1/*
2 * Copyright (c) 2015-2016, Linaro Limited
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15#ifndef __TEE_DRV_H
16#define __TEE_DRV_H
17
18#include <linux/device.h>
19#include <linux/idr.h>
20#include <linux/kref.h>
21#include <linux/list.h>
22#include <linux/mod_devicetable.h>
23#include <linux/tee.h>
24#include <linux/types.h>
25#include <linux/uuid.h>
26
27/*
28 * The file describes the API provided by the generic TEE driver to the
29 * specific TEE driver.
30 */
31
32#define TEE_SHM_MAPPED BIT(0) /* Memory mapped by the kernel */
33#define TEE_SHM_DMA_BUF BIT(1) /* Memory with dma-buf handle */
34#define TEE_SHM_EXT_DMA_BUF BIT(2) /* Memory with dma-buf handle */
35#define TEE_SHM_REGISTER BIT(3) /* Memory registered in secure world */
36#define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */
37#define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */
38
39struct device;
40struct tee_device;
41struct tee_shm;
42struct tee_shm_pool;
43
44/**
45 * struct tee_context - driver specific context on file pointer data
46 * @teedev: pointer to this drivers struct tee_device
47 * @list_shm: List of shared memory object owned by this context
48 * @data: driver specific context data, managed by the driver
49 * @refcount: reference counter for this structure
50 * @releasing: flag that indicates if context is being released right now.
51 * It is needed to break circular dependency on context during
52 * shared memory release.
53 * @supp_nowait: flag that indicates that requests in this context should not
54 * wait for tee-supplicant daemon to be started if not present
55 * and just return with an error code. It is needed for requests
56 * that arises from TEE based kernel drivers that should be
57 * non-blocking in nature.
58 */
59struct tee_context {
60 struct tee_device *teedev;
61 struct list_head list_shm;
62 void *data;
63 struct kref refcount;
64 bool releasing;
65 bool supp_nowait;
66};
67
68struct tee_param_memref {
69 size_t shm_offs;
70 size_t size;
71 struct tee_shm *shm;
72};
73
74struct tee_param_value {
75 u64 a;
76 u64 b;
77 u64 c;
78};
79
80struct tee_param {
81 u64 attr;
82 union {
83 struct tee_param_memref memref;
84 struct tee_param_value value;
85 } u;
86};
87
88/**
89 * struct tee_driver_ops - driver operations vtable
90 * @get_version: returns version of driver
91 * @open: called when the device file is opened
92 * @release: release this open file
93 * @open_session: open a new session
94 * @close_session: close a session
95 * @invoke_func: invoke a trusted function
96 * @cancel_req: request cancel of an ongoing invoke or open
97 * @supp_revc: called for supplicant to get a command
98 * @supp_send: called for supplicant to send a response
99 * @shm_register: register shared memory buffer in TEE
100 * @shm_unregister: unregister shared memory buffer in TEE
101 */
102struct tee_driver_ops {
103 void (*get_version)(struct tee_device *teedev,
104 struct tee_ioctl_version_data *vers);
105 int (*open)(struct tee_context *ctx);
106 void (*release)(struct tee_context *ctx);
107 int (*open_session)(struct tee_context *ctx,
108 struct tee_ioctl_open_session_arg *arg,
109 struct tee_param *param);
110 int (*close_session)(struct tee_context *ctx, u32 session);
111 int (*invoke_func)(struct tee_context *ctx,
112 struct tee_ioctl_invoke_arg *arg,
113 struct tee_param *param);
114 int (*cancel_req)(struct tee_context *ctx, u32 cancel_id, u32 session);
115 int (*supp_recv)(struct tee_context *ctx, u32 *func, u32 *num_params,
116 struct tee_param *param);
117 int (*supp_send)(struct tee_context *ctx, u32 ret, u32 num_params,
118 struct tee_param *param);
119 int (*shm_register)(struct tee_context *ctx, struct tee_shm *shm,
120 struct page **pages, size_t num_pages,
121 unsigned long start);
122 int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm);
123};
124
125/**
126 * struct tee_desc - Describes the TEE driver to the subsystem
127 * @name: name of driver
128 * @ops: driver operations vtable
129 * @owner: module providing the driver
130 * @flags: Extra properties of driver, defined by TEE_DESC_* below
131 */
132#define TEE_DESC_PRIVILEGED 0x1
133struct tee_desc {
134 const char *name;
135 const struct tee_driver_ops *ops;
136 struct module *owner;
137 u32 flags;
138};
139
140/**
141 * tee_device_alloc() - Allocate a new struct tee_device instance
142 * @teedesc: Descriptor for this driver
143 * @dev: Parent device for this device
144 * @pool: Shared memory pool, NULL if not used
145 * @driver_data: Private driver data for this device
146 *
147 * Allocates a new struct tee_device instance. The device is
148 * removed by tee_device_unregister().
149 *
150 * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
151 */
152struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
153 struct device *dev,
154 struct tee_shm_pool *pool,
155 void *driver_data);
156
157/**
158 * tee_device_register() - Registers a TEE device
159 * @teedev: Device to register
160 *
161 * tee_device_unregister() need to be called to remove the @teedev if
162 * this function fails.
163 *
164 * @returns < 0 on failure
165 */
166int tee_device_register(struct tee_device *teedev);
167
168/**
169 * tee_device_unregister() - Removes a TEE device
170 * @teedev: Device to unregister
171 *
172 * This function should be called to remove the @teedev even if
173 * tee_device_register() hasn't been called yet. Does nothing if
174 * @teedev is NULL.
175 */
176void tee_device_unregister(struct tee_device *teedev);
177
178/**
179 * struct tee_shm - shared memory object
180 * @teedev: device used to allocate the object
181 * @ctx: context using the object, if NULL the context is gone
182 * @link link element
183 * @paddr: physical address of the shared memory
184 * @kaddr: virtual address of the shared memory
185 * @size: size of shared memory
186 * @offset: offset of buffer in user space
187 * @pages: locked pages from userspace
188 * @num_pages: number of locked pages
189 * @dmabuf: dmabuf used to for exporting to user space
190 * @flags: defined by TEE_SHM_* in tee_drv.h
191 * @id: unique id of a shared memory object on this device
192 *
193 * This pool is only supposed to be accessed directly from the TEE
194 * subsystem and from drivers that implements their own shm pool manager.
195 */
196struct tee_shm {
197 struct tee_device *teedev;
198 struct tee_context *ctx;
199 struct list_head link;
200 phys_addr_t paddr;
201 void *kaddr;
202 size_t size;
203 unsigned int offset;
204 struct page **pages;
205 size_t num_pages;
206 struct dma_buf *dmabuf;
207 u32 flags;
208 int id;
209};
210
211/**
212 * struct tee_shm_pool_mgr - shared memory manager
213 * @ops: operations
214 * @private_data: private data for the shared memory manager
215 */
216struct tee_shm_pool_mgr {
217 const struct tee_shm_pool_mgr_ops *ops;
218 void *private_data;
219};
220
221/**
222 * struct tee_shm_pool_mgr_ops - shared memory pool manager operations
223 * @alloc: called when allocating shared memory
224 * @free: called when freeing shared memory
225 * @destroy_poolmgr: called when destroying the pool manager
226 */
227struct tee_shm_pool_mgr_ops {
228 int (*alloc)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm,
229 size_t size);
230 void (*free)(struct tee_shm_pool_mgr *poolmgr, struct tee_shm *shm);
231 void (*destroy_poolmgr)(struct tee_shm_pool_mgr *poolmgr);
232};
233
234/**
235 * tee_shm_pool_alloc() - Create a shared memory pool from shm managers
236 * @priv_mgr: manager for driver private shared memory allocations
237 * @dmabuf_mgr: manager for dma-buf shared memory allocations
238 *
239 * Allocation with the flag TEE_SHM_DMA_BUF set will use the range supplied
240 * in @dmabuf, others will use the range provided by @priv.
241 *
242 * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure.
243 */
244struct tee_shm_pool *tee_shm_pool_alloc(struct tee_shm_pool_mgr *priv_mgr,
245 struct tee_shm_pool_mgr *dmabuf_mgr);
246
247/*
248 * tee_shm_pool_mgr_alloc_res_mem() - Create a shm manager for reserved
249 * memory
250 * @vaddr: Virtual address of start of pool
251 * @paddr: Physical address of start of pool
252 * @size: Size in bytes of the pool
253 *
254 * @returns pointer to a 'struct tee_shm_pool_mgr' or an ERR_PTR on failure.
255 */
256struct tee_shm_pool_mgr *tee_shm_pool_mgr_alloc_res_mem(unsigned long vaddr,
257 phys_addr_t paddr,
258 size_t size,
259 int min_alloc_order);
260
261/**
262 * tee_shm_pool_mgr_destroy() - Free a shared memory manager
263 */
264static inline void tee_shm_pool_mgr_destroy(struct tee_shm_pool_mgr *poolm)
265{
266 poolm->ops->destroy_poolmgr(poolm);
267}
268
269/**
270 * struct tee_shm_pool_mem_info - holds information needed to create a shared
271 * memory pool
272 * @vaddr: Virtual address of start of pool
273 * @paddr: Physical address of start of pool
274 * @size: Size in bytes of the pool
275 */
276struct tee_shm_pool_mem_info {
277 unsigned long vaddr;
278 phys_addr_t paddr;
279 size_t size;
280};
281
282/**
283 * tee_shm_pool_alloc_res_mem() - Create a shared memory pool from reserved
284 * memory range
285 * @priv_info: Information for driver private shared memory pool
286 * @dmabuf_info: Information for dma-buf shared memory pool
287 *
288 * Start and end of pools will must be page aligned.
289 *
290 * Allocation with the flag TEE_SHM_DMA_BUF set will use the range supplied
291 * in @dmabuf, others will use the range provided by @priv.
292 *
293 * @returns pointer to a 'struct tee_shm_pool' or an ERR_PTR on failure.
294 */
295struct tee_shm_pool *
296tee_shm_pool_alloc_res_mem(struct tee_shm_pool_mem_info *priv_info,
297 struct tee_shm_pool_mem_info *dmabuf_info);
298
299/**
300 * tee_shm_pool_free() - Free a shared memory pool
301 * @pool: The shared memory pool to free
302 *
303 * The must be no remaining shared memory allocated from this pool when
304 * this function is called.
305 */
306void tee_shm_pool_free(struct tee_shm_pool *pool);
307
308/**
309 * tee_get_drvdata() - Return driver_data pointer
310 * @returns the driver_data pointer supplied to tee_register().
311 */
312void *tee_get_drvdata(struct tee_device *teedev);
313
314/**
315 * tee_shm_alloc() - Allocate shared memory
316 * @ctx: Context that allocates the shared memory
317 * @size: Requested size of shared memory
318 * @flags: Flags setting properties for the requested shared memory.
319 *
320 * Memory allocated as global shared memory is automatically freed when the
321 * TEE file pointer is closed. The @flags field uses the bits defined by
322 * TEE_SHM_* above. TEE_SHM_MAPPED must currently always be set. If
323 * TEE_SHM_DMA_BUF global shared memory will be allocated and associated
324 * with a dma-buf handle, else driver private memory.
325 *
326 * @returns a pointer to 'struct tee_shm'
327 */
328struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags);
329
330/**
331 * tee_shm_priv_alloc() - Allocate shared memory privately
332 * @dev: Device that allocates the shared memory
333 * @size: Requested size of shared memory
334 *
335 * Allocates shared memory buffer that is not associated with any client
336 * context. Such buffers are owned by TEE driver and used for internal calls.
337 *
338 * @returns a pointer to 'struct tee_shm'
339 */
340struct tee_shm *tee_shm_priv_alloc(struct tee_device *teedev, size_t size);
341
342/**
343 * tee_shm_register() - Register shared memory buffer
344 * @ctx: Context that registers the shared memory
345 * @addr: Address is userspace of the shared buffer
346 * @length: Length of the shared buffer
347 * @flags: Flags setting properties for the requested shared memory.
348 *
349 * @returns a pointer to 'struct tee_shm'
350 */
351struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
352 size_t length, u32 flags);
353
354/**
355 * tee_shm_is_registered() - Check if shared memory object in registered in TEE
356 * @shm: Shared memory handle
357 * @returns true if object is registered in TEE
358 */
359static inline bool tee_shm_is_registered(struct tee_shm *shm)
360{
361 return shm && (shm->flags & TEE_SHM_REGISTER);
362}
363
364/**
365 * tee_shm_free() - Free shared memory
366 * @shm: Handle to shared memory to free
367 */
368void tee_shm_free(struct tee_shm *shm);
369
370/**
371 * tee_shm_put() - Decrease reference count on a shared memory handle
372 * @shm: Shared memory handle
373 */
374void tee_shm_put(struct tee_shm *shm);
375
376/**
377 * tee_shm_va2pa() - Get physical address of a virtual address
378 * @shm: Shared memory handle
379 * @va: Virtual address to tranlsate
380 * @pa: Returned physical address
381 * @returns 0 on success and < 0 on failure
382 */
383int tee_shm_va2pa(struct tee_shm *shm, void *va, phys_addr_t *pa);
384
385/**
386 * tee_shm_pa2va() - Get virtual address of a physical address
387 * @shm: Shared memory handle
388 * @pa: Physical address to tranlsate
389 * @va: Returned virtual address
390 * @returns 0 on success and < 0 on failure
391 */
392int tee_shm_pa2va(struct tee_shm *shm, phys_addr_t pa, void **va);
393
394/**
395 * tee_shm_get_va() - Get virtual address of a shared memory plus an offset
396 * @shm: Shared memory handle
397 * @offs: Offset from start of this shared memory
398 * @returns virtual address of the shared memory + offs if offs is within
399 * the bounds of this shared memory, else an ERR_PTR
400 */
401void *tee_shm_get_va(struct tee_shm *shm, size_t offs);
402
403/**
404 * tee_shm_get_pa() - Get physical address of a shared memory plus an offset
405 * @shm: Shared memory handle
406 * @offs: Offset from start of this shared memory
407 * @pa: Physical address to return
408 * @returns 0 if offs is within the bounds of this shared memory, else an
409 * error code.
410 */
411int tee_shm_get_pa(struct tee_shm *shm, size_t offs, phys_addr_t *pa);
412
413/**
414 * tee_shm_get_size() - Get size of shared memory buffer
415 * @shm: Shared memory handle
416 * @returns size of shared memory
417 */
418static inline size_t tee_shm_get_size(struct tee_shm *shm)
419{
420 return shm->size;
421}
422
423/**
424 * tee_shm_get_pages() - Get list of pages that hold shared buffer
425 * @shm: Shared memory handle
426 * @num_pages: Number of pages will be stored there
427 * @returns pointer to pages array
428 */
429static inline struct page **tee_shm_get_pages(struct tee_shm *shm,
430 size_t *num_pages)
431{
432 *num_pages = shm->num_pages;
433 return shm->pages;
434}
435
436/**
437 * tee_shm_get_page_offset() - Get shared buffer offset from page start
438 * @shm: Shared memory handle
439 * @returns page offset of shared buffer
440 */
441static inline size_t tee_shm_get_page_offset(struct tee_shm *shm)
442{
443 return shm->offset;
444}
445
446/**
447 * tee_shm_get_id() - Get id of a shared memory object
448 * @shm: Shared memory handle
449 * @returns id
450 */
451static inline int tee_shm_get_id(struct tee_shm *shm)
452{
453 return shm->id;
454}
455
456/**
457 * tee_shm_get_from_id() - Find shared memory object and increase reference
458 * count
459 * @ctx: Context owning the shared memory
460 * @id: Id of shared memory object
461 * @returns a pointer to 'struct tee_shm' on success or an ERR_PTR on failure
462 */
463struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id);
464
465/**
466 * tee_client_open_context() - Open a TEE context
467 * @start: if not NULL, continue search after this context
468 * @match: function to check TEE device
469 * @data: data for match function
470 * @vers: if not NULL, version data of TEE device of the context returned
471 *
472 * This function does an operation similar to open("/dev/teeX") in user space.
473 * A returned context must be released with tee_client_close_context().
474 *
475 * Returns a TEE context of the first TEE device matched by the match()
476 * callback or an ERR_PTR.
477 */
478struct tee_context *
479tee_client_open_context(struct tee_context *start,
480 int (*match)(struct tee_ioctl_version_data *,
481 const void *),
482 const void *data, struct tee_ioctl_version_data *vers);
483
484/**
485 * tee_client_close_context() - Close a TEE context
486 * @ctx: TEE context to close
487 *
488 * Note that all sessions previously opened with this context will be
489 * closed when this function is called.
490 */
491void tee_client_close_context(struct tee_context *ctx);
492
493/**
494 * tee_client_get_version() - Query version of TEE
495 * @ctx: TEE context to TEE to query
496 * @vers: Pointer to version data
497 */
498void tee_client_get_version(struct tee_context *ctx,
499 struct tee_ioctl_version_data *vers);
500
501/**
502 * tee_client_open_session() - Open a session to a Trusted Application
503 * @ctx: TEE context
504 * @arg: Open session arguments, see description of
505 * struct tee_ioctl_open_session_arg
506 * @param: Parameters passed to the Trusted Application
507 *
508 * Returns < 0 on error else see @arg->ret for result. If @arg->ret
509 * is TEEC_SUCCESS the session identifier is available in @arg->session.
510 */
511int tee_client_open_session(struct tee_context *ctx,
512 struct tee_ioctl_open_session_arg *arg,
513 struct tee_param *param);
514
515/**
516 * tee_client_close_session() - Close a session to a Trusted Application
517 * @ctx: TEE Context
518 * @session: Session id
519 *
520 * Return < 0 on error else 0, regardless the session will not be
521 * valid after this function has returned.
522 */
523int tee_client_close_session(struct tee_context *ctx, u32 session);
524
525/**
526 * tee_client_invoke_func() - Invoke a function in a Trusted Application
527 * @ctx: TEE Context
528 * @arg: Invoke arguments, see description of
529 * struct tee_ioctl_invoke_arg
530 * @param: Parameters passed to the Trusted Application
531 *
532 * Returns < 0 on error else see @arg->ret for result.
533 */
534int tee_client_invoke_func(struct tee_context *ctx,
535 struct tee_ioctl_invoke_arg *arg,
536 struct tee_param *param);
537
538/**
539 * tee_client_cancel_req() - Request cancellation of the previous open-session
540 * or invoke-command operations in a Trusted Application
541 * @ctx: TEE Context
542 * @arg: Cancellation arguments, see description of
543 * struct tee_ioctl_cancel_arg
544 *
545 * Returns < 0 on error else 0 if the cancellation was successfully requested.
546 */
547int tee_client_cancel_req(struct tee_context *ctx,
548 struct tee_ioctl_cancel_arg *arg);
549
550static inline bool tee_param_is_memref(struct tee_param *param)
551{
552 switch (param->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
553 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
554 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
555 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
556 return true;
557 default:
558 return false;
559 }
560}
561
562extern struct bus_type tee_bus_type;
563
564/**
565 * struct tee_client_device - tee based device
566 * @id: device identifier
567 * @dev: device structure
568 */
569struct tee_client_device {
570 struct tee_client_device_id id;
571 struct device dev;
572};
573
574#define to_tee_client_device(d) container_of(d, struct tee_client_device, dev)
575
576/**
577 * struct tee_client_driver - tee client driver
578 * @id_table: device id table supported by this driver
579 * @driver: driver structure
580 */
581struct tee_client_driver {
582 const struct tee_client_device_id *id_table;
583 struct device_driver driver;
584};
585
586#define to_tee_client_driver(d) \
587 container_of(d, struct tee_client_driver, driver)
588
589#endif /*__TEE_DRV_H*/
590