Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: MIT
0002 /*
0003  * AMD Trusted Execution Environment (TEE) interface
0004  *
0005  * Author: Rijo Thomas <Rijo-john.Thomas@amd.com>
0006  * Author: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com>
0007  *
0008  * Copyright (C) 2019,2021 Advanced Micro Devices, Inc.
0009  */
0010 
0011 #include <linux/types.h>
0012 #include <linux/mutex.h>
0013 #include <linux/delay.h>
0014 #include <linux/slab.h>
0015 #include <linux/gfp.h>
0016 #include <linux/psp-sev.h>
0017 #include <linux/psp-tee.h>
0018 
0019 #include "psp-dev.h"
0020 #include "tee-dev.h"
0021 
0022 static bool psp_dead;
0023 
0024 static int tee_alloc_ring(struct psp_tee_device *tee, int ring_size)
0025 {
0026     struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
0027     void *start_addr;
0028 
0029     if (!ring_size)
0030         return -EINVAL;
0031 
0032     /* We need actual physical address instead of DMA address, since
0033      * Trusted OS running on AMD Secure Processor will map this region
0034      */
0035     start_addr = (void *)__get_free_pages(GFP_KERNEL, get_order(ring_size));
0036     if (!start_addr)
0037         return -ENOMEM;
0038 
0039     memset(start_addr, 0x0, ring_size);
0040     rb_mgr->ring_start = start_addr;
0041     rb_mgr->ring_size = ring_size;
0042     rb_mgr->ring_pa = __psp_pa(start_addr);
0043     mutex_init(&rb_mgr->mutex);
0044 
0045     return 0;
0046 }
0047 
0048 static void tee_free_ring(struct psp_tee_device *tee)
0049 {
0050     struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
0051 
0052     if (!rb_mgr->ring_start)
0053         return;
0054 
0055     free_pages((unsigned long)rb_mgr->ring_start,
0056            get_order(rb_mgr->ring_size));
0057 
0058     rb_mgr->ring_start = NULL;
0059     rb_mgr->ring_size = 0;
0060     rb_mgr->ring_pa = 0;
0061     mutex_destroy(&rb_mgr->mutex);
0062 }
0063 
0064 static int tee_wait_cmd_poll(struct psp_tee_device *tee, unsigned int timeout,
0065                  unsigned int *reg)
0066 {
0067     /* ~10ms sleep per loop => nloop = timeout * 100 */
0068     int nloop = timeout * 100;
0069 
0070     while (--nloop) {
0071         *reg = ioread32(tee->io_regs + tee->vdata->cmdresp_reg);
0072         if (*reg & PSP_CMDRESP_RESP)
0073             return 0;
0074 
0075         usleep_range(10000, 10100);
0076     }
0077 
0078     dev_err(tee->dev, "tee: command timed out, disabling PSP\n");
0079     psp_dead = true;
0080 
0081     return -ETIMEDOUT;
0082 }
0083 
0084 static
0085 struct tee_init_ring_cmd *tee_alloc_cmd_buffer(struct psp_tee_device *tee)
0086 {
0087     struct tee_init_ring_cmd *cmd;
0088 
0089     cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
0090     if (!cmd)
0091         return NULL;
0092 
0093     cmd->hi_addr = upper_32_bits(tee->rb_mgr.ring_pa);
0094     cmd->low_addr = lower_32_bits(tee->rb_mgr.ring_pa);
0095     cmd->size = tee->rb_mgr.ring_size;
0096 
0097     dev_dbg(tee->dev, "tee: ring address: high = 0x%x low = 0x%x size = %u\n",
0098         cmd->hi_addr, cmd->low_addr, cmd->size);
0099 
0100     return cmd;
0101 }
0102 
0103 static inline void tee_free_cmd_buffer(struct tee_init_ring_cmd *cmd)
0104 {
0105     kfree(cmd);
0106 }
0107 
0108 static int tee_init_ring(struct psp_tee_device *tee)
0109 {
0110     int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
0111     struct tee_init_ring_cmd *cmd;
0112     phys_addr_t cmd_buffer;
0113     unsigned int reg;
0114     int ret;
0115 
0116     BUILD_BUG_ON(sizeof(struct tee_ring_cmd) != 1024);
0117 
0118     ret = tee_alloc_ring(tee, ring_size);
0119     if (ret) {
0120         dev_err(tee->dev, "tee: ring allocation failed %d\n", ret);
0121         return ret;
0122     }
0123 
0124     tee->rb_mgr.wptr = 0;
0125 
0126     cmd = tee_alloc_cmd_buffer(tee);
0127     if (!cmd) {
0128         tee_free_ring(tee);
0129         return -ENOMEM;
0130     }
0131 
0132     cmd_buffer = __psp_pa((void *)cmd);
0133 
0134     /* Send command buffer details to Trusted OS by writing to
0135      * CPU-PSP message registers
0136      */
0137 
0138     iowrite32(lower_32_bits(cmd_buffer),
0139           tee->io_regs + tee->vdata->cmdbuff_addr_lo_reg);
0140     iowrite32(upper_32_bits(cmd_buffer),
0141           tee->io_regs + tee->vdata->cmdbuff_addr_hi_reg);
0142     iowrite32(TEE_RING_INIT_CMD,
0143           tee->io_regs + tee->vdata->cmdresp_reg);
0144 
0145     ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
0146     if (ret) {
0147         dev_err(tee->dev, "tee: ring init command timed out\n");
0148         tee_free_ring(tee);
0149         goto free_buf;
0150     }
0151 
0152     if (reg & PSP_CMDRESP_ERR_MASK) {
0153         dev_err(tee->dev, "tee: ring init command failed (%#010x)\n",
0154             reg & PSP_CMDRESP_ERR_MASK);
0155         tee_free_ring(tee);
0156         ret = -EIO;
0157     }
0158 
0159 free_buf:
0160     tee_free_cmd_buffer(cmd);
0161 
0162     return ret;
0163 }
0164 
0165 static void tee_destroy_ring(struct psp_tee_device *tee)
0166 {
0167     unsigned int reg;
0168     int ret;
0169 
0170     if (!tee->rb_mgr.ring_start)
0171         return;
0172 
0173     if (psp_dead)
0174         goto free_ring;
0175 
0176     iowrite32(TEE_RING_DESTROY_CMD,
0177           tee->io_regs + tee->vdata->cmdresp_reg);
0178 
0179     ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
0180     if (ret) {
0181         dev_err(tee->dev, "tee: ring destroy command timed out\n");
0182     } else if (reg & PSP_CMDRESP_ERR_MASK) {
0183         dev_err(tee->dev, "tee: ring destroy command failed (%#010x)\n",
0184             reg & PSP_CMDRESP_ERR_MASK);
0185     }
0186 
0187 free_ring:
0188     tee_free_ring(tee);
0189 }
0190 
0191 int tee_dev_init(struct psp_device *psp)
0192 {
0193     struct device *dev = psp->dev;
0194     struct psp_tee_device *tee;
0195     int ret;
0196 
0197     ret = -ENOMEM;
0198     tee = devm_kzalloc(dev, sizeof(*tee), GFP_KERNEL);
0199     if (!tee)
0200         goto e_err;
0201 
0202     psp->tee_data = tee;
0203 
0204     tee->dev = dev;
0205     tee->psp = psp;
0206 
0207     tee->io_regs = psp->io_regs;
0208 
0209     tee->vdata = (struct tee_vdata *)psp->vdata->tee;
0210     if (!tee->vdata) {
0211         ret = -ENODEV;
0212         dev_err(dev, "tee: missing driver data\n");
0213         goto e_err;
0214     }
0215 
0216     ret = tee_init_ring(tee);
0217     if (ret) {
0218         dev_err(dev, "tee: failed to init ring buffer\n");
0219         goto e_err;
0220     }
0221 
0222     dev_notice(dev, "tee enabled\n");
0223 
0224     return 0;
0225 
0226 e_err:
0227     psp->tee_data = NULL;
0228 
0229     dev_notice(dev, "tee initialization failed\n");
0230 
0231     return ret;
0232 }
0233 
0234 void tee_dev_destroy(struct psp_device *psp)
0235 {
0236     struct psp_tee_device *tee = psp->tee_data;
0237 
0238     if (!tee)
0239         return;
0240 
0241     tee_destroy_ring(tee);
0242 }
0243 
0244 static int tee_submit_cmd(struct psp_tee_device *tee, enum tee_cmd_id cmd_id,
0245               void *buf, size_t len, struct tee_ring_cmd **resp)
0246 {
0247     struct tee_ring_cmd *cmd;
0248     int nloop = 1000, ret = 0;
0249     u32 rptr;
0250 
0251     *resp = NULL;
0252 
0253     mutex_lock(&tee->rb_mgr.mutex);
0254 
0255     /* Loop until empty entry found in ring buffer */
0256     do {
0257         /* Get pointer to ring buffer command entry */
0258         cmd = (struct tee_ring_cmd *)
0259             (tee->rb_mgr.ring_start + tee->rb_mgr.wptr);
0260 
0261         rptr = ioread32(tee->io_regs + tee->vdata->ring_rptr_reg);
0262 
0263         /* Check if ring buffer is full or command entry is waiting
0264          * for response from TEE
0265          */
0266         if (!(tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
0267               cmd->flag == CMD_WAITING_FOR_RESPONSE))
0268             break;
0269 
0270         dev_dbg(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
0271             rptr, tee->rb_mgr.wptr);
0272 
0273         /* Wait if ring buffer is full or TEE is processing data */
0274         mutex_unlock(&tee->rb_mgr.mutex);
0275         schedule_timeout_interruptible(msecs_to_jiffies(10));
0276         mutex_lock(&tee->rb_mgr.mutex);
0277 
0278     } while (--nloop);
0279 
0280     if (!nloop &&
0281         (tee->rb_mgr.wptr + sizeof(struct tee_ring_cmd) == rptr ||
0282          cmd->flag == CMD_WAITING_FOR_RESPONSE)) {
0283         dev_err(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u response flag %u\n",
0284             rptr, tee->rb_mgr.wptr, cmd->flag);
0285         ret = -EBUSY;
0286         goto unlock;
0287     }
0288 
0289     /* Do not submit command if PSP got disabled while processing any
0290      * command in another thread
0291      */
0292     if (psp_dead) {
0293         ret = -EBUSY;
0294         goto unlock;
0295     }
0296 
0297     /* Write command data into ring buffer */
0298     cmd->cmd_id = cmd_id;
0299     cmd->cmd_state = TEE_CMD_STATE_INIT;
0300     memset(&cmd->buf[0], 0, sizeof(cmd->buf));
0301     memcpy(&cmd->buf[0], buf, len);
0302 
0303     /* Indicate driver is waiting for response */
0304     cmd->flag = CMD_WAITING_FOR_RESPONSE;
0305 
0306     /* Update local copy of write pointer */
0307     tee->rb_mgr.wptr += sizeof(struct tee_ring_cmd);
0308     if (tee->rb_mgr.wptr >= tee->rb_mgr.ring_size)
0309         tee->rb_mgr.wptr = 0;
0310 
0311     /* Trigger interrupt to Trusted OS */
0312     iowrite32(tee->rb_mgr.wptr, tee->io_regs + tee->vdata->ring_wptr_reg);
0313 
0314     /* The response is provided by Trusted OS in same
0315      * location as submitted data entry within ring buffer.
0316      */
0317     *resp = cmd;
0318 
0319 unlock:
0320     mutex_unlock(&tee->rb_mgr.mutex);
0321 
0322     return ret;
0323 }
0324 
0325 static int tee_wait_cmd_completion(struct psp_tee_device *tee,
0326                    struct tee_ring_cmd *resp,
0327                    unsigned int timeout)
0328 {
0329     /* ~1ms sleep per loop => nloop = timeout * 1000 */
0330     int nloop = timeout * 1000;
0331 
0332     while (--nloop) {
0333         if (resp->cmd_state == TEE_CMD_STATE_COMPLETED)
0334             return 0;
0335 
0336         usleep_range(1000, 1100);
0337     }
0338 
0339     dev_err(tee->dev, "tee: command 0x%x timed out, disabling PSP\n",
0340         resp->cmd_id);
0341 
0342     psp_dead = true;
0343 
0344     return -ETIMEDOUT;
0345 }
0346 
0347 int psp_tee_process_cmd(enum tee_cmd_id cmd_id, void *buf, size_t len,
0348             u32 *status)
0349 {
0350     struct psp_device *psp = psp_get_master_device();
0351     struct psp_tee_device *tee;
0352     struct tee_ring_cmd *resp;
0353     int ret;
0354 
0355     if (!buf || !status || !len || len > sizeof(resp->buf))
0356         return -EINVAL;
0357 
0358     *status = 0;
0359 
0360     if (!psp || !psp->tee_data)
0361         return -ENODEV;
0362 
0363     if (psp_dead)
0364         return -EBUSY;
0365 
0366     tee = psp->tee_data;
0367 
0368     ret = tee_submit_cmd(tee, cmd_id, buf, len, &resp);
0369     if (ret)
0370         return ret;
0371 
0372     ret = tee_wait_cmd_completion(tee, resp, TEE_DEFAULT_TIMEOUT);
0373     if (ret) {
0374         resp->flag = CMD_RESPONSE_TIMEDOUT;
0375         return ret;
0376     }
0377 
0378     memcpy(buf, &resp->buf[0], len);
0379     *status = resp->status;
0380 
0381     resp->flag = CMD_RESPONSE_COPIED;
0382 
0383     return 0;
0384 }
0385 EXPORT_SYMBOL(psp_tee_process_cmd);
0386 
0387 int psp_check_tee_status(void)
0388 {
0389     struct psp_device *psp = psp_get_master_device();
0390 
0391     if (!psp || !psp->tee_data)
0392         return -ENODEV;
0393 
0394     return 0;
0395 }
0396 EXPORT_SYMBOL(psp_check_tee_status);
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!