From: kholk11@gmail.com
To: linux-arm-msm@vger.kernel.org
Cc: kholk11@gmail.com, iommu@lists.linux-foundation.org,
marijns95@gmail.com, agross@kernel.org, robdclark@gmail.com,
joro@8bytes.org
Subject: [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts
Date: Wed, 2 Oct 2019 00:02:05 +0200 [thread overview]
Message-ID: <20191001220205.6423-8-kholk11@gmail.com> (raw)
In-Reply-To: <20191001220205.6423-1-kholk11@gmail.com>
From: AngeloGioacchino Del Regno <kholk11@gmail.com>
This IOMMU is yet another Qualcomm variant of known IOMMUs, found in
Family-B SoCs, such as MSM8956, MSM8976, MSM8953, MSM8917 and others,
and that firmware perfectly adheres to this driver logic.
This time, though, the catch is that the secure contexts are also
secured, meaning that these are programmed by the bootloader or TZ
and their "interesting" registers are locked out, so the hypervisor
disallows touching them from the non-secure world: in this case
the OS is supposed to blindly trust the secure configuration of
these contexts and just use them "as they are".
For this reason, it is necessary to distinguish between the v1 and
500/v2 secure contexts in this driver in order to adhere to this
specification. To do this, add a new DT compatible, named
"qcom,msm-iommu-v2-sec" that will trigger the new behavior.
For the sake of completeness, also add a "qcom,msm-iommu-v2-ns" so
that the human eye gets pleased with it when reading the contexts
in the final SoC DT. Of course, the latter is just cosmetic.
Signed-off-by: AngeloGioacchino Del Regno <kholk11@gmail.com>
---
.../devicetree/bindings/iommu/qcom,iommu.txt | 2 ++
drivers/iommu/qcom_iommu.c | 19 +++++++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
index 72ae0595efff..861c0cd9c512 100644
--- a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
+++ b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
@@ -36,6 +36,8 @@ to non-secure vs secure interrupt line.
- compatible : Should be one of:
- "qcom,msm-iommu-v1-ns" : non-secure context bank
- "qcom,msm-iommu-v1-sec" : secure context bank
+ - "qcom,msm-iommu-v2-ns" : non-secure QSMMUv2/QSMMU500 context bank
+ - "qcom,msm-iommu-v2-sec" : secure QSMMUv2/QSMMU500 context bank
- reg : Base address and size of context bank within the iommu
- interrupts : The context fault irq.
diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c
index 555cbc55b073..eaecb009849c 100644
--- a/drivers/iommu/qcom_iommu.c
+++ b/drivers/iommu/qcom_iommu.c
@@ -56,6 +56,7 @@ struct qcom_iommu_ctx {
struct device *dev;
void __iomem *base;
bool secure_init;
+ bool secured_ctx;
u8 asid; /* asid and ctx bank # are 1:1 */
struct iommu_domain *domain;
};
@@ -303,6 +304,12 @@ static int qcom_iommu_init_domain(struct iommu_domain *domain,
ctx->secure_init = true;
}
+ /* Secured QSMMU-500/QSMMU-v2 contexts cannot be programmed */
+ if (ctx->secured_ctx) {
+ ctx->domain = domain;
+ break;
+ }
+
qcom_iommu_reset_ctx(ctx);
tcr[0] = pgtbl_cfg.arm_lpae_s1_cfg.tcr;
@@ -788,10 +795,15 @@ static int qcom_iommu_ctx_probe(struct platform_device *pdev)
if (irq < 0)
return -ENODEV;
+ if (of_device_is_compatible(dev->of_node, "qcom,msm-iommu-v2-sec"))
+ ctx->secured_ctx = true;
+
/* clear IRQs before registering fault handler, just in case the
* boot-loader left us a surprise:
*/
- iommu_writel(ctx, ARM_SMMU_CB_FSR, iommu_readl(ctx, ARM_SMMU_CB_FSR));
+ if (!ctx->secured_ctx)
+ iommu_writel(ctx, ARM_SMMU_CB_FSR,
+ iommu_readl(ctx, ARM_SMMU_CB_FSR));
ret = devm_request_irq(dev, irq,
qcom_iommu_fault,
@@ -833,6 +845,8 @@ static int qcom_iommu_ctx_remove(struct platform_device *pdev)
static const struct of_device_id ctx_of_match[] = {
{ .compatible = "qcom,msm-iommu-v1-ns" },
{ .compatible = "qcom,msm-iommu-v1-sec" },
+ { .compatible = "qcom,msm-iommu-v2-ns" },
+ { .compatible = "qcom,msm-iommu-v2-sec" },
{ /* sentinel */ }
};
@@ -850,7 +864,8 @@ static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu)
struct device_node *child;
for_each_child_of_node(qcom_iommu->dev->of_node, child)
- if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec"))
+ if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec") ||
+ of_device_is_compatible(child, "qcom,msm-iommu-v2-sec"))
return true;
return false;
--
2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: kholk11@gmail.com
To: linux-arm-msm@vger.kernel.org
Cc: marijns95@gmail.com, iommu@lists.linux-foundation.org,
agross@kernel.org, kholk11@gmail.com
Subject: [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts
Date: Wed, 2 Oct 2019 00:02:05 +0200 [thread overview]
Message-ID: <20191001220205.6423-8-kholk11@gmail.com> (raw)
In-Reply-To: <20191001220205.6423-1-kholk11@gmail.com>
From: AngeloGioacchino Del Regno <kholk11@gmail.com>
This IOMMU is yet another Qualcomm variant of known IOMMUs, found in
Family-B SoCs, such as MSM8956, MSM8976, MSM8953, MSM8917 and others,
and that firmware perfectly adheres to this driver logic.
This time, though, the catch is that the secure contexts are also
secured, meaning that these are programmed by the bootloader or TZ
and their "interesting" registers are locked out, so the hypervisor
disallows touching them from the non-secure world: in this case
the OS is supposed to blindly trust the secure configuration of
these contexts and just use them "as they are".
For this reason, it is necessary to distinguish between the v1 and
500/v2 secure contexts in this driver in order to adhere to this
specification. To do this, add a new DT compatible, named
"qcom,msm-iommu-v2-sec" that will trigger the new behavior.
For the sake of completeness, also add a "qcom,msm-iommu-v2-ns" so
that the human eye gets pleased with it when reading the contexts
in the final SoC DT. Of course, the latter is just cosmetic.
Signed-off-by: AngeloGioacchino Del Regno <kholk11@gmail.com>
---
.../devicetree/bindings/iommu/qcom,iommu.txt | 2 ++
drivers/iommu/qcom_iommu.c | 19 +++++++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
index 72ae0595efff..861c0cd9c512 100644
--- a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
+++ b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt
@@ -36,6 +36,8 @@ to non-secure vs secure interrupt line.
- compatible : Should be one of:
- "qcom,msm-iommu-v1-ns" : non-secure context bank
- "qcom,msm-iommu-v1-sec" : secure context bank
+ - "qcom,msm-iommu-v2-ns" : non-secure QSMMUv2/QSMMU500 context bank
+ - "qcom,msm-iommu-v2-sec" : secure QSMMUv2/QSMMU500 context bank
- reg : Base address and size of context bank within the iommu
- interrupts : The context fault irq.
diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c
index 555cbc55b073..eaecb009849c 100644
--- a/drivers/iommu/qcom_iommu.c
+++ b/drivers/iommu/qcom_iommu.c
@@ -56,6 +56,7 @@ struct qcom_iommu_ctx {
struct device *dev;
void __iomem *base;
bool secure_init;
+ bool secured_ctx;
u8 asid; /* asid and ctx bank # are 1:1 */
struct iommu_domain *domain;
};
@@ -303,6 +304,12 @@ static int qcom_iommu_init_domain(struct iommu_domain *domain,
ctx->secure_init = true;
}
+ /* Secured QSMMU-500/QSMMU-v2 contexts cannot be programmed */
+ if (ctx->secured_ctx) {
+ ctx->domain = domain;
+ break;
+ }
+
qcom_iommu_reset_ctx(ctx);
tcr[0] = pgtbl_cfg.arm_lpae_s1_cfg.tcr;
@@ -788,10 +795,15 @@ static int qcom_iommu_ctx_probe(struct platform_device *pdev)
if (irq < 0)
return -ENODEV;
+ if (of_device_is_compatible(dev->of_node, "qcom,msm-iommu-v2-sec"))
+ ctx->secured_ctx = true;
+
/* clear IRQs before registering fault handler, just in case the
* boot-loader left us a surprise:
*/
- iommu_writel(ctx, ARM_SMMU_CB_FSR, iommu_readl(ctx, ARM_SMMU_CB_FSR));
+ if (!ctx->secured_ctx)
+ iommu_writel(ctx, ARM_SMMU_CB_FSR,
+ iommu_readl(ctx, ARM_SMMU_CB_FSR));
ret = devm_request_irq(dev, irq,
qcom_iommu_fault,
@@ -833,6 +845,8 @@ static int qcom_iommu_ctx_remove(struct platform_device *pdev)
static const struct of_device_id ctx_of_match[] = {
{ .compatible = "qcom,msm-iommu-v1-ns" },
{ .compatible = "qcom,msm-iommu-v1-sec" },
+ { .compatible = "qcom,msm-iommu-v2-ns" },
+ { .compatible = "qcom,msm-iommu-v2-sec" },
{ /* sentinel */ }
};
@@ -850,7 +864,8 @@ static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu)
struct device_node *child;
for_each_child_of_node(qcom_iommu->dev->of_node, child)
- if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec"))
+ if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec") ||
+ of_device_is_compatible(child, "qcom,msm-iommu-v2-sec"))
return true;
return false;
--
2.21.0
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2019-10-01 22:02 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-01 22:01 [PATCH v4 0/7] Add support for QCOM IOMMU v2 and 500 kholk11
2019-10-01 22:01 ` kholk11
2019-10-01 22:01 ` [PATCH v4 1/7] firmware: qcom: scm: Add function to set IOMMU pagetable addressing kholk11
2019-10-01 22:01 ` kholk11
2019-10-15 11:14 ` Joerg Roedel
2019-10-15 11:14 ` Joerg Roedel
2019-10-15 12:33 ` AngeloGioacchino Del Regno
2019-10-15 12:33 ` AngeloGioacchino Del Regno
2019-10-15 12:40 ` Joerg Roedel
2019-10-15 12:40 ` Joerg Roedel
2019-10-15 13:09 ` AngeloGioacchino Del Regno
2019-10-15 13:09 ` AngeloGioacchino Del Regno
2019-10-01 22:02 ` [PATCH v4 2/7] iommu/qcom: Use the asid read from device-tree if specified kholk11
2019-10-01 22:02 ` kholk11
2019-10-15 12:09 ` Robin Murphy
2019-10-15 12:09 ` Robin Murphy
2019-10-15 13:06 ` AngeloGioacchino Del Regno
2019-10-15 13:06 ` AngeloGioacchino Del Regno
2019-10-01 22:02 ` [PATCH v4 3/7] iommu/qcom: Write TCR before TTBRs to fix ASID access behavior kholk11
2019-10-01 22:02 ` kholk11
2019-10-01 22:02 ` [PATCH v4 4/7] iommu/qcom: Properly reset the IOMMU context kholk11
2019-10-01 22:02 ` kholk11
2019-10-02 11:29 ` Robin Murphy
2019-10-02 11:29 ` Robin Murphy
2019-10-01 22:02 ` [PATCH v4 5/7] iommu/qcom: Add support for AArch64 IOMMU pagetables kholk11
2019-10-01 22:02 ` kholk11
2019-10-01 22:02 ` [PATCH v4 6/7] iommu/qcom: Index contexts by asid number to allow asid 0 kholk11
2019-10-01 22:02 ` kholk11
2019-10-01 22:02 ` kholk11 [this message]
2019-10-01 22:02 ` [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts kholk11
2019-10-05 4:56 ` [PATCH v4 0/7] Add support for QCOM IOMMU v2 and 500 Bjorn Andersson
2019-10-05 4:56 ` Bjorn Andersson
2019-10-05 9:32 ` AngeloGioacchino Del Regno
2019-10-05 9:32 ` AngeloGioacchino Del Regno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191001220205.6423-8-kholk11@gmail.com \
--to=kholk11@gmail.com \
--cc=agross@kernel.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=marijns95@gmail.com \
--cc=robdclark@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.