supp.c (9034B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (c) 2015, Linaro Limited 4 */ 5#include <linux/device.h> 6#include <linux/slab.h> 7#include <linux/uaccess.h> 8#include "optee_private.h" 9 10struct optee_supp_req { 11 struct list_head link; 12 13 bool in_queue; 14 u32 func; 15 u32 ret; 16 size_t num_params; 17 struct tee_param *param; 18 19 struct completion c; 20}; 21 22void optee_supp_init(struct optee_supp *supp) 23{ 24 memset(supp, 0, sizeof(*supp)); 25 mutex_init(&supp->mutex); 26 init_completion(&supp->reqs_c); 27 idr_init(&supp->idr); 28 INIT_LIST_HEAD(&supp->reqs); 29 supp->req_id = -1; 30} 31 32void optee_supp_uninit(struct optee_supp *supp) 33{ 34 mutex_destroy(&supp->mutex); 35 idr_destroy(&supp->idr); 36} 37 38void optee_supp_release(struct optee_supp *supp) 39{ 40 int id; 41 struct optee_supp_req *req; 42 struct optee_supp_req *req_tmp; 43 44 mutex_lock(&supp->mutex); 45 46 /* Abort all request retrieved by supplicant */ 47 idr_for_each_entry(&supp->idr, req, id) { 48 idr_remove(&supp->idr, id); 49 req->ret = TEEC_ERROR_COMMUNICATION; 50 complete(&req->c); 51 } 52 53 /* Abort all queued requests */ 54 list_for_each_entry_safe(req, req_tmp, &supp->reqs, link) { 55 list_del(&req->link); 56 req->in_queue = false; 57 req->ret = TEEC_ERROR_COMMUNICATION; 58 complete(&req->c); 59 } 60 61 supp->ctx = NULL; 62 supp->req_id = -1; 63 64 mutex_unlock(&supp->mutex); 65} 66 67/** 68 * optee_supp_thrd_req() - request service from supplicant 69 * @ctx: context doing the request 70 * @func: function requested 71 * @num_params: number of elements in @param array 72 * @param: parameters for function 73 * 74 * Returns result of operation to be passed to secure world 75 */ 76u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, 77 struct tee_param *param) 78 79{ 80 struct optee *optee = tee_get_drvdata(ctx->teedev); 81 struct optee_supp *supp = &optee->supp; 82 struct optee_supp_req *req; 83 bool interruptable; 84 u32 ret; 85 86 /* 87 * Return in case there is no supplicant available and 88 * non-blocking request. 89 */ 90 if (!supp->ctx && ctx->supp_nowait) 91 return TEEC_ERROR_COMMUNICATION; 92 93 req = kzalloc(sizeof(*req), GFP_KERNEL); 94 if (!req) 95 return TEEC_ERROR_OUT_OF_MEMORY; 96 97 init_completion(&req->c); 98 req->func = func; 99 req->num_params = num_params; 100 req->param = param; 101 102 /* Insert the request in the request list */ 103 mutex_lock(&supp->mutex); 104 list_add_tail(&req->link, &supp->reqs); 105 req->in_queue = true; 106 mutex_unlock(&supp->mutex); 107 108 /* Tell an eventual waiter there's a new request */ 109 complete(&supp->reqs_c); 110 111 /* 112 * Wait for supplicant to process and return result, once we've 113 * returned from wait_for_completion(&req->c) successfully we have 114 * exclusive access again. 115 */ 116 while (wait_for_completion_interruptible(&req->c)) { 117 mutex_lock(&supp->mutex); 118 interruptable = !supp->ctx; 119 if (interruptable) { 120 /* 121 * There's no supplicant available and since the 122 * supp->mutex currently is held none can 123 * become available until the mutex released 124 * again. 125 * 126 * Interrupting an RPC to supplicant is only 127 * allowed as a way of slightly improving the user 128 * experience in case the supplicant hasn't been 129 * started yet. During normal operation the supplicant 130 * will serve all requests in a timely manner and 131 * interrupting then wouldn't make sense. 132 */ 133 if (req->in_queue) { 134 list_del(&req->link); 135 req->in_queue = false; 136 } 137 } 138 mutex_unlock(&supp->mutex); 139 140 if (interruptable) { 141 req->ret = TEEC_ERROR_COMMUNICATION; 142 break; 143 } 144 } 145 146 ret = req->ret; 147 kfree(req); 148 149 return ret; 150} 151 152static struct optee_supp_req *supp_pop_entry(struct optee_supp *supp, 153 int num_params, int *id) 154{ 155 struct optee_supp_req *req; 156 157 if (supp->req_id != -1) { 158 /* 159 * Supplicant should not mix synchronous and asnynchronous 160 * requests. 161 */ 162 return ERR_PTR(-EINVAL); 163 } 164 165 if (list_empty(&supp->reqs)) 166 return NULL; 167 168 req = list_first_entry(&supp->reqs, struct optee_supp_req, link); 169 170 if (num_params < req->num_params) { 171 /* Not enough room for parameters */ 172 return ERR_PTR(-EINVAL); 173 } 174 175 *id = idr_alloc(&supp->idr, req, 1, 0, GFP_KERNEL); 176 if (*id < 0) 177 return ERR_PTR(-ENOMEM); 178 179 list_del(&req->link); 180 req->in_queue = false; 181 182 return req; 183} 184 185static int supp_check_recv_params(size_t num_params, struct tee_param *params, 186 size_t *num_meta) 187{ 188 size_t n; 189 190 if (!num_params) 191 return -EINVAL; 192 193 /* 194 * If there's memrefs we need to decrease those as they where 195 * increased earlier and we'll even refuse to accept any below. 196 */ 197 for (n = 0; n < num_params; n++) 198 if (tee_param_is_memref(params + n) && params[n].u.memref.shm) 199 tee_shm_put(params[n].u.memref.shm); 200 201 /* 202 * We only expect parameters as TEE_IOCTL_PARAM_ATTR_TYPE_NONE with 203 * or without the TEE_IOCTL_PARAM_ATTR_META bit set. 204 */ 205 for (n = 0; n < num_params; n++) 206 if (params[n].attr && 207 params[n].attr != TEE_IOCTL_PARAM_ATTR_META) 208 return -EINVAL; 209 210 /* At most we'll need one meta parameter so no need to check for more */ 211 if (params->attr == TEE_IOCTL_PARAM_ATTR_META) 212 *num_meta = 1; 213 else 214 *num_meta = 0; 215 216 return 0; 217} 218 219/** 220 * optee_supp_recv() - receive request for supplicant 221 * @ctx: context receiving the request 222 * @func: requested function in supplicant 223 * @num_params: number of elements allocated in @param, updated with number 224 * used elements 225 * @param: space for parameters for @func 226 * 227 * Returns 0 on success or <0 on failure 228 */ 229int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, 230 struct tee_param *param) 231{ 232 struct tee_device *teedev = ctx->teedev; 233 struct optee *optee = tee_get_drvdata(teedev); 234 struct optee_supp *supp = &optee->supp; 235 struct optee_supp_req *req = NULL; 236 int id; 237 size_t num_meta; 238 int rc; 239 240 rc = supp_check_recv_params(*num_params, param, &num_meta); 241 if (rc) 242 return rc; 243 244 while (true) { 245 mutex_lock(&supp->mutex); 246 req = supp_pop_entry(supp, *num_params - num_meta, &id); 247 mutex_unlock(&supp->mutex); 248 249 if (req) { 250 if (IS_ERR(req)) 251 return PTR_ERR(req); 252 break; 253 } 254 255 /* 256 * If we didn't get a request we'll block in 257 * wait_for_completion() to avoid needless spinning. 258 * 259 * This is where supplicant will be hanging most of 260 * the time, let's make this interruptable so we 261 * can easily restart supplicant if needed. 262 */ 263 if (wait_for_completion_interruptible(&supp->reqs_c)) 264 return -ERESTARTSYS; 265 } 266 267 if (num_meta) { 268 /* 269 * tee-supplicant support meta parameters -> requsts can be 270 * processed asynchronously. 271 */ 272 param->attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT | 273 TEE_IOCTL_PARAM_ATTR_META; 274 param->u.value.a = id; 275 param->u.value.b = 0; 276 param->u.value.c = 0; 277 } else { 278 mutex_lock(&supp->mutex); 279 supp->req_id = id; 280 mutex_unlock(&supp->mutex); 281 } 282 283 *func = req->func; 284 *num_params = req->num_params + num_meta; 285 memcpy(param + num_meta, req->param, 286 sizeof(struct tee_param) * req->num_params); 287 288 return 0; 289} 290 291static struct optee_supp_req *supp_pop_req(struct optee_supp *supp, 292 size_t num_params, 293 struct tee_param *param, 294 size_t *num_meta) 295{ 296 struct optee_supp_req *req; 297 int id; 298 size_t nm; 299 const u32 attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT | 300 TEE_IOCTL_PARAM_ATTR_META; 301 302 if (!num_params) 303 return ERR_PTR(-EINVAL); 304 305 if (supp->req_id == -1) { 306 if (param->attr != attr) 307 return ERR_PTR(-EINVAL); 308 id = param->u.value.a; 309 nm = 1; 310 } else { 311 id = supp->req_id; 312 nm = 0; 313 } 314 315 req = idr_find(&supp->idr, id); 316 if (!req) 317 return ERR_PTR(-ENOENT); 318 319 if ((num_params - nm) != req->num_params) 320 return ERR_PTR(-EINVAL); 321 322 idr_remove(&supp->idr, id); 323 supp->req_id = -1; 324 *num_meta = nm; 325 326 return req; 327} 328 329/** 330 * optee_supp_send() - send result of request from supplicant 331 * @ctx: context sending result 332 * @ret: return value of request 333 * @num_params: number of parameters returned 334 * @param: returned parameters 335 * 336 * Returns 0 on success or <0 on failure. 337 */ 338int optee_supp_send(struct tee_context *ctx, u32 ret, u32 num_params, 339 struct tee_param *param) 340{ 341 struct tee_device *teedev = ctx->teedev; 342 struct optee *optee = tee_get_drvdata(teedev); 343 struct optee_supp *supp = &optee->supp; 344 struct optee_supp_req *req; 345 size_t n; 346 size_t num_meta; 347 348 mutex_lock(&supp->mutex); 349 req = supp_pop_req(supp, num_params, param, &num_meta); 350 mutex_unlock(&supp->mutex); 351 352 if (IS_ERR(req)) { 353 /* Something is wrong, let supplicant restart. */ 354 return PTR_ERR(req); 355 } 356 357 /* Update out and in/out parameters */ 358 for (n = 0; n < req->num_params; n++) { 359 struct tee_param *p = req->param + n; 360 361 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) { 362 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: 363 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: 364 p->u.value.a = param[n + num_meta].u.value.a; 365 p->u.value.b = param[n + num_meta].u.value.b; 366 p->u.value.c = param[n + num_meta].u.value.c; 367 break; 368 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 369 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: 370 p->u.memref.size = param[n + num_meta].u.memref.size; 371 break; 372 default: 373 break; 374 } 375 } 376 req->ret = ret; 377 378 /* Let the requesting thread continue */ 379 complete(&req->c); 380 381 return 0; 382}