From: kholk11@gmail.com To: linux-arm-msm@vger.kernel.org Cc: kholk11@gmail.com, iommu@lists.linux-foundation.org, marijns95@gmail.com, agross@kernel.org, robdclark@gmail.com, joro@8bytes.org Subject: [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts Date: Wed, 2 Oct 2019 00:02:05 +0200 [thread overview] Message-ID: <20191001220205.6423-8-kholk11@gmail.com> (raw) In-Reply-To: <20191001220205.6423-1-kholk11@gmail.com> From: AngeloGioacchino Del Regno <kholk11@gmail.com> This IOMMU is yet another Qualcomm variant of known IOMMUs, found in Family-B SoCs, such as MSM8956, MSM8976, MSM8953, MSM8917 and others, and that firmware perfectly adheres to this driver logic. This time, though, the catch is that the secure contexts are also secured, meaning that these are programmed by the bootloader or TZ and their "interesting" registers are locked out, so the hypervisor disallows touching them from the non-secure world: in this case the OS is supposed to blindly trust the secure configuration of these contexts and just use them "as they are". For this reason, it is necessary to distinguish between the v1 and 500/v2 secure contexts in this driver in order to adhere to this specification. To do this, add a new DT compatible, named "qcom,msm-iommu-v2-sec" that will trigger the new behavior. For the sake of completeness, also add a "qcom,msm-iommu-v2-ns" so that the human eye gets pleased with it when reading the contexts in the final SoC DT. Of course, the latter is just cosmetic. Signed-off-by: AngeloGioacchino Del Regno <kholk11@gmail.com> --- .../devicetree/bindings/iommu/qcom,iommu.txt | 2 ++ drivers/iommu/qcom_iommu.c | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt index 72ae0595efff..861c0cd9c512 100644 --- a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt +++ b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt @@ -36,6 +36,8 @@ to non-secure vs secure interrupt line. - compatible : Should be one of: - "qcom,msm-iommu-v1-ns" : non-secure context bank - "qcom,msm-iommu-v1-sec" : secure context bank + - "qcom,msm-iommu-v2-ns" : non-secure QSMMUv2/QSMMU500 context bank + - "qcom,msm-iommu-v2-sec" : secure QSMMUv2/QSMMU500 context bank - reg : Base address and size of context bank within the iommu - interrupts : The context fault irq. diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c index 555cbc55b073..eaecb009849c 100644 --- a/drivers/iommu/qcom_iommu.c +++ b/drivers/iommu/qcom_iommu.c @@ -56,6 +56,7 @@ struct qcom_iommu_ctx { struct device *dev; void __iomem *base; bool secure_init; + bool secured_ctx; u8 asid; /* asid and ctx bank # are 1:1 */ struct iommu_domain *domain; }; @@ -303,6 +304,12 @@ static int qcom_iommu_init_domain(struct iommu_domain *domain, ctx->secure_init = true; } + /* Secured QSMMU-500/QSMMU-v2 contexts cannot be programmed */ + if (ctx->secured_ctx) { + ctx->domain = domain; + break; + } + qcom_iommu_reset_ctx(ctx); tcr[0] = pgtbl_cfg.arm_lpae_s1_cfg.tcr; @@ -788,10 +795,15 @@ static int qcom_iommu_ctx_probe(struct platform_device *pdev) if (irq < 0) return -ENODEV; + if (of_device_is_compatible(dev->of_node, "qcom,msm-iommu-v2-sec")) + ctx->secured_ctx = true; + /* clear IRQs before registering fault handler, just in case the * boot-loader left us a surprise: */ - iommu_writel(ctx, ARM_SMMU_CB_FSR, iommu_readl(ctx, ARM_SMMU_CB_FSR)); + if (!ctx->secured_ctx) + iommu_writel(ctx, ARM_SMMU_CB_FSR, + iommu_readl(ctx, ARM_SMMU_CB_FSR)); ret = devm_request_irq(dev, irq, qcom_iommu_fault, @@ -833,6 +845,8 @@ static int qcom_iommu_ctx_remove(struct platform_device *pdev) static const struct of_device_id ctx_of_match[] = { { .compatible = "qcom,msm-iommu-v1-ns" }, { .compatible = "qcom,msm-iommu-v1-sec" }, + { .compatible = "qcom,msm-iommu-v2-ns" }, + { .compatible = "qcom,msm-iommu-v2-sec" }, { /* sentinel */ } }; @@ -850,7 +864,8 @@ static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu) struct device_node *child; for_each_child_of_node(qcom_iommu->dev->of_node, child) - if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec")) + if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec") || + of_device_is_compatible(child, "qcom,msm-iommu-v2-sec")) return true; return false; -- 2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: kholk11@gmail.com To: linux-arm-msm@vger.kernel.org Cc: marijns95@gmail.com, iommu@lists.linux-foundation.org, agross@kernel.org, kholk11@gmail.com Subject: [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts Date: Wed, 2 Oct 2019 00:02:05 +0200 [thread overview] Message-ID: <20191001220205.6423-8-kholk11@gmail.com> (raw) In-Reply-To: <20191001220205.6423-1-kholk11@gmail.com> From: AngeloGioacchino Del Regno <kholk11@gmail.com> This IOMMU is yet another Qualcomm variant of known IOMMUs, found in Family-B SoCs, such as MSM8956, MSM8976, MSM8953, MSM8917 and others, and that firmware perfectly adheres to this driver logic. This time, though, the catch is that the secure contexts are also secured, meaning that these are programmed by the bootloader or TZ and their "interesting" registers are locked out, so the hypervisor disallows touching them from the non-secure world: in this case the OS is supposed to blindly trust the secure configuration of these contexts and just use them "as they are". For this reason, it is necessary to distinguish between the v1 and 500/v2 secure contexts in this driver in order to adhere to this specification. To do this, add a new DT compatible, named "qcom,msm-iommu-v2-sec" that will trigger the new behavior. For the sake of completeness, also add a "qcom,msm-iommu-v2-ns" so that the human eye gets pleased with it when reading the contexts in the final SoC DT. Of course, the latter is just cosmetic. Signed-off-by: AngeloGioacchino Del Regno <kholk11@gmail.com> --- .../devicetree/bindings/iommu/qcom,iommu.txt | 2 ++ drivers/iommu/qcom_iommu.c | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt index 72ae0595efff..861c0cd9c512 100644 --- a/Documentation/devicetree/bindings/iommu/qcom,iommu.txt +++ b/Documentation/devicetree/bindings/iommu/qcom,iommu.txt @@ -36,6 +36,8 @@ to non-secure vs secure interrupt line. - compatible : Should be one of: - "qcom,msm-iommu-v1-ns" : non-secure context bank - "qcom,msm-iommu-v1-sec" : secure context bank + - "qcom,msm-iommu-v2-ns" : non-secure QSMMUv2/QSMMU500 context bank + - "qcom,msm-iommu-v2-sec" : secure QSMMUv2/QSMMU500 context bank - reg : Base address and size of context bank within the iommu - interrupts : The context fault irq. diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c index 555cbc55b073..eaecb009849c 100644 --- a/drivers/iommu/qcom_iommu.c +++ b/drivers/iommu/qcom_iommu.c @@ -56,6 +56,7 @@ struct qcom_iommu_ctx { struct device *dev; void __iomem *base; bool secure_init; + bool secured_ctx; u8 asid; /* asid and ctx bank # are 1:1 */ struct iommu_domain *domain; }; @@ -303,6 +304,12 @@ static int qcom_iommu_init_domain(struct iommu_domain *domain, ctx->secure_init = true; } + /* Secured QSMMU-500/QSMMU-v2 contexts cannot be programmed */ + if (ctx->secured_ctx) { + ctx->domain = domain; + break; + } + qcom_iommu_reset_ctx(ctx); tcr[0] = pgtbl_cfg.arm_lpae_s1_cfg.tcr; @@ -788,10 +795,15 @@ static int qcom_iommu_ctx_probe(struct platform_device *pdev) if (irq < 0) return -ENODEV; + if (of_device_is_compatible(dev->of_node, "qcom,msm-iommu-v2-sec")) + ctx->secured_ctx = true; + /* clear IRQs before registering fault handler, just in case the * boot-loader left us a surprise: */ - iommu_writel(ctx, ARM_SMMU_CB_FSR, iommu_readl(ctx, ARM_SMMU_CB_FSR)); + if (!ctx->secured_ctx) + iommu_writel(ctx, ARM_SMMU_CB_FSR, + iommu_readl(ctx, ARM_SMMU_CB_FSR)); ret = devm_request_irq(dev, irq, qcom_iommu_fault, @@ -833,6 +845,8 @@ static int qcom_iommu_ctx_remove(struct platform_device *pdev) static const struct of_device_id ctx_of_match[] = { { .compatible = "qcom,msm-iommu-v1-ns" }, { .compatible = "qcom,msm-iommu-v1-sec" }, + { .compatible = "qcom,msm-iommu-v2-ns" }, + { .compatible = "qcom,msm-iommu-v2-sec" }, { /* sentinel */ } }; @@ -850,7 +864,8 @@ static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu) struct device_node *child; for_each_child_of_node(qcom_iommu->dev->of_node, child) - if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec")) + if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec") || + of_device_is_compatible(child, "qcom,msm-iommu-v2-sec")) return true; return false; -- 2.21.0 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2019-10-01 22:02 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-01 22:01 [PATCH v4 0/7] Add support for QCOM IOMMU v2 and 500 kholk11 2019-10-01 22:01 ` kholk11 2019-10-01 22:01 ` [PATCH v4 1/7] firmware: qcom: scm: Add function to set IOMMU pagetable addressing kholk11 2019-10-01 22:01 ` kholk11 2019-10-15 11:14 ` Joerg Roedel 2019-10-15 11:14 ` Joerg Roedel 2019-10-15 12:33 ` AngeloGioacchino Del Regno 2019-10-15 12:33 ` AngeloGioacchino Del Regno 2019-10-15 12:40 ` Joerg Roedel 2019-10-15 12:40 ` Joerg Roedel 2019-10-15 13:09 ` AngeloGioacchino Del Regno 2019-10-15 13:09 ` AngeloGioacchino Del Regno 2019-10-01 22:02 ` [PATCH v4 2/7] iommu/qcom: Use the asid read from device-tree if specified kholk11 2019-10-01 22:02 ` kholk11 2019-10-15 12:09 ` Robin Murphy 2019-10-15 12:09 ` Robin Murphy 2019-10-15 13:06 ` AngeloGioacchino Del Regno 2019-10-15 13:06 ` AngeloGioacchino Del Regno 2019-10-01 22:02 ` [PATCH v4 3/7] iommu/qcom: Write TCR before TTBRs to fix ASID access behavior kholk11 2019-10-01 22:02 ` kholk11 2019-10-01 22:02 ` [PATCH v4 4/7] iommu/qcom: Properly reset the IOMMU context kholk11 2019-10-01 22:02 ` kholk11 2019-10-02 11:29 ` Robin Murphy 2019-10-02 11:29 ` Robin Murphy 2019-10-01 22:02 ` [PATCH v4 5/7] iommu/qcom: Add support for AArch64 IOMMU pagetables kholk11 2019-10-01 22:02 ` kholk11 2019-10-01 22:02 ` [PATCH v4 6/7] iommu/qcom: Index contexts by asid number to allow asid 0 kholk11 2019-10-01 22:02 ` kholk11 2019-10-01 22:02 ` kholk11 [this message] 2019-10-01 22:02 ` [PATCH v4 7/7] iommu/qcom: Add support for QCIOMMUv2 and QCIOMMU-500 secured contexts kholk11 2019-10-05 4:56 ` [PATCH v4 0/7] Add support for QCOM IOMMU v2 and 500 Bjorn Andersson 2019-10-05 4:56 ` Bjorn Andersson 2019-10-05 9:32 ` AngeloGioacchino Del Regno 2019-10-05 9:32 ` AngeloGioacchino Del Regno
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191001220205.6423-8-kholk11@gmail.com \ --to=kholk11@gmail.com \ --cc=agross@kernel.org \ --cc=iommu@lists.linux-foundation.org \ --cc=joro@8bytes.org \ --cc=linux-arm-msm@vger.kernel.org \ --cc=marijns95@gmail.com \ --cc=robdclark@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.