Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 43fc509c3efb5c973991ee24c449ab2a0d71dd1e / . / drivers / tee / tee_core.c
blob: 5c60bf4423e68d4c7bf0b1b27f78c60bf72478bd [file] [log] [blame]
Jens Wiklander967c9cc2015-03-11 14:39:39 +0100[diff] [blame]1/*
2 * Copyright (c) 2015-2016, Linaro Limited
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15#define pr_fmt(fmt) "%s: " fmt, __func__
16
17#include <linux/cdev.h>
18#include <linux/device.h>
19#include <linux/fs.h>
20#include <linux/idr.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/tee_drv.h>
24#include <linux/uaccess.h>
25#include "tee_private.h"
26
27#define TEE_NUM_DEVICES 32
28
29#define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
30
31/*
32 * Unprivileged devices in the lower half range and privileged devices in
33 * the upper half range.
34 */
35static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES);
36static DEFINE_SPINLOCK(driver_lock);
37
38static struct class *tee_class;
39static dev_t tee_devt;
40
41static int tee_open(struct inode *inode, struct file *filp)
42{
43 int rc;
44 struct tee_device *teedev;
45 struct tee_context *ctx;
46
47 teedev = container_of(inode->i_cdev, struct tee_device, cdev);
48 if (!tee_device_get(teedev))
49 return -EINVAL;
50
51 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
52 if (!ctx) {
53 rc = -ENOMEM;
54 goto err;
55 }
56
57 ctx->teedev = teedev;
58 INIT_LIST_HEAD(&ctx->list_shm);
59 filp->private_data = ctx;
60 rc = teedev->desc->ops->open(ctx);
61 if (rc)
62 goto err;
63
64 return 0;
65err:
66 kfree(ctx);
67 tee_device_put(teedev);
68 return rc;
69}
70
71static int tee_release(struct inode *inode, struct file *filp)
72{
73 struct tee_context *ctx = filp->private_data;
74 struct tee_device *teedev = ctx->teedev;
75 struct tee_shm *shm;
76
77 ctx->teedev->desc->ops->release(ctx);
78 mutex_lock(&ctx->teedev->mutex);
79 list_for_each_entry(shm, &ctx->list_shm, link)
80 shm->ctx = NULL;
81 mutex_unlock(&ctx->teedev->mutex);
82 kfree(ctx);
83 tee_device_put(teedev);
84 return 0;
85}
86
87static int tee_ioctl_version(struct tee_context *ctx,
88 struct tee_ioctl_version_data __user *uvers)
89{
90 struct tee_ioctl_version_data vers;
91
92 ctx->teedev->desc->ops->get_version(ctx->teedev, &vers);
93 if (copy_to_user(uvers, &vers, sizeof(vers)))
94 return -EFAULT;
95 return 0;
96}
97
98static int tee_ioctl_shm_alloc(struct tee_context *ctx,
99 struct tee_ioctl_shm_alloc_data __user *udata)
100{
101 long ret;
102 struct tee_ioctl_shm_alloc_data data;
103 struct tee_shm *shm;
104
105 if (copy_from_user(&data, udata, sizeof(data)))
106 return -EFAULT;
107
108 /* Currently no input flags are supported */
109 if (data.flags)
110 return -EINVAL;
111
112 data.id = -1;
113
114 shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
115 if (IS_ERR(shm))
116 return PTR_ERR(shm);
117
118 data.id = shm->id;
119 data.flags = shm->flags;
120 data.size = shm->size;
121
122 if (copy_to_user(udata, &data, sizeof(data)))
123 ret = -EFAULT;
124 else
125 ret = tee_shm_get_fd(shm);
126
127 /*
128 * When user space closes the file descriptor the shared memory
129 * should be freed or if tee_shm_get_fd() failed then it will
130 * be freed immediately.
131 */
132 tee_shm_put(shm);
133 return ret;
134}
135
136static int params_from_user(struct tee_context *ctx, struct tee_param *params,
137 size_t num_params,
138 struct tee_ioctl_param __user *uparams)
139{
140 size_t n;
141
142 for (n = 0; n < num_params; n++) {
143 struct tee_shm *shm;
144 struct tee_ioctl_param ip;
145
146 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
147 return -EFAULT;
148
149 /* All unused attribute bits has to be zero */
150 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK)
151 return -EINVAL;
152
153 params[n].attr = ip.attr;
154 switch (ip.attr) {
155 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
156 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
157 break;
158 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
159 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
160 params[n].u.value.a = ip.a;
161 params[n].u.value.b = ip.b;
162 params[n].u.value.c = ip.c;
163 break;
164 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
165 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
166 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
167 /*
168 * If we fail to get a pointer to a shared memory
169 * object (and increase the ref count) from an
170 * identifier we return an error. All pointers that
171 * has been added in params have an increased ref
172 * count. It's the callers responibility to do
173 * tee_shm_put() on all resolved pointers.
174 */
175 shm = tee_shm_get_from_id(ctx, ip.c);
176 if (IS_ERR(shm))
177 return PTR_ERR(shm);
178
179 params[n].u.memref.shm_offs = ip.a;
180 params[n].u.memref.size = ip.b;
181 params[n].u.memref.shm = shm;
182 break;
183 default:
184 /* Unknown attribute */
185 return -EINVAL;
186 }
187 }
188 return 0;
189}
190
191static int params_to_user(struct tee_ioctl_param __user *uparams,
192 size_t num_params, struct tee_param *params)
193{
194 size_t n;
195
196 for (n = 0; n < num_params; n++) {
197 struct tee_ioctl_param __user *up = uparams + n;
198 struct tee_param *p = params + n;
199
200 switch (p->attr) {
201 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
202 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
203 if (put_user(p->u.value.a, &up->a) ||
204 put_user(p->u.value.b, &up->b) ||
205 put_user(p->u.value.c, &up->c))
206 return -EFAULT;
207 break;
208 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
209 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
210 if (put_user((u64)p->u.memref.size, &up->b))
211 return -EFAULT;
212 default:
213 break;
214 }
215 }
216 return 0;
217}
218
219static bool param_is_memref(struct tee_param *param)
220{
221 switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
222 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
223 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
224 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
225 return true;
226 default:
227 return false;
228 }
229}
230
231static int tee_ioctl_open_session(struct tee_context *ctx,
232 struct tee_ioctl_buf_data __user *ubuf)
233{
234 int rc;
235 size_t n;
236 struct tee_ioctl_buf_data buf;
237 struct tee_ioctl_open_session_arg __user *uarg;
238 struct tee_ioctl_open_session_arg arg;
239 struct tee_ioctl_param __user *uparams = NULL;
240 struct tee_param *params = NULL;
241 bool have_session = false;
242
243 if (!ctx->teedev->desc->ops->open_session)
244 return -EINVAL;
245
246 if (copy_from_user(&buf, ubuf, sizeof(buf)))
247 return -EFAULT;
248
249 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
250 buf.buf_len < sizeof(struct tee_ioctl_open_session_arg))
251 return -EINVAL;
252
253 uarg = u64_to_user_ptr(buf.buf_ptr);
254 if (copy_from_user(&arg, uarg, sizeof(arg)))
255 return -EFAULT;
256
257 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
258 return -EINVAL;
259
260 if (arg.num_params) {
261 params = kcalloc(arg.num_params, sizeof(struct tee_param),
262 GFP_KERNEL);
263 if (!params)
264 return -ENOMEM;
265 uparams = uarg->params;
266 rc = params_from_user(ctx, params, arg.num_params, uparams);
267 if (rc)
268 goto out;
269 }
270
271 rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
272 if (rc)
273 goto out;
274 have_session = true;
275
276 if (put_user(arg.session, &uarg->session) ||
277 put_user(arg.ret, &uarg->ret) ||
278 put_user(arg.ret_origin, &uarg->ret_origin)) {
279 rc = -EFAULT;
280 goto out;
281 }
282 rc = params_to_user(uparams, arg.num_params, params);
283out:
284 /*
285 * If we've succeeded to open the session but failed to communicate
286 * it back to user space, close the session again to avoid leakage.
287 */
288 if (rc && have_session && ctx->teedev->desc->ops->close_session)
289 ctx->teedev->desc->ops->close_session(ctx, arg.session);
290
291 if (params) {
292 /* Decrease ref count for all valid shared memory pointers */
293 for (n = 0; n < arg.num_params; n++)
294 if (param_is_memref(params + n) &&
295 params[n].u.memref.shm)
296 tee_shm_put(params[n].u.memref.shm);
297 kfree(params);
298 }
299
300 return rc;
301}
302
303static int tee_ioctl_invoke(struct tee_context *ctx,
304 struct tee_ioctl_buf_data __user *ubuf)
305{
306 int rc;
307 size_t n;
308 struct tee_ioctl_buf_data buf;
309 struct tee_ioctl_invoke_arg __user *uarg;
310 struct tee_ioctl_invoke_arg arg;
311 struct tee_ioctl_param __user *uparams = NULL;
312 struct tee_param *params = NULL;
313
314 if (!ctx->teedev->desc->ops->invoke_func)
315 return -EINVAL;
316
317 if (copy_from_user(&buf, ubuf, sizeof(buf)))
318 return -EFAULT;
319
320 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
321 buf.buf_len < sizeof(struct tee_ioctl_invoke_arg))
322 return -EINVAL;
323
324 uarg = u64_to_user_ptr(buf.buf_ptr);
325 if (copy_from_user(&arg, uarg, sizeof(arg)))
326 return -EFAULT;
327
328 if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
329 return -EINVAL;
330
331 if (arg.num_params) {
332 params = kcalloc(arg.num_params, sizeof(struct tee_param),
333 GFP_KERNEL);
334 if (!params)
335 return -ENOMEM;
336 uparams = uarg->params;
337 rc = params_from_user(ctx, params, arg.num_params, uparams);
338 if (rc)
339 goto out;
340 }
341
342 rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params);
343 if (rc)
344 goto out;
345
346 if (put_user(arg.ret, &uarg->ret) ||
347 put_user(arg.ret_origin, &uarg->ret_origin)) {
348 rc = -EFAULT;
349 goto out;
350 }
351 rc = params_to_user(uparams, arg.num_params, params);
352out:
353 if (params) {
354 /* Decrease ref count for all valid shared memory pointers */
355 for (n = 0; n < arg.num_params; n++)
356 if (param_is_memref(params + n) &&
357 params[n].u.memref.shm)
358 tee_shm_put(params[n].u.memref.shm);
359 kfree(params);
360 }
361 return rc;
362}
363
364static int tee_ioctl_cancel(struct tee_context *ctx,
365 struct tee_ioctl_cancel_arg __user *uarg)
366{
367 struct tee_ioctl_cancel_arg arg;
368
369 if (!ctx->teedev->desc->ops->cancel_req)
370 return -EINVAL;
371
372 if (copy_from_user(&arg, uarg, sizeof(arg)))
373 return -EFAULT;
374
375 return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id,
376 arg.session);
377}
378
379static int
380tee_ioctl_close_session(struct tee_context *ctx,
381 struct tee_ioctl_close_session_arg __user *uarg)
382{
383 struct tee_ioctl_close_session_arg arg;
384
385 if (!ctx->teedev->desc->ops->close_session)
386 return -EINVAL;
387
388 if (copy_from_user(&arg, uarg, sizeof(arg)))
389 return -EFAULT;
390
391 return ctx->teedev->desc->ops->close_session(ctx, arg.session);
392}
393
394static int params_to_supp(struct tee_context *ctx,
395 struct tee_ioctl_param __user *uparams,
396 size_t num_params, struct tee_param *params)
397{
398 size_t n;
399
400 for (n = 0; n < num_params; n++) {
401 struct tee_ioctl_param ip;
402 struct tee_param *p = params + n;
403
404 ip.attr = p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK;
405 switch (p->attr) {
406 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
407 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
408 ip.a = p->u.value.a;
409 ip.b = p->u.value.b;
410 ip.c = p->u.value.c;
411 break;
412 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
413 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
414 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
415 ip.b = p->u.memref.size;
416 if (!p->u.memref.shm) {
417 ip.a = 0;
418 ip.c = (u64)-1; /* invalid shm id */
419 break;
420 }
421 ip.a = p->u.memref.shm_offs;
422 ip.c = p->u.memref.shm->id;
423 break;
424 default:
425 ip.a = 0;
426 ip.b = 0;
427 ip.c = 0;
428 break;
429 }
430
431 if (copy_to_user(uparams + n, &ip, sizeof(ip)))
432 return -EFAULT;
433 }
434
435 return 0;
436}
437
438static int tee_ioctl_supp_recv(struct tee_context *ctx,
439 struct tee_ioctl_buf_data __user *ubuf)
440{
441 int rc;
442 struct tee_ioctl_buf_data buf;
443 struct tee_iocl_supp_recv_arg __user *uarg;
444 struct tee_param *params;
445 u32 num_params;
446 u32 func;
447
448 if (!ctx->teedev->desc->ops->supp_recv)
449 return -EINVAL;
450
451 if (copy_from_user(&buf, ubuf, sizeof(buf)))
452 return -EFAULT;
453
454 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
455 buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
456 return -EINVAL;
457
458 uarg = u64_to_user_ptr(buf.buf_ptr);
459 if (get_user(num_params, &uarg->num_params))
460 return -EFAULT;
461
462 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
463 return -EINVAL;
464
465 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
466 if (!params)
467 return -ENOMEM;
468
469 rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
470 if (rc)
471 goto out;
472
473 if (put_user(func, &uarg->func) ||
474 put_user(num_params, &uarg->num_params)) {
475 rc = -EFAULT;
476 goto out;
477 }
478
479 rc = params_to_supp(ctx, uarg->params, num_params, params);
480out:
481 kfree(params);
482 return rc;
483}
484
485static int params_from_supp(struct tee_param *params, size_t num_params,
486 struct tee_ioctl_param __user *uparams)
487{
488 size_t n;
489
490 for (n = 0; n < num_params; n++) {
491 struct tee_param *p = params + n;
492 struct tee_ioctl_param ip;
493
494 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
495 return -EFAULT;
496
497 /* All unused attribute bits has to be zero */
498 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_TYPE_MASK)
499 return -EINVAL;
500
501 p->attr = ip.attr;
502 switch (ip.attr) {
503 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
504 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
505 /* Only out and in/out values can be updated */
506 p->u.value.a = ip.a;
507 p->u.value.b = ip.b;
508 p->u.value.c = ip.c;
509 break;
510 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
511 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
512 /*
513 * Only the size of the memref can be updated.
514 * Since we don't have access to the original
515 * parameters here, only store the supplied size.
516 * The driver will copy the updated size into the
517 * original parameters.
518 */
519 p->u.memref.shm = NULL;
520 p->u.memref.shm_offs = 0;
521 p->u.memref.size = ip.b;
522 break;
523 default:
524 memset(&p->u, 0, sizeof(p->u));
525 break;
526 }
527 }
528 return 0;
529}
530
531static int tee_ioctl_supp_send(struct tee_context *ctx,
532 struct tee_ioctl_buf_data __user *ubuf)
533{
534 long rc;
535 struct tee_ioctl_buf_data buf;
536 struct tee_iocl_supp_send_arg __user *uarg;
537 struct tee_param *params;
538 u32 num_params;
539 u32 ret;
540
541 /* Not valid for this driver */
542 if (!ctx->teedev->desc->ops->supp_send)
543 return -EINVAL;
544
545 if (copy_from_user(&buf, ubuf, sizeof(buf)))
546 return -EFAULT;
547
548 if (buf.buf_len > TEE_MAX_ARG_SIZE ||
549 buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
550 return -EINVAL;
551
552 uarg = u64_to_user_ptr(buf.buf_ptr);
553 if (get_user(ret, &uarg->ret) ||
554 get_user(num_params, &uarg->num_params))
555 return -EFAULT;
556
557 if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
558 return -EINVAL;
559
560 params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
561 if (!params)
562 return -ENOMEM;
563
564 rc = params_from_supp(params, num_params, uarg->params);
565 if (rc)
566 goto out;
567
568 rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
569out:
570 kfree(params);
571 return rc;
572}
573
574static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
575{
576 struct tee_context *ctx = filp->private_data;
577 void __user *uarg = (void __user *)arg;
578
579 switch (cmd) {
580 case TEE_IOC_VERSION:
581 return tee_ioctl_version(ctx, uarg);
582 case TEE_IOC_SHM_ALLOC:
583 return tee_ioctl_shm_alloc(ctx, uarg);
584 case TEE_IOC_OPEN_SESSION:
585 return tee_ioctl_open_session(ctx, uarg);
586 case TEE_IOC_INVOKE:
587 return tee_ioctl_invoke(ctx, uarg);
588 case TEE_IOC_CANCEL:
589 return tee_ioctl_cancel(ctx, uarg);
590 case TEE_IOC_CLOSE_SESSION:
591 return tee_ioctl_close_session(ctx, uarg);
592 case TEE_IOC_SUPPL_RECV:
593 return tee_ioctl_supp_recv(ctx, uarg);
594 case TEE_IOC_SUPPL_SEND:
595 return tee_ioctl_supp_send(ctx, uarg);
596 default:
597 return -EINVAL;
598 }
599}
600
601static const struct file_operations tee_fops = {
602 .owner = THIS_MODULE,
603 .open = tee_open,
604 .release = tee_release,
605 .unlocked_ioctl = tee_ioctl,
606 .compat_ioctl = tee_ioctl,
607};
608
609static void tee_release_device(struct device *dev)
610{
611 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
612
613 spin_lock(&driver_lock);
614 clear_bit(teedev->id, dev_mask);
615 spin_unlock(&driver_lock);
616 mutex_destroy(&teedev->mutex);
617 idr_destroy(&teedev->idr);
618 kfree(teedev);
619}
620
621/**
622 * tee_device_alloc() - Allocate a new struct tee_device instance
623 * @teedesc: Descriptor for this driver
624 * @dev: Parent device for this device
625 * @pool: Shared memory pool, NULL if not used
626 * @driver_data: Private driver data for this device
627 *
628 * Allocates a new struct tee_device instance. The device is
629 * removed by tee_device_unregister().
630 *
631 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
632 */
633struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
634 struct device *dev,
635 struct tee_shm_pool *pool,
636 void *driver_data)
637{
638 struct tee_device *teedev;
639 void *ret;
640 int rc;
641 int offs = 0;
642
643 if (!teedesc || !teedesc->name || !teedesc->ops ||
644 !teedesc->ops->get_version || !teedesc->ops->open ||
645 !teedesc->ops->release || !pool)
646 return ERR_PTR(-EINVAL);
647
648 teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
649 if (!teedev) {
650 ret = ERR_PTR(-ENOMEM);
651 goto err;
652 }
653
654 if (teedesc->flags & TEE_DESC_PRIVILEGED)
655 offs = TEE_NUM_DEVICES / 2;
656
657 spin_lock(&driver_lock);
658 teedev->id = find_next_zero_bit(dev_mask, TEE_NUM_DEVICES, offs);
659 if (teedev->id < TEE_NUM_DEVICES)
660 set_bit(teedev->id, dev_mask);
661 spin_unlock(&driver_lock);
662
663 if (teedev->id >= TEE_NUM_DEVICES) {
664 ret = ERR_PTR(-ENOMEM);
665 goto err;
666 }
667
668 snprintf(teedev->name, sizeof(teedev->name), "tee%s%d",
669 teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "",
670 teedev->id - offs);
671
672 teedev->dev.class = tee_class;
673 teedev->dev.release = tee_release_device;
674 teedev->dev.parent = dev;
675
676 teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id);
677
678 rc = dev_set_name(&teedev->dev, "%s", teedev->name);
679 if (rc) {
680 ret = ERR_PTR(rc);
681 goto err_devt;
682 }
683
684 cdev_init(&teedev->cdev, &tee_fops);
685 teedev->cdev.owner = teedesc->owner;
686 teedev->cdev.kobj.parent = &teedev->dev.kobj;
687
688 dev_set_drvdata(&teedev->dev, driver_data);
689 device_initialize(&teedev->dev);
690
691 /* 1 as tee_device_unregister() does one final tee_device_put() */
692 teedev->num_users = 1;
693 init_completion(&teedev->c_no_users);
694 mutex_init(&teedev->mutex);
695 idr_init(&teedev->idr);
696
697 teedev->desc = teedesc;
698 teedev->pool = pool;
699
700 return teedev;
701err_devt:
702 unregister_chrdev_region(teedev->dev.devt, 1);
703err:
704 pr_err("could not register %s driver\n",
705 teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client");
706 if (teedev && teedev->id < TEE_NUM_DEVICES) {
707 spin_lock(&driver_lock);
708 clear_bit(teedev->id, dev_mask);
709 spin_unlock(&driver_lock);
710 }
711 kfree(teedev);
712 return ret;
713}
714EXPORT_SYMBOL_GPL(tee_device_alloc);
715
716static ssize_t implementation_id_show(struct device *dev,
717 struct device_attribute *attr, char *buf)
718{
719 struct tee_device *teedev = container_of(dev, struct tee_device, dev);
720 struct tee_ioctl_version_data vers;
721
722 teedev->desc->ops->get_version(teedev, &vers);
723 return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id);
724}
725static DEVICE_ATTR_RO(implementation_id);
726
727static struct attribute *tee_dev_attrs[] = {
728 &dev_attr_implementation_id.attr,
729 NULL
730};
731
732static const struct attribute_group tee_dev_group = {
733 .attrs = tee_dev_attrs,
734};
735
736/**
737 * tee_device_register() - Registers a TEE device
738 * @teedev: Device to register
739 *
740 * tee_device_unregister() need to be called to remove the @teedev if
741 * this function fails.
742 *
743 * @returns < 0 on failure
744 */
745int tee_device_register(struct tee_device *teedev)
746{
747 int rc;
748
749 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
750 dev_err(&teedev->dev, "attempt to register twice\n");
751 return -EINVAL;
752 }
753
754 rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1);
755 if (rc) {
756 dev_err(&teedev->dev,
757 "unable to cdev_add() %s, major %d, minor %d, err=%d\n",
758 teedev->name, MAJOR(teedev->dev.devt),
759 MINOR(teedev->dev.devt), rc);
760 return rc;
761 }
762
763 rc = device_add(&teedev->dev);
764 if (rc) {
765 dev_err(&teedev->dev,
766 "unable to device_add() %s, major %d, minor %d, err=%d\n",
767 teedev->name, MAJOR(teedev->dev.devt),
768 MINOR(teedev->dev.devt), rc);
769 goto err_device_add;
770 }
771
772 rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group);
773 if (rc) {
774 dev_err(&teedev->dev,
775 "failed to create sysfs attributes, err=%d\n", rc);
776 goto err_sysfs_create_group;
777 }
778
779 teedev->flags |= TEE_DEVICE_FLAG_REGISTERED;
780 return 0;
781
782err_sysfs_create_group:
783 device_del(&teedev->dev);
784err_device_add:
785 cdev_del(&teedev->cdev);
786 return rc;
787}
788EXPORT_SYMBOL_GPL(tee_device_register);
789
790void tee_device_put(struct tee_device *teedev)
791{
792 mutex_lock(&teedev->mutex);
793 /* Shouldn't put in this state */
794 if (!WARN_ON(!teedev->desc)) {
795 teedev->num_users--;
796 if (!teedev->num_users) {
797 teedev->desc = NULL;
798 complete(&teedev->c_no_users);
799 }
800 }
801 mutex_unlock(&teedev->mutex);
802}
803
804bool tee_device_get(struct tee_device *teedev)
805{
806 mutex_lock(&teedev->mutex);
807 if (!teedev->desc) {
808 mutex_unlock(&teedev->mutex);
809 return false;
810 }
811 teedev->num_users++;
812 mutex_unlock(&teedev->mutex);
813 return true;
814}
815
816/**
817 * tee_device_unregister() - Removes a TEE device
818 * @teedev: Device to unregister
819 *
820 * This function should be called to remove the @teedev even if
821 * tee_device_register() hasn't been called yet. Does nothing if
822 * @teedev is NULL.
823 */
824void tee_device_unregister(struct tee_device *teedev)
825{
826 if (!teedev)
827 return;
828
829 if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
830 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group);
831 cdev_del(&teedev->cdev);
832 device_del(&teedev->dev);
833 }
834
835 tee_device_put(teedev);
836 wait_for_completion(&teedev->c_no_users);
837
838 /*
839 * No need to take a mutex any longer now since teedev->desc was
840 * set to NULL before teedev->c_no_users was completed.
841 */
842
843 teedev->pool = NULL;
844
845 put_device(&teedev->dev);
846}
847EXPORT_SYMBOL_GPL(tee_device_unregister);
848
849/**
850 * tee_get_drvdata() - Return driver_data pointer
851 * @teedev: Device containing the driver_data pointer
852 * @returns the driver_data pointer supplied to tee_register().
853 */
854void *tee_get_drvdata(struct tee_device *teedev)
855{
856 return dev_get_drvdata(&teedev->dev);
857}
858EXPORT_SYMBOL_GPL(tee_get_drvdata);
859
860static int __init tee_init(void)
861{
862 int rc;
863
864 tee_class = class_create(THIS_MODULE, "tee");
865 if (IS_ERR(tee_class)) {
866 pr_err("couldn't create class\n");
867 return PTR_ERR(tee_class);
868 }
869
870 rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee");
871 if (rc) {
872 pr_err("failed to allocate char dev region\n");
873 class_destroy(tee_class);
874 tee_class = NULL;
875 }
876
877 return rc;
878}
879
880static void __exit tee_exit(void)
881{
882 class_destroy(tee_class);
883 tee_class = NULL;
884 unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
885}
886
887subsys_initcall(tee_init);
888module_exit(tee_exit);
889
890MODULE_AUTHOR("Linaro");
891MODULE_DESCRIPTION("TEE Driver");
892MODULE_VERSION("1.0");
893MODULE_LICENSE("GPL v2");