx); 992 } 993 EXPORT_SYMBOL_GPL(tee_client_close_context); 994 995 void tee_client_get_version(struct tee_context *ctx, 996 struct tee_ioctl_version_data *vers) 997 { 998 ctx->teedev->desc->ops->get_version(ctx->teedev, vers); 999 } 1000 EXPORT_SYMBOL_GPL(tee_client_get_version); 1001 1002 int tee_client_open_session(struct tee_context *ctx, 1003 struct tee_ioctl_open_session_arg *arg, 1004 struct tee_param *param) 1005 { 1006 if (!ctx->teedev->desc->ops->open_session) 1007 return -EINVAL; 1008 return ctx->teedev->desc->ops->open_session(ctx, arg, param); 1009 } 1010 EXPORT_SYMBOL_GPL(tee_client_open_session); 1011 1012 int tee_client_close_session(struct tee_context *ctx, u32 session) 1013 { 1014 if (!ctx->teedev->desc->ops->close_session) 1015 return -EINVAL; 1016 return ctx->teedev->desc->ops->close_session(ctx, session); 1017 } 1018 EXPORT_SYMBOL_GPL(tee_client_close_session); 1019 1020 int tee_client_invoke_func(struct tee_context *ctx, 1021 struct tee_ioctl_invoke_arg *arg, 1022 struct tee_param *param) 1023 { 1024 if (!ctx->teedev->desc->ops->invoke_func) 1025 return -EINVAL; 1026 return ctx->teedev->desc->ops->invoke_func(ctx, arg, param); 1027 } 1028 EXPORT_SYMBOL_GPL(tee_client_invoke_func); 1029 1030 static int __init tee_init(void) 1031 { 1032 int rc; 1033 1034 tee_class = class_create(THIS_MODULE, "tee"); 1035 if (IS_ERR(tee_class)) { 1036 pr_err("couldn't create class\n"); 1037 return PTR_ERR(tee_class); 1038 } 1039 1040 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee"); 1041 if (rc) { 1042 pr_err("failed to allocate char dev region\n"); 1043 class_destroy(tee_class); 1044 tee_class = NULL; 1045 } 1046 1047 return rc; 1048 } 1049 1050 static void __exit tee_exit(void) 1051 { 1052 class_destroy(tee_class); 1053 tee_class = NULL; 1054 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 1055 } 1056 1057 subsys_initcall(tee_init); 1058 module_exit(tee_exit); 1059 1060 MODULE_AUTHOR("Linaro"); 1061 MODULE_DESCRIPTION("TEE Driver"); 1062 MODULE_VERSION("1.0"); 1063 MODULE_LICENSE("GPL v2"); 1064