// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2015-2021, Linaro Limited * Copyright (c) 2016, EPAM Systems */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "optee_private.h" #include "optee_smc.h" #include "optee_rpc_cmd.h" #include #define CREATE_TRACE_POINTS #include "optee_trace.h" /* * This file implement the SMC ABI used when communicating with secure world * OP-TEE OS via raw SMCs. * This file is divided into the following sections: * 1. Convert between struct tee_param and struct optee_msg_param * 2. Low level support functions to register shared memory in secure world * 3. Dynamic shared memory pool based on alloc_pages() * 4. Do a normal scheduled call into secure world * 5. Driver initialization. */ #define OPTEE_SHM_NUM_PRIV_PAGES CONFIG_OPTEE_SHM_NUM_PRIV_PAGES /* * 1. Convert between struct tee_param and struct optee_msg_param * * optee_from_msg_param() and optee_to_msg_param() are the main * functions. */ static int from_msg_param_tmp_mem(struct tee_param *p, u32 attr, const struct optee_msg_param *mp) { struct tee_shm *shm; phys_addr_t pa; int rc; p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; p->u.memref.size = mp->u.tmem.size; shm = (struct tee_shm *)(unsigned long)mp->u.tmem.shm_ref; if (!shm) { p->u.memref.shm_offs = 0; p->u.memref.shm = NULL; return 0; } rc = tee_shm_get_pa(shm, 0, &pa); if (rc) return rc; p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; p->u.memref.shm = shm; /* Check that the memref is covered by the shm object */ if (p->u.memref.size) { size_t o = p->u.memref.shm_offs + p->u.memref.size - 1; rc = tee_shm_get_pa(shm, o, NULL); if (rc) return rc; } return 0; } static void from_msg_param_reg_mem(struct tee_param *p, u32 attr, const struct optee_msg_param *mp) { struct tee_shm *shm; p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; p->u.memref.size = mp->u.rmem.size; shm = (struct tee_shm *)(unsigned long)mp->u.rmem.shm_ref; if (shm) { p->u.memref.shm_offs = mp->u.rmem.offs; p->u.memref.shm = shm; } else { p->u.memref.shm_offs = 0; p->u.memref.shm = NULL; } } /** * optee_from_msg_param() - convert from OPTEE_MSG parameters to * struct tee_param * @optee: main service struct * @params: subsystem internal parameter representation * @num_params: number of elements in the parameter arrays * @msg_params: OPTEE_MSG parameters * Returns 0 on success or <0 on failure */ static int optee_from_msg_param(struct optee *optee, struct tee_param *params, size_t num_params, const struct optee_msg_param *msg_params) { int rc; size_t n; for (n = 0; n < num_params; n++) { struct tee_param *p = params + n; const struct optee_msg_param *mp = msg_params + n; u32 attr = mp->attr & OPTEE_MSG_ATTR_TYPE_MASK; switch (attr) { case OPTEE_MSG_ATTR_TYPE_NONE: p->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&p->u, 0, sizeof(p->u)); break; case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: optee_from_msg_param_value(p, attr, mp); break; case OPTEE_MSG_ATTR_TYPE_TMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT: case OPTEE_MSG_ATTR_TYPE_TMEM_INOUT: rc = from_msg_param_tmp_mem(p, attr, mp); if (rc) return rc; break; case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_INOUT: from_msg_param_reg_mem(p, attr, mp); break; default: return -EINVAL; } } return 0; } static int to_msg_param_tmp_mem(struct optee_msg_param *mp, const struct tee_param *p) { int rc; phys_addr_t pa; mp->attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT + p->attr - TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; mp->u.tmem.shm_ref = (unsigned long)p->u.memref.shm; mp->u.tmem.size = p->u.memref.size; if (!p->u.memref.shm) { mp->u.tmem.buf_ptr = 0; return 0; } rc = tee_shm_get_pa(p->u.memref.shm, p->u.memref.shm_offs, &pa); if (rc) return rc; mp->u.tmem.buf_ptr = pa; mp->attr |= OPTEE_MSG_ATTR_CACHE_PREDEFINED << OPTEE_MSG_ATTR_CACHE_SHIFT; return 0; } static int to_msg_param_reg_mem(struct optee_msg_param *mp, const struct tee_param *p) { mp->attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT + p->attr - TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; mp->u.rmem.shm_ref = (unsigned long)p->u.memref.shm; mp->u.rmem.size = p->u.memref.size; mp->u.rmem.offs = p->u.memref.shm_offs; return 0; } /** * optee_to_msg_param() - convert from struct tee_params to OPTEE_MSG parameters * @optee: main service struct * @msg_params: OPTEE_MSG parameters * @num_params: number of elements in the parameter arrays * @params: subsystem itnernal parameter representation * Returns 0 on success or <0 on failure */ static int optee_to_msg_param(struct optee *optee, struct optee_msg_param *msg_params, size_t num_params, const struct tee_param *params) { int rc; size_t n; for (n = 0; n < num_params; n++) { const struct tee_param *p = params + n; struct optee_msg_param *mp = msg_params + n; switch (p->attr) { case TEE_IOCTL_PARAM_ATTR_TYPE_NONE: mp->attr = TEE_IOCTL_PARAM_ATTR_TYPE_NONE; memset(&mp->u, 0, sizeof(mp->u)); break; case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: optee_to_msg_param_value(mp, p); break; case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: if (tee_shm_is_registered(p->u.memref.shm)) rc = to_msg_param_reg_mem(mp, p); else rc = to_msg_param_tmp_mem(mp, p); if (rc) return rc; break; default: return -EINVAL; } } return 0; } /* * 2. Low level support functions to register shared memory in secure world * * Functions to enable/disable shared memory caching in secure world, that * is, lazy freeing of previously allocated shared memory. Freeing is * performed when a request has been compled. * * Functions to register and unregister shared memory both for normal * clients and for tee-supplicant. */ /** * optee_enable_shm_cache() - Enables caching of some shared memory allocation * in OP-TEE * @optee: main service struct */ static void optee_enable_shm_cache(struct optee *optee) { struct optee_call_waiter w; /* We need to retry until secure world isn't busy. */ optee_cq_wait_init(&optee->call_queue, &w); while (true) { struct arm_smccc_res res; optee->smc.invoke_fn(OPTEE_SMC_ENABLE_SHM_CACHE, 0, 0, 0, 0, 0, 0, 0, &res); if (res.a0 == OPTEE_SMC_RETURN_OK) break; optee_cq_wait_for_completion(&optee->call_queue, &w); } optee_cq_wait_final(&optee->call_queue, &w); } /** * __optee_disable_shm_cache() - Disables caching of some shared memory * allocation in OP-TEE * @optee: main service struct * @is_mapped: true if the cached shared memory addresses were mapped by this * kernel, are safe to dereference, and should be freed */ static void __optee_disable_shm_cache(struct optee *optee, bool is_mapped) { struct optee_call_waiter w; /* We need to retry until secure world isn't busy. */ optee_cq_wait_init(&optee->call_queue, &w); while (true) { union { struct arm_smccc_res smccc; struct optee_smc_disable_shm_cache_result result; } res; optee->smc.invoke_fn(OPTEE_SMC_DISABLE_SHM_CACHE, 0, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.status == OPTEE_SMC_RETURN_ENOTAVAIL) break; /* All shm's freed */ if (res.result.status == OPTEE_SMC_RETURN_OK) { struct tee_shm *shm; /* * Shared memory references that were not mapped by * this kernel must be ignored to prevent a crash. */ if (!is_mapped) continue; shm = reg_pair_to_ptr(res.result.shm_upper32, res.result.shm_lower32); tee_shm_free(shm); } else { optee_cq_wait_for_completion(&optee->call_queue, &w); } } optee_cq_wait_final(&optee->call_queue, &w); } /** * optee_disable_shm_cache() - Disables caching of mapped shared memory * allocations in OP-TEE * @optee: main service struct */ static void optee_disable_shm_cache(struct optee *optee) { return __optee_disable_shm_cache(optee, true); } /** * optee_disable_unmapped_shm_cache() - Disables caching of shared memory * allocations in OP-TEE which are not * currently mapped * @optee: main service struct */ static void optee_disable_unmapped_shm_cache(struct optee *optee) { return __optee_disable_shm_cache(optee, false); } #define PAGELIST_ENTRIES_PER_PAGE \ ((OPTEE_MSG_NONCONTIG_PAGE_SIZE / sizeof(u64)) - 1) /* * The final entry in each pagelist page is a pointer to the next * pagelist page. */ static size_t get_pages_list_size(size_t num_entries) { int pages = DIV_ROUND_UP(num_entries, PAGELIST_ENTRIES_PER_PAGE); return pages * OPTEE_MSG_NONCONTIG_PAGE_SIZE; } static u64 *optee_allocate_pages_list(size_t num_entries) { return alloc_pages_exact(get_pages_list_size(num_entries), GFP_KERNEL); } static void optee_free_pages_list(void *list, size_t num_entries) { free_pages_exact(list, get_pages_list_size(num_entries)); } /** * optee_fill_pages_list() - write list of user pages to given shared * buffer. * * @dst: page-aligned buffer where list of pages will be stored * @pages: array of pages that represents shared buffer * @num_pages: number of entries in @pages * @page_offset: offset of user buffer from page start * * @dst should be big enough to hold list of user page addresses and * links to the next pages of buffer */ static void optee_fill_pages_list(u64 *dst, struct page **pages, int num_pages, size_t page_offset) { int n = 0; phys_addr_t optee_page; /* * Refer to OPTEE_MSG_ATTR_NONCONTIG description in optee_msg.h * for details. */ struct { u64 pages_list[PAGELIST_ENTRIES_PER_PAGE]; u64 next_page_data; } *pages_data; /* * Currently OP-TEE uses 4k page size and it does not looks * like this will change in the future. On other hand, there are * no know ARM architectures with page size < 4k. * Thus the next built assert looks redundant. But the following * code heavily relies on this assumption, so it is better be * safe than sorry. */ BUILD_BUG_ON(PAGE_SIZE < OPTEE_MSG_NONCONTIG_PAGE_SIZE); pages_data = (void *)dst; /* * If linux page is bigger than 4k, and user buffer offset is * larger than 4k/8k/12k/etc this will skip first 4k pages, * because they bear no value data for OP-TEE. */ optee_page = page_to_phys(*pages) + round_down(page_offset, OPTEE_MSG_NONCONTIG_PAGE_SIZE); while (true) { pages_data->pages_list[n++] = optee_page; if (n == PAGELIST_ENTRIES_PER_PAGE) { pages_data->next_page_data = virt_to_phys(pages_data + 1); pages_data++; n = 0; } optee_page += OPTEE_MSG_NONCONTIG_PAGE_SIZE; if (!(optee_page & ~PAGE_MASK)) { if (!--num_pages) break; pages++; optee_page = page_to_phys(*pages); } } } static int optee_shm_register(struct tee_context *ctx, struct tee_shm *shm, struct page **pages, size_t num_pages, unsigned long start) { struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_msg_arg *msg_arg; struct tee_shm *shm_arg; u64 *pages_list; int rc; if (!num_pages) return -EINVAL; rc = optee_check_mem_type(start, num_pages); if (rc) return rc; pages_list = optee_allocate_pages_list(num_pages); if (!pages_list) return -ENOMEM; shm_arg = optee_get_msg_arg(ctx, 1, &msg_arg); if (IS_ERR(shm_arg)) { rc = PTR_ERR(shm_arg); goto out; } optee_fill_pages_list(pages_list, pages, num_pages, tee_shm_get_page_offset(shm)); msg_arg->cmd = OPTEE_MSG_CMD_REGISTER_SHM; msg_arg->params->attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT | OPTEE_MSG_ATTR_NONCONTIG; msg_arg->params->u.tmem.shm_ref = (unsigned long)shm; msg_arg->params->u.tmem.size = tee_shm_get_size(shm); /* * In the least bits of msg_arg->params->u.tmem.buf_ptr we * store buffer offset from 4k page, as described in OP-TEE ABI. */ msg_arg->params->u.tmem.buf_ptr = virt_to_phys(pages_list) | (tee_shm_get_page_offset(shm) & (OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1)); if (optee->ops->do_call_with_arg(ctx, shm_arg) || msg_arg->ret != TEEC_SUCCESS) rc = -EINVAL; tee_shm_free(shm_arg); out: optee_free_pages_list(pages_list, num_pages); return rc; } static int optee_shm_unregister(struct tee_context *ctx, struct tee_shm *shm) { struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_msg_arg *msg_arg; struct tee_shm *shm_arg; int rc = 0; shm_arg = optee_get_msg_arg(ctx, 1, &msg_arg); if (IS_ERR(shm_arg)) return PTR_ERR(shm_arg); msg_arg->cmd = OPTEE_MSG_CMD_UNREGISTER_SHM; msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; msg_arg->params[0].u.rmem.shm_ref = (unsigned long)shm; if (optee->ops->do_call_with_arg(ctx, shm_arg) || msg_arg->ret != TEEC_SUCCESS) rc = -EINVAL; tee_shm_free(shm_arg); return rc; } static int optee_shm_register_supp(struct tee_context *ctx, struct tee_shm *shm, struct page **pages, size_t num_pages, unsigned long start) { /* * We don't want to register supplicant memory in OP-TEE. * Instead information about it will be passed in RPC code. */ return optee_check_mem_type(start, num_pages); } static int optee_shm_unregister_supp(struct tee_context *ctx, struct tee_shm *shm) { return 0; } /* * 3. Dynamic shared memory pool based on alloc_pages() * * Implements an OP-TEE specific shared memory pool which is used * when dynamic shared memory is supported by secure world. * * The main function is optee_shm_pool_alloc_pages(). */ static int pool_op_alloc(struct tee_shm_pool_mgr *poolm, struct tee_shm *shm, size_t size) { /* * Shared memory private to the OP-TEE driver doesn't need * to be registered with OP-TEE. */ if (shm->flags & TEE_SHM_PRIV) return optee_pool_op_alloc_helper(poolm, shm, size, NULL); return optee_pool_op_alloc_helper(poolm, shm, size, optee_shm_register); } static void pool_op_free(struct tee_shm_pool_mgr *poolm, struct tee_shm *shm) { if (!(shm->flags & TEE_SHM_PRIV)) optee_shm_unregister(shm->ctx, shm); free_pages((unsigned long)shm->kaddr, get_order(shm->size)); shm->kaddr = NULL; } static void pool_op_destroy_poolmgr(struct tee_shm_pool_mgr *poolm) { kfree(poolm); } static const struct tee_shm_pool_mgr_ops pool_ops = { .alloc = pool_op_alloc, .free = pool_op_free, .destroy_poolmgr = pool_op_destroy_poolmgr, }; /** * optee_shm_pool_alloc_pages() - create page-based allocator pool * * This pool is used when OP-TEE supports dymanic SHM. In this case * command buffers and such are allocated from kernel's own memory. */ static struct tee_shm_pool_mgr *optee_shm_pool_alloc_pages(void) { struct tee_shm_pool_mgr *mgr = kzalloc(sizeof(*mgr), GFP_KERNEL); if (!mgr) return ERR_PTR(-ENOMEM); mgr->ops = &pool_ops; return mgr; } /* * 4. Do a normal scheduled call into secure world * * The function optee_smc_do_call_with_arg() performs a normal scheduled * call into secure world. During this call may normal world request help * from normal world using RPCs, Remote Procedure Calls. This includes * delivery of non-secure interrupts to for instance allow rescheduling of * the current task. */ static void handle_rpc_func_cmd_shm_free(struct tee_context *ctx, struct optee_msg_arg *arg) { struct tee_shm *shm; arg->ret_origin = TEEC_ORIGIN_COMMS; if (arg->num_params != 1 || arg->params[0].attr != OPTEE_MSG_ATTR_TYPE_VALUE_INPUT) { arg->ret = TEEC_ERROR_BAD_PARAMETERS; return; } shm = (struct tee_shm *)(unsigned long)arg->params[0].u.value.b; switch (arg->params[0].u.value.a) { case OPTEE_RPC_SHM_TYPE_APPL: optee_rpc_cmd_free_suppl(ctx, shm); break; case OPTEE_RPC_SHM_TYPE_KERNEL: tee_shm_free(shm); break; default: arg->ret = TEEC_ERROR_BAD_PARAMETERS; } arg->ret = TEEC_SUCCESS; } static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx, struct optee_msg_arg *arg, struct optee_call_ctx *call_ctx) { phys_addr_t pa; struct tee_shm *shm; size_t sz; size_t n; arg->ret_origin = TEEC_ORIGIN_COMMS; if (!arg->num_params || arg->params[0].attr != OPTEE_MSG_ATTR_TYPE_VALUE_INPUT) { arg->ret = TEEC_ERROR_BAD_PARAMETERS; return; } for (n = 1; n < arg->num_params; n++) { if (arg->params[n].attr != OPTEE_MSG_ATTR_TYPE_NONE) { arg->ret = TEEC_ERROR_BAD_PARAMETERS; return; } } sz = arg->params[0].u.value.b; switch (arg->params[0].u.value.a) { case OPTEE_RPC_SHM_TYPE_APPL: shm = optee_rpc_cmd_alloc_suppl(ctx, sz); break; case OPTEE_RPC_SHM_TYPE_KERNEL: shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED | TEE_SHM_PRIV); break; default: arg->ret = TEEC_ERROR_BAD_PARAMETERS; return; } if (IS_ERR(shm)) { arg->ret = TEEC_ERROR_OUT_OF_MEMORY; return; } if (tee_shm_get_pa(shm, 0, &pa)) { arg->ret = TEEC_ERROR_BAD_PARAMETERS; goto bad; } sz = tee_shm_get_size(shm); if (tee_shm_is_registered(shm)) { struct page **pages; u64 *pages_list; size_t page_num; pages = tee_shm_get_pages(shm, &page_num); if (!pages || !page_num) { arg->ret = TEEC_ERROR_OUT_OF_MEMORY; goto bad; } pages_list = optee_allocate_pages_list(page_num); if (!pages_list) { arg->ret = TEEC_ERROR_OUT_OF_MEMORY; goto bad; } call_ctx->pages_list = pages_list; call_ctx->num_entries = page_num; arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT | OPTEE_MSG_ATTR_NONCONTIG; /* * In the least bits of u.tmem.buf_ptr we store buffer offset * from 4k page, as described in OP-TEE ABI. */ arg->params[0].u.tmem.buf_ptr = virt_to_phys(pages_list) | (tee_shm_get_page_offset(shm) & (OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1)); arg->params[0].u.tmem.size = tee_shm_get_size(shm); arg->params[0].u.tmem.shm_ref = (unsigned long)shm; optee_fill_pages_list(pages_list, pages, page_num, tee_shm_get_page_offset(shm)); } else { arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT; arg->params[0].u.tmem.buf_ptr = pa; arg->params[0].u.tmem.size = sz; arg->params[0].u.tmem.shm_ref = (unsigned long)shm; } arg->ret = TEEC_SUCCESS; return; bad: tee_shm_free(shm); } static void free_pages_list(struct optee_call_ctx *call_ctx) { if (call_ctx->pages_list) { optee_free_pages_list(call_ctx->pages_list, call_ctx->num_entries); call_ctx->pages_list = NULL; call_ctx->num_entries = 0; } } static void optee_rpc_finalize_call(struct optee_call_ctx *call_ctx) { free_pages_list(call_ctx); } static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, struct tee_shm *shm, struct optee_call_ctx *call_ctx) { struct optee_msg_arg *arg; arg = tee_shm_get_va(shm, 0); if (IS_ERR(arg)) { pr_err("%s: tee_shm_get_va %p failed\n", __func__, shm); return; } switch (arg->cmd) { case OPTEE_RPC_CMD_SHM_ALLOC: free_pages_list(call_ctx); handle_rpc_func_cmd_shm_alloc(ctx, arg, call_ctx); break; case OPTEE_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); break; default: optee_rpc_cmd(ctx, optee, arg); } } /** * optee_handle_rpc() - handle RPC from secure world * @ctx: context doing the RPC * @param: value of registers for the RPC * @call_ctx: call context. Preserved during one OP-TEE invocation * * Result of RPC is written back into @param. */ static void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, struct optee_call_ctx *call_ctx) { struct tee_device *teedev = ctx->teedev; struct optee *optee = tee_get_drvdata(teedev); struct tee_shm *shm; phys_addr_t pa; switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) { case OPTEE_SMC_RPC_FUNC_ALLOC: shm = tee_shm_alloc(ctx, param->a1, TEE_SHM_MAPPED | TEE_SHM_PRIV); if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) { reg_pair_from_64(¶m->a1, ¶m->a2, pa); reg_pair_from_64(¶m->a4, ¶m->a5, (unsigned long)shm); } else { param->a1 = 0; param->a2 = 0; param->a4 = 0; param->a5 = 0; } kmemleak_not_leak(shm); break; case OPTEE_SMC_RPC_FUNC_FREE: shm = reg_pair_to_ptr(param->a1, param->a2); tee_shm_free(shm); break; case OPTEE_SMC_RPC_FUNC_FOREIGN_INTR: /* * A foreign interrupt was raised while secure world was * executing, since they are handled in Linux a dummy RPC is * performed to let Linux take the interrupt through the normal * vector. */ break; case OPTEE_SMC_RPC_FUNC_CMD: shm = reg_pair_to_ptr(param->a1, param->a2); handle_rpc_func_cmd(ctx, optee, shm, call_ctx); break; default: pr_warn("Unknown RPC func 0x%x\n", (u32)OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)); break; } param->a0 = OPTEE_SMC_CALL_RETURN_FROM_RPC; } /** * optee_smc_do_call_with_arg() - Do an SMC to OP-TEE in secure world * @ctx: calling context * @arg: shared memory holding the message to pass to secure world * * Does and SMC to OP-TEE in secure world and handles eventual resulting * Remote Procedure Calls (RPC) from OP-TEE. * * Returns return code from secure world, 0 is OK */ static int optee_smc_do_call_with_arg(struct tee_context *ctx, struct tee_shm *arg) { struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_call_waiter w; struct optee_rpc_param param = { }; struct optee_call_ctx call_ctx = { }; phys_addr_t parg; int rc; rc = tee_shm_get_pa(arg, 0, &parg); if (rc) return rc; param.a0 = OPTEE_SMC_CALL_WITH_ARG; reg_pair_from_64(¶m.a1, ¶m.a2, parg); /* Initialize waiter */ optee_cq_wait_init(&optee->call_queue, &w); while (true) { struct arm_smccc_res res; trace_optee_invoke_fn_begin(¶m); optee->smc.invoke_fn(param.a0, param.a1, param.a2, param.a3, param.a4, param.a5, param.a6, param.a7, &res); trace_optee_invoke_fn_end(¶m, &res); if (res.a0 == OPTEE_SMC_RETURN_ETHREAD_LIMIT) { /* * Out of threads in secure world, wait for a thread * become available. */ optee_cq_wait_for_completion(&optee->call_queue, &w); } else if (OPTEE_SMC_RETURN_IS_RPC(res.a0)) { cond_resched(); param.a0 = res.a0; param.a1 = res.a1; param.a2 = res.a2; param.a3 = res.a3; optee_handle_rpc(ctx, ¶m, &call_ctx); } else { rc = res.a0; break; } } optee_rpc_finalize_call(&call_ctx); /* * We're done with our thread in secure world, if there's any * thread waiters wake up one. */ optee_cq_wait_final(&optee->call_queue, &w); return rc; } /* * 5. Driver initialization * * During driver inititialization is secure world probed to find out which * features it supports so the driver can be initialized with a matching * configuration. This involves for instance support for dynamic shared * memory instead of a static memory carvout. */ static void optee_get_version(struct tee_device *teedev, struct tee_ioctl_version_data *vers) { struct tee_ioctl_version_data v = { .impl_id = TEE_IMPL_ID_OPTEE, .impl_caps = TEE_OPTEE_CAP_TZ, .gen_caps = TEE_GEN_CAP_GP, }; struct optee *optee = tee_get_drvdata(teedev); if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) v.gen_caps |= TEE_GEN_CAP_REG_MEM; if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL) v.gen_caps |= TEE_GEN_CAP_MEMREF_NULL; *vers = v; } static int optee_smc_open(struct tee_context *ctx) { struct optee *optee = tee_get_drvdata(ctx->teedev); u32 sec_caps = optee->smc.sec_caps; return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, .release = optee_release, .open_session = optee_open_session, .close_session = optee_close_session, .invoke_func = optee_invoke_func, .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, }; static const struct tee_desc optee_clnt_desc = { .name = DRIVER_NAME "-clnt", .ops = &optee_clnt_ops, .owner = THIS_MODULE, }; static const struct tee_driver_ops optee_supp_ops = { .get_version = optee_get_version, .open = optee_smc_open, .release = optee_release_supp, .supp_recv = optee_supp_recv, .supp_send = optee_supp_send, .shm_register = optee_shm_register_supp, .shm_unregister = optee_shm_unregister_supp, }; static const struct tee_desc optee_supp_desc = { .name = DRIVER_NAME "-supp", .ops = &optee_supp_ops, .owner = THIS_MODULE, .flags = TEE_DESC_PRIVILEGED, }; static const struct optee_ops optee_ops = { .do_call_with_arg = optee_smc_do_call_with_arg, .to_msg_param = optee_to_msg_param, .from_msg_param = optee_from_msg_param, }; static bool optee_msg_api_uid_is_optee_api(optee_invoke_fn *invoke_fn) { struct arm_smccc_res res; invoke_fn(OPTEE_SMC_CALLS_UID, 0, 0, 0, 0, 0, 0, 0, &res); if (res.a0 == OPTEE_MSG_UID_0 && res.a1 == OPTEE_MSG_UID_1 && res.a2 == OPTEE_MSG_UID_2 && res.a3 == OPTEE_MSG_UID_3) return true; return false; } static void optee_msg_get_os_revision(optee_invoke_fn *invoke_fn) { union { struct arm_smccc_res smccc; struct optee_smc_call_get_os_revision_result result; } res = { .result = { .build_id = 0 } }; invoke_fn(OPTEE_SMC_CALL_GET_OS_REVISION, 0, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.build_id) pr_info("revision %lu.%lu (%08lx)", res.result.major, res.result.minor, res.result.build_id); else pr_info("revision %lu.%lu", res.result.major, res.result.minor); } static bool optee_msg_api_revision_is_compatible(optee_invoke_fn *invoke_fn) { union { struct arm_smccc_res smccc; struct optee_smc_calls_revision_result result; } res; invoke_fn(OPTEE_SMC_CALLS_REVISION, 0, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.major == OPTEE_MSG_REVISION_MAJOR && (int)res.result.minor >= OPTEE_MSG_REVISION_MINOR) return true; return false; } static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn, u32 *sec_caps) { union { struct arm_smccc_res smccc; struct optee_smc_exchange_capabilities_result result; } res; u32 a1 = 0; /* * TODO This isn't enough to tell if it's UP system (from kernel * point of view) or not, is_smp() returns the information * needed, but can't be called directly from here. */ if (!IS_ENABLED(CONFIG_SMP) || nr_cpu_ids == 1) a1 |= OPTEE_SMC_NSEC_CAP_UNIPROCESSOR; invoke_fn(OPTEE_SMC_EXCHANGE_CAPABILITIES, a1, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.status != OPTEE_SMC_RETURN_OK) return false; *sec_caps = res.result.capabilities; return true; } static struct tee_shm_pool *optee_config_dyn_shm(void) { struct tee_shm_pool_mgr *priv_mgr; struct tee_shm_pool_mgr *dmabuf_mgr; void *rc; rc = optee_shm_pool_alloc_pages(); if (IS_ERR(rc)) return rc; priv_mgr = rc; rc = optee_shm_pool_alloc_pages(); if (IS_ERR(rc)) { tee_shm_pool_mgr_destroy(priv_mgr); return rc; } dmabuf_mgr = rc; rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr); if (IS_ERR(rc)) { tee_shm_pool_mgr_destroy(priv_mgr); tee_shm_pool_mgr_destroy(dmabuf_mgr); } return rc; } static struct tee_shm_pool * optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm) { union { struct arm_smccc_res smccc; struct optee_smc_get_shm_config_result result; } res; unsigned long vaddr; phys_addr_t paddr; size_t size; phys_addr_t begin; phys_addr_t end; void *va; struct tee_shm_pool_mgr *priv_mgr; struct tee_shm_pool_mgr *dmabuf_mgr; void *rc; const int sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE; invoke_fn(OPTEE_SMC_GET_SHM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.status != OPTEE_SMC_RETURN_OK) { pr_err("static shm service not available\n"); return ERR_PTR(-ENOENT); } if (res.result.settings != OPTEE_SMC_SHM_CACHED) { pr_err("only normal cached shared memory supported\n"); return ERR_PTR(-EINVAL); } begin = roundup(res.result.start, PAGE_SIZE); end = rounddown(res.result.start + res.result.size, PAGE_SIZE); paddr = begin; size = end - begin; if (size < 2 * OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE) { pr_err("too small shared memory area\n"); return ERR_PTR(-EINVAL); } va = memremap(paddr, size, MEMREMAP_WB); if (!va) { pr_err("shared memory ioremap failed\n"); return ERR_PTR(-EINVAL); } vaddr = (unsigned long)va; rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz, 3 /* 8 bytes aligned */); if (IS_ERR(rc)) goto err_memunmap; priv_mgr = rc; vaddr += sz; paddr += sz; size -= sz; rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, size, PAGE_SHIFT); if (IS_ERR(rc)) goto err_free_priv_mgr; dmabuf_mgr = rc; rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr); if (IS_ERR(rc)) goto err_free_dmabuf_mgr; *memremaped_shm = va; return rc; err_free_dmabuf_mgr: tee_shm_pool_mgr_destroy(dmabuf_mgr); err_free_priv_mgr: tee_shm_pool_mgr_destroy(priv_mgr); err_memunmap: memunmap(va); return rc; } /* Simple wrapper functions to be able to use a function pointer */ static void optee_smccc_smc(unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4, unsigned long a5, unsigned long a6, unsigned long a7, struct arm_smccc_res *res) { arm_smccc_smc(a0, a1, a2, a3, a4, a5, a6, a7, res); } static void optee_smccc_hvc(unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4, unsigned long a5, unsigned long a6, unsigned long a7, struct arm_smccc_res *res) { arm_smccc_hvc(a0, a1, a2, a3, a4, a5, a6, a7, res); } static optee_invoke_fn *get_invoke_func(struct device *dev) { const char *method; pr_info("probing for conduit method.\n"); if (device_property_read_string(dev, "method", &method)) { pr_warn("missing \"method\" property\n"); return ERR_PTR(-ENXIO); } if (!strcmp("hvc", method)) return optee_smccc_hvc; else if (!strcmp("smc", method)) return optee_smccc_smc; pr_warn("invalid \"method\" property: %s\n", method); return ERR_PTR(-EINVAL); } /* optee_remove - Device Removal Routine * @pdev: platform device information struct * * optee_remove is called by platform subsystem to alert the driver * that it should release the device */ static int optee_smc_remove(struct platform_device *pdev) { struct optee *optee = platform_get_drvdata(pdev); /* * Ask OP-TEE to free all cached shared memory objects to decrease * reference counters and also avoid wild pointers in secure world * into the old shared memory range. */ optee_disable_shm_cache(optee); optee_remove_common(optee); if (optee->smc.memremaped_shm) memunmap(optee->smc.memremaped_shm); kfree(optee); return 0; } /* optee_shutdown - Device Removal Routine * @pdev: platform device information struct * * platform_shutdown is called by the platform subsystem to alert * the driver that a shutdown, reboot, or kexec is happening and * device must be disabled. */ static void optee_shutdown(struct platform_device *pdev) { optee_disable_shm_cache(platform_get_drvdata(pdev)); } static int optee_probe(struct platform_device *pdev) { optee_invoke_fn *invoke_fn; struct tee_shm_pool *pool = ERR_PTR(-EINVAL); struct optee *optee = NULL; void *memremaped_shm = NULL; struct tee_device *teedev; u32 sec_caps; int rc; invoke_fn = get_invoke_func(&pdev->dev); if (IS_ERR(invoke_fn)) return PTR_ERR(invoke_fn); if (!optee_msg_api_uid_is_optee_api(invoke_fn)) { pr_warn("api uid mismatch\n"); return -EINVAL; } optee_msg_get_os_revision(invoke_fn); if (!optee_msg_api_revision_is_compatible(invoke_fn)) { pr_warn("api revision mismatch\n"); return -EINVAL; } if (!optee_msg_exchange_capabilities(invoke_fn, &sec_caps)) { pr_warn("capabilities mismatch\n"); return -EINVAL; } /* * Try to use dynamic shared memory if possible */ if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) pool = optee_config_dyn_shm(); /* * If dynamic shared memory is not available or failed - try static one */ if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm); if (IS_ERR(pool)) return PTR_ERR(pool); optee = kzalloc(sizeof(*optee), GFP_KERNEL); if (!optee) { rc = -ENOMEM; goto err; } optee->ops = &optee_ops; optee->smc.invoke_fn = invoke_fn; optee->smc.sec_caps = sec_caps; teedev = tee_device_alloc(&optee_clnt_desc, NULL, pool, optee); if (IS_ERR(teedev)) { rc = PTR_ERR(teedev); goto err; } optee->teedev = teedev; teedev = tee_device_alloc(&optee_supp_desc, NULL, pool, optee); if (IS_ERR(teedev)) { rc = PTR_ERR(teedev); goto err; } optee->supp_teedev = teedev; rc = tee_device_register(optee->teedev); if (rc) goto err; rc = tee_device_register(optee->supp_teedev); if (rc) goto err; mutex_init(&optee->call_queue.mutex); INIT_LIST_HEAD(&optee->call_queue.waiters); optee_wait_queue_init(&optee->wait_queue); optee_supp_init(&optee->supp); optee->smc.memremaped_shm = memremaped_shm; optee->pool = pool; /* * Ensure that there are no pre-existing shm objects before enabling * the shm cache so that there's no chance of receiving an invalid * address during shutdown. This could occur, for example, if we're * kexec booting from an older kernel that did not properly cleanup the * shm cache. */ optee_disable_unmapped_shm_cache(optee); optee_enable_shm_cache(optee); if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) pr_info("dynamic shared memory is enabled\n"); platform_set_drvdata(pdev, optee); rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES); if (rc) { optee_smc_remove(pdev); return rc; } pr_info("initialized driver\n"); return 0; err: if (optee) { /* * tee_device_unregister() is safe to call even if the * devices hasn't been registered with * tee_device_register() yet. */ tee_device_unregister(optee->supp_teedev); tee_device_unregister(optee->teedev); kfree(optee); } if (pool) tee_shm_pool_free(pool); if (memremaped_shm) memunmap(memremaped_shm); return rc; } static const struct of_device_id optee_dt_match[] = { { .compatible = "linaro,optee-tz" }, {}, }; MODULE_DEVICE_TABLE(of, optee_dt_match); static struct platform_driver optee_driver = { .probe = optee_probe, .remove = optee_smc_remove, .shutdown = optee_shutdown, .driver = { .name = "optee", .of_match_table = optee_dt_match, }, }; int optee_smc_abi_register(void) { return platform_driver_register(&optee_driver); } void optee_smc_abi_unregister(void) { platform_driver_unregister(&optee_driver); }