blob: bb3c0a5b68aafbaabf065900ff1c6acf9a25bc9b [file] [log] [blame]
/*
* QTI Secure Execution Environment Communicator (QSEECOM) driver
*
* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
* only version 2 as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#define pr_fmt(fmt) "QSEECOM: %s: " fmt, __func__
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/module.h>
#include <linux/fs.h>
#include <linux/platform_device.h>
#include <linux/debugfs.h>
#include <linux/cdev.h>
#include <linux/uaccess.h>
#include <linux/sched.h>
#include <linux/list.h>
#include <linux/mutex.h>
#include <linux/io.h>
#include <linux/msm_ion.h>
#include <linux/types.h>
#include <linux/clk.h>
#include <linux/qseecom.h>
#include <linux/elf.h>
#include <linux/firmware.h>
#include <linux/freezer.h>
#include <linux/scatterlist.h>
#include <linux/regulator/consumer.h>
#include <linux/dma-mapping.h>
#include <soc/qcom/subsystem_restart.h>
#include <soc/qcom/scm.h>
#include <soc/qcom/socinfo.h>
#include <linux/msm-bus.h>
#include <linux/msm-bus-board.h>
#include <soc/qcom/qseecomi.h>
#include <asm/cacheflush.h>
#include "qseecom_kernel.h"
#include <crypto/ice.h>
#include <linux/delay.h>
#include <linux/compat.h>
#include "compat_qseecom.h"
#include <linux/kthread.h>
#define QSEECOM_DEV "qseecom"
#define QSEOS_VERSION_14 0x14
#define QSEEE_VERSION_00 0x400000
#define QSEE_VERSION_01 0x401000
#define QSEE_VERSION_02 0x402000
#define QSEE_VERSION_03 0x403000
#define QSEE_VERSION_04 0x404000
#define QSEE_VERSION_05 0x405000
#define QSEE_VERSION_20 0x800000
#define QSEE_VERSION_40 0x1000000 /* TZ.BF.4.0 */
#define QSEE_CE_CLK_100MHZ 100000000
#define CE_CLK_DIV 1000000
#define QSEECOM_MAX_SG_ENTRY 512
#define QSEECOM_SG_ENTRY_MSG_BUF_SZ_64BIT \
(QSEECOM_MAX_SG_ENTRY * SG_ENTRY_SZ_64BIT)
#define QSEECOM_INVALID_KEY_ID 0xff
/* Save partition image hash for authentication check */
#define SCM_SAVE_PARTITION_HASH_ID 0x01
/* Check if enterprise security is activate */
#define SCM_IS_ACTIVATED_ID 0x02
/* Encrypt/Decrypt Data Integrity Partition (DIP) for MDTP */
#define SCM_MDTP_CIPHER_DIP 0x01
/* Maximum Allowed Size (128K) of Data Integrity Partition (DIP) for MDTP */
#define MAX_DIP 0x20000
#define RPMB_SERVICE 0x2000
#define SSD_SERVICE 0x3000
#define QSEECOM_SEND_CMD_CRYPTO_TIMEOUT 2000
#define QSEECOM_LOAD_APP_CRYPTO_TIMEOUT 2000
#define TWO 2
#define QSEECOM_UFS_ICE_CE_NUM 10
#define QSEECOM_SDCC_ICE_CE_NUM 20
#define QSEECOM_ICE_FDE_KEY_INDEX 0
#define PHY_ADDR_4G (1ULL<<32)
#define QSEECOM_STATE_NOT_READY 0
#define QSEECOM_STATE_SUSPEND 1
#define QSEECOM_STATE_READY 2
#define QSEECOM_ICE_FDE_KEY_SIZE_MASK 2
/*
* default ce info unit to 0 for
* services which
* support only single instance.
* Most of services are in this category.
*/
#define DEFAULT_CE_INFO_UNIT 0
#define DEFAULT_NUM_CE_INFO_UNIT 1
enum qseecom_clk_definitions {
CLK_DFAB = 0,
CLK_SFPB,
};
enum qseecom_ice_key_size_type {
QSEECOM_ICE_FDE_KEY_SIZE_16_BYTE =
(0 << QSEECOM_ICE_FDE_KEY_SIZE_MASK),
QSEECOM_ICE_FDE_KEY_SIZE_32_BYTE =
(1 << QSEECOM_ICE_FDE_KEY_SIZE_MASK),
QSEE_ICE_FDE_KEY_SIZE_UNDEFINED =
(0xF << QSEECOM_ICE_FDE_KEY_SIZE_MASK),
};
enum qseecom_client_handle_type {
QSEECOM_CLIENT_APP = 1,
QSEECOM_LISTENER_SERVICE,
QSEECOM_SECURE_SERVICE,
QSEECOM_GENERIC,
QSEECOM_UNAVAILABLE_CLIENT_APP,
};
enum qseecom_ce_hw_instance {
CLK_QSEE = 0,
CLK_CE_DRV,
CLK_INVALID,
};
enum qseecom_listener_unregister_kthread_state {
LSNR_UNREG_KT_SLEEP = 0,
LSNR_UNREG_KT_WAKEUP,
};
static struct class *driver_class;
static dev_t qseecom_device_no;
static DEFINE_MUTEX(qsee_bw_mutex);
static DEFINE_MUTEX(app_access_lock);
static DEFINE_MUTEX(clk_access_lock);
static DEFINE_MUTEX(listener_access_lock);
struct sglist_info {
uint32_t indexAndFlags;
uint32_t sizeOrCount;
};
/*
* The 31th bit indicates only one or multiple physical address inside
* the request buffer. If it is set, the index locates a single physical addr
* inside the request buffer, and `sizeOrCount` is the size of the memory being
* shared at that physical address.
* Otherwise, the index locates an array of {start, len} pairs (a
* "scatter/gather list"), and `sizeOrCount` gives the number of entries in
* that array.
*
* The 30th bit indicates 64 or 32bit address; when it is set, physical addr
* and scatter gather entry sizes are 64-bit values. Otherwise, 32-bit values.
*
* The bits [0:29] of `indexAndFlags` hold an offset into the request buffer.
*/
#define SGLISTINFO_SET_INDEX_FLAG(c, s, i) \
((uint32_t)(((c & 1) << 31) | ((s & 1) << 30) | (i & 0x3fffffff)))
#define SGLISTINFO_TABLE_SIZE (sizeof(struct sglist_info) * MAX_ION_FD)
#define FEATURE_ID_WHITELIST 15 /*whitelist feature id*/
#define MAKE_WHITELIST_VERSION(major, minor, patch) \
(((major & 0x3FF) << 22) | ((minor & 0x3FF) << 12) | (patch & 0xFFF))
struct qseecom_registered_listener_list {
struct list_head list;
struct qseecom_register_listener_req svc;
void *user_virt_sb_base;
u8 *sb_virt;
phys_addr_t sb_phys;
size_t sb_length;
struct ion_handle *ihandle; /* Retrieve phy addr */
wait_queue_head_t rcv_req_wq;
/* rcv_req_flag: 0: ready and empty; 1: received req */
int rcv_req_flag;
int send_resp_flag;
bool listener_in_use;
/* wq for thread blocked on this listener*/
wait_queue_head_t listener_block_app_wq;
struct sglist_info sglistinfo_ptr[MAX_ION_FD];
uint32_t sglist_cnt;
int abort;
bool unregister_pending;
};
struct qseecom_unregister_pending_list {
struct list_head list;
struct qseecom_dev_handle *data;
};
struct qseecom_registered_app_list {
struct list_head list;
u32 app_id;
u32 ref_cnt;
char app_name[MAX_APP_NAME_SIZE];
u32 app_arch;
bool app_blocked;
u32 check_block;
u32 blocked_on_listener_id;
};
struct qseecom_registered_kclient_list {
struct list_head list;
struct qseecom_handle *handle;
};
struct qseecom_ce_info_use {
unsigned char handle[MAX_CE_INFO_HANDLE_SIZE];
unsigned int unit_num;
unsigned int num_ce_pipe_entries;
struct qseecom_ce_pipe_entry *ce_pipe_entry;
bool alloc;
uint32_t type;
};
struct ce_hw_usage_info {
uint32_t qsee_ce_hw_instance;
uint32_t num_fde;
struct qseecom_ce_info_use *fde;
uint32_t num_pfe;
struct qseecom_ce_info_use *pfe;
};
struct qseecom_clk {
enum qseecom_ce_hw_instance instance;
struct clk *ce_core_clk;
struct clk *ce_clk;
struct clk *ce_core_src_clk;
struct clk *ce_bus_clk;
uint32_t clk_access_cnt;
};
struct qseecom_control {
struct ion_client *ion_clnt; /* Ion client */
struct list_head registered_listener_list_head;
struct list_head registered_app_list_head;
spinlock_t registered_app_list_lock;
struct list_head registered_kclient_list_head;
spinlock_t registered_kclient_list_lock;
wait_queue_head_t send_resp_wq;
int send_resp_flag;
uint32_t qseos_version;
uint32_t qsee_version;
struct device *pdev;
bool whitelist_support;
bool commonlib_loaded;
bool commonlib64_loaded;
struct ce_hw_usage_info ce_info;
int qsee_bw_count;
int qsee_sfpb_bw_count;
uint32_t qsee_perf_client;
struct qseecom_clk qsee;
struct qseecom_clk ce_drv;
bool support_bus_scaling;
bool support_fde;
bool support_pfe;
bool fde_key_size;
uint32_t cumulative_mode;
enum qseecom_bandwidth_request_mode current_mode;
struct timer_list bw_scale_down_timer;
struct work_struct bw_inactive_req_ws;
struct cdev cdev;
bool timer_running;
bool no_clock_support;
unsigned int ce_opp_freq_hz;
bool appsbl_qseecom_support;
uint32_t qsee_reentrancy_support;
uint32_t app_block_ref_cnt;
wait_queue_head_t app_block_wq;
atomic_t qseecom_state;
int is_apps_region_protected;
bool smcinvoke_support;
struct list_head unregister_lsnr_pending_list_head;
wait_queue_head_t register_lsnr_pending_wq;
struct task_struct *unregister_lsnr_kthread_task;
wait_queue_head_t unregister_lsnr_kthread_wq;
atomic_t unregister_lsnr_kthread_state;
};
struct qseecom_sec_buf_fd_info {
bool is_sec_buf_fd;
size_t size;
void *vbase;
dma_addr_t pbase;
};
struct qseecom_param_memref {
uint32_t buffer;
uint32_t size;
};
struct qseecom_client_handle {
u32 app_id;
u8 *sb_virt;
phys_addr_t sb_phys;
unsigned long user_virt_sb_base;
size_t sb_length;
struct ion_handle *ihandle; /* Retrieve phy addr */
char app_name[MAX_APP_NAME_SIZE];
u32 app_arch;
struct qseecom_sec_buf_fd_info sec_buf_fd[MAX_ION_FD];
};
struct qseecom_listener_handle {
u32 id;
bool unregister_pending;
bool release_called;
};
static struct qseecom_control qseecom;
struct qseecom_dev_handle {
enum qseecom_client_handle_type type;
union {
struct qseecom_client_handle client;
struct qseecom_listener_handle listener;
};
bool released;
int abort;
wait_queue_head_t abort_wq;
atomic_t ioctl_count;
bool perf_enabled;
bool fast_load_enabled;
enum qseecom_bandwidth_request_mode mode;
struct sglist_info sglistinfo_ptr[MAX_ION_FD];
uint32_t sglist_cnt;
bool use_legacy_cmd;
};
struct qseecom_key_id_usage_desc {
uint8_t desc[QSEECOM_KEY_ID_SIZE];
};
struct qseecom_crypto_info {
unsigned int unit_num;
unsigned int ce;
unsigned int pipe_pair;
};
static struct qseecom_key_id_usage_desc key_id_array[] = {
{
.desc = "Undefined Usage Index",
},
{
.desc = "Full Disk Encryption",
},
{
.desc = "Per File Encryption",
},
{
.desc = "UFS ICE Full Disk Encryption",
},
{
.desc = "SDCC ICE Full Disk Encryption",
},
};
/* Function proto types */
static int qsee_vote_for_clock(struct qseecom_dev_handle *, int32_t);
static void qsee_disable_clock_vote(struct qseecom_dev_handle *, int32_t);
static int __qseecom_enable_clk(enum qseecom_ce_hw_instance ce);
static void __qseecom_disable_clk(enum qseecom_ce_hw_instance ce);
static int __qseecom_init_clk(enum qseecom_ce_hw_instance ce);
static int qseecom_load_commonlib_image(struct qseecom_dev_handle *data,
char *cmnlib_name);
static int qseecom_enable_ice_setup(int usage);
static int qseecom_disable_ice_setup(int usage);
static void __qseecom_reentrancy_check_if_no_app_blocked(uint32_t smc_id);
static int qseecom_get_ce_info(struct qseecom_dev_handle *data,
void __user *argp);
static int qseecom_free_ce_info(struct qseecom_dev_handle *data,
void __user *argp);
static int qseecom_query_ce_info(struct qseecom_dev_handle *data,
void __user *argp);
static int get_qseecom_keymaster_status(char *str)
{
get_option(&str, &qseecom.is_apps_region_protected);
return 1;
}
__setup("androidboot.keymaster=", get_qseecom_keymaster_status);
#define QSEECOM_SCM_EBUSY_WAIT_MS 30
#define QSEECOM_SCM_EBUSY_MAX_RETRY 67
static int __qseecom_scm_call2_locked(uint32_t smc_id, struct scm_desc *desc)
{
int ret = 0;
int retry_count = 0;
do {
ret = scm_call2_noretry(smc_id, desc);
if (ret == -EBUSY) {
mutex_unlock(&app_access_lock);
msleep(QSEECOM_SCM_EBUSY_WAIT_MS);
mutex_lock(&app_access_lock);
}
if (retry_count == 33)
pr_warn("secure world has been busy for 1 second!\n");
} while (ret == -EBUSY &&
(retry_count++ < QSEECOM_SCM_EBUSY_MAX_RETRY));
return ret;
}
static int qseecom_scm_call2(uint32_t svc_id, uint32_t tz_cmd_id,
const void *req_buf, void *resp_buf)
{
int ret = 0;
uint32_t smc_id = 0;
uint32_t qseos_cmd_id = 0;
struct scm_desc desc = {0};
struct qseecom_command_scm_resp *scm_resp = NULL;
if (!req_buf || !resp_buf) {
pr_err("Invalid buffer pointer\n");
return -EINVAL;
}
qseos_cmd_id = *(uint32_t *)req_buf;
scm_resp = (struct qseecom_command_scm_resp *)resp_buf;
switch (svc_id) {
case 6: {
if (tz_cmd_id == 3) {
smc_id = TZ_INFO_GET_FEATURE_VERSION_ID;
desc.arginfo = TZ_INFO_GET_FEATURE_VERSION_ID_PARAM_ID;
desc.args[0] = *(uint32_t *)req_buf;
} else {
pr_err("Unsupported svc_id %d, tz_cmd_id %d\n",
svc_id, tz_cmd_id);
return -EINVAL;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case SCM_SVC_ES: {
switch (tz_cmd_id) {
case SCM_SAVE_PARTITION_HASH_ID: {
u32 tzbuflen = PAGE_ALIGN(SHA256_DIGEST_LENGTH);
struct qseecom_save_partition_hash_req *p_hash_req =
(struct qseecom_save_partition_hash_req *)
req_buf;
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
memset(tzbuf, 0, tzbuflen);
memcpy(tzbuf, p_hash_req->digest,
SHA256_DIGEST_LENGTH);
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_ES_SAVE_PARTITION_HASH_ID;
desc.arginfo = TZ_ES_SAVE_PARTITION_HASH_ID_PARAM_ID;
desc.args[0] = p_hash_req->partition_id;
desc.args[1] = virt_to_phys(tzbuf);
desc.args[2] = SHA256_DIGEST_LENGTH;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
default: {
pr_err("tz_cmd_id %d is not supported by scm_call2\n",
tz_cmd_id);
ret = -EINVAL;
break;
}
} /* end of switch (tz_cmd_id) */
break;
} /* end of case SCM_SVC_ES */
case SCM_SVC_TZSCHEDULER: {
switch (qseos_cmd_id) {
case QSEOS_APP_START_COMMAND: {
struct qseecom_load_app_ireq *req;
struct qseecom_load_app_64bit_ireq *req_64bit;
smc_id = TZ_OS_APP_START_ID;
desc.arginfo = TZ_OS_APP_START_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_load_app_ireq *)req_buf;
desc.args[0] = req->mdt_len;
desc.args[1] = req->img_len;
desc.args[2] = req->phy_addr;
} else {
req_64bit =
(struct qseecom_load_app_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->mdt_len;
desc.args[1] = req_64bit->img_len;
desc.args[2] = req_64bit->phy_addr;
}
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_APP_SHUTDOWN_COMMAND: {
struct qseecom_unload_app_ireq *req;
req = (struct qseecom_unload_app_ireq *)req_buf;
smc_id = TZ_OS_APP_SHUTDOWN_ID;
desc.arginfo = TZ_OS_APP_SHUTDOWN_ID_PARAM_ID;
desc.args[0] = req->app_id;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_APP_LOOKUP_COMMAND: {
struct qseecom_check_app_ireq *req;
u32 tzbuflen = PAGE_ALIGN(sizeof(req->app_name));
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
req = (struct qseecom_check_app_ireq *)req_buf;
pr_debug("Lookup app_name = %s\n", req->app_name);
strlcpy(tzbuf, req->app_name, sizeof(req->app_name));
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_OS_APP_LOOKUP_ID;
desc.arginfo = TZ_OS_APP_LOOKUP_ID_PARAM_ID;
desc.args[0] = virt_to_phys(tzbuf);
desc.args[1] = strlen(req->app_name);
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
case QSEOS_APP_REGION_NOTIFICATION: {
struct qsee_apps_region_info_ireq *req;
struct qsee_apps_region_info_64bit_ireq *req_64bit;
smc_id = TZ_OS_APP_REGION_NOTIFICATION_ID;
desc.arginfo =
TZ_OS_APP_REGION_NOTIFICATION_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qsee_apps_region_info_ireq *)
req_buf;
desc.args[0] = req->addr;
desc.args[1] = req->size;
} else {
req_64bit =
(struct qsee_apps_region_info_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->addr;
desc.args[1] = req_64bit->size;
}
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_LOAD_SERV_IMAGE_COMMAND: {
struct qseecom_load_lib_image_ireq *req;
struct qseecom_load_lib_image_64bit_ireq *req_64bit;
smc_id = TZ_OS_LOAD_SERVICES_IMAGE_ID;
desc.arginfo = TZ_OS_LOAD_SERVICES_IMAGE_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_load_lib_image_ireq *)
req_buf;
desc.args[0] = req->mdt_len;
desc.args[1] = req->img_len;
desc.args[2] = req->phy_addr;
} else {
req_64bit =
(struct qseecom_load_lib_image_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->mdt_len;
desc.args[1] = req_64bit->img_len;
desc.args[2] = req_64bit->phy_addr;
}
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_UNLOAD_SERV_IMAGE_COMMAND: {
smc_id = TZ_OS_UNLOAD_SERVICES_IMAGE_ID;
desc.arginfo = TZ_OS_UNLOAD_SERVICES_IMAGE_ID_PARAM_ID;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_REGISTER_LISTENER: {
struct qseecom_register_listener_ireq *req;
struct qseecom_register_listener_64bit_ireq *req_64bit;
desc.arginfo =
TZ_OS_REGISTER_LISTENER_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_register_listener_ireq *)
req_buf;
desc.args[0] = req->listener_id;
desc.args[1] = req->sb_ptr;
desc.args[2] = req->sb_len;
} else {
req_64bit =
(struct qseecom_register_listener_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->listener_id;
desc.args[1] = req_64bit->sb_ptr;
desc.args[2] = req_64bit->sb_len;
}
qseecom.smcinvoke_support = true;
smc_id = TZ_OS_REGISTER_LISTENER_SMCINVOKE_ID;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
if (ret == -EIO) {
/* smcinvoke is not supported */
qseecom.smcinvoke_support = false;
smc_id = TZ_OS_REGISTER_LISTENER_ID;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
}
break;
}
case QSEOS_DEREGISTER_LISTENER: {
struct qseecom_unregister_listener_ireq *req;
req = (struct qseecom_unregister_listener_ireq *)
req_buf;
smc_id = TZ_OS_DEREGISTER_LISTENER_ID;
desc.arginfo = TZ_OS_DEREGISTER_LISTENER_ID_PARAM_ID;
desc.args[0] = req->listener_id;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_LISTENER_DATA_RSP_COMMAND: {
struct qseecom_client_listener_data_irsp *req;
req = (struct qseecom_client_listener_data_irsp *)
req_buf;
smc_id = TZ_OS_LISTENER_RESPONSE_HANDLER_ID;
desc.arginfo =
TZ_OS_LISTENER_RESPONSE_HANDLER_ID_PARAM_ID;
desc.args[0] = req->listener_id;
desc.args[1] = req->status;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_LISTENER_DATA_RSP_COMMAND_WHITELIST: {
struct qseecom_client_listener_data_irsp *req;
struct qseecom_client_listener_data_64bit_irsp *req_64;
smc_id =
TZ_OS_LISTENER_RESPONSE_HANDLER_WITH_WHITELIST_ID;
desc.arginfo =
TZ_OS_LISTENER_RESPONSE_HANDLER_WITH_WHITELIST_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req =
(struct qseecom_client_listener_data_irsp *)
req_buf;
desc.args[0] = req->listener_id;
desc.args[1] = req->status;
desc.args[2] = req->sglistinfo_ptr;
desc.args[3] = req->sglistinfo_len;
} else {
req_64 =
(struct qseecom_client_listener_data_64bit_irsp *)
req_buf;
desc.args[0] = req_64->listener_id;
desc.args[1] = req_64->status;
desc.args[2] = req_64->sglistinfo_ptr;
desc.args[3] = req_64->sglistinfo_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_LOAD_EXTERNAL_ELF_COMMAND: {
struct qseecom_load_app_ireq *req;
struct qseecom_load_app_64bit_ireq *req_64bit;
smc_id = TZ_OS_LOAD_EXTERNAL_IMAGE_ID;
desc.arginfo = TZ_OS_LOAD_SERVICES_IMAGE_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_load_app_ireq *)req_buf;
desc.args[0] = req->mdt_len;
desc.args[1] = req->img_len;
desc.args[2] = req->phy_addr;
} else {
req_64bit =
(struct qseecom_load_app_64bit_ireq *)req_buf;
desc.args[0] = req_64bit->mdt_len;
desc.args[1] = req_64bit->img_len;
desc.args[2] = req_64bit->phy_addr;
}
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_UNLOAD_EXTERNAL_ELF_COMMAND: {
smc_id = TZ_OS_UNLOAD_EXTERNAL_IMAGE_ID;
desc.arginfo = TZ_OS_UNLOAD_SERVICES_IMAGE_ID_PARAM_ID;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_CLIENT_SEND_DATA_COMMAND: {
struct qseecom_client_send_data_ireq *req;
struct qseecom_client_send_data_64bit_ireq *req_64bit;
smc_id = TZ_APP_QSAPP_SEND_DATA_ID;
desc.arginfo = TZ_APP_QSAPP_SEND_DATA_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_client_send_data_ireq *)
req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->rsp_ptr;
desc.args[4] = req->rsp_len;
} else {
req_64bit =
(struct qseecom_client_send_data_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->rsp_ptr;
desc.args[4] = req_64bit->rsp_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_CLIENT_SEND_DATA_COMMAND_WHITELIST: {
struct qseecom_client_send_data_ireq *req;
struct qseecom_client_send_data_64bit_ireq *req_64bit;
smc_id = TZ_APP_QSAPP_SEND_DATA_WITH_WHITELIST_ID;
desc.arginfo =
TZ_APP_QSAPP_SEND_DATA_WITH_WHITELIST_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_client_send_data_ireq *)
req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->rsp_ptr;
desc.args[4] = req->rsp_len;
desc.args[5] = req->sglistinfo_ptr;
desc.args[6] = req->sglistinfo_len;
} else {
req_64bit =
(struct qseecom_client_send_data_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->rsp_ptr;
desc.args[4] = req_64bit->rsp_len;
desc.args[5] = req_64bit->sglistinfo_ptr;
desc.args[6] = req_64bit->sglistinfo_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_RPMB_PROVISION_KEY_COMMAND: {
struct qseecom_client_send_service_ireq *req;
req = (struct qseecom_client_send_service_ireq *)
req_buf;
smc_id = TZ_OS_RPMB_PROVISION_KEY_ID;
desc.arginfo = TZ_OS_RPMB_PROVISION_KEY_ID_PARAM_ID;
desc.args[0] = req->key_type;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_RPMB_ERASE_COMMAND: {
smc_id = TZ_OS_RPMB_ERASE_ID;
desc.arginfo = TZ_OS_RPMB_ERASE_ID_PARAM_ID;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND: {
smc_id = TZ_OS_RPMB_CHECK_PROV_STATUS_ID;
desc.arginfo = TZ_OS_RPMB_CHECK_PROV_STATUS_ID_PARAM_ID;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_GENERATE_KEY: {
u32 tzbuflen = PAGE_ALIGN(sizeof
(struct qseecom_key_generate_ireq) -
sizeof(uint32_t));
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
memset(tzbuf, 0, tzbuflen);
memcpy(tzbuf, req_buf + sizeof(uint32_t),
(sizeof(struct qseecom_key_generate_ireq) -
sizeof(uint32_t)));
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_OS_KS_GEN_KEY_ID;
desc.arginfo = TZ_OS_KS_GEN_KEY_ID_PARAM_ID;
desc.args[0] = virt_to_phys(tzbuf);
desc.args[1] = tzbuflen;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
case QSEOS_DELETE_KEY: {
u32 tzbuflen = PAGE_ALIGN(sizeof
(struct qseecom_key_delete_ireq) -
sizeof(uint32_t));
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
memset(tzbuf, 0, tzbuflen);
memcpy(tzbuf, req_buf + sizeof(uint32_t),
(sizeof(struct qseecom_key_delete_ireq) -
sizeof(uint32_t)));
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_OS_KS_DEL_KEY_ID;
desc.arginfo = TZ_OS_KS_DEL_KEY_ID_PARAM_ID;
desc.args[0] = virt_to_phys(tzbuf);
desc.args[1] = tzbuflen;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
case QSEOS_SET_KEY: {
u32 tzbuflen = PAGE_ALIGN(sizeof
(struct qseecom_key_select_ireq) -
sizeof(uint32_t));
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
memset(tzbuf, 0, tzbuflen);
memcpy(tzbuf, req_buf + sizeof(uint32_t),
(sizeof(struct qseecom_key_select_ireq) -
sizeof(uint32_t)));
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_OS_KS_SET_PIPE_KEY_ID;
desc.arginfo = TZ_OS_KS_SET_PIPE_KEY_ID_PARAM_ID;
desc.args[0] = virt_to_phys(tzbuf);
desc.args[1] = tzbuflen;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
case QSEOS_UPDATE_KEY_USERINFO: {
u32 tzbuflen = PAGE_ALIGN(sizeof
(struct qseecom_key_userinfo_update_ireq) -
sizeof(uint32_t));
char *tzbuf = kzalloc(tzbuflen, GFP_KERNEL);
if (!tzbuf)
return -ENOMEM;
memset(tzbuf, 0, tzbuflen);
memcpy(tzbuf, req_buf + sizeof(uint32_t), (sizeof
(struct qseecom_key_userinfo_update_ireq) -
sizeof(uint32_t)));
dmac_flush_range(tzbuf, tzbuf + tzbuflen);
smc_id = TZ_OS_KS_UPDATE_KEY_ID;
desc.arginfo = TZ_OS_KS_UPDATE_KEY_ID_PARAM_ID;
desc.args[0] = virt_to_phys(tzbuf);
desc.args[1] = tzbuflen;
__qseecom_reentrancy_check_if_no_app_blocked(smc_id);
ret = __qseecom_scm_call2_locked(smc_id, &desc);
kzfree(tzbuf);
break;
}
case QSEOS_TEE_OPEN_SESSION: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_OPEN_SESSION_ID;
desc.arginfo = TZ_APP_GPAPP_OPEN_SESSION_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_TEE_OPEN_SESSION_WHITELIST: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_OPEN_SESSION_WITH_WHITELIST_ID;
desc.arginfo =
TZ_APP_GPAPP_OPEN_SESSION_WITH_WHITELIST_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
desc.args[5] = req->sglistinfo_ptr;
desc.args[6] = req->sglistinfo_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
desc.args[5] = req_64bit->sglistinfo_ptr;
desc.args[6] = req_64bit->sglistinfo_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_TEE_INVOKE_COMMAND: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_INVOKE_COMMAND_ID;
desc.arginfo = TZ_APP_GPAPP_INVOKE_COMMAND_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_TEE_INVOKE_COMMAND_WHITELIST: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_INVOKE_COMMAND_WITH_WHITELIST_ID;
desc.arginfo =
TZ_APP_GPAPP_INVOKE_COMMAND_WITH_WHITELIST_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
desc.args[5] = req->sglistinfo_ptr;
desc.args[6] = req->sglistinfo_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
desc.args[5] = req_64bit->sglistinfo_ptr;
desc.args[6] = req_64bit->sglistinfo_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_TEE_CLOSE_SESSION: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_CLOSE_SESSION_ID;
desc.arginfo = TZ_APP_GPAPP_CLOSE_SESSION_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_TEE_REQUEST_CANCELLATION: {
struct qseecom_qteec_ireq *req;
struct qseecom_qteec_64bit_ireq *req_64bit;
smc_id = TZ_APP_GPAPP_REQUEST_CANCELLATION_ID;
desc.arginfo =
TZ_APP_GPAPP_REQUEST_CANCELLATION_ID_PARAM_ID;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req = (struct qseecom_qteec_ireq *)req_buf;
desc.args[0] = req->app_id;
desc.args[1] = req->req_ptr;
desc.args[2] = req->req_len;
desc.args[3] = req->resp_ptr;
desc.args[4] = req->resp_len;
} else {
req_64bit = (struct qseecom_qteec_64bit_ireq *)
req_buf;
desc.args[0] = req_64bit->app_id;
desc.args[1] = req_64bit->req_ptr;
desc.args[2] = req_64bit->req_len;
desc.args[3] = req_64bit->resp_ptr;
desc.args[4] = req_64bit->resp_len;
}
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
case QSEOS_CONTINUE_BLOCKED_REQ_COMMAND: {
struct qseecom_continue_blocked_request_ireq *req =
(struct qseecom_continue_blocked_request_ireq *)
req_buf;
if (qseecom.smcinvoke_support)
smc_id =
TZ_OS_CONTINUE_BLOCKED_REQUEST_SMCINVOKE_ID;
else
smc_id = TZ_OS_CONTINUE_BLOCKED_REQUEST_ID;
desc.arginfo =
TZ_OS_CONTINUE_BLOCKED_REQUEST_ID_PARAM_ID;
desc.args[0] = req->app_or_session_id;
ret = __qseecom_scm_call2_locked(smc_id, &desc);
break;
}
default: {
pr_err("qseos_cmd_id %d is not supported by armv8 scm_call2.\n",
qseos_cmd_id);
ret = -EINVAL;
break;
}
} /*end of switch (qsee_cmd_id) */
break;
} /*end of case SCM_SVC_TZSCHEDULER*/
default: {
pr_err("svc_id 0x%x is not supported by armv8 scm_call2.\n",
svc_id);
ret = -EINVAL;
break;
}
} /*end of switch svc_id */
scm_resp->result = desc.ret[0];
scm_resp->resp_type = desc.ret[1];
scm_resp->data = desc.ret[2];
pr_debug("svc_id = 0x%x, tz_cmd_id = 0x%x, qseos_cmd_id = 0x%x, smc_id = 0x%x, param_id = 0x%x\n",
svc_id, tz_cmd_id, qseos_cmd_id, smc_id, desc.arginfo);
pr_debug("scm_resp->result = 0x%x, scm_resp->resp_type = 0x%x, scm_resp->data = 0x%x\n",
scm_resp->result, scm_resp->resp_type, scm_resp->data);
return ret;
}
static int qseecom_scm_call(u32 svc_id, u32 tz_cmd_id, const void *cmd_buf,
size_t cmd_len, void *resp_buf, size_t resp_len)
{
if (!is_scm_armv8())
return scm_call(svc_id, tz_cmd_id, cmd_buf, cmd_len,
resp_buf, resp_len);
else
return qseecom_scm_call2(svc_id, tz_cmd_id, cmd_buf, resp_buf);
}
static struct qseecom_registered_listener_list *__qseecom_find_svc(
int32_t listener_id)
{
struct qseecom_registered_listener_list *entry = NULL;
list_for_each_entry(entry,
&qseecom.registered_listener_list_head, list) {
if (entry->svc.listener_id == listener_id)
break;
}
if ((entry != NULL) && (entry->svc.listener_id != listener_id)) {
pr_debug("Service id: %u is not found\n", listener_id);
return NULL;
}
return entry;
}
static int __qseecom_set_sb_memory(struct qseecom_registered_listener_list *svc,
struct qseecom_dev_handle *handle,
struct qseecom_register_listener_req *listener)
{
int ret = 0;
struct qseecom_register_listener_ireq req;
struct qseecom_register_listener_64bit_ireq req_64bit;
struct qseecom_command_scm_resp resp;
ion_phys_addr_t pa;
void *cmd_buf = NULL;
size_t cmd_len;
/* Get the handle of the shared fd */
svc->ihandle = ion_import_dma_buf_fd(qseecom.ion_clnt,
listener->ifd_data_fd);
if (IS_ERR_OR_NULL(svc->ihandle)) {
pr_err("Ion client could not retrieve the handle\n");
return -ENOMEM;
}
/* Get the physical address of the ION BUF */
ret = ion_phys(qseecom.ion_clnt, svc->ihandle, &pa, &svc->sb_length);
if (ret) {
pr_err("Cannot get phys_addr for the Ion Client, ret = %d\n",
ret);
return ret;
}
/* Populate the structure for sending scm call to load image */
svc->sb_virt = (char *) ion_map_kernel(qseecom.ion_clnt, svc->ihandle);
if (IS_ERR_OR_NULL(svc->sb_virt)) {
pr_err("ION memory mapping for listener shared buffer failed\n");
return -ENOMEM;
}
svc->sb_phys = (phys_addr_t)pa;
if (qseecom.qsee_version < QSEE_VERSION_40) {
req.qsee_cmd_id = QSEOS_REGISTER_LISTENER;
req.listener_id = svc->svc.listener_id;
req.sb_len = svc->sb_length;
req.sb_ptr = (uint32_t)svc->sb_phys;
cmd_buf = (void *)&req;
cmd_len = sizeof(struct qseecom_register_listener_ireq);
} else {
req_64bit.qsee_cmd_id = QSEOS_REGISTER_LISTENER;
req_64bit.listener_id = svc->svc.listener_id;
req_64bit.sb_len = svc->sb_length;
req_64bit.sb_ptr = (uint64_t)svc->sb_phys;
cmd_buf = (void *)&req_64bit;
cmd_len = sizeof(struct qseecom_register_listener_64bit_ireq);
}
resp.result = QSEOS_RESULT_INCOMPLETE;
mutex_unlock(&listener_access_lock);
mutex_lock(&app_access_lock);
__qseecom_reentrancy_check_if_no_app_blocked(
TZ_OS_REGISTER_LISTENER_SMCINVOKE_ID);
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1, cmd_buf, cmd_len,
&resp, sizeof(resp));
mutex_unlock(&app_access_lock);
mutex_lock(&listener_access_lock);
if (ret) {
pr_err("qseecom_scm_call failed with err: %d\n", ret);
return -EINVAL;
}
if (resp.result != QSEOS_RESULT_SUCCESS) {
pr_err("Error SB registration req: resp.result = %d\n",
resp.result);
return -EPERM;
}
return 0;
}
static int qseecom_register_listener(struct qseecom_dev_handle *data,
void __user *argp)
{
int ret = 0;
struct qseecom_register_listener_req rcvd_lstnr;
struct qseecom_registered_listener_list *new_entry;
struct qseecom_registered_listener_list *ptr_svc;
ret = copy_from_user(&rcvd_lstnr, argp, sizeof(rcvd_lstnr));
if (ret) {
pr_err("copy_from_user failed\n");
return ret;
}
if (!access_ok(VERIFY_WRITE, (void __user *)rcvd_lstnr.virt_sb_base,
rcvd_lstnr.sb_size))
return -EFAULT;
data->listener.id = rcvd_lstnr.listener_id;
ptr_svc = __qseecom_find_svc(rcvd_lstnr.listener_id);
if (ptr_svc) {
if (ptr_svc->unregister_pending == false) {
pr_err("Service %d is not unique\n",
rcvd_lstnr.listener_id);
data->released = true;
return -EBUSY;
} else {
/*wait until listener is unregistered*/
pr_debug("register %d has to wait\n",
rcvd_lstnr.listener_id);
mutex_unlock(&listener_access_lock);
ret = wait_event_interruptible(
qseecom.register_lsnr_pending_wq,
list_empty(
&qseecom.unregister_lsnr_pending_list_head));
if (ret) {
pr_err("interrupted register_pending_wq %d\n",
rcvd_lstnr.listener_id);
mutex_lock(&listener_access_lock);
return -ERESTARTSYS;
}
mutex_lock(&listener_access_lock);
}
}
new_entry = kzalloc(sizeof(*new_entry), GFP_KERNEL);
if (!new_entry)
return -ENOMEM;
memcpy(&new_entry->svc, &rcvd_lstnr, sizeof(rcvd_lstnr));
new_entry->rcv_req_flag = 0;
new_entry->svc.listener_id = rcvd_lstnr.listener_id;
new_entry->sb_length = rcvd_lstnr.sb_size;
new_entry->user_virt_sb_base = rcvd_lstnr.virt_sb_base;
if (__qseecom_set_sb_memory(new_entry, data, &rcvd_lstnr)) {
pr_err("qseecom_set_sb_memory failed for listener %d, size %d\n",
rcvd_lstnr.listener_id, rcvd_lstnr.sb_size);
kzfree(new_entry);
return -ENOMEM;
}
init_waitqueue_head(&new_entry->rcv_req_wq);
init_waitqueue_head(&new_entry->listener_block_app_wq);
new_entry->send_resp_flag = 0;
new_entry->listener_in_use = false;
list_add_tail(&new_entry->list, &qseecom.registered_listener_list_head);
pr_warn("Service %d is registered\n", rcvd_lstnr.listener_id);
return ret;
}
static int __qseecom_unregister_listener(struct qseecom_dev_handle *data,
struct qseecom_registered_listener_list *ptr_svc)
{
int ret = 0;
struct qseecom_register_listener_ireq req;
struct qseecom_command_scm_resp resp;
struct ion_handle *ihandle = NULL; /* Retrieve phy addr */
req.qsee_cmd_id = QSEOS_DEREGISTER_LISTENER;
req.listener_id = data->listener.id;
resp.result = QSEOS_RESULT_INCOMPLETE;
mutex_unlock(&listener_access_lock);
mutex_lock(&app_access_lock);
__qseecom_reentrancy_check_if_no_app_blocked(
TZ_OS_DEREGISTER_LISTENER_ID);
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1, &req,
sizeof(req), &resp, sizeof(resp));
mutex_unlock(&app_access_lock);
mutex_lock(&listener_access_lock);
if (ret) {
pr_err("scm_call() failed with err: %d (lstnr id=%d)\n",
ret, data->listener.id);
if (ret == -EBUSY)
return ret;
goto exit;
}
if (resp.result != QSEOS_RESULT_SUCCESS) {
pr_err("Failed resp.result=%d,(lstnr id=%d)\n",
resp.result, data->listener.id);
ret = -EPERM;
goto exit;
}
while (atomic_read(&data->ioctl_count) > 1) {
if (wait_event_interruptible(data->abort_wq,
atomic_read(&data->ioctl_count) <= 1)) {
pr_err("Interrupted from abort\n");
ret = -ERESTARTSYS;
}
}
exit:
if (ptr_svc->sb_virt) {
ihandle = ptr_svc->ihandle;
if (!IS_ERR_OR_NULL(ihandle)) {
ion_unmap_kernel(qseecom.ion_clnt, ihandle);
ion_free(qseecom.ion_clnt, ihandle);
}
}
list_del(&ptr_svc->list);
kzfree(ptr_svc);
data->released = true;
pr_warn("Service %d is unregistered\n", data->listener.id);
return ret;
}
static int qseecom_unregister_listener(struct qseecom_dev_handle *data)
{
struct qseecom_registered_listener_list *ptr_svc = NULL;
struct qseecom_unregister_pending_list *entry = NULL;
ptr_svc = __qseecom_find_svc(data->listener.id);
if (!ptr_svc) {
pr_err("Unregiser invalid listener ID %d\n", data->listener.id);
return -ENODATA;
}
/* stop CA thread waiting for listener response */
ptr_svc->abort = 1;
wake_up_interruptible_all(&qseecom.send_resp_wq);
/* stop listener thread waiting for listener request */
data->abort = 1;
wake_up_all(&ptr_svc->rcv_req_wq);
/* return directly if pending*/
if (ptr_svc->unregister_pending)
return 0;
/*add unregistration into pending list*/
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (!entry)
return -ENOMEM;
entry->data = data;
list_add_tail(&entry->list,
&qseecom.unregister_lsnr_pending_list_head);
ptr_svc->unregister_pending = true;
pr_debug("unregister %d pending\n", data->listener.id);
return 0;
}
static void __qseecom_processing_pending_lsnr_unregister(void)
{
struct qseecom_unregister_pending_list *entry = NULL;
struct qseecom_registered_listener_list *ptr_svc = NULL;
struct list_head *pos;
int ret = 0;
mutex_lock(&listener_access_lock);
while (!list_empty(&qseecom.unregister_lsnr_pending_list_head)) {
pos = qseecom.unregister_lsnr_pending_list_head.next;
entry = list_entry(pos,
struct qseecom_unregister_pending_list, list);
if (entry && entry->data) {
pr_debug("process pending unregister %d\n",
entry->data->listener.id);
/* don't process if qseecom_release is not called*/
if (!entry->data->listener.release_called)
break;
ptr_svc = __qseecom_find_svc(
entry->data->listener.id);
if (ptr_svc) {
ret = __qseecom_unregister_listener(
entry->data, ptr_svc);
if (ret == -EBUSY) {
pr_debug("unregister %d pending again\n",
entry->data->listener.id);
mutex_unlock(&listener_access_lock);
return;
}
} else
pr_err("invalid listener %d\n",
entry->data->listener.id);
kzfree(entry->data);
}
list_del(pos);
kzfree(entry);
}
mutex_unlock(&listener_access_lock);
wake_up_interruptible(&qseecom.register_lsnr_pending_wq);
}
static void __wakeup_unregister_listener_kthread(void)
{
atomic_set(&qseecom.unregister_lsnr_kthread_state,
LSNR_UNREG_KT_WAKEUP);
wake_up_interruptible(&qseecom.unregister_lsnr_kthread_wq);
}
static int __qseecom_unregister_listener_kthread_func(void *data)
{
while (!kthread_should_stop()) {
wait_event_interruptible(
qseecom.unregister_lsnr_kthread_wq,
atomic_read(&qseecom.unregister_lsnr_kthread_state)
== LSNR_UNREG_KT_WAKEUP);
pr_debug("kthread to unregister listener is called %d\n",
atomic_read(&qseecom.unregister_lsnr_kthread_state));
__qseecom_processing_pending_lsnr_unregister();
atomic_set(&qseecom.unregister_lsnr_kthread_state,
LSNR_UNREG_KT_SLEEP);
}
pr_warn("kthread to unregister listener stopped\n");
return 0;
}
static int __qseecom_set_msm_bus_request(uint32_t mode)
{
int ret = 0;
struct qseecom_clk *qclk;
qclk = &qseecom.qsee;
if (qclk->ce_core_src_clk != NULL) {
if (mode == INACTIVE) {
__qseecom_disable_clk(CLK_QSEE);
} else {
ret = __qseecom_enable_clk(CLK_QSEE);
if (ret)
pr_err("CLK enabling failed (%d) MODE (%d)\n",
ret, mode);
}
}
if ((!ret) && (qseecom.current_mode != mode)) {
ret = msm_bus_scale_client_update_request(
qseecom.qsee_perf_client, mode);
if (ret) {
pr_err("Bandwidth req failed(%d) MODE (%d)\n",
ret, mode);
if (qclk->ce_core_src_clk != NULL) {
if (mode == INACTIVE) {
ret = __qseecom_enable_clk(CLK_QSEE);
if (ret)
pr_err("CLK enable failed\n");
} else
__qseecom_disable_clk(CLK_QSEE);
}
}
qseecom.current_mode = mode;
}
return ret;
}
static void qseecom_bw_inactive_req_work(struct work_struct *work)
{
mutex_lock(&app_access_lock);
mutex_lock(&qsee_bw_mutex);
if (qseecom.timer_running)
__qseecom_set_msm_bus_request(INACTIVE);
pr_debug("current_mode = %d, cumulative_mode = %d\n",
qseecom.current_mode, qseecom.cumulative_mode);
qseecom.timer_running = false;
mutex_unlock(&qsee_bw_mutex);
mutex_unlock(&app_access_lock);
}
static void qseecom_scale_bus_bandwidth_timer_callback(unsigned long data)
{
schedule_work(&qseecom.bw_inactive_req_ws);
}
static int __qseecom_decrease_clk_ref_count(enum qseecom_ce_hw_instance ce)
{
struct qseecom_clk *qclk;
int ret = 0;
mutex_lock(&clk_access_lock);
if (ce == CLK_QSEE)
qclk = &qseecom.qsee;
else
qclk = &qseecom.ce_drv;
if (qclk->clk_access_cnt > 2) {
pr_err("Invalid clock ref count %d\n", qclk->clk_access_cnt);
ret = -EINVAL;
goto err_dec_ref_cnt;
}
if (qclk->clk_access_cnt == 2)
qclk->clk_access_cnt--;
err_dec_ref_cnt:
mutex_unlock(&clk_access_lock);
return ret;
}
static int qseecom_scale_bus_bandwidth_timer(uint32_t mode)
{
int32_t ret = 0;
int32_t request_mode = INACTIVE;
mutex_lock(&qsee_bw_mutex);
if (mode == 0) {
if (qseecom.cumulative_mode > MEDIUM)
request_mode = HIGH;
else
request_mode = qseecom.cumulative_mode;
} else {
request_mode = mode;
}
ret = __qseecom_set_msm_bus_request(request_mode);
if (ret) {
pr_err("set msm bus request failed (%d),request_mode (%d)\n",
ret, request_mode);
goto err_scale_timer;
}
if (qseecom.timer_running) {
ret = __qseecom_decrease_clk_ref_count(CLK_QSEE);
if (ret) {
pr_err("Failed to decrease clk ref count.\n");
goto err_scale_timer;
}
del_timer_sync(&(qseecom.bw_scale_down_timer));
qseecom.timer_running = false;
}
err_scale_timer:
mutex_unlock(&qsee_bw_mutex);
return ret;
}
static int qseecom_unregister_bus_bandwidth_needs(
struct qseecom_dev_handle *data)
{
int32_t ret = 0;
qseecom.cumulative_mode -= data->mode;
data->mode = INACTIVE;
return ret;
}
static int __qseecom_register_bus_bandwidth_needs(
struct qseecom_dev_handle *data, uint32_t request_mode)
{
int32_t ret = 0;
if (data->mode == INACTIVE) {
qseecom.cumulative_mode += request_mode;
data->mode = request_mode;
} else {
if (data->mode != request_mode) {
qseecom.cumulative_mode -= data->mode;
qseecom.cumulative_mode += request_mode;
data->mode = request_mode;
}
}
return ret;
}
static int qseecom_perf_enable(struct qseecom_dev_handle *data)
{
int ret = 0;
ret = qsee_vote_for_clock(data, CLK_DFAB);
if (ret) {
pr_err("Failed to vote for DFAB clock with err %d\n", ret);
goto perf_enable_exit;
}
ret = qsee_vote_for_clock(data, CLK_SFPB);
if (ret) {
qsee_disable_clock_vote(data, CLK_DFAB);
pr_err("Failed to vote for SFPB clock with err %d\n", ret);
goto perf_enable_exit;
}
perf_enable_exit:
return ret;
}
static int qseecom_scale_bus_bandwidth(struct qseecom_dev_handle *data,
void __user *argp)
{
int32_t ret = 0;
int32_t req_mode;
if (qseecom.no_clock_support)
return 0;
ret = copy_from_user(&req_mode, argp, sizeof(req_mode));
if (ret) {
pr_err("copy_from_user failed\n");
return ret;
}
if (req_mode > HIGH) {
pr_err("Invalid bandwidth mode (%d)\n", req_mode);
return -EINVAL;
}
/*
* Register bus bandwidth needs if bus scaling feature is enabled;
* otherwise, qseecom enable/disable clocks for the client directly.
*/
if (qseecom.support_bus_scaling) {
mutex_lock(&qsee_bw_mutex);
ret = __qseecom_register_bus_bandwidth_needs(data, req_mode);
mutex_unlock(&qsee_bw_mutex);
} else {
pr_debug("Bus scaling feature is NOT enabled\n");
pr_debug("request bandwidth mode %d for the client\n",
req_mode);
if (req_mode != INACTIVE) {
ret = qseecom_perf_enable(data);
if (ret)
pr_err("Failed to vote for clock with err %d\n",
ret);
} else {
qsee_disable_clock_vote(data, CLK_DFAB);
qsee_disable_clock_vote(data, CLK_SFPB);
}
}
return ret;
}
static void __qseecom_add_bw_scale_down_timer(uint32_t duration)
{
if (qseecom.no_clock_support)
return;
mutex_lock(&qsee_bw_mutex);
qseecom.bw_scale_down_timer.expires = jiffies +
msecs_to_jiffies(duration);
mod_timer(&(qseecom.bw_scale_down_timer),
qseecom.bw_scale_down_timer.expires);
qseecom.timer_running = true;
mutex_unlock(&qsee_bw_mutex);
}
static void __qseecom_disable_clk_scale_down(struct qseecom_dev_handle *data)
{
if (!qseecom.support_bus_scaling)
qsee_disable_clock_vote(data, CLK_SFPB);
else
__qseecom_add_bw_scale_down_timer(
QSEECOM_LOAD_APP_CRYPTO_TIMEOUT);
}
static int __qseecom_enable_clk_scale_up(struct qseecom_dev_handle *data)
{
int ret = 0;
if (qseecom.support_bus_scaling) {
ret = qseecom_scale_bus_bandwidth_timer(MEDIUM);
if (ret)
pr_err("Failed to set bw MEDIUM.\n");
} else {
ret = qsee_vote_for_clock(data, CLK_SFPB);
if (ret)
pr_err("Fail vote for clk SFPB ret %d\n", ret);
}
return ret;
}
static int qseecom_set_client_mem_param(struct qseecom_dev_handle *data,
void __user *argp)
{
ion_phys_addr_t pa;
int32_t ret;
struct qseecom_set_sb_mem_param_req req;
size_t len;
/* Copy the relevant information needed for loading the image */
if (copy_from_user(&req, (void __user *)argp, sizeof(req)))
return -EFAULT;
if ((req.ifd_data_fd <= 0) || (req.virt_sb_base == NULL) ||
(req.sb_len == 0)) {
pr_err("Inavlid input(s)ion_fd(%d), sb_len(%d), vaddr(0x%pK)\n",
req.ifd_data_fd, req.sb_len, req.virt_sb_base);
return -EFAULT;
}
if (!access_ok(VERIFY_WRITE, (void __user *)req.virt_sb_base,
req.sb_len))
return -EFAULT;
/* Get the handle of the shared fd */
data->client.ihandle = ion_import_dma_buf_fd(qseecom.ion_clnt,
req.ifd_data_fd);
if (IS_ERR_OR_NULL(data->client.ihandle)) {
pr_err("Ion client could not retrieve the handle\n");
return -ENOMEM;
}
/* Get the physical address of the ION BUF */
ret = ion_phys(qseecom.ion_clnt, data->client.ihandle, &pa, &len);
if (ret) {
pr_err("Cannot get phys_addr for the Ion Client, ret = %d\n",
ret);
return ret;
}
if (len < req.sb_len) {
pr_err("Requested length (0x%x) is > allocated (%zu)\n",
req.sb_len, len);
return -EINVAL;
}
/* Populate the structure for sending scm call to load image */
data->client.sb_virt = (char *) ion_map_kernel(qseecom.ion_clnt,
data->client.ihandle);
if (IS_ERR_OR_NULL(data->client.sb_virt)) {
pr_err("ION memory mapping for client shared buf failed\n");
return -ENOMEM;
}
data->client.sb_phys = (phys_addr_t)pa;
data->client.sb_length = req.sb_len;
data->client.user_virt_sb_base = (uintptr_t)req.virt_sb_base;
return 0;
}
static int __qseecom_listener_has_sent_rsp(struct qseecom_dev_handle *data,
struct qseecom_registered_listener_list *ptr_svc)
{
int ret;
ret = (qseecom.send_resp_flag != 0);
return ret || data->abort || ptr_svc->abort;
}
static int __qseecom_reentrancy_listener_has_sent_rsp(
struct qseecom_dev_handle *data,
struct qseecom_registered_listener_list *ptr_svc)
{
int ret;
ret = (ptr_svc->send_resp_flag != 0);
return ret || data->abort || ptr_svc->abort;
}
static void __qseecom_clean_listener_sglistinfo(
struct qseecom_registered_listener_list *ptr_svc)
{
if (ptr_svc->sglist_cnt) {
memset(ptr_svc->sglistinfo_ptr, 0,
SGLISTINFO_TABLE_SIZE);
ptr_svc->sglist_cnt = 0;
}
}
static int __qseecom_process_incomplete_cmd(struct qseecom_dev_handle *data,
struct qseecom_command_scm_resp *resp)
{
int ret = 0;
int rc = 0;
uint32_t lstnr;
struct qseecom_client_listener_data_irsp send_data_rsp = {0};
struct qseecom_client_listener_data_64bit_irsp send_data_rsp_64bit
= {0};
struct qseecom_registered_listener_list *ptr_svc = NULL;
sigset_t new_sigset;
sigset_t old_sigset;
uint32_t status;
void *cmd_buf = NULL;
size_t cmd_len;
struct sglist_info *table = NULL;
qseecom.app_block_ref_cnt++;
while (resp->result == QSEOS_RESULT_INCOMPLETE) {
lstnr = resp->data;
/*
* Wake up blocking lsitener service with the lstnr id
*/
mutex_lock(&listener_access_lock);
list_for_each_entry(ptr_svc,
&qseecom.registered_listener_list_head, list) {
if (ptr_svc->svc.listener_id == lstnr) {
ptr_svc->listener_in_use = true;
ptr_svc->rcv_req_flag = 1;
wake_up_interruptible(&ptr_svc->rcv_req_wq);
break;
}
}
if (ptr_svc == NULL) {
pr_err("Listener Svc %d does not exist\n", lstnr);
rc = -EINVAL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (!ptr_svc->ihandle) {
pr_err("Client handle is not initialized\n");
rc = -EINVAL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (ptr_svc->svc.listener_id != lstnr) {
pr_err("Service %d does not exist\n",
lstnr);
rc = -ERESTARTSYS;
ptr_svc = NULL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (ptr_svc->abort == 1) {
pr_debug("Service %d abort %d\n",
lstnr, ptr_svc->abort);
rc = -ENODEV;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
pr_debug("waking up rcv_req_wq and waiting for send_resp_wq\n");
/* initialize the new signal mask with all signals*/
sigfillset(&new_sigset);
/* block all signals */
sigprocmask(SIG_SETMASK, &new_sigset, &old_sigset);
mutex_unlock(&listener_access_lock);
do {
/*
* When reentrancy is not supported, check global
* send_resp_flag; otherwise, check this listener's
* send_resp_flag.
*/
if (!qseecom.qsee_reentrancy_support &&
!wait_event_interruptible(qseecom.send_resp_wq,
__qseecom_listener_has_sent_rsp(
data, ptr_svc))) {
break;
}
if (qseecom.qsee_reentrancy_support &&
!wait_event_interruptible(qseecom.send_resp_wq,
__qseecom_reentrancy_listener_has_sent_rsp(
data, ptr_svc))) {
break;
}
} while (1);
mutex_lock(&listener_access_lock);
/* restore signal mask */
sigprocmask(SIG_SETMASK, &old_sigset, NULL);
if (data->abort || ptr_svc->abort) {
pr_err("Abort clnt %d waiting on lstnr svc %d, ret %d",
data->client.app_id, lstnr, ret);
rc = -ENODEV;
status = QSEOS_RESULT_FAILURE;
} else {
status = QSEOS_RESULT_SUCCESS;
}
err_resp:
qseecom.send_resp_flag = 0;
if (ptr_svc) {
ptr_svc->send_resp_flag = 0;
table = ptr_svc->sglistinfo_ptr;
}
if (qseecom.qsee_version < QSEE_VERSION_40) {
send_data_rsp.listener_id = lstnr;
send_data_rsp.status = status;
if (table) {
send_data_rsp.sglistinfo_ptr =
(uint32_t)virt_to_phys(table);
send_data_rsp.sglistinfo_len =
SGLISTINFO_TABLE_SIZE;
dmac_flush_range((void *)table,
(void *)table + SGLISTINFO_TABLE_SIZE);
}
cmd_buf = (void *)&send_data_rsp;
cmd_len = sizeof(send_data_rsp);
} else {
send_data_rsp_64bit.listener_id = lstnr;
send_data_rsp_64bit.status = status;
if (table) {
send_data_rsp_64bit.sglistinfo_ptr =
virt_to_phys(table);
send_data_rsp_64bit.sglistinfo_len =
SGLISTINFO_TABLE_SIZE;
dmac_flush_range((void *)table,
(void *)table + SGLISTINFO_TABLE_SIZE);
}
cmd_buf = (void *)&send_data_rsp_64bit;
cmd_len = sizeof(send_data_rsp_64bit);
}
if (qseecom.whitelist_support == false || table == NULL)
*(uint32_t *)cmd_buf = QSEOS_LISTENER_DATA_RSP_COMMAND;
else
*(uint32_t *)cmd_buf =
QSEOS_LISTENER_DATA_RSP_COMMAND_WHITELIST;
if (ptr_svc) {
ret = msm_ion_do_cache_op(qseecom.ion_clnt,
ptr_svc->ihandle,
ptr_svc->sb_virt, ptr_svc->sb_length,
ION_IOC_CLEAN_INV_CACHES);
if (ret) {
pr_err("cache operation failed %d\n", ret);
goto exit;
}
}
if ((lstnr == RPMB_SERVICE) || (lstnr == SSD_SERVICE)) {
ret = __qseecom_enable_clk(CLK_QSEE);
if (ret)
goto exit;
}
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1,
cmd_buf, cmd_len, resp, sizeof(*resp));
if (ptr_svc) {
ptr_svc->listener_in_use = false;
__qseecom_clean_listener_sglistinfo(ptr_svc);
}
if (ret) {
pr_err("scm_call() failed with err: %d (app_id = %d)\n",
ret, data->client.app_id);
if ((lstnr == RPMB_SERVICE) || (lstnr == SSD_SERVICE))
__qseecom_disable_clk(CLK_QSEE);
goto exit;
}
pr_debug("resp status %d, res= %d, app_id = %d, lstr = %d\n",
status, resp->result, data->client.app_id, lstnr);
if ((resp->result != QSEOS_RESULT_SUCCESS) &&
(resp->result != QSEOS_RESULT_INCOMPLETE)) {
pr_err("fail:resp res= %d,app_id = %d,lstr = %d\n",
resp->result, data->client.app_id, lstnr);
ret = -EINVAL;
goto exit;
}
exit:
mutex_unlock(&listener_access_lock);
if ((lstnr == RPMB_SERVICE) || (lstnr == SSD_SERVICE))
__qseecom_disable_clk(CLK_QSEE);
}
qseecom.app_block_ref_cnt--;
wake_up_interruptible_all(&qseecom.app_block_wq);
if (rc)
return rc;
return ret;
}
static int __qseecom_process_reentrancy_blocked_on_listener(
struct qseecom_command_scm_resp *resp,
struct qseecom_registered_app_list *ptr_app,
struct qseecom_dev_handle *data)
{
struct qseecom_registered_listener_list *list_ptr;
int ret = 0;
struct qseecom_continue_blocked_request_ireq ireq;
struct qseecom_command_scm_resp continue_resp;
unsigned int session_id;
sigset_t new_sigset;
sigset_t old_sigset;
unsigned long flags;
bool found_app = false;
if (!resp || !data) {
pr_err("invalid resp or data pointer\n");
ret = -EINVAL;
goto exit;
}
/* find app_id & img_name from list */
if (!ptr_app && data->client.app_arch != ELFCLASSNONE) {
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags);
list_for_each_entry(ptr_app, &qseecom.registered_app_list_head,
list) {
if ((ptr_app->app_id == data->client.app_id) &&
(!strcmp(ptr_app->app_name,
data->client.app_name))) {
found_app = true;
break;
}
}
spin_unlock_irqrestore(&qseecom.registered_app_list_lock,
flags);
if (!found_app) {
pr_err("app_id %d (%s) is not found\n",
data->client.app_id,
(char *)data->client.app_name);
ret = -ENOENT;
goto exit;
}
}
do {
session_id = resp->resp_type;
mutex_lock(&listener_access_lock);
list_ptr = __qseecom_find_svc(resp->data);
if (!list_ptr) {
pr_err("Invalid listener ID %d\n", resp->data);
ret = -ENODATA;
mutex_unlock(&listener_access_lock);
goto exit;
}
ptr_app->blocked_on_listener_id = resp->data;
pr_warn("Lsntr %d in_use %d, block session(%d) app(%d)\n",
resp->data, list_ptr->listener_in_use,
session_id, data->client.app_id);
/* sleep until listener is available */
sigfillset(&new_sigset);
sigprocmask(SIG_SETMASK, &new_sigset, &old_sigset);
do {
qseecom.app_block_ref_cnt++;
ptr_app->app_blocked = true;
mutex_unlock(&listener_access_lock);
mutex_unlock(&app_access_lock);
wait_event_interruptible(
list_ptr->listener_block_app_wq,
!list_ptr->listener_in_use);
mutex_lock(&app_access_lock);
mutex_lock(&listener_access_lock);
ptr_app->app_blocked = false;
qseecom.app_block_ref_cnt--;
} while (list_ptr->listener_in_use);
sigprocmask(SIG_SETMASK, &old_sigset, NULL);
ptr_app->blocked_on_listener_id = 0;
pr_warn("Lsntr %d is available, unblock session(%d) app(%d)\n",
resp->data, session_id, data->client.app_id);
/* notify TZ that listener is available */
ireq.qsee_cmd_id = QSEOS_CONTINUE_BLOCKED_REQ_COMMAND;
if (qseecom.smcinvoke_support)
ireq.app_or_session_id = session_id;
else
ireq.app_or_session_id = data->client.app_id;
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1,
&ireq, sizeof(ireq),
&continue_resp, sizeof(continue_resp));
if (ret && qseecom.smcinvoke_support) {
/* retry with legacy cmd */
qseecom.smcinvoke_support = false;
ireq.app_or_session_id = data->client.app_id;
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1,
&ireq, sizeof(ireq),
&continue_resp, sizeof(continue_resp));
qseecom.smcinvoke_support = true;
if (ret) {
pr_err("unblock app %d or session %d fail\n",
data->client.app_id, session_id);
mutex_unlock(&listener_access_lock);
goto exit;
}
}
mutex_unlock(&listener_access_lock);
resp->result = continue_resp.result;
resp->resp_type = continue_resp.resp_type;
resp->data = continue_resp.data;
pr_debug("unblock resp = %d\n", resp->result);
} while (resp->result == QSEOS_RESULT_BLOCKED_ON_LISTENER);
if (resp->result != QSEOS_RESULT_INCOMPLETE) {
pr_err("Unexpected unblock resp %d\n", resp->result);
ret = -EINVAL;
}
exit:
return ret;
}
static int __qseecom_reentrancy_process_incomplete_cmd(
struct qseecom_dev_handle *data,
struct qseecom_command_scm_resp *resp)
{
int ret = 0;
int rc = 0;
uint32_t lstnr;
struct qseecom_client_listener_data_irsp send_data_rsp = {0};
struct qseecom_client_listener_data_64bit_irsp send_data_rsp_64bit
= {0};
struct qseecom_registered_listener_list *ptr_svc = NULL;
sigset_t new_sigset;
sigset_t old_sigset;
uint32_t status;
void *cmd_buf = NULL;
size_t cmd_len;
struct sglist_info *table = NULL;
while (ret == 0 && resp->result == QSEOS_RESULT_INCOMPLETE) {
lstnr = resp->data;
/*
* Wake up blocking lsitener service with the lstnr id
*/
mutex_lock(&listener_access_lock);
list_for_each_entry(ptr_svc,
&qseecom.registered_listener_list_head, list) {
if (ptr_svc->svc.listener_id == lstnr) {
ptr_svc->listener_in_use = true;
ptr_svc->rcv_req_flag = 1;
wake_up_interruptible(&ptr_svc->rcv_req_wq);
break;
}
}
if (ptr_svc == NULL) {
pr_err("Listener Svc %d does not exist\n", lstnr);
rc = -EINVAL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (!ptr_svc->ihandle) {
pr_err("Client handle is not initialized\n");
rc = -EINVAL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (ptr_svc->svc.listener_id != lstnr) {
pr_err("Service %d does not exist\n",
lstnr);
rc = -ERESTARTSYS;
ptr_svc = NULL;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
if (ptr_svc->abort == 1) {
pr_debug("Service %d abort %d\n",
lstnr, ptr_svc->abort);
rc = -ENODEV;
status = QSEOS_RESULT_FAILURE;
goto err_resp;
}
pr_debug("waking up rcv_req_wq and waiting for send_resp_wq\n");
/* initialize the new signal mask with all signals*/
sigfillset(&new_sigset);
/* block all signals */
sigprocmask(SIG_SETMASK, &new_sigset, &old_sigset);
/* unlock mutex btw waking listener and sleep-wait */
mutex_unlock(&listener_access_lock);
mutex_unlock(&app_access_lock);
do {
if (!wait_event_interruptible(qseecom.send_resp_wq,
__qseecom_reentrancy_listener_has_sent_rsp(
data, ptr_svc))) {
break;
}
} while (1);
/* lock mutex again after resp sent */
mutex_lock(&app_access_lock);
mutex_lock(&listener_access_lock);
ptr_svc->send_resp_flag = 0;
qseecom.send_resp_flag = 0;
/* restore signal mask */
sigprocmask(SIG_SETMASK, &old_sigset, NULL);
if (data->abort || ptr_svc->abort) {
pr_err("Abort clnt %d waiting on lstnr svc %d, ret %d",
data->client.app_id, lstnr, ret);
rc = -ENODEV;
status = QSEOS_RESULT_FAILURE;
} else {
status = QSEOS_RESULT_SUCCESS;
}
err_resp:
if (ptr_svc)
table = ptr_svc->sglistinfo_ptr;
if (qseecom.qsee_version < QSEE_VERSION_40) {
send_data_rsp.listener_id = lstnr;
send_data_rsp.status = status;
if (table) {
send_data_rsp.sglistinfo_ptr =
(uint32_t)virt_to_phys(table);
send_data_rsp.sglistinfo_len =
SGLISTINFO_TABLE_SIZE;
dmac_flush_range((void *)table,
(void *)table + SGLISTINFO_TABLE_SIZE);
}
cmd_buf = (void *)&send_data_rsp;
cmd_len = sizeof(send_data_rsp);
} else {
send_data_rsp_64bit.listener_id = lstnr;
send_data_rsp_64bit.status = status;
if (table) {
send_data_rsp_64bit.sglistinfo_ptr =
virt_to_phys(table);
send_data_rsp_64bit.sglistinfo_len =
SGLISTINFO_TABLE_SIZE;
dmac_flush_range((void *)table,
(void *)table + SGLISTINFO_TABLE_SIZE);
}
cmd_buf = (void *)&send_data_rsp_64bit;
cmd_len = sizeof(send_data_rsp_64bit);
}
if (qseecom.whitelist_support == false || table == NULL)
*(uint32_t *)cmd_buf = QSEOS_LISTENER_DATA_RSP_COMMAND;
else
*(uint32_t *)cmd_buf =
QSEOS_LISTENER_DATA_RSP_COMMAND_WHITELIST;
if (ptr_svc) {
ret = msm_ion_do_cache_op(qseecom.ion_clnt,
ptr_svc->ihandle,
ptr_svc->sb_virt, ptr_svc->sb_length,
ION_IOC_CLEAN_INV_CACHES);
if (ret) {
pr_err("cache operation failed %d\n", ret);
return ret;
}
}
if (lstnr == RPMB_SERVICE) {
ret = __qseecom_enable_clk(CLK_QSEE);
if (ret)
goto exit;
}
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1,
cmd_buf, cmd_len, resp, sizeof(*resp));
if (ptr_svc) {
ptr_svc->listener_in_use = false;
__qseecom_clean_listener_sglistinfo(ptr_svc);
wake_up_interruptible(&ptr_svc->listener_block_app_wq);
}
if (ret) {
pr_err("scm_call() failed with err: %d (app_id = %d)\n",
ret, data->client.app_id);
goto exit;
}
switch (resp->result) {
case QSEOS_RESULT_BLOCKED_ON_LISTENER:
pr_warn("send lsr %d rsp, but app %d block on lsr %d\n",
lstnr, data->client.app_id, resp->data);
if (lstnr == resp->data) {
pr_err("lstnr %d should not be blocked!\n",
lstnr);
ret = -EINVAL;
goto exit;
}
mutex_unlock(&listener_access_lock);
ret = __qseecom_process_reentrancy_blocked_on_listener(
resp, NULL, data);
mutex_lock(&listener_access_lock);
if (ret) {
pr_err("failed to process App(%d) %s blocked on listener %d\n",
data->client.app_id,
data->client.app_name, resp->data);
goto exit;
}
case QSEOS_RESULT_SUCCESS:
case QSEOS_RESULT_INCOMPLETE:
break;
default:
pr_err("fail:resp res= %d,app_id = %d,lstr = %d\n",
resp->result, data->client.app_id, lstnr);
ret = -EINVAL;
goto exit;
}
exit:
mutex_unlock(&listener_access_lock);
if (lstnr == RPMB_SERVICE)
__qseecom_disable_clk(CLK_QSEE);
}
if (rc)
return rc;
return ret;
}
/*
* QSEE doesn't support OS level cmds reentrancy until RE phase-3,
* and QSEE OS level scm_call cmds will fail if there is any blocked TZ app.
* So, needs to first check if no app blocked before sending OS level scm call,
* then wait until all apps are unblocked.
*/
static void __qseecom_reentrancy_check_if_no_app_blocked(uint32_t smc_id)
{
if (qseecom.qsee_reentrancy_support > QSEE_REENTRANCY_PHASE_0 &&
qseecom.qsee_reentrancy_support < QSEE_REENTRANCY_PHASE_3 &&
IS_OWNER_TRUSTED_OS(TZ_SYSCALL_OWNER_ID(smc_id))) {
/* thread sleep until this app unblocked */
while (qseecom.app_block_ref_cnt > 0) {
mutex_unlock(&app_access_lock);
wait_event_interruptible(qseecom.app_block_wq,
(!qseecom.app_block_ref_cnt));
mutex_lock(&app_access_lock);
}
}
}
/*
* scm_call of send data will fail if this TA is blocked or there are more
* than one TA requesting listener services; So, first check to see if need
* to wait.
*/
static void __qseecom_reentrancy_check_if_this_app_blocked(
struct qseecom_registered_app_list *ptr_app)
{
if (qseecom.qsee_reentrancy_support) {
ptr_app->check_block++;
while (ptr_app->app_blocked || qseecom.app_block_ref_cnt > 1) {
/* thread sleep until this app unblocked */
mutex_unlock(&app_access_lock);
wait_event_interruptible(qseecom.app_block_wq,
(!ptr_app->app_blocked &&
qseecom.app_block_ref_cnt <= 1));
mutex_lock(&app_access_lock);
}
ptr_app->check_block--;
}
}
static int __qseecom_check_app_exists(struct qseecom_check_app_ireq req,
uint32_t *app_id)
{
int32_t ret;
struct qseecom_command_scm_resp resp;
bool found_app = false;
struct qseecom_registered_app_list *entry = NULL;
unsigned long flags = 0;
if (!app_id) {
pr_err("Null pointer to app_id\n");
return -EINVAL;
}
*app_id = 0;
/* check if app exists and has been registered locally */
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags);
list_for_each_entry(entry,
&qseecom.registered_app_list_head, list) {
if (!strcmp(entry->app_name, req.app_name)) {
found_app = true;
break;
}
}
spin_unlock_irqrestore(&qseecom.registered_app_list_lock, flags);
if (found_app) {
pr_debug("Found app with id %d\n", entry->app_id);
*app_id = entry->app_id;
return 0;
}
memset((void *)&resp, 0, sizeof(resp));
/* SCM_CALL to check if app_id for the mentioned app exists */
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1, &req,
sizeof(struct qseecom_check_app_ireq),
&resp, sizeof(resp));
if (ret) {
pr_err("scm_call to check if app is already loaded failed\n");
return -EINVAL;
}
if (resp.result == QSEOS_RESULT_FAILURE)
return 0;
switch (resp.resp_type) {
/*qsee returned listener type response */
case QSEOS_LISTENER_ID:
pr_err("resp type is of listener type instead of app");
return -EINVAL;
case QSEOS_APP_ID:
*app_id = resp.data;
return 0;
default:
pr_err("invalid resp type (%d) from qsee",
resp.resp_type);
return -ENODEV;
}
}
static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp)
{
struct qseecom_registered_app_list *entry = NULL;
unsigned long flags = 0;
u32 app_id = 0;
struct ion_handle *ihandle; /* Ion handle */
struct qseecom_load_img_req load_img_req;
int32_t ret = 0;
ion_phys_addr_t pa = 0;
size_t len;
struct qseecom_command_scm_resp resp;
struct qseecom_check_app_ireq req;
struct qseecom_load_app_ireq load_req;
struct qseecom_load_app_64bit_ireq load_req_64bit;
void *cmd_buf = NULL;
size_t cmd_len;
bool first_time = false;
/* Copy the relevant information needed for loading the image */
if (copy_from_user(&load_img_req,
(void __user *)argp,
sizeof(struct qseecom_load_img_req))) {
pr_err("copy_from_user failed\n");
return -EFAULT;
}
/* Check and load cmnlib */
if (qseecom.qsee_version > QSEEE_VERSION_00) {
if (!qseecom.commonlib_loaded &&
load_img_req.app_arch == ELFCLASS32) {
ret = qseecom_load_commonlib_image(data, "cmnlib");
if (ret) {
pr_err("failed to load cmnlib\n");
return -EIO;
}
qseecom.commonlib_loaded = true;
pr_debug("cmnlib is loaded\n");
}
if (!qseecom.commonlib64_loaded &&
load_img_req.app_arch == ELFCLASS64) {
ret = qseecom_load_commonlib_image(data, "cmnlib64");
if (ret) {
pr_err("failed to load cmnlib64\n");
return -EIO;
}
qseecom.commonlib64_loaded = true;
pr_debug("cmnlib64 is loaded\n");
}
}
if (qseecom.support_bus_scaling) {
mutex_lock(&qsee_bw_mutex);
ret = __qseecom_register_bus_bandwidth_needs(data, MEDIUM);
mutex_unlock(&qsee_bw_mutex);
if (ret)
return ret;
}
/* Vote for the SFPB clock */
ret = __qseecom_enable_clk_scale_up(data);
if (ret)
goto enable_clk_err;
req.qsee_cmd_id = QSEOS_APP_LOOKUP_COMMAND;
load_img_req.img_name[MAX_APP_NAME_SIZE-1] = '\0';
strlcpy(req.app_name, load_img_req.img_name, MAX_APP_NAME_SIZE);
ret = __qseecom_check_app_exists(req, &app_id);
if (ret < 0)
goto loadapp_err;
if (app_id) {
pr_debug("App id %d (%s) already exists\n", app_id,
(char *)(req.app_name));
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags);
list_for_each_entry(entry,
&qseecom.registered_app_list_head, list){
if (entry->app_id == app_id) {
entry->ref_cnt++;
break;
}
}
spin_unlock_irqrestore(
&qseecom.registered_app_list_lock, flags);
ret = 0;
} else {
first_time = true;
pr_warn("App (%s) does'nt exist, loading apps for first time\n",
(char *)(load_img_req.img_name));
/* Get the handle of the shared fd */
ihandle = ion_import_dma_buf_fd(qseecom.ion_clnt,
load_img_req.ifd_data_fd);
if (IS_ERR_OR_NULL(ihandle)) {
pr_err("Ion client could not retrieve the handle\n");
ret = -ENOMEM;
goto loadapp_err;
}
/* Get the physical address of the ION BUF */
ret = ion_phys(qseecom.ion_clnt, ihandle, &pa, &len);
if (ret) {
pr_err("Cannot get phys_addr for the Ion Client, ret = %d\n",
ret);
goto loadapp_err;
}
if (load_img_req.mdt_len > len || load_img_req.img_len > len) {
pr_err("ion len %zu is smaller than mdt_len %u or img_len %u\n",
len, load_img_req.mdt_len,
load_img_req.img_len);
ret = -EINVAL;
goto loadapp_err;
}
/* Populate the structure for sending scm call to load image */
if (qseecom.qsee_version < QSEE_VERSION_40) {
load_req.qsee_cmd_id = QSEOS_APP_START_COMMAND;
load_req.mdt_len = load_img_req.mdt_len;
load_req.img_len = load_img_req.img_len;
strlcpy(load_req.app_name, load_img_req.img_name,
MAX_APP_NAME_SIZE);
load_req.phy_addr = (uint32_t)pa;
cmd_buf = (void *)&load_req;
cmd_len = sizeof(struct qseecom_load_app_ireq);
} else {
load_req_64bit.qsee_cmd_id = QSEOS_APP_START_COMMAND;
load_req_64bit.mdt_len = load_img_req.mdt_len;
load_req_64bit.img_len = load_img_req.img_len;
strlcpy(load_req_64bit.app_name, load_img_req.img_name,
MAX_APP_NAME_SIZE);
load_req_64bit.phy_addr = (uint64_t)pa;
cmd_buf = (void *)&load_req_64bit;
cmd_len = sizeof(struct qseecom_load_app_64bit_ireq);
}
ret = msm_ion_do_cache_op(qseecom.ion_clnt, ihandle, NULL, len,
ION_IOC_CLEAN_INV_CACHES);
if (ret) {
pr_err("cache operation failed %d\n", ret);
goto loadapp_err;
}
/* SCM_CALL to load the app and get the app_id back */
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1, cmd_buf,
cmd_len, &resp, sizeof(resp));
if (ret) {
pr_err("scm_call to load app failed\n");
if (!IS_ERR_OR_NULL(ihandle))
ion_free(qseecom.ion_clnt, ihandle);
ret = -EINVAL;
goto loadapp_err;
}
if (resp.result == QSEOS_RESULT_FAILURE) {
pr_err("scm_call rsp.result is QSEOS_RESULT_FAILURE\n");
if (!IS_ERR_OR_NULL(ihandle))
ion_free(qseecom.ion_clnt, ihandle);
ret = -EFAULT;
goto loadapp_err;
}
if (resp.result == QSEOS_RESULT_INCOMPLETE) {
ret = __qseecom_process_incomplete_cmd(data, &resp);
if (ret) {
pr_err("process_incomplete_cmd failed err: %d\n",
ret);
if (!IS_ERR_OR_NULL(ihandle))
ion_free(qseecom.ion_clnt, ihandle);
ret = -EFAULT;
goto loadapp_err;
}
}
if (resp.result != QSEOS_RESULT_SUCCESS) {
pr_err("scm_call failed resp.result unknown, %d\n",
resp.result);
if (!IS_ERR_OR_NULL(ihandle))
ion_free(qseecom.ion_clnt, ihandle);
ret = -EFAULT;
goto loadapp_err;
}
app_id = resp.data;
entry = kmalloc(sizeof(*entry), GFP_KERNEL);
if (!entry) {
ret = -ENOMEM;
goto loadapp_err;
}
entry->app_id = app_id;
entry->ref_cnt = 1;
entry->app_arch = load_img_req.app_arch;
/*
* keymaster app may be first loaded as "keymaste" by qseecomd,
* and then used as "keymaster" on some targets. To avoid app
* name checking error, register "keymaster" into app_list and
* thread private data.
*/
if (!strcmp(load_img_req.img_name, "keymaste"))
strlcpy(entry->app_name, "keymaster",
MAX_APP_NAME_SIZE);
else
strlcpy(entry->app_name, load_img_req.img_name,
MAX_APP_NAME_SIZE);
entry->app_blocked = false;
entry->blocked_on_listener_id = 0;
entry->check_block = 0;
/* Deallocate the handle */
if (!IS_ERR_OR_NULL(ihandle))
ion_free(qseecom.ion_clnt, ihandle);
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags);
list_add_tail(&entry->list, &qseecom.registered_app_list_head);
spin_unlock_irqrestore(&qseecom.registered_app_list_lock,
flags);
pr_warn("App with id %u (%s) now loaded\n", app_id,
(char *)(load_img_req.img_name));
}
data->client.app_id = app_id;
data->client.app_arch = load_img_req.app_arch;
if (!strcmp(load_img_req.img_name, "keymaste"))
strlcpy(data->client.app_name, "keymaster", MAX_APP_NAME_SIZE);
else
strlcpy(data->client.app_name, load_img_req.img_name,
MAX_APP_NAME_SIZE);
load_img_req.app_id = app_id;
if (copy_to_user(argp, &load_img_req, sizeof(load_img_req))) {
pr_err("copy_to_user failed\n");
ret = -EFAULT;
if (first_time == true) {
spin_lock_irqsave(
&qseecom.registered_app_list_lock, flags);
list_del(&entry->list);
spin_unlock_irqrestore(
&qseecom.registered_app_list_lock, flags);
kzfree(entry);
}
}
loadapp_err:
__qseecom_disable_clk_scale_down(data);
enable_clk_err:
if (qseecom.support_bus_scaling) {
mutex_lock(&qsee_bw_mutex);
qseecom_unregister_bus_bandwidth_needs(data);
mutex_unlock(&qsee_bw_mutex);
}
return ret;
}
static int __qseecom_cleanup_app(struct qseecom_dev_handle *data)
{
int ret = 1; /* Set unload app */
wake_up_all(&qseecom.send_resp_wq);
if (qseecom.qsee_reentrancy_support)
mutex_unlock(&app_access_lock);
while (atomic_read(&data->ioctl_count) > 1) {
if (wait_event_interruptible(data->abort_wq,
atomic_read(&data->ioctl_count) <= 1)) {
pr_err("Interrupted from abort\n");
ret = -ERESTARTSYS;
break;
}
}
if (qseecom.qsee_reentrancy_support)
mutex_lock(&app_access_lock);
return ret;
}
static int qseecom_unmap_ion_allocated_memory(struct qseecom_dev_handle *data)
{
int ret = 0;
if (!IS_ERR_OR_NULL(data->client.ihandle)) {
ion_unmap_kernel(qseecom.ion_clnt, data->client.ihandle);
ion_free(qseecom.ion_clnt, data->client.ihandle);
data->client.ihandle = NULL;
}
return ret;
}
static int qseecom_unload_app(struct qseecom_dev_handle *data,
bool app_crash)
{
unsigned long flags;
unsigned long flags1;
int ret = 0;
struct qseecom_command_scm_resp resp;
struct qseecom_registered_app_list *ptr_app = NULL;
bool unload = false;
bool found_app = false;
bool found_dead_app = false;
bool scm_called = false;
if (!data) {
pr_err("Invalid/uninitialized device handle\n");
return -EINVAL;
}
if (!memcmp(data->client.app_name, "keymaste", strlen("keymaste"))) {
pr_debug("Do not unload keymaster app from tz\n");
goto unload_exit;
}
__qseecom_cleanup_app(data);
__qseecom_reentrancy_check_if_no_app_blocked(TZ_OS_APP_SHUTDOWN_ID);
if (data->client.app_id > 0) {
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags);
list_for_each_entry(ptr_app, &qseecom.registered_app_list_head,
list) {
if (ptr_app->app_id == data->client.app_id) {
if (!strcmp((void *)ptr_app->app_name,
(void *)data->client.app_name)) {
found_app = true;
if (ptr_app->app_blocked ||
ptr_app->check_block)
app_crash = false;
if (app_crash || ptr_app->ref_cnt == 1)
unload = true;
break;
}
found_dead_app = true;
break;
}
}
spin_unlock_irqrestore(&qseecom.registered_app_list_lock,
flags);
if (found_app == false && found_dead_app == false) {
pr_err("Cannot find app with id = %d (%s)\n",
data->client.app_id,
(char *)data->client.app_name);
ret = -EINVAL;
goto unload_exit;
}
}
if (found_dead_app)
pr_warn("cleanup app_id %d(%s)\n", data->client.app_id,
(char *)data->client.app_name);
if (unload) {
struct qseecom_unload_app_ireq req;
/* Populate the structure for sending scm call to load image */
req.qsee_cmd_id = QSEOS_APP_SHUTDOWN_COMMAND;
req.app_id = data->client.app_id;
/* SCM_CALL to unload the app */
ret = qseecom_scm_call(SCM_SVC_TZSCHEDULER, 1, &req,
sizeof(struct qseecom_unload_app_ireq),
&resp, sizeof(resp));
scm_called = true;
if (ret) {
pr_err("scm_call to unload app (id = %d) failed\n",
req.app_id);
ret = -EFAULT;
goto scm_exit;
} else {
pr_warn("App id %d now unloaded\n", req.app_id);
}
if (resp.result == QSEOS_RESULT_FAILURE) {
pr_err("app (%d) unload_failed!!\n",
data->client.app_id);
ret = -EFAULT;
goto scm_exit;
}
if (resp.result == QSEOS_RESULT_SUCCESS)
pr_debug("App (%d) is unloaded!!\n",
data->client.app_id);
if (resp.result == QSEOS_RESULT_INCOMPLETE) {
ret = __qseecom_process_incomplete_cmd(data, &resp);
if (ret) {
pr_err("process_incomplete_cmd fail err: %d\n",
ret);
goto scm_exit;
}
}
}
scm_exit:
if (scm_called) {
/* double check if this app_entry still exists */
bool doublecheck = false;
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags1);
list_for_each_entry(ptr_app,
&qseecom.registered_app_list_head, list) {
if ((ptr_app->app_id == data->client.app_id) &&
(!strcmp((void *)ptr_app->app_name,
(void *)data->client.app_name))) {
doublecheck = true;
break;
}
}
spin_unlock_irqrestore(&qseecom.registered_app_list_lock,
flags1);
if (!doublecheck) {
pr_warn("app %d(%s) entry is already removed\n",
data->client.app_id,
(char *)data->client.app_name);
found_app = false;
}
}
unload_exit:
if (found_app) {
spin_lock_irqsave(&qseecom.registered_app_list_lock, flags1);
if (app_crash) {
ptr_app->ref_cnt = 0;
pr_debug("app_crash: ref_count = 0\n");
} else {
if (ptr_app->ref_cnt == 1) {
ptr_app->ref_cnt = 0;
pr_debug("ref_count set to 0\n");
} else {
ptr_app->ref_cnt--;
pr_debug("Can't unload app(%d) inuse\n",
ptr_app->app_id);
}
}
if (unload) {
list_del(&ptr_app->list);
kzfree(ptr_app);
}
spin_unlock_irqrestore(&qseecom.registered_app_list_lock,
flags1);
}
qseecom_unmap_ion_allocated_memory(data);
data->released = true;
return ret;
}
static phys_addr_t __qseecom_uvirt_to_kphys(struct qseecom_dev_handle *data,
unsigned long virt)
{
return data->client.sb_phys + (virt - data->client.user_virt_sb_base);
}
static uintptr_t __qseecom_uvirt_to_kvirt(struct qseecom_dev_handle *data,
unsigned long virt)
{
return (uintptr_t)data->client.sb_virt +
(virt - data->client.user_virt_sb_base);
}
int __qseecom_process_rpmb_svc_cmd(struct qseecom_dev_handle *data_ptr,
struct qseecom_send_svc_cmd_req *req_ptr,
struct qseecom_client_send_service_ireq *send_svc_ireq_ptr)
{
int ret = 0;
void *req_buf = NULL;
if ((req_ptr == NULL) || (send_svc_ireq_ptr == NULL)) {
pr_err("Error with pointer: req_ptr = %pK, send_svc_ptr = %pK\n",
req_ptr, send_svc_ireq_ptr);
return -EINVAL;
}
/* Clients need to ensure req_buf is at base offset of shared buffer */
if ((uintptr_t)req_ptr->cmd_req_buf !=
data_ptr->client.user_virt_sb_base) {
pr_err("cmd buf not pointing to base offset of shared buffer\n");
return -EINVAL;
}
if (data_ptr->client.sb_length <
sizeof(struct qseecom_rpmb_provision_key)) {
pr_err("shared buffer is too small to hold key type\n");
return -EINVAL;
}
req_buf = data_ptr->client.sb_virt;
send_svc_ireq_ptr->qsee_cmd_id = req_ptr->cmd_id;
send_svc_ireq_ptr->key_type =
((struct qseecom_rpmb_provision_key *)req_buf)->key_type;
send_svc_ireq_ptr->req_len = req_ptr->cmd_req_len;
send_svc_ireq_ptr->rsp_ptr = (uint32_t)(__qseecom_uvirt_to_kphys(
data_ptr, (uintptr_t)req_ptr->resp_buf));
send_svc_ireq_ptr->rsp_len = req_ptr->resp_len;
return ret;
}
int __qseecom_process_fsm_key_svc_cmd(struct qseecom_dev_handle *data_ptr,
struct qseecom_send_svc_cmd_req *req_ptr,
struct qseecom_client_send_fsm_key_req *send_svc_ireq_ptr)
{
int ret = 0;
uint32_t reqd_len_sb_in = 0;
if ((req_ptr == NULL) || (send_svc_ireq_ptr == NULL)) {
pr_err("Error with pointer: req_ptr = %pK, send_svc_ptr = %pK\n",
req_ptr, send_svc_ireq_ptr);
return -EINVAL;
}
reqd_len_sb_in = req_ptr->cmd_req_len + req_ptr->resp_len;
if (reqd_len_sb_in > data_ptr->client.sb_length) {
pr_err("Not enough memory to fit cmd_buf and resp_buf. ");
pr_err("Required: %u, Available: %zu\n",
reqd_len_sb_in, data_ptr->client.sb_length);
return -ENOMEM;
}
send_svc_ireq_ptr->qsee_cmd_id = req_ptr->cmd_id;
send_svc_ireq_ptr->req_len = req_ptr->cmd_req_len;
send_svc_ireq_ptr->rsp_ptr = (uint32_t)(__qseecom_uvirt_to_kphys(
data_ptr, (uintptr_t)req_ptr->resp_buf));
send_svc_ireq_ptr->rsp_len = req_ptr->resp_len;
send_svc_ireq_ptr->req_ptr = (uint32_t)(__qseecom_uvirt_to_kphys(
data_ptr, (uintptr_t)req_ptr->cmd_req_buf));
return ret;
}
static int __validate_send_service_cmd_inputs(struct qseecom_dev_handle *data,
struct qseecom_send_svc_cmd_req *req)
{
if (!req || !req->resp_buf || !req->cmd_req_buf) {
pr_err("req or cmd buffer or response buffer is null\n");
return -EINVAL;
}
if (!data || !data->client.ihandle) {
pr_err("Client or client handle is not initialized\n");
return -EINVAL;
}
if (data->client.sb_virt == NULL) {
pr_err("sb_virt null\n");
return -EINVAL;
}
if (data->client.user_virt_sb_base == 0) {
pr_err("user_virt_sb_base is null\n");
return -EINVAL;
}
if (data->client.sb_length == 0) {
pr_err("sb_length is 0\n");
return -EINVAL;
}
if (((uintptr_t)req->cmd_req_buf <
data->client.user_virt_sb_base) ||
((uintptr_t)req->cmd_req_buf >=
(data->client.user_virt_sb_base + data->client.sb_length))) {
pr_err("cmd buffer address not within shared bufffer\n");
return -EINVAL;
}
if (((uintptr_t)req->resp_buf <
data->client.user_virt_sb_base) ||
((uintptr_t)req->resp_buf >=
(data->client.user_virt_sb_base + data->client.sb_length))) {
pr_err("response buffer address not within shared bufffer\n");
return -EINVAL;
}
if ((req->cmd_req_len == 0) || (req->resp_len == 0) ||
(req->cmd_req_len > data->client.sb_length) ||
(req->resp_len > data->client.sb_length)) {
pr_err("cmd buf length or response buf length not valid\n");
return -EINVAL;
}
if (req->cmd_req_len > UINT_MAX - req->resp_len) {
pr_err("Integer overflow detected in req_len & rsp_len\n");
return -EINVAL;
}
if ((req->cmd_req_len + req->resp_len) > data->client.sb_length) {
pr_debug("Not enough memory to fit cmd_buf.\n");
pr_debug("resp_buf. Required: %u, Available: %zu\n",
(req->cmd_req_len + req->resp_len),
data->client.sb_length);
return -ENOMEM;
}
if ((uintptr_t)req->cmd_req_buf > (ULONG_MAX - req->cmd_req_len)) {
pr_err("Integer overflow in req_len & cmd_req_buf\n");
return -EINVAL;
}
if ((uintptr_t)req->resp_buf > (ULONG_MAX - req->resp_len)) {
pr_err("Integer overflow in resp_len & resp_buf\n");
return -EINVAL;
}
if (data->client.user_virt_sb_base >
(ULONG_MAX - data->client.sb_length)) {
pr_err("Integer overflow in user_virt_sb_base & sb_length\n");
return -EINVAL;
}
if ((((uintptr_t)req->cmd_req_buf + req->cmd_req_len) >
((uintptr_t)data->client