]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blame - drivers/tee/tee_core.c
projects / mirror_ubuntu-focal-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
[mirror_ubuntu-focal-kernel.git] / drivers / tee / tee_core.c
CommitLineData
9c92ab61 1// SPDX-License-Identifier: GPL-2.0-only
967c9cca
JW		 2/*
3 * Copyright (c) 2015-2016, Linaro Limited
967c9cca
JW		 4 */
5
6#define pr_fmt(fmt) "%s: " fmt, __func__
7
8#include <linux/cdev.h>
967c9cca
JW		 9#include <linux/fs.h>
10#include <linux/idr.h>
11#include <linux/module.h>
12#include <linux/slab.h>
13#include <linux/tee_drv.h>
14#include <linux/uaccess.h>
15#include "tee_private.h"
16
17#define TEE_NUM_DEVICES 32
18
19#define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
20
21/*
22 * Unprivileged devices in the lower half range and privileged devices in
23 * the upper half range.
24 */
25static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES);
26static DEFINE_SPINLOCK(driver_lock);
27
28static struct class *tee_class;
29static dev_t tee_devt;
30
57db7a51 31struct tee_context *teedev_open(struct tee_device *teedev)
967c9cca
JW		 32{
33 int rc;
967c9cca
JW		 34 struct tee_context *ctx;
35
967c9cca 36 if (!tee_device_get(teedev))
25559c22 37 return ERR_PTR(-EINVAL);
967c9cca
JW		 38
39 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
40 if (!ctx) {
41 rc = -ENOMEM;
42 goto err;
43 }
44
217e0250 45 kref_init(&ctx->refcount);
967c9cca
JW		 46 ctx->teedev = teedev;
47 INIT_LIST_HEAD(&ctx->list_shm);
967c9cca
JW		 48 rc = teedev->desc->ops->open(ctx);
49 if (rc)
50 goto err;
51
25559c22 52 return ctx;
967c9cca
JW		 53err:
54 kfree(ctx);
55 tee_device_put(teedev);
25559c22
JW		 56 return ERR_PTR(rc);
57
967c9cca 58}
57db7a51 59EXPORT_SYMBOL_GPL(teedev_open);
967c9cca 60
217e0250 61void teedev_ctx_get(struct tee_context *ctx)
967c9cca 62{
217e0250
VB		 63 if (ctx->releasing)
64 return;
967c9cca 65
217e0250
VB		 66 kref_get(&ctx->refcount);
67}
68
69static void teedev_ctx_release(struct kref *ref)
70{
71 struct tee_context *ctx = container_of(ref, struct tee_context,
72 refcount);
73 ctx->releasing = true;
967c9cca 74 ctx->teedev->desc->ops->release(ctx);
967c9cca 75 kfree(ctx);
217e0250
VB		 76}
77
78void teedev_ctx_put(struct tee_context *ctx)
79{
80 if (ctx->releasing)
81 return;
82
83 kref_put(&ctx->refcount, teedev_ctx_release);
84}
85
57db7a51 86void teedev_close_context(struct tee_context *ctx)
217e0250 87{
6d1f1ef3
JW		 88 struct tee_device *teedev = ctx->teedev;
89
217e0250 90 teedev_ctx_put(ctx);
6d1f1ef3 91 tee_device_put(teedev);
217e0250 92}
57db7a51 93EXPORT_SYMBOL_GPL(teedev_close_context);
217e0250 94
25559c22
JW		 95static int tee_open(struct inode *inode, struct file *filp)
96{
97 struct tee_context *ctx;
98
99 ctx = teedev_open(container_of(inode->i_cdev, struct tee_device, cdev));
100 if (IS_ERR(ctx))
101 return PTR_ERR(ctx);
102
42bf4152
SG		 103 /*
104 * Default user-space behaviour is to wait for tee-supplicant
105 * if not present for any requests in this context.
106 */
107 ctx->supp_nowait = false;
25559c22
JW		 108 filp->private_data = ctx;
109 return 0;
110}
111
217e0250
VB		 112static int tee_release(struct inode *inode, struct file *filp)
113{
114 teedev_close_context(filp->private_data);
967c9cca
JW		 115 return 0;
116}
117
118static int tee_ioctl_version(struct tee_context *ctx,
119 struct tee_ioctl_version_data __user *uvers)
120{
121 struct tee_ioctl_version_data vers;
122
123 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers);
059cf566
JW		 124
125 if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED)
126 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED;
127
967c9cca
JW		 128 if (copy_to_user(uvers, &vers, sizeof(vers)))
129 return -EFAULT;
059cf566 130
967c9cca
JW		 131 return 0;
132}
133
134static int tee_ioctl_shm_alloc(struct tee_context *ctx,
135 struct tee_ioctl_shm_alloc_data __user *udata)
136{
137 long ret;
138 struct tee_ioctl_shm_alloc_data data;
139 struct tee_shm *shm;
140
141 if (copy_from_user(&data, udata, sizeof(data)))
142 return -EFAULT;
143
144 /* Currently no input flags are supported */
145 if (data.flags)
146 return -EINVAL;
147
967c9cca
JW		 148 shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
149 if (IS_ERR(shm))
150 return PTR_ERR(shm);
151
152 data.id = shm->id;
153 data.flags = shm->flags;
154 data.size = shm->size;
155
156 if (copy_to_user(udata, &data, sizeof(data)))
157 ret = -EFAULT;
158 else
159 ret = tee_shm_get_fd(shm);
160
161 /*
162 * When user space closes the file descriptor the shared memory
163 * should be freed or if tee_shm_get_fd() failed then it will
164 * be freed immediately.
165 */
166 tee_shm_put(shm);
167 return ret;
168}
169
033ddf12
JW		 170static int
171tee_ioctl_shm_register(struct tee_context *ctx,
172 struct tee_ioctl_shm_register_data __user *udata)
173{
174 long ret;
175 struct tee_ioctl_shm_register_data data;
176 struct tee_shm *shm;
177
178 if (copy_from_user(&data, udata, sizeof(data)))
179 return -EFAULT;
180
181 /* Currently no input flags are supported */
182 if (data.flags)
183 return -EINVAL;
184
185 shm = tee_shm_register(ctx, data.addr, data.length,
186 TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
187 if (IS_ERR(shm))
188 return PTR_ERR(shm);
189
190 data.id = shm->id;
191 data.flags = shm->flags;
192 data.length = shm->size;
193
194 if (copy_to_user(udata, &data, sizeof(data)))
195 ret = -EFAULT;
196 else
197 ret = tee_shm_get_fd(shm);
198 /*
199 * When user space closes the file descriptor the shared memory
200 * should be freed or if tee_shm_get_fd() failed then it will
201 * be freed immediately.
202 */
203 tee_shm_put(shm);
204 return ret;
205}
206
967c9cca
JW		 207static int params_from_user(struct tee_context *ctx, struct tee_param *params,
208 size_t num_params,
209 struct tee_ioctl_param __user *uparams)
210{
211 size_t n;
212
213 for (n = 0; n < num_params; n++) {
214 struct tee_shm *shm;
215 struct tee_ioctl_param ip;
216
217 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
218 return -EFAULT;
219
220 /* All unused attribute bits has to be zero */
f2aa9724 221 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
967c9cca
JW		 222 return -EINVAL;
223
224 params[n].attr = ip.attr;
f2aa9724 225 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
967c9cca
JW		 226 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
227 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
228 break;
229 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
230 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
231 params[n].u.value.a = ip.a;
232 params[n].u.value.b = ip.b;
233 params[n].u.value.c = ip.c;
234 break;
235 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
236 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
237 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
238 /*
239 * If we fail to get a pointer to a shared memory
240 * object (and increase the ref count) from an
241 * identifier we return an error. All pointers that
242 * has been added in params have an increased ref
243 * count. It's the callers responibility to do
244 * tee_shm_put() on all resolved pointers.
245 */
246 shm = tee_shm_get_from_id(ctx, ip.c);
247 if (IS_ERR(shm))
248 return PTR_ERR(shm);
249
ab9d3db5
EC		 250 /*
251 * Ensure offset + size does not overflow offset
252 * and does not overflow the size of the referred
253 * shared memory object.
254 */
255 if ((ip.a + ip.b) < ip.a ||
256 (ip.a + ip.b) > shm->size) {
257 tee_shm_put(shm);
258 return -EINVAL;
259 }
260
967c9cca
JW		 261 params[n].u.memref.shm_offs = ip.a;
262 params[n].u.memref.size = ip.b;
263 params[n].u.memref.shm = shm;
264 break;
265 default:
266 /* Unknown attribute */
267 return -EINVAL;
268 }
269 }
270 return 0;
271}
272
273static int params_to_user(struct tee_ioctl_param __user *uparams,
274 size_t num_params, struct tee_param *params)
275{
276 size_t n;
277
278 for (n = 0; n < num_params; n++) {
279 struct tee_ioctl_param __user *up = uparams + n;
280 struct tee_param *p = params + n;
281
282 switch (p->attr) {
283 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
284 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
285 if (put_user(p->u.value.a, &up->a) ||
286 put_user(p->u.value.b, &up->b) ||
287 put_user(p->u.value.c, &up->c))
288 return -EFAULT;
289 break;
290 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
291 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
292 if (put_user((u64)p->u.memref.size, &up->b))
293 return -EFAULT;
294 default:
295 break;
296 }
297 }
298 return 0;
299}
300
967c9cca
JW		 301static int tee_ioctl_open_session(struct tee_context *ctx,
302 struct tee_ioctl_buf_data __user *ubuf)
303{
304 int rc;
305 size_t n;
306 struct tee_ioctl_buf_data buf;
307 struct tee_ioctl_open_session_arg __user *uarg;
308 struct tee_ioctl_open_session_arg arg;
309 struct tee_ioctl_param __user *uparams = NULL;
310 struct tee_param *params = NULL;
311 bool have_session = false;
312
313 if (!ctx->teedev->desc->ops->open_session)
314 return -EINVAL;
315
316 if (copy_from_user(&buf, ubuf, sizeof(buf)))
317 return -EFAULT;
318
319 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
320 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg))
321 return -EINVAL;
322
323 uarg = u64_to_user_ptr(buf.buf_ptr);
324 if (copy_from_user(&arg, uarg, sizeof(arg)))
325 return -EFAULT;
326
327 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
328 return -EINVAL;
329
330 if (arg.num_params) {
331 params = kcalloc(arg.num_params, sizeof(struct tee_param),
332 GFP_KERNEL);
333 if (!params)
334 return -ENOMEM;
335 uparams = uarg->params;
336 rc = params_from_user(ctx, params, arg.num_params, uparams);
337 if (rc)
338 goto out;
339 }
340
341 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
342 if (rc)
343 goto out;
344 have_session = true;
345
346 if (put_user(arg.session, &uarg->session) ||
347 put_user(arg.ret, &uarg->ret) ||
348 put_user(arg.ret_origin, &uarg->ret_origin)) {
349 rc = -EFAULT;
350 goto out;
351 }
352 rc = params_to_user(uparams, arg.num_params, params);
353out:
354 /*
355 * If we've succeeded to open the session but failed to communicate
356 * it back to user space, close the session again to avoid leakage.
357 */
358 if (rc && have_session && ctx->teedev->desc->ops->close_session)
359 ctx->teedev->desc->ops->close_session(ctx, arg.session);
360
361 if (params) {
362 /* Decrease ref count for all valid shared memory pointers */
363 for (n = 0; n < arg.num_params; n++)
84debcc5 364 if (tee_param_is_memref(params + n) &&
967c9cca
JW		 365 params[n].u.memref.shm)
366 tee_shm_put(params[n].u.memref.shm);
367 kfree(params);
368 }
369
370 return rc;
371}
372
373static int tee_ioctl_invoke(struct tee_context *ctx,
374 struct tee_ioctl_buf_data __user *ubuf)
375{
376 int rc;
377 size_t n;
378 struct tee_ioctl_buf_data buf;
379 struct tee_ioctl_invoke_arg __user *uarg;
380 struct tee_ioctl_invoke_arg arg;
381 struct tee_ioctl_param __user *uparams = NULL;
382 struct tee_param *params = NULL;
383
384 if (!ctx->teedev->desc->ops->invoke_func)
385 return -EINVAL;
386
387 if (copy_from_user(&buf, ubuf, sizeof(buf)))
388 return -EFAULT;
389
390 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
391 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg))
392 return -EINVAL;
393
394 uarg = u64_to_user_ptr(buf.buf_ptr);
395 if (copy_from_user(&arg, uarg, sizeof(arg)))
396 return -EFAULT;
397
398 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
399 return -EINVAL;
400
401 if (arg.num_params) {
402 params = kcalloc(arg.num_params, sizeof(struct tee_param),
403 GFP_KERNEL);
404 if (!params)
405 return -ENOMEM;
406 uparams = uarg->params;
407 rc = params_from_user(ctx, params, arg.num_params, uparams);
408 if (rc)
409 goto out;
410 }
411
412 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params);
413 if (rc)
414 goto out;
415
416 if (put_user(arg.ret, &uarg->ret) ||
417 put_user(arg.ret_origin, &uarg->ret_origin)) {
418 rc = -EFAULT;
419 goto out;
420 }
421 rc = params_to_user(uparams, arg.num_params, params);
422out:
423 if (params) {
424 /* Decrease ref count for all valid shared memory pointers */
425 for (n = 0; n < arg.num_params; n++)
84debcc5 426 if (tee_param_is_memref(params + n) &&
967c9cca
JW		 427 params[n].u.memref.shm)
428 tee_shm_put(params[n].u.memref.shm);
429 kfree(params);
430 }
431 return rc;
432}
433
434static int tee_ioctl_cancel(struct tee_context *ctx,
435 struct tee_ioctl_cancel_arg __user *uarg)
436{
437 struct tee_ioctl_cancel_arg arg;
438
439 if (!ctx->teedev->desc->ops->cancel_req)
440 return -EINVAL;
441
442 if (copy_from_user(&arg, uarg, sizeof(arg)))
443 return -EFAULT;
444
445 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id,
446 arg.session);
447}
448
449static int
450tee_ioctl_close_session(struct tee_context *ctx,
451 struct tee_ioctl_close_session_arg __user *uarg)
452{
453 struct tee_ioctl_close_session_arg arg;
454
455 if (!ctx->teedev->desc->ops->close_session)
456 return -EINVAL;
457
458 if (copy_from_user(&arg, uarg, sizeof(arg)))
459 return -EFAULT;
460
461 return ctx->teedev->desc->ops->close_session(ctx, arg.session);
462}
463
464static int params_to_supp(struct tee_context *ctx,
465 struct tee_ioctl_param __user *uparams,
466 size_t num_params, struct tee_param *params)
467{
468 size_t n;
469
470 for (n = 0; n < num_params; n++) {
471 struct tee_ioctl_param ip;
472 struct tee_param *p = params + n;
473
f2aa9724
JW		 474 ip.attr = p->attr;
475 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
967c9cca
JW		 476 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
477 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
478 ip.a = p->u.value.a;
479 ip.b = p->u.value.b;
480 ip.c = p->u.value.c;
481 break;
482 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
483 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
484 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
485 ip.b = p->u.memref.size;
486 if (!p->u.memref.shm) {
487 ip.a = 0;
488 ip.c = (u64)-1; /* invalid shm id */
489 break;
490 }
491 ip.a = p->u.memref.shm_offs;
492 ip.c = p->u.memref.shm->id;
493 break;
494 default:
495 ip.a = 0;
496 ip.b = 0;
497 ip.c = 0;
498 break;
499 }
500
501 if (copy_to_user(uparams + n, &ip, sizeof(ip)))
502 return -EFAULT;
503 }
504
505 return 0;
506}
507
508static int tee_ioctl_supp_recv(struct tee_context *ctx,
509 struct tee_ioctl_buf_data __user *ubuf)
510{
511 int rc;
512 struct tee_ioctl_buf_data buf;
513 struct tee_iocl_supp_recv_arg __user *uarg;
514 struct tee_param *params;
515 u32 num_params;
516 u32 func;
517
518 if (!ctx->teedev->desc->ops->supp_recv)
519 return -EINVAL;
520
521 if (copy_from_user(&buf, ubuf, sizeof(buf)))
522 return -EFAULT;
523
524 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
525 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
526 return -EINVAL;
527
528 uarg = u64_to_user_ptr(buf.buf_ptr);
529 if (get_user(num_params, &uarg->num_params))
530 return -EFAULT;
531
532 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
533 return -EINVAL;
534
535 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
536 if (!params)
537 return -ENOMEM;
538
f2aa9724
JW		 539 rc = params_from_user(ctx, params, num_params, uarg->params);
540 if (rc)
541 goto out;
542
967c9cca
JW		 543 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
544 if (rc)
545 goto out;
546
547 if (put_user(func, &uarg->func) ||
548 put_user(num_params, &uarg->num_params)) {
549 rc = -EFAULT;
550 goto out;
551 }
552
553 rc = params_to_supp(ctx, uarg->params, num_params, params);
554out:
555 kfree(params);
556 return rc;
557}
558
559static int params_from_supp(struct tee_param *params, size_t num_params,
560 struct tee_ioctl_param __user *uparams)
561{
562 size_t n;
563
564 for (n = 0; n < num_params; n++) {
565 struct tee_param *p = params + n;
566 struct tee_ioctl_param ip;
567
568 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
569 return -EFAULT;
570
571 /* All unused attribute bits has to be zero */
f2aa9724 572 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
967c9cca
JW		 573 return -EINVAL;
574
575 p->attr = ip.attr;
f2aa9724 576 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
967c9cca
JW		 577 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
578 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
579 /* Only out and in/out values can be updated */
580 p->u.value.a = ip.a;
581 p->u.value.b = ip.b;
582 p->u.value.c = ip.c;
583 break;
584 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
585 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
586 /*
587 * Only the size of the memref can be updated.
588 * Since we don't have access to the original
589 * parameters here, only store the supplied size.
590 * The driver will copy the updated size into the
591 * original parameters.
592 */
593 p->u.memref.shm = NULL;
594 p->u.memref.shm_offs = 0;
595 p->u.memref.size = ip.b;
596 break;
597 default:
598 memset(&p->u, 0, sizeof(p->u));
599 break;
600 }
601 }
602 return 0;
603}
604
605static int tee_ioctl_supp_send(struct tee_context *ctx,
606 struct tee_ioctl_buf_data __user *ubuf)
607{
608 long rc;
609 struct tee_ioctl_buf_data buf;
610 struct tee_iocl_supp_send_arg __user *uarg;
611 struct tee_param *params;
612 u32 num_params;
613 u32 ret;
614
615 /* Not valid for this driver */
616 if (!ctx->teedev->desc->ops->supp_send)
617 return -EINVAL;
618
619 if (copy_from_user(&buf, ubuf, sizeof(buf)))
620 return -EFAULT;
621
622 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
623 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
624 return -EINVAL;
625
626 uarg = u64_to_user_ptr(buf.buf_ptr);
627 if (get_user(ret, &uarg->ret) ||
628 get_user(num_params, &uarg->num_params))
629 return -EFAULT;
630
631 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
632 return -EINVAL;
633
634 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
635 if (!params)
636 return -ENOMEM;
637
638 rc = params_from_supp(params, num_params, uarg->params);
639 if (rc)
640 goto out;
641
642 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
643out:
644 kfree(params);
645 return rc;
646}
647
648static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
649{
650 struct tee_context *ctx = filp->private_data;
651 void __user *uarg = (void __user *)arg;
652
653 switch (cmd) {
654 case TEE_IOC_VERSION:
655 return tee_ioctl_version(ctx, uarg);
656 case TEE_IOC_SHM_ALLOC:
657 return tee_ioctl_shm_alloc(ctx, uarg);
033ddf12
JW		 658 case TEE_IOC_SHM_REGISTER:
659 return tee_ioctl_shm_register(ctx, uarg);
967c9cca
JW		 660 case TEE_IOC_OPEN_SESSION:
661 return tee_ioctl_open_session(ctx, uarg);
662 case TEE_IOC_INVOKE:
663 return tee_ioctl_invoke(ctx, uarg);
664 case TEE_IOC_CANCEL:
665 return tee_ioctl_cancel(ctx, uarg);
666 case TEE_IOC_CLOSE_SESSION:
667 return tee_ioctl_close_session(ctx, uarg);
668 case TEE_IOC_SUPPL_RECV:
669 return tee_ioctl_supp_recv(ctx, uarg);
670 case TEE_IOC_SUPPL_SEND:
671 return tee_ioctl_supp_send(ctx, uarg);
672 default:
673 return -EINVAL;
674 }
675}
676
677static const struct file_operations tee_fops = {
678 .owner = THIS_MODULE,
679 .open = tee_open,
680 .release = tee_release,
681 .unlocked_ioctl = tee_ioctl,
682 .compat_ioctl = tee_ioctl,
683};
684
685static void tee_release_device(struct device *dev)
686{
687 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
688
689 spin_lock(&driver_lock);
690 clear_bit(teedev->id, dev_mask);
691 spin_unlock(&driver_lock);
692 mutex_destroy(&teedev->mutex);
693 idr_destroy(&teedev->idr);
694 kfree(teedev);
695}
696
697/**
698 * tee_device_alloc() - Allocate a new struct tee_device instance
699 * @teedesc: Descriptor for this driver
700 * @dev: Parent device for this device
701 * @pool: Shared memory pool, NULL if not used
702 * @driver_data: Private driver data for this device
703 *
704 * Allocates a new struct tee_device instance. The device is
705 * removed by tee_device_unregister().
706 *
707 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
708 */
709struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
710 struct device *dev,
711 struct tee_shm_pool *pool,
712 void *driver_data)
713{
714 struct tee_device *teedev;
715 void *ret;
7dd003ae 716 int rc, max_id;
967c9cca
JW		 717 int offs = 0;
718
719 if (!teedesc || !teedesc->name || !teedesc->ops ||
720 !teedesc->ops->get_version || !teedesc->ops->open ||
721 !teedesc->ops->release || !pool)
722 return ERR_PTR(-EINVAL);
723
724 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
725 if (!teedev) {
726 ret = ERR_PTR(-ENOMEM);
727 goto err;
728 }
729
7dd003ae
PF		 730 max_id = TEE_NUM_DEVICES / 2;
731
732 if (teedesc->flags & TEE_DESC_PRIVILEGED) {
967c9cca 733 offs = TEE_NUM_DEVICES / 2;
7dd003ae
PF		 734 max_id = TEE_NUM_DEVICES;
735 }
967c9cca
JW		 736
737 spin_lock(&driver_lock);
7dd003ae
PF		 738 teedev->id = find_next_zero_bit(dev_mask, max_id, offs);
739 if (teedev->id < max_id)
967c9cca
JW		 740 set_bit(teedev->id, dev_mask);
741 spin_unlock(&driver_lock);
742
7dd003ae 743 if (teedev->id >= max_id) {
967c9cca
JW		 744 ret = ERR_PTR(-ENOMEM);
745 goto err;
746 }
747
748 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d",
749 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "",
750 teedev->id - offs);
751
752 teedev->dev.class = tee_class;
753 teedev->dev.release = tee_release_device;
754 teedev->dev.parent = dev;
755
756 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id);
757
758 rc = dev_set_name(&teedev->dev, "%s", teedev->name);
759 if (rc) {
760 ret = ERR_PTR(rc);
761 goto err_devt;
762 }
763
764 cdev_init(&teedev->cdev, &tee_fops);
765 teedev->cdev.owner = teedesc->owner;
766 teedev->cdev.kobj.parent = &teedev->dev.kobj;
767
768 dev_set_drvdata(&teedev->dev, driver_data);
769 device_initialize(&teedev->dev);
770
771 /* 1 as tee_device_unregister() does one final tee_device_put() */
772 teedev->num_users = 1;
773 init_completion(&teedev->c_no_users);
774 mutex_init(&teedev->mutex);
775 idr_init(&teedev->idr);
776
777 teedev->desc = teedesc;
778 teedev->pool = pool;
779
780 return teedev;
781err_devt:
782 unregister_chrdev_region(teedev->dev.devt, 1);
783err:
784 pr_err("could not register %s driver\n",
785 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client");
786 if (teedev && teedev->id < TEE_NUM_DEVICES) {
787 spin_lock(&driver_lock);
788 clear_bit(teedev->id, dev_mask);
789 spin_unlock(&driver_lock);
790 }
791 kfree(teedev);
792 return ret;
793}
794EXPORT_SYMBOL_GPL(tee_device_alloc);
795
796static ssize_t implementation_id_show(struct device *dev,
797 struct device_attribute *attr, char *buf)
798{
799 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
800 struct tee_ioctl_version_data vers;
801
802 teedev->desc->ops->get_version(teedev, &vers);
803 return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id);
804}
805static DEVICE_ATTR_RO(implementation_id);
806
807static struct attribute *tee_dev_attrs[] = {
808 &dev_attr_implementation_id.attr,
809 NULL
810};
811
812static const struct attribute_group tee_dev_group = {
813 .attrs = tee_dev_attrs,
814};
815
816/**
817 * tee_device_register() - Registers a TEE device
818 * @teedev: Device to register
819 *
820 * tee_device_unregister() need to be called to remove the @teedev if
821 * this function fails.
822 *
823 * @returns < 0 on failure
824 */
825int tee_device_register(struct tee_device *teedev)
826{
827 int rc;
828
829 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
830 dev_err(&teedev->dev, "attempt to register twice\n");
831 return -EINVAL;
832 }
833
834 rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1);
835 if (rc) {
836 dev_err(&teedev->dev,
837 "unable to cdev_add() %s, major %d, minor %d, err=%d\n",
838 teedev->name, MAJOR(teedev->dev.devt),
839 MINOR(teedev->dev.devt), rc);
840 return rc;
841 }
842
843 rc = device_add(&teedev->dev);
844 if (rc) {
845 dev_err(&teedev->dev,
846 "unable to device_add() %s, major %d, minor %d, err=%d\n",
847 teedev->name, MAJOR(teedev->dev.devt),
848 MINOR(teedev->dev.devt), rc);
849 goto err_device_add;
850 }
851
852 rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group);
853 if (rc) {
854 dev_err(&teedev->dev,
855 "failed to create sysfs attributes, err=%d\n", rc);
856 goto err_sysfs_create_group;
857 }
858
859 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED;
860 return 0;
861
862err_sysfs_create_group:
863 device_del(&teedev->dev);
864err_device_add:
865 cdev_del(&teedev->cdev);
866 return rc;
867}
868EXPORT_SYMBOL_GPL(tee_device_register);
869
870void tee_device_put(struct tee_device *teedev)
871{
872 mutex_lock(&teedev->mutex);
873 /* Shouldn't put in this state */
874 if (!WARN_ON(!teedev->desc)) {
875 teedev->num_users--;
876 if (!teedev->num_users) {
877 teedev->desc = NULL;
878 complete(&teedev->c_no_users);
879 }
880 }
881 mutex_unlock(&teedev->mutex);
882}
883
884bool tee_device_get(struct tee_device *teedev)
885{
886 mutex_lock(&teedev->mutex);
887 if (!teedev->desc) {
888 mutex_unlock(&teedev->mutex);
889 return false;
890 }
891 teedev->num_users++;
892 mutex_unlock(&teedev->mutex);
893 return true;
894}
895
896/**
897 * tee_device_unregister() - Removes a TEE device
898 * @teedev: Device to unregister
899 *
900 * This function should be called to remove the @teedev even if
901 * tee_device_register() hasn't been called yet. Does nothing if
902 * @teedev is NULL.
903 */
904void tee_device_unregister(struct tee_device *teedev)
905{
906 if (!teedev)
907 return;
908
909 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
910 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group);
911 cdev_del(&teedev->cdev);
912 device_del(&teedev->dev);
913 }
914
915 tee_device_put(teedev);
916 wait_for_completion(&teedev->c_no_users);
917
918 /*
919 * No need to take a mutex any longer now since teedev->desc was
920 * set to NULL before teedev->c_no_users was completed.
921 */
922
923 teedev->pool = NULL;
924
925 put_device(&teedev->dev);
926}
927EXPORT_SYMBOL_GPL(tee_device_unregister);
928
929/**
930 * tee_get_drvdata() - Return driver_data pointer
931 * @teedev: Device containing the driver_data pointer
932 * @returns the driver_data pointer supplied to tee_register().
933 */
934void *tee_get_drvdata(struct tee_device *teedev)
935{
936 return dev_get_drvdata(&teedev->dev);
937}
938EXPORT_SYMBOL_GPL(tee_get_drvdata);
939
25559c22
JW		 940struct match_dev_data {
941 struct tee_ioctl_version_data *vers;
942 const void *data;
943 int (*match)(struct tee_ioctl_version_data *, const void *);
944};
945
946static int match_dev(struct device *dev, const void *data)
947{
948 const struct match_dev_data *match_data = data;
949 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
950
951 teedev->desc->ops->get_version(teedev, match_data->vers);
952 return match_data->match(match_data->vers, match_data->data);
953}
954
955struct tee_context *
956tee_client_open_context(struct tee_context *start,
957 int (*match)(struct tee_ioctl_version_data *,
958 const void *),
959 const void *data, struct tee_ioctl_version_data *vers)
960{
961 struct device *dev = NULL;
962 struct device *put_dev = NULL;
963 struct tee_context *ctx = NULL;
964 struct tee_ioctl_version_data v;
965 struct match_dev_data match_data = { vers ? vers : &v, data, match };
966
967 if (start)
968 dev = &start->teedev->dev;
969
970 do {
971 dev = class_find_device(tee_class, dev, &match_data, match_dev);
972 if (!dev) {
973 ctx = ERR_PTR(-ENOENT);
974 break;
975 }
976
977 put_device(put_dev);
978 put_dev = dev;
979
980 ctx = teedev_open(container_of(dev, struct tee_device, dev));
981 } while (IS_ERR(ctx) && PTR_ERR(ctx) != -ENOMEM);
982
983 put_device(put_dev);
42bf4152
SG		 984 /*
985 * Default behaviour for in kernel client is to not wait for
986 * tee-supplicant if not present for any requests in this context.
987 * Also this flag could be configured again before call to
988 * tee_client_open_session() if any in kernel client requires
989 * different behaviour.
990 */
bb342f01
SG		 991 if (!IS_ERR(ctx))
992 ctx->supp_nowait = true;
993
25559c22
JW		 994 return ctx;
995}
996EXPORT_SYMBOL_GPL(tee_client_open_context);
997
998void tee_client_close_context(struct tee_context *ctx)
999{
1000 teedev_close_context(ctx);
1001}
1002EXPORT_SYMBOL_GPL(tee_client_close_context);
1003
1004void tee_client_get_version(struct tee_context *ctx,
1005 struct tee_ioctl_version_data *vers)
1006{
1007 ctx->teedev->desc->ops->get_version(ctx->teedev, vers);
1008}
1009EXPORT_SYMBOL_GPL(tee_client_get_version);
1010
1011int tee_client_open_session(struct tee_context *ctx,
1012 struct tee_ioctl_open_session_arg *arg,
1013 struct tee_param *param)
1014{
1015 if (!ctx->teedev->desc->ops->open_session)
1016 return -EINVAL;
1017 return ctx->teedev->desc->ops->open_session(ctx, arg, param);
1018}
1019EXPORT_SYMBOL_GPL(tee_client_open_session);
1020
1021int tee_client_close_session(struct tee_context *ctx, u32 session)
1022{
1023 if (!ctx->teedev->desc->ops->close_session)
1024 return -EINVAL;
1025 return ctx->teedev->desc->ops->close_session(ctx, session);
1026}
1027EXPORT_SYMBOL_GPL(tee_client_close_session);
1028
1029int tee_client_invoke_func(struct tee_context *ctx,
1030 struct tee_ioctl_invoke_arg *arg,
1031 struct tee_param *param)
1032{
1033 if (!ctx->teedev->desc->ops->invoke_func)
1034 return -EINVAL;
1035 return ctx->teedev->desc->ops->invoke_func(ctx, arg, param);
1036}
1037EXPORT_SYMBOL_GPL(tee_client_invoke_func);
1038
4f062dc1
IO		 1039int tee_client_cancel_req(struct tee_context *ctx,
1040 struct tee_ioctl_cancel_arg *arg)
1041{
1042 if (!ctx->teedev->desc->ops->cancel_req)
1043 return -EINVAL;
1044 return ctx->teedev->desc->ops->cancel_req(ctx, arg->cancel_id,
1045 arg->session);
1046}
1047
0fc1db9d
SG		 1048static int tee_client_device_match(struct device *dev,
1049 struct device_driver *drv)
1050{
1051 const struct tee_client_device_id *id_table;
1052 struct tee_client_device *tee_device;
1053
1054 id_table = to_tee_client_driver(drv)->id_table;
1055 tee_device = to_tee_client_device(dev);
1056
1057 while (!uuid_is_null(&id_table->uuid)) {
1058 if (uuid_equal(&tee_device->id.uuid, &id_table->uuid))
1059 return 1;
1060 id_table++;
1061 }
1062
1063 return 0;
1064}
1065
1066static int tee_client_device_uevent(struct device *dev,
1067 struct kobj_uevent_env *env)
1068{
1069 uuid_t *dev_id = &to_tee_client_device(dev)->id.uuid;
1070
1071 return add_uevent_var(env, "MODALIAS=tee:%pUb", dev_id);
1072}
1073
1074struct bus_type tee_bus_type = {
1075 .name = "tee",
1076 .match = tee_client_device_match,
1077 .uevent = tee_client_device_uevent,
1078};
1079EXPORT_SYMBOL_GPL(tee_bus_type);
1080
967c9cca
JW		 1081static int __init tee_init(void)
1082{
1083 int rc;
1084
1085 tee_class = class_create(THIS_MODULE, "tee");
1086 if (IS_ERR(tee_class)) {
1087 pr_err("couldn't create class\n");
1088 return PTR_ERR(tee_class);
1089 }
1090
1091 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee");
1092 if (rc) {
1093 pr_err("failed to allocate char dev region\n");
0fc1db9d
SG		 1094 goto out_unreg_class;
1095 }
1096
1097 rc = bus_register(&tee_bus_type);
1098 if (rc) {
1099 pr_err("failed to register tee bus\n");
1100 goto out_unreg_chrdev;
967c9cca
JW		 1101 }
1102
0fc1db9d
SG		 1103 return 0;
1104
1105out_unreg_chrdev:
1106 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
1107out_unreg_class:
1108 class_destroy(tee_class);
1109 tee_class = NULL;
1110
967c9cca
JW		 1111 return rc;
1112}
1113
1114static void __exit tee_exit(void)
1115{
0fc1db9d
SG		 1116 bus_unregister(&tee_bus_type);
1117 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
967c9cca
JW		 1118 class_destroy(tee_class);
1119 tee_class = NULL;
967c9cca
JW		 1120}
1121
1122subsys_initcall(tee_init);
1123module_exit(tee_exit);
1124
1125MODULE_AUTHOR("Linaro");
1126MODULE_DESCRIPTION("TEE Driver");
1127MODULE_VERSION("1.0");
1128MODULE_LICENSE("GPL v2");
Ubuntu Focal Linux kernel mirror