drivers/crypto/ccp/tee-dev.c

   1 // SPDX-License-Identifier: MIT
   2 /*
   3  * AMD Trusted Execution Environment (TEE) interface
   4  *
   5  * Author: Rijo Thomas <Rijo-john.Thomas@amd.com>
   6  * Author: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com>
   7  *
   8  * Copyright 2019 Advanced Micro Devices, Inc.
   9  */
  10
  11 #include <linux/types.h>
  12 #include <linux/mutex.h>
  13 #include <linux/delay.h>
  14 #include <linux/slab.h>
  15 #include <linux/gfp.h>
  16 #include <linux/psp-sev.h>
  17 #include <linux/psp-tee.h>
  18
  19 #include "psp-dev.h"
  20 #include "tee-dev.h"
  21
  22 static bool psp_dead;
  23
  24 static int tee_alloc_ring(struct psp_tee_device *tee, int ring_size)
  25 {
  26         struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
  27         void *start_addr;
  28
  29         if (!ring_size)
  30                 return -EINVAL;
  31
  32         /* We need actual physical address instead of DMA address, since
  33          * Trusted OS running on AMD Secure Processor will map this region
  34          */
  35         start_addr = (void *)__get_free_pages(GFP_KERNEL, get_order(ring_size));
  36         if (!start_addr)
  37                 return -ENOMEM;
  38
  39         rb_mgr->ring_start = start_addr;
  40         rb_mgr->ring_size = ring_size;
  41         rb_mgr->ring_pa = __psp_pa(start_addr);
  42         mutex_init(&rb_mgr->mutex);
  43
  44         return 0;
  45 }
  46
  47 static void tee_free_ring(struct psp_tee_device *tee)
  48 {
  49         struct ring_buf_manager *rb_mgr = &tee->rb_mgr;
  50
  51         if (!rb_mgr->ring_start)
  52                 return;
  53
  54         free_pages((unsigned long)rb_mgr->ring_start,
  55                    get_order(rb_mgr->ring_size));
  56
  57         rb_mgr->ring_start = NULL;
  58         rb_mgr->ring_size = 0;
  59         rb_mgr->ring_pa = 0;
  60         mutex_destroy(&rb_mgr->mutex);
  61 }
  62
  63 static int tee_wait_cmd_poll(struct psp_tee_device *tee, unsigned int timeout,
  64                              unsigned int *reg)
  65 {
  66         /* ~10ms sleep per loop => nloop = timeout * 100 */
  67         int nloop = timeout * 100;
  68
  69         while (--nloop) {
  70                 *reg = ioread32(tee->io_regs + tee->vdata->cmdresp_reg);
  71                 if (*reg & PSP_CMDRESP_RESP)
  72                         return 0;
  73
  74                 usleep_range(10000, 10100);
  75         }
  76
  77         dev_err(tee->dev, "tee: command timed out, disabling PSP\n");
  78         psp_dead = true;
  79
  80         return -ETIMEDOUT;
  81 }
  82
  83 static
  84 struct tee_init_ring_cmd *tee_alloc_cmd_buffer(struct psp_tee_device *tee)
  85 {
  86         struct tee_init_ring_cmd *cmd;
  87
  88         cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
  89         if (!cmd)
  90                 return NULL;
  91
  92         cmd->hi_addr = upper_32_bits(tee->rb_mgr.ring_pa);
  93         cmd->low_addr = lower_32_bits(tee->rb_mgr.ring_pa);
  94         cmd->size = tee->rb_mgr.ring_size;
  95
  96         dev_dbg(tee->dev, "tee: ring address: high = 0x%x low = 0x%x size = %u\n",
  97                 cmd->hi_addr, cmd->low_addr, cmd->size);
  98
  99         return cmd;
 100 }
 101
 102 static inline void tee_free_cmd_buffer(struct tee_init_ring_cmd *cmd)
 103 {
 104         kfree(cmd);
 105 }
 106
 107 static int tee_init_ring(struct psp_tee_device *tee)
 108 {
 109         int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
 110         struct tee_init_ring_cmd *cmd;
 111         phys_addr_t cmd_buffer;
 112         unsigned int reg;
 113         int ret;
 114
 115         BUILD_BUG_ON(sizeof(struct tee_ring_cmd) != 1024);
 116
 117         ret = tee_alloc_ring(tee, ring_size);
 118         if (ret) {
 119                 dev_err(tee->dev, "tee: ring allocation failed %d\n", ret);
 120                 return ret;
 121         }
 122
 123         tee->rb_mgr.wptr = 0;
 124
 125         cmd = tee_alloc_cmd_buffer(tee);
 126         if (!cmd) {
 127                 tee_free_ring(tee);
 128                 return -ENOMEM;
 129         }
 130
 131         cmd_buffer = __psp_pa((void *)cmd);
 132
 133         /* Send command buffer details to Trusted OS by writing to
 134          * CPU-PSP message registers
 135          */
 136
 137         iowrite32(lower_32_bits(cmd_buffer),
 138                   tee->io_regs + tee->vdata->cmdbuff_addr_lo_reg);
 139         iowrite32(upper_32_bits(cmd_buffer),
 140                   tee->io_regs + tee->vdata->cmdbuff_addr_hi_reg);
 141         iowrite32(TEE_RING_INIT_CMD,
 142                   tee->io_regs + tee->vdata->cmdresp_reg);
 143
 144         ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
 145         if (ret) {
 146                 dev_err(tee->dev, "tee: ring init command timed out\n");
 147                 tee_free_ring(tee);
 148                 goto free_buf;
 149         }
 150
 151         if (reg & PSP_CMDRESP_ERR_MASK) {
 152                 dev_err(tee->dev, "tee: ring init command failed (%#010x)\n",
 153                         reg & PSP_CMDRESP_ERR_MASK);
 154                 tee_free_ring(tee);
 155                 ret = -EIO;
 156         }
 157
 158 free_buf:
 159         tee_free_cmd_buffer(cmd);
 160
 161         return ret;
 162 }
 163
 164 static void tee_destroy_ring(struct psp_tee_device *tee)
 165 {
 166         unsigned int reg;
 167         int ret;
 168
 169         if (!tee->rb_mgr.ring_start)
 170                 return;
 171
 172         if (psp_dead)
 173                 goto free_ring;
 174
 175         iowrite32(TEE_RING_DESTROY_CMD,
 176                   tee->io_regs + tee->vdata->cmdresp_reg);
 177
 178         ret = tee_wait_cmd_poll(tee, TEE_DEFAULT_TIMEOUT, &reg);
 179         if (ret) {
 180                 dev_err(tee->dev, "tee: ring destroy command timed out\n");
 181         } else if (reg & PSP_CMDRESP_ERR_MASK) {
 182                 dev_err(tee->dev, "tee: ring destroy command failed (%#010x)\n",
 183                         reg & PSP_CMDRESP_ERR_MASK);
 184         }
 185
 186 free_ring:
 187         tee_free_ring(tee);
 188 }
 189
 190 int tee_dev_init(struct psp_device *psp)
 191 {
 192         struct device *dev = psp->dev;
 193         struct psp_tee_device *tee;
 194         int ret;
 195
 196         ret = -ENOMEM;
 197         tee = devm_kzalloc(dev, sizeof(*tee), GFP_KERNEL);
 198         if (!tee)
 199                 goto e_err;
 200
 201         psp->tee_data = tee;
 202
 203         tee->dev = dev;
 204         tee->psp = psp;
 205
 206         tee->io_regs = psp->io_regs;
 207
 208         tee->vdata = (struct tee_vdata *)psp->vdata->tee;
 209         if (!tee->vdata) {
 210                 ret = -ENODEV;
 211                 dev_err(dev, "tee: missing driver data\n");
 212                 goto e_err;
 213         }
 214
 215         ret = tee_init_ring(tee);
 216         if (ret) {
 217                 dev_err(dev, "tee: failed to init ring buffer\n");
 218                 goto e_err;
 219         }
 220
 221         dev_notice(dev, "tee enabled\n");
 222
 223         return 0;
 224
 225 e_err:
 226         psp->tee_data = NULL;
 227
 228         dev_notice(dev, "tee initialization failed\n");
 229
 230         return ret;
 231 }
 232
 233 void tee_dev_destroy(struct psp_device *psp)
 234 {
 235         struct psp_tee_device *tee = psp->tee_data;
 236
 237         if (!tee)
 238                 return;
 239
 240         tee_destroy_ring(tee);
 241 }
 242
 243 static int tee_submit_cmd(struct psp_tee_device *tee, enum tee_cmd_id cmd_id,
 244                           void *buf, size_t len, struct tee_ring_cmd **resp)
 245 {
 246         struct tee_ring_cmd *cmd;
 247         u32 rptr, wptr;
 248         int nloop = 1000, ret = 0;
 249
 250         *resp = NULL;
 251
 252         mutex_lock(&tee->rb_mgr.mutex);
 253
 254         wptr = tee->rb_mgr.wptr;
 255
 256         /* Check if ring buffer is full */
 257         do {
 258                 rptr = ioread32(tee->io_regs + tee->vdata->ring_rptr_reg);
 259
 260                 if (!(wptr + sizeof(struct tee_ring_cmd) == rptr))
 261                         break;
 262
 263                 dev_info(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
 264                          rptr, wptr);
 265
 266                 /* Wait if ring buffer is full */
 267                 mutex_unlock(&tee->rb_mgr.mutex);
 268                 schedule_timeout_interruptible(msecs_to_jiffies(10));
 269                 mutex_lock(&tee->rb_mgr.mutex);
 270
 271         } while (--nloop);
 272
 273         if (!nloop && (wptr + sizeof(struct tee_ring_cmd) == rptr)) {
 274                 dev_err(tee->dev, "tee: ring buffer full. rptr = %u wptr = %u\n",
 275                         rptr, wptr);
 276                 ret = -EBUSY;
 277                 goto unlock;
 278         }
 279
 280         /* Pointer to empty data entry in ring buffer */
 281         cmd = (struct tee_ring_cmd *)(tee->rb_mgr.ring_start + wptr);
 282
 283         /* Write command data into ring buffer */
 284         cmd->cmd_id = cmd_id;
 285         cmd->cmd_state = TEE_CMD_STATE_INIT;
 286         memset(&cmd->buf[0], 0, sizeof(cmd->buf));
 287         memcpy(&cmd->buf[0], buf, len);
 288
 289         /* Update local copy of write pointer */
 290         tee->rb_mgr.wptr += sizeof(struct tee_ring_cmd);
 291         if (tee->rb_mgr.wptr >= tee->rb_mgr.ring_size)
 292                 tee->rb_mgr.wptr = 0;
 293
 294         /* Trigger interrupt to Trusted OS */
 295         iowrite32(tee->rb_mgr.wptr, tee->io_regs + tee->vdata->ring_wptr_reg);
 296
 297         /* The response is provided by Trusted OS in same
 298          * location as submitted data entry within ring buffer.
 299          */
 300         *resp = cmd;
 301
 302 unlock:
 303         mutex_unlock(&tee->rb_mgr.mutex);
 304
 305         return ret;
 306 }
 307
 308 static int tee_wait_cmd_completion(struct psp_tee_device *tee,
 309                                    struct tee_ring_cmd *resp,
 310                                    unsigned int timeout)
 311 {
 312         /* ~5ms sleep per loop => nloop = timeout * 200 */
 313         int nloop = timeout * 200;
 314
 315         while (--nloop) {
 316                 if (resp->cmd_state == TEE_CMD_STATE_COMPLETED)
 317                         return 0;
 318
 319                 usleep_range(5000, 5100);
 320         }
 321
 322         dev_err(tee->dev, "tee: command 0x%x timed out, disabling PSP\n",
 323                 resp->cmd_id);
 324
 325         psp_dead = true;
 326
 327         return -ETIMEDOUT;
 328 }
 329
 330 int psp_tee_process_cmd(enum tee_cmd_id cmd_id, void *buf, size_t len,
 331                         u32 *status)
 332 {
 333         struct psp_device *psp = psp_get_master_device();
 334         struct psp_tee_device *tee;
 335         struct tee_ring_cmd *resp;
 336         int ret;
 337
 338         if (!buf || !status || !len || len > sizeof(resp->buf))
 339                 return -EINVAL;
 340
 341         *status = 0;
 342
 343         if (!psp || !psp->tee_data)
 344                 return -ENODEV;
 345
 346         if (psp_dead)
 347                 return -EBUSY;
 348
 349         tee = psp->tee_data;
 350
 351         ret = tee_submit_cmd(tee, cmd_id, buf, len, &resp);
 352         if (ret)
 353                 return ret;
 354
 355         ret = tee_wait_cmd_completion(tee, resp, TEE_DEFAULT_TIMEOUT);
 356         if (ret)
 357                 return ret;
 358
 359         memcpy(buf, &resp->buf[0], len);
 360         *status = resp->status;
 361
 362         return 0;
 363 }
 364 EXPORT_SYMBOL(psp_tee_process_cmd);
 365
 366 int psp_check_tee_status(void)
 367 {
 368         struct psp_device *psp = psp_get_master_device();
 369
 370         if (!psp || !psp->tee_data)
 371                 return -ENODEV;
 372
 373         return 0;
 374 }
 375 EXPORT_SYMBOL(psp_check_tee_status);