diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c index b1237edbbdc6..c543550f2b82 100644 --- a/drivers/misc/qseecom.c +++ b/drivers/misc/qseecom.c @@ -3,7 +3,7 @@ * QTI Secure Execution Environment Communicator (QSEECOM) driver * * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved. - * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved. + * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved. */ #define pr_fmt(fmt) "QSEECOM: %s: " fmt, __func__ @@ -7651,14 +7651,15 @@ long qseecom_ioctl(struct file *file, switch (cmd) { case QSEECOM_IOCTL_REGISTER_LISTENER_REQ: { + mutex_lock(&listener_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("reg lstnr req: invalid handle (%d)\n", data->type); + mutex_unlock(&listener_access_lock); ret = -EINVAL; break; } pr_debug("ioctl register_listener_req()\n"); - mutex_lock(&listener_access_lock); atomic_inc(&data->ioctl_count); data->type = QSEECOM_LISTENER_SERVICE; ret = qseecom_register_listener(data, argp); @@ -7670,15 +7671,16 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_UNREGISTER_LISTENER_REQ: { + mutex_lock(&listener_access_lock); if ((data->listener.id == 0) || (data->type != QSEECOM_LISTENER_SERVICE)) { pr_err("unreg lstnr req: invalid handle (%d) lid(%d)\n", data->type, data->listener.id); + mutex_unlock(&listener_access_lock); ret = -EINVAL; break; } pr_debug("ioctl unregister_listener_req()\n"); - mutex_lock(&listener_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_unregister_listener(data); atomic_dec(&data->ioctl_count); @@ -7689,15 +7691,16 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_SEND_CMD_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("send cmd req: invalid handle (%d) app_id(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); if (qseecom.support_bus_scaling) { /* register bus bw in case the client doesn't do it */ if (!data->mode) { @@ -7751,15 +7754,16 @@ long qseecom_ioctl(struct file *file, } case QSEECOM_IOCTL_SEND_MODFD_CMD_REQ: case QSEECOM_IOCTL_SEND_MODFD_CMD_64_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("send mdfd cmd: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); if (qseecom.support_bus_scaling) { if (!data->mode) { mutex_lock(&qsee_bw_mutex); @@ -7815,13 +7819,16 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_RECEIVE_REQ: { + mutex_lock(&listener_access_lock); if ((data->listener.id == 0) || (data->type != QSEECOM_LISTENER_SERVICE)) { pr_err("receive req: invalid handle (%d), lid(%d)\n", data->type, data->listener.id); + mutex_unlock(&listener_access_lock); ret = -EINVAL; break; } + mutex_unlock(&listener_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_receive_req(data); atomic_dec(&data->ioctl_count); @@ -7831,14 +7838,15 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_SEND_RESP_REQ: { + mutex_lock(&listener_access_lock); if ((data->listener.id == 0) || (data->type != QSEECOM_LISTENER_SERVICE)) { pr_err("send resp req: invalid handle (%d), lid(%d)\n", data->type, data->listener.id); + mutex_unlock(&listener_access_lock); ret = -EINVAL; break; } - mutex_lock(&listener_access_lock); atomic_inc(&data->ioctl_count); if (!qseecom.qsee_reentrancy_support) ret = qseecom_send_resp(); @@ -7852,16 +7860,17 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_SET_MEM_PARAM_REQ: { + mutex_lock(&app_access_lock); if ((data->type != QSEECOM_CLIENT_APP) && (data->type != QSEECOM_GENERIC) && (data->type != QSEECOM_SECURE_SERVICE)) { pr_err("set mem param req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } pr_debug("SET_MEM_PARAM: qseecom addr = 0x%pK\n", data); - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_set_client_mem_param(data, argp); atomic_dec(&data->ioctl_count); @@ -7872,16 +7881,17 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_LOAD_APP_REQ: { + mutex_lock(&app_access_lock); if ((data->type != QSEECOM_GENERIC) && (data->type != QSEECOM_CLIENT_APP)) { pr_err("load app req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->type = QSEECOM_CLIENT_APP; pr_debug("LOAD_APP_REQ: qseecom_addr = 0x%pK\n", data); - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_load_app(data, argp); atomic_dec(&data->ioctl_count); @@ -7892,15 +7902,16 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_UNLOAD_APP_REQ: { + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("unload app req:invalid handle(%d) app_id(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } pr_debug("UNLOAD_APP: qseecom_addr = 0x%pK\n", data); - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_unload_app(data, false); atomic_dec(&data->ioctl_count); @@ -7919,10 +7930,12 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_PERF_ENABLE_REQ:{ + mutex_lock(&app_access_lock); if ((data->type != QSEECOM_GENERIC) && (data->type != QSEECOM_CLIENT_APP)) { pr_err("perf enable req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } @@ -7930,6 +7943,7 @@ long qseecom_ioctl(struct file *file, (data->client.app_id == 0)) { pr_err("perf enable req:invalid handle(%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } @@ -7944,13 +7958,16 @@ long qseecom_ioctl(struct file *file, pr_err("Fail to vote for clocks %d\n", ret); } atomic_dec(&data->ioctl_count); + mutex_unlock(&app_access_lock); break; } case QSEECOM_IOCTL_PERF_DISABLE_REQ:{ + mutex_lock(&app_access_lock); if ((data->type != QSEECOM_SECURE_SERVICE) && (data->type != QSEECOM_CLIENT_APP)) { pr_err("perf disable req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } @@ -7958,6 +7975,7 @@ long qseecom_ioctl(struct file *file, (data->client.app_id == 0)) { pr_err("perf disable: invalid handle (%d)app_id(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } @@ -7971,6 +7989,7 @@ long qseecom_ioctl(struct file *file, mutex_unlock(&qsee_bw_mutex); } atomic_dec(&data->ioctl_count); + mutex_unlock(&app_access_lock); break; } @@ -7980,28 +7999,32 @@ long qseecom_ioctl(struct file *file, pr_debug("crypto clock is not handled by HLOS\n"); break; } + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("set bus scale: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } atomic_inc(&data->ioctl_count); ret = qseecom_scale_bus_bandwidth(data, argp); atomic_dec(&data->ioctl_count); + mutex_unlock(&app_access_lock); break; } case QSEECOM_IOCTL_LOAD_EXTERNAL_ELF_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("load ext elf req: invalid client handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->type = QSEECOM_UNAVAILABLE_CLIENT_APP; data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_load_external_elf(data, argp); atomic_dec(&data->ioctl_count); @@ -8011,14 +8034,15 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_UNLOAD_EXTERNAL_ELF_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_UNAVAILABLE_CLIENT_APP) { pr_err("unload ext elf req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_unload_external_elf(data); atomic_dec(&data->ioctl_count); @@ -8028,15 +8052,16 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: { + mutex_lock(&app_access_lock); if ((data->type != QSEECOM_GENERIC) && (data->type != QSEECOM_CLIENT_APP)) { pr_err("app loaded query req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->type = QSEECOM_CLIENT_APP; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); pr_debug("APP_LOAD_QUERY: qseecom_addr = 0x%pK\n", data); ret = qseecom_query_app_loaded(data, argp); @@ -8045,9 +8070,11 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_SEND_CMD_SERVICE_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("send cmd svc req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } @@ -8055,9 +8082,9 @@ long qseecom_ioctl(struct file *file, if (qseecom.qsee_version < QSEE_VERSION_03) { pr_err("SEND_CMD_SERVICE_REQ: Invalid qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_send_service_cmd(data, argp); atomic_dec(&data->ioctl_count); @@ -8067,19 +8094,21 @@ long qseecom_ioctl(struct file *file, case QSEECOM_IOCTL_CREATE_KEY_REQ: { if (!(qseecom.support_pfe || qseecom.support_fde)) pr_err("Features requiring key init not supported\n"); + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("create key req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_05) { pr_err("Create Key feature unsupported: qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_create_key(data, argp); if (ret) @@ -8092,19 +8121,21 @@ long qseecom_ioctl(struct file *file, case QSEECOM_IOCTL_WIPE_KEY_REQ: { if (!(qseecom.support_pfe || qseecom.support_fde)) pr_err("Features requiring key init not supported\n"); + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("wipe key req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_05) { pr_err("Wipe Key feature unsupported in qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_wipe_key(data, argp); if (ret) @@ -8116,19 +8147,21 @@ long qseecom_ioctl(struct file *file, case QSEECOM_IOCTL_UPDATE_KEY_USER_INFO_REQ: { if (!(qseecom.support_pfe || qseecom.support_fde)) pr_err("Features requiring key init not supported\n"); + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("update key req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_05) { pr_err("Update Key feature unsupported in qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_update_key_user_info(data, argp); if (ret) @@ -8138,14 +8171,15 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_SAVE_PARTITION_HASH_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("save part hash req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_save_partition_hash(argp); atomic_dec(&data->ioctl_count); @@ -8153,14 +8187,15 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_IS_ES_ACTIVATED_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("ES activated req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_is_es_activated(argp); atomic_dec(&data->ioctl_count); @@ -8168,14 +8203,15 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_IOCTL_MDTP_CIPHER_DIP_REQ: { + mutex_lock(&app_access_lock); if (data->type != QSEECOM_GENERIC) { pr_err("MDTP cipher DIP req: invalid handle (%d)\n", data->type); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } data->released = true; - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_mdtp_cipher_dip(argp); atomic_dec(&data->ioctl_count); @@ -8184,14 +8220,15 @@ long qseecom_ioctl(struct file *file, } case QSEECOM_IOCTL_SEND_MODFD_RESP: case QSEECOM_IOCTL_SEND_MODFD_RESP_64: { + mutex_lock(&listener_access_lock); if ((data->listener.id == 0) || (data->type != QSEECOM_LISTENER_SERVICE)) { pr_err("receive req: invalid handle (%d), lid(%d)\n", data->type, data->listener.id); + mutex_unlock(&listener_access_lock); ret = -EINVAL; break; } - mutex_lock(&listener_access_lock); atomic_inc(&data->ioctl_count); if (cmd == QSEECOM_IOCTL_SEND_MODFD_RESP) ret = qseecom_send_modfd_resp(data, argp); @@ -8206,20 +8243,22 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_QTEEC_IOCTL_OPEN_SESSION_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("Open session: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_40) { pr_err("GP feature unsupported: qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_qteec_open_session(data, argp); atomic_dec(&data->ioctl_count); @@ -8231,20 +8270,22 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_QTEEC_IOCTL_CLOSE_SESSION_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("Close session: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_40) { pr_err("GP feature unsupported: qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_qteec_close_session(data, argp); atomic_dec(&data->ioctl_count); @@ -8255,20 +8296,22 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_QTEEC_IOCTL_INVOKE_MODFD_CMD_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("Invoke cmd: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_40) { pr_err("GP feature unsupported: qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_qteec_invoke_modfd_cmd(data, argp); atomic_dec(&data->ioctl_count); @@ -8280,20 +8323,22 @@ long qseecom_ioctl(struct file *file, break; } case QSEECOM_QTEEC_IOCTL_REQUEST_CANCELLATION_REQ: { + /* Only one client allowed here at a time */ + mutex_lock(&app_access_lock); if ((data->client.app_id == 0) || (data->type != QSEECOM_CLIENT_APP)) { pr_err("Cancel req: invalid handle (%d) appid(%d)\n", data->type, data->client.app_id); + mutex_unlock(&app_access_lock); ret = -EINVAL; break; } if (qseecom.qsee_version < QSEE_VERSION_40) { pr_err("GP feature unsupported: qsee ver %u\n", qseecom.qsee_version); + mutex_unlock(&app_access_lock); return -EINVAL; } - /* Only one client allowed here at a time */ - mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); ret = qseecom_qteec_request_cancellation(data, argp); atomic_dec(&data->ioctl_count);