drivers/tee/amdtee/core.c

   1 // SPDX-License-Identifier: MIT
   2 /*
   3  * Copyright 2019 Advanced Micro Devices, Inc.
   4  */
   5
   6 #include <linux/errno.h>
   7 #include <linux/io.h>
   8 #include <linux/module.h>
   9 #include <linux/slab.h>
  10 #include <linux/string.h>
  11 #include <linux/device.h>
  12 #include <linux/tee_drv.h>
  13 #include <linux/types.h>
  14 #include <linux/mm.h>
  15 #include <linux/uaccess.h>
  16 #include <linux/firmware.h>
  17 #include "amdtee_private.h"
  18 #include "../tee_private.h"
  19 #include <linux/psp-tee.h>
  20
  21 static struct amdtee_driver_data *drv_data;
  22 static DEFINE_MUTEX(session_list_mutex);
  23
  24 static void amdtee_get_version(struct tee_device *teedev,
  25                                struct tee_ioctl_version_data *vers)
  26 {
  27         struct tee_ioctl_version_data v = {
  28                 .impl_id = TEE_IMPL_ID_AMDTEE,
  29                 .impl_caps = 0,
  30                 .gen_caps = TEE_GEN_CAP_GP,
  31         };
  32         *vers = v;
  33 }
  34
  35 static int amdtee_open(struct tee_context *ctx)
  36 {
  37         struct amdtee_context_data *ctxdata;
  38
  39         ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL);
  40         if (!ctxdata)
  41                 return -ENOMEM;
  42
  43         INIT_LIST_HEAD(&ctxdata->sess_list);
  44         INIT_LIST_HEAD(&ctxdata->shm_list);
  45         mutex_init(&ctxdata->shm_mutex);
  46
  47         ctx->data = ctxdata;
  48         return 0;
  49 }
  50
  51 static void release_session(struct amdtee_session *sess)
  52 {
  53         int i;
  54
  55         /* Close any open session */
  56         for (i = 0; i < TEE_NUM_SESSIONS; ++i) {
  57                 /* Check if session entry 'i' is valid */
  58                 if (!test_bit(i, sess->sess_mask))
  59                         continue;
  60
  61                 handle_close_session(sess->ta_handle, sess->session_info[i]);
  62         }
  63
  64         /* Unload Trusted Application once all sessions are closed */
  65         handle_unload_ta(sess->ta_handle);
  66         kfree(sess);
  67 }
  68
  69 static void amdtee_release(struct tee_context *ctx)
  70 {
  71         struct amdtee_context_data *ctxdata = ctx->data;
  72
  73         if (!ctxdata)
  74                 return;
  75
  76         while (true) {
  77                 struct amdtee_session *sess;
  78
  79                 sess = list_first_entry_or_null(&ctxdata->sess_list,
  80                                                 struct amdtee_session,
  81                                                 list_node);
  82
  83                 if (!sess)
  84                         break;
  85
  86                 list_del(&sess->list_node);
  87                 release_session(sess);
  88         }
  89         mutex_destroy(&ctxdata->shm_mutex);
  90         kfree(ctxdata);
  91
  92         ctx->data = NULL;
  93 }
  94
  95 /**
  96  * alloc_session() - Allocate a session structure
  97  * @ctxdata:    TEE Context data structure
  98  * @session:    Session ID for which 'struct amdtee_session' structure is to be
  99  *              allocated.
 100  *
 101  * Scans the TEE context's session list to check if TA is already loaded in to
 102  * TEE. If yes, returns the 'session' structure for that TA. Else allocates,
 103  * initializes a new 'session' structure and adds it to context's session list.
 104  *
 105  * The caller must hold a mutex.
 106  *
 107  * Returns:
 108  * 'struct amdtee_session *' on success and NULL on failure.
 109  */
 110 static struct amdtee_session *alloc_session(struct amdtee_context_data *ctxdata,
 111                                             u32 session)
 112 {
 113         struct amdtee_session *sess;
 114         u32 ta_handle = get_ta_handle(session);
 115
 116         /* Scan session list to check if TA is already loaded in to TEE */
 117         list_for_each_entry(sess, &ctxdata->sess_list, list_node)
 118                 if (sess->ta_handle == ta_handle) {
 119                         kref_get(&sess->refcount);
 120                         return sess;
 121                 }
 122
 123         /* Allocate a new session and add to list */
 124         sess = kzalloc(sizeof(*sess), GFP_KERNEL);
 125         if (sess) {
 126                 sess->ta_handle = ta_handle;
 127                 kref_init(&sess->refcount);
 128                 spin_lock_init(&sess->lock);
 129                 list_add(&sess->list_node, &ctxdata->sess_list);
 130         }
 131
 132         return sess;
 133 }
 134
 135 /* Requires mutex to be held */
 136 static struct amdtee_session *find_session(struct amdtee_context_data *ctxdata,
 137                                            u32 session)
 138 {
 139         u32 ta_handle = get_ta_handle(session);
 140         u32 index = get_session_index(session);
 141         struct amdtee_session *sess;
 142
 143         if (index >= TEE_NUM_SESSIONS)
 144                 return NULL;
 145
 146         list_for_each_entry(sess, &ctxdata->sess_list, list_node)
 147                 if (ta_handle == sess->ta_handle &&
 148                     test_bit(index, sess->sess_mask))
 149                         return sess;
 150
 151         return NULL;
 152 }
 153
 154 u32 get_buffer_id(struct tee_shm *shm)
 155 {
 156         struct amdtee_context_data *ctxdata = shm->ctx->data;
 157         struct amdtee_shm_data *shmdata;
 158         u32 buf_id = 0;
 159
 160         mutex_lock(&ctxdata->shm_mutex);
 161         list_for_each_entry(shmdata, &ctxdata->shm_list, shm_node)
 162                 if (shmdata->kaddr == shm->kaddr) {
 163                         buf_id = shmdata->buf_id;
 164                         break;
 165                 }
 166         mutex_unlock(&ctxdata->shm_mutex);
 167
 168         return buf_id;
 169 }
 170
 171 static DEFINE_MUTEX(drv_mutex);
 172 static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta,
 173                           size_t *ta_size)
 174 {
 175         const struct firmware *fw;
 176         char fw_name[TA_PATH_MAX];
 177         struct {
 178                 u32 lo;
 179                 u16 mid;
 180                 u16 hi_ver;
 181                 u8 seq_n[8];
 182         } *uuid = ptr;
 183         int n, rc = 0;
 184
 185         n = snprintf(fw_name, TA_PATH_MAX,
 186                      "%s/%08x-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x.bin",
 187                      TA_LOAD_PATH, uuid->lo, uuid->mid, uuid->hi_ver,
 188                      uuid->seq_n[0], uuid->seq_n[1],
 189                      uuid->seq_n[2], uuid->seq_n[3],
 190                      uuid->seq_n[4], uuid->seq_n[5],
 191                      uuid->seq_n[6], uuid->seq_n[7]);
 192         if (n < 0 || n >= TA_PATH_MAX) {
 193                 pr_err("failed to get firmware name\n");
 194                 return -EINVAL;
 195         }
 196
 197         mutex_lock(&drv_mutex);
 198         n = request_firmware(&fw, fw_name, &ctx->teedev->dev);
 199         if (n) {
 200                 pr_err("failed to load firmware %s\n", fw_name);
 201                 rc = -ENOMEM;
 202                 goto unlock;
 203         }
 204
 205         *ta_size = roundup(fw->size, PAGE_SIZE);
 206         *ta = (void *)__get_free_pages(GFP_KERNEL, get_order(*ta_size));
 207         if (IS_ERR(*ta)) {
 208                 pr_err("%s: get_free_pages failed 0x%llx\n", __func__,
 209                        (u64)*ta);
 210                 rc = -ENOMEM;
 211                 goto rel_fw;
 212         }
 213
 214         memcpy(*ta, fw->data, fw->size);
 215 rel_fw:
 216         release_firmware(fw);
 217 unlock:
 218         mutex_unlock(&drv_mutex);
 219         return rc;
 220 }
 221
 222 static void destroy_session(struct kref *ref)
 223 {
 224         struct amdtee_session *sess = container_of(ref, struct amdtee_session,
 225                                                    refcount);
 226
 227         /* Unload the TA from TEE */
 228         handle_unload_ta(sess->ta_handle);
 229         mutex_lock(&session_list_mutex);
 230         list_del(&sess->list_node);
 231         mutex_unlock(&session_list_mutex);
 232         kfree(sess);
 233 }
 234
 235 int amdtee_open_session(struct tee_context *ctx,
 236                         struct tee_ioctl_open_session_arg *arg,
 237                         struct tee_param *param)
 238 {
 239         struct amdtee_context_data *ctxdata = ctx->data;
 240         struct amdtee_session *sess = NULL;
 241         u32 session_info;
 242         size_t ta_size;
 243         int rc, i;
 244         void *ta;
 245
 246         if (arg->clnt_login != TEE_IOCTL_LOGIN_PUBLIC) {
 247                 pr_err("unsupported client login method\n");
 248                 return -EINVAL;
 249         }
 250
 251         rc = copy_ta_binary(ctx, &arg->uuid[0], &ta, &ta_size);
 252         if (rc) {
 253                 pr_err("failed to copy TA binary\n");
 254                 return rc;
 255         }
 256
 257         /* Load the TA binary into TEE environment */
 258         handle_load_ta(ta, ta_size, arg);
 259         if (arg->ret != TEEC_SUCCESS)
 260                 goto out;
 261
 262         mutex_lock(&session_list_mutex);
 263         sess = alloc_session(ctxdata, arg->session);
 264         mutex_unlock(&session_list_mutex);
 265
 266         if (!sess) {
 267                 rc = -ENOMEM;
 268                 goto out;
 269         }
 270
 271         /* Find an empty session index for the given TA */
 272         spin_lock(&sess->lock);
 273         i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS);
 274         if (i < TEE_NUM_SESSIONS)
 275                 set_bit(i, sess->sess_mask);
 276         spin_unlock(&sess->lock);
 277
 278         if (i >= TEE_NUM_SESSIONS) {
 279                 pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS);
 280                 kref_put(&sess->refcount, destroy_session);
 281                 rc = -ENOMEM;
 282                 goto out;
 283         }
 284
 285         /* Open session with loaded TA */
 286         handle_open_session(arg, &session_info, param);
 287         if (arg->ret != TEEC_SUCCESS) {
 288                 pr_err("open_session failed %d\n", arg->ret);
 289                 spin_lock(&sess->lock);
 290                 clear_bit(i, sess->sess_mask);
 291                 spin_unlock(&sess->lock);
 292                 kref_put(&sess->refcount, destroy_session);
 293                 goto out;
 294         }
 295
 296         sess->session_info[i] = session_info;
 297         set_session_id(sess->ta_handle, i, &arg->session);
 298 out:
 299         free_pages((u64)ta, get_order(ta_size));
 300         return rc;
 301 }
 302
 303 int amdtee_close_session(struct tee_context *ctx, u32 session)
 304 {
 305         struct amdtee_context_data *ctxdata = ctx->data;
 306         u32 i, ta_handle, session_info;
 307         struct amdtee_session *sess;
 308
 309         pr_debug("%s: sid = 0x%x\n", __func__, session);
 310
 311         /*
 312          * Check that the session is valid and clear the session
 313          * usage bit
 314          */
 315         mutex_lock(&session_list_mutex);
 316         sess = find_session(ctxdata, session);
 317         if (sess) {
 318                 ta_handle = get_ta_handle(session);
 319                 i = get_session_index(session);
 320                 session_info = sess->session_info[i];
 321                 spin_lock(&sess->lock);
 322                 clear_bit(i, sess->sess_mask);
 323                 spin_unlock(&sess->lock);
 324         }
 325         mutex_unlock(&session_list_mutex);
 326
 327         if (!sess)
 328                 return -EINVAL;
 329
 330         /* Close the session */
 331         handle_close_session(ta_handle, session_info);
 332
 333         kref_put(&sess->refcount, destroy_session);
 334
 335         return 0;
 336 }
 337
 338 int amdtee_map_shmem(struct tee_shm *shm)
 339 {
 340         struct amdtee_context_data *ctxdata;
 341         struct amdtee_shm_data *shmnode;
 342         struct shmem_desc shmem;
 343         int rc, count;
 344         u32 buf_id;
 345
 346         if (!shm)
 347                 return -EINVAL;
 348
 349         shmnode = kmalloc(sizeof(*shmnode), GFP_KERNEL);
 350         if (!shmnode)
 351                 return -ENOMEM;
 352
 353         count = 1;
 354         shmem.kaddr = shm->kaddr;
 355         shmem.size = shm->size;
 356
 357         /*
 358          * Send a MAP command to TEE and get the corresponding
 359          * buffer Id
 360          */
 361         rc = handle_map_shmem(count, &shmem, &buf_id);
 362         if (rc) {
 363                 pr_err("map_shmem failed: ret = %d\n", rc);
 364                 kfree(shmnode);
 365                 return rc;
 366         }
 367
 368         shmnode->kaddr = shm->kaddr;
 369         shmnode->buf_id = buf_id;
 370         ctxdata = shm->ctx->data;
 371         mutex_lock(&ctxdata->shm_mutex);
 372         list_add(&shmnode->shm_node, &ctxdata->shm_list);
 373         mutex_unlock(&ctxdata->shm_mutex);
 374
 375         pr_debug("buf_id :[%x] kaddr[%p]\n", shmnode->buf_id, shmnode->kaddr);
 376
 377         return 0;
 378 }
 379
 380 void amdtee_unmap_shmem(struct tee_shm *shm)
 381 {
 382         struct amdtee_context_data *ctxdata;
 383         struct amdtee_shm_data *shmnode;
 384         u32 buf_id;
 385
 386         if (!shm)
 387                 return;
 388
 389         buf_id = get_buffer_id(shm);
 390         /* Unmap the shared memory from TEE */
 391         handle_unmap_shmem(buf_id);
 392
 393         ctxdata = shm->ctx->data;
 394         mutex_lock(&ctxdata->shm_mutex);
 395         list_for_each_entry(shmnode, &ctxdata->shm_list, shm_node)
 396                 if (buf_id == shmnode->buf_id) {
 397                         list_del(&shmnode->shm_node);
 398                         kfree(shmnode);
 399                         break;
 400                 }
 401         mutex_unlock(&ctxdata->shm_mutex);
 402 }
 403
 404 int amdtee_invoke_func(struct tee_context *ctx,
 405                        struct tee_ioctl_invoke_arg *arg,
 406                        struct tee_param *param)
 407 {
 408         struct amdtee_context_data *ctxdata = ctx->data;
 409         struct amdtee_session *sess;
 410         u32 i, session_info;
 411
 412         /* Check that the session is valid */
 413         mutex_lock(&session_list_mutex);
 414         sess = find_session(ctxdata, arg->session);
 415         if (sess) {
 416                 i = get_session_index(arg->session);
 417                 session_info = sess->session_info[i];
 418         }
 419         mutex_unlock(&session_list_mutex);
 420
 421         if (!sess)
 422                 return -EINVAL;
 423
 424         handle_invoke_cmd(arg, session_info, param);
 425
 426         return 0;
 427 }
 428
 429 int amdtee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session)
 430 {
 431         return -EINVAL;
 432 }
 433
 434 static const struct tee_driver_ops amdtee_ops = {
 435         .get_version = amdtee_get_version,
 436         .open = amdtee_open,
 437         .release = amdtee_release,
 438         .open_session = amdtee_open_session,
 439         .close_session = amdtee_close_session,
 440         .invoke_func = amdtee_invoke_func,
 441         .cancel_req = amdtee_cancel_req,
 442 };
 443
 444 static const struct tee_desc amdtee_desc = {
 445         .name = DRIVER_NAME "-clnt",
 446         .ops = &amdtee_ops,
 447         .owner = THIS_MODULE,
 448 };
 449
 450 static int __init amdtee_driver_init(void)
 451 {
 452         struct tee_device *teedev;
 453         struct tee_shm_pool *pool;
 454         struct amdtee *amdtee;
 455         int rc;
 456
 457         rc = psp_check_tee_status();
 458         if (rc) {
 459                 pr_err("amd-tee driver: tee not present\n");
 460                 return rc;
 461         }
 462
 463         drv_data = kzalloc(sizeof(*drv_data), GFP_KERNEL);
 464         if (!drv_data)
 465                 return -ENOMEM;
 466
 467         amdtee = kzalloc(sizeof(*amdtee), GFP_KERNEL);
 468         if (!amdtee) {
 469                 rc = -ENOMEM;
 470                 goto err_kfree_drv_data;
 471         }
 472
 473         pool = amdtee_config_shm();
 474         if (IS_ERR(pool)) {
 475                 pr_err("shared pool configuration error\n");
 476                 rc = PTR_ERR(pool);
 477                 goto err_kfree_amdtee;
 478         }
 479
 480         teedev = tee_device_alloc(&amdtee_desc, NULL, pool, amdtee);
 481         if (IS_ERR(teedev)) {
 482                 rc = PTR_ERR(teedev);
 483                 goto err_free_pool;
 484         }
 485         amdtee->teedev = teedev;
 486
 487         rc = tee_device_register(amdtee->teedev);
 488         if (rc)
 489                 goto err_device_unregister;
 490
 491         amdtee->pool = pool;
 492
 493         drv_data->amdtee = amdtee;
 494
 495         pr_info("amd-tee driver initialization successful\n");
 496         return 0;
 497
 498 err_device_unregister:
 499         tee_device_unregister(amdtee->teedev);
 500
 501 err_free_pool:
 502         tee_shm_pool_free(pool);
 503
 504 err_kfree_amdtee:
 505         kfree(amdtee);
 506
 507 err_kfree_drv_data:
 508         kfree(drv_data);
 509         drv_data = NULL;
 510
 511         pr_err("amd-tee driver initialization failed\n");
 512         return rc;
 513 }
 514 module_init(amdtee_driver_init);
 515
 516 static void __exit amdtee_driver_exit(void)
 517 {
 518         struct amdtee *amdtee;
 519
 520         if (!drv_data || !drv_data->amdtee)
 521                 return;
 522
 523         amdtee = drv_data->amdtee;
 524
 525         tee_device_unregister(amdtee->teedev);
 526         tee_shm_pool_free(amdtee->pool);
 527 }
 528 module_exit(amdtee_driver_exit);
 529
 530 MODULE_AUTHOR(DRIVER_AUTHOR);
 531 MODULE_DESCRIPTION("AMD-TEE driver");
 532 MODULE_VERSION("1.0");
 533 MODULE_LICENSE("Dual MIT/GPL");