2 * Copyright (c) 2014, STMicroelectronics International N.V.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
15 #include <linux/module.h>
16 #include <linux/kernel.h>
17 #include <linux/init.h>
18 #include <linux/platform_device.h>
20 #include <linux/sched.h>
21 #include <linux/jiffies.h>
23 #include <linux/tee_core.h>
24 #include <linux/tee_ioc.h>
26 #include <asm/smp_plat.h>
28 #include <tee_supp_com.h>
29 #include <tee_mutex_wait.h>
30 #include <tee_wait_queue.h>
32 #include <arm_common/teesmc.h>
33 #include <arm_common/teesmc_st.h>
35 #include <linux/cpumask.h>
38 #include "tee_tz_op.h"
39 #include "tee_tz_priv.h"
42 #ifdef CONFIG_OUTER_CACHE
43 #undef CONFIG_OUTER_CACHE
46 /* #define SWITCH_CPU0_DEBUG */
48 #define _TEE_TZ_NAME "armtz"
49 #define DEV (ptee->tee->dev)
51 /* #define TEE_STRESS_OUTERCACHE_FLUSH */
53 /* magic config: bit 1 is set, Secure TEE shall handler NSec IRQs */
54 #define SEC_ROM_NO_FLAG_MASK 0x0000
55 #define SEC_ROM_IRQ_ENABLE_MASK 0x0001
56 #define SEC_ROM_DEFAULT SEC_ROM_IRQ_ENABLE_MASK
57 #define TEE_RETURN_BUSY 0x3
58 #define ALLOC_ALIGN SZ_4K
60 #define CAPABLE(tee) !(tee->conf & TEE_CONF_FW_NOT_CAPABLE)
62 static struct tee_tz *tee_tz;
64 static struct handle_db shm_handle_db = HANDLE_DB_INITIALIZER;
67 /* Temporary workaround until we're only using post 3.13 kernels */
69 #define ioremap_cache ioremap_cached
73 /*******************************************************************
75 *******************************************************************/
76 #ifdef SWITCH_CPU0_DEBUG
78 static long switch_cpumask_to_cpu0(cpumask_t *saved_cpu_mask)
82 cpumask_t local_cpu_mask = CPU_MASK_NONE;
83 cpumask_set_cpu(0, &local_cpu_mask);
84 cpumask_copy(saved_cpu_mask, tsk_cpus_allowed(current));
85 ret = sched_setaffinity(0, &local_cpu_mask);
87 pr_err("%s:->%ld,cpu:%d\n", __func__, ret, smp_processor_id());
91 static long restore_cpumask(cpumask_t *saved_cpu_mask)
95 ret = sched_setaffinity(0, saved_cpu_mask);
97 pr_err("%s:->%ld,cpu:%d\n", __func__, ret, smp_processor_id());
101 static inline long switch_cpumask_to_cpu0(cpumask_t *saved_cpu_mask)
103 static inline long restore_cpumask(cpumask_t *saved_cpu_mask)
106 static long tee_smc_call_switchcpu0(struct smc_param *param)
109 cpumask_t saved_cpu_mask;
111 ret = switch_cpumask_to_cpu0(&saved_cpu_mask);
115 ret = restore_cpumask(&saved_cpu_mask);
120 #endif /* SWITCH_CPU0_DEBUG */
122 static void e_lock_teez(struct tee_tz *ptee)
124 mutex_lock(&ptee->mutex);
127 static void e_lock_wait_completion_teez(struct tee_tz *ptee)
130 * Release the lock until "something happens" and then reacquire it
133 * This is needed when TEE returns "busy" and we need to try again
137 mutex_unlock(&ptee->mutex);
139 * Wait at most one second. Secure world is normally never busy
140 * more than that so we should normally never timeout.
142 wait_for_completion_timeout(&ptee->c, HZ);
143 mutex_lock(&ptee->mutex);
147 static void e_unlock_teez(struct tee_tz *ptee)
150 * If at least one thread is waiting for "something to happen" let
151 * one thread know that "something has happened".
155 mutex_unlock(&ptee->mutex);
158 static void handle_rpc_func_cmd_mutex_wait(struct tee_tz *ptee,
159 struct teesmc32_arg *arg32)
161 struct teesmc32_param *params;
163 if (arg32->num_params != 2)
166 params = TEESMC32_GET_PARAMS(arg32);
168 if ((params[0].attr & TEESMC_ATTR_TYPE_MASK) !=
169 TEESMC_ATTR_TYPE_VALUE_INPUT)
171 if ((params[1].attr & TEESMC_ATTR_TYPE_MASK) !=
172 TEESMC_ATTR_TYPE_VALUE_INPUT)
175 switch (params[0].u.value.a) {
176 case TEE_MUTEX_WAIT_SLEEP:
177 tee_mutex_wait_sleep(DEV, &ptee->mutex_wait,
179 params[1].u.value.b);
181 case TEE_MUTEX_WAIT_WAKEUP:
182 tee_mutex_wait_wakeup(DEV, &ptee->mutex_wait,
184 params[1].u.value.b);
186 case TEE_MUTEX_WAIT_DELETE:
187 tee_mutex_wait_delete(DEV, &ptee->mutex_wait,
188 params[1].u.value.a);
194 arg32->ret = TEEC_SUCCESS;
197 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
200 static void handle_rpc_func_cmd_wait_queue(struct tee_tz *ptee,
201 struct teesmc32_arg *arg32)
203 struct teesmc32_param *params;
205 if (arg32->num_params != 2)
208 params = TEESMC32_GET_PARAMS(arg32);
210 if ((params[0].attr & TEESMC_ATTR_TYPE_MASK) !=
211 TEESMC_ATTR_TYPE_VALUE_INPUT)
213 if ((params[1].attr & TEESMC_ATTR_TYPE_MASK) !=
214 TEESMC_ATTR_TYPE_NONE)
217 switch (arg32->cmd) {
218 case TEE_RPC_WAIT_QUEUE_SLEEP:
219 tee_wait_queue_sleep(DEV, &ptee->wait_queue,
220 params[0].u.value.a);
222 case TEE_RPC_WAIT_QUEUE_WAKEUP:
223 tee_wait_queue_wakeup(DEV, &ptee->wait_queue,
224 params[0].u.value.a);
230 arg32->ret = TEEC_SUCCESS;
233 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
238 static void handle_rpc_func_cmd_wait(struct teesmc32_arg *arg32)
240 struct teesmc32_param *params;
243 if (arg32->num_params != 1)
246 params = TEESMC32_GET_PARAMS(arg32);
247 msec_to_wait = params[0].u.value.a;
249 /* set task's state to interruptible sleep */
250 set_current_state(TASK_INTERRUPTIBLE);
253 schedule_timeout(msecs_to_jiffies(msec_to_wait));
255 arg32->ret = TEEC_SUCCESS;
258 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
261 static void handle_rpc_func_cmd_to_supplicant(struct tee_tz *ptee,
262 struct teesmc32_arg *arg32)
264 struct teesmc32_param *params;
265 struct tee_rpc_invoke inv;
269 if (arg32->num_params > TEE_RPC_BUFFER_NUMBER) {
270 arg32->ret = TEEC_ERROR_GENERIC;
274 params = TEESMC32_GET_PARAMS(arg32);
276 memset(&inv, 0, sizeof(inv));
277 inv.cmd = arg32->cmd;
279 * Set a suitable error code in case tee-supplicant
280 * ignores the request.
282 inv.res = TEEC_ERROR_NOT_IMPLEMENTED;
283 inv.nbr_bf = arg32->num_params;
284 for (n = 0; n < arg32->num_params; n++) {
285 switch (params[n].attr & TEESMC_ATTR_TYPE_MASK) {
286 case TEESMC_ATTR_TYPE_VALUE_INPUT:
287 case TEESMC_ATTR_TYPE_VALUE_INOUT:
288 inv.cmds[n].fd = (int)params[n].u.value.a;
290 case TEESMC_ATTR_TYPE_VALUE_OUTPUT:
291 inv.cmds[n].type = TEE_RPC_VALUE;
293 case TEESMC_ATTR_TYPE_MEMREF_INPUT:
294 case TEESMC_ATTR_TYPE_MEMREF_OUTPUT:
295 case TEESMC_ATTR_TYPE_MEMREF_INOUT:
297 (void *)(uintptr_t)params[n].u.memref.buf_ptr;
298 inv.cmds[n].size = params[n].u.memref.size;
299 inv.cmds[n].type = TEE_RPC_BUFFER;
302 arg32->ret = TEEC_ERROR_GENERIC;
307 ret = tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_INVOKE,
309 if (ret == TEEC_RPC_OK)
310 arg32->ret = inv.res;
312 for (n = 0; n < arg32->num_params; n++) {
313 switch (params[n].attr & TEESMC_ATTR_TYPE_MASK) {
314 case TEESMC_ATTR_TYPE_MEMREF_OUTPUT:
315 case TEESMC_ATTR_TYPE_MEMREF_INOUT:
317 * Allow supplicant to assign a new pointer
318 * to an out-buffer. Needed when the
319 * supplicant allocates a new buffer, for
320 * instance when loading a TA.
322 params[n].u.memref.buf_ptr =
323 (uint32_t)(uintptr_t)inv.cmds[n].buffer;
324 params[n].u.memref.size = inv.cmds[n].size;
326 case TEESMC_ATTR_TYPE_VALUE_OUTPUT:
327 case TEESMC_ATTR_TYPE_VALUE_INOUT:
328 params[n].u.value.a = inv.cmds[n].fd;
336 static void handle_rpc_func_cmd(struct tee_tz *ptee, u32 parg32)
338 struct teesmc32_arg *arg32;
340 arg32 = tee_shm_pool_p2v(DEV, ptee->shm_pool, parg32);
344 switch (arg32->cmd) {
345 case TEE_RPC_MUTEX_WAIT:
346 handle_rpc_func_cmd_mutex_wait(ptee, arg32);
348 case TEE_RPC_WAIT_QUEUE_SLEEP:
349 case TEE_RPC_WAIT_QUEUE_WAKEUP:
350 handle_rpc_func_cmd_wait_queue(ptee, arg32);
353 handle_rpc_func_cmd_wait(arg32);
356 handle_rpc_func_cmd_to_supplicant(ptee, arg32);
360 static struct tee_shm *handle_rpc_alloc(struct tee_tz *ptee, size_t size)
362 struct tee_rpc_alloc rpc_alloc;
364 rpc_alloc.size = size;
365 tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_ALLOCATE,
366 &rpc_alloc, sizeof(rpc_alloc));
367 return rpc_alloc.shm;
370 static void handle_rpc_free(struct tee_tz *ptee, struct tee_shm *shm)
372 struct tee_rpc_free rpc_free;
377 tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_FREE, &rpc_free, sizeof(rpc_free));
380 static u32 handle_rpc(struct tee_tz *ptee, struct smc_param *param)
385 switch (TEESMC_RETURN_GET_RPC_FUNC(param->a0)) {
386 case TEESMC_RPC_FUNC_ALLOC_ARG:
387 param->a1 = tee_shm_pool_alloc(DEV, ptee->shm_pool,
390 case TEESMC_RPC_FUNC_ALLOC_PAYLOAD:
391 /* Can't support payload shared memory with this interface */
394 case TEESMC_RPC_FUNC_FREE_ARG:
395 tee_shm_pool_free(DEV, ptee->shm_pool, param->a1, 0);
397 case TEESMC_RPC_FUNC_FREE_PAYLOAD:
398 /* Can't support payload shared memory with this interface */
400 case TEESMC_ST_RPC_FUNC_ALLOC_PAYLOAD:
401 shm = handle_rpc_alloc(ptee, param->a1);
402 if (IS_ERR_OR_NULL(shm)) {
406 cookie = handle_get(&shm_handle_db, shm);
408 handle_rpc_free(ptee, shm);
412 param->a1 = shm->paddr;
415 case TEESMC_ST_RPC_FUNC_FREE_PAYLOAD:
416 shm = handle_put(&shm_handle_db, param->a1);
417 handle_rpc_free(ptee, shm);
419 case TEESMC_RPC_FUNC_IRQ:
421 case TEESMC_RPC_FUNC_CMD:
422 handle_rpc_func_cmd(ptee, param->a1);
425 dev_warn(DEV, "Unknown RPC func 0x%x\n",
426 (u32)TEESMC_RETURN_GET_RPC_FUNC(param->a0));
431 return TEESMC32_FASTCALL_RETURN_FROM_RPC;
433 return TEESMC32_CALL_RETURN_FROM_RPC;
436 static void call_tee(struct tee_tz *ptee,
437 uintptr_t parg32, struct teesmc32_arg *arg32)
441 struct smc_param param = { 0 };
444 funcid = TEESMC32_FASTCALL_WITH_ARG;
446 funcid = TEESMC32_CALL_WITH_ARG;
449 * Commented out elements used to visualize the layout dynamic part
450 * of the struct. Note that these fields are not available at all
451 * if num_params == 0.
453 * params is accessed through the macro TEESMC32_GET_PARAMS
456 /* struct teesmc32_param params[num_params]; */
464 #ifdef SWITCH_CPU0_DEBUG
465 if (tee_smc_call_switchcpu0(¶m))
468 tee_smc_call(¶m);
472 if (ret == TEESMC_RETURN_ETHREAD_LIMIT) {
474 * Since secure world is out of threads, release the
475 * lock we had when entering this function and wait
476 * for "something to happen" (something else to
477 * exit from secure world and needed resources may
478 * have become available).
480 e_lock_wait_completion_teez(ptee);
481 } else if (TEESMC_RETURN_IS_RPC(ret)) {
482 /* Process the RPC. */
484 funcid = handle_rpc(ptee, ¶m);
493 case TEESMC_RETURN_UNKNOWN_FUNCTION:
495 case TEESMC_RETURN_OK:
496 /* arg32->ret set by secure world */
499 /* Should not happen */
500 arg32->ret = TEEC_ERROR_COMMUNICATION;
501 arg32->ret_origin = TEEC_ORIGIN_COMMS;
506 /*******************************************************************
507 * TEE service invoke formating
508 *******************************************************************/
510 /* allocate tee service argument buffer and return virtual address */
511 static void *alloc_tee_arg(struct tee_tz *ptee, unsigned long *p, size_t l)
515 BUG_ON(!CAPABLE(ptee->tee));
517 if ((p == NULL) || (l == 0))
520 /* assume a 4 bytes aligned is sufficient */
521 *p = tee_shm_pool_alloc(DEV, ptee->shm_pool, l, ALLOC_ALIGN);
525 vaddr = tee_shm_pool_p2v(DEV, ptee->shm_pool, *p);
527 dev_dbg(DEV, "< %p\n", vaddr);
532 /* free tee service argument buffer (from its physical address) */
533 static void free_tee_arg(struct tee_tz *ptee, unsigned long p)
536 BUG_ON(!CAPABLE(ptee->tee));
539 tee_shm_pool_free(DEV, ptee->shm_pool, p, 0);
544 static uint32_t get_cache_attrs(struct tee_tz *ptee)
546 if (tee_shm_pool_is_cached(ptee->shm_pool))
547 return TEESMC_ATTR_CACHE_DEFAULT << TEESMC_ATTR_CACHE_SHIFT;
549 return TEESMC_ATTR_CACHE_NONCACHE << TEESMC_ATTR_CACHE_SHIFT;
552 static uint32_t param_type_teec2teesmc(uint8_t type)
556 return TEESMC_ATTR_TYPE_NONE;
557 case TEEC_VALUE_INPUT:
558 return TEESMC_ATTR_TYPE_VALUE_INPUT;
559 case TEEC_VALUE_OUTPUT:
560 return TEESMC_ATTR_TYPE_VALUE_OUTPUT;
561 case TEEC_VALUE_INOUT:
562 return TEESMC_ATTR_TYPE_VALUE_INOUT;
563 case TEEC_MEMREF_TEMP_INPUT:
564 case TEEC_MEMREF_PARTIAL_INPUT:
565 return TEESMC_ATTR_TYPE_MEMREF_INPUT;
566 case TEEC_MEMREF_TEMP_OUTPUT:
567 case TEEC_MEMREF_PARTIAL_OUTPUT:
568 return TEESMC_ATTR_TYPE_MEMREF_OUTPUT;
569 case TEEC_MEMREF_WHOLE:
570 case TEEC_MEMREF_TEMP_INOUT:
571 case TEEC_MEMREF_PARTIAL_INOUT:
572 return TEESMC_ATTR_TYPE_MEMREF_INOUT;
579 static void set_params(struct tee_tz *ptee,
580 struct teesmc32_param params32[TEEC_CONFIG_PAYLOAD_REF_COUNT],
581 uint32_t param_types,
582 struct tee_data *data)
588 for (n = 0; n < TEEC_CONFIG_PAYLOAD_REF_COUNT; n++) {
589 uint32_t type = TEEC_PARAM_TYPE_GET(param_types, n);
591 params32[n].attr = param_type_teec2teesmc(type);
592 if (params32[n].attr == TEESMC_ATTR_TYPE_NONE)
594 if (params32[n].attr < TEESMC_ATTR_TYPE_MEMREF_INPUT) {
595 value = (TEEC_Value *)&data->params[n];
596 params32[n].u.value.a = value->a;
597 params32[n].u.value.b = value->b;
600 shm = data->params[n].shm;
601 params32[n].attr |= get_cache_attrs(ptee);
602 params32[n].u.memref.buf_ptr = shm->paddr;
603 params32[n].u.memref.size = shm->size_req;
607 static void get_params(struct tee_data *data,
608 struct teesmc32_param params32[TEEC_CONFIG_PAYLOAD_REF_COUNT])
614 for (n = 0; n < TEEC_CONFIG_PAYLOAD_REF_COUNT; n++) {
615 if (params32[n].attr == TEESMC_ATTR_TYPE_NONE)
617 if (params32[n].attr < TEESMC_ATTR_TYPE_MEMREF_INPUT) {
618 value = &data->params[n].value;
619 value->a = params32[n].u.value.a;
620 value->b = params32[n].u.value.b;
623 shm = data->params[n].shm;
624 shm->size_req = params32[n].u.memref.size;
630 * tee_open_session - invoke TEE to open a GP TEE session
632 static int tz_open(struct tee_session *sess, struct tee_cmd *cmd)
638 struct teesmc32_arg *arg32;
639 struct teesmc32_param *params32;
640 struct teesmc_meta_open_session *meta;
647 BUG_ON(!sess->ctx->tee);
648 BUG_ON(!sess->ctx->tee->priv);
649 tee = sess->ctx->tee;
653 uuid = cmd->uuid->kaddr;
657 dev_dbg(tee->dev, "> ta kaddr %p, uuid=%08x-%04x-%04x\n",
658 (cmd->ta) ? cmd->ta->kaddr : NULL,
659 ((uuid) ? uuid->timeLow : 0xDEAD),
660 ((uuid) ? uuid->timeMid : 0xDEAD),
661 ((uuid) ? uuid->timeHiAndVersion : 0xDEAD));
663 if (!CAPABLE(ptee->tee)) {
664 dev_dbg(tee->dev, "< not capable\n");
668 /* case ta binary is inside the open request */
675 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(
676 TEEC_CONFIG_PAYLOAD_REF_COUNT + num_meta));
677 meta = alloc_tee_arg(ptee, &pmeta, sizeof(*meta));
679 if ((arg32 == NULL) || (meta == NULL)) {
680 free_tee_arg(ptee, parg32);
681 free_tee_arg(ptee, pmeta);
682 return TEEC_ERROR_OUT_OF_MEMORY;
685 memset(arg32, 0, sizeof(*arg32));
686 memset(meta, 0, sizeof(*meta));
687 arg32->num_params = TEEC_CONFIG_PAYLOAD_REF_COUNT + num_meta;
688 params32 = TEESMC32_GET_PARAMS(arg32);
690 arg32->cmd = TEESMC_CMD_OPEN_SESSION;
692 params32[0].u.memref.buf_ptr = pmeta;
693 params32[0].u.memref.size = sizeof(*meta);
694 params32[0].attr = TEESMC_ATTR_TYPE_MEMREF_INPUT |
695 TEESMC_ATTR_META | get_cache_attrs(ptee);
698 params32[1].u.memref.buf_ptr =
699 tee_shm_pool_v2p(DEV, ptee->shm_pool, cmd->ta->kaddr);
700 params32[1].u.memref.size = cmd->ta->size_req;
701 params32[1].attr = TEESMC_ATTR_TYPE_MEMREF_INPUT |
702 TEESMC_ATTR_META | get_cache_attrs(ptee);
706 memcpy(meta->uuid, uuid, TEESMC_UUID_LEN);
707 meta->clnt_login = 0; /* FIXME: is this reliable ? used ? */
709 params32 += num_meta;
710 set_params(ptee, params32, cmd->param.type, &cmd->param);
712 call_tee(ptee, parg32, arg32);
714 get_params(&cmd->param, params32);
716 if (arg32->ret != TEEC_ERROR_COMMUNICATION) {
717 sess->sessid = arg32->session;
718 cmd->err = arg32->ret;
719 cmd->origin = arg32->ret_origin;
723 free_tee_arg(ptee, parg32);
724 free_tee_arg(ptee, pmeta);
726 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
731 * tee_invoke_command - invoke TEE to invoke a GP TEE command
733 static int tz_invoke(struct tee_session *sess, struct tee_cmd *cmd)
739 struct teesmc32_arg *arg32;
741 struct teesmc32_param *params32;
743 BUG_ON(!sess->ctx->tee);
744 BUG_ON(!sess->ctx->tee->priv);
745 tee = sess->ctx->tee;
748 dev_dbg(DEV, "> sessid %x cmd %x type %x\n",
749 sess->sessid, cmd->cmd, cmd->param.type);
752 dev_dbg(tee->dev, "< not capable\n");
756 arg32 = (typeof(arg32))alloc_tee_arg(ptee, &parg32,
757 TEESMC32_GET_ARG_SIZE(TEEC_CONFIG_PAYLOAD_REF_COUNT));
759 free_tee_arg(ptee, parg32);
760 return TEEC_ERROR_OUT_OF_MEMORY;
763 memset(arg32, 0, sizeof(*arg32));
764 arg32->num_params = TEEC_CONFIG_PAYLOAD_REF_COUNT;
765 params32 = TEESMC32_GET_PARAMS(arg32);
767 arg32->cmd = TEESMC_CMD_INVOKE_COMMAND;
768 arg32->session = sess->sessid;
769 arg32->ta_func = cmd->cmd;
771 set_params(ptee, params32, cmd->param.type, &cmd->param);
773 call_tee(ptee, parg32, arg32);
775 get_params(&cmd->param, params32);
777 if (arg32->ret != TEEC_ERROR_COMMUNICATION) {
778 cmd->err = arg32->ret;
779 cmd->origin = arg32->ret_origin;
783 free_tee_arg(ptee, parg32);
785 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
790 * tee_cancel_command - invoke TEE to cancel a GP TEE command
792 static int tz_cancel(struct tee_session *sess, struct tee_cmd *cmd)
798 struct teesmc32_arg *arg32;
801 BUG_ON(!sess->ctx->tee);
802 BUG_ON(!sess->ctx->tee->priv);
803 tee = sess->ctx->tee;
806 dev_dbg(DEV, "cancel on sessid=%08x\n", sess->sessid);
808 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(0));
810 free_tee_arg(ptee, parg32);
811 return TEEC_ERROR_OUT_OF_MEMORY;
814 memset(arg32, 0, sizeof(*arg32));
815 arg32->cmd = TEESMC_CMD_CANCEL;
816 arg32->session = sess->sessid;
818 call_tee(ptee, parg32, arg32);
820 if (arg32->ret == TEEC_ERROR_COMMUNICATION)
823 free_tee_arg(ptee, parg32);
825 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
830 * tee_close_session - invoke TEE to close a GP TEE session
832 static int tz_close(struct tee_session *sess)
838 struct teesmc32_arg *arg32;
841 BUG_ON(!sess->ctx->tee);
842 BUG_ON(!sess->ctx->tee->priv);
843 tee = sess->ctx->tee;
846 dev_dbg(DEV, "close on sessid=%08x\n", sess->sessid);
849 dev_dbg(tee->dev, "< not capable\n");
853 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(0));
855 free_tee_arg(ptee, parg32);
856 return TEEC_ERROR_OUT_OF_MEMORY;
859 dev_dbg(DEV, "> [%x]\n", sess->sessid);
861 memset(arg32, 0, sizeof(*arg32));
862 arg32->cmd = TEESMC_CMD_CLOSE_SESSION;
863 arg32->session = sess->sessid;
865 call_tee(ptee, parg32, arg32);
867 if (arg32->ret == TEEC_ERROR_COMMUNICATION)
870 free_tee_arg(ptee, parg32);
872 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
876 static struct tee_shm *tz_alloc(struct tee *tee, size_t size, uint32_t flags)
878 struct tee_shm *shm = NULL;
884 dev_dbg(DEV, "%s: s=%d,flags=0x%08x\n", __func__, (int)size, flags);
886 /* comment due to #6357
887 * if ( (flags & ~(tee->shm_flags | TEE_SHM_MAPPED
888 * | TEE_SHM_TEMP | TEE_SHM_FROM_RPC)) != 0 ) {
889 dev_err(tee->dev, "%s: flag parameter is invalid\n", __func__);
890 return ERR_PTR(-EINVAL);
893 size_aligned = ((size / SZ_4K) + 1) * SZ_4K;
894 if (unlikely(size_aligned == 0)) {
895 dev_err(DEV, "[%s] requested size too big\n", __func__);
899 shm = devm_kzalloc(tee->dev, sizeof(struct tee_shm), GFP_KERNEL);
901 dev_err(tee->dev, "%s: kzalloc failed\n", __func__);
902 return ERR_PTR(-ENOMEM);
905 shm->size_alloc = ((size / SZ_4K) + 1) * SZ_4K;
906 shm->size_req = size;
907 shm->paddr = tee_shm_pool_alloc(tee->dev, ptee->shm_pool,
908 shm->size_alloc, ALLOC_ALIGN);
910 dev_err(tee->dev, "%s: cannot alloc memory, size 0x%lx\n",
911 __func__, (unsigned long)shm->size_alloc);
912 devm_kfree(tee->dev, shm);
913 return ERR_PTR(-ENOMEM);
915 shm->kaddr = tee_shm_pool_p2v(tee->dev, ptee->shm_pool, shm->paddr);
917 dev_err(tee->dev, "%s: p2v(%pad)=0\n", __func__,
919 tee_shm_pool_free(tee->dev, ptee->shm_pool, shm->paddr, NULL);
920 devm_kfree(tee->dev, shm);
921 return ERR_PTR(-EFAULT);
924 if (ptee->shm_cached)
925 shm->flags |= TEE_SHM_CACHED;
927 dev_dbg(tee->dev, "%s: kaddr=%p, paddr=%pad, shm=%p, size %x:%x\n",
928 __func__, shm->kaddr, &shm->paddr, shm,
929 (unsigned int)shm->size_req, (unsigned int)shm->size_alloc);
934 static void tz_free(struct tee_shm *shm)
942 BUG_ON(!shm->tee->priv);
946 dev_dbg(tee->dev, "%s: shm=%p\n", __func__, shm);
948 ret = tee_shm_pool_free(tee->dev, ptee->shm_pool, shm->paddr, &size);
950 devm_kfree(tee->dev, shm);
955 static int tz_shm_inc_ref(struct tee_shm *shm)
961 BUG_ON(!shm->tee->priv);
965 return tee_shm_pool_incref(tee->dev, ptee->shm_pool, shm->paddr);
968 /******************************************************************************/
970 static void tee_get_status(struct tee_tz *ptee)
973 struct tee_msg_send *arg;
974 struct tee_core_status_out *res;
975 unsigned long parg, pres;
977 if (!CAPABLE(ptee->tee))
980 arg = (typeof(arg))alloc_tee_arg(ptee, &parg, sizeof(*arg));
981 res = (typeof(res))alloc_tee_arg(ptee, &pres, sizeof(*res));
983 if ((arg == NULL) || (res == NULL)) {
984 dev_err(DEV, "TZ outercache mutex error: alloc shm failed\n");
988 memset(arg, 0, sizeof(*arg));
989 memset(res, 0, sizeof(*res));
990 arg->service = ISSWAPI_TEE_GET_CORE_STATUS;
991 ret = send_and_wait(ptee, ISSWAPI_TEE_GET_CORE_STATUS, SEC_ROM_DEFAULT,
993 if (ret != TEEC_SUCCESS) {
994 dev_warn(DEV, "get statuc failed\n");
998 pr_info("TEETZ Firmware status:\n");
999 pr_info("%s", res->raw);
1002 free_tee_arg(ptee, parg);
1003 free_tee_arg(ptee, pres);
1006 #ifdef CONFIG_OUTER_CACHE
1008 * Synchronised outer cache maintenance support
1010 #ifndef CONFIG_ARM_TZ_SUPPORT
1011 /* weak outer_tz_mutex in case not supported by kernel */
1012 bool __weak outer_tz_mutex(unsigned long *p)
1014 pr_err("weak outer_tz_mutex");
1021 /* register_outercache_mutex - Negotiate/Disable outer cache shared mutex */
1022 static int register_outercache_mutex(struct tee_tz *ptee, bool reg)
1024 unsigned long *vaddr = NULL;
1026 struct smc_param param;
1027 uintptr_t paddr = 0;
1029 dev_dbg(ptee->tee->dev, ">\n");
1030 BUG_ON(!CAPABLE(ptee->tee));
1032 if ((reg == true) && (ptee->tz_outer_cache_mutex != NULL)) {
1033 dev_err(DEV, "outer cache shared mutex already registered\n");
1036 if ((reg == false) && (ptee->tz_outer_cache_mutex == NULL))
1039 mutex_lock(&ptee->mutex);
1042 vaddr = ptee->tz_outer_cache_mutex;
1043 ptee->tz_outer_cache_mutex = NULL;
1047 memset(¶m, 0, sizeof(param));
1048 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1049 param.a1 = TEESMC_ST_L2CC_MUTEX_GET_ADDR;
1050 #ifdef SWITCH_CPU0_DEBUG
1051 ret = tee_smc_call_switchcpu0(¶m);
1055 tee_smc_call(¶m);
1058 if (param.a0 != TEESMC_RETURN_OK) {
1059 dev_warn(DEV, "no TZ l2cc mutex service supported\n");
1063 dev_dbg(DEV, "outer cache shared mutex paddr 0x%lx\n", paddr);
1065 vaddr = ioremap_cache(paddr, sizeof(u32));
1066 if (vaddr == NULL) {
1067 dev_warn(DEV, "TZ l2cc mutex disabled: ioremap failed\n");
1072 dev_dbg(DEV, "outer cache shared mutex vaddr %p\n", vaddr);
1073 if (outer_tz_mutex(vaddr) == false) {
1074 dev_warn(DEV, "TZ l2cc mutex disabled: outer cache refused\n");
1078 memset(¶m, 0, sizeof(param));
1079 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1080 param.a1 = TEESMC_ST_L2CC_MUTEX_ENABLE;
1081 #ifdef SWITCH_CPU0_DEBUG
1082 ret = tee_smc_call_switchcpu0(¶m);
1086 tee_smc_call(¶m);
1089 if (param.a0 != TEESMC_RETURN_OK) {
1091 dev_warn(DEV, "TZ l2cc mutex disabled: TZ enable failed\n");
1094 ptee->tz_outer_cache_mutex = vaddr;
1097 if (ptee->tz_outer_cache_mutex == NULL) {
1098 memset(¶m, 0, sizeof(param));
1099 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1100 param.a1 = TEESMC_ST_L2CC_MUTEX_DISABLE;
1101 #ifdef SWITCH_CPU0_DEBUG
1102 ret = tee_smc_call_switchcpu0(¶m);
1104 mutex_unlock(&ptee->mutex);
1108 tee_smc_call(¶m);
1110 outer_tz_mutex(NULL);
1113 dev_dbg(DEV, "outer cache shared mutex disabled\n");
1116 mutex_unlock(&ptee->mutex);
1117 dev_dbg(DEV, "< teetz outer mutex: ret=%d pa=0x%lX va=0x%p %sabled\n",
1118 ret, paddr, vaddr, ptee->tz_outer_cache_mutex ? "en" : "dis");
1123 /* configure_shm - Negotiate Shared Memory configuration with teetz. */
1124 static int configure_shm(struct tee_tz *ptee)
1126 struct smc_param param = { 0 };
1127 size_t shm_size = -1;
1130 dev_dbg(DEV, ">\n");
1131 BUG_ON(!CAPABLE(ptee->tee));
1133 mutex_lock(&ptee->mutex);
1134 param.a0 = TEESMC32_ST_FASTCALL_GET_SHM_CONFIG;
1135 #ifdef SWITCH_CPU0_DEBUG
1136 ret = tee_smc_call_switchcpu0(¶m);
1138 mutex_unlock(&ptee->mutex);
1142 tee_smc_call(¶m);
1144 mutex_unlock(&ptee->mutex);
1146 if (param.a0 != TEESMC_RETURN_OK) {
1147 dev_err(DEV, "shm service not available: %X", (uint)param.a0);
1152 ptee->shm_paddr = param.a1;
1153 shm_size = param.a2;
1154 ptee->shm_cached = (bool)param.a3;
1156 if (ptee->shm_cached)
1157 ptee->shm_vaddr = ioremap_cache(ptee->shm_paddr, shm_size);
1159 ptee->shm_vaddr = ioremap_nocache(ptee->shm_paddr, shm_size);
1161 if (ptee->shm_vaddr == NULL) {
1162 dev_err(DEV, "shm ioremap failed\n");
1167 ptee->shm_pool = tee_shm_pool_create(DEV, shm_size,
1168 ptee->shm_vaddr, ptee->shm_paddr);
1170 if (!ptee->shm_pool) {
1171 dev_err(DEV, "shm pool creation failed (%zu)", shm_size);
1176 if (ptee->shm_cached)
1177 tee_shm_pool_set_cached(ptee->shm_pool);
1179 dev_dbg(DEV, "< ret=%d pa=0x%lX va=0x%p size=%zu, %scached",
1180 ret, ptee->shm_paddr, ptee->shm_vaddr, shm_size,
1181 (ptee->shm_cached == 1) ? "" : "un");
1186 /******************************************************************************/
1188 static int tz_start(struct tee *tee)
1190 struct tee_tz *ptee;
1193 BUG_ON(!tee || !tee->priv);
1194 dev_dbg(tee->dev, ">\n");
1195 if (!CAPABLE(tee)) {
1196 dev_dbg(tee->dev, "< not capable\n");
1201 BUG_ON(ptee->started);
1202 ptee->started = true;
1204 ret = configure_shm(ptee);
1209 #ifdef CONFIG_OUTER_CACHE
1210 ret = register_outercache_mutex(ptee, true);
1217 ptee->started = false;
1219 dev_dbg(tee->dev, "< ret=%d dev=%s\n", ret, tee->name);
1223 static int tz_stop(struct tee *tee)
1225 struct tee_tz *ptee;
1227 BUG_ON(!tee || !tee->priv);
1231 dev_dbg(tee->dev, "> dev=%s\n", tee->name);
1232 if (!CAPABLE(tee)) {
1233 dev_dbg(tee->dev, "< not capable\n");
1237 #ifdef CONFIG_OUTER_CACHE
1238 register_outercache_mutex(ptee, false);
1240 tee_shm_pool_destroy(tee->dev, ptee->shm_pool);
1241 iounmap(ptee->shm_vaddr);
1242 ptee->started = false;
1244 dev_dbg(tee->dev, "< ret=0 dev=%s\n", tee->name);
1248 /******************************************************************************/
1250 static const struct tee_ops tee_fops = {
1252 .owner = THIS_MODULE,
1255 .invoke = tz_invoke,
1256 .cancel = tz_cancel,
1261 .shm_inc_ref = tz_shm_inc_ref,
1264 static int tz_tee_init(struct platform_device *pdev)
1268 struct tee *tee = platform_get_drvdata(pdev);
1269 struct tee_tz *ptee = tee->priv;
1274 /* To replace by a syscall */
1275 #ifndef CONFIG_ARM_TZ_SUPPORT
1277 "%s: dev=%s, TZ fw is not loaded: TEE TZ is not supported.\n",
1278 __func__, tee->name);
1279 tee->conf = TEE_CONF_FW_NOT_CAPABLE;
1284 ptee->started = false;
1285 ptee->sess_id = 0xAB000000;
1286 mutex_init(&ptee->mutex);
1287 init_completion(&ptee->c);
1288 ptee->c_waiters = 0;
1290 tee_wait_queue_init(&ptee->wait_queue);
1291 ret = tee_mutex_wait_init(&ptee->mutex_wait);
1294 dev_err(tee->dev, "%s: dev=%s, Secure armv7 failed (%d)\n",
1295 __func__, tee->name, ret);
1297 dev_dbg(tee->dev, "%s: dev=%s, Secure armv7\n",
1298 __func__, tee->name);
1302 static void tz_tee_deinit(struct platform_device *pdev)
1304 struct tee *tee = platform_get_drvdata(pdev);
1305 struct tee_tz *ptee = tee->priv;
1310 tee_mutex_wait_exit(&ptee->mutex_wait);
1311 tee_wait_queue_exit(&ptee->wait_queue);
1313 dev_dbg(tee->dev, "%s: dev=%s, Secure armv7 started=%d\n", __func__,
1314 tee->name, ptee->started);
1317 static int tz_tee_probe(struct platform_device *pdev)
1320 struct device *dev = &pdev->dev;
1322 struct tee_tz *ptee;
1324 pr_info("%s: name=\"%s\", id=%d, pdev_name=\"%s\"\n", __func__,
1325 pdev->name, pdev->id, dev_name(dev));
1327 pr_debug("- dev=%p\n", dev);
1328 pr_debug("- dev->parent=%p\n", dev->ctx);
1329 pr_debug("- dev->driver=%p\n", dev->driver);
1332 tee = tee_core_alloc(dev, _TEE_TZ_NAME, pdev->id, &tee_fops,
1333 sizeof(struct tee_tz));
1340 platform_set_drvdata(pdev, tee);
1342 ret = tz_tee_init(pdev);
1346 ret = tee_core_add(tee);
1351 pr_debug("- tee=%p, id=%d, iminor=%d\n", tee, tee->id,
1352 tee->miscdev.minor);
1357 tz_tee_deinit(pdev);
1363 static int tz_tee_remove(struct platform_device *pdev)
1365 struct tee *tee = platform_get_drvdata(pdev);
1366 struct device *dev = &pdev->dev;
1367 /*struct tee_tz *ptee;*/
1369 pr_info("%s: name=\"%s\", id=%d, pdev_name=\"%s\"\n", __func__,
1370 pdev->name, pdev->id, dev_name(dev));
1372 pr_debug("- tee=%p, id=%d, iminor=%d, name=%s\n",
1373 tee, tee->id, tee->miscdev.minor, tee->name);
1376 /* ptee = tee->priv;
1377 tee_get_status(ptee);*/
1379 tz_tee_deinit(pdev);
1384 static struct of_device_id tz_tee_match[] = {
1386 .compatible = "stm,armv7sec",
1391 static struct platform_driver tz_tee_driver = {
1392 .probe = tz_tee_probe,
1393 .remove = tz_tee_remove,
1396 .owner = THIS_MODULE,
1397 .of_match_table = tz_tee_match,
1401 static struct platform_device tz_0_plt_device = {
1405 /* .platform_data = tz_0_tee_data,*/
1409 static int __init tee_tz_init(void)
1413 pr_info("TEE armv7 Driver initialization\n");
1416 pr_debug("- Register the platform_driver \"%s\" %p\n",
1417 tz_tee_driver.driver.name, &tz_tee_driver.driver);
1420 rc = platform_driver_register(&tz_tee_driver);
1422 pr_err("failed to register the platform driver (rc=%d)\n", rc);
1426 rc = platform_device_register(&tz_0_plt_device);
1428 pr_err("failed to register the platform devices 0 (rc=%d)\n",
1436 platform_driver_unregister(&tz_tee_driver);
1441 static void __exit tee_tz_exit(void)
1443 pr_info("TEE ARMV7 Driver de-initialization\n");
1445 platform_device_unregister(&tz_0_plt_device);
1446 platform_driver_unregister(&tz_tee_driver);
1449 module_init(tee_tz_init);
1450 module_exit(tee_tz_exit);
1452 MODULE_AUTHOR("STMicroelectronics");
1453 MODULE_DESCRIPTION("STM Secure TEE ARMV7 TZ driver");
1454 MODULE_SUPPORTED_DEVICE("");
1455 MODULE_LICENSE("GPL");
1456 MODULE_VERSION("1.0");
projects / firefly-linux-kernel-4.4.55.git / blob