Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 217e0250cccb9e54d457991446cd3fab413085e1 / . / drivers / tee / tee_core.c
blob: 3d49ac2e3c84027f4a837e2ff3e88e87e2140b10 [file] [log] [blame]
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]1/*
2 * Copyright (c) 2015-2016, Linaro Limited
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15#define pr_fmt(fmt) "%s: " fmt, __func__
16
17#include <linux/cdev.h>
18#include <linux/device.h>
19#include <linux/fs.h>
20#include <linux/idr.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/tee_drv.h>
24#include <linux/uaccess.h>
25#include "tee_private.h"
26
27#define TEE_NUM_DEVICES 32
28
29#define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
30
31/*
32 * Unprivileged devices in the lower half range and privileged devices in
33 * the upper half range.
34 */
35static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES);
36static DEFINE_SPINLOCK(driver_lock);
37
38static struct class *tee_class;
39static dev_t tee_devt;
40
41static int tee_open(struct inode *inode, struct file *filp)
42{
43 int rc;
44 struct tee_device *teedev;
45 struct tee_context *ctx;
46
47 teedev = container_of(inode->i_cdev, struct tee_device, cdev);
48 if (!tee_device_get(teedev))
49 return -EINVAL;
50
51 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
52 if (!ctx) {
53 rc = -ENOMEM;
54 goto err;
55 }
56
Volodymyr Babchuk217e0252017-11-29 14:48:37 +0200[diff] [blame^]57 kref_init(&ctx->refcount);
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]58 ctx->teedev = teedev;
59 INIT_LIST_HEAD(&ctx->list_shm);
60 filp->private_data = ctx;
61 rc = teedev->desc->ops->open(ctx);
62 if (rc)
63 goto err;
64
65 return 0;
66err:
67 kfree(ctx);
68 tee_device_put(teedev);
69 return rc;
70}
71
Volodymyr Babchuk217e0252017-11-29 14:48:37 +0200[diff] [blame^]72void teedev_ctx_get(struct tee_context *ctx)
73{
74 if (ctx->releasing)
75 return;
76
77 kref_get(&ctx->refcount);
78}
79
80static void teedev_ctx_release(struct kref *ref)
81{
82 struct tee_context *ctx = container_of(ref, struct tee_context,
83 refcount);
84 ctx->releasing = true;
85 ctx->teedev->desc->ops->release(ctx);
86 kfree(ctx);
87}
88
89void teedev_ctx_put(struct tee_context *ctx)
90{
91 if (ctx->releasing)
92 return;
93
94 kref_put(&ctx->refcount, teedev_ctx_release);
95}
96
97static void teedev_close_context(struct tee_context *ctx)
98{
99 tee_device_put(ctx->teedev);
100 teedev_ctx_put(ctx);
101}
102
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]103static int tee_release(struct inode *inode, struct file *filp)
104{
Volodymyr Babchuk217e0252017-11-29 14:48:37 +0200[diff] [blame^]105 teedev_close_context(filp->private_data);
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]106 return 0;
107}
108
109static int tee_ioctl_version(struct tee_context *ctx,
110 struct tee_ioctl_version_data __user *uvers)
111{
112 struct tee_ioctl_version_data vers;
113
114 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers);
Jens Wiklander059cf562017-02-16 09:07:02 +0100[diff] [blame]115
116 if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED)
117 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED;
118
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]119 if (copy_to_user(uvers, &vers, sizeof(vers)))
120 return -EFAULT;
Jens Wiklander059cf562017-02-16 09:07:02 +0100[diff] [blame]121
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]122 return 0;
123}
124
125static int tee_ioctl_shm_alloc(struct tee_context *ctx,
126 struct tee_ioctl_shm_alloc_data __user *udata)
127{
128 long ret;
129 struct tee_ioctl_shm_alloc_data data;
130 struct tee_shm *shm;
131
132 if (copy_from_user(&data, udata, sizeof(data)))
133 return -EFAULT;
134
135 /* Currently no input flags are supported */
136 if (data.flags)
137 return -EINVAL;
138
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]139 shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
140 if (IS_ERR(shm))
141 return PTR_ERR(shm);
142
143 data.id = shm->id;
144 data.flags = shm->flags;
145 data.size = shm->size;
146
147 if (copy_to_user(udata, &data, sizeof(data)))
148 ret = -EFAULT;
149 else
150 ret = tee_shm_get_fd(shm);
151
152 /*
153 * When user space closes the file descriptor the shared memory
154 * should be freed or if tee_shm_get_fd() failed then it will
155 * be freed immediately.
156 */
157 tee_shm_put(shm);
158 return ret;
159}
160
Jens Wiklander033ddf12017-11-29 14:48:26 +0200[diff] [blame]161static int
162tee_ioctl_shm_register(struct tee_context *ctx,
163 struct tee_ioctl_shm_register_data __user *udata)
164{
165 long ret;
166 struct tee_ioctl_shm_register_data data;
167 struct tee_shm *shm;
168
169 if (copy_from_user(&data, udata, sizeof(data)))
170 return -EFAULT;
171
172 /* Currently no input flags are supported */
173 if (data.flags)
174 return -EINVAL;
175
176 shm = tee_shm_register(ctx, data.addr, data.length,
177 TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
178 if (IS_ERR(shm))
179 return PTR_ERR(shm);
180
181 data.id = shm->id;
182 data.flags = shm->flags;
183 data.length = shm->size;
184
185 if (copy_to_user(udata, &data, sizeof(data)))
186 ret = -EFAULT;
187 else
188 ret = tee_shm_get_fd(shm);
189 /*
190 * When user space closes the file descriptor the shared memory
191 * should be freed or if tee_shm_get_fd() failed then it will
192 * be freed immediately.
193 */
194 tee_shm_put(shm);
195 return ret;
196}
197
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]198static int params_from_user(struct tee_context *ctx, struct tee_param *params,
199 size_t num_params,
200 struct tee_ioctl_param __user *uparams)
201{
202 size_t n;
203
204 for (n = 0; n < num_params; n++) {
205 struct tee_shm *shm;
206 struct tee_ioctl_param ip;
207
208 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
209 return -EFAULT;
210
211 /* All unused attribute bits has to be zero */
212 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK)
213 return -EINVAL;
214
215 params[n].attr = ip.attr;
216 switch (ip.attr) {
217 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
218 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
219 break;
220 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
221 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
222 params[n].u.value.a = ip.a;
223 params[n].u.value.b = ip.b;
224 params[n].u.value.c = ip.c;
225 break;
226 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
227 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
228 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
229 /*
230 * If we fail to get a pointer to a shared memory
231 * object (and increase the ref count) from an
232 * identifier we return an error. All pointers that
233 * has been added in params have an increased ref
234 * count. It's the callers responibility to do
235 * tee_shm_put() on all resolved pointers.
236 */
237 shm = tee_shm_get_from_id(ctx, ip.c);
238 if (IS_ERR(shm))
239 return PTR_ERR(shm);
240
241 params[n].u.memref.shm_offs = ip.a;
242 params[n].u.memref.size = ip.b;
243 params[n].u.memref.shm = shm;
244 break;
245 default:
246 /* Unknown attribute */
247 return -EINVAL;
248 }
249 }
250 return 0;
251}
252
253static int params_to_user(struct tee_ioctl_param __user *uparams,
254 size_t num_params, struct tee_param *params)
255{
256 size_t n;
257
258 for (n = 0; n < num_params; n++) {
259 struct tee_ioctl_param __user *up = uparams + n;
260 struct tee_param *p = params + n;
261
262 switch (p->attr) {
263 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
264 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
265 if (put_user(p->u.value.a, &up->a) ||
266 put_user(p->u.value.b, &up->b) ||
267 put_user(p->u.value.c, &up->c))
268 return -EFAULT;
269 break;
270 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
271 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
272 if (put_user((u64)p->u.memref.size, &up->b))
273 return -EFAULT;
274 default:
275 break;
276 }
277 }
278 return 0;
279}
280
281static bool param_is_memref(struct tee_param *param)
282{
283 switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
284 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
285 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
286 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
287 return true;
288 default:
289 return false;
290 }
291}
292
293static int tee_ioctl_open_session(struct tee_context *ctx,
294 struct tee_ioctl_buf_data __user *ubuf)
295{
296 int rc;
297 size_t n;
298 struct tee_ioctl_buf_data buf;
299 struct tee_ioctl_open_session_arg __user *uarg;
300 struct tee_ioctl_open_session_arg arg;
301 struct tee_ioctl_param __user *uparams = NULL;
302 struct tee_param *params = NULL;
303 bool have_session = false;
304
305 if (!ctx->teedev->desc->ops->open_session)
306 return -EINVAL;
307
308 if (copy_from_user(&buf, ubuf, sizeof(buf)))
309 return -EFAULT;
310
311 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
312 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg))
313 return -EINVAL;
314
315 uarg = u64_to_user_ptr(buf.buf_ptr);
316 if (copy_from_user(&arg, uarg, sizeof(arg)))
317 return -EFAULT;
318
319 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
320 return -EINVAL;
321
322 if (arg.num_params) {
323 params = kcalloc(arg.num_params, sizeof(struct tee_param),
324 GFP_KERNEL);
325 if (!params)
326 return -ENOMEM;
327 uparams = uarg->params;
328 rc = params_from_user(ctx, params, arg.num_params, uparams);
329 if (rc)
330 goto out;
331 }
332
333 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
334 if (rc)
335 goto out;
336 have_session = true;
337
338 if (put_user(arg.session, &uarg->session) ||
339 put_user(arg.ret, &uarg->ret) ||
340 put_user(arg.ret_origin, &uarg->ret_origin)) {
341 rc = -EFAULT;
342 goto out;
343 }
344 rc = params_to_user(uparams, arg.num_params, params);
345out:
346 /*
347 * If we've succeeded to open the session but failed to communicate
348 * it back to user space, close the session again to avoid leakage.
349 */
350 if (rc && have_session && ctx->teedev->desc->ops->close_session)
351 ctx->teedev->desc->ops->close_session(ctx, arg.session);
352
353 if (params) {
354 /* Decrease ref count for all valid shared memory pointers */
355 for (n = 0; n < arg.num_params; n++)
356 if (param_is_memref(params + n) &&
357 params[n].u.memref.shm)
358 tee_shm_put(params[n].u.memref.shm);
359 kfree(params);
360 }
361
362 return rc;
363}
364
365static int tee_ioctl_invoke(struct tee_context *ctx,
366 struct tee_ioctl_buf_data __user *ubuf)
367{
368 int rc;
369 size_t n;
370 struct tee_ioctl_buf_data buf;
371 struct tee_ioctl_invoke_arg __user *uarg;
372 struct tee_ioctl_invoke_arg arg;
373 struct tee_ioctl_param __user *uparams = NULL;
374 struct tee_param *params = NULL;
375
376 if (!ctx->teedev->desc->ops->invoke_func)
377 return -EINVAL;
378
379 if (copy_from_user(&buf, ubuf, sizeof(buf)))
380 return -EFAULT;
381
382 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
383 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg))
384 return -EINVAL;
385
386 uarg = u64_to_user_ptr(buf.buf_ptr);
387 if (copy_from_user(&arg, uarg, sizeof(arg)))
388 return -EFAULT;
389
390 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
391 return -EINVAL;
392
393 if (arg.num_params) {
394 params = kcalloc(arg.num_params, sizeof(struct tee_param),
395 GFP_KERNEL);
396 if (!params)
397 return -ENOMEM;
398 uparams = uarg->params;
399 rc = params_from_user(ctx, params, arg.num_params, uparams);
400 if (rc)
401 goto out;
402 }
403
404 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params);
405 if (rc)
406 goto out;
407
408 if (put_user(arg.ret, &uarg->ret) ||
409 put_user(arg.ret_origin, &uarg->ret_origin)) {
410 rc = -EFAULT;
411 goto out;
412 }
413 rc = params_to_user(uparams, arg.num_params, params);
414out:
415 if (params) {
416 /* Decrease ref count for all valid shared memory pointers */
417 for (n = 0; n < arg.num_params; n++)
418 if (param_is_memref(params + n) &&
419 params[n].u.memref.shm)
420 tee_shm_put(params[n].u.memref.shm);
421 kfree(params);
422 }
423 return rc;
424}
425
426static int tee_ioctl_cancel(struct tee_context *ctx,
427 struct tee_ioctl_cancel_arg __user *uarg)
428{
429 struct tee_ioctl_cancel_arg arg;
430
431 if (!ctx->teedev->desc->ops->cancel_req)
432 return -EINVAL;
433
434 if (copy_from_user(&arg, uarg, sizeof(arg)))
435 return -EFAULT;
436
437 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id,
438 arg.session);
439}
440
441static int
442tee_ioctl_close_session(struct tee_context *ctx,
443 struct tee_ioctl_close_session_arg __user *uarg)
444{
445 struct tee_ioctl_close_session_arg arg;
446
447 if (!ctx->teedev->desc->ops->close_session)
448 return -EINVAL;
449
450 if (copy_from_user(&arg, uarg, sizeof(arg)))
451 return -EFAULT;
452
453 return ctx->teedev->desc->ops->close_session(ctx, arg.session);
454}
455
456static int params_to_supp(struct tee_context *ctx,
457 struct tee_ioctl_param __user *uparams,
458 size_t num_params, struct tee_param *params)
459{
460 size_t n;
461
462 for (n = 0; n < num_params; n++) {
463 struct tee_ioctl_param ip;
464 struct tee_param *p = params + n;
465
466 ip.attr = p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK;
467 switch (p->attr) {
468 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
469 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
470 ip.a = p->u.value.a;
471 ip.b = p->u.value.b;
472 ip.c = p->u.value.c;
473 break;
474 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
475 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
476 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
477 ip.b = p->u.memref.size;
478 if (!p->u.memref.shm) {
479 ip.a = 0;
480 ip.c = (u64)-1; /* invalid shm id */
481 break;
482 }
483 ip.a = p->u.memref.shm_offs;
484 ip.c = p->u.memref.shm->id;
485 break;
486 default:
487 ip.a = 0;
488 ip.b = 0;
489 ip.c = 0;
490 break;
491 }
492
493 if (copy_to_user(uparams + n, &ip, sizeof(ip)))
494 return -EFAULT;
495 }
496
497 return 0;
498}
499
500static int tee_ioctl_supp_recv(struct tee_context *ctx,
501 struct tee_ioctl_buf_data __user *ubuf)
502{
503 int rc;
504 struct tee_ioctl_buf_data buf;
505 struct tee_iocl_supp_recv_arg __user *uarg;
506 struct tee_param *params;
507 u32 num_params;
508 u32 func;
509
510 if (!ctx->teedev->desc->ops->supp_recv)
511 return -EINVAL;
512
513 if (copy_from_user(&buf, ubuf, sizeof(buf)))
514 return -EFAULT;
515
516 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
517 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
518 return -EINVAL;
519
520 uarg = u64_to_user_ptr(buf.buf_ptr);
521 if (get_user(num_params, &uarg->num_params))
522 return -EFAULT;
523
524 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
525 return -EINVAL;
526
527 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
528 if (!params)
529 return -ENOMEM;
530
531 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
532 if (rc)
533 goto out;
534
535 if (put_user(func, &uarg->func) ||
536 put_user(num_params, &uarg->num_params)) {
537 rc = -EFAULT;
538 goto out;
539 }
540
541 rc = params_to_supp(ctx, uarg->params, num_params, params);
542out:
543 kfree(params);
544 return rc;
545}
546
547static int params_from_supp(struct tee_param *params, size_t num_params,
548 struct tee_ioctl_param __user *uparams)
549{
550 size_t n;
551
552 for (n = 0; n < num_params; n++) {
553 struct tee_param *p = params + n;
554 struct tee_ioctl_param ip;
555
556 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
557 return -EFAULT;
558
559 /* All unused attribute bits has to be zero */
560 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK)
561 return -EINVAL;
562
563 p->attr = ip.attr;
564 switch (ip.attr) {
565 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
566 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
567 /* Only out and in/out values can be updated */
568 p->u.value.a = ip.a;
569 p->u.value.b = ip.b;
570 p->u.value.c = ip.c;
571 break;
572 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
573 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
574 /*
575 * Only the size of the memref can be updated.
576 * Since we don't have access to the original
577 * parameters here, only store the supplied size.
578 * The driver will copy the updated size into the
579 * original parameters.
580 */
581 p->u.memref.shm = NULL;
582 p->u.memref.shm_offs = 0;
583 p->u.memref.size = ip.b;
584 break;
585 default:
586 memset(&p->u, 0, sizeof(p->u));
587 break;
588 }
589 }
590 return 0;
591}
592
593static int tee_ioctl_supp_send(struct tee_context *ctx,
594 struct tee_ioctl_buf_data __user *ubuf)
595{
596 long rc;
597 struct tee_ioctl_buf_data buf;
598 struct tee_iocl_supp_send_arg __user *uarg;
599 struct tee_param *params;
600 u32 num_params;
601 u32 ret;
602
603 /* Not valid for this driver */
604 if (!ctx->teedev->desc->ops->supp_send)
605 return -EINVAL;
606
607 if (copy_from_user(&buf, ubuf, sizeof(buf)))
608 return -EFAULT;
609
610 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
611 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
612 return -EINVAL;
613
614 uarg = u64_to_user_ptr(buf.buf_ptr);
615 if (get_user(ret, &uarg->ret) ||
616 get_user(num_params, &uarg->num_params))
617 return -EFAULT;
618
619 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
620 return -EINVAL;
621
622 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
623 if (!params)
624 return -ENOMEM;
625
626 rc = params_from_supp(params, num_params, uarg->params);
627 if (rc)
628 goto out;
629
630 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
631out:
632 kfree(params);
633 return rc;
634}
635
636static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
637{
638 struct tee_context *ctx = filp->private_data;
639 void __user *uarg = (void __user *)arg;
640
641 switch (cmd) {
642 case TEE_IOC_VERSION:
643 return tee_ioctl_version(ctx, uarg);
644 case TEE_IOC_SHM_ALLOC:
645 return tee_ioctl_shm_alloc(ctx, uarg);
Jens Wiklander033ddf12017-11-29 14:48:26 +0200[diff] [blame]646 case TEE_IOC_SHM_REGISTER:
647 return tee_ioctl_shm_register(ctx, uarg);
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]648 case TEE_IOC_OPEN_SESSION:
649 return tee_ioctl_open_session(ctx, uarg);
650 case TEE_IOC_INVOKE:
651 return tee_ioctl_invoke(ctx, uarg);
652 case TEE_IOC_CANCEL:
653 return tee_ioctl_cancel(ctx, uarg);
654 case TEE_IOC_CLOSE_SESSION:
655 return tee_ioctl_close_session(ctx, uarg);
656 case TEE_IOC_SUPPL_RECV:
657 return tee_ioctl_supp_recv(ctx, uarg);
658 case TEE_IOC_SUPPL_SEND:
659 return tee_ioctl_supp_send(ctx, uarg);
660 default:
661 return -EINVAL;
662 }
663}
664
665static const struct file_operations tee_fops = {
666 .owner = THIS_MODULE,
667 .open = tee_open,
668 .release = tee_release,
669 .unlocked_ioctl = tee_ioctl,
670 .compat_ioctl = tee_ioctl,
671};
672
673static void tee_release_device(struct device *dev)
674{
675 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
676
677 spin_lock(&driver_lock);
678 clear_bit(teedev->id, dev_mask);
679 spin_unlock(&driver_lock);
680 mutex_destroy(&teedev->mutex);
681 idr_destroy(&teedev->idr);
682 kfree(teedev);
683}
684
685/**
686 * tee_device_alloc() - Allocate a new struct tee_device instance
687 * @teedesc: Descriptor for this driver
688 * @dev: Parent device for this device
689 * @pool: Shared memory pool, NULL if not used
690 * @driver_data: Private driver data for this device
691 *
692 * Allocates a new struct tee_device instance. The device is
693 * removed by tee_device_unregister().
694 *
695 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
696 */
697struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
698 struct device *dev,
699 struct tee_shm_pool *pool,
700 void *driver_data)
701{
702 struct tee_device *teedev;
703 void *ret;
704 int rc;
705 int offs = 0;
706
707 if (!teedesc || !teedesc->name || !teedesc->ops ||
708 !teedesc->ops->get_version || !teedesc->ops->open ||
709 !teedesc->ops->release || !pool)
710 return ERR_PTR(-EINVAL);
711
712 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
713 if (!teedev) {
714 ret = ERR_PTR(-ENOMEM);
715 goto err;
716 }
717
718 if (teedesc->flags & TEE_DESC_PRIVILEGED)
719 offs = TEE_NUM_DEVICES / 2;
720
721 spin_lock(&driver_lock);
722 teedev->id = find_next_zero_bit(dev_mask, TEE_NUM_DEVICES, offs);
723 if (teedev->id < TEE_NUM_DEVICES)
724 set_bit(teedev->id, dev_mask);
725 spin_unlock(&driver_lock);
726
727 if (teedev->id >= TEE_NUM_DEVICES) {
728 ret = ERR_PTR(-ENOMEM);
729 goto err;
730 }
731
732 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d",
733 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "",
734 teedev->id - offs);
735
736 teedev->dev.class = tee_class;
737 teedev->dev.release = tee_release_device;
738 teedev->dev.parent = dev;
739
740 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id);
741
742 rc = dev_set_name(&teedev->dev, "%s", teedev->name);
743 if (rc) {
744 ret = ERR_PTR(rc);
745 goto err_devt;
746 }
747
748 cdev_init(&teedev->cdev, &tee_fops);
749 teedev->cdev.owner = teedesc->owner;
750 teedev->cdev.kobj.parent = &teedev->dev.kobj;
751
752 dev_set_drvdata(&teedev->dev, driver_data);
753 device_initialize(&teedev->dev);
754
755 /* 1 as tee_device_unregister() does one final tee_device_put() */
756 teedev->num_users = 1;
757 init_completion(&teedev->c_no_users);
758 mutex_init(&teedev->mutex);
759 idr_init(&teedev->idr);
760
761 teedev->desc = teedesc;
762 teedev->pool = pool;
763
764 return teedev;
765err_devt:
766 unregister_chrdev_region(teedev->dev.devt, 1);
767err:
768 pr_err("could not register %s driver\n",
769 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client");
770 if (teedev && teedev->id < TEE_NUM_DEVICES) {
771 spin_lock(&driver_lock);
772 clear_bit(teedev->id, dev_mask);
773 spin_unlock(&driver_lock);
774 }
775 kfree(teedev);
776 return ret;
777}
778EXPORT_SYMBOL_GPL(tee_device_alloc);
779
780static ssize_t implementation_id_show(struct device *dev,
781 struct device_attribute *attr, char *buf)
782{
783 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
784 struct tee_ioctl_version_data vers;
785
786 teedev->desc->ops->get_version(teedev, &vers);
787 return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id);
788}
789static DEVICE_ATTR_RO(implementation_id);
790
791static struct attribute *tee_dev_attrs[] = {
792 &dev_attr_implementation_id.attr,
793 NULL
794};
795
796static const struct attribute_group tee_dev_group = {
797 .attrs = tee_dev_attrs,
798};
799
800/**
801 * tee_device_register() - Registers a TEE device
802 * @teedev: Device to register
803 *
804 * tee_device_unregister() need to be called to remove the @teedev if
805 * this function fails.
806 *
807 * @returns < 0 on failure
808 */
809int tee_device_register(struct tee_device *teedev)
810{
811 int rc;
812
813 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
814 dev_err(&teedev->dev, "attempt to register twice\n");
815 return -EINVAL;
816 }
817
818 rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1);
819 if (rc) {
820 dev_err(&teedev->dev,
821 "unable to cdev_add() %s, major %d, minor %d, err=%d\n",
822 teedev->name, MAJOR(teedev->dev.devt),
823 MINOR(teedev->dev.devt), rc);
824 return rc;
825 }
826
827 rc = device_add(&teedev->dev);
828 if (rc) {
829 dev_err(&teedev->dev,
830 "unable to device_add() %s, major %d, minor %d, err=%d\n",
831 teedev->name, MAJOR(teedev->dev.devt),
832 MINOR(teedev->dev.devt), rc);
833 goto err_device_add;
834 }
835
836 rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group);
837 if (rc) {
838 dev_err(&teedev->dev,
839 "failed to create sysfs attributes, err=%d\n", rc);
840 goto err_sysfs_create_group;
841 }
842
843 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED;
844 return 0;
845
846err_sysfs_create_group:
847 device_del(&teedev->dev);
848err_device_add:
849 cdev_del(&teedev->cdev);
850 return rc;
851}
852EXPORT_SYMBOL_GPL(tee_device_register);
853
854void tee_device_put(struct tee_device *teedev)
855{
856 mutex_lock(&teedev->mutex);
857 /* Shouldn't put in this state */
858 if (!WARN_ON(!teedev->desc)) {
859 teedev->num_users--;
860 if (!teedev->num_users) {
861 teedev->desc = NULL;
862 complete(&teedev->c_no_users);
863 }
864 }
865 mutex_unlock(&teedev->mutex);
866}
867
868bool tee_device_get(struct tee_device *teedev)
869{
870 mutex_lock(&teedev->mutex);
871 if (!teedev->desc) {
872 mutex_unlock(&teedev->mutex);
873 return false;
874 }
875 teedev->num_users++;
876 mutex_unlock(&teedev->mutex);
877 return true;
878}
879
880/**
881 * tee_device_unregister() - Removes a TEE device
882 * @teedev: Device to unregister
883 *
884 * This function should be called to remove the @teedev even if
885 * tee_device_register() hasn't been called yet. Does nothing if
886 * @teedev is NULL.
887 */
888void tee_device_unregister(struct tee_device *teedev)
889{
890 if (!teedev)
891 return;
892
893 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
894 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group);
895 cdev_del(&teedev->cdev);
896 device_del(&teedev->dev);
897 }
898
899 tee_device_put(teedev);
900 wait_for_completion(&teedev->c_no_users);
901
902 /*
903 * No need to take a mutex any longer now since teedev->desc was
904 * set to NULL before teedev->c_no_users was completed.
905 */
906
907 teedev->pool = NULL;
908
909 put_device(&teedev->dev);
910}
911EXPORT_SYMBOL_GPL(tee_device_unregister);
912
913/**
914 * tee_get_drvdata() - Return driver_data pointer
915 * @teedev: Device containing the driver_data pointer
916 * @returns the driver_data pointer supplied to tee_register().
917 */
918void *tee_get_drvdata(struct tee_device *teedev)
919{
920 return dev_get_drvdata(&teedev->dev);
921}
922EXPORT_SYMBOL_GPL(tee_get_drvdata);
923
924static int __init tee_init(void)
925{
926 int rc;
927
928 tee_class = class_create(THIS_MODULE, "tee");
929 if (IS_ERR(tee_class)) {
930 pr_err("couldn't create class\n");
931 return PTR_ERR(tee_class);
932 }
933
934 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee");
935 if (rc) {
936 pr_err("failed to allocate char dev region\n");
937 class_destroy(tee_class);
938 tee_class = NULL;
939 }
940
941 return rc;
942}
943
944static void __exit tee_exit(void)
945{
946 class_destroy(tee_class);
947 tee_class = NULL;
948 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
949}
950
951subsys_initcall(tee_init);
952module_exit(tee_exit);
953
954MODULE_AUTHOR("Linaro");
955MODULE_DESCRIPTION("TEE Driver");
956MODULE_VERSION("1.0");
957MODULE_LICENSE("GPL v2");