core: pta: scmi: ocall threaded context

Using Ocall (CFG_CORE_OCALL=y), the SCMI agent and PTA can provision a
secure thread for SCMI message passing/processing.

The channel exchange protocol using OP-TEE Ocall is described in the
PTA API header file pta_scmi_client.h

Note: this change was originally posted to OP-TEE through pull request
OP-TEE#4535.

Change-Id: I995192c660cd837fa7ccc025f5c95363e3b01937
Signed-off-by: Etienne Carriere <[email protected]>
Reviewed-on: https://gerrit.st.com/c/mpu/oe/optee/optee_os/+/202484
Tested-by: Etienne CARRIERE <[email protected]>
Reviewed-by: Etienne CARRIERE <[email protected]>
Reviewed-by: Lionel DEBIEVE <[email protected]>

Author: etienne-lms

core/pta/scmi.c

@@ -7,9 +7,17 @@
 #include <config.h>
 #include <drivers/scmi-msg.h>
 #include <kernel/pseudo_ta.h>
+#include <optee_rpc_cmd.h>
 #include <pta_scmi_client.h>
 #include <stdint.h>
 #include <string.h>
+#include <tee/uuid.h>
+#include <util.h>
+
+static bool valid_caps(unsigned int caps)
+{
+	return (caps & ~PTA_SCMI_CAPS_VALID_MASK) == 0;
+}
 
 static TEE_Result cmd_capabilities(uint32_t ptypes,
 				   TEE_Param param[TEE_NUM_PARAMS])
@@ -25,6 +33,8 @@ static TEE_Result cmd_capabilities(uint32_t ptypes,
 
 	if (IS_ENABLED(CFG_SCMI_MSG_SMT))
 		caps |= PTA_SCMI_CAPS_SMT_HEADER;
+	if (IS_ENABLED(CFG_CORE_OCALL))
+		caps |= PTA_SCMI_CAPS_OCALL_THREAD;
 
 	param[0].value.a = caps;
 	param[0].value.b = 0;
@@ -97,6 +107,116 @@ static TEE_Result cmd_process_smt_message(uint32_t ptypes,
 	return TEE_ERROR_NOT_SUPPORTED;
 }
 
+/* Process an OCALL RPC to client and report status */
+static enum optee_scmi_ocall_reply pta_scmi_ocall(uint32_t channel_id)
+{
+	static const TEE_UUID uuid = PTA_SCMI_UUID;
+	static uint64_t uuid_octet[2];
+	static bool uuid_ready;
+	struct thread_param params[THREAD_RPC_MAX_NUM_PARAMS] = {
+		/* Ocall command, sub command */
+		THREAD_PARAM_VALUE(INOUT, 0, 0, 0),
+		/* UUID of Ocall initiator */
+		THREAD_PARAM_VALUE(IN, 0, 0, 0),
+		/* Output value argument to get REE feedback */
+		THREAD_PARAM_VALUE(OUT, 0, 0, 0),
+	};
+	uint64_t ocall_res = 0;
+	uint64_t __maybe_unused ocall_ori = 0;
+	enum optee_scmi_ocall_reply agent_request = PTA_SCMI_OCALL_ERROR;
+	TEE_Result res = TEE_ERROR_GENERIC;
+
+	if (!IS_ENABLED(CFG_CORE_OCALL))
+		return PTA_SCMI_OCALL_ERROR;
+
+	if (!uuid_ready) {
+		tee_uuid_to_octets((uint8_t *)uuid_octet, &uuid);
+		uuid_ready = true;
+	}
+
+	params[0].u.value.a = PTA_SCMI_OCALL_CMD_THREAD_READY;
+	params[1].u.value.a = uuid_octet[0];
+	params[1].u.value.b = uuid_octet[1];
+
+	params[0] = THREAD_PARAM_VALUE(INOUT, PTA_SCMI_OCALL_CMD_THREAD_READY,
+				       0, 0);
+	params[1] = THREAD_PARAM_VALUE(IN, uuid_octet[0], uuid_octet[1], 0);
+	params[2] = THREAD_PARAM_VALUE(OUT, 0, 0, 0);
+
+	res = thread_rpc_cmd(OPTEE_RPC_CMD_OCALL, ARRAY_SIZE(params), params);
+	if (res) {
+		DMSG("Close thread on RPC error %#"PRIx32, res);
+		return PTA_SCMI_OCALL_ERROR;
+	}
+
+	ocall_res = params[0].u.value.b;
+	ocall_ori = params[0].u.value.c;
+	if (ocall_res) {
+		DMSG("SCMI RPC thread failed %#"PRIx64" from %#"PRIx64,
+		     ocall_res, ocall_ori);
+		return PTA_SCMI_OCALL_ERROR;
+	}
+
+	agent_request = (enum optee_scmi_ocall_reply)params[2].u.value.a;
+
+	switch (agent_request) {
+	case PTA_SCMI_OCALL_PROCESS_SMT_CHANNEL:
+		FMSG("Posting message on channel %u"PRIu32, channel_id);
+		if (IS_ENABLED(CFG_SCMI_MSG_SMT))
+			scmi_smt_threaded_entry(channel_id);
+		else
+			panic();
+		break;
+	case PTA_SCMI_OCALL_CLOSE_THREAD:
+		FMSG("Closing channel %u"PRIu32, channel_id);
+		break;
+	case PTA_SCMI_OCALL_ERROR:
+		FMSG("Error on channel %u"PRIu32, channel_id);
+		break;
+	default:
+		DMSG("Invalid Ocall cmd %#x on channel %u"PRIu32,
+		     agent_request, channel_id);
+		return PTA_SCMI_OCALL_CLOSE_THREAD;
+	}
+
+	return agent_request;
+}
+
+static TEE_Result cmd_scmi_ocall_thread(uint32_t ptypes,
+					TEE_Param params[TEE_NUM_PARAMS])
+{
+	const uint32_t exp_ptypes = TEE_PARAM_TYPES(TEE_PARAM_TYPE_VALUE_INPUT,
+						    TEE_PARAM_TYPE_NONE,
+						    TEE_PARAM_TYPE_NONE,
+						    TEE_PARAM_TYPE_NONE);
+
+	uint32_t channel_id = (int)params[0].value.a;
+	struct scmi_msg_channel *channel = NULL;
+
+	if (ptypes != exp_ptypes)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	if (IS_ENABLED(CFG_SCMI_MSG_SMT))
+		channel = plat_scmi_get_channel(channel_id);
+	else
+		return TEE_ERROR_NOT_SUPPORTED;
+
+	if (!channel)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	FMSG("Enter Ocall thread on channel %u"PRIu32, channel_id);
+	while (1) {
+		switch (pta_scmi_ocall(channel_id)) {
+		case PTA_SCMI_OCALL_PROCESS_SMT_CHANNEL:
+			continue;
+		case PTA_SCMI_OCALL_CLOSE_THREAD:
+			return TEE_SUCCESS;
+		default:
+			return TEE_ERROR_GENERIC;
+		}
+	}
+}
+
 static TEE_Result cmd_get_channel_handle(uint32_t ptypes,
 					 TEE_Param params[TEE_NUM_PARAMS])
 {
@@ -107,13 +227,13 @@ static TEE_Result cmd_get_channel_handle(uint32_t ptypes,
 	unsigned int channel_id = params[0].value.a;
 	unsigned int caps = params[0].value.b;
 
-	if (ptypes != exp_ptypes)
+	if (ptypes != exp_ptypes || !valid_caps(caps))
 		return TEE_ERROR_BAD_PARAMETERS;
 
 	if (IS_ENABLED(CFG_SCMI_MSG_SMT)) {
 		struct scmi_msg_channel *channel = NULL;
 
-		if (caps != PTA_SCMI_CAPS_SMT_HEADER)
+		if (!(caps & PTA_SCMI_CAPS_SMT_HEADER))
 			return TEE_ERROR_NOT_SUPPORTED;
 
 		channel = plat_scmi_get_channel(channel_id);
@@ -163,6 +283,8 @@ static TEE_Result pta_scmi_invoke_command(void *session __unused, uint32_t cmd,
 		return cmd_process_smt_message(ptypes, params);
 	case PTA_SCMI_CMD_GET_CHANNEL_HANDLE:
 		return cmd_get_channel_handle(ptypes, params);
+	case PTA_SCMI_CMD_OCALL_THREAD:
+		return cmd_scmi_ocall_thread(ptypes, params);
 	default:
 		return TEE_ERROR_NOT_SUPPORTED;
 	}

lib/libutee/include/pta_scmi_client.h

@@ -58,11 +58,80 @@
  */
 #define PTA_SCMI_CMD_GET_CHANNEL_HANDLE		3
 
+/*
+ * PTA_SCMI_CMD_OCALL_THREAD - Allocate a threaded path using OCALL
+ *
+ * [in]     value[0].a: channel handle
+ *
+ * Use Ocall support to create a provisioned OP-TEE thread context for
+ * the channel. Successful creation of the thread makes this command to
+ * return with Ocall command PTA_SCMI_OCALL_CMD_THREAD_READY.
+ */
+#define PTA_SCMI_CMD_OCALL_THREAD		4
+
 /*
  * Capabilities
  */
 
 /* Channel supports shared memory using the SMT header protocol */
 #define PTA_SCMI_CAPS_SMT_HEADER			BIT32(0)
 
+/*
+ * Channel can use command PTA_SCMI_CMD_OCALL_THREAD to provision a
+ * TEE thread for SCMI message passing.
+ */
+#define PTA_SCMI_CAPS_OCALL_THREAD			BIT32(1)
+
+#define PTA_SCMI_CAPS_VALID_MASK	(PTA_SCMI_CAPS_SMT_HEADER | \
+					 PTA_SCMI_CAPS_OCALL_THREAD)
+
+/*
+ * enum optee_scmi_ocall_cmd
+ * enum optee_scmi_ocall_reply
+ *
+ * These enumerates define the IDs used by REE/TEE to communicate in the
+ * established REE/TEE Ocall thread context.
+ *
+ * At channel setup, we start from the REE: caller requests an Ocall context.
+ *
+ * 0. REE opens a session toward PTA SCMI. REE invokes PTA command
+ *    PTA_SCMI_CMD_GET_CHANNEL to get a channel handler.
+ *
+ * 1. REE invokes command PTA_SCMI_CAPS_OCALL_THREAD with an Ocall context.
+ *    This is the initial invocation of the Ocall thread context. Any further
+ *    error in the thread communication will make Core to return to REE from
+ *    this command invocation with an TEE_Result error code.
+ *
+ * 2. Upon support of Ocall the PTA creates an Ocall context and returns to
+ *    REE with Ocall command PTA_SCMI_OCALL_CMD_THREAD_READY.
+ *
+ * 3. REE returns to the PTA, from the Ocall, with output param[0].value.a
+ *    set to PTA_SCMI_OCALL_PROCESS_SMT_CHANNEL to post an SCMI message.
+ *    In such case, OP-TEE processes the message and returns to REE with
+ *    Ocall command PTA_SCMI_OCALL_CMD_THREAD_READY. The SCMI response is in
+ *    the shared memory buffer.
+ *
+ * 4. Alternatively REE can return from the Ocall with output param[0].value.a
+ *    set to PTA_SCMI_OCALL_CLOSE_THREAD. This requests OP-TEE to terminate the
+ *    Ocall, release resources and return from initial command invocation at 1.
+ *    as if REE closes the SCMI communication.
+ *
+ * At anytime, if an error is reported by Ocall commands or replies, SCMI PTA
+ * release the Ocall thread context and return from initial invocation at 1.
+ * PTA_SCMI_OCALL_ERROR is used in Ocall return to force an error report.
+ *
+ * REE channel initialization completes when returning from step 2.
+ * REE agent posts an SCMI message through step 3.
+ * At channel release, REE driver executes step 4.
+ */
+
+enum optee_scmi_ocall_cmd {
+	PTA_SCMI_OCALL_CMD_THREAD_READY = 0,
+};
+
+enum optee_scmi_ocall_reply {
+	PTA_SCMI_OCALL_ERROR = 0,
+	PTA_SCMI_OCALL_CLOSE_THREAD = 1,
+	PTA_SCMI_OCALL_PROCESS_SMT_CHANNEL = 2,
+};
 #endif /* SCMI_PTA_SCMI_CLIENT_H */

mk/config.mk

@@ -678,6 +678,13 @@ CFG_SCMI_MSG_VOLTAGE_DOMAIN ?= n
 # Enable SCMI PTA interface for REE SCMI agents
 CFG_SCMI_PTA ?= n
 
+# Enable SCMI server (SCP-firmware-scmi library)
+CFG_SCMI_SERVER ?= n
+ifeq ($(CFG_SCMI_SERVER),y)
+$(call force,CFG_SCMI_PTA,y,Mandated by CFG_SCMI_SERVER)
+$(call force,CFG_CORE_OCALL,y,Mandated by CFG_SCMI_SERVER)
+endif
+
 ifneq ($(CFG_STMM_PATH),)
 $(call force,CFG_WITH_STMM_SP,y)
 else