2 * Copyright (c) 2014, STMicroelectronics International N.V.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
15 #include <linux/module.h>
16 #include <linux/kernel.h>
17 #include <linux/init.h>
18 #include <linux/platform_device.h>
20 #include <linux/sched.h>
21 #include <linux/jiffies.h>
23 #include <linux/tee_core.h>
24 #include <linux/tee_ioc.h>
26 #include <asm/smp_plat.h>
28 #include <tee_supp_com.h>
29 #include <tee_mutex_wait.h>
30 #include <tee_wait_queue.h>
32 #include <arm_common/teesmc.h>
33 #include <arm_common/teesmc_st.h>
36 #include "tee_tz_op.h"
37 #include "tee_tz_priv.h"
40 #define SWITCH_CPU0_DEBUG
42 #define _TEE_TZ_NAME "armtz"
43 #define DEV (ptee->tee->dev)
45 /* #define TEE_STRESS_OUTERCACHE_FLUSH */
47 /* magic config: bit 1 is set, Secure TEE shall handler NSec IRQs */
48 #define SEC_ROM_NO_FLAG_MASK 0x0000
49 #define SEC_ROM_IRQ_ENABLE_MASK 0x0001
50 #define SEC_ROM_DEFAULT SEC_ROM_IRQ_ENABLE_MASK
51 #define TEE_RETURN_BUSY 0x3
52 #define ALLOC_ALIGN SZ_4K
54 #define CAPABLE(tee) !(tee->conf & TEE_CONF_FW_NOT_CAPABLE)
56 static struct tee_tz *tee_tz;
58 static struct handle_db shm_handle_db = HANDLE_DB_INITIALIZER;
61 /* Temporary workaround until we're only using post 3.13 kernels */
63 #define ioremap_cache ioremap_cached
67 /*******************************************************************
69 *******************************************************************/
71 static void switch_cpumask_to_cpu0(cpumask_t *saved_cpu_mask)
74 cpumask_t local_cpu_mask = CPU_MASK_NONE;
75 pr_info("switch_cpumask_to_cpu cpu0\n");
76 cpu_set(0, local_cpu_mask);
77 cpumask_copy(saved_cpu_mask, tsk_cpus_allowed(current));
78 ret = sched_setaffinity(0, &local_cpu_mask);
80 pr_err("sched_setaffinity #1 -> 0x%lX", ret);
83 static void restore_cpumask(cpumask_t *saved_cpu_mask)
86 pr_info("restore_cpumask cpu0\n");
87 ret = sched_setaffinity(0, saved_cpu_mask);
89 pr_err("sched_setaffinity #2 -> 0x%lX", ret);
92 static inline void switch_cpumask_to_cpu0(void) {};
93 static inline void restore_cpumask(void) {};
95 static int tee_smc_call_switchcpu0(struct smc_param *param)
97 cpumask_t saved_cpu_mask;
99 switch_cpumask_to_cpu0(&saved_cpu_mask);
101 restore_cpumask(&saved_cpu_mask);
105 static void e_lock_teez(struct tee_tz *ptee)
107 mutex_lock(&ptee->mutex);
110 static void e_lock_wait_completion_teez(struct tee_tz *ptee)
113 * Release the lock until "something happens" and then reacquire it
116 * This is needed when TEE returns "busy" and we need to try again
120 mutex_unlock(&ptee->mutex);
122 * Wait at most one second. Secure world is normally never busy
123 * more than that so we should normally never timeout.
125 wait_for_completion_timeout(&ptee->c, HZ);
126 mutex_lock(&ptee->mutex);
130 static void e_unlock_teez(struct tee_tz *ptee)
133 * If at least one thread is waiting for "something to happen" let
134 * one thread know that "something has happened".
138 mutex_unlock(&ptee->mutex);
141 static void handle_rpc_func_cmd_mutex_wait(struct tee_tz *ptee,
142 struct teesmc32_arg *arg32)
144 struct teesmc32_param *params;
146 if (arg32->num_params != 2)
149 params = TEESMC32_GET_PARAMS(arg32);
151 if ((params[0].attr & TEESMC_ATTR_TYPE_MASK) !=
152 TEESMC_ATTR_TYPE_VALUE_INPUT)
154 if ((params[1].attr & TEESMC_ATTR_TYPE_MASK) !=
155 TEESMC_ATTR_TYPE_VALUE_INPUT)
158 switch (params[0].u.value.a) {
159 case TEE_MUTEX_WAIT_SLEEP:
160 tee_mutex_wait_sleep(DEV, &ptee->mutex_wait,
162 params[1].u.value.b);
164 case TEE_MUTEX_WAIT_WAKEUP:
165 tee_mutex_wait_wakeup(DEV, &ptee->mutex_wait,
167 params[1].u.value.b);
169 case TEE_MUTEX_WAIT_DELETE:
170 tee_mutex_wait_delete(DEV, &ptee->mutex_wait,
171 params[1].u.value.a);
177 arg32->ret = TEEC_SUCCESS;
180 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
183 static void handle_rpc_func_cmd_wait_queue(struct tee_tz *ptee,
184 struct teesmc32_arg *arg32)
186 struct teesmc32_param *params;
188 if (arg32->num_params != 2)
191 params = TEESMC32_GET_PARAMS(arg32);
193 if ((params[0].attr & TEESMC_ATTR_TYPE_MASK) !=
194 TEESMC_ATTR_TYPE_VALUE_INPUT)
196 if ((params[1].attr & TEESMC_ATTR_TYPE_MASK) !=
197 TEESMC_ATTR_TYPE_NONE)
200 switch (arg32->cmd) {
201 case TEE_RPC_WAIT_QUEUE_SLEEP:
202 tee_wait_queue_sleep(DEV, &ptee->wait_queue,
203 params[0].u.value.a);
205 case TEE_RPC_WAIT_QUEUE_WAKEUP:
206 tee_wait_queue_wakeup(DEV, &ptee->wait_queue,
207 params[0].u.value.a);
213 arg32->ret = TEEC_SUCCESS;
216 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
221 static void handle_rpc_func_cmd_wait(struct teesmc32_arg *arg32)
223 struct teesmc32_param *params;
226 if (arg32->num_params != 1)
229 params = TEESMC32_GET_PARAMS(arg32);
230 msec_to_wait = params[0].u.value.a;
232 /* set task's state to interruptible sleep */
233 set_current_state(TASK_INTERRUPTIBLE);
236 schedule_timeout(msecs_to_jiffies(msec_to_wait));
238 arg32->ret = TEEC_SUCCESS;
241 arg32->ret = TEEC_ERROR_BAD_PARAMETERS;
244 static void handle_rpc_func_cmd_to_supplicant(struct tee_tz *ptee,
245 struct teesmc32_arg *arg32)
247 struct teesmc32_param *params;
248 struct tee_rpc_invoke inv;
252 if (arg32->num_params > TEE_RPC_BUFFER_NUMBER) {
253 arg32->ret = TEEC_ERROR_GENERIC;
257 params = TEESMC32_GET_PARAMS(arg32);
259 memset(&inv, 0, sizeof(inv));
260 inv.cmd = arg32->cmd;
262 * Set a suitable error code in case tee-supplicant
263 * ignores the request.
265 inv.res = TEEC_ERROR_NOT_IMPLEMENTED;
266 inv.nbr_bf = arg32->num_params;
267 for (n = 0; n < arg32->num_params; n++) {
268 switch (params[n].attr & TEESMC_ATTR_TYPE_MASK) {
269 case TEESMC_ATTR_TYPE_VALUE_INPUT:
270 case TEESMC_ATTR_TYPE_VALUE_INOUT:
271 inv.cmds[n].fd = (int)params[n].u.value.a;
273 case TEESMC_ATTR_TYPE_VALUE_OUTPUT:
274 inv.cmds[n].type = TEE_RPC_VALUE;
276 case TEESMC_ATTR_TYPE_MEMREF_INPUT:
277 case TEESMC_ATTR_TYPE_MEMREF_OUTPUT:
278 case TEESMC_ATTR_TYPE_MEMREF_INOUT:
280 (void *)(uintptr_t)params[n].u.memref.buf_ptr;
281 inv.cmds[n].size = params[n].u.memref.size;
282 inv.cmds[n].type = TEE_RPC_BUFFER;
285 arg32->ret = TEEC_ERROR_GENERIC;
290 ret = tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_INVOKE,
292 if (ret == TEEC_RPC_OK)
293 arg32->ret = inv.res;
295 for (n = 0; n < arg32->num_params; n++) {
296 switch (params[n].attr & TEESMC_ATTR_TYPE_MASK) {
297 case TEESMC_ATTR_TYPE_MEMREF_OUTPUT:
298 case TEESMC_ATTR_TYPE_MEMREF_INOUT:
300 * Allow supplicant to assign a new pointer
301 * to an out-buffer. Needed when the
302 * supplicant allocates a new buffer, for
303 * instance when loading a TA.
305 params[n].u.memref.buf_ptr =
306 (uint32_t)(uintptr_t)inv.cmds[n].buffer;
307 params[n].u.memref.size = inv.cmds[n].size;
309 case TEESMC_ATTR_TYPE_VALUE_OUTPUT:
310 case TEESMC_ATTR_TYPE_VALUE_INOUT:
311 params[n].u.value.a = inv.cmds[n].fd;
319 static void handle_rpc_func_cmd(struct tee_tz *ptee, u32 parg32)
321 struct teesmc32_arg *arg32;
323 arg32 = tee_shm_pool_p2v(DEV, ptee->shm_pool, parg32);
327 switch (arg32->cmd) {
328 case TEE_RPC_MUTEX_WAIT:
329 handle_rpc_func_cmd_mutex_wait(ptee, arg32);
331 case TEE_RPC_WAIT_QUEUE_SLEEP:
332 case TEE_RPC_WAIT_QUEUE_WAKEUP:
333 handle_rpc_func_cmd_wait_queue(ptee, arg32);
336 handle_rpc_func_cmd_wait(arg32);
339 handle_rpc_func_cmd_to_supplicant(ptee, arg32);
343 static struct tee_shm *handle_rpc_alloc(struct tee_tz *ptee, size_t size)
345 struct tee_rpc_alloc rpc_alloc;
347 rpc_alloc.size = size;
348 tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_ALLOCATE,
349 &rpc_alloc, sizeof(rpc_alloc));
350 return rpc_alloc.shm;
353 static void handle_rpc_free(struct tee_tz *ptee, struct tee_shm *shm)
355 struct tee_rpc_free rpc_free;
360 tee_supp_cmd(ptee->tee, TEE_RPC_ICMD_FREE, &rpc_free, sizeof(rpc_free));
363 static u32 handle_rpc(struct tee_tz *ptee, struct smc_param *param)
368 switch (TEESMC_RETURN_GET_RPC_FUNC(param->a0)) {
369 case TEESMC_RPC_FUNC_ALLOC_ARG:
370 param->a1 = tee_shm_pool_alloc(DEV, ptee->shm_pool,
373 case TEESMC_RPC_FUNC_ALLOC_PAYLOAD:
374 /* Can't support payload shared memory with this interface */
377 case TEESMC_RPC_FUNC_FREE_ARG:
378 tee_shm_pool_free(DEV, ptee->shm_pool, param->a1, 0);
380 case TEESMC_RPC_FUNC_FREE_PAYLOAD:
381 /* Can't support payload shared memory with this interface */
383 case TEESMC_ST_RPC_FUNC_ALLOC_PAYLOAD:
384 shm = handle_rpc_alloc(ptee, param->a1);
385 if (IS_ERR_OR_NULL(shm)) {
389 cookie = handle_get(&shm_handle_db, shm);
391 handle_rpc_free(ptee, shm);
395 param->a1 = shm->paddr;
398 case TEESMC_ST_RPC_FUNC_FREE_PAYLOAD:
399 shm = handle_put(&shm_handle_db, param->a1);
400 handle_rpc_free(ptee, shm);
402 case TEESMC_RPC_FUNC_IRQ:
404 case TEESMC_RPC_FUNC_CMD:
405 handle_rpc_func_cmd(ptee, param->a1);
408 dev_warn(DEV, "Unknown RPC func 0x%x\n",
409 (u32)TEESMC_RETURN_GET_RPC_FUNC(param->a0));
414 return TEESMC32_FASTCALL_RETURN_FROM_RPC;
416 return TEESMC32_CALL_RETURN_FROM_RPC;
419 static void call_tee(struct tee_tz *ptee,
420 uintptr_t parg32, struct teesmc32_arg *arg32)
424 struct smc_param param = { 0 };
427 funcid = TEESMC32_FASTCALL_WITH_ARG;
429 funcid = TEESMC32_CALL_WITH_ARG;
432 * Commented out elements used to visualize the layout dynamic part
433 * of the struct. Note that these fields are not available at all
434 * if num_params == 0.
436 * params is accessed through the macro TEESMC32_GET_PARAMS
439 /* struct teesmc32_param params[num_params]; */
447 #ifdef SWITCH_CPU0_DEBUG
448 tee_smc_call_switchcpu0(¶m);
450 tee_smc_call(¶m);
454 if (ret == TEESMC_RETURN_EBUSY) {
456 * Since secure world returned busy, release the
457 * lock we had when entering this function and wait
458 * for "something to happen" (something else to
459 * exit from secure world and needed resources may
460 * have become available).
462 e_lock_wait_completion_teez(ptee);
463 } else if (TEESMC_RETURN_IS_RPC(ret)) {
464 /* Process the RPC. */
466 funcid = handle_rpc(ptee, ¶m);
475 case TEESMC_RETURN_UNKNOWN_FUNCTION:
477 case TEESMC_RETURN_OK:
478 /* arg32->ret set by secure world */
481 /* Should not happen */
482 arg32->ret = TEEC_ERROR_COMMUNICATION;
483 arg32->ret_origin = TEEC_ORIGIN_COMMS;
488 /*******************************************************************
489 * TEE service invoke formating
490 *******************************************************************/
492 /* allocate tee service argument buffer and return virtual address */
493 static void *alloc_tee_arg(struct tee_tz *ptee, unsigned long *p, size_t l)
497 BUG_ON(!CAPABLE(ptee->tee));
499 if ((p == NULL) || (l == 0))
502 /* assume a 4 bytes aligned is sufficient */
503 *p = tee_shm_pool_alloc(DEV, ptee->shm_pool, l, ALLOC_ALIGN);
507 vaddr = tee_shm_pool_p2v(DEV, ptee->shm_pool, *p);
509 dev_dbg(DEV, "< %p\n", vaddr);
514 /* free tee service argument buffer (from its physical address) */
515 static void free_tee_arg(struct tee_tz *ptee, unsigned long p)
518 BUG_ON(!CAPABLE(ptee->tee));
521 tee_shm_pool_free(DEV, ptee->shm_pool, p, 0);
526 static uint32_t get_cache_attrs(struct tee_tz *ptee)
528 if (tee_shm_pool_is_cached(ptee->shm_pool))
529 return TEESMC_ATTR_CACHE_DEFAULT << TEESMC_ATTR_CACHE_SHIFT;
531 return TEESMC_ATTR_CACHE_NONCACHE << TEESMC_ATTR_CACHE_SHIFT;
534 static uint32_t param_type_teec2teesmc(uint8_t type)
538 return TEESMC_ATTR_TYPE_NONE;
539 case TEEC_VALUE_INPUT:
540 return TEESMC_ATTR_TYPE_VALUE_INPUT;
541 case TEEC_VALUE_OUTPUT:
542 return TEESMC_ATTR_TYPE_VALUE_OUTPUT;
543 case TEEC_VALUE_INOUT:
544 return TEESMC_ATTR_TYPE_VALUE_INOUT;
545 case TEEC_MEMREF_TEMP_INPUT:
546 case TEEC_MEMREF_PARTIAL_INPUT:
547 return TEESMC_ATTR_TYPE_MEMREF_INPUT;
548 case TEEC_MEMREF_TEMP_OUTPUT:
549 case TEEC_MEMREF_PARTIAL_OUTPUT:
550 return TEESMC_ATTR_TYPE_MEMREF_OUTPUT;
551 case TEEC_MEMREF_WHOLE:
552 case TEEC_MEMREF_TEMP_INOUT:
553 case TEEC_MEMREF_PARTIAL_INOUT:
554 return TEESMC_ATTR_TYPE_MEMREF_INOUT;
561 static void set_params(struct tee_tz *ptee,
562 struct teesmc32_param params32[TEEC_CONFIG_PAYLOAD_REF_COUNT],
563 uint32_t param_types,
564 struct tee_data *data)
570 for (n = 0; n < TEEC_CONFIG_PAYLOAD_REF_COUNT; n++) {
571 uint32_t type = TEEC_PARAM_TYPE_GET(param_types, n);
573 params32[n].attr = param_type_teec2teesmc(type);
574 if (params32[n].attr == TEESMC_ATTR_TYPE_NONE)
576 if (params32[n].attr < TEESMC_ATTR_TYPE_MEMREF_INPUT) {
577 value = (TEEC_Value *)&data->params[n];
578 params32[n].u.value.a = value->a;
579 params32[n].u.value.b = value->b;
582 shm = data->params[n].shm;
583 params32[n].attr |= get_cache_attrs(ptee);
584 params32[n].u.memref.buf_ptr = shm->paddr;
585 params32[n].u.memref.size = shm->size_req;
589 static void get_params(struct tee_data *data,
590 struct teesmc32_param params32[TEEC_CONFIG_PAYLOAD_REF_COUNT])
596 for (n = 0; n < TEEC_CONFIG_PAYLOAD_REF_COUNT; n++) {
597 if (params32[n].attr == TEESMC_ATTR_TYPE_NONE)
599 if (params32[n].attr < TEESMC_ATTR_TYPE_MEMREF_INPUT) {
600 value = &data->params[n].value;
601 value->a = params32[n].u.value.a;
602 value->b = params32[n].u.value.b;
605 shm = data->params[n].shm;
606 shm->size_req = params32[n].u.memref.size;
612 * tee_open_session - invoke TEE to open a GP TEE session
614 static int tz_open(struct tee_session *sess, struct tee_cmd *cmd)
620 struct teesmc32_arg *arg32;
621 struct teesmc32_param *params32;
622 struct teesmc_meta_open_session *meta;
629 BUG_ON(!sess->ctx->tee);
630 BUG_ON(!sess->ctx->tee->priv);
631 tee = sess->ctx->tee;
635 uuid = cmd->uuid->kaddr;
639 dev_dbg(tee->dev, "> ta kaddr %p, uuid=%08x-%04x-%04x\n",
640 (cmd->ta) ? cmd->ta->kaddr : NULL,
641 ((uuid) ? uuid->timeLow : 0xDEAD),
642 ((uuid) ? uuid->timeMid : 0xDEAD),
643 ((uuid) ? uuid->timeHiAndVersion : 0xDEAD));
645 if (!CAPABLE(ptee->tee)) {
646 dev_dbg(tee->dev, "< not capable\n");
650 /* case ta binary is inside the open request */
657 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(
658 TEEC_CONFIG_PAYLOAD_REF_COUNT + num_meta));
659 meta = alloc_tee_arg(ptee, &pmeta, sizeof(*meta));
661 if ((arg32 == NULL) || (meta == NULL)) {
662 free_tee_arg(ptee, parg32);
663 free_tee_arg(ptee, pmeta);
664 return TEEC_ERROR_OUT_OF_MEMORY;
667 memset(arg32, 0, sizeof(*arg32));
668 memset(meta, 0, sizeof(*meta));
669 arg32->num_params = TEEC_CONFIG_PAYLOAD_REF_COUNT + num_meta;
670 params32 = TEESMC32_GET_PARAMS(arg32);
672 arg32->cmd = TEESMC_CMD_OPEN_SESSION;
674 params32[0].u.memref.buf_ptr = pmeta;
675 params32[0].u.memref.size = sizeof(*meta);
676 params32[0].attr = TEESMC_ATTR_TYPE_MEMREF_INPUT |
677 TEESMC_ATTR_META | get_cache_attrs(ptee);
680 params32[1].u.memref.buf_ptr =
681 tee_shm_pool_v2p(DEV, ptee->shm_pool, cmd->ta->kaddr);
682 params32[1].u.memref.size = cmd->ta->size_req;
683 params32[1].attr = TEESMC_ATTR_TYPE_MEMREF_INPUT |
684 TEESMC_ATTR_META | get_cache_attrs(ptee);
688 memcpy(meta->uuid, uuid, TEESMC_UUID_LEN);
689 meta->clnt_login = 0; /* FIXME: is this reliable ? used ? */
691 params32 += num_meta;
692 set_params(ptee, params32, cmd->param.type, &cmd->param);
694 call_tee(ptee, parg32, arg32);
696 get_params(&cmd->param, params32);
698 if (arg32->ret != TEEC_ERROR_COMMUNICATION) {
699 sess->sessid = arg32->session;
700 cmd->err = arg32->ret;
701 cmd->origin = arg32->ret_origin;
705 free_tee_arg(ptee, parg32);
706 free_tee_arg(ptee, pmeta);
708 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
713 * tee_invoke_command - invoke TEE to invoke a GP TEE command
715 static int tz_invoke(struct tee_session *sess, struct tee_cmd *cmd)
721 struct teesmc32_arg *arg32;
723 struct teesmc32_param *params32;
725 BUG_ON(!sess->ctx->tee);
726 BUG_ON(!sess->ctx->tee->priv);
727 tee = sess->ctx->tee;
730 dev_dbg(DEV, "> sessid %x cmd %x type %x\n",
731 sess->sessid, cmd->cmd, cmd->param.type);
734 dev_dbg(tee->dev, "< not capable\n");
738 arg32 = (typeof(arg32))alloc_tee_arg(ptee, &parg32,
739 TEESMC32_GET_ARG_SIZE(TEEC_CONFIG_PAYLOAD_REF_COUNT));
741 free_tee_arg(ptee, parg32);
742 return TEEC_ERROR_OUT_OF_MEMORY;
745 memset(arg32, 0, sizeof(*arg32));
746 arg32->num_params = TEEC_CONFIG_PAYLOAD_REF_COUNT;
747 params32 = TEESMC32_GET_PARAMS(arg32);
749 arg32->cmd = TEESMC_CMD_INVOKE_COMMAND;
750 arg32->session = sess->sessid;
751 arg32->ta_func = cmd->cmd;
753 set_params(ptee, params32, cmd->param.type, &cmd->param);
755 call_tee(ptee, parg32, arg32);
757 get_params(&cmd->param, params32);
759 if (arg32->ret != TEEC_ERROR_COMMUNICATION) {
760 cmd->err = arg32->ret;
761 cmd->origin = arg32->ret_origin;
765 free_tee_arg(ptee, parg32);
767 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
772 * tee_cancel_command - invoke TEE to cancel a GP TEE command
774 static int tz_cancel(struct tee_session *sess, struct tee_cmd *cmd)
780 struct teesmc32_arg *arg32;
783 BUG_ON(!sess->ctx->tee);
784 BUG_ON(!sess->ctx->tee->priv);
785 tee = sess->ctx->tee;
788 dev_dbg(DEV, "cancel on sessid=%08x\n", sess->sessid);
790 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(0));
792 free_tee_arg(ptee, parg32);
793 return TEEC_ERROR_OUT_OF_MEMORY;
796 memset(arg32, 0, sizeof(*arg32));
797 arg32->cmd = TEESMC_CMD_CANCEL;
798 arg32->session = sess->sessid;
800 call_tee(ptee, parg32, arg32);
802 if (arg32->ret == TEEC_ERROR_COMMUNICATION)
805 free_tee_arg(ptee, parg32);
807 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
812 * tee_close_session - invoke TEE to close a GP TEE session
814 static int tz_close(struct tee_session *sess)
820 struct teesmc32_arg *arg32;
823 BUG_ON(!sess->ctx->tee);
824 BUG_ON(!sess->ctx->tee->priv);
825 tee = sess->ctx->tee;
828 dev_dbg(DEV, "close on sessid=%08x\n", sess->sessid);
831 dev_dbg(tee->dev, "< not capable\n");
835 arg32 = alloc_tee_arg(ptee, &parg32, TEESMC32_GET_ARG_SIZE(0));
837 free_tee_arg(ptee, parg32);
838 return TEEC_ERROR_OUT_OF_MEMORY;
841 dev_dbg(DEV, "> [%x]\n", sess->sessid);
843 memset(arg32, 0, sizeof(*arg32));
844 arg32->cmd = TEESMC_CMD_CLOSE_SESSION;
845 arg32->session = sess->sessid;
847 call_tee(ptee, parg32, arg32);
849 if (arg32->ret == TEEC_ERROR_COMMUNICATION)
852 free_tee_arg(ptee, parg32);
854 dev_dbg(DEV, "< %x:%d\n", arg32->ret, ret);
858 static struct tee_shm *tz_alloc(struct tee *tee, size_t size, uint32_t flags)
860 struct tee_shm *shm = NULL;
866 dev_dbg(DEV, "%s: s=%d,flags=0x%08x\n", __func__, (int)size, flags);
868 /* comment due to #6357
869 * if ( (flags & ~(tee->shm_flags | TEE_SHM_MAPPED
870 * | TEE_SHM_TEMP | TEE_SHM_FROM_RPC)) != 0 ) {
871 dev_err(tee->dev, "%s: flag parameter is invalid\n", __func__);
872 return ERR_PTR(-EINVAL);
875 size_aligned = ((size / SZ_4K) + 1) * SZ_4K;
876 if (unlikely(size_aligned == 0)) {
877 dev_err(DEV, "[%s] requested size too big\n", __func__);
881 shm = devm_kzalloc(tee->dev, sizeof(struct tee_shm), GFP_KERNEL);
883 dev_err(tee->dev, "%s: kzalloc failed\n", __func__);
884 return ERR_PTR(-ENOMEM);
887 shm->size_alloc = ((size / SZ_4K) + 1) * SZ_4K;
888 shm->size_req = size;
889 shm->paddr = tee_shm_pool_alloc(tee->dev, ptee->shm_pool,
890 shm->size_alloc, ALLOC_ALIGN);
892 dev_err(tee->dev, "%s: cannot alloc memory, size 0x%lx\n",
893 __func__, (unsigned long)shm->size_alloc);
894 devm_kfree(tee->dev, shm);
895 return ERR_PTR(-ENOMEM);
897 shm->kaddr = tee_shm_pool_p2v(tee->dev, ptee->shm_pool, shm->paddr);
899 dev_err(tee->dev, "%s: p2v(%p)=0\n", __func__,
901 tee_shm_pool_free(tee->dev, ptee->shm_pool, shm->paddr, NULL);
902 devm_kfree(tee->dev, shm);
903 return ERR_PTR(-EFAULT);
906 if (ptee->shm_cached)
907 shm->flags |= TEE_SHM_CACHED;
909 dev_dbg(tee->dev, "%s: kaddr=%p, paddr=%p, shm=%p, size %x:%x\n",
910 __func__, shm->kaddr, (void *)shm->paddr, shm,
911 (unsigned int)shm->size_req, (unsigned int)shm->size_alloc);
916 static void tz_free(struct tee_shm *shm)
924 BUG_ON(!shm->tee->priv);
928 dev_dbg(tee->dev, "%s: shm=%p\n", __func__, shm);
930 ret = tee_shm_pool_free(tee->dev, ptee->shm_pool, shm->paddr, &size);
932 devm_kfree(tee->dev, shm);
937 static int tz_shm_inc_ref(struct tee_shm *shm)
943 BUG_ON(!shm->tee->priv);
947 return tee_shm_pool_incref(tee->dev, ptee->shm_pool, shm->paddr);
950 /******************************************************************************/
952 static void tee_get_status(struct tee_tz *ptee)
955 struct tee_msg_send *arg;
956 struct tee_core_status_out *res;
957 unsigned long parg, pres;
959 if (!CAPABLE(ptee->tee))
962 arg = (typeof(arg))alloc_tee_arg(ptee, &parg, sizeof(*arg));
963 res = (typeof(res))alloc_tee_arg(ptee, &pres, sizeof(*res));
965 if ((arg == NULL) || (res == NULL)) {
966 dev_err(DEV, "TZ outercache mutex error: alloc shm failed\n");
970 memset(arg, 0, sizeof(*arg));
971 memset(res, 0, sizeof(*res));
972 arg->service = ISSWAPI_TEE_GET_CORE_STATUS;
973 ret = send_and_wait(ptee, ISSWAPI_TEE_GET_CORE_STATUS, SEC_ROM_DEFAULT,
975 if (ret != TEEC_SUCCESS) {
976 dev_warn(DEV, "get statuc failed\n");
980 pr_info("TEETZ Firmware status:\n");
981 pr_info("%s", res->raw);
984 free_tee_arg(ptee, parg);
985 free_tee_arg(ptee, pres);
988 #ifdef CONFIG_OUTER_CACHE
990 * Synchronised outer cache maintenance support
992 #ifndef CONFIG_ARM_TZ_SUPPORT
993 /* weak outer_tz_mutex in case not supported by kernel */
994 bool __weak outer_tz_mutex(unsigned long *p)
996 pr_err("weak outer_tz_mutex");
1003 /* register_outercache_mutex - Negotiate/Disable outer cache shared mutex */
1004 static int register_outercache_mutex(struct tee_tz *ptee, bool reg)
1006 unsigned long *vaddr = NULL;
1008 struct smc_param param;
1009 uintptr_t paddr = 0;
1011 dev_dbg(ptee->tee->dev, ">\n");
1012 BUG_ON(!CAPABLE(ptee->tee));
1014 if ((reg == true) && (ptee->tz_outer_cache_mutex != NULL)) {
1015 dev_err(DEV, "outer cache shared mutex already registered\n");
1018 if ((reg == false) && (ptee->tz_outer_cache_mutex == NULL))
1021 mutex_lock(&ptee->mutex);
1024 vaddr = ptee->tz_outer_cache_mutex;
1025 ptee->tz_outer_cache_mutex = NULL;
1029 memset(¶m, 0, sizeof(param));
1030 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1031 param.a1 = TEESMC_ST_L2CC_MUTEX_GET_ADDR;
1032 #ifdef SWITCH_CPU0_DEBUG
1033 tee_smc_call_switchcpu0(¶m);
1035 tee_smc_call(¶m);
1038 if (param.a0 != TEESMC_RETURN_OK) {
1039 dev_warn(DEV, "no TZ l2cc mutex service supported\n");
1043 dev_dbg(DEV, "outer cache shared mutex paddr 0x%lx\n", paddr);
1045 vaddr = ioremap_cache(paddr, sizeof(u32));
1046 if (vaddr == NULL) {
1047 dev_warn(DEV, "TZ l2cc mutex disabled: ioremap failed\n");
1052 dev_dbg(DEV, "outer cache shared mutex vaddr %p\n", vaddr);
1053 if (outer_tz_mutex(vaddr) == false) {
1054 dev_warn(DEV, "TZ l2cc mutex disabled: outer cache refused\n");
1058 memset(¶m, 0, sizeof(param));
1059 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1060 param.a1 = TEESMC_ST_L2CC_MUTEX_ENABLE;
1061 #ifdef SWITCH_CPU0_DEBUG
1062 tee_smc_call_switchcpu0(¶m);
1064 tee_smc_call(¶m);
1067 if (param.a0 != TEESMC_RETURN_OK) {
1069 dev_warn(DEV, "TZ l2cc mutex disabled: TZ enable failed\n");
1072 ptee->tz_outer_cache_mutex = vaddr;
1075 if (ptee->tz_outer_cache_mutex == NULL) {
1076 memset(¶m, 0, sizeof(param));
1077 param.a0 = TEESMC32_ST_FASTCALL_L2CC_MUTEX;
1078 param.a1 = TEESMC_ST_L2CC_MUTEX_DISABLE;
1079 #ifdef SWITCH_CPU0_DEBUG
1080 tee_smc_call_switchcpu0(¶m);
1082 tee_smc_call(¶m);
1084 outer_tz_mutex(NULL);
1087 dev_dbg(DEV, "outer cache shared mutex disabled\n");
1090 mutex_unlock(&ptee->mutex);
1091 dev_dbg(DEV, "< teetz outer mutex: ret=%d pa=0x%lX va=0x%p %sabled\n",
1092 ret, paddr, vaddr, ptee->tz_outer_cache_mutex ? "en" : "dis");
1097 /* configure_shm - Negotiate Shared Memory configuration with teetz. */
1098 static int configure_shm(struct tee_tz *ptee)
1100 struct smc_param param = { 0 };
1101 size_t shm_size = -1;
1104 dev_dbg(DEV, ">\n");
1105 BUG_ON(!CAPABLE(ptee->tee));
1107 mutex_lock(&ptee->mutex);
1108 param.a0 = TEESMC32_ST_FASTCALL_GET_SHM_CONFIG;
1109 #ifdef SWITCH_CPU0_DEBUG
1110 tee_smc_call_switchcpu0(¶m);
1112 tee_smc_call(¶m);
1114 mutex_unlock(&ptee->mutex);
1116 if (param.a0 != TEESMC_RETURN_OK) {
1117 dev_err(DEV, "shm service not available: %X", (uint)param.a0);
1122 ptee->shm_paddr = param.a1;
1123 shm_size = param.a2;
1124 ptee->shm_cached = (bool)param.a3;
1126 if (ptee->shm_cached)
1127 ptee->shm_vaddr = ioremap_cache(ptee->shm_paddr, shm_size);
1129 ptee->shm_vaddr = ioremap_nocache(ptee->shm_paddr, shm_size);
1131 if (ptee->shm_vaddr == NULL) {
1132 dev_err(DEV, "shm ioremap failed\n");
1137 ptee->shm_pool = tee_shm_pool_create(DEV, shm_size,
1138 ptee->shm_vaddr, ptee->shm_paddr);
1140 if (!ptee->shm_pool) {
1141 dev_err(DEV, "shm pool creation failed (%zu)", shm_size);
1146 if (ptee->shm_cached)
1147 tee_shm_pool_set_cached(ptee->shm_pool);
1149 dev_dbg(DEV, "< ret=%d pa=0x%lX va=0x%p size=%zu, %scached",
1150 ret, ptee->shm_paddr, ptee->shm_vaddr, shm_size,
1151 (ptee->shm_cached == 1) ? "" : "un");
1156 /******************************************************************************/
1158 static int tz_start(struct tee *tee)
1160 struct tee_tz *ptee;
1163 BUG_ON(!tee || !tee->priv);
1164 dev_dbg(tee->dev, ">\n");
1165 if (!CAPABLE(tee)) {
1166 dev_dbg(tee->dev, "< not capable\n");
1171 BUG_ON(ptee->started);
1172 ptee->started = true;
1174 ret = configure_shm(ptee);
1179 #ifdef CONFIG_OUTER_CACHE
1180 ret = register_outercache_mutex(ptee, true);
1187 ptee->started = false;
1189 dev_dbg(tee->dev, "< ret=%d dev=%s\n", ret, tee->name);
1193 static int tz_stop(struct tee *tee)
1195 struct tee_tz *ptee;
1197 BUG_ON(!tee || !tee->priv);
1201 dev_dbg(tee->dev, "> dev=%s\n", tee->name);
1202 if (!CAPABLE(tee)) {
1203 dev_dbg(tee->dev, "< not capable\n");
1207 #ifdef CONFIG_OUTER_CACHE
1208 register_outercache_mutex(ptee, false);
1210 tee_shm_pool_destroy(tee->dev, ptee->shm_pool);
1211 iounmap(ptee->shm_vaddr);
1212 ptee->started = false;
1214 dev_dbg(tee->dev, "< ret=0 dev=%s\n", tee->name);
1218 /******************************************************************************/
1220 static const struct tee_ops tee_fops = {
1222 .owner = THIS_MODULE,
1225 .invoke = tz_invoke,
1226 .cancel = tz_cancel,
1231 .shm_inc_ref = tz_shm_inc_ref,
1234 static int tz_tee_init(struct platform_device *pdev)
1238 struct tee *tee = platform_get_drvdata(pdev);
1239 struct tee_tz *ptee = tee->priv;
1244 /* To replace by a syscall */
1245 #ifndef CONFIG_ARM_TZ_SUPPORT
1247 "%s: dev=%s, TZ fw is not loaded: TEE TZ is not supported.\n",
1248 __func__, tee->name);
1249 tee->conf = TEE_CONF_FW_NOT_CAPABLE;
1254 ptee->started = false;
1255 ptee->sess_id = 0xAB000000;
1256 mutex_init(&ptee->mutex);
1257 init_completion(&ptee->c);
1258 ptee->c_waiters = 0;
1260 tee_wait_queue_init(&ptee->wait_queue);
1261 ret = tee_mutex_wait_init(&ptee->mutex_wait);
1264 dev_err(tee->dev, "%s: dev=%s, Secure armv7 failed (%d)\n",
1265 __func__, tee->name, ret);
1267 dev_dbg(tee->dev, "%s: dev=%s, Secure armv7\n",
1268 __func__, tee->name);
1272 static void tz_tee_deinit(struct platform_device *pdev)
1274 struct tee *tee = platform_get_drvdata(pdev);
1275 struct tee_tz *ptee = tee->priv;
1280 tee_mutex_wait_exit(&ptee->mutex_wait);
1281 tee_wait_queue_exit(&ptee->wait_queue);
1283 dev_dbg(tee->dev, "%s: dev=%s, Secure armv7 started=%d\n", __func__,
1284 tee->name, ptee->started);
1287 static int tz_tee_probe(struct platform_device *pdev)
1290 struct device *dev = &pdev->dev;
1292 struct tee_tz *ptee;
1294 pr_info("%s: name=\"%s\", id=%d, pdev_name=\"%s\"\n", __func__,
1295 pdev->name, pdev->id, dev_name(dev));
1297 pr_debug("- dev=%p\n", dev);
1298 pr_debug("- dev->parent=%p\n", dev->ctx);
1299 pr_debug("- dev->driver=%p\n", dev->driver);
1302 tee = tee_core_alloc(dev, _TEE_TZ_NAME, pdev->id, &tee_fops,
1303 sizeof(struct tee_tz));
1310 platform_set_drvdata(pdev, tee);
1312 ret = tz_tee_init(pdev);
1316 ret = tee_core_add(tee);
1321 pr_debug("- tee=%p, id=%d, iminor=%d\n", tee, tee->id,
1322 tee->miscdev.minor);
1327 tz_tee_deinit(pdev);
1333 static int tz_tee_remove(struct platform_device *pdev)
1335 struct tee *tee = platform_get_drvdata(pdev);
1336 struct device *dev = &pdev->dev;
1337 /*struct tee_tz *ptee;*/
1339 pr_info("%s: name=\"%s\", id=%d, pdev_name=\"%s\"\n", __func__,
1340 pdev->name, pdev->id, dev_name(dev));
1342 pr_debug("- tee=%p, id=%d, iminor=%d, name=%s\n",
1343 tee, tee->id, tee->miscdev.minor, tee->name);
1346 /* ptee = tee->priv;
1347 tee_get_status(ptee);*/
1349 tz_tee_deinit(pdev);
1354 static struct of_device_id tz_tee_match[] = {
1356 .compatible = "stm,armv7sec",
1361 static struct platform_driver tz_tee_driver = {
1362 .probe = tz_tee_probe,
1363 .remove = tz_tee_remove,
1366 .owner = THIS_MODULE,
1367 .of_match_table = tz_tee_match,
1371 static struct platform_device tz_0_plt_device = {
1375 /* .platform_data = tz_0_tee_data,*/
1379 static int __init tee_tz_init(void)
1383 pr_info("TEE armv7 Driver initialization\n");
1386 pr_debug("- Register the platform_driver \"%s\" %p\n",
1387 tz_tee_driver.driver.name, &tz_tee_driver.driver);
1390 rc = platform_driver_register(&tz_tee_driver);
1392 pr_err("failed to register the platform driver (rc=%d)\n", rc);
1396 rc = platform_device_register(&tz_0_plt_device);
1398 pr_err("failed to register the platform devices 0 (rc=%d)\n",
1406 platform_driver_unregister(&tz_tee_driver);
1411 static void __exit tee_tz_exit(void)
1413 pr_info("TEE ARMV7 Driver de-initialization\n");
1415 platform_device_unregister(&tz_0_plt_device);
1416 platform_driver_unregister(&tz_tee_driver);
1419 module_init(tee_tz_init);
1420 module_exit(tee_tz_exit);
1422 MODULE_AUTHOR("STMicroelectronics");
1423 MODULE_DESCRIPTION("STM Secure TEE ARMV7 TZ driver");
1424 MODULE_SUPPORTED_DEVICE("");
1425 MODULE_LICENSE("GPL");
1426 MODULE_VERSION("1.0");
projects / firefly-linux-kernel-4.4.55.git / blob