2 * Copyright (c) 2015, Linaro Limited
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
14 #include <linux/device.h>
15 #include <linux/slab.h>
16 #include <linux/uaccess.h>
17 #include "optee_private.h"
19 struct optee_supp_req {
20 struct list_head link;
26 struct tee_param *param;
31 void optee_supp_init(struct optee_supp *supp)
33 memset(supp, 0, sizeof(*supp));
34 mutex_init(&supp->mutex);
35 init_completion(&supp->reqs_c);
37 INIT_LIST_HEAD(&supp->reqs);
41 void optee_supp_uninit(struct optee_supp *supp)
43 mutex_destroy(&supp->mutex);
44 idr_destroy(&supp->idr);
47 void optee_supp_release(struct optee_supp *supp)
50 struct optee_supp_req *req;
51 struct optee_supp_req *req_tmp;
53 mutex_lock(&supp->mutex);
55 /* Abort all request retrieved by supplicant */
56 idr_for_each_entry(&supp->idr, req, id) {
57 idr_remove(&supp->idr, id);
58 req->ret = TEEC_ERROR_COMMUNICATION;
62 /* Abort all queued requests */
63 list_for_each_entry_safe(req, req_tmp, &supp->reqs, link) {
65 req->in_queue = false;
66 req->ret = TEEC_ERROR_COMMUNICATION;
73 mutex_unlock(&supp->mutex);
77 * optee_supp_thrd_req() - request service from supplicant
78 * @ctx: context doing the request
79 * @func: function requested
80 * @num_params: number of elements in @param array
81 * @param: parameters for function
83 * Returns result of operation to be passed to secure world
85 u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params,
86 struct tee_param *param)
89 struct optee *optee = tee_get_drvdata(ctx->teedev);
90 struct optee_supp *supp = &optee->supp;
91 struct optee_supp_req *req = kzalloc(sizeof(*req), GFP_KERNEL);
96 return TEEC_ERROR_OUT_OF_MEMORY;
98 init_completion(&req->c);
100 req->num_params = num_params;
103 /* Insert the request in the request list */
104 mutex_lock(&supp->mutex);
105 list_add_tail(&req->link, &supp->reqs);
106 req->in_queue = true;
107 mutex_unlock(&supp->mutex);
109 /* Tell an eventual waiter there's a new request */
110 complete(&supp->reqs_c);
113 * Wait for supplicant to process and return result, once we've
114 * returned from wait_for_completion(&req->c) successfully we have
115 * exclusive access again.
117 while (wait_for_completion_interruptible(&req->c)) {
118 mutex_lock(&supp->mutex);
119 interruptable = !supp->ctx;
122 * There's no supplicant available and since the
123 * supp->mutex currently is held none can
124 * become available until the mutex released
127 * Interrupting an RPC to supplicant is only
128 * allowed as a way of slightly improving the user
129 * experience in case the supplicant hasn't been
130 * started yet. During normal operation the supplicant
131 * will serve all requests in a timely manner and
132 * interrupting then wouldn't make sense.
135 list_del(&req->link);
136 req->in_queue = false;
139 mutex_unlock(&supp->mutex);
142 req->ret = TEEC_ERROR_COMMUNICATION;
153 static struct optee_supp_req *supp_pop_entry(struct optee_supp *supp,
154 int num_params, int *id)
156 struct optee_supp_req *req;
158 if (supp->req_id != -1) {
160 * Supplicant should not mix synchronous and asnynchronous
163 return ERR_PTR(-EINVAL);
166 if (list_empty(&supp->reqs))
169 req = list_first_entry(&supp->reqs, struct optee_supp_req, link);
171 if (num_params < req->num_params) {
172 /* Not enough room for parameters */
173 return ERR_PTR(-EINVAL);
176 *id = idr_alloc(&supp->idr, req, 1, 0, GFP_KERNEL);
178 return ERR_PTR(-ENOMEM);
180 list_del(&req->link);
181 req->in_queue = false;
186 static int supp_check_recv_params(size_t num_params, struct tee_param *params,
195 * If there's memrefs we need to decrease those as they where
196 * increased earlier and we'll even refuse to accept any below.
198 for (n = 0; n < num_params; n++)
199 if (tee_param_is_memref(params + n) && params[n].u.memref.shm)
200 tee_shm_put(params[n].u.memref.shm);
203 * We only expect parameters as TEE_IOCTL_PARAM_ATTR_TYPE_NONE with
204 * or without the TEE_IOCTL_PARAM_ATTR_META bit set.
206 for (n = 0; n < num_params; n++)
207 if (params[n].attr &&
208 params[n].attr != TEE_IOCTL_PARAM_ATTR_META)
211 /* At most we'll need one meta parameter so no need to check for more */
212 if (params->attr == TEE_IOCTL_PARAM_ATTR_META)
221 * optee_supp_recv() - receive request for supplicant
222 * @ctx: context receiving the request
223 * @func: requested function in supplicant
224 * @num_params: number of elements allocated in @param, updated with number
226 * @param: space for parameters for @func
228 * Returns 0 on success or <0 on failure
230 int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params,
231 struct tee_param *param)
233 struct tee_device *teedev = ctx->teedev;
234 struct optee *optee = tee_get_drvdata(teedev);
235 struct optee_supp *supp = &optee->supp;
236 struct optee_supp_req *req = NULL;
241 rc = supp_check_recv_params(*num_params, param, &num_meta);
246 mutex_lock(&supp->mutex);
247 req = supp_pop_entry(supp, *num_params - num_meta, &id);
248 mutex_unlock(&supp->mutex);
257 * If we didn't get a request we'll block in
258 * wait_for_completion() to avoid needless spinning.
260 * This is where supplicant will be hanging most of
261 * the time, let's make this interruptable so we
262 * can easily restart supplicant if needed.
264 if (wait_for_completion_interruptible(&supp->reqs_c))
270 * tee-supplicant support meta parameters -> requsts can be
271 * processed asynchronously.
273 param->attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT |
274 TEE_IOCTL_PARAM_ATTR_META;
275 param->u.value.a = id;
276 param->u.value.b = 0;
277 param->u.value.c = 0;
279 mutex_lock(&supp->mutex);
281 mutex_unlock(&supp->mutex);
285 *num_params = req->num_params + num_meta;
286 memcpy(param + num_meta, req->param,
287 sizeof(struct tee_param) * req->num_params);
292 static struct optee_supp_req *supp_pop_req(struct optee_supp *supp,
294 struct tee_param *param,
297 struct optee_supp_req *req;
300 const u32 attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT |
301 TEE_IOCTL_PARAM_ATTR_META;
304 return ERR_PTR(-EINVAL);
306 if (supp->req_id == -1) {
307 if (param->attr != attr)
308 return ERR_PTR(-EINVAL);
309 id = param->u.value.a;
316 req = idr_find(&supp->idr, id);
318 return ERR_PTR(-ENOENT);
320 if ((num_params - nm) != req->num_params)
321 return ERR_PTR(-EINVAL);
323 idr_remove(&supp->idr, id);
331 * optee_supp_send() - send result of request from supplicant
332 * @ctx: context sending result
333 * @ret: return value of request
334 * @num_params: number of parameters returned
335 * @param: returned parameters
337 * Returns 0 on success or <0 on failure.
339 int optee_supp_send(struct tee_context *ctx, u32 ret, u32 num_params,
340 struct tee_param *param)
342 struct tee_device *teedev = ctx->teedev;
343 struct optee *optee = tee_get_drvdata(teedev);
344 struct optee_supp *supp = &optee->supp;
345 struct optee_supp_req *req;
349 mutex_lock(&supp->mutex);
350 req = supp_pop_req(supp, num_params, param, &num_meta);
351 mutex_unlock(&supp->mutex);
354 /* Something is wrong, let supplicant restart. */
358 /* Update out and in/out parameters */
359 for (n = 0; n < req->num_params; n++) {
360 struct tee_param *p = req->param + n;
362 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
363 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
364 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
365 p->u.value.a = param[n + num_meta].u.value.a;
366 p->u.value.b = param[n + num_meta].u.value.b;
367 p->u.value.c = param[n + num_meta].u.value.c;
369 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
370 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
371 p->u.memref.size = param[n + num_meta].u.memref.size;
379 /* Let the requesting thread continue */