1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Copyright (c) 2015-2016, Linaro Limited
4 */
5
6 #ifndef __TEE_DRV_H
7 #define __TEE_DRV_H
8
9 #include <linux/device.h>
10 #include <linux/idr.h>
11 #include <linux/kref.h>
12 #include <linux/list.h>
13 #include <linux/mod_devicetable.h>
14 #include <linux/tee.h>
15 #include <linux/types.h>
16 #include <linux/uuid.h>
17
18 /*
19 * The file describes the API provided by the generic TEE driver to the
20 * specific TEE driver.
21 */
22
23 #define TEE_SHM_MAPPED BIT(0) /* Memory mapped by the kernel */
24 #define TEE_SHM_DMA_BUF BIT(1) /* Memory with dma-buf handle */
25 #define TEE_SHM_EXT_DMA_BUF BIT(2) /* Memory with dma-buf handle */
26 #define TEE_SHM_REGISTER BIT(3) /* Memory registered in secure world */
27 #define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */
28 #define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */
29
30 struct device;
31 struct tee_device;
32 struct tee_shm;
33 struct tee_shm_pool;
34
35 /**
36 * struct tee_context - driver specific context on file pointer data
37 * @teedev: pointer to this drivers struct tee_device
38 * @list_shm: List of shared memory object owned by this context
39 * @data: driver specific context data, managed by the driver
40 * @refcount: reference counter for this structure
41 * @releasing: flag that indicates if context is being released right now.
42 * It is needed to break circular dependency on context during
43 * shared memory release.
44 * @supp_nowait: flag that indicates that requests in this context should not
45 * wait for tee-supplicant daemon to be started if not present
46 * and just return with an error code. It is needed for requests
47 * that arises from TEE based kernel drivers that should be
48 * non-blocking in nature.
49 */
50 struct tee_context {
51 struct tee_device *teedev;
52 struct list_head list_shm;
53 void *data;
54 struct kref refcount;
55 bool releasing;
56 bool supp_nowait;
57 };
58
59 struct tee_param_memref {
60 size_t shm_offs;
61 size_t size;
62 struct tee_shm *shm;
63 };
64
65 struct tee_param_value {
66 u64 a;
67 u64 b;
68 u64 c;
69 };
70
71 struct tee_param {
72 u64 attr;
73 union {
74 struct tee_param_memref memref;
75 struct tee_param_value value;
76 } u;
77 };
78
79 /**
80 * struct tee_driver_ops - driver operations vtable
81 * @get_version: returns version of driver
82 * @open: called when the device file is opened
83 * @release: release this open file
84 * @open_session: open a new session
85 * @close_session: close a session
86 * @invoke_func: invoke a trusted function
87 * @cancel_req: request cancel of an ongoing invoke or open
88 * @supp_revc: called for supplicant to get a command
89 * @supp_send: called for supplicant to send a response
90 * @shm_register: register shared memory buffer in TEE
91 * @shm_unregister: unregister shared memory buffer in TEE
92 */
93 struct tee_driver_ops {
94 void (*get_version)(struct tee_device *teedev,
95 struct tee_ioctl_version_data *vers);
96 int (*open)(struct tee_context *ctx);
97 void (*release)(struct tee_context *ctx);
98 int (*open_session)(struct tee_context *ctx,
99 struct tee_ioctl_open_session_arg *arg,
100 struct tee_param *param);
101 int (*close_session)(struct tee_context *ctx, u32 session);
102 int (*invoke_func)(struct tee_context *ctx,
103 struct tee_ioctl_invoke_arg *arg,
104 struct tee_param *param);
105 int (*cancel_req)(struct tee_context *ctx, u32 cancel_id, u32 session);
106 int (*supp_recv)(struct tee_context *ctx, u32 *func, u32 *num_params,
107 struct tee_param *param);
108 int (*supp_send)(struct tee_context *ctx, u32 ret, u32 num_params,
109 struct tee_param *param);
110 int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm,
111 struct page **pages, size_t num_pages,
112 unsigned long start);
113 int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm);
114 };
115
116 /**
117 * struct tee_desc - Describes the TEE driver to the subsystem
118 * @name: name of driver
119 * @ops: driver operations vtable
120 * @owner: module providing the driver
121 * @flags: Extra properties of driver, defined by TEE_DESC_* below
122 */
123 #define TEE_DESC_PRIVILEGED 0x1
124 struct tee_desc {
125 const char *name;
126 const struct tee_driver_ops *ops;
127 struct module *owner;
128 u32 flags;
129 };
130
131 /**
132 * tee_device_alloc() - Allocate a new struct tee_device instance
133 * @teedesc: Descriptor for this driver
134 * @dev: Parent device for this device
135 * @pool: Shared memory pool, NULL if not used
136 * @driver_data: Private driver data for this device
137 *
138 * Allocates a new struct tee_device instance. The device is
139 * removed by tee_device_unregister().
140 *
141 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
142 */
143 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
144 struct device *dev,
145 struct tee_shm_pool *pool,
146 void *driver_data);
147
148 /**
149 * tee_device_register() - Registers a TEE device
150 * @teedev: Device to register
151 *
152 * tee_device_unregister() need to be called to remove the @teedev if
153 * this function fails.
154 *
155 * @returns < 0 on failure
156 */
157 int tee_device_register(struct tee_device *teedev);
158
159 /**
160 * tee_device_unregister() - Removes a TEE device
161 * @teedev: Device to unregister
162 *
163 * This function should be called to remove the @teedev even if
164 * tee_device_register() hasn't been called yet. Does nothing if
165 * @teedev is NULL.
166 */
167 void tee_device_unregister(struct tee_device *teedev);
168
169 /**
170 * struct tee_shm - shared memory object
171 * @teedev: device used to allocate the object
172 * @ctx: context using the object, if NULL the context is gone
173 * @link link element
174 * @paddr: physical address of the shared memory
175 * @kaddr: virtual address of the shared memory
176 * @size: size of shared memory
177 * @offset: offset of buffer in user space
178 * @pages: locked pages from userspace
179 * @num_pages: number of locked pages
180 * @dmabuf: dmabuf used to for exporting to user space
181 * @flags: defined by TEE_SHM_* in tee_drv.h
182 * @id: unique id of a shared memory object on this device
183 *
184 * This pool is only supposed to be accessed directly from the TEE
185 * subsystem and from drivers that implements their own shm pool manager.
186 */
187 struct tee_shm {
188 struct tee_device *teedev;
189 struct tee_context *ctx;
190 struct list_head link;
191 phys_addr_t paddr;
192 void *kaddr;
193 size_t size;
194 unsigned int offset;
195 struct page **pages;
196 size_t num_pages;
197 struct dma_buf *dmabuf;
198 u32 flags;
199 int id;
200 };
201
202 /**
203 * struct tee_shm_pool_mgr - shared memory manager
204 * @ops: operations
205 * @private_data: private data for the shared memory manager
206 */
207 struct tee_shm_pool_mgr {
208 const struct tee_shm_pool_mgr_ops *ops;
209 void *private_data;
210 };
211
212 /**
213 * struct tee_shm_pool_mgr_ops - shared memory pool manager operations
214 * @alloc: called when allocating shared memory
215 * @free: called when freeing shared memory
216 * @destroy_poolmgr: called when destroying the pool manager
217 */
218 struct tee_shm_pool_mgr_ops {
219 int (*alloc)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm,
220 size_t size);
221 void (*free)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm);
222 void (*destroy_poolmgr)(struct tee_shm_pool_mgr *poolmgr);
223 };
224
225 /**
226 * tee_shm_pool_alloc() - Create a shared memory pool from shm managers
227 * @priv_mgr: manager for driver private shared memory allocations
228 * @dmabuf_mgr: manager for dma-buf shared memory allocations
229 *
230 * Allocation with the flag TEE_SHM_DMA_BUF set will use the range supplied
231 * in @dmabuf, others will use the range provided by @priv.
232 *
233 * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure.
234 */
235 struct tee_shm_pool *tee_shm_pool_alloc(struct tee_shm_pool_mgr *priv_mgr,
236 struct tee_shm_pool_mgr *dmabuf_mgr);
237
238 /*
239 * tee_shm_pool_mgr_alloc_res_mem() - Create a shm manager for reserved
240 * memory
241 * @vaddr: Virtual address of start of pool
242 * @paddr: Physical address of start of pool
243 * @size: Size in bytes of the pool
244 *
245 * @returns pointer to a 'struct tee_shm_pool_mgr' or an ERR_PTR on failure.
246 */
247 struct tee_shm_pool_mgr *tee_shm_pool_mgr_alloc_res_mem(unsigned long vaddr,
248 phys_addr_t paddr,
249 size_t size,
250 int min_alloc_order);
251
252 /**
253 * tee_shm_pool_mgr_destroy() - Free a shared memory manager
254 */
255 static inline void tee_shm_pool_mgr_destroy(struct tee_shm_pool_mgr *poolm)
256 {
257 poolm->ops->destroy_poolmgr(poolm);
258 }
259
260 /**
261 * struct tee_shm_pool_mem_info - holds information needed to create a shared
262 * memory pool
263 * @vaddr: Virtual address of start of pool
264 * @paddr: Physical address of start of pool
265 * @size: Size in bytes of the pool
266 */
267 struct tee_shm_pool_mem_info {
268 unsigned long vaddr;
269 phys_addr_t paddr;
270 size_t size;
271 };
272
273 /**
274 * tee_shm_pool_alloc_res_mem() - Create a shared memory pool from reserved
275 * memory range
276 * @priv_info: Information for driver private shared memory pool
277 * @dmabuf_info: Information for dma-buf shared memory pool
278 *
279 * Start and end of pools will must be page aligned.
280 *
281 * Allocation with the flag TEE_SHM_DMA_BUF set will use the range supplied
282 * in @dmabuf, others will use the range provided by @priv.
283 *
284 * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure.
285 */
286 struct tee_shm_pool *
287 tee_shm_pool_alloc_res_mem(struct tee_shm_pool_mem_info *priv_info,
288 struct tee_shm_pool_mem_info *dmabuf_info);
289
290 /**
291 * tee_shm_pool_free() - Free a shared memory pool
292 * @pool: The shared memory pool to free
293 *
294 * The must be no remaining shared memory allocated from this pool when
295 * this function is called.
296 */
297 void tee_shm_pool_free(struct tee_shm_pool *pool);
298
299 /**
300 * tee_get_drvdata() - Return driver_data pointer
301 * @returns the driver_data pointer supplied to tee_register().
302 */
303 void *tee_get_drvdata(struct tee_device *teedev);
304
305 /**
306 * tee_shm_alloc() - Allocate shared memory
307 * @ctx: Context that allocates the shared memory
308 * @size: Requested size of shared memory
309 * @flags: Flags setting properties for the requested shared memory.
310 *
311 * Memory allocated as global shared memory is automatically freed when the
312 * TEE file pointer is closed. The @flags field uses the bits defined by
313 * TEE_SHM_* above. TEE_SHM_MAPPED must currently always be set. If
314 * TEE_SHM_DMA_BUF global shared memory will be allocated and associated
315 * with a dma-buf handle, else driver private memory.
316 *
317 * @returns a pointer to 'struct tee_shm'
318 */
319 struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags);
320
321 /**
322 * tee_shm_priv_alloc() - Allocate shared memory privately
323 * @dev: Device that allocates the shared memory
324 * @size: Requested size of shared memory
325 *
326 * Allocates shared memory buffer that is not associated with any client
327 * context. Such buffers are owned by TEE driver and used for internal calls.
328 *
329 * @returns a pointer to 'struct tee_shm'
330 */
331 struct tee_shm *tee_shm_priv_alloc(struct tee_device *teedev, size_t size);
332
333 /**
334 * tee_shm_register() - Register shared memory buffer
335 * @ctx: Context that registers the shared memory
336 * @addr: Address is userspace of the shared buffer
337 * @length: Length of the shared buffer
338 * @flags: Flags setting properties for the requested shared memory.
339 *
340 * @returns a pointer to 'struct tee_shm'
341 */
342 struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
343 size_t length, u32 flags);
344
345 /**
346 * tee_shm_is_registered() - Check if shared memory object in registered in TEE
347 * @shm: Shared memory handle
348 * @returns true if object is registered in TEE
349 */
350 static inline bool tee_shm_is_registered(struct tee_shm *shm)
351 {
352 return shm && (shm->flags & TEE_SHM_REGISTER);
353 }
354
355 /**
356 * tee_shm_free() - Free shared memory
357 * @shm: Handle to shared memory to free
358 */
359 void tee_shm_free(struct tee_shm *shm);
360
361 /**
362 * tee_shm_put() - Decrease reference count on a shared memory handle
363 * @shm: Shared memory handle
364 */
365 void tee_shm_put(struct tee_shm *shm);
366
367 /**
368 * tee_shm_va2pa() - Get physical address of a virtual address
369 * @shm: Shared memory handle
370 * @va: Virtual address to tranlsate
371 * @pa: Returned physical address
372 * @returns 0 on success and < 0 on failure
373 */
374 int tee_shm_va2pa(struct tee_shm *shm, void *va, phys_addr_t *pa);
375
376 /**
377 * tee_shm_pa2va() - Get virtual address of a physical address
378 * @shm: Shared memory handle
379 * @pa: Physical address to tranlsate
380 * @va: Returned virtual address
381 * @returns 0 on success and < 0 on failure
382 */
383 int tee_shm_pa2va(struct tee_shm *shm, phys_addr_t pa, void **va);
384
385 /**
386 * tee_shm_get_va() - Get virtual address of a shared memory plus an offset
387 * @shm: Shared memory handle
388 * @offs: Offset from start of this shared memory
389 * @returns virtual address of the shared memory + offs if offs is within
390 * the bounds of this shared memory, else an ERR_PTR
391 */
392 void *tee_shm_get_va(struct tee_shm *shm, size_t offs);
393
394 /**
395 * tee_shm_get_pa() - Get physical address of a shared memory plus an offset
396 * @shm: Shared memory handle
397 * @offs: Offset from start of this shared memory
398 * @pa: Physical address to return
399 * @returns 0 if offs is within the bounds of this shared memory, else an
400 * error code.
401 */
402 int tee_shm_get_pa(struct tee_shm *shm, size_t offs, phys_addr_t *pa);
403
404 /**
405 * tee_shm_get_size() - Get size of shared memory buffer
406 * @shm: Shared memory handle
407 * @returns size of shared memory
408 */
409 static inline size_t tee_shm_get_size(struct tee_shm *shm)
410 {
411 return shm->size;
412 }
413
414 /**
415 * tee_shm_get_pages() - Get list of pages that hold shared buffer
416 * @shm: Shared memory handle
417 * @num_pages: Number of pages will be stored there
418 * @returns pointer to pages array
419 */
420 static inline struct page **tee_shm_get_pages(struct tee_shm *shm,
421 size_t *num_pages)
422 {
423 *num_pages = shm->num_pages;
424 return shm->pages;
425 }
426
427 /**
428 * tee_shm_get_page_offset() - Get shared buffer offset from page start
429 * @shm: Shared memory handle
430 * @returns page offset of shared buffer
431 */
432 static inline size_t tee_shm_get_page_offset(struct tee_shm *shm)
433 {
434 return shm->offset;
435 }
436
437 /**
438 * tee_shm_get_id() - Get id of a shared memory object
439 * @shm: Shared memory handle
440 * @returns id
441 */
442 static inline int tee_shm_get_id(struct tee_shm *shm)
443 {
444 return shm->id;
445 }
446
447 /**
448 * tee_shm_get_from_id() - Find shared memory object and increase reference
449 * count
450 * @ctx: Context owning the shared memory
451 * @id: Id of shared memory object
452 * @returns a pointer to 'struct tee_shm' on success or an ERR_PTR on failure
453 */
454 struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id);
455
456 /**
457 * tee_client_open_context() - Open a TEE context
458 * @start: if not NULL, continue search after this context
459 * @match: function to check TEE device
460 * @data: data for match function
461 * @vers: if not NULL, version data of TEE device of the context returned
462 *
463 * This function does an operation similar to open("/dev/teeX") in user space.
464 * A returned context must be released with tee_client_close_context().
465 *
466 * Returns a TEE context of the first TEE device matched by the match()
467 * callback or an ERR_PTR.
468 */
469 struct tee_context *
470 tee_client_open_context(struct tee_context *start,
471 int (*match)(struct tee_ioctl_version_data *,
472 const void *),
473 const void *data, struct tee_ioctl_version_data *vers);
474
475 /**
476 * tee_client_close_context() - Close a TEE context
477 * @ctx: TEE context to close
478 *
479 * Note that all sessions previously opened with this context will be
480 * closed when this function is called.
481 */
482 void tee_client_close_context(struct tee_context *ctx);
483
484 /**
485 * tee_client_get_version() - Query version of TEE
486 * @ctx: TEE context to TEE to query
487 * @vers: Pointer to version data
488 */
489 void tee_client_get_version(struct tee_context *ctx,
490 struct tee_ioctl_version_data *vers);
491
492 /**
493 * tee_client_open_session() - Open a session to a Trusted Application
494 * @ctx: TEE context
495 * @arg: Open session arguments, see description of
496 * struct tee_ioctl_open_session_arg
497 * @param: Parameters passed to the Trusted Application
498 *
499 * Returns < 0 on error else see @arg->ret for result. If @arg->ret
500 * is TEEC_SUCCESS the session identifier is available in @arg->session.
501 */
502 int tee_client_open_session(struct tee_context *ctx,
503 struct tee_ioctl_open_session_arg *arg,
504 struct tee_param *param);
505
506 /**
507 * tee_client_close_session() - Close a session to a Trusted Application
508 * @ctx: TEE Context
509 * @session: Session id
510 *
511 * Return < 0 on error else 0, regardless the session will not be
512 * valid after this function has returned.
513 */
514 int tee_client_close_session(struct tee_context *ctx, u32 session);
515
516 /**
517 * tee_client_invoke_func() - Invoke a function in a Trusted Application
518 * @ctx: TEE Context
519 * @arg: Invoke arguments, see description of
520 * struct tee_ioctl_invoke_arg
521 * @param: Parameters passed to the Trusted Application
522 *
523 * Returns < 0 on error else see @arg->ret for result.
524 */
525 int tee_client_invoke_func(struct tee_context *ctx,
526 struct tee_ioctl_invoke_arg *arg,
527 struct tee_param *param);
528
529 /**
530 * tee_client_cancel_req() - Request cancellation of the previous open-session
531 * or invoke-command operations in a Trusted Application
532 * @ctx: TEE Context
533 * @arg: Cancellation arguments, see description of
534 * struct tee_ioctl_cancel_arg
535 *
536 * Returns < 0 on error else 0 if the cancellation was successfully requested.
537 */
538 int tee_client_cancel_req(struct tee_context *ctx,
539 struct tee_ioctl_cancel_arg *arg);
540
541 static inline bool tee_param_is_memref(struct tee_param *param)
542 {
543 switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
544 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
545 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
546 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
547 return true;
548 default:
549 return false;
550 }
551 }
552
553 extern struct bus_type tee_bus_type;
554
555 /**
556 * struct tee_client_device - tee based device
557 * @id: device identifier
558 * @dev: device structure
559 */
560 struct tee_client_device {
561 struct tee_client_device_id id;
562 struct device dev;
563 };
564
565 #define to_tee_client_device(d) container_of(d, struct tee_client_device, dev)
566
567 /**
568 * struct tee_client_driver - tee client driver
569 * @id_table: device id table supported by this driver
570 * @driver: driver structure
571 */
572 struct tee_client_driver {
573 const struct tee_client_device_id *id_table;
574 struct device_driver driver;
575 };
576
577 #define to_tee_client_driver(d) \
578 container_of(d, struct tee_client_driver, driver)
579
580 #endif /*__TEE_DRV_H*/