| /* |
| * Copyright (c) 2015, Linaro Limited |
| * |
| * This software is licensed under the terms of the GNU General Public |
| * License version 2, as published by the Free Software Foundation, and |
| * may be copied, distributed, and modified under those terms. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| */ |
| #include <linux/device.h> |
| #include <linux/slab.h> |
| #include <linux/uaccess.h> |
| #include "optee_private.h" |
| |
| void optee_supp_init(struct optee_supp *supp) |
| { |
| memset(supp, 0, sizeof(*supp)); |
| mutex_init(&supp->ctx_mutex); |
| mutex_init(&supp->thrd_mutex); |
| mutex_init(&supp->supp_mutex); |
| init_completion(&supp->data_to_supp); |
| init_completion(&supp->data_from_supp); |
| } |
| |
| void optee_supp_uninit(struct optee_supp *supp) |
| { |
| mutex_destroy(&supp->ctx_mutex); |
| mutex_destroy(&supp->thrd_mutex); |
| mutex_destroy(&supp->supp_mutex); |
| } |
| |
| /** |
| * optee_supp_thrd_req() - request service from supplicant |
| * @ctx: context doing the request |
| * @func: function requested |
| * @num_params: number of elements in @param array |
| * @param: parameters for function |
| * |
| * Returns result of operation to be passed to secure world |
| */ |
| u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, |
| struct tee_param *param) |
| { |
| bool interruptable; |
| struct optee *optee = tee_get_drvdata(ctx->teedev); |
| struct optee_supp *supp = &optee->supp; |
| u32 ret; |
| |
| /* |
| * Other threads blocks here until we've copied our answer from |
| * supplicant. |
| */ |
| while (mutex_lock_interruptible(&supp->thrd_mutex)) { |
| /* See comment below on when the RPC can be interrupted. */ |
| mutex_lock(&supp->ctx_mutex); |
| interruptable = !supp->ctx; |
| mutex_unlock(&supp->ctx_mutex); |
| if (interruptable) |
| return TEEC_ERROR_COMMUNICATION; |
| } |
| |
| /* |
| * We have exclusive access now since the supplicant at this |
| * point is either doing a |
| * wait_for_completion_interruptible(&supp->data_to_supp) or is in |
| * userspace still about to do the ioctl() to enter |
| * optee_supp_recv() below. |
| */ |
| |
| supp->func = func; |
| supp->num_params = num_params; |
| supp->param = param; |
| supp->req_posted = true; |
| |
| /* Let supplicant get the data */ |
| complete(&supp->data_to_supp); |
| |
| /* |
| * Wait for supplicant to process and return result, once we've |
| * returned from wait_for_completion(data_from_supp) we have |
| * exclusive access again. |
| */ |
| while (wait_for_completion_interruptible(&supp->data_from_supp)) { |
| mutex_lock(&supp->ctx_mutex); |
| interruptable = !supp->ctx; |
| if (interruptable) { |
| /* |
| * There's no supplicant available and since the |
| * supp->ctx_mutex currently is held none can |
| * become available until the mutex released |
| * again. |
| * |
| * Interrupting an RPC to supplicant is only |
| * allowed as a way of slightly improving the user |
| * experience in case the supplicant hasn't been |
| * started yet. During normal operation the supplicant |
| * will serve all requests in a timely manner and |
| * interrupting then wouldn't make sense. |
| */ |
| supp->ret = TEEC_ERROR_COMMUNICATION; |
| init_completion(&supp->data_to_supp); |
| } |
| mutex_unlock(&supp->ctx_mutex); |
| if (interruptable) |
| break; |
| } |
| |
| ret = supp->ret; |
| supp->param = NULL; |
| supp->req_posted = false; |
| |
| /* We're done, let someone else talk to the supplicant now. */ |
| mutex_unlock(&supp->thrd_mutex); |
| |
| return ret; |
| } |
| |
| /** |
| * optee_supp_recv() - receive request for supplicant |
| * @ctx: context receiving the request |
| * @func: requested function in supplicant |
| * @num_params: number of elements allocated in @param, updated with number |
| * used elements |
| * @param: space for parameters for @func |
| * |
| * Returns 0 on success or <0 on failure |
| */ |
| int optee_supp_recv(struct tee_context *ctx, u32 *func, u32 *num_params, |
| struct tee_param *param) |
| { |
| struct tee_device *teedev = ctx->teedev; |
| struct optee *optee = tee_get_drvdata(teedev); |
| struct optee_supp *supp = &optee->supp; |
| int rc; |
| |
| /* |
| * In case two threads in one supplicant is calling this function |
| * simultaneously we need to protect the data with a mutex which |
| * we'll release before returning. |
| */ |
| mutex_lock(&supp->supp_mutex); |
| |
| if (supp->supp_next_send) { |
| /* |
| * optee_supp_recv() has been called again without |
| * a optee_supp_send() in between. Supplicant has |
| * probably been restarted before it was able to |
| * write back last result. Abort last request and |
| * wait for a new. |
| */ |
| if (supp->req_posted) { |
| supp->ret = TEEC_ERROR_COMMUNICATION; |
| supp->supp_next_send = false; |
| complete(&supp->data_from_supp); |
| } |
| } |
| |
| /* |
| * This is where supplicant will be hanging most of the |
| * time, let's make this interruptable so we can easily |
| * restart supplicant if needed. |
| */ |
| if (wait_for_completion_interruptible(&supp->data_to_supp)) { |
| rc = -ERESTARTSYS; |
| goto out; |
| } |
| |
| /* We have exlusive access to the data */ |
| |
| if (*num_params < supp->num_params) { |
| /* |
| * Not enough room for parameters, tell supplicant |
| * it failed and abort last request. |
| */ |
| supp->ret = TEEC_ERROR_COMMUNICATION; |
| rc = -EINVAL; |
| complete(&supp->data_from_supp); |
| goto out; |
| } |
| |
| *func = supp->func; |
| *num_params = supp->num_params; |
| memcpy(param, supp->param, |
| sizeof(struct tee_param) * supp->num_params); |
| |
| /* Allow optee_supp_send() below to do its work */ |
| supp->supp_next_send = true; |
| |
| rc = 0; |
| out: |
| mutex_unlock(&supp->supp_mutex); |
| return rc; |
| } |
| |
| /** |
| * optee_supp_send() - send result of request from supplicant |
| * @ctx: context sending result |
| * @ret: return value of request |
| * @num_params: number of parameters returned |
| * @param: returned parameters |
| * |
| * Returns 0 on success or <0 on failure. |
| */ |
| int optee_supp_send(struct tee_context *ctx, u32 ret, u32 num_params, |
| struct tee_param *param) |
| { |
| struct tee_device *teedev = ctx->teedev; |
| struct optee *optee = tee_get_drvdata(teedev); |
| struct optee_supp *supp = &optee->supp; |
| size_t n; |
| int rc = 0; |
| |
| /* |
| * We still have exclusive access to the data since that's how we |
| * left it when returning from optee_supp_read(). |
| */ |
| |
| /* See comment on mutex in optee_supp_read() above */ |
| mutex_lock(&supp->supp_mutex); |
| |
| if (!supp->supp_next_send) { |
| /* |
| * Something strange is going on, supplicant shouldn't |
| * enter optee_supp_send() in this state |
| */ |
| rc = -ENOENT; |
| goto out; |
| } |
| |
| if (num_params != supp->num_params) { |
| /* |
| * Something is wrong, let supplicant restart. Next call to |
| * optee_supp_recv() will give an error to the requesting |
| * thread and release it. |
| */ |
| rc = -EINVAL; |
| goto out; |
| } |
| |
| /* Update out and in/out parameters */ |
| for (n = 0; n < num_params; n++) { |
| struct tee_param *p = supp->param + n; |
| |
| switch (p->attr) { |
| case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT: |
| case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT: |
| p->u.value.a = param[n].u.value.a; |
| p->u.value.b = param[n].u.value.b; |
| p->u.value.c = param[n].u.value.c; |
| break; |
| case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: |
| case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: |
| p->u.memref.size = param[n].u.memref.size; |
| break; |
| default: |
| break; |
| } |
| } |
| supp->ret = ret; |
| |
| /* Allow optee_supp_recv() above to do its work */ |
| supp->supp_next_send = false; |
| |
| /* Let the requesting thread continue */ |
| complete(&supp->data_from_supp); |
| out: |
| mutex_unlock(&supp->supp_mutex); |
| return rc; |
| } |
