git.samba.org / sfrench / cifs-2.6.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge tag 'qcom-drivers-for-5.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git...
[sfrench/cifs-2.6.git] / drivers / tee / tee_core.c
1 /*
2  * Copyright (c) 2015-2016, Linaro Limited
3  *
4  * This software is licensed under the terms of the GNU General Public
5  * License version 2, as published by the Free Software Foundation, and
6  * may be copied, distributed, and modified under those terms.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  *
13  */
14
15 #define pr_fmt(fmt) "%s: " fmt, __func__
16
17 #include <linux/cdev.h>
18 #include <linux/fs.h>
19 #include <linux/idr.h>
20 #include <linux/module.h>
21 #include <linux/slab.h>
22 #include <linux/tee_drv.h>
23 #include <linux/uaccess.h>
24 #include "tee_private.h"
25
26 #define TEE_NUM_DEVICES 32
27
28 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
29
30 /*
31  * Unprivileged devices in the lower half range and privileged devices in
32  * the upper half range.
33  */
34 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES);
35 static DEFINE_SPINLOCK(driver_lock);
36
37 static struct class *tee_class;
38 static dev_t tee_devt;
39
40 static struct tee_context *teedev_open(struct tee_device *teedev)
41 {
42         int rc;
43         struct tee_context *ctx;
44
45         if (!tee_device_get(teedev))
46                 return ERR_PTR(-EINVAL);
47
48         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
49         if (!ctx) {
50                 rc = -ENOMEM;
51                 goto err;
52         }
53
54         kref_init(&ctx->refcount);
55         ctx->teedev = teedev;
56         INIT_LIST_HEAD(&ctx->list_shm);
57         rc = teedev->desc->ops->open(ctx);
58         if (rc)
59                 goto err;
60
61         return ctx;
62 err:
63         kfree(ctx);
64         tee_device_put(teedev);
65         return ERR_PTR(rc);
66
67 }
68
69 void teedev_ctx_get(struct tee_context *ctx)
70 {
71         if (ctx->releasing)
72                 return;
73
74         kref_get(&ctx->refcount);
75 }
76
77 static void teedev_ctx_release(struct kref *ref)
78 {
79         struct tee_context *ctx = container_of(ref, struct tee_context,
80                                                refcount);
81         ctx->releasing = true;
82         ctx->teedev->desc->ops->release(ctx);
83         kfree(ctx);
84 }
85
86 void teedev_ctx_put(struct tee_context *ctx)
87 {
88         if (ctx->releasing)
89                 return;
90
91         kref_put(&ctx->refcount, teedev_ctx_release);
92 }
93
94 static void teedev_close_context(struct tee_context *ctx)
95 {
96         tee_device_put(ctx->teedev);
97         teedev_ctx_put(ctx);
98 }
99
100 static int tee_open(struct inode *inode, struct file *filp)
101 {
102         struct tee_context *ctx;
103
104         ctx = teedev_open(container_of(inode->i_cdev, struct tee_device, cdev));
105         if (IS_ERR(ctx))
106                 return PTR_ERR(ctx);
107
108         /*
109          * Default user-space behaviour is to wait for tee-supplicant
110          * if not present for any requests in this context.
111          */
112         ctx->supp_nowait = false;
113         filp->private_data = ctx;
114         return 0;
115 }
116
117 static int tee_release(struct inode *inode, struct file *filp)
118 {
119         teedev_close_context(filp->private_data);
120         return 0;
121 }
122
123 static int tee_ioctl_version(struct tee_context *ctx,
124                              struct tee_ioctl_version_data __user *uvers)
125 {
126         struct tee_ioctl_version_data vers;
127
128         ctx->teedev->desc->ops->get_version(ctx->teedev, &vers);
129
130         if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED)
131                 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED;
132
133         if (copy_to_user(uvers, &vers, sizeof(vers)))
134                 return -EFAULT;
135
136         return 0;
137 }
138
139 static int tee_ioctl_shm_alloc(struct tee_context *ctx,
140                                struct tee_ioctl_shm_alloc_data __user *udata)
141 {
142         long ret;
143         struct tee_ioctl_shm_alloc_data data;
144         struct tee_shm *shm;
145
146         if (copy_from_user(&data, udata, sizeof(data)))
147                 return -EFAULT;
148
149         /* Currently no input flags are supported */
150         if (data.flags)
151                 return -EINVAL;
152
153         shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
154         if (IS_ERR(shm))
155                 return PTR_ERR(shm);
156
157         data.id = shm->id;
158         data.flags = shm->flags;
159         data.size = shm->size;
160
161         if (copy_to_user(udata, &data, sizeof(data)))
162                 ret = -EFAULT;
163         else
164                 ret = tee_shm_get_fd(shm);
165
166         /*
167          * When user space closes the file descriptor the shared memory
168          * should be freed or if tee_shm_get_fd() failed then it will
169          * be freed immediately.
170          */
171         tee_shm_put(shm);
172         return ret;
173 }
174
175 static int
176 tee_ioctl_shm_register(struct tee_context *ctx,
177                        struct tee_ioctl_shm_register_data __user *udata)
178 {
179         long ret;
180         struct tee_ioctl_shm_register_data data;
181         struct tee_shm *shm;
182
183         if (copy_from_user(&data, udata, sizeof(data)))
184                 return -EFAULT;
185
186         /* Currently no input flags are supported */
187         if (data.flags)
188                 return -EINVAL;
189
190         shm = tee_shm_register(ctx, data.addr, data.length,
191                                TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
192         if (IS_ERR(shm))
193                 return PTR_ERR(shm);
194
195         data.id = shm->id;
196         data.flags = shm->flags;
197         data.length = shm->size;
198
199         if (copy_to_user(udata, &data, sizeof(data)))
200                 ret = -EFAULT;
201         else
202                 ret = tee_shm_get_fd(shm);
203         /*
204          * When user space closes the file descriptor the shared memory
205          * should be freed or if tee_shm_get_fd() failed then it will
206          * be freed immediately.
207          */
208         tee_shm_put(shm);
209         return ret;
210 }
211
212 static int params_from_user(struct tee_context *ctx, struct tee_param *params,
213                             size_t num_params,
214                             struct tee_ioctl_param __user *uparams)
215 {
216         size_t n;
217
218         for (n = 0; n < num_params; n++) {
219                 struct tee_shm *shm;
220                 struct tee_ioctl_param ip;
221
222                 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
223                         return -EFAULT;
224
225                 /* All unused attribute bits has to be zero */
226                 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
227                         return -EINVAL;
228
229                 params[n].attr = ip.attr;
230                 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
231                 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
232                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
233                         break;
234                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
235                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
236                         params[n].u.value.a = ip.a;
237                         params[n].u.value.b = ip.b;
238                         params[n].u.value.c = ip.c;
239                         break;
240                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
241                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
242                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
243                         /*
244                          * If we fail to get a pointer to a shared memory
245                          * object (and increase the ref count) from an
246                          * identifier we return an error. All pointers that
247                          * has been added in params have an increased ref
248                          * count. It's the callers responibility to do
249                          * tee_shm_put() on all resolved pointers.
250                          */
251                         shm = tee_shm_get_from_id(ctx, ip.c);
252                         if (IS_ERR(shm))
253                                 return PTR_ERR(shm);
254
255                         /*
256                          * Ensure offset + size does not overflow offset
257                          * and does not overflow the size of the referred
258                          * shared memory object.
259                          */
260                         if ((ip.a + ip.b) < ip.a ||
261                             (ip.a + ip.b) > shm->size) {
262                                 tee_shm_put(shm);
263                                 return -EINVAL;
264                         }
265
266                         params[n].u.memref.shm_offs = ip.a;
267                         params[n].u.memref.size = ip.b;
268                         params[n].u.memref.shm = shm;
269                         break;
270                 default:
271                         /* Unknown attribute */
272                         return -EINVAL;
273                 }
274         }
275         return 0;
276 }
277
278 static int params_to_user(struct tee_ioctl_param __user *uparams,
279                           size_t num_params, struct tee_param *params)
280 {
281         size_t n;
282
283         for (n = 0; n < num_params; n++) {
284                 struct tee_ioctl_param __user *up = uparams + n;
285                 struct tee_param *p = params + n;
286
287                 switch (p->attr) {
288                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
289                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
290                         if (put_user(p->u.value.a, &up->a) ||
291                             put_user(p->u.value.b, &up->b) ||
292                             put_user(p->u.value.c, &up->c))
293                                 return -EFAULT;
294                         break;
295                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
296                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
297                         if (put_user((u64)p->u.memref.size, &up->b))
298                                 return -EFAULT;
299                 default:
300                         break;
301                 }
302         }
303         return 0;
304 }
305
306 static int tee_ioctl_open_session(struct tee_context *ctx,
307                                   struct tee_ioctl_buf_data __user *ubuf)
308 {
309         int rc;
310         size_t n;
311         struct tee_ioctl_buf_data buf;
312         struct tee_ioctl_open_session_arg __user *uarg;
313         struct tee_ioctl_open_session_arg arg;
314         struct tee_ioctl_param __user *uparams = NULL;
315         struct tee_param *params = NULL;
316         bool have_session = false;
317
318         if (!ctx->teedev->desc->ops->open_session)
319                 return -EINVAL;
320
321         if (copy_from_user(&buf, ubuf, sizeof(buf)))
322                 return -EFAULT;
323
324         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
325             buf.buf_len < sizeof(struct tee_ioctl_open_session_arg))
326                 return -EINVAL;
327
328         uarg = u64_to_user_ptr(buf.buf_ptr);
329         if (copy_from_user(&arg, uarg, sizeof(arg)))
330                 return -EFAULT;
331
332         if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
333                 return -EINVAL;
334
335         if (arg.num_params) {
336                 params = kcalloc(arg.num_params, sizeof(struct tee_param),
337                                  GFP_KERNEL);
338                 if (!params)
339                         return -ENOMEM;
340                 uparams = uarg->params;
341                 rc = params_from_user(ctx, params, arg.num_params, uparams);
342                 if (rc)
343                         goto out;
344         }
345
346         rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
347         if (rc)
348                 goto out;
349         have_session = true;
350
351         if (put_user(arg.session, &uarg->session) ||
352             put_user(arg.ret, &uarg->ret) ||
353             put_user(arg.ret_origin, &uarg->ret_origin)) {
354                 rc = -EFAULT;
355                 goto out;
356         }
357         rc = params_to_user(uparams, arg.num_params, params);
358 out:
359         /*
360          * If we've succeeded to open the session but failed to communicate
361          * it back to user space, close the session again to avoid leakage.
362          */
363         if (rc && have_session && ctx->teedev->desc->ops->close_session)
364                 ctx->teedev->desc->ops->close_session(ctx, arg.session);
365
366         if (params) {
367                 /* Decrease ref count for all valid shared memory pointers */
368                 for (n = 0; n < arg.num_params; n++)
369                         if (tee_param_is_memref(params + n) &&
370                             params[n].u.memref.shm)
371                                 tee_shm_put(params[n].u.memref.shm);
372                 kfree(params);
373         }
374
375         return rc;
376 }
377
378 static int tee_ioctl_invoke(struct tee_context *ctx,
379                             struct tee_ioctl_buf_data __user *ubuf)
380 {
381         int rc;
382         size_t n;
383         struct tee_ioctl_buf_data buf;
384         struct tee_ioctl_invoke_arg __user *uarg;
385         struct tee_ioctl_invoke_arg arg;
386         struct tee_ioctl_param __user *uparams = NULL;
387         struct tee_param *params = NULL;
388
389         if (!ctx->teedev->desc->ops->invoke_func)
390                 return -EINVAL;
391
392         if (copy_from_user(&buf, ubuf, sizeof(buf)))
393                 return -EFAULT;
394
395         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
396             buf.buf_len < sizeof(struct tee_ioctl_invoke_arg))
397                 return -EINVAL;
398
399         uarg = u64_to_user_ptr(buf.buf_ptr);
400         if (copy_from_user(&arg, uarg, sizeof(arg)))
401                 return -EFAULT;
402
403         if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
404                 return -EINVAL;
405
406         if (arg.num_params) {
407                 params = kcalloc(arg.num_params, sizeof(struct tee_param),
408                                  GFP_KERNEL);
409                 if (!params)
410                         return -ENOMEM;
411                 uparams = uarg->params;
412                 rc = params_from_user(ctx, params, arg.num_params, uparams);
413                 if (rc)
414                         goto out;
415         }
416
417         rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params);
418         if (rc)
419                 goto out;
420
421         if (put_user(arg.ret, &uarg->ret) ||
422             put_user(arg.ret_origin, &uarg->ret_origin)) {
423                 rc = -EFAULT;
424                 goto out;
425         }
426         rc = params_to_user(uparams, arg.num_params, params);
427 out:
428         if (params) {
429                 /* Decrease ref count for all valid shared memory pointers */
430                 for (n = 0; n < arg.num_params; n++)
431                         if (tee_param_is_memref(params + n) &&
432                             params[n].u.memref.shm)
433                                 tee_shm_put(params[n].u.memref.shm);
434                 kfree(params);
435         }
436         return rc;
437 }
438
439 static int tee_ioctl_cancel(struct tee_context *ctx,
440                             struct tee_ioctl_cancel_arg __user *uarg)
441 {
442         struct tee_ioctl_cancel_arg arg;
443
444         if (!ctx->teedev->desc->ops->cancel_req)
445                 return -EINVAL;
446
447         if (copy_from_user(&arg, uarg, sizeof(arg)))
448                 return -EFAULT;
449
450         return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id,
451                                                   arg.session);
452 }
453
454 static int
455 tee_ioctl_close_session(struct tee_context *ctx,
456                         struct tee_ioctl_close_session_arg __user *uarg)
457 {
458         struct tee_ioctl_close_session_arg arg;
459
460         if (!ctx->teedev->desc->ops->close_session)
461                 return -EINVAL;
462
463         if (copy_from_user(&arg, uarg, sizeof(arg)))
464                 return -EFAULT;
465
466         return ctx->teedev->desc->ops->close_session(ctx, arg.session);
467 }
468
469 static int params_to_supp(struct tee_context *ctx,
470                           struct tee_ioctl_param __user *uparams,
471                           size_t num_params, struct tee_param *params)
472 {
473         size_t n;
474
475         for (n = 0; n < num_params; n++) {
476                 struct tee_ioctl_param ip;
477                 struct tee_param *p = params + n;
478
479                 ip.attr = p->attr;
480                 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
481                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
482                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
483                         ip.a = p->u.value.a;
484                         ip.b = p->u.value.b;
485                         ip.c = p->u.value.c;
486                         break;
487                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
488                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
489                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
490                         ip.b = p->u.memref.size;
491                         if (!p->u.memref.shm) {
492                                 ip.a = 0;
493                                 ip.c = (u64)-1; /* invalid shm id */
494                                 break;
495                         }
496                         ip.a = p->u.memref.shm_offs;
497                         ip.c = p->u.memref.shm->id;
498                         break;
499                 default:
500                         ip.a = 0;
501                         ip.b = 0;
502                         ip.c = 0;
503                         break;
504                 }
505
506                 if (copy_to_user(uparams + n, &ip, sizeof(ip)))
507                         return -EFAULT;
508         }
509
510         return 0;
511 }
512
513 static int tee_ioctl_supp_recv(struct tee_context *ctx,
514                                struct tee_ioctl_buf_data __user *ubuf)
515 {
516         int rc;
517         struct tee_ioctl_buf_data buf;
518         struct tee_iocl_supp_recv_arg __user *uarg;
519         struct tee_param *params;
520         u32 num_params;
521         u32 func;
522
523         if (!ctx->teedev->desc->ops->supp_recv)
524                 return -EINVAL;
525
526         if (copy_from_user(&buf, ubuf, sizeof(buf)))
527                 return -EFAULT;
528
529         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
530             buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
531                 return -EINVAL;
532
533         uarg = u64_to_user_ptr(buf.buf_ptr);
534         if (get_user(num_params, &uarg->num_params))
535                 return -EFAULT;
536
537         if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
538                 return -EINVAL;
539
540         params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
541         if (!params)
542                 return -ENOMEM;
543
544         rc = params_from_user(ctx, params, num_params, uarg->params);
545         if (rc)
546                 goto out;
547
548         rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
549         if (rc)
550                 goto out;
551
552         if (put_user(func, &uarg->func) ||
553             put_user(num_params, &uarg->num_params)) {
554                 rc = -EFAULT;
555                 goto out;
556         }
557
558         rc = params_to_supp(ctx, uarg->params, num_params, params);
559 out:
560         kfree(params);
561         return rc;
562 }
563
564 static int params_from_supp(struct tee_param *params, size_t num_params,
565                             struct tee_ioctl_param __user *uparams)
566 {
567         size_t n;
568
569         for (n = 0; n < num_params; n++) {
570                 struct tee_param *p = params + n;
571                 struct tee_ioctl_param ip;
572
573                 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
574                         return -EFAULT;
575
576                 /* All unused attribute bits has to be zero */
577                 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
578                         return -EINVAL;
579
580                 p->attr = ip.attr;
581                 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
582                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
583                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
584                         /* Only out and in/out values can be updated */
585                         p->u.value.a = ip.a;
586                         p->u.value.b = ip.b;
587                         p->u.value.c = ip.c;
588                         break;
589                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
590                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
591                         /*
592                          * Only the size of the memref can be updated.
593                          * Since we don't have access to the original
594                          * parameters here, only store the supplied size.
595                          * The driver will copy the updated size into the
596                          * original parameters.
597                          */
598                         p->u.memref.shm = NULL;
599                         p->u.memref.shm_offs = 0;
600                         p->u.memref.size = ip.b;
601                         break;
602                 default:
603                         memset(&p->u, 0, sizeof(p->u));
604                         break;
605                 }
606         }
607         return 0;
608 }
609
610 static int tee_ioctl_supp_send(struct tee_context *ctx,
611                                struct tee_ioctl_buf_data __user *ubuf)
612 {
613         long rc;
614         struct tee_ioctl_buf_data buf;
615         struct tee_iocl_supp_send_arg __user *uarg;
616         struct tee_param *params;
617         u32 num_params;
618         u32 ret;
619
620         /* Not valid for this driver */
621         if (!ctx->teedev->desc->ops->supp_send)
622                 return -EINVAL;
623
624         if (copy_from_user(&buf, ubuf, sizeof(buf)))
625                 return -EFAULT;
626
627         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
628             buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
629                 return -EINVAL;
630
631         uarg = u64_to_user_ptr(buf.buf_ptr);
632         if (get_user(ret, &uarg->ret) ||
633             get_user(num_params, &uarg->num_params))
634                 return -EFAULT;
635
636         if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
637                 return -EINVAL;
638
639         params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
640         if (!params)
641                 return -ENOMEM;
642
643         rc = params_from_supp(params, num_params, uarg->params);
644         if (rc)
645                 goto out;
646
647         rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
648 out:
649         kfree(params);
650         return rc;
651 }
652
653 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
654 {
655         struct tee_context *ctx = filp->private_data;
656         void __user *uarg = (void __user *)arg;
657
658         switch (cmd) {
659         case TEE_IOC_VERSION:
660                 return tee_ioctl_version(ctx, uarg);
661         case TEE_IOC_SHM_ALLOC:
662                 return tee_ioctl_shm_alloc(ctx, uarg);
663         case TEE_IOC_SHM_REGISTER:
664                 return tee_ioctl_shm_register(ctx, uarg);
665         case TEE_IOC_OPEN_SESSION:
666                 return tee_ioctl_open_session(ctx, uarg);
667         case TEE_IOC_INVOKE:
668                 return tee_ioctl_invoke(ctx, uarg);
669         case TEE_IOC_CANCEL:
670                 return tee_ioctl_cancel(ctx, uarg);
671         case TEE_IOC_CLOSE_SESSION:
672                 return tee_ioctl_close_session(ctx, uarg);
673         case TEE_IOC_SUPPL_RECV:
674                 return tee_ioctl_supp_recv(ctx, uarg);
675         case TEE_IOC_SUPPL_SEND:
676                 return tee_ioctl_supp_send(ctx, uarg);
677         default:
678                 return -EINVAL;
679         }
680 }
681
682 static const struct file_operations tee_fops = {
683         .owner = THIS_MODULE,
684         .open = tee_open,
685         .release = tee_release,
686         .unlocked_ioctl = tee_ioctl,
687         .compat_ioctl = tee_ioctl,
688 };
689
690 static void tee_release_device(struct device *dev)
691 {
692         struct tee_device *teedev = container_of(dev, struct tee_device, dev);
693
694         spin_lock(&driver_lock);
695         clear_bit(teedev->id, dev_mask);
696         spin_unlock(&driver_lock);
697         mutex_destroy(&teedev->mutex);
698         idr_destroy(&teedev->idr);
699         kfree(teedev);
700 }
701
702 /**
703  * tee_device_alloc() - Allocate a new struct tee_device instance
704  * @teedesc:    Descriptor for this driver
705  * @dev:        Parent device for this device
706  * @pool:       Shared memory pool, NULL if not used
707  * @driver_data: Private driver data for this device
708  *
709  * Allocates a new struct tee_device instance. The device is
710  * removed by tee_device_unregister().
711  *
712  * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
713  */
714 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
715                                     struct device *dev,
716                                     struct tee_shm_pool *pool,
717                                     void *driver_data)
718 {
719         struct tee_device *teedev;
720         void *ret;
721         int rc, max_id;
722         int offs = 0;
723
724         if (!teedesc || !teedesc->name || !teedesc->ops ||
725             !teedesc->ops->get_version || !teedesc->ops->open ||
726             !teedesc->ops->release || !pool)
727                 return ERR_PTR(-EINVAL);
728
729         teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
730         if (!teedev) {
731                 ret = ERR_PTR(-ENOMEM);
732                 goto err;
733         }
734
735         max_id = TEE_NUM_DEVICES / 2;
736
737         if (teedesc->flags & TEE_DESC_PRIVILEGED) {
738                 offs = TEE_NUM_DEVICES / 2;
739                 max_id = TEE_NUM_DEVICES;
740         }
741
742         spin_lock(&driver_lock);
743         teedev->id = find_next_zero_bit(dev_mask, max_id, offs);
744         if (teedev->id < max_id)
745                 set_bit(teedev->id, dev_mask);
746         spin_unlock(&driver_lock);
747
748         if (teedev->id >= max_id) {
749                 ret = ERR_PTR(-ENOMEM);
750                 goto err;
751         }
752
753         snprintf(teedev->name, sizeof(teedev->name), "tee%s%d",
754                  teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "",
755                  teedev->id - offs);
756
757         teedev->dev.class = tee_class;
758         teedev->dev.release = tee_release_device;
759         teedev->dev.parent = dev;
760
761         teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id);
762
763         rc = dev_set_name(&teedev->dev, "%s", teedev->name);
764         if (rc) {
765                 ret = ERR_PTR(rc);
766                 goto err_devt;
767         }
768
769         cdev_init(&teedev->cdev, &tee_fops);
770         teedev->cdev.owner = teedesc->owner;
771         teedev->cdev.kobj.parent = &teedev->dev.kobj;
772
773         dev_set_drvdata(&teedev->dev, driver_data);
774         device_initialize(&teedev->dev);
775
776         /* 1 as tee_device_unregister() does one final tee_device_put() */
777         teedev->num_users = 1;
778         init_completion(&teedev->c_no_users);
779         mutex_init(&teedev->mutex);
780         idr_init(&teedev->idr);
781
782         teedev->desc = teedesc;
783         teedev->pool = pool;
784
785         return teedev;
786 err_devt:
787         unregister_chrdev_region(teedev->dev.devt, 1);
788 err:
789         pr_err("could not register %s driver\n",
790                teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client");
791         if (teedev && teedev->id < TEE_NUM_DEVICES) {
792                 spin_lock(&driver_lock);
793                 clear_bit(teedev->id, dev_mask);
794                 spin_unlock(&driver_lock);
795         }
796         kfree(teedev);
797         return ret;
798 }
799 EXPORT_SYMBOL_GPL(tee_device_alloc);
800
801 static ssize_t implementation_id_show(struct device *dev,
802                                       struct device_attribute *attr, char *buf)
803 {
804         struct tee_device *teedev = container_of(dev, struct tee_device, dev);
805         struct tee_ioctl_version_data vers;
806
807         teedev->desc->ops->get_version(teedev, &vers);
808         return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id);
809 }
810 static DEVICE_ATTR_RO(implementation_id);
811
812 static struct attribute *tee_dev_attrs[] = {
813         &dev_attr_implementation_id.attr,
814         NULL
815 };
816
817 static const struct attribute_group tee_dev_group = {
818         .attrs = tee_dev_attrs,
819 };
820
821 /**
822  * tee_device_register() - Registers a TEE device
823  * @teedev:     Device to register
824  *
825  * tee_device_unregister() need to be called to remove the @teedev if
826  * this function fails.
827  *
828  * @returns < 0 on failure
829  */
830 int tee_device_register(struct tee_device *teedev)
831 {
832         int rc;
833
834         if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
835                 dev_err(&teedev->dev, "attempt to register twice\n");
836                 return -EINVAL;
837         }
838
839         rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1);
840         if (rc) {
841                 dev_err(&teedev->dev,
842                         "unable to cdev_add() %s, major %d, minor %d, err=%d\n",
843                         teedev->name, MAJOR(teedev->dev.devt),
844                         MINOR(teedev->dev.devt), rc);
845                 return rc;
846         }
847
848         rc = device_add(&teedev->dev);
849         if (rc) {
850                 dev_err(&teedev->dev,
851                         "unable to device_add() %s, major %d, minor %d, err=%d\n",
852                         teedev->name, MAJOR(teedev->dev.devt),
853                         MINOR(teedev->dev.devt), rc);
854                 goto err_device_add;
855         }
856
857         rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group);
858         if (rc) {
859                 dev_err(&teedev->dev,
860                         "failed to create sysfs attributes, err=%d\n", rc);
861                 goto err_sysfs_create_group;
862         }
863
864         teedev->flags |= TEE_DEVICE_FLAG_REGISTERED;
865         return 0;
866
867 err_sysfs_create_group:
868         device_del(&teedev->dev);
869 err_device_add:
870         cdev_del(&teedev->cdev);
871         return rc;
872 }
873 EXPORT_SYMBOL_GPL(tee_device_register);
874
875 void tee_device_put(struct tee_device *teedev)
876 {
877         mutex_lock(&teedev->mutex);
878         /* Shouldn't put in this state */
879         if (!WARN_ON(!teedev->desc)) {
880                 teedev->num_users--;
881                 if (!teedev->num_users) {
882                         teedev->desc = NULL;
883                         complete(&teedev->c_no_users);
884                 }
885         }
886         mutex_unlock(&teedev->mutex);
887 }
888
889 bool tee_device_get(struct tee_device *teedev)
890 {
891         mutex_lock(&teedev->mutex);
892         if (!teedev->desc) {
893                 mutex_unlock(&teedev->mutex);
894                 return false;
895         }
896         teedev->num_users++;
897         mutex_unlock(&teedev->mutex);
898         return true;
899 }
900
901 /**
902  * tee_device_unregister() - Removes a TEE device
903  * @teedev:     Device to unregister
904  *
905  * This function should be called to remove the @teedev even if
906  * tee_device_register() hasn't been called yet. Does nothing if
907  * @teedev is NULL.
908  */
909 void tee_device_unregister(struct tee_device *teedev)
910 {
911         if (!teedev)
912                 return;
913
914         if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
915                 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group);
916                 cdev_del(&teedev->cdev);
917                 device_del(&teedev->dev);
918         }
919
920         tee_device_put(teedev);
921         wait_for_completion(&teedev->c_no_users);
922
923         /*
924          * No need to take a mutex any longer now since teedev->desc was
925          * set to NULL before teedev->c_no_users was completed.
926          */
927
928         teedev->pool = NULL;
929
930         put_device(&teedev->dev);
931 }
932 EXPORT_SYMBOL_GPL(tee_device_unregister);
933
934 /**
935  * tee_get_drvdata() - Return driver_data pointer
936  * @teedev:     Device containing the driver_data pointer
937  * @returns the driver_data pointer supplied to tee_register().
938  */
939 void *tee_get_drvdata(struct tee_device *teedev)
940 {
941         return dev_get_drvdata(&teedev->dev);
942 }
943 EXPORT_SYMBOL_GPL(tee_get_drvdata);
944
945 struct match_dev_data {
946         struct tee_ioctl_version_data *vers;
947         const void *data;
948         int (*match)(struct tee_ioctl_version_data *, const void *);
949 };
950
951 static int match_dev(struct device *dev, const void *data)
952 {
953         const struct match_dev_data *match_data = data;
954         struct tee_device *teedev = container_of(dev, struct tee_device, dev);
955
956         teedev->desc->ops->get_version(teedev, match_data->vers);
957         return match_data->match(match_data->vers, match_data->data);
958 }
959
960 struct tee_context *
961 tee_client_open_context(struct tee_context *start,
962                         int (*match)(struct tee_ioctl_version_data *,
963                                      const void *),
964                         const void *data, struct tee_ioctl_version_data *vers)
965 {
966         struct device *dev = NULL;
967         struct device *put_dev = NULL;
968         struct tee_context *ctx = NULL;
969         struct tee_ioctl_version_data v;
970         struct match_dev_data match_data = { vers ? vers : &v, data, match };
971
972         if (start)
973                 dev = &start->teedev->dev;
974
975         do {
976                 dev = class_find_device(tee_class, dev, &match_data, match_dev);
977                 if (!dev) {
978                         ctx = ERR_PTR(-ENOENT);
979                         break;
980                 }
981
982                 put_device(put_dev);
983                 put_dev = dev;
984
985                 ctx = teedev_open(container_of(dev, struct tee_device, dev));
986         } while (IS_ERR(ctx) && PTR_ERR(ctx) != -ENOMEM);
987
988         put_device(put_dev);
989         /*
990          * Default behaviour for in kernel client is to not wait for
991          * tee-supplicant if not present for any requests in this context.
992          * Also this flag could be configured again before call to
993          * tee_client_open_session() if any in kernel client requires
994          * different behaviour.
995          */
996         ctx->supp_nowait = true;
997         return ctx;
998 }
999 EXPORT_SYMBOL_GPL(tee_client_open_context);
1000
1001 void tee_client_close_context(struct tee_context *ctx)
1002 {
1003         teedev_close_context(ctx);
1004 }
1005 EXPORT_SYMBOL_GPL(tee_client_close_context);
1006
1007 void tee_client_get_version(struct tee_context *ctx,
1008                             struct tee_ioctl_version_data *vers)
1009 {
1010         ctx->teedev->desc->ops->get_version(ctx->teedev, vers);
1011 }
1012 EXPORT_SYMBOL_GPL(tee_client_get_version);
1013
1014 int tee_client_open_session(struct tee_context *ctx,
1015                             struct tee_ioctl_open_session_arg *arg,
1016                             struct tee_param *param)
1017 {
1018         if (!ctx->teedev->desc->ops->open_session)
1019                 return -EINVAL;
1020         return ctx->teedev->desc->ops->open_session(ctx, arg, param);
1021 }
1022 EXPORT_SYMBOL_GPL(tee_client_open_session);
1023
1024 int tee_client_close_session(struct tee_context *ctx, u32 session)
1025 {
1026         if (!ctx->teedev->desc->ops->close_session)
1027                 return -EINVAL;
1028         return ctx->teedev->desc->ops->close_session(ctx, session);
1029 }
1030 EXPORT_SYMBOL_GPL(tee_client_close_session);
1031
1032 int tee_client_invoke_func(struct tee_context *ctx,
1033                            struct tee_ioctl_invoke_arg *arg,
1034                            struct tee_param *param)
1035 {
1036         if (!ctx->teedev->desc->ops->invoke_func)
1037                 return -EINVAL;
1038         return ctx->teedev->desc->ops->invoke_func(ctx, arg, param);
1039 }
1040 EXPORT_SYMBOL_GPL(tee_client_invoke_func);
1041
1042 static int tee_client_device_match(struct device *dev,
1043                                    struct device_driver *drv)
1044 {
1045         const struct tee_client_device_id *id_table;
1046         struct tee_client_device *tee_device;
1047
1048         id_table = to_tee_client_driver(drv)->id_table;
1049         tee_device = to_tee_client_device(dev);
1050
1051         while (!uuid_is_null(&id_table->uuid)) {
1052                 if (uuid_equal(&tee_device->id.uuid, &id_table->uuid))
1053                         return 1;
1054                 id_table++;
1055         }
1056
1057         return 0;
1058 }
1059
1060 static int tee_client_device_uevent(struct device *dev,
1061                                     struct kobj_uevent_env *env)
1062 {
1063         uuid_t *dev_id = &to_tee_client_device(dev)->id.uuid;
1064
1065         return add_uevent_var(env, "MODALIAS=tee:%pUb", dev_id);
1066 }
1067
1068 struct bus_type tee_bus_type = {
1069         .name           = "tee",
1070         .match          = tee_client_device_match,
1071         .uevent         = tee_client_device_uevent,
1072 };
1073 EXPORT_SYMBOL_GPL(tee_bus_type);
1074
1075 static int __init tee_init(void)
1076 {
1077         int rc;
1078
1079         tee_class = class_create(THIS_MODULE, "tee");
1080         if (IS_ERR(tee_class)) {
1081                 pr_err("couldn't create class\n");
1082                 return PTR_ERR(tee_class);
1083         }
1084
1085         rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee");
1086         if (rc) {
1087                 pr_err("failed to allocate char dev region\n");
1088                 goto out_unreg_class;
1089         }
1090
1091         rc = bus_register(&tee_bus_type);
1092         if (rc) {
1093                 pr_err("failed to register tee bus\n");
1094                 goto out_unreg_chrdev;
1095         }
1096
1097         return 0;
1098
1099 out_unreg_chrdev:
1100         unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
1101 out_unreg_class:
1102         class_destroy(tee_class);
1103         tee_class = NULL;
1104
1105         return rc;
1106 }
1107
1108 static void __exit tee_exit(void)
1109 {
1110         bus_unregister(&tee_bus_type);
1111         unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
1112         class_destroy(tee_class);
1113         tee_class = NULL;
1114 }
1115
1116 subsys_initcall(tee_init);
1117 module_exit(tee_exit);
1118
1119 MODULE_AUTHOR("Linaro");
1120 MODULE_DESCRIPTION("TEE Driver");
1121 MODULE_VERSION("1.0");
1122 MODULE_LICENSE("GPL v2");
Unnamed repository; edit this file 'description' to name the repository.