]>
Commit | Line | Data |
---|---|---|
967c9cca JW |
1 | /* |
2 | * Copyright (c) 2015-2016, Linaro Limited | |
3 | * | |
4 | * This software is licensed under the terms of the GNU General Public | |
5 | * License version 2, as published by the Free Software Foundation, and | |
6 | * may be copied, distributed, and modified under those terms. | |
7 | * | |
8 | * This program is distributed in the hope that it will be useful, | |
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | * GNU General Public License for more details. | |
12 | * | |
13 | */ | |
14 | ||
15 | #define pr_fmt(fmt) "%s: " fmt, __func__ | |
16 | ||
17 | #include <linux/cdev.h> | |
18 | #include <linux/device.h> | |
19 | #include <linux/fs.h> | |
20 | #include <linux/idr.h> | |
21 | #include <linux/module.h> | |
22 | #include <linux/slab.h> | |
23 | #include <linux/tee_drv.h> | |
24 | #include <linux/uaccess.h> | |
25 | #include "tee_private.h" | |
26 | ||
27 | #define TEE_NUM_DEVICES 32 | |
28 | ||
29 | #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) | |
30 | ||
31 | /* | |
32 | * Unprivileged devices in the lower half range and privileged devices in | |
33 | * the upper half range. | |
34 | */ | |
35 | static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES); | |
36 | static DEFINE_SPINLOCK(driver_lock); | |
37 | ||
38 | static struct class *tee_class; | |
39 | static dev_t tee_devt; | |
40 | ||
41 | static int tee_open(struct inode *inode, struct file *filp) | |
42 | { | |
43 | int rc; | |
44 | struct tee_device *teedev; | |
45 | struct tee_context *ctx; | |
46 | ||
47 | teedev = container_of(inode->i_cdev, struct tee_device, cdev); | |
48 | if (!tee_device_get(teedev)) | |
49 | return -EINVAL; | |
50 | ||
51 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | |
52 | if (!ctx) { | |
53 | rc = -ENOMEM; | |
54 | goto err; | |
55 | } | |
56 | ||
57 | ctx->teedev = teedev; | |
58 | INIT_LIST_HEAD(&ctx->list_shm); | |
59 | filp->private_data = ctx; | |
60 | rc = teedev->desc->ops->open(ctx); | |
61 | if (rc) | |
62 | goto err; | |
63 | ||
64 | return 0; | |
65 | err: | |
66 | kfree(ctx); | |
67 | tee_device_put(teedev); | |
68 | return rc; | |
69 | } | |
70 | ||
71 | static int tee_release(struct inode *inode, struct file *filp) | |
72 | { | |
73 | struct tee_context *ctx = filp->private_data; | |
74 | struct tee_device *teedev = ctx->teedev; | |
75 | struct tee_shm *shm; | |
76 | ||
77 | ctx->teedev->desc->ops->release(ctx); | |
78 | mutex_lock(&ctx->teedev->mutex); | |
79 | list_for_each_entry(shm, &ctx->list_shm, link) | |
80 | shm->ctx = NULL; | |
81 | mutex_unlock(&ctx->teedev->mutex); | |
82 | kfree(ctx); | |
83 | tee_device_put(teedev); | |
84 | return 0; | |
85 | } | |
86 | ||
87 | static int tee_ioctl_version(struct tee_context *ctx, | |
88 | struct tee_ioctl_version_data __user *uvers) | |
89 | { | |
90 | struct tee_ioctl_version_data vers; | |
91 | ||
92 | ctx->teedev->desc->ops->get_version(ctx->teedev, &vers); | |
93 | if (copy_to_user(uvers, &vers, sizeof(vers))) | |
94 | return -EFAULT; | |
95 | return 0; | |
96 | } | |
97 | ||
98 | static int tee_ioctl_shm_alloc(struct tee_context *ctx, | |
99 | struct tee_ioctl_shm_alloc_data __user *udata) | |
100 | { | |
101 | long ret; | |
102 | struct tee_ioctl_shm_alloc_data data; | |
103 | struct tee_shm *shm; | |
104 | ||
105 | if (copy_from_user(&data, udata, sizeof(data))) | |
106 | return -EFAULT; | |
107 | ||
108 | /* Currently no input flags are supported */ | |
109 | if (data.flags) | |
110 | return -EINVAL; | |
111 | ||
112 | data.id = -1; | |
113 | ||
114 | shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF); | |
115 | if (IS_ERR(shm)) | |
116 | return PTR_ERR(shm); | |
117 | ||
118 | data.id = shm->id; | |
119 | data.flags = shm->flags; | |
120 | data.size = shm->size; | |
121 | ||
122 | if (copy_to_user(udata, &data, sizeof(data))) | |
123 | ret = -EFAULT; | |
124 | else | |
125 | ret = tee_shm_get_fd(shm); | |
126 | ||
127 | /* | |
128 | * When user space closes the file descriptor the shared memory | |
129 | * should be freed or if tee_shm_get_fd() failed then it will | |
130 | * be freed immediately. | |
131 | */ | |
132 | tee_shm_put(shm); | |
133 | return ret; | |
134 | } | |
135 | ||
136 | static int params_from_user(struct tee_context *ctx, struct tee_param *params, | |
137 | size_t num_params, | |
138 | struct tee_ioctl_param __user *uparams) | |
139 | { | |
140 | size_t n; | |
141 | ||
142 | for (n = 0; n < num_params; n++) { | |
143 | struct tee_shm *shm; | |
144 | struct tee_ioctl_param ip; | |
145 | ||
146 | if (copy_from_user(&ip, uparams + n, sizeof(ip))) | |
147 | return -EFAULT; | |
148 | ||
149 | /* All unused attribute bits has to be zero */ | |
150 | if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) | |
151 | return -EINVAL; | |
152 | ||
153 | params[n].attr = ip.attr; | |
154 | switch (ip.attr) { | |
155 | case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: | |
156 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: | |
157 | break; | |
158 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: | |
159 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: | |
160 | params[n].u.value.a = ip.a; | |
161 | params[n].u.value.b = ip.b; | |
162 | params[n].u.value.c = ip.c; | |
163 | break; | |
164 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: | |
165 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: | |
166 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: | |
167 | /* | |
168 | * If we fail to get a pointer to a shared memory | |
169 | * object (and increase the ref count) from an | |
170 | * identifier we return an error. All pointers that | |
171 | * has been added in params have an increased ref | |
172 | * count. It's the callers responibility to do | |
173 | * tee_shm_put() on all resolved pointers. | |
174 | */ | |
175 | shm = tee_shm_get_from_id(ctx, ip.c); | |
176 | if (IS_ERR(shm)) | |
177 | return PTR_ERR(shm); | |
178 | ||
179 | params[n].u.memref.shm_offs = ip.a; | |
180 | params[n].u.memref.size = ip.b; | |
181 | params[n].u.memref.shm = shm; | |
182 | break; | |
183 | default: | |
184 | /* Unknown attribute */ | |
185 | return -EINVAL; | |
186 | } | |
187 | } | |
188 | return 0; | |
189 | } | |
190 | ||
191 | static int params_to_user(struct tee_ioctl_param __user *uparams, | |
192 | size_t num_params, struct tee_param *params) | |
193 | { | |
194 | size_t n; | |
195 | ||
196 | for (n = 0; n < num_params; n++) { | |
197 | struct tee_ioctl_param __user *up = uparams + n; | |
198 | struct tee_param *p = params + n; | |
199 | ||
200 | switch (p->attr) { | |
201 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: | |
202 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: | |
203 | if (put_user(p->u.value.a, &up->a) || | |
204 | put_user(p->u.value.b, &up->b) || | |
205 | put_user(p->u.value.c, &up->c)) | |
206 | return -EFAULT; | |
207 | break; | |
208 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: | |
209 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: | |
210 | if (put_user((u64)p->u.memref.size, &up->b)) | |
211 | return -EFAULT; | |
212 | default: | |
213 | break; | |
214 | } | |
215 | } | |
216 | return 0; | |
217 | } | |
218 | ||
219 | static bool param_is_memref(struct tee_param *param) | |
220 | { | |
221 | switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { | |
222 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: | |
223 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: | |
224 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: | |
225 | return true; | |
226 | default: | |
227 | return false; | |
228 | } | |
229 | } | |
230 | ||
231 | static int tee_ioctl_open_session(struct tee_context *ctx, | |
232 | struct tee_ioctl_buf_data __user *ubuf) | |
233 | { | |
234 | int rc; | |
235 | size_t n; | |
236 | struct tee_ioctl_buf_data buf; | |
237 | struct tee_ioctl_open_session_arg __user *uarg; | |
238 | struct tee_ioctl_open_session_arg arg; | |
239 | struct tee_ioctl_param __user *uparams = NULL; | |
240 | struct tee_param *params = NULL; | |
241 | bool have_session = false; | |
242 | ||
243 | if (!ctx->teedev->desc->ops->open_session) | |
244 | return -EINVAL; | |
245 | ||
246 | if (copy_from_user(&buf, ubuf, sizeof(buf))) | |
247 | return -EFAULT; | |
248 | ||
249 | if (buf.buf_len > TEE_MAX_ARG_SIZE || | |
250 | buf.buf_len < sizeof(struct tee_ioctl_open_session_arg)) | |
251 | return -EINVAL; | |
252 | ||
253 | uarg = u64_to_user_ptr(buf.buf_ptr); | |
254 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
255 | return -EFAULT; | |
256 | ||
257 | if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) | |
258 | return -EINVAL; | |
259 | ||
260 | if (arg.num_params) { | |
261 | params = kcalloc(arg.num_params, sizeof(struct tee_param), | |
262 | GFP_KERNEL); | |
263 | if (!params) | |
264 | return -ENOMEM; | |
265 | uparams = uarg->params; | |
266 | rc = params_from_user(ctx, params, arg.num_params, uparams); | |
267 | if (rc) | |
268 | goto out; | |
269 | } | |
270 | ||
271 | rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); | |
272 | if (rc) | |
273 | goto out; | |
274 | have_session = true; | |
275 | ||
276 | if (put_user(arg.session, &uarg->session) || | |
277 | put_user(arg.ret, &uarg->ret) || | |
278 | put_user(arg.ret_origin, &uarg->ret_origin)) { | |
279 | rc = -EFAULT; | |
280 | goto out; | |
281 | } | |
282 | rc = params_to_user(uparams, arg.num_params, params); | |
283 | out: | |
284 | /* | |
285 | * If we've succeeded to open the session but failed to communicate | |
286 | * it back to user space, close the session again to avoid leakage. | |
287 | */ | |
288 | if (rc && have_session && ctx->teedev->desc->ops->close_session) | |
289 | ctx->teedev->desc->ops->close_session(ctx, arg.session); | |
290 | ||
291 | if (params) { | |
292 | /* Decrease ref count for all valid shared memory pointers */ | |
293 | for (n = 0; n < arg.num_params; n++) | |
294 | if (param_is_memref(params + n) && | |
295 | params[n].u.memref.shm) | |
296 | tee_shm_put(params[n].u.memref.shm); | |
297 | kfree(params); | |
298 | } | |
299 | ||
300 | return rc; | |
301 | } | |
302 | ||
303 | static int tee_ioctl_invoke(struct tee_context *ctx, | |
304 | struct tee_ioctl_buf_data __user *ubuf) | |
305 | { | |
306 | int rc; | |
307 | size_t n; | |
308 | struct tee_ioctl_buf_data buf; | |
309 | struct tee_ioctl_invoke_arg __user *uarg; | |
310 | struct tee_ioctl_invoke_arg arg; | |
311 | struct tee_ioctl_param __user *uparams = NULL; | |
312 | struct tee_param *params = NULL; | |
313 | ||
314 | if (!ctx->teedev->desc->ops->invoke_func) | |
315 | return -EINVAL; | |
316 | ||
317 | if (copy_from_user(&buf, ubuf, sizeof(buf))) | |
318 | return -EFAULT; | |
319 | ||
320 | if (buf.buf_len > TEE_MAX_ARG_SIZE || | |
321 | buf.buf_len < sizeof(struct tee_ioctl_invoke_arg)) | |
322 | return -EINVAL; | |
323 | ||
324 | uarg = u64_to_user_ptr(buf.buf_ptr); | |
325 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
326 | return -EFAULT; | |
327 | ||
328 | if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len) | |
329 | return -EINVAL; | |
330 | ||
331 | if (arg.num_params) { | |
332 | params = kcalloc(arg.num_params, sizeof(struct tee_param), | |
333 | GFP_KERNEL); | |
334 | if (!params) | |
335 | return -ENOMEM; | |
336 | uparams = uarg->params; | |
337 | rc = params_from_user(ctx, params, arg.num_params, uparams); | |
338 | if (rc) | |
339 | goto out; | |
340 | } | |
341 | ||
342 | rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params); | |
343 | if (rc) | |
344 | goto out; | |
345 | ||
346 | if (put_user(arg.ret, &uarg->ret) || | |
347 | put_user(arg.ret_origin, &uarg->ret_origin)) { | |
348 | rc = -EFAULT; | |
349 | goto out; | |
350 | } | |
351 | rc = params_to_user(uparams, arg.num_params, params); | |
352 | out: | |
353 | if (params) { | |
354 | /* Decrease ref count for all valid shared memory pointers */ | |
355 | for (n = 0; n < arg.num_params; n++) | |
356 | if (param_is_memref(params + n) && | |
357 | params[n].u.memref.shm) | |
358 | tee_shm_put(params[n].u.memref.shm); | |
359 | kfree(params); | |
360 | } | |
361 | return rc; | |
362 | } | |
363 | ||
364 | static int tee_ioctl_cancel(struct tee_context *ctx, | |
365 | struct tee_ioctl_cancel_arg __user *uarg) | |
366 | { | |
367 | struct tee_ioctl_cancel_arg arg; | |
368 | ||
369 | if (!ctx->teedev->desc->ops->cancel_req) | |
370 | return -EINVAL; | |
371 | ||
372 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
373 | return -EFAULT; | |
374 | ||
375 | return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id, | |
376 | arg.session); | |
377 | } | |
378 | ||
379 | static int | |
380 | tee_ioctl_close_session(struct tee_context *ctx, | |
381 | struct tee_ioctl_close_session_arg __user *uarg) | |
382 | { | |
383 | struct tee_ioctl_close_session_arg arg; | |
384 | ||
385 | if (!ctx->teedev->desc->ops->close_session) | |
386 | return -EINVAL; | |
387 | ||
388 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
389 | return -EFAULT; | |
390 | ||
391 | return ctx->teedev->desc->ops->close_session(ctx, arg.session); | |
392 | } | |
393 | ||
394 | static int params_to_supp(struct tee_context *ctx, | |
395 | struct tee_ioctl_param __user *uparams, | |
396 | size_t num_params, struct tee_param *params) | |
397 | { | |
398 | size_t n; | |
399 | ||
400 | for (n = 0; n < num_params; n++) { | |
401 | struct tee_ioctl_param ip; | |
402 | struct tee_param *p = params + n; | |
403 | ||
404 | ip.attr = p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK; | |
405 | switch (p->attr) { | |
406 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: | |
407 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: | |
408 | ip.a = p->u.value.a; | |
409 | ip.b = p->u.value.b; | |
410 | ip.c = p->u.value.c; | |
411 | break; | |
412 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: | |
413 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: | |
414 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: | |
415 | ip.b = p->u.memref.size; | |
416 | if (!p->u.memref.shm) { | |
417 | ip.a = 0; | |
418 | ip.c = (u64)-1; /* invalid shm id */ | |
419 | break; | |
420 | } | |
421 | ip.a = p->u.memref.shm_offs; | |
422 | ip.c = p->u.memref.shm->id; | |
423 | break; | |
424 | default: | |
425 | ip.a = 0; | |
426 | ip.b = 0; | |
427 | ip.c = 0; | |
428 | break; | |
429 | } | |
430 | ||
431 | if (copy_to_user(uparams + n, &ip, sizeof(ip))) | |
432 | return -EFAULT; | |
433 | } | |
434 | ||
435 | return 0; | |
436 | } | |
437 | ||
438 | static int tee_ioctl_supp_recv(struct tee_context *ctx, | |
439 | struct tee_ioctl_buf_data __user *ubuf) | |
440 | { | |
441 | int rc; | |
442 | struct tee_ioctl_buf_data buf; | |
443 | struct tee_iocl_supp_recv_arg __user *uarg; | |
444 | struct tee_param *params; | |
445 | u32 num_params; | |
446 | u32 func; | |
447 | ||
448 | if (!ctx->teedev->desc->ops->supp_recv) | |
449 | return -EINVAL; | |
450 | ||
451 | if (copy_from_user(&buf, ubuf, sizeof(buf))) | |
452 | return -EFAULT; | |
453 | ||
454 | if (buf.buf_len > TEE_MAX_ARG_SIZE || | |
455 | buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg)) | |
456 | return -EINVAL; | |
457 | ||
458 | uarg = u64_to_user_ptr(buf.buf_ptr); | |
459 | if (get_user(num_params, &uarg->num_params)) | |
460 | return -EFAULT; | |
461 | ||
462 | if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len) | |
463 | return -EINVAL; | |
464 | ||
465 | params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); | |
466 | if (!params) | |
467 | return -ENOMEM; | |
468 | ||
469 | rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params); | |
470 | if (rc) | |
471 | goto out; | |
472 | ||
473 | if (put_user(func, &uarg->func) || | |
474 | put_user(num_params, &uarg->num_params)) { | |
475 | rc = -EFAULT; | |
476 | goto out; | |
477 | } | |
478 | ||
479 | rc = params_to_supp(ctx, uarg->params, num_params, params); | |
480 | out: | |
481 | kfree(params); | |
482 | return rc; | |
483 | } | |
484 | ||
485 | static int params_from_supp(struct tee_param *params, size_t num_params, | |
486 | struct tee_ioctl_param __user *uparams) | |
487 | { | |
488 | size_t n; | |
489 | ||
490 | for (n = 0; n < num_params; n++) { | |
491 | struct tee_param *p = params + n; | |
492 | struct tee_ioctl_param ip; | |
493 | ||
494 | if (copy_from_user(&ip, uparams + n, sizeof(ip))) | |
495 | return -EFAULT; | |
496 | ||
497 | /* All unused attribute bits has to be zero */ | |
498 | if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK) | |
499 | return -EINVAL; | |
500 | ||
501 | p->attr = ip.attr; | |
502 | switch (ip.attr) { | |
503 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: | |
504 | case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: | |
505 | /* Only out and in/out values can be updated */ | |
506 | p->u.value.a = ip.a; | |
507 | p->u.value.b = ip.b; | |
508 | p->u.value.c = ip.c; | |
509 | break; | |
510 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: | |
511 | case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: | |
512 | /* | |
513 | * Only the size of the memref can be updated. | |
514 | * Since we don't have access to the original | |
515 | * parameters here, only store the supplied size. | |
516 | * The driver will copy the updated size into the | |
517 | * original parameters. | |
518 | */ | |
519 | p->u.memref.shm = NULL; | |
520 | p->u.memref.shm_offs = 0; | |
521 | p->u.memref.size = ip.b; | |
522 | break; | |
523 | default: | |
524 | memset(&p->u, 0, sizeof(p->u)); | |
525 | break; | |
526 | } | |
527 | } | |
528 | return 0; | |
529 | } | |
530 | ||
531 | static int tee_ioctl_supp_send(struct tee_context *ctx, | |
532 | struct tee_ioctl_buf_data __user *ubuf) | |
533 | { | |
534 | long rc; | |
535 | struct tee_ioctl_buf_data buf; | |
536 | struct tee_iocl_supp_send_arg __user *uarg; | |
537 | struct tee_param *params; | |
538 | u32 num_params; | |
539 | u32 ret; | |
540 | ||
541 | /* Not valid for this driver */ | |
542 | if (!ctx->teedev->desc->ops->supp_send) | |
543 | return -EINVAL; | |
544 | ||
545 | if (copy_from_user(&buf, ubuf, sizeof(buf))) | |
546 | return -EFAULT; | |
547 | ||
548 | if (buf.buf_len > TEE_MAX_ARG_SIZE || | |
549 | buf.buf_len < sizeof(struct tee_iocl_supp_send_arg)) | |
550 | return -EINVAL; | |
551 | ||
552 | uarg = u64_to_user_ptr(buf.buf_ptr); | |
553 | if (get_user(ret, &uarg->ret) || | |
554 | get_user(num_params, &uarg->num_params)) | |
555 | return -EFAULT; | |
556 | ||
557 | if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len) | |
558 | return -EINVAL; | |
559 | ||
560 | params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL); | |
561 | if (!params) | |
562 | return -ENOMEM; | |
563 | ||
564 | rc = params_from_supp(params, num_params, uarg->params); | |
565 | if (rc) | |
566 | goto out; | |
567 | ||
568 | rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params); | |
569 | out: | |
570 | kfree(params); | |
571 | return rc; | |
572 | } | |
573 | ||
574 | static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) | |
575 | { | |
576 | struct tee_context *ctx = filp->private_data; | |
577 | void __user *uarg = (void __user *)arg; | |
578 | ||
579 | switch (cmd) { | |
580 | case TEE_IOC_VERSION: | |
581 | return tee_ioctl_version(ctx, uarg); | |
582 | case TEE_IOC_SHM_ALLOC: | |
583 | return tee_ioctl_shm_alloc(ctx, uarg); | |
584 | case TEE_IOC_OPEN_SESSION: | |
585 | return tee_ioctl_open_session(ctx, uarg); | |
586 | case TEE_IOC_INVOKE: | |
587 | return tee_ioctl_invoke(ctx, uarg); | |
588 | case TEE_IOC_CANCEL: | |
589 | return tee_ioctl_cancel(ctx, uarg); | |
590 | case TEE_IOC_CLOSE_SESSION: | |
591 | return tee_ioctl_close_session(ctx, uarg); | |
592 | case TEE_IOC_SUPPL_RECV: | |
593 | return tee_ioctl_supp_recv(ctx, uarg); | |
594 | case TEE_IOC_SUPPL_SEND: | |
595 | return tee_ioctl_supp_send(ctx, uarg); | |
596 | default: | |
597 | return -EINVAL; | |
598 | } | |
599 | } | |
600 | ||
601 | static const struct file_operations tee_fops = { | |
602 | .owner = THIS_MODULE, | |
603 | .open = tee_open, | |
604 | .release = tee_release, | |
605 | .unlocked_ioctl = tee_ioctl, | |
606 | .compat_ioctl = tee_ioctl, | |
607 | }; | |
608 | ||
609 | static void tee_release_device(struct device *dev) | |
610 | { | |
611 | struct tee_device *teedev = container_of(dev, struct tee_device, dev); | |
612 | ||
613 | spin_lock(&driver_lock); | |
614 | clear_bit(teedev->id, dev_mask); | |
615 | spin_unlock(&driver_lock); | |
616 | mutex_destroy(&teedev->mutex); | |
617 | idr_destroy(&teedev->idr); | |
618 | kfree(teedev); | |
619 | } | |
620 | ||
621 | /** | |
622 | * tee_device_alloc() - Allocate a new struct tee_device instance | |
623 | * @teedesc: Descriptor for this driver | |
624 | * @dev: Parent device for this device | |
625 | * @pool: Shared memory pool, NULL if not used | |
626 | * @driver_data: Private driver data for this device | |
627 | * | |
628 | * Allocates a new struct tee_device instance. The device is | |
629 | * removed by tee_device_unregister(). | |
630 | * | |
631 | * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure | |
632 | */ | |
633 | struct tee_device *tee_device_alloc(const struct tee_desc *teedesc, | |
634 | struct device *dev, | |
635 | struct tee_shm_pool *pool, | |
636 | void *driver_data) | |
637 | { | |
638 | struct tee_device *teedev; | |
639 | void *ret; | |
640 | int rc; | |
641 | int offs = 0; | |
642 | ||
643 | if (!teedesc || !teedesc->name || !teedesc->ops || | |
644 | !teedesc->ops->get_version || !teedesc->ops->open || | |
645 | !teedesc->ops->release || !pool) | |
646 | return ERR_PTR(-EINVAL); | |
647 | ||
648 | teedev = kzalloc(sizeof(*teedev), GFP_KERNEL); | |
649 | if (!teedev) { | |
650 | ret = ERR_PTR(-ENOMEM); | |
651 | goto err; | |
652 | } | |
653 | ||
654 | if (teedesc->flags & TEE_DESC_PRIVILEGED) | |
655 | offs = TEE_NUM_DEVICES / 2; | |
656 | ||
657 | spin_lock(&driver_lock); | |
658 | teedev->id = find_next_zero_bit(dev_mask, TEE_NUM_DEVICES, offs); | |
659 | if (teedev->id < TEE_NUM_DEVICES) | |
660 | set_bit(teedev->id, dev_mask); | |
661 | spin_unlock(&driver_lock); | |
662 | ||
663 | if (teedev->id >= TEE_NUM_DEVICES) { | |
664 | ret = ERR_PTR(-ENOMEM); | |
665 | goto err; | |
666 | } | |
667 | ||
668 | snprintf(teedev->name, sizeof(teedev->name), "tee%s%d", | |
669 | teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "", | |
670 | teedev->id - offs); | |
671 | ||
672 | teedev->dev.class = tee_class; | |
673 | teedev->dev.release = tee_release_device; | |
674 | teedev->dev.parent = dev; | |
675 | ||
676 | teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id); | |
677 | ||
678 | rc = dev_set_name(&teedev->dev, "%s", teedev->name); | |
679 | if (rc) { | |
680 | ret = ERR_PTR(rc); | |
681 | goto err_devt; | |
682 | } | |
683 | ||
684 | cdev_init(&teedev->cdev, &tee_fops); | |
685 | teedev->cdev.owner = teedesc->owner; | |
686 | teedev->cdev.kobj.parent = &teedev->dev.kobj; | |
687 | ||
688 | dev_set_drvdata(&teedev->dev, driver_data); | |
689 | device_initialize(&teedev->dev); | |
690 | ||
691 | /* 1 as tee_device_unregister() does one final tee_device_put() */ | |
692 | teedev->num_users = 1; | |
693 | init_completion(&teedev->c_no_users); | |
694 | mutex_init(&teedev->mutex); | |
695 | idr_init(&teedev->idr); | |
696 | ||
697 | teedev->desc = teedesc; | |
698 | teedev->pool = pool; | |
699 | ||
700 | return teedev; | |
701 | err_devt: | |
702 | unregister_chrdev_region(teedev->dev.devt, 1); | |
703 | err: | |
704 | pr_err("could not register %s driver\n", | |
705 | teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client"); | |
706 | if (teedev && teedev->id < TEE_NUM_DEVICES) { | |
707 | spin_lock(&driver_lock); | |
708 | clear_bit(teedev->id, dev_mask); | |
709 | spin_unlock(&driver_lock); | |
710 | } | |
711 | kfree(teedev); | |
712 | return ret; | |
713 | } | |
714 | EXPORT_SYMBOL_GPL(tee_device_alloc); | |
715 | ||
716 | static ssize_t implementation_id_show(struct device *dev, | |
717 | struct device_attribute *attr, char *buf) | |
718 | { | |
719 | struct tee_device *teedev = container_of(dev, struct tee_device, dev); | |
720 | struct tee_ioctl_version_data vers; | |
721 | ||
722 | teedev->desc->ops->get_version(teedev, &vers); | |
723 | return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id); | |
724 | } | |
725 | static DEVICE_ATTR_RO(implementation_id); | |
726 | ||
727 | static struct attribute *tee_dev_attrs[] = { | |
728 | &dev_attr_implementation_id.attr, | |
729 | NULL | |
730 | }; | |
731 | ||
732 | static const struct attribute_group tee_dev_group = { | |
733 | .attrs = tee_dev_attrs, | |
734 | }; | |
735 | ||
736 | /** | |
737 | * tee_device_register() - Registers a TEE device | |
738 | * @teedev: Device to register | |
739 | * | |
740 | * tee_device_unregister() need to be called to remove the @teedev if | |
741 | * this function fails. | |
742 | * | |
743 | * @returns < 0 on failure | |
744 | */ | |
745 | int tee_device_register(struct tee_device *teedev) | |
746 | { | |
747 | int rc; | |
748 | ||
749 | if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { | |
750 | dev_err(&teedev->dev, "attempt to register twice\n"); | |
751 | return -EINVAL; | |
752 | } | |
753 | ||
754 | rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1); | |
755 | if (rc) { | |
756 | dev_err(&teedev->dev, | |
757 | "unable to cdev_add() %s, major %d, minor %d, err=%d\n", | |
758 | teedev->name, MAJOR(teedev->dev.devt), | |
759 | MINOR(teedev->dev.devt), rc); | |
760 | return rc; | |
761 | } | |
762 | ||
763 | rc = device_add(&teedev->dev); | |
764 | if (rc) { | |
765 | dev_err(&teedev->dev, | |
766 | "unable to device_add() %s, major %d, minor %d, err=%d\n", | |
767 | teedev->name, MAJOR(teedev->dev.devt), | |
768 | MINOR(teedev->dev.devt), rc); | |
769 | goto err_device_add; | |
770 | } | |
771 | ||
772 | rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group); | |
773 | if (rc) { | |
774 | dev_err(&teedev->dev, | |
775 | "failed to create sysfs attributes, err=%d\n", rc); | |
776 | goto err_sysfs_create_group; | |
777 | } | |
778 | ||
779 | teedev->flags |= TEE_DEVICE_FLAG_REGISTERED; | |
780 | return 0; | |
781 | ||
782 | err_sysfs_create_group: | |
783 | device_del(&teedev->dev); | |
784 | err_device_add: | |
785 | cdev_del(&teedev->cdev); | |
786 | return rc; | |
787 | } | |
788 | EXPORT_SYMBOL_GPL(tee_device_register); | |
789 | ||
790 | void tee_device_put(struct tee_device *teedev) | |
791 | { | |
792 | mutex_lock(&teedev->mutex); | |
793 | /* Shouldn't put in this state */ | |
794 | if (!WARN_ON(!teedev->desc)) { | |
795 | teedev->num_users--; | |
796 | if (!teedev->num_users) { | |
797 | teedev->desc = NULL; | |
798 | complete(&teedev->c_no_users); | |
799 | } | |
800 | } | |
801 | mutex_unlock(&teedev->mutex); | |
802 | } | |
803 | ||
804 | bool tee_device_get(struct tee_device *teedev) | |
805 | { | |
806 | mutex_lock(&teedev->mutex); | |
807 | if (!teedev->desc) { | |
808 | mutex_unlock(&teedev->mutex); | |
809 | return false; | |
810 | } | |
811 | teedev->num_users++; | |
812 | mutex_unlock(&teedev->mutex); | |
813 | return true; | |
814 | } | |
815 | ||
816 | /** | |
817 | * tee_device_unregister() - Removes a TEE device | |
818 | * @teedev: Device to unregister | |
819 | * | |
820 | * This function should be called to remove the @teedev even if | |
821 | * tee_device_register() hasn't been called yet. Does nothing if | |
822 | * @teedev is NULL. | |
823 | */ | |
824 | void tee_device_unregister(struct tee_device *teedev) | |
825 | { | |
826 | if (!teedev) | |
827 | return; | |
828 | ||
829 | if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) { | |
830 | sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group); | |
831 | cdev_del(&teedev->cdev); | |
832 | device_del(&teedev->dev); | |
833 | } | |
834 | ||
835 | tee_device_put(teedev); | |
836 | wait_for_completion(&teedev->c_no_users); | |
837 | ||
838 | /* | |
839 | * No need to take a mutex any longer now since teedev->desc was | |
840 | * set to NULL before teedev->c_no_users was completed. | |
841 | */ | |
842 | ||
843 | teedev->pool = NULL; | |
844 | ||
845 | put_device(&teedev->dev); | |
846 | } | |
847 | EXPORT_SYMBOL_GPL(tee_device_unregister); | |
848 | ||
849 | /** | |
850 | * tee_get_drvdata() - Return driver_data pointer | |
851 | * @teedev: Device containing the driver_data pointer | |
852 | * @returns the driver_data pointer supplied to tee_register(). | |
853 | */ | |
854 | void *tee_get_drvdata(struct tee_device *teedev) | |
855 | { | |
856 | return dev_get_drvdata(&teedev->dev); | |
857 | } | |
858 | EXPORT_SYMBOL_GPL(tee_get_drvdata); | |
859 | ||
860 | static int __init tee_init(void) | |
861 | { | |
862 | int rc; | |
863 | ||
864 | tee_class = class_create(THIS_MODULE, "tee"); | |
865 | if (IS_ERR(tee_class)) { | |
866 | pr_err("couldn't create class\n"); | |
867 | return PTR_ERR(tee_class); | |
868 | } | |
869 | ||
870 | rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee"); | |
871 | if (rc) { | |
872 | pr_err("failed to allocate char dev region\n"); | |
873 | class_destroy(tee_class); | |
874 | tee_class = NULL; | |
875 | } | |
876 | ||
877 | return rc; | |
878 | } | |
879 | ||
880 | static void __exit tee_exit(void) | |
881 | { | |
882 | class_destroy(tee_class); | |
883 | tee_class = NULL; | |
884 | unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES); | |
885 | } | |
886 | ||
887 | subsys_initcall(tee_init); | |
888 | module_exit(tee_exit); | |
889 | ||
890 | MODULE_AUTHOR("Linaro"); | |
891 | MODULE_DESCRIPTION("TEE Driver"); | |
892 | MODULE_VERSION("1.0"); | |
893 | MODULE_LICENSE("GPL v2"); |