1 /* 2 * Copyright (c) 2015-2016, Linaro Limited 3 * 4 * This software is licensed under the terms of the GNU General Public 5 * License version 2, as published by the Free Software Foundation, and 6 * may be copied, distributed, and modified under those terms. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * GNU General Public License for more details. 12 * 13 */ 14 15 #define pr_fmt(fmt) "%s: " fmt, __func__ 16 17 #include <linux/cdev.h> 18 #include <linux/device.h> 19 #include <linux/fs.h> 20 #include <linux/idr.h> 21 #include <linux/module.h> 22 #include <linux/slab.h> 23 #include <linux/tee_drv.h> 24 #include <linux/uaccess.h> 25 #include "tee_private.h" 26 27 #define TEE_NUM_DEVICES 32 28 29 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) 30 31 /* 32 * Unprivileged devices in the lower half range and privileged devices in 33 * the upper half range. 34 */ 35 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES); 36 static DEFINE_SPINLOCK(driver_lock); 37 38 static struct class *tee_class; 39 static dev_t tee_devt; 40 41 static int tee_open(struct inode *inode, struct file *filp) 42 { 43 int rc; 44 struct tee_device *teedev; 45 struct tee_context *ctx; 46 47 teedev = container_of(inode->i_cdev, struct tee_device, cdev); 48 if (!tee_device_get(teedev)) 49 return -EINVAL; 50 51 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 52 if (!ctx) { 53 rc = -ENOMEM; 54 goto err; 55 } 56 57 ctx->teedev = teedev; 58 INIT_LIST_HEAD(&ctx->list_shm); 59 filp->private_data = ctx; 60 rc = teedev->desc->ops->open(ctx); 61 if (rc) 62 goto err; 63 64 return 0; 65 err: 66 kfree(ctx); 67 tee_device_put(teedev); 68 return rc; 69 } 70 71 static int tee_release(struct inode *inode, struct file *filp) 72 { 73 struct tee_context *ctx = filp->private_data; 74 struct tee_device *teedev = ctx->teedev; 75 struct tee_shm *shm; 76 77 ctx->teedev->desc->ops->release(ctx); 78 mutex_lock(&ctx->teedev->mutex); 79 list_for_each_entry(shm, &ctx->list_shm, link) 80 shm->ctx = NULL; 81 mutex_unlock(&ctx->teedev->mutex); 82 kfree(ctx); 83 tee_device_put(teedev); 84 return 0; 85 } 86 87 static int tee_ioctl_version(struct tee_context *ctx, 88 struct tee_ioctl_version_data __user *uvers) 89 { 90 struct tee_ioctl_version_data vers; 91 92 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers); 93 if (copy_to_user(uvers, &vers, sizeof(vers))) 94 return -EFAULT; 95 return 0; 96 } 97 98 static int tee_ioctl_shm_alloc(struct tee_context *ctx, 99 struct tee_ioctl_shm_alloc_data __user *udata) 100 { 101 long ret; 102 struct tee_ioctl_shm_alloc_data data; 103 struct tee_shm *shm; 104 105 if (copy_from_user(&data, udata, sizeof(data))) 106 return -EFAULT; 107 108 /* Currently no input flags are supported */ 109 if (data.flags) 110 return -EINVAL; 111 112 data.id = -1; 113 114 shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF); 115 if (IS_ERR(shm)) 116 return PTR_ERR(shm); 117 118 data.id = shm->id; 119 data.flags = shm->flags; 120 data.size = shm->size; 121 122 if (copy_to_user(udata, &data, sizeof(data))) 123 ret = -EFAULT; 124 else 125 ret = tee_shm_get_fd(shm); 126 127 /* 128 * When user space closes the file descriptor the shared memory 129 * should be freed or if tee_shm_get_fd() failed then it will 130 * be freed immediately. 131 */ 132 tee_shm_put(shm); 133 return ret; 134 } 135 136 static int params_from_user(struct tee_context *ctx, struct tee_param *params, 137 size_t num_params, 138 struct tee_ioctl_param __user *uparams) 139 { 140 size_t n; 141 142 for (n = 0; n < num_params; n++) { 143 struct tee_shm *shm; 144 struct tee_ioctl_param ip; 145 146 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 147 return -EFAULT; 148 149 /* All unused attribute bits has to be zero */ 150 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) 151 return -EINVAL; 152 153 params[n].attr = ip.attr; 154 switch (ip.attr) { 155 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: 156 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 157 break; 158 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 159 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 160 params[n].u.value.a = ip.a; 161 params[n].u.value.b = ip.b; 162 params[n].u.value.c = ip.c; 163 break; 164 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 165 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 166 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 167 /* 168 * If we fail to get a pointer to a shared memory 169 * object (and increase the ref count) from an 170 * identifier we return an error. All pointers that 171 * has been added in params have an increased ref 172 * count. It's the callers responibility to do 173 * tee_shm_put() on all resolved pointers. 174 */ 175 shm = tee_shm_get_from_id(ctx, ip.c); 176 if (IS_ERR(shm)) 177 return PTR_ERR(shm); 178 179 params[n].u.memref.shm_offs = ip.a; 180 params[n].u.memref.size = ip.b; 181 params[n].u.memref.shm = shm; 182 break; 183 default: 184 /* Unknown attribute */ 185 return -EINVAL; 186 } 187 } 188 return 0; 189 } 190 191 static int params_to_user(struct tee_ioctl_param __user *uparams, 192 size_t num_params, struct tee_param *params) 193 { 194 size_t n; 195 196 for (n = 0; n < num_params; n++) { 197 struct tee_ioctl_param __user *up = uparams + n; 198 struct tee_param *p = params + n; 199 200 switch (p->attr) { 201 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 202 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 203 if (put_user(p->u.value.a, &up->a) || 204 put_user(p->u.value.b, &up->b) || 205 put_user(p->u.value.c, &up->c)) 206 return -EFAULT; 207 break; 208 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 209 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 210 if (put_user((u64)p->u.memref.size, &up->b)) 211 return -EFAULT; 212 default: 213 break; 214 } 215 } 216 return 0; 217 } 218 219 static bool param_is_memref(struct tee_param *param) 220 { 221 switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 222 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 223 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 224 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 225 return true; 226 default: 227 return false; 228 } 229 } 230 231 static int tee_ioctl_open_session(struct tee_context *ctx, 232 struct tee_ioctl_buf_data __user *ubuf) 233 { 234 int rc; 235 size_t n; 236 struct tee_ioctl_buf_data buf; 237 struct tee_ioctl_open_session_arg __user *uarg; 238 struct tee_ioctl_open_session_arg arg; 239 struct tee_ioctl_param __user *uparams = NULL; 240 struct tee_param *params = NULL; 241 bool have_session = false; 242 243 if (!ctx->teedev->desc->ops->open_session) 244 return -EINVAL; 245 246 if (copy_from_user(&buf, ubuf, sizeof(buf))) 247 return -EFAULT; 248 249 if (buf.buf_len > TEE_MAX_ARG_SIZE || 250 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg)) 251 return -EINVAL; 252 253 uarg = u64_to_user_ptr(buf.buf_ptr); 254 if (copy_from_user(&arg, uarg, sizeof(arg))) 255 return -EFAULT; 256 257 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 258 return -EINVAL; 259 260 if (arg.num_params) { 261 params = kcalloc(arg.num_params, sizeof(struct tee_param), 262 GFP_KERNEL); 263 if (!params) 264 return -ENOMEM; 265 uparams = uarg->params; 266 rc = params_from_user(ctx, params, arg.num_params, uparams); 267 if (rc) 268 goto out; 269 } 270 271 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); 272 if (rc) 273 goto out; 274 have_session = true; 275 276 if (put_user(arg.session, &uarg->session) || 277 put_user(arg.ret, &uarg->ret) || 278 put_user(arg.ret_origin, &uarg->ret_origin)) { 279 rc = -EFAULT; 280 goto out; 281 } 282 rc = params_to_user(uparams, arg.num_params, params); 283 out: 284 /* 285 * If we've succeeded to open the session but failed to communicate 286 * it back to user space, close the session again to avoid leakage. 287 */ 288 if (rc && have_session && ctx->teedev->desc->ops->close_session) 289 ctx->teedev->desc->ops->close_session(ctx, arg.session); 290 291 if (params) { 292 /* Decrease ref count for all valid shared memory pointers */ 293 for (n = 0; n < arg.num_params; n++) 294 if (param_is_memref(params + n) && 295 params[n].u.memref.shm) 296 tee_shm_put(params[n].u.memref.shm); 297 kfree(params); 298 } 299 300 return rc; 301 } 302 303 static int tee_ioctl_invoke(struct tee_context *ctx, 304 struct tee_ioctl_buf_data __user *ubuf) 305 { 306 int rc; 307 size_t n; 308 struct tee_ioctl_buf_data buf; 309 struct tee_ioctl_invoke_arg __user *uarg; 310 struct tee_ioctl_invoke_arg arg; 311 struct tee_ioctl_param __user *uparams = NULL; 312 struct tee_param *params = NULL; 313 314 if (!ctx->teedev->desc->ops->invoke_func) 315 return -EINVAL; 316 317 if (copy_from_user(&buf, ubuf, sizeof(buf))) 318 return -EFAULT; 319 320 if (buf.buf_len > TEE_MAX_ARG_SIZE || 321 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg)) 322 return -EINVAL; 323 324 uarg = u64_to_user_ptr(buf.buf_ptr); 325 if (copy_from_user(&arg, uarg, sizeof(arg))) 326 return -EFAULT; 327 328 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) 329 return -EINVAL; 330 331 if (arg.num_params) { 332 params = kcalloc(arg.num_params, sizeof(struct tee_param), 333 GFP_KERNEL); 334 if (!params) 335 return -ENOMEM; 336 uparams = uarg->params; 337 rc = params_from_user(ctx, params, arg.num_params, uparams); 338 if (rc) 339 goto out; 340 } 341 342 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params); 343 if (rc) 344 goto out; 345 346 if (put_user(arg.ret, &uarg->ret) || 347 put_user(arg.ret_origin, &uarg->ret_origin)) { 348 rc = -EFAULT; 349 goto out; 350 } 351 rc = params_to_user(uparams, arg.num_params, params); 352 out: 353 if (params) { 354 /* Decrease ref count for all valid shared memory pointers */ 355 for (n = 0; n < arg.num_params; n++) 356 if (param_is_memref(params + n) && 357 params[n].u.memref.shm) 358 tee_shm_put(params[n].u.memref.shm); 359 kfree(params); 360 } 361 return rc; 362 } 363 364 static int tee_ioctl_cancel(struct tee_context *ctx, 365 struct tee_ioctl_cancel_arg __user *uarg) 366 { 367 struct tee_ioctl_cancel_arg arg; 368 369 if (!ctx->teedev->desc->ops->cancel_req) 370 return -EINVAL; 371 372 if (copy_from_user(&arg, uarg, sizeof(arg))) 373 return -EFAULT; 374 375 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id, 376 arg.session); 377 } 378 379 static int 380 tee_ioctl_close_session(struct tee_context *ctx, 381 struct tee_ioctl_close_session_arg __user *uarg) 382 { 383 struct tee_ioctl_close_session_arg arg; 384 385 if (!ctx->teedev->desc->ops->close_session) 386 return -EINVAL; 387 388 if (copy_from_user(&arg, uarg, sizeof(arg))) 389 return -EFAULT; 390 391 return ctx->teedev->desc->ops->close_session(ctx, arg.session); 392 } 393 394 static int params_to_supp(struct tee_context *ctx, 395 struct tee_ioctl_param __user *uparams, 396 size_t num_params, struct tee_param *params) 397 { 398 size_t n; 399 400 for (n = 0; n < num_params; n++) { 401 struct tee_ioctl_param ip; 402 struct tee_param *p = params + n; 403 404 ip.attr = p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK; 405 switch (p->attr) { 406 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: 407 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 408 ip.a = p->u.value.a; 409 ip.b = p->u.value.b; 410 ip.c = p->u.value.c; 411 break; 412 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: 413 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 414 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 415 ip.b = p->u.memref.size; 416 if (!p->u.memref.shm) { 417 ip.a = 0; 418 ip.c = (u64)-1; /* invalid shm id */ 419 break; 420 } 421 ip.a = p->u.memref.shm_offs; 422 ip.c = p->u.memref.shm->id; 423 break; 424 default: 425 ip.a = 0; 426 ip.b = 0; 427 ip.c = 0; 428 break; 429 } 430 431 if (copy_to_user(uparams + n, &ip, sizeof(ip))) 432 return -EFAULT; 433 } 434 435 return 0; 436 } 437 438 static int tee_ioctl_supp_recv(struct tee_context *ctx, 439 struct tee_ioctl_buf_data __user *ubuf) 440 { 441 int rc; 442 struct tee_ioctl_buf_data buf; 443 struct tee_iocl_supp_recv_arg __user *uarg; 444 struct tee_param *params; 445 u32 num_params; 446 u32 func; 447 448 if (!ctx->teedev->desc->ops->supp_recv) 449 return -EINVAL; 450 451 if (copy_from_user(&buf, ubuf, sizeof(buf))) 452 return -EFAULT; 453 454 if (buf.buf_len > TEE_MAX_ARG_SIZE || 455 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg)) 456 return -EINVAL; 457 458 uarg = u64_to_user_ptr(buf.buf_ptr); 459 if (get_user(num_params, &uarg->num_params)) 460 return -EFAULT; 461 462 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len) 463 return -EINVAL; 464 465 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 466 if (!params) 467 return -ENOMEM; 468 469 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); 470 if (rc) 471 goto out; 472 473 if (put_user(func, &uarg->func) || 474 put_user(num_params, &uarg->num_params)) { 475 rc = -EFAULT; 476 goto out; 477 } 478 479 rc = params_to_supp(ctx, uarg->params, num_params, params); 480 out: 481 kfree(params); 482 return rc; 483 } 484 485 static int params_from_supp(struct tee_param *params, size_t num_params, 486 struct tee_ioctl_param __user *uparams) 487 { 488 size_t n; 489 490 for (n = 0; n < num_params; n++) { 491 struct tee_param *p = params + n; 492 struct tee_ioctl_param ip; 493 494 if (copy_from_user(&ip, uparams + n, sizeof(ip))) 495 return -EFAULT; 496 497 /* All unused attribute bits has to be zero */ 498 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) 499 return -EINVAL; 500 501 p->attr = ip.attr; 502 switch (ip.attr) { 503 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 504 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 505 /* Only out and in/out values can be updated */ 506 p->u.value.a = ip.a; 507 p->u.value.b = ip.b; 508 p->u.value.c = ip.c; 509 break; 510 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 511 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 512 /* 513 * Only the size of the memref can be updated. 514 * Since we don't have access to the original 515 * parameters here, only store the supplied size. 516 * The driver will copy the updated size into the 517 * original parameters. 518 */ 519 p->u.memref.shm = NULL; 520 p->u.memref.shm_offs = 0; 521 p->u.memref.size = ip.b; 522 break; 523 default: 524 memset(&p->u, 0, sizeof(p->u)); 525 break; 526 } 527 } 528 return 0; 529 } 530 531 static int tee_ioctl_supp_send(struct tee_context *ctx, 532 struct tee_ioctl_buf_data __user *ubuf) 533 { 534 long rc; 535 struct tee_ioctl_buf_data buf; 536 struct tee_iocl_supp_send_arg __user *uarg; 537 struct tee_param *params; 538 u32 num_params; 539 u32 ret; 540 541 /* Not valid for this driver */ 542 if (!ctx->teedev->desc->ops->supp_send) 543 return -EINVAL; 544 545 if (copy_from_user(&buf, ubuf, sizeof(buf))) 546 return -EFAULT; 547 548 if (buf.buf_len > TEE_MAX_ARG_SIZE || 549 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg)) 550 return -EINVAL; 551 552 uarg = u64_to_user_ptr(buf.buf_ptr); 553 if (get_user(ret, &uarg->ret) || 554 get_user(num_params, &uarg->num_params)) 555 return -EFAULT; 556 557 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len) 558 return -EINVAL; 559 560 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); 561 if (!params) 562 return -ENOMEM; 563 564 rc = params_from_supp(params, num_params, uarg->params); 565 if (rc) 566 goto out; 567 568 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params); 569 out: 570 kfree(params); 571 return rc; 572 } 573 574 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 575 { 576 struct tee_context *ctx = filp->private_data; 577 void __user *uarg = (void __user *)arg; 578 579 switch (cmd) { 580 case TEE_IOC_VERSION: 581 return tee_ioctl_version(ctx, uarg); 582 case TEE_IOC_SHM_ALLOC: 583 return tee_ioctl_shm_alloc(ctx, uarg); 584 case TEE_IOC_OPEN_SESSION: 585 return tee_ioctl_open_session(ctx, uarg); 586 case TEE_IOC_INVOKE: 587 return tee_ioctl_invoke(ctx, uarg); 588 case TEE_IOC_CANCEL: 589 return tee_ioctl_cancel(ctx, uarg); 590 case TEE_IOC_CLOSE_SESSION: 591 return tee_ioctl_close_session(ctx, uarg); 592 case TEE_IOC_SUPPL_RECV: 593 return tee_ioctl_supp_recv(ctx, uarg); 594 case TEE_IOC_SUPPL_SEND: 595 return tee_ioctl_supp_send(ctx, uarg); 596 default: 597 return -EINVAL; 598 } 599 } 600 601 static const struct file_operations tee_fops = { 602 .owner = THIS_MODULE, 603 .open = tee_open, 604 .release = tee_release, 605 .unlocked_ioctl = tee_ioctl, 606 .compat_ioctl = tee_ioctl, 607 }; 608 609 static void tee_release_device(struct device *dev) 610 { 611 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 612 613 spin_lock(&driver_lock); 614 clear_bit(teedev->id, dev_mask); 615 spin_unlock(&driver_lock); 616 mutex_destroy(&teedev->mutex); 617 idr_destroy(&teedev->idr); 618 kfree(teedev); 619 } 620 621 /** 622 * tee_device_alloc() - Allocate a new struct tee_device instance 623 * @teedesc: Descriptor for this driver 624 * @dev: Parent device for this device 625 * @pool: Shared memory pool, NULL if not used 626 * @driver_data: Private driver data for this device 627 * 628 * Allocates a new struct tee_device instance. The device is 629 * removed by tee_device_unregister(). 630 * 631 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure 632 */ 633 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, 634 struct device *dev, 635 struct tee_shm_pool *pool, 636 void *driver_data) 637 { 638 struct tee_device *teedev; 639 void *ret; 640 int rc; 641 int offs = 0; 642 643 if (!teedesc || !teedesc->name || !teedesc->ops || 644 !teedesc->ops->get_version || !teedesc->ops->open || 645 !teedesc->ops->release || !pool) 646 return ERR_PTR(-EINVAL); 647 648 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL); 649 if (!teedev) { 650 ret = ERR_PTR(-ENOMEM); 651 goto err; 652 } 653 654 if (teedesc->flags & TEE_DESC_PRIVILEGED) 655 offs = TEE_NUM_DEVICES / 2; 656 657 spin_lock(&driver_lock); 658 teedev->id = find_next_zero_bit(dev_mask, TEE_NUM_DEVICES, offs); 659 if (teedev->id < TEE_NUM_DEVICES) 660 set_bit(teedev->id, dev_mask); 661 spin_unlock(&driver_lock); 662 663 if (teedev->id >= TEE_NUM_DEVICES) { 664 ret = ERR_PTR(-ENOMEM); 665 goto err; 666 } 667 668 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d", 669 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "", 670 teedev->id - offs); 671 672 teedev->dev.class = tee_class; 673 teedev->dev.release = tee_release_device; 674 teedev->dev.parent = dev; 675 676 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id); 677 678 rc = dev_set_name(&teedev->dev, "%s", teedev->name); 679 if (rc) { 680 ret = ERR_PTR(rc); 681 goto err_devt; 682 } 683 684 cdev_init(&teedev->cdev, &tee_fops); 685 teedev->cdev.owner = teedesc->owner; 686 teedev->cdev.kobj.parent = &teedev->dev.kobj; 687 688 dev_set_drvdata(&teedev->dev, driver_data); 689 device_initialize(&teedev->dev); 690 691 /* 1 as tee_device_unregister() does one final tee_device_put() */ 692 teedev->num_users = 1; 693 init_completion(&teedev->c_no_users); 694 mutex_init(&teedev->mutex); 695 idr_init(&teedev->idr); 696 697 teedev->desc = teedesc; 698 teedev->pool = pool; 699 700 return teedev; 701 err_devt: 702 unregister_chrdev_region(teedev->dev.devt, 1); 703 err: 704 pr_err("could not register %s driver\n", 705 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client"); 706 if (teedev && teedev->id < TEE_NUM_DEVICES) { 707 spin_lock(&driver_lock); 708 clear_bit(teedev->id, dev_mask); 709 spin_unlock(&driver_lock); 710 } 711 kfree(teedev); 712 return ret; 713 } 714 EXPORT_SYMBOL_GPL(tee_device_alloc); 715 716 static ssize_t implementation_id_show(struct device *dev, 717 struct device_attribute *attr, char *buf) 718 { 719 struct tee_device *teedev = container_of(dev, struct tee_device, dev); 720 struct tee_ioctl_version_data vers; 721 722 teedev->desc->ops->get_version(teedev, &vers); 723 return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id); 724 } 725 static DEVICE_ATTR_RO(implementation_id); 726 727 static struct attribute *tee_dev_attrs[] = { 728 &dev_attr_implementation_id.attr, 729 NULL 730 }; 731 732 static const struct attribute_group tee_dev_group = { 733 .attrs = tee_dev_attrs, 734 }; 735 736 /** 737 * tee_device_register() - Registers a TEE device 738 * @teedev: Device to register 739 * 740 * tee_device_unregister() need to be called to remove the @teedev if 741 * this function fails. 742 * 743 * @returns < 0 on failure 744 */ 745 int tee_device_register(struct tee_device *teedev) 746 { 747 int rc; 748 749 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 750 dev_err(&teedev->dev, "attempt to register twice\n"); 751 return -EINVAL; 752 } 753 754 rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1); 755 if (rc) { 756 dev_err(&teedev->dev, 757 "unable to cdev_add() %s, major %d, minor %d, err=%d\n", 758 teedev->name, MAJOR(teedev->dev.devt), 759 MINOR(teedev->dev.devt), rc); 760 return rc; 761 } 762 763 rc = device_add(&teedev->dev); 764 if (rc) { 765 dev_err(&teedev->dev, 766 "unable to device_add() %s, major %d, minor %d, err=%d\n", 767 teedev->name, MAJOR(teedev->dev.devt), 768 MINOR(teedev->dev.devt), rc); 769 goto err_device_add; 770 } 771 772 rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group); 773 if (rc) { 774 dev_err(&teedev->dev, 775 "failed to create sysfs attributes, err=%d\n", rc); 776 goto err_sysfs_create_group; 777 } 778 779 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED; 780 return 0; 781 782 err_sysfs_create_group: 783 device_del(&teedev->dev); 784 err_device_add: 785 cdev_del(&teedev->cdev); 786 return rc; 787 } 788 EXPORT_SYMBOL_GPL(tee_device_register); 789 790 void tee_device_put(struct tee_device *teedev) 791 { 792 mutex_lock(&teedev->mutex); 793 /* Shouldn't put in this state */ 794 if (!WARN_ON(!teedev->desc)) { 795 teedev->num_users--; 796 if (!teedev->num_users) { 797 teedev->desc = NULL; 798 complete(&teedev->c_no_users); 799 } 800 } 801 mutex_unlock(&teedev->mutex); 802 } 803 804 bool tee_device_get(struct tee_device *teedev) 805 { 806 mutex_lock(&teedev->mutex); 807 if (!teedev->desc) { 808 mutex_unlock(&teedev->mutex); 809 return false; 810 } 811 teedev->num_users++; 812 mutex_unlock(&teedev->mutex); 813 return true; 814 } 815 816 /** 817 * tee_device_unregister() - Removes a TEE device 818 * @teedev: Device to unregister 819 * 820 * This function should be called to remove the @teedev even if 821 * tee_device_register() hasn't been called yet. Does nothing if 822 * @teedev is NULL. 823 */ 824 void tee_device_unregister(struct tee_device *teedev) 825 { 826 if (!teedev) 827 return; 828 829 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { 830 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group); 831 cdev_del(&teedev->cdev); 832 device_del(&teedev->dev); 833 } 834 835 tee_device_put(teedev); 836 wait_for_completion(&teedev->c_no_users); 837 838 /* 839 * No need to take a mutex any longer now since teedev->desc was 840 * set to NULL before teedev->c_no_users was completed. 841 */ 842 843 teedev->pool = NULL; 844 845 put_device(&teedev->dev); 846 } 847 EXPORT_SYMBOL_GPL(tee_device_unregister); 848 849 /** 850 * tee_get_drvdata() - Return driver_data pointer 851 * @teedev: Device containing the driver_data pointer 852 * @returns the driver_data pointer supplied to tee_register(). 853 */ 854 void *tee_get_drvdata(struct tee_device *teedev) 855 { 856 return dev_get_drvdata(&teedev->dev); 857 } 858 EXPORT_SYMBOL_GPL(tee_get_drvdata); 859 860 static int __init tee_init(void) 861 { 862 int rc; 863 864 tee_class = class_create(THIS_MODULE, "tee"); 865 if (IS_ERR(tee_class)) { 866 pr_err("couldn't create class\n"); 867 return PTR_ERR(tee_class); 868 } 869 870 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee"); 871 if (rc) { 872 pr_err("failed to allocate char dev region\n"); 873 class_destroy(tee_class); 874 tee_class = NULL; 875 } 876 877 return rc; 878 } 879 880 static void __exit tee_exit(void) 881 { 882 class_destroy(tee_class); 883 tee_class = NULL; 884 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); 885 } 886 887 subsys_initcall(tee_init); 888 module_exit(tee_exit); 889 890 MODULE_AUTHOR("Linaro"); 891 MODULE_DESCRIPTION("TEE Driver"); 892 MODULE_VERSION("1.0"); 893 MODULE_LICENSE("GPL v2"); 894