services/smc/smc_service.c - trusty/lk/trusty - Git at Google

 /*
  * Copyright (c) 2019, Google Inc. All rights reserved
  *
  * Permission is hereby granted, free of charge, to any person obtaining
  * a copy of this software and associated documentation files
  * (the "Software"), to deal in the Software without restriction,
  * including without limitation the rights to use, copy, modify, merge,
  * publish, distribute, sublicense, and/or sell copies of the Software,
  * and to permit persons to whom the Software is furnished to do so,
  * subject to the following conditions:
  *
  * The above copyright notice and this permission notice shall be
  * included in all copies or substantial portions of the Software.
  *
  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
  * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
  * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
  * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */

 #include <err.h>
 #include <interface/smc/smc.h>
 #include <kernel/thread.h>
 #include <lib/ktipc/ktipc.h>
 #include <lib/trusty/handle_set.h>
 #include <lib/trusty/ipc.h>
 #include <lib/trusty/ipc_msg.h>
 #include <lk/init.h>
 #include <lk/trace.h>
 #include <services/smc/acl.h>
 #include <string.h>

 #define LOCAL_TRACE (0)

 struct smc_channel_ctx {
     struct smc_access_policy policy;
     struct uuid uuid;
 };

 /**
  * struct smc_regs - Struct representing input/output registers of an SMC
  * @r0-3: registers r0-3/x0-3 for 32/64 bit respectively
  */
 struct smc_regs {
     ulong r0;
     ulong r1;
     ulong r2;
     ulong r3;
 };

 #if ARCH_ARM64
 #define SMC_ARG0 "x0"
 #define SMC_ARG1 "x1"
 #define SMC_ARG2 "x2"
 #define SMC_ARG3 "x3"
 #define SMC_ARCH_EXTENSION ""
 #define SMC_REGISTERS_TRASHED                                              \
     "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", \
             "x15", "x16", "x17"
 #else
 #define SMC_ARG0 "r0"
 #define SMC_ARG1 "r1"
 #define SMC_ARG2 "r2"
 #define SMC_ARG3 "r3"
 #define SMC_ARCH_EXTENSION ".arch_extension sec\n"
 #define SMC_REGISTERS_TRASHED "ip"
 #endif

 /* Perform a secure manager call with up to 4 inputs and 4 outputs */
 static struct smc_regs smc(struct smc_regs* regs) {
     register ulong _r0 __asm__(SMC_ARG0) = regs->r0;
     register ulong _r1 __asm__(SMC_ARG1) = regs->r1;
     register ulong _r2 __asm__(SMC_ARG2) = regs->r2;
     register ulong _r3 __asm__(SMC_ARG3) = regs->r3;
     __asm__ volatile(SMC_ARCH_EXTENSION "smc #0"
                      : "=r"(_r0), "=r"(_r1), "=r"(_r2), "=r"(_r3)
                      : "r"(_r0), "r"(_r1), "r"(_r2), "r"(_r3)
                      : SMC_REGISTERS_TRASHED);
     return (struct smc_regs){
             .r0 = _r0,
             .r1 = _r1,
             .r2 = _r2,
             .r3 = _r3,
     };
 }

 static int smc_service_handle_msg(const struct ktipc_port* port,
                                   struct handle* channel,
                                   void* ctx) {
     struct smc_channel_ctx* channel_ctx = ctx;
     int rc;
     struct smc_msg request;
     struct smc_response response = {0};
     struct smc_regs ret;
     uint32_t smc_nr;

     rc = ktipc_recv(channel, sizeof(request), &request, sizeof(request));
     if ((size_t)rc != sizeof(request)) {
         TRACEF("%s: failed (%d) to read SMC request\n", __func__, rc);
         goto err;
     }

     smc_nr = (uint32_t)request.params[0];
     rc = channel_ctx->policy.check_access(smc_nr);
     if (rc != NO_ERROR) {
         TRACEF("%s: failed (%d) client not allowed to call SMC number %x\n",
                __func__, rc, smc_nr);
         /*
          * callers of smc_read_response should not consume the struct smc_msg
          * out parameter if the status code is negative but we write the error
          * code into the message anyway out of an over-abundance of caution.
          */
         response.msg.params[0] = (ulong)ERR_ACCESS_DENIED;
         response.rc = ERR_ACCESS_DENIED;
         goto send_response;
     }

     rc = channel_ctx->policy.check_request(smc_nr, &channel_ctx->uuid,
                                            &request);
     if (rc != NO_ERROR) {
         TRACEF("%s: failed (%d) invalid request for SMC number %x\n", __func__,
                rc, smc_nr);
         /* same reasoning as the ERR_ACCESS_DENIED case above */
         response.msg.params[0] = (ulong)ERR_INVALID_ARGS;
         response.rc = ERR_INVALID_ARGS;
         goto send_response;
     }

     struct smc_regs args = {
             .r0 = (ulong)request.params[0],
             .r1 = (ulong)request.params[1],
             .r2 = (ulong)request.params[2],
             .r3 = (ulong)request.params[3],
     };
     ret = smc(&args);

     response.msg.params[0] = ret.r0;
     response.msg.params[1] = ret.r1;
     response.msg.params[2] = ret.r2;
     response.msg.params[3] = ret.r3;

     if ((int32_t)ret.r0 == SM_ERR_UNDEFINED_SMC) {
         TRACEF("%s: unknown or failed smcall: %x\n", __func__, smc_nr);
         response.rc = ERR_GENERIC;
     }

 send_response:
     rc = ktipc_send(channel, &response, sizeof(response));
     if ((size_t)rc != sizeof(response)) {
         TRACEF("%s: failed (%d) to send response\n", __func__, rc);
     }

 err:
     return rc;
 }

 static int smc_service_handle_connect(const struct ktipc_port* port,
                                       struct handle* chan,
                                       const struct uuid* peer_uuid,
                                       void** ctx_p) {
     struct smc_channel_ctx* channel_ctx = calloc(1, sizeof(*channel_ctx));
     if (!channel_ctx) {
         TRACEF("%s: failed to allocate smc_channel_ctx\n", __func__);
         return ERR_NO_MEMORY;
     }

     smc_load_access_policy(peer_uuid, &channel_ctx->policy);
     channel_ctx->uuid = *peer_uuid;

     *ctx_p = channel_ctx;

     return NO_ERROR;
 }

 static void smc_service_handle_channel_cleanup(void* ctx) {
     struct smc_channel_ctx* channel_ctx = ctx;
     free(channel_ctx);
 }

 const static struct ktipc_srv_ops smc_service_ops = {
         .on_connect = smc_service_handle_connect,
         .on_message = smc_service_handle_msg,
         .on_channel_cleanup = smc_service_handle_channel_cleanup,
 };

 const static struct ktipc_port_acl smc_service_port_acl = {
         .flags = IPC_PORT_ALLOW_TA_CONNECT,
         .uuids = NULL,
         .uuid_num = 0,
         .extra_data = NULL,
 };

 const static struct ktipc_port smc_service_port = {
         .name = SMC_SERVICE_PORT,
         .uuid = &kernel_uuid,
         .msg_max_size = sizeof(struct smc_response),
         .msg_queue_len = 1,
         .acl = &smc_service_port_acl,
         .priv = NULL,
 };

 static struct ktipc_server smc_ktipc_server =
         KTIPC_SERVER_INITIAL_VALUE(smc_ktipc_server, "smc_ktipc_server");

 static void smc_service_init(uint level) {
     int rc;

     rc = ktipc_server_start(&smc_ktipc_server);
     if (rc < 0) {
         panic("Failed (%d) to start smc server\n", rc);
     }

     rc = ktipc_server_add_port(&smc_ktipc_server, &smc_service_port,
                                &smc_service_ops);
     if (rc < 0) {
         panic("Failed (%d) to create smc port\n", rc);
     }
 }

 LK_INIT_HOOK(smc, smc_service_init, LK_INIT_LEVEL_APPS);
	/*
	* Copyright (c) 2019, Google Inc. All rights reserved
	*
	* Permission is hereby granted, free of charge, to any person obtaining
	* a copy of this software and associated documentation files
	* (the "Software"), to deal in the Software without restriction,
	* including without limitation the rights to use, copy, modify, merge,
	* publish, distribute, sublicense, and/or sell copies of the Software,
	* and to permit persons to whom the Software is furnished to do so,
	* subject to the following conditions:
	*
	* The above copyright notice and this permission notice shall be
	* included in all copies or substantial portions of the Software.
	*
	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
	* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
	* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	*/

	#include <err.h>
	#include <interface/smc/smc.h>
	#include <kernel/thread.h>
	#include <lib/ktipc/ktipc.h>
	#include <lib/trusty/handle_set.h>
	#include <lib/trusty/ipc.h>
	#include <lib/trusty/ipc_msg.h>
	#include <lk/init.h>
	#include <lk/trace.h>
	#include <services/smc/acl.h>
	#include <string.h>

	#define LOCAL_TRACE (0)

	struct smc_channel_ctx {
	struct smc_access_policy policy;
	struct uuid uuid;
	};

	/**
	* struct smc_regs - Struct representing input/output registers of an SMC
	* @r0-3: registers r0-3/x0-3 for 32/64 bit respectively
	*/
	struct smc_regs {
	ulong r0;
	ulong r1;
	ulong r2;
	ulong r3;
	};

	#if ARCH_ARM64
	#define SMC_ARG0 "x0"
	#define SMC_ARG1 "x1"
	#define SMC_ARG2 "x2"
	#define SMC_ARG3 "x3"
	#define SMC_ARCH_EXTENSION ""
	#define SMC_REGISTERS_TRASHED \
	"x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", \
	"x15", "x16", "x17"
	#else
	#define SMC_ARG0 "r0"
	#define SMC_ARG1 "r1"
	#define SMC_ARG2 "r2"
	#define SMC_ARG3 "r3"
	#define SMC_ARCH_EXTENSION ".arch_extension sec\n"
	#define SMC_REGISTERS_TRASHED "ip"
	#endif

	/* Perform a secure manager call with up to 4 inputs and 4 outputs */
	static struct smc_regs smc(struct smc_regs* regs) {
	register ulong _r0 __asm__(SMC_ARG0) = regs->r0;
	register ulong _r1 __asm__(SMC_ARG1) = regs->r1;
	register ulong _r2 __asm__(SMC_ARG2) = regs->r2;
	register ulong _r3 __asm__(SMC_ARG3) = regs->r3;
	__asm__ volatile(SMC_ARCH_EXTENSION "smc #0"
	: "=r"(_r0), "=r"(_r1), "=r"(_r2), "=r"(_r3)
	: "r"(_r0), "r"(_r1), "r"(_r2), "r"(_r3)
	: SMC_REGISTERS_TRASHED);
	return (struct smc_regs){
	.r0 = _r0,
	.r1 = _r1,
	.r2 = _r2,
	.r3 = _r3,
	};
	}

	static int smc_service_handle_msg(const struct ktipc_port* port,
	struct handle* channel,
	void* ctx) {
	struct smc_channel_ctx* channel_ctx = ctx;
	int rc;
	struct smc_msg request;
	struct smc_response response = {0};
	struct smc_regs ret;
	uint32_t smc_nr;

	rc = ktipc_recv(channel, sizeof(request), &request, sizeof(request));
	if ((size_t)rc != sizeof(request)) {
	TRACEF("%s: failed (%d) to read SMC request\n", __func__, rc);
	goto err;
	}

	smc_nr = (uint32_t)request.params[0];
	rc = channel_ctx->policy.check_access(smc_nr);
	if (rc != NO_ERROR) {
	TRACEF("%s: failed (%d) client not allowed to call SMC number %x\n",
	__func__, rc, smc_nr);
	/*
	* callers of smc_read_response should not consume the struct smc_msg
	* out parameter if the status code is negative but we write the error
	* code into the message anyway out of an over-abundance of caution.
	*/
	response.msg.params[0] = (ulong)ERR_ACCESS_DENIED;
	response.rc = ERR_ACCESS_DENIED;
	goto send_response;
	}

	rc = channel_ctx->policy.check_request(smc_nr, &channel_ctx->uuid,
	&request);
	if (rc != NO_ERROR) {
	TRACEF("%s: failed (%d) invalid request for SMC number %x\n", __func__,
	rc, smc_nr);
	/* same reasoning as the ERR_ACCESS_DENIED case above */
	response.msg.params[0] = (ulong)ERR_INVALID_ARGS;
	response.rc = ERR_INVALID_ARGS;
	goto send_response;
	}

	struct smc_regs args = {
	.r0 = (ulong)request.params[0],
	.r1 = (ulong)request.params[1],
	.r2 = (ulong)request.params[2],
	.r3 = (ulong)request.params[3],
	};
	ret = smc(&args);

	response.msg.params[0] = ret.r0;
	response.msg.params[1] = ret.r1;
	response.msg.params[2] = ret.r2;
	response.msg.params[3] = ret.r3;

	if ((int32_t)ret.r0 == SM_ERR_UNDEFINED_SMC) {
	TRACEF("%s: unknown or failed smcall: %x\n", __func__, smc_nr);
	response.rc = ERR_GENERIC;
	}

	send_response:
	rc = ktipc_send(channel, &response, sizeof(response));
	if ((size_t)rc != sizeof(response)) {
	TRACEF("%s: failed (%d) to send response\n", __func__, rc);
	}

	err:
	return rc;
	}

	static int smc_service_handle_connect(const struct ktipc_port* port,
	struct handle* chan,
	const struct uuid* peer_uuid,
	void** ctx_p) {
	struct smc_channel_ctx* channel_ctx = calloc(1, sizeof(*channel_ctx));
	if (!channel_ctx) {
	TRACEF("%s: failed to allocate smc_channel_ctx\n", __func__);
	return ERR_NO_MEMORY;
	}

	smc_load_access_policy(peer_uuid, &channel_ctx->policy);
	channel_ctx->uuid = *peer_uuid;

	*ctx_p = channel_ctx;

	return NO_ERROR;
	}

	static void smc_service_handle_channel_cleanup(void* ctx) {
	struct smc_channel_ctx* channel_ctx = ctx;
	free(channel_ctx);
	}

	const static struct ktipc_srv_ops smc_service_ops = {
	.on_connect = smc_service_handle_connect,
	.on_message = smc_service_handle_msg,
	.on_channel_cleanup = smc_service_handle_channel_cleanup,
	};

	const static struct ktipc_port_acl smc_service_port_acl = {
	.flags = IPC_PORT_ALLOW_TA_CONNECT,
	.uuids = NULL,
	.uuid_num = 0,
	.extra_data = NULL,
	};

	const static struct ktipc_port smc_service_port = {
	.name = SMC_SERVICE_PORT,
	.uuid = &kernel_uuid,
	.msg_max_size = sizeof(struct smc_response),
	.msg_queue_len = 1,
	.acl = &smc_service_port_acl,
	.priv = NULL,
	};

	static struct ktipc_server smc_ktipc_server =
	KTIPC_SERVER_INITIAL_VALUE(smc_ktipc_server, "smc_ktipc_server");

	static void smc_service_init(uint level) {
	int rc;

	rc = ktipc_server_start(&smc_ktipc_server);
	if (rc < 0) {
	panic("Failed (%d) to start smc server\n", rc);
	}

	rc = ktipc_server_add_port(&smc_ktipc_server, &smc_service_port,
	&smc_service_ops);
	if (rc < 0) {
	panic("Failed (%d) to create smc port\n", rc);
	}
	}

	LK_INIT_HOOK(smc, smc_service_init, LK_INIT_LEVEL_APPS);