[PATCH 0/8] eMMC inline encryption support

[PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

Hello,

This patchset adds support for eMMC inline encryption, as specified by
the upcoming version of the eMMC specification and as already
implemented and used on many devices.  Building on that, it then adds
Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.

Inline encryption hardware improves the performance of storage
encryption and reduces power usage.  See
Documentation/block/inline-encryption.rst for more information about
inline encryption and the blk-crypto framework (upstreamed in v5.8)
which supports it.  Most mobile devices already use UFS or eMMC inline
encryption hardware; UFS support was already upstreamed in v5.9.

Patches 1-3 add support for the standard eMMC inline encryption.

However, as with UFS, host controller-specific patches are needed on top
of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
(Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.

To test this I took advantage of the recently upstreamed support for the
Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
a Debian chroot.  Among other things, these tests verified that the
correct ciphertext is written to disk (the same as software encryption).

It will also be possible to add support for Mediatek eMMC inline
encryption hardware in mtk-sd, and it should be easier than the Qualcomm
hardware since the Mediatek hardware follows the standard more closely.
I.e., patches 1-3 should be almost enough for the Mediatek hardware.
However, I don't have the hardware to do this yet.

This patchset is based on v5.10-rc3, and it can also be retrieved from
tag "mmc-crypto-v1" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git

Note: the fscrypt inline encryption support is partially broken in
v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org

Eric Biggers (8):
  mmc: add basic support for inline encryption
  mmc: cqhci: rename cqhci.c to cqhci-core.c
  mmc: cqhci: add support for inline encryption
  mmc: cqhci: add cqhci_host_ops::program_key
  firmware: qcom_scm: update comment for ICE-related functions
  dt-bindings: mmc: sdhci-msm: add ICE registers and clock
  arm64: dts: qcom: sdm630: add ICE registers and clocks
  mmc: sdhci-msm: add Inline Crypto Engine support

 .../devicetree/bindings/mmc/sdhci-msm.txt     |   3 +
 arch/arm64/boot/dts/qcom/sdm630.dtsi          |  10 +-
 drivers/firmware/qcom_scm.c                   |  16 +-
 drivers/mmc/core/Kconfig                      |   8 +
 drivers/mmc/core/Makefile                     |   1 +
 drivers/mmc/core/block.c                      |   3 +
 drivers/mmc/core/core.c                       |   3 +
 drivers/mmc/core/crypto.c                     |  54 ++++
 drivers/mmc/core/crypto.h                     |  46 +++
 drivers/mmc/core/host.c                       |   2 +
 drivers/mmc/core/queue.c                      |   3 +
 drivers/mmc/host/Kconfig                      |   1 +
 drivers/mmc/host/Makefile                     |   2 +
 drivers/mmc/host/{cqhci.c => cqhci-core.c}    |  66 ++++-
 drivers/mmc/host/cqhci-crypto.c               | 237 +++++++++++++++
 drivers/mmc/host/cqhci-crypto.h               |  47 +++
 drivers/mmc/host/cqhci.h                      |  85 +++++-
 drivers/mmc/host/sdhci-msm.c                  | 270 +++++++++++++++++-
 include/linux/mmc/core.h                      |   6 +
 include/linux/mmc/host.h                      |   7 +
 20 files changed, 845 insertions(+), 25 deletions(-)
 create mode 100644 drivers/mmc/core/crypto.c
 create mode 100644 drivers/mmc/core/crypto.h
 rename drivers/mmc/host/{cqhci.c => cqhci-core.c} (94%)
 create mode 100644 drivers/mmc/host/cqhci-crypto.c
 create mode 100644 drivers/mmc/host/cqhci-crypto.h


base-commit: f8394f232b1eab649ce2df5c5f15b0e528c92091
-- 
2.29.2

[PATCH 1/8] mmc: add basic support for inline encryption

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

In preparation for adding CQHCI crypto engine (inline encryption)
support, add the code required to make mmc_core and mmc_block aware of
inline encryption.  Specifically:

- Add a capability flag MMC_CAP2_CRYPTO to struct mmc_host.  Drivers
  will set this if the host and driver support inline encryption.

- Embed a blk_keyslot_manager in struct mmc_host.  Drivers will
  initialize this if the host and driver support inline encryption.
  mmc_block registers this keyslot manager with the request_queue of any
  MMC card attached to the host.  mmc_core destroys this keyslot manager
  when freeing the mmc_host.

- Make mmc_block copy the crypto keyslot and crypto data unit number
  from struct request to struct mmc_request, so that drivers will have
  access to them.

- If the MMC host is reset, reprogram all the keyslots to ensure that
  the software state stays in sync with the hardware state.

Co-developed-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/mmc/core/Kconfig  |  8 ++++++
 drivers/mmc/core/Makefile |  1 +
 drivers/mmc/core/block.c  |  3 +++
 drivers/mmc/core/core.c   |  3 +++
 drivers/mmc/core/crypto.c | 54 +++++++++++++++++++++++++++++++++++++++
 drivers/mmc/core/crypto.h | 46 +++++++++++++++++++++++++++++++++
 drivers/mmc/core/host.c   |  2 ++
 drivers/mmc/core/queue.c  |  3 +++
 include/linux/mmc/core.h  |  6 +++++
 include/linux/mmc/host.h  |  7 +++++
 10 files changed, 133 insertions(+)
 create mode 100644 drivers/mmc/core/crypto.c
 create mode 100644 drivers/mmc/core/crypto.h

diff --git a/drivers/mmc/core/Kconfig b/drivers/mmc/core/Kconfig
index c12fe13e4b147..ae8b69aee6190 100644
--- a/drivers/mmc/core/Kconfig
+++ b/drivers/mmc/core/Kconfig
@@ -81,3 +81,11 @@ config MMC_TEST
 	  This driver is only of interest to those developing or
 	  testing a host driver. Most people should say N here.
 
+config MMC_CRYPTO
+	bool "MMC Crypto Engine Support"
+	depends on BLK_INLINE_ENCRYPTION
+	help
+	  Enable Crypto Engine Support in MMC.
+	  Enabling this makes it possible for the kernel to use the crypto
+	  capabilities of the MMC device (if present) to perform crypto
+	  operations on data being transferred to/from the device.
diff --git a/drivers/mmc/core/Makefile b/drivers/mmc/core/Makefile
index 95ffe008ebdf8..6a907736cd7a5 100644
--- a/drivers/mmc/core/Makefile
+++ b/drivers/mmc/core/Makefile
@@ -18,3 +18,4 @@ obj-$(CONFIG_MMC_BLOCK)		+= mmc_block.o
 mmc_block-objs			:= block.o queue.o
 obj-$(CONFIG_MMC_TEST)		+= mmc_test.o
 obj-$(CONFIG_SDIO_UART)		+= sdio_uart.o
+mmc_core-$(CONFIG_MMC_CRYPTO)	+= crypto.o
diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 8d3df0be0355c..eaf2f10743260 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -51,6 +51,7 @@
 #include "block.h"
 #include "core.h"
 #include "card.h"
+#include "crypto.h"
 #include "host.h"
 #include "bus.h"
 #include "mmc_ops.h"
@@ -1247,6 +1248,8 @@ static void mmc_blk_data_prep(struct mmc_queue *mq, struct mmc_queue_req *mqrq,
 
 	memset(brq, 0, sizeof(struct mmc_blk_request));
 
+	mmc_crypto_prepare_req(mqrq);
+
 	brq->mrq.data = &brq->data;
 	brq->mrq.tag = req->tag;
 
diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index d42037f0f10d7..275de270232b3 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -37,6 +37,7 @@
 
 #include "core.h"
 #include "card.h"
+#include "crypto.h"
 #include "bus.h"
 #include "host.h"
 #include "sdio_bus.h"
@@ -992,6 +993,8 @@ void mmc_set_initial_state(struct mmc_host *host)
 		host->ops->hs400_enhanced_strobe(host, &host->ios);
 
 	mmc_set_ios(host);
+
+	mmc_crypto_set_initial_state(host);
 }
 
 /**
diff --git a/drivers/mmc/core/crypto.c b/drivers/mmc/core/crypto.c
new file mode 100644
index 0000000000000..4f47eb4740db0
--- /dev/null
+++ b/drivers/mmc/core/crypto.c
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * MMC crypto engine (inline encryption) support
+ *
+ * Copyright 2020 Google LLC
+ */
+
+#include <linux/blk-crypto.h>
+#include <linux/mmc/host.h>
+
+#include "core.h"
+#include "crypto.h"
+#include "queue.h"
+
+void mmc_crypto_set_initial_state(struct mmc_host *host)
+{
+	/* Reset might clear all keys, so reprogram all the keys. */
+	if (host->caps2 & MMC_CAP2_CRYPTO)
+		blk_ksm_reprogram_all_keys(&host->ksm);
+}
+
+void mmc_crypto_free_host(struct mmc_host *host)
+{
+	if (host->caps2 & MMC_CAP2_CRYPTO)
+		blk_ksm_destroy(&host->ksm);
+}
+
+void mmc_crypto_setup_queue(struct request_queue *q, struct mmc_host *host)
+{
+	if (host->caps2 & MMC_CAP2_CRYPTO)
+		blk_ksm_register(&host->ksm, q);
+}
+EXPORT_SYMBOL_GPL(mmc_crypto_setup_queue);
+
+void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq)
+{
+	struct request *req = mmc_queue_req_to_req(mqrq);
+	struct mmc_request *mrq = &mqrq->brq.mrq;
+
+	if (!req->crypt_keyslot)
+		return;
+
+	mrq->crypto_enabled = true;
+	mrq->crypto_key_slot = blk_ksm_get_slot_idx(req->crypt_keyslot);
+
+	/*
+	 * For now we assume that all MMC drivers set max_dun_bytes_supported=4,
+	 * which is the limit for CQHCI crypto.  So all DUNs should be 32-bit.
+	 */
+	WARN_ON_ONCE(req->crypt_ctx->bc_dun[0] > U32_MAX);
+
+	mrq->data_unit_num = req->crypt_ctx->bc_dun[0];
+}
+EXPORT_SYMBOL_GPL(mmc_crypto_prepare_req);
diff --git a/drivers/mmc/core/crypto.h b/drivers/mmc/core/crypto.h
new file mode 100644
index 0000000000000..4780639b832f4
--- /dev/null
+++ b/drivers/mmc/core/crypto.h
@@ -0,0 +1,46 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * MMC crypto engine (inline encryption) support
+ *
+ * Copyright 2020 Google LLC
+ */
+
+#ifndef _MMC_CORE_CRYPTO_H
+#define _MMC_CORE_CRYPTO_H
+
+struct mmc_host;
+struct mmc_queue_req;
+struct request_queue;
+
+#ifdef CONFIG_MMC_CRYPTO
+
+void mmc_crypto_set_initial_state(struct mmc_host *host);
+
+void mmc_crypto_free_host(struct mmc_host *host);
+
+void mmc_crypto_setup_queue(struct request_queue *q, struct mmc_host *host);
+
+void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq);
+
+#else /* CONFIG_MMC_CRYPTO */
+
+static inline void mmc_crypto_set_initial_state(struct mmc_host *host)
+{
+}
+
+static inline void mmc_crypto_free_host(struct mmc_host *host)
+{
+}
+
+static inline void mmc_crypto_setup_queue(struct request_queue *q,
+					  struct mmc_host *host)
+{
+}
+
+static inline void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq)
+{
+}
+
+#endif /* !CONFIG_MMC_CRYPTO */
+
+#endif /* _MMC_CORE_CRYPTO_H */
diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c
index 96b2ca1f1b06d..d962b9ca0e37a 100644
--- a/drivers/mmc/core/host.c
+++ b/drivers/mmc/core/host.c
@@ -25,6 +25,7 @@
 #include <linux/mmc/slot-gpio.h>
 
 #include "core.h"
+#include "crypto.h"
 #include "host.h"
 #include "slot-gpio.h"
 #include "pwrseq.h"
@@ -532,6 +533,7 @@ EXPORT_SYMBOL(mmc_remove_host);
  */
 void mmc_free_host(struct mmc_host *host)
 {
+	mmc_crypto_free_host(host);
 	mmc_pwrseq_free(host);
 	put_device(&host->class_dev);
 }
diff --git a/drivers/mmc/core/queue.c b/drivers/mmc/core/queue.c
index de7cb0369c308..d96db852bb91a 100644
--- a/drivers/mmc/core/queue.c
+++ b/drivers/mmc/core/queue.c
@@ -19,6 +19,7 @@
 #include "block.h"
 #include "core.h"
 #include "card.h"
+#include "crypto.h"
 #include "host.h"
 
 #define MMC_DMA_MAP_MERGE_SEGMENTS	512
@@ -405,6 +406,8 @@ static void mmc_setup_queue(struct mmc_queue *mq, struct mmc_card *card)
 	mutex_init(&mq->complete_lock);
 
 	init_waitqueue_head(&mq->wait);
+
+	mmc_crypto_setup_queue(mq->queue, host);
 }
 
 static inline bool mmc_merge_capable(struct mmc_host *host)
diff --git a/include/linux/mmc/core.h b/include/linux/mmc/core.h
index 29aa507116261..ab19245e99451 100644
--- a/include/linux/mmc/core.h
+++ b/include/linux/mmc/core.h
@@ -162,6 +162,12 @@ struct mmc_request {
 	bool			cap_cmd_during_tfr;
 
 	int			tag;
+
+#ifdef CONFIG_MMC_CRYPTO
+	bool			crypto_enabled;
+	int			crypto_key_slot;
+	u32			data_unit_num;
+#endif
 };
 
 struct mmc_card;
diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
index c079b932330f2..550460bf1b37c 100644
--- a/include/linux/mmc/host.h
+++ b/include/linux/mmc/host.h
@@ -15,6 +15,7 @@
 #include <linux/mmc/card.h>
 #include <linux/mmc/pm.h>
 #include <linux/dma-direction.h>
+#include <linux/keyslot-manager.h>
 
 struct mmc_ios {
 	unsigned int	clock;			/* clock rate */
@@ -377,6 +378,7 @@ struct mmc_host {
 #define MMC_CAP2_CQE_DCMD	(1 << 24)	/* CQE can issue a direct command */
 #define MMC_CAP2_AVOID_3_3V	(1 << 25)	/* Host must negotiate down from 3.3V */
 #define MMC_CAP2_MERGE_CAPABLE	(1 << 26)	/* Host can merge a segment over the segment size */
+#define MMC_CAP2_CRYPTO		(1 << 27)	/* Host supports inline encryption */
 
 	int			fixed_drv_type;	/* fixed driver type for non-removable media */
 
@@ -471,6 +473,11 @@ struct mmc_host {
 	bool			cqe_enabled;
 	bool			cqe_on;
 
+	/* Inline encryption support */
+#ifdef CONFIG_MMC_CRYPTO
+	struct blk_keyslot_manager ksm;
+#endif
+
 	/* Host Software Queue support */
 	bool			hsq_enabled;
 
-- 
2.29.2

[PATCH 2/8] mmc: cqhci: rename cqhci.c to cqhci-core.c

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Rename cqhci.c to cqhci-core.c so that another source file can be added
to the cqhci module without having to rename the module.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/mmc/host/Makefile                  | 1 +
 drivers/mmc/host/{cqhci.c => cqhci-core.c} | 0
 2 files changed, 1 insertion(+)
 rename drivers/mmc/host/{cqhci.c => cqhci-core.c} (100%)

diff --git a/drivers/mmc/host/Makefile b/drivers/mmc/host/Makefile
index 451c25fc2c692..20c2f9463d0dc 100644
--- a/drivers/mmc/host/Makefile
+++ b/drivers/mmc/host/Makefile
@@ -104,6 +104,7 @@ obj-$(CONFIG_MMC_SDHCI_BRCMSTB)		+= sdhci-brcmstb.o
 obj-$(CONFIG_MMC_SDHCI_OMAP)		+= sdhci-omap.o
 obj-$(CONFIG_MMC_SDHCI_SPRD)		+= sdhci-sprd.o
 obj-$(CONFIG_MMC_CQHCI)			+= cqhci.o
+cqhci-y					+= cqhci-core.o
 obj-$(CONFIG_MMC_HSQ)			+= mmc_hsq.o
 
 ifeq ($(CONFIG_CB710_DEBUG),y)
diff --git a/drivers/mmc/host/cqhci.c b/drivers/mmc/host/cqhci-core.c
similarity index 100%
rename from drivers/mmc/host/cqhci.c
rename to drivers/mmc/host/cqhci-core.c
-- 
2.29.2

[PATCH 3/8] mmc: cqhci: add support for inline encryption

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Add support for eMMC inline encryption using the blk-crypto framework
(Documentation/block/inline-encryption.rst).

eMMC inline encryption support is specified by the upcoming JEDEC eMMC
v5.2 specification.  It is only specified for the CQ interface, not the
non-CQ interface.  Although the eMMC v5.2 specification hasn't been
officially released yet, the crypto support was already agreed on
several years ago, and it was already implemented by at least two major
hardware vendors.  Lots of hardware in the field already supports and
uses it, e.g. Snapdragon 630 to give one example.

eMMC inline encryption support is very similar to the UFS inline
encryption support which was standardized in the UFS v2.1 specification
and was already upstreamed.  The only major difference is that eMMC
limits data unit numbers to 32 bits, unlike UFS's 64 bits.

Like we did with UFS, make the crypto support opt-in by individual
drivers; don't enable it automatically whenever the hardware declares
crypto support.  This is necessary because in every case we've seen,
some extra vendor-specific logic is needed to use the crypto support.

Co-developed-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/mmc/host/Makefile       |   1 +
 drivers/mmc/host/cqhci-core.c   |  66 +++++++--
 drivers/mmc/host/cqhci-crypto.c | 233 ++++++++++++++++++++++++++++++++
 drivers/mmc/host/cqhci-crypto.h |  47 +++++++
 drivers/mmc/host/cqhci.h        |  81 ++++++++++-
 5 files changed, 416 insertions(+), 12 deletions(-)
 create mode 100644 drivers/mmc/host/cqhci-crypto.c
 create mode 100644 drivers/mmc/host/cqhci-crypto.h

diff --git a/drivers/mmc/host/Makefile b/drivers/mmc/host/Makefile
index 20c2f9463d0dc..35158508ab63d 100644
--- a/drivers/mmc/host/Makefile
+++ b/drivers/mmc/host/Makefile
@@ -105,6 +105,7 @@ obj-$(CONFIG_MMC_SDHCI_OMAP)		+= sdhci-omap.o
 obj-$(CONFIG_MMC_SDHCI_SPRD)		+= sdhci-sprd.o
 obj-$(CONFIG_MMC_CQHCI)			+= cqhci.o
 cqhci-y					+= cqhci-core.o
+cqhci-$(CONFIG_MMC_CRYPTO)		+= cqhci-crypto.o
 obj-$(CONFIG_MMC_HSQ)			+= mmc_hsq.o
 
 ifeq ($(CONFIG_CB710_DEBUG),y)
diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c
index 697fe40756bf2..ac0f886b1e7d2 100644
--- a/drivers/mmc/host/cqhci-core.c
+++ b/drivers/mmc/host/cqhci-core.c
@@ -18,6 +18,7 @@
 #include <linux/mmc/card.h>
 
 #include "cqhci.h"
+#include "cqhci-crypto.h"
 
 #define DCMD_SLOT 31
 #define NUM_SLOTS 32
@@ -258,6 +259,9 @@ static void __cqhci_enable(struct cqhci_host *cq_host)
 	if (cq_host->caps & CQHCI_TASK_DESC_SZ_128)
 		cqcfg |= CQHCI_TASK_DESC_SZ;
 
+	if (mmc->caps2 & MMC_CAP2_CRYPTO)
+		cqcfg |= CQHCI_CRYPTO_GENERAL_ENABLE;
+
 	cqhci_writel(cq_host, cqcfg, CQHCI_CFG);
 
 	cqhci_writel(cq_host, lower_32_bits(cq_host->desc_dma_base),
@@ -408,13 +412,15 @@ static void cqhci_disable(struct mmc_host *mmc)
 }
 
 static void cqhci_prep_task_desc(struct mmc_request *mrq,
-					u64 *data, bool intr)
+				 struct cqhci_host *cq_host, int tag)
 {
+	__le64 *task_desc = (__le64 __force *)get_desc(cq_host, tag);
 	u32 req_flags = mrq->data->flags;
+	u64 desc0;
 
-	*data = CQHCI_VALID(1) |
+	desc0 = CQHCI_VALID(1) |
 		CQHCI_END(1) |
-		CQHCI_INT(intr) |
+		CQHCI_INT(1) |
 		CQHCI_ACT(0x5) |
 		CQHCI_FORCED_PROG(!!(req_flags & MMC_DATA_FORCED_PRG)) |
 		CQHCI_DATA_TAG(!!(req_flags & MMC_DATA_DAT_TAG)) |
@@ -425,8 +431,19 @@ static void cqhci_prep_task_desc(struct mmc_request *mrq,
 		CQHCI_BLK_COUNT(mrq->data->blocks) |
 		CQHCI_BLK_ADDR((u64)mrq->data->blk_addr);
 
-	pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx\n",
-		 mmc_hostname(mrq->host), mrq->tag, (unsigned long long)*data);
+	task_desc[0] = cpu_to_le64(desc0);
+
+	if (cq_host->caps & CQHCI_TASK_DESC_SZ_128) {
+		u64 desc1 = cqhci_crypto_prep_task_desc(mrq);
+
+		task_desc[1] = cpu_to_le64(desc1);
+
+		pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx%016llx\n",
+			 mmc_hostname(mrq->host), mrq->tag, desc1, desc0);
+	} else {
+		pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx\n",
+			 mmc_hostname(mrq->host), mrq->tag, desc0);
+	}
 }
 
 static int cqhci_dma_map(struct mmc_host *host, struct mmc_request *mrq)
@@ -567,8 +584,6 @@ static inline int cqhci_tag(struct mmc_request *mrq)
 static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq)
 {
 	int err = 0;
-	u64 data = 0;
-	u64 *task_desc = NULL;
 	int tag = cqhci_tag(mrq);
 	struct cqhci_host *cq_host = mmc->cqe_private;
 	unsigned long flags;
@@ -598,9 +613,8 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq)
 	}
 
 	if (mrq->data) {
-		task_desc = (__le64 __force *)get_desc(cq_host, tag);
-		cqhci_prep_task_desc(mrq, &data, 1);
-		*task_desc = cpu_to_le64(data);
+		cqhci_prep_task_desc(mrq, cq_host, tag);
+
 		err = cqhci_prep_tran_desc(mrq, cq_host, tag);
 		if (err) {
 			pr_err("%s: cqhci: failed to setup tx desc: %d\n",
@@ -671,6 +685,7 @@ static void cqhci_error_irq(struct mmc_host *mmc, u32 status, int cmd_error,
 	struct cqhci_host *cq_host = mmc->cqe_private;
 	struct cqhci_slot *slot;
 	u32 terri;
+	u32 tdpe;
 	int tag;
 
 	spin_lock(&cq_host->lock);
@@ -709,6 +724,27 @@ static void cqhci_error_irq(struct mmc_host *mmc, u32 status, int cmd_error,
 		}
 	}
 
+	/*
+	 * Handle "Invalid Crypto Configuration Error".  This should never
+	 * happen, since the block layer ensures that all crypto-enabled I/O
+	 * requests have a valid keyslot before they reach the driver.
+	 */
+	if (status & CQHCI_IS_ICCE) {
+		tdpe = cqhci_readl(cq_host, CQHCI_TDPE);
+		WARN_ONCE(1,
+			  "%s: cqhci: invalid crypto configuration error. IRQ status: 0x%08x TDPE: 0x%08x\n",
+			  mmc_hostname(mmc), status, tdpe);
+		while (tdpe != 0) {
+			tag = __ffs(tdpe);
+			tdpe &= ~(1 << tag);
+			slot = &cq_host->slot[tag];
+			if (!slot->mrq)
+				continue;
+			slot->flags = cqhci_error_flags(data_error, cmd_error);
+			cqhci_recovery_needed(mmc, slot->mrq, true);
+		}
+	}
+
 	if (!cq_host->recovery_halt) {
 		/*
 		 * The only way to guarantee forward progress is to mark at
@@ -774,7 +810,8 @@ irqreturn_t cqhci_irq(struct mmc_host *mmc, u32 intmask, int cmd_error,
 
 	pr_debug("%s: cqhci: IRQ status: 0x%08x\n", mmc_hostname(mmc), status);
 
-	if ((status & CQHCI_IS_RED) || cmd_error || data_error)
+	if ((status & (CQHCI_IS_RED | CQHCI_IS_GCE | CQHCI_IS_ICCE)) ||
+	    cmd_error || data_error)
 		cqhci_error_irq(mmc, status, cmd_error, data_error);
 
 	if (status & CQHCI_IS_TCC) {
@@ -1141,6 +1178,13 @@ int cqhci_init(struct cqhci_host *cq_host, struct mmc_host *mmc,
 		goto out_err;
 	}
 
+	err = cqhci_crypto_init(cq_host);
+	if (err) {
+		pr_err("%s: CQHCI crypto initialization failed\n",
+		       mmc_hostname(mmc));
+		goto out_err;
+	}
+
 	spin_lock_init(&cq_host->lock);
 
 	init_completion(&cq_host->halt_comp);
diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
new file mode 100644
index 0000000000000..b14a5a15f5b52
--- /dev/null
+++ b/drivers/mmc/host/cqhci-crypto.c
@@ -0,0 +1,233 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * CQHCI crypto engine (inline encryption) support
+ *
+ * Copyright 2020 Google LLC
+ */
+
+#include <linux/blk-crypto.h>
+#include <linux/keyslot-manager.h>
+#include <linux/mmc/host.h>
+
+#include "cqhci-crypto.h"
+
+/* Map from blk-crypto modes to CQHCI crypto algorithm IDs and key sizes */
+static const struct cqhci_crypto_alg_entry {
+	enum cqhci_crypto_alg alg;
+	enum cqhci_crypto_key_size key_size;
+} cqhci_crypto_algs[BLK_ENCRYPTION_MODE_MAX] = {
+	[BLK_ENCRYPTION_MODE_AES_256_XTS] = {
+		.alg = CQHCI_CRYPTO_ALG_AES_XTS,
+		.key_size = CQHCI_CRYPTO_KEY_SIZE_256,
+	},
+};
+
+static inline struct cqhci_host *
+cqhci_host_from_ksm(struct blk_keyslot_manager *ksm)
+{
+	struct mmc_host *mmc = container_of(ksm, struct mmc_host, ksm);
+
+	return mmc->cqe_private;
+}
+
+static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
+				     const union cqhci_crypto_cfg_entry *cfg,
+				     int slot)
+{
+	u32 slot_offset = cq_host->crypto_cfg_register + slot * sizeof(*cfg);
+	int i;
+
+	/* Clear CFGE */
+	cqhci_writel(cq_host, 0, slot_offset + 16 * sizeof(cfg->reg_val[0]));
+
+	/* Write the key */
+	for (i = 0; i < 16; i++) {
+		cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[i]),
+			     slot_offset + i * sizeof(cfg->reg_val[0]));
+	}
+	/* Write dword 17 */
+	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[17]),
+		     slot_offset + 17 * sizeof(cfg->reg_val[0]));
+	/* Write dword 16, which includes the new value of CFGE */
+	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[16]),
+		     slot_offset + 16 * sizeof(cfg->reg_val[0]));
+}
+
+static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
+					const struct blk_crypto_key *key,
+					unsigned int slot)
+
+{
+	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
+	const union cqhci_crypto_cap_entry *ccap_array =
+		cq_host->crypto_cap_array;
+	const struct cqhci_crypto_alg_entry *alg =
+			&cqhci_crypto_algs[key->crypto_cfg.crypto_mode];
+	u8 data_unit_mask = key->crypto_cfg.data_unit_size / 512;
+	int i;
+	int cap_idx = -1;
+	union cqhci_crypto_cfg_entry cfg = {};
+
+	BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
+	for (i = 0; i < cq_host->crypto_capabilities.num_crypto_cap; i++) {
+		if (ccap_array[i].algorithm_id == alg->alg &&
+		    ccap_array[i].key_size == alg->key_size &&
+		    (ccap_array[i].sdus_mask & data_unit_mask)) {
+			cap_idx = i;
+			break;
+		}
+	}
+	if (WARN_ON(cap_idx < 0))
+		return -EOPNOTSUPP;
+
+	cfg.data_unit_size = data_unit_mask;
+	cfg.crypto_cap_idx = cap_idx;
+	cfg.config_enable = CQHCI_CRYPTO_CONFIGURATION_ENABLE;
+
+	if (ccap_array[cap_idx].algorithm_id == CQHCI_CRYPTO_ALG_AES_XTS) {
+		/* In XTS mode, the blk_crypto_key's size is already doubled */
+		memcpy(cfg.crypto_key, key->raw, key->size/2);
+		memcpy(cfg.crypto_key + CQHCI_CRYPTO_KEY_MAX_SIZE/2,
+		       key->raw + key->size/2, key->size/2);
+	} else {
+		memcpy(cfg.crypto_key, key->raw, key->size);
+	}
+
+	cqhci_crypto_program_key(cq_host, &cfg, slot);
+
+	memzero_explicit(&cfg, sizeof(cfg));
+	return 0;
+}
+
+static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
+{
+	/*
+	 * Clear the crypto cfg on the device. Clearing CFGE
+	 * might not be sufficient, so just clear the entire cfg.
+	 */
+	union cqhci_crypto_cfg_entry cfg = {};
+
+	cqhci_crypto_program_key(cq_host, &cfg, slot);
+}
+
+static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
+				      const struct blk_crypto_key *key,
+				      unsigned int slot)
+{
+	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
+
+	cqhci_crypto_clear_keyslot(cq_host, slot);
+	return 0;
+}
+
+static const struct blk_ksm_ll_ops cqhci_ksm_ops = {
+	.keyslot_program	= cqhci_crypto_keyslot_program,
+	.keyslot_evict		= cqhci_crypto_keyslot_evict,
+};
+
+static enum blk_crypto_mode_num
+cqhci_find_blk_crypto_mode(union cqhci_crypto_cap_entry cap)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(cqhci_crypto_algs); i++) {
+		BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
+		if (cqhci_crypto_algs[i].alg == cap.algorithm_id &&
+		    cqhci_crypto_algs[i].key_size == cap.key_size)
+			return i;
+	}
+	return BLK_ENCRYPTION_MODE_INVALID;
+}
+
+/**
+ * cqhci_crypto_init - initialize CQHCI crypto support
+ * @cq_host: a cqhci host
+ *
+ * If the driver previously set MMC_CAP2_CRYPTO and the CQE declares
+ * CQHCI_CAP_CS, initialize the crypto support.  This involves reading the
+ * crypto capability registers, initializing the keyslot manager, clearing all
+ * keyslots, and enabling 128-bit task descriptors.
+ *
+ * Return: 0 if crypto was initialized or isn't supported; whether
+ *	   MMC_CAP2_CRYPTO remains set indicates which one of those cases it is.
+ *	   Also can return a negative errno value on unexpected error.
+ */
+int cqhci_crypto_init(struct cqhci_host *cq_host)
+{
+	struct mmc_host *mmc = cq_host->mmc;
+	struct device *dev = mmc_dev(mmc);
+	struct blk_keyslot_manager *ksm = &mmc->ksm;
+	unsigned int num_keyslots;
+	unsigned int cap_idx;
+	enum blk_crypto_mode_num blk_mode_num;
+	unsigned int slot;
+	int err = 0;
+
+	if (!(mmc->caps2 & MMC_CAP2_CRYPTO) ||
+	    !(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS))
+		goto out;
+
+	cq_host->crypto_capabilities.reg_val =
+			cpu_to_le32(cqhci_readl(cq_host, CQHCI_CCAP));
+
+	cq_host->crypto_cfg_register =
+		(u32)cq_host->crypto_capabilities.config_array_ptr * 0x100;
+
+	cq_host->crypto_cap_array =
+		devm_kcalloc(dev, cq_host->crypto_capabilities.num_crypto_cap,
+			     sizeof(cq_host->crypto_cap_array[0]), GFP_KERNEL);
+	if (!cq_host->crypto_cap_array) {
+		err = -ENOMEM;
+		goto out;
+	}
+
+	/*
+	 * CCAP.CFGC is off by one, so the actual number of crypto
+	 * configurations (a.k.a. keyslots) is CCAP.CFGC + 1.
+	 */
+	num_keyslots = cq_host->crypto_capabilities.config_count + 1;
+
+	err = blk_ksm_init(ksm, num_keyslots);
+	if (err)
+		goto out_free_caps;
+
+	ksm->ksm_ll_ops = cqhci_ksm_ops;
+	ksm->dev = dev;
+
+	/* Unfortunately, CQHCI crypto only supports 32 DUN bits. */
+	ksm->max_dun_bytes_supported = 4;
+
+	/*
+	 * Cache all the crypto capabilities and advertise the supported crypto
+	 * modes and data unit sizes to the block layer.
+	 */
+	for (cap_idx = 0; cap_idx < cq_host->crypto_capabilities.num_crypto_cap;
+	     cap_idx++) {
+		cq_host->crypto_cap_array[cap_idx].reg_val =
+			cpu_to_le32(cqhci_readl(cq_host,
+						CQHCI_CRYPTOCAP +
+						cap_idx * sizeof(__le32)));
+		blk_mode_num = cqhci_find_blk_crypto_mode(
+					cq_host->crypto_cap_array[cap_idx]);
+		if (blk_mode_num == BLK_ENCRYPTION_MODE_INVALID)
+			continue;
+		ksm->crypto_modes_supported[blk_mode_num] |=
+			cq_host->crypto_cap_array[cap_idx].sdus_mask * 512;
+	}
+
+	/* Clear all the keyslots so that we start in a known state. */
+	for (slot = 0; slot < num_keyslots; slot++)
+		cqhci_crypto_clear_keyslot(cq_host, slot);
+
+	/* CQHCI crypto requires the use of 128-bit task descriptors. */
+	cq_host->caps |= CQHCI_TASK_DESC_SZ_128;
+
+	return 0;
+
+out_free_caps:
+	devm_kfree(dev, cq_host->crypto_cap_array);
+	cq_host->crypto_cap_array = NULL;
+out:
+	mmc->caps2 &= ~MMC_CAP2_CRYPTO;
+	return err;
+}
diff --git a/drivers/mmc/host/cqhci-crypto.h b/drivers/mmc/host/cqhci-crypto.h
new file mode 100644
index 0000000000000..60b58ee0e6256
--- /dev/null
+++ b/drivers/mmc/host/cqhci-crypto.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * CQHCI crypto engine (inline encryption) support
+ *
+ * Copyright 2020 Google LLC
+ */
+
+#ifndef LINUX_MMC_CQHCI_CRYPTO_H
+#define LINUX_MMC_CQHCI_CRYPTO_H
+
+#include <linux/mmc/host.h>
+
+#include "cqhci.h"
+
+#ifdef CONFIG_MMC_CRYPTO
+
+int cqhci_crypto_init(struct cqhci_host *host);
+
+/*
+ * Returns the crypto bits that should be set in bits 64-127 of the
+ * task descriptor.
+ */
+static inline u64 cqhci_crypto_prep_task_desc(struct mmc_request *mrq)
+{
+	if (!mrq->crypto_enabled)
+		return 0;
+
+	return CQHCI_CRYPTO_ENABLE_BIT |
+	       CQHCI_CRYPTO_KEYSLOT(mrq->crypto_key_slot) |
+	       mrq->data_unit_num;
+}
+
+#else /* CONFIG_MMC_CRYPTO */
+
+static inline int cqhci_crypto_init(struct cqhci_host *host)
+{
+	return 0;
+}
+
+static inline u64 cqhci_crypto_prep_task_desc(struct mmc_request *mrq)
+{
+	return 0;
+}
+
+#endif /* !CONFIG_MMC_CRYPTO */
+
+#endif /* LINUX_MMC_CQHCI_CRYPTO_H */
diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
index 89bf6adbce8ca..5c18734624fea 100644
--- a/drivers/mmc/host/cqhci.h
+++ b/drivers/mmc/host/cqhci.h
@@ -22,10 +22,13 @@
 
 /* capabilities */
 #define CQHCI_CAP			0x04
+#define CQHCI_CAP_CS			0x10000000 /* Crypto Support */
+
 /* configuration */
 #define CQHCI_CFG			0x08
 #define CQHCI_DCMD			0x00001000
 #define CQHCI_TASK_DESC_SZ		0x00000100
+#define CQHCI_CRYPTO_GENERAL_ENABLE	0x00000002
 #define CQHCI_ENABLE			0x00000001
 
 /* control */
@@ -39,8 +42,11 @@
 #define CQHCI_IS_TCC			BIT(1)
 #define CQHCI_IS_RED			BIT(2)
 #define CQHCI_IS_TCL			BIT(3)
+#define CQHCI_IS_GCE			BIT(4) /* General Crypto Error */
+#define CQHCI_IS_ICCE			BIT(5) /* Invalid Crypto Config Error */
 
-#define CQHCI_IS_MASK (CQHCI_IS_TCC | CQHCI_IS_RED)
+#define CQHCI_IS_MASK (CQHCI_IS_TCC | CQHCI_IS_RED | \
+		       CQHCI_IS_GCE | CQHCI_IS_ICCE)
 
 /* interrupt status enable */
 #define CQHCI_ISTE			0x14
@@ -78,6 +84,9 @@
 /* task clear */
 #define CQHCI_TCLR			0x38
 
+/* task descriptor processing error */
+#define CQHCI_TDPE			0x3c
+
 /* send status config 1 */
 #define CQHCI_SSC1			0x40
 #define CQHCI_SSC1_CBC_MASK		GENMASK(19, 16)
@@ -107,6 +116,10 @@
 /* command response argument */
 #define CQHCI_CRA			0x5C
 
+/* crypto capabilities */
+#define CQHCI_CCAP			0x100
+#define CQHCI_CRYPTOCAP			0x104
+
 #define CQHCI_INT_ALL			0xF
 #define CQHCI_IC_DEFAULT_ICCTH		31
 #define CQHCI_IC_DEFAULT_ICTOVAL	1
@@ -133,11 +146,71 @@
 #define CQHCI_CMD_TIMING(x)		(((x) & 1) << 22)
 #define CQHCI_RESP_TYPE(x)		(((x) & 0x3) << 23)
 
+/* crypto task descriptor fields (for bits 64-127 of task descriptor) */
+#define CQHCI_CRYPTO_ENABLE_BIT		(1ULL << 47)
+#define CQHCI_CRYPTO_KEYSLOT(x)		((u64)(x) << 32)
+
 /* transfer descriptor fields */
 #define CQHCI_DAT_LENGTH(x)		(((x) & 0xFFFF) << 16)
 #define CQHCI_DAT_ADDR_LO(x)		(((x) & 0xFFFFFFFF) << 32)
 #define CQHCI_DAT_ADDR_HI(x)		(((x) & 0xFFFFFFFF) << 0)
 
+/* CCAP - Crypto Capability 100h */
+union cqhci_crypto_capabilities {
+	__le32 reg_val;
+	struct {
+		u8 num_crypto_cap;
+		u8 config_count;
+		u8 reserved;
+		u8 config_array_ptr;
+	};
+};
+
+enum cqhci_crypto_key_size {
+	CQHCI_CRYPTO_KEY_SIZE_INVALID	= 0,
+	CQHCI_CRYPTO_KEY_SIZE_128	= 1,
+	CQHCI_CRYPTO_KEY_SIZE_192	= 2,
+	CQHCI_CRYPTO_KEY_SIZE_256	= 3,
+	CQHCI_CRYPTO_KEY_SIZE_512	= 4,
+};
+
+enum cqhci_crypto_alg {
+	CQHCI_CRYPTO_ALG_AES_XTS		= 0,
+	CQHCI_CRYPTO_ALG_BITLOCKER_AES_CBC	= 1,
+	CQHCI_CRYPTO_ALG_AES_ECB		= 2,
+	CQHCI_CRYPTO_ALG_ESSIV_AES_CBC		= 3,
+};
+
+/* x-CRYPTOCAP - Crypto Capability X */
+union cqhci_crypto_cap_entry {
+	__le32 reg_val;
+	struct {
+		u8 algorithm_id;
+		u8 sdus_mask; /* Supported data unit size mask */
+		u8 key_size;
+		u8 reserved;
+	};
+};
+
+#define CQHCI_CRYPTO_CONFIGURATION_ENABLE (1 << 7)
+#define CQHCI_CRYPTO_KEY_MAX_SIZE 64
+/* x-CRYPTOCFG - Crypto Configuration X */
+union cqhci_crypto_cfg_entry {
+	__le32 reg_val[32];
+	struct {
+		u8 crypto_key[CQHCI_CRYPTO_KEY_MAX_SIZE];
+		/* 4KB/512 = 8 */
+		u8 data_unit_size;
+		u8 crypto_cap_idx;
+		u8 reserved_1;
+		u8 config_enable;
+		u8 reserved_multi_host;
+		u8 reserved_2;
+		u8 vsb[2];
+		u8 reserved_3[56];
+	};
+};
+
 struct cqhci_host_ops;
 struct mmc_host;
 struct mmc_request;
@@ -196,6 +269,12 @@ struct cqhci_host {
 	struct completion halt_comp;
 	wait_queue_head_t wait_queue;
 	struct cqhci_slot *slot;
+
+#ifdef CONFIG_MMC_CRYPTO
+	union cqhci_crypto_capabilities crypto_capabilities;
+	union cqhci_crypto_cap_entry *crypto_cap_array;
+	u32 crypto_cfg_register;
+#endif
 };
 
 struct cqhci_host_ops {
-- 
2.29.2

[PATCH 4/8] mmc: cqhci: add cqhci_host_ops::program_key

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

On Snapdragon SoCs, the Linux kernel isn't permitted to directly access
the standard CQHCI crypto configuration registers.  Instead, programming
and evicting keys must be done through vendor-specific SMC calls.

To support this hardware, add a ->program_key() method to
'struct cqhci_host_ops'.  This allows overriding the standard CQHCI
crypto key programming / eviction procedure.

This is inspired by the corresponding UFS crypto support, which uses
these same SMC calls.  See commit 1bc726e26ef3 ("scsi: ufs: Add
program_key() variant op").

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/mmc/host/cqhci-crypto.c | 22 +++++++++++++---------
 drivers/mmc/host/cqhci.h        |  4 ++++
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
index b14a5a15f5b52..5e3488c19f70e 100644
--- a/drivers/mmc/host/cqhci-crypto.c
+++ b/drivers/mmc/host/cqhci-crypto.c
@@ -30,13 +30,16 @@ cqhci_host_from_ksm(struct blk_keyslot_manager *ksm)
 	return mmc->cqe_private;
 }
 
-static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
-				     const union cqhci_crypto_cfg_entry *cfg,
-				     int slot)
+static int cqhci_crypto_program_key(struct cqhci_host *cq_host,
+				    const union cqhci_crypto_cfg_entry *cfg,
+				    int slot)
 {
 	u32 slot_offset = cq_host->crypto_cfg_register + slot * sizeof(*cfg);
 	int i;
 
+	if (cq_host->ops->program_key)
+		return cq_host->ops->program_key(cq_host, cfg, slot);
+
 	/* Clear CFGE */
 	cqhci_writel(cq_host, 0, slot_offset + 16 * sizeof(cfg->reg_val[0]));
 
@@ -51,6 +54,7 @@ static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
 	/* Write dword 16, which includes the new value of CFGE */
 	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[16]),
 		     slot_offset + 16 * sizeof(cfg->reg_val[0]));
+	return 0;
 }
 
 static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
@@ -67,6 +71,7 @@ static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
 	int i;
 	int cap_idx = -1;
 	union cqhci_crypto_cfg_entry cfg = {};
+	int err;
 
 	BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
 	for (i = 0; i < cq_host->crypto_capabilities.num_crypto_cap; i++) {
@@ -93,13 +98,13 @@ static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
 		memcpy(cfg.crypto_key, key->raw, key->size);
 	}
 
-	cqhci_crypto_program_key(cq_host, &cfg, slot);
+	err = cqhci_crypto_program_key(cq_host, &cfg, slot);
 
 	memzero_explicit(&cfg, sizeof(cfg));
-	return 0;
+	return err;
 }
 
-static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
+static int cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
 {
 	/*
 	 * Clear the crypto cfg on the device. Clearing CFGE
@@ -107,7 +112,7 @@ static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
 	 */
 	union cqhci_crypto_cfg_entry cfg = {};
 
-	cqhci_crypto_program_key(cq_host, &cfg, slot);
+	return cqhci_crypto_program_key(cq_host, &cfg, slot);
 }
 
 static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
@@ -116,8 +121,7 @@ static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
 {
 	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
 
-	cqhci_crypto_clear_keyslot(cq_host, slot);
-	return 0;
+	return cqhci_crypto_clear_keyslot(cq_host, slot);
 }
 
 static const struct blk_ksm_ll_ops cqhci_ksm_ops = {
diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
index 5c18734624fea..ece997dd8bcc7 100644
--- a/drivers/mmc/host/cqhci.h
+++ b/drivers/mmc/host/cqhci.h
@@ -287,6 +287,10 @@ struct cqhci_host_ops {
 				 u64 *data);
 	void (*pre_enable)(struct mmc_host *mmc);
 	void (*post_disable)(struct mmc_host *mmc);
+#ifdef CONFIG_MMC_CRYPTO
+	int (*program_key)(struct cqhci_host *cq_host,
+			   const union cqhci_crypto_cfg_entry *cfg, int slot);
+#endif
 };
 
 static inline void cqhci_writel(struct cqhci_host *host, u32 val, int reg)
-- 
2.29.2

[PATCH 5/8] firmware: qcom_scm: update comment for ICE-related functions

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

The SCM calls QCOM_SCM_ES_INVALIDATE_ICE_KEY and
QCOM_SCM_ES_CONFIG_SET_ICE_KEY are also needed for eMMC inline
encryption support, not just for UFS.  Update the comments accordingly.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/firmware/qcom_scm.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
index 7be48c1bec96d..f57779fc7ee93 100644
--- a/drivers/firmware/qcom_scm.c
+++ b/drivers/firmware/qcom_scm.c
@@ -965,8 +965,11 @@ EXPORT_SYMBOL(qcom_scm_ice_available);
  * qcom_scm_ice_invalidate_key() - Invalidate an inline encryption key
  * @index: the keyslot to invalidate
  *
- * The UFSHCI standard defines a standard way to do this, but it doesn't work on
- * these SoCs; only this SCM call does.
+ * The UFSHCI and eMMC standards define a standard way to do this, but it
+ * doesn't work on these SoCs; only this SCM call does.
+ *
+ * It is assumed that the SoC has only one ICE instance being used, as this SCM
+ * call doesn't specify which ICE instance the keyslot belongs to.
  *
  * Return: 0 on success; -errno on failure.
  */
@@ -995,10 +998,13 @@ EXPORT_SYMBOL(qcom_scm_ice_invalidate_key);
  *		    units, e.g. 1 = 512 bytes, 8 = 4096 bytes, etc.
  *
  * Program a key into a keyslot of Qualcomm ICE (Inline Crypto Engine), where it
- * can then be used to encrypt/decrypt UFS I/O requests inline.
+ * can then be used to encrypt/decrypt UFS or eMMC I/O requests inline.
+ *
+ * The UFSHCI and eMMC standards define a standard way to do this, but it
+ * doesn't work on these SoCs; only this SCM call does.
  *
- * The UFSHCI standard defines a standard way to do this, but it doesn't work on
- * these SoCs; only this SCM call does.
+ * It is assumed that the SoC has only one ICE instance being used, as this SCM
+ * call doesn't specify which ICE instance the keyslot belongs to.
  *
  * Return: 0 on success; -errno on failure.
  */
-- 
2.29.2

[PATCH 6/8] dt-bindings: mmc: sdhci-msm: add ICE registers and clock

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Document the bindings for the registers and clock for the MMC instance
of the Inline Crypto Engine (ICE) on Snapdragon SoCs.  These bindings
are needed in order for sdhci-msm to support inline encryption.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 Documentation/devicetree/bindings/mmc/sdhci-msm.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/devicetree/bindings/mmc/sdhci-msm.txt b/Documentation/devicetree/bindings/mmc/sdhci-msm.txt
index 3b602fd6180bf..4f2e138439506 100644
--- a/Documentation/devicetree/bindings/mmc/sdhci-msm.txt
+++ b/Documentation/devicetree/bindings/mmc/sdhci-msm.txt
@@ -30,10 +30,12 @@ Required properties:
 	- SD Core register map (required for controllers earlier than msm-v5)
 	- CQE register map (Optional, CQE support is present on SDHC instance meant
 	                    for eMMC and version v4.2 and above)
+	- Inline Crypto Engine register map (optional)
 - reg-names: When CQE register map is supplied, below reg-names are required
 	- "hc" for Host controller register map
 	- "core" for SD core register map
 	- "cqhci" for CQE register map
+	- "ice" for Inline Crypto Engine register map (optional)
 - interrupts: Should contain an interrupt-specifiers for the interrupts:
 	- Host controller interrupt (required)
 - pinctrl-names: Should contain only one value - "default".
@@ -46,6 +48,7 @@ Required properties:
 	"xo"	- TCXO clock (optional)
 	"cal"	- reference clock for RCLK delay calibration (optional)
 	"sleep"	- sleep clock for RCLK delay calibration (optional)
+	"ice" - clock for Inline Crypto Engine (optional)
 
 - qcom,ddr-config: Certain chipsets and platforms require particular settings
 	for the DDR_CONFIG register. Use this field to specify the register
-- 
2.29.2

[PATCH 7/8] arm64: dts: qcom: sdm630: add ICE registers and clocks

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Add the registers and clock for the Inline Crypto Engine (ICE) to the
device tree node for the sdhci-msm host controller on sdm630.  This
allows sdhci-msm to support inline encryption on sdm630.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 arch/arm64/boot/dts/qcom/sdm630.dtsi | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/boot/dts/qcom/sdm630.dtsi b/arch/arm64/boot/dts/qcom/sdm630.dtsi
index deb928d303c22..21aee33518b54 100644
--- a/arch/arm64/boot/dts/qcom/sdm630.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm630.dtsi
@@ -808,8 +808,9 @@ spmi_bus: spmi@800f000 {
 		sdhc_1: sdhci@c0c4000 {
 			compatible = "qcom,sdm630-sdhci", "qcom,sdhci-msm-v5";
 			reg = <0x0c0c4000 0x1000>,
-				<0x0c0c5000 0x1000>;
-			reg-names = "hc", "cqhci";
+				<0x0c0c5000 0x1000>,
+				<0x0c0c8000 0x8000>;
+			reg-names = "hc", "cqhci", "ice";
 
 			interrupts = <GIC_SPI 110 IRQ_TYPE_LEVEL_HIGH>,
 					<GIC_SPI 112 IRQ_TYPE_LEVEL_HIGH>;
@@ -817,8 +818,9 @@ sdhc_1: sdhci@c0c4000 {
 
 			clocks = <&gcc GCC_SDCC1_APPS_CLK>,
 					<&gcc GCC_SDCC1_AHB_CLK>,
-					<&xo_board>;
-			clock-names = "core", "iface", "xo";
+					<&xo_board>,
+					<&gcc GCC_SDCC1_ICE_CORE_CLK>;
+			clock-names = "core", "iface", "xo", "ice";
 
 			pinctrl-names = "default", "sleep";
 			pinctrl-0 = <&sdc1_clk_on &sdc1_cmd_on &sdc1_data_on &sdc1_rclk_on>;
-- 
2.29.2

[PATCH 8/8] mmc: sdhci-msm: add Inline Crypto Engine support

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Add support for Qualcomm Inline Crypto Engine (ICE) to sdhci-msm.

The standard-compliant parts, such as querying the crypto capabilities
and enabling crypto for individual MMC requests, are already handled by
cqhci-crypto.c, which itself is wired into the blk-crypto framework.
However, ICE requires vendor-specific init, enable, and resume logic,
and it requires that keys be programmed and evicted by vendor-specific
SMC calls.  Make the sdhci-msm driver handle these details.

This is heavily inspired by the similar changes made for UFS, since the
UFS and eMMC ICE instances are very similar.  See commit df4ec2fa7a4d
("scsi: ufs-qcom: Add Inline Crypto Engine support").

I tested this on a Sony Xperia 10, which uses the Snapdragon 630 SoC,
which has basic upstream support.  Mainly, I used android-xfstests
(https://github.com/tytso/xfstests-bld/blob/master/Documentation/android-xfstests.md)
to run the ext4 and f2fs encryption tests in a Debian chroot:

	android-xfstests -c ext4,f2fs -g encrypt -m inlinecrypt

These tests included tests which verify that the on-disk ciphertext is
identical to that produced by a software implementation.  I also
verified that ICE was actually being used.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 drivers/mmc/host/Kconfig     |   1 +
 drivers/mmc/host/sdhci-msm.c | 270 ++++++++++++++++++++++++++++++++++-
 2 files changed, 267 insertions(+), 4 deletions(-)

diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig
index 31481c9fcc2ec..2ede2c86f173b 100644
--- a/drivers/mmc/host/Kconfig
+++ b/drivers/mmc/host/Kconfig
@@ -544,6 +544,7 @@ config MMC_SDHCI_MSM
 	depends on MMC_SDHCI_PLTFM
 	select MMC_SDHCI_IO_ACCESSORS
 	select MMC_CQHCI
+	select QCOM_SCM if MMC_CRYPTO
 	help
 	  This selects the Secure Digital Host Controller Interface (SDHCI)
 	  support present in Qualcomm SOCs. The controller supports
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 3451eb3255135..6ce21414d5104 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -13,6 +13,7 @@
 #include <linux/pm_opp.h>
 #include <linux/slab.h>
 #include <linux/iopoll.h>
+#include <linux/qcom_scm.h>
 #include <linux/regulator/consumer.h>
 #include <linux/interconnect.h>
 #include <linux/pinctrl/consumer.h>
@@ -256,10 +257,12 @@ struct sdhci_msm_variant_info {
 struct sdhci_msm_host {
 	struct platform_device *pdev;
 	void __iomem *core_mem;	/* MSM SDCC mapped address */
+	void __iomem *ice_mem;	/* MSM ICE mapped address (if available) */
 	int pwr_irq;		/* power irq */
 	struct clk *bus_clk;	/* SDHC bus voter clock */
 	struct clk *xo_clk;	/* TCXO clk needed for FLL feature of cm_dll*/
-	struct clk_bulk_data bulk_clks[4]; /* core, iface, cal, sleep clocks */
+	/* core, iface, cal, sleep, and ice clocks */
+	struct clk_bulk_data bulk_clks[5];
 	unsigned long clk_rate;
 	struct mmc_host *mmc;
 	struct opp_table *opp_table;
@@ -1785,6 +1788,240 @@ static void sdhci_msm_set_clock(struct sdhci_host *host, unsigned int clock)
 	__sdhci_msm_set_clock(host, clock);
 }
 
+/*****************************************************************************\
+ *                                                                           *
+ * Inline Crypto Engine (ICE) support                                        *
+ *                                                                           *
+\*****************************************************************************/
+
+#ifdef CONFIG_MMC_CRYPTO
+
+#define AES_256_XTS_KEY_SIZE			64
+
+/* QCOM ICE registers */
+
+#define QCOM_ICE_REG_VERSION			0x0008
+
+#define QCOM_ICE_REG_FUSE_SETTING		0x0010
+#define QCOM_ICE_FUSE_SETTING_MASK		0x1
+#define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK	0x2
+#define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK	0x4
+
+#define QCOM_ICE_REG_BIST_STATUS		0x0070
+#define QCOM_ICE_BIST_STATUS_MASK		0xF0000000
+
+#define QCOM_ICE_REG_ADVANCED_CONTROL		0x1000
+
+#define sdhci_msm_ice_writel(host, val, reg)	\
+	writel((val), (host)->ice_mem + (reg))
+#define sdhci_msm_ice_readl(host, reg)	\
+	readl((host)->ice_mem + (reg))
+
+static bool sdhci_msm_ice_supported(struct sdhci_msm_host *msm_host)
+{
+	struct device *dev = mmc_dev(msm_host->mmc);
+	u32 regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_VERSION);
+	int major = regval >> 24;
+	int minor = (regval >> 16) & 0xFF;
+	int step = regval & 0xFFFF;
+
+	/* For now this driver only supports ICE version 3. */
+	if (major != 3) {
+		dev_warn(dev, "Unsupported ICE version: v%d.%d.%d\n",
+			 major, minor, step);
+		return false;
+	}
+
+	dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n",
+		 major, minor, step);
+
+	/* If fuses are blown, ICE might not work in the standard way. */
+	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_FUSE_SETTING);
+	if (regval & (QCOM_ICE_FUSE_SETTING_MASK |
+		      QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK |
+		      QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK)) {
+		dev_warn(dev, "Fuses are blown; ICE is unusable!\n");
+		return false;
+	}
+	return true;
+}
+
+static inline struct clk *sdhci_msm_ice_get_clk(struct device *dev)
+{
+	return devm_clk_get(dev, "ice");
+}
+
+static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
+			      struct cqhci_host *cq_host)
+{
+	struct mmc_host *mmc = msm_host->mmc;
+	struct device *dev = mmc_dev(mmc);
+	struct resource *res;
+	int err;
+
+	if (!(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS))
+		return 0;
+
+	res = platform_get_resource_byname(msm_host->pdev, IORESOURCE_MEM,
+					   "ice");
+	if (!res) {
+		dev_warn(dev, "ICE registers not found\n");
+		goto disable;
+	}
+
+	if (!qcom_scm_ice_available()) {
+		dev_warn(dev, "ICE SCM interface not found\n");
+		goto disable;
+	}
+
+	msm_host->ice_mem = devm_ioremap_resource(dev, res);
+	if (IS_ERR(msm_host->ice_mem)) {
+		err = PTR_ERR(msm_host->ice_mem);
+		dev_err(dev, "Failed to map ICE registers; err=%d\n", err);
+		return err;
+	}
+
+	if (!sdhci_msm_ice_supported(msm_host))
+		goto disable;
+
+	mmc->caps2 |= MMC_CAP2_CRYPTO;
+	return 0;
+
+disable:
+	dev_warn(dev, "Disabling inline encryption support\n");
+	return 0;
+}
+
+static void sdhci_msm_ice_low_power_mode_enable(struct sdhci_msm_host *msm_host)
+{
+	u32 regval;
+
+	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_ADVANCED_CONTROL);
+	/*
+	 * Enable low power mode sequence
+	 * [0]-0, [1]-0, [2]-0, [3]-E, [4]-0, [5]-0, [6]-0, [7]-0
+	 */
+	regval |= 0x7000;
+	sdhci_msm_ice_writel(msm_host, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
+}
+
+static void sdhci_msm_ice_optimization_enable(struct sdhci_msm_host *msm_host)
+{
+	u32 regval;
+
+	/* ICE Optimizations Enable Sequence */
+	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_ADVANCED_CONTROL);
+	regval |= 0xD807100;
+	/* ICE HPG requires delay before writing */
+	udelay(5);
+	sdhci_msm_ice_writel(msm_host, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
+	udelay(5);
+}
+
+/* Poll until all BIST (built-in self test) bits are reset */
+static int sdhci_msm_ice_wait_bist_status(struct sdhci_msm_host *msm_host)
+{
+	int count;
+	u32 reg;
+
+	for (count = 0; count < 100; count++) {
+		reg = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_BIST_STATUS);
+		if (!(reg & QCOM_ICE_BIST_STATUS_MASK))
+			break;
+		udelay(50);
+	}
+	if (reg) {
+		dev_err(mmc_dev(msm_host->mmc),
+			"Timed out waiting for ICE self-test to complete\n");
+		return -ETIMEDOUT;
+	}
+	return 0;
+}
+
+static void sdhci_msm_ice_enable(struct sdhci_msm_host *msm_host)
+{
+	if (!(msm_host->mmc->caps2 & MMC_CAP2_CRYPTO))
+		return;
+	sdhci_msm_ice_low_power_mode_enable(msm_host);
+	sdhci_msm_ice_optimization_enable(msm_host);
+	sdhci_msm_ice_wait_bist_status(msm_host);
+}
+
+static int __maybe_unused sdhci_msm_ice_resume(struct sdhci_msm_host *msm_host)
+{
+	if (!(msm_host->mmc->caps2 & MMC_CAP2_CRYPTO))
+		return 0;
+	return sdhci_msm_ice_wait_bist_status(msm_host);
+}
+
+/*
+ * Program a key into a QC ICE keyslot, or evict a keyslot.  QC ICE requires
+ * vendor-specific SCM calls for this; it doesn't support the standard way.
+ */
+static int sdhci_msm_program_key(struct cqhci_host *cq_host,
+				 const union cqhci_crypto_cfg_entry *cfg,
+				 int slot)
+{
+	struct device *dev = mmc_dev(cq_host->mmc);
+	union cqhci_crypto_cap_entry cap;
+	union {
+		u8 bytes[AES_256_XTS_KEY_SIZE];
+		u32 words[AES_256_XTS_KEY_SIZE / sizeof(u32)];
+	} key;
+	int i;
+	int err;
+
+	if (!(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE))
+		return qcom_scm_ice_invalidate_key(slot);
+
+	/* Only AES-256-XTS has been tested so far. */
+	cap = cq_host->crypto_cap_array[cfg->crypto_cap_idx];
+	if (cap.algorithm_id != CQHCI_CRYPTO_ALG_AES_XTS ||
+	    cap.key_size != CQHCI_CRYPTO_KEY_SIZE_256) {
+		dev_err_ratelimited(dev,
+				    "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n",
+				    cap.algorithm_id, cap.key_size);
+		return -EINVAL;
+	}
+
+	memcpy(key.bytes, cfg->crypto_key, AES_256_XTS_KEY_SIZE);
+
+	/*
+	 * The SCM call byte-swaps the 32-bit words of the key.  So we have to
+	 * do the same, in order for the final key be correct.
+	 */
+	for (i = 0; i < ARRAY_SIZE(key.words); i++)
+		__cpu_to_be32s(&key.words[i]);
+
+	err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE,
+				   QCOM_SCM_ICE_CIPHER_AES_256_XTS,
+				   cfg->data_unit_size);
+	memzero_explicit(&key, sizeof(key));
+	return err;
+}
+#else /* CONFIG_MMC_CRYPTO */
+static inline struct clk *sdhci_msm_ice_get_clk(struct device *dev)
+{
+	return NULL;
+}
+
+static inline int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
+				     struct cqhci_host *cq_host)
+{
+	return 0;
+}
+
+static inline void sdhci_msm_ice_enable(struct sdhci_msm_host *msm_host)
+{
+}
+
+static inline int __maybe_unused
+sdhci_msm_ice_resume(struct sdhci_msm_host *msm_host)
+{
+	return 0;
+}
+#endif /* !CONFIG_MMC_CRYPTO */
+
 /*****************************************************************************\
  *                                                                           *
  * MSM Command Queue Engine (CQE)                                            *
@@ -1803,6 +2040,16 @@ static u32 sdhci_msm_cqe_irq(struct sdhci_host *host, u32 intmask)
 	return 0;
 }
 
+static void sdhci_msm_cqe_enable(struct mmc_host *mmc)
+{
+	struct sdhci_host *host = mmc_priv(mmc);
+	struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+	struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
+
+	sdhci_cqe_enable(mmc);
+	sdhci_msm_ice_enable(msm_host);
+}
+
 static void sdhci_msm_cqe_disable(struct mmc_host *mmc, bool recovery)
 {
 	struct sdhci_host *host = mmc_priv(mmc);
@@ -1835,8 +2082,11 @@ static void sdhci_msm_cqe_disable(struct mmc_host *mmc, bool recovery)
 }
 
 static const struct cqhci_host_ops sdhci_msm_cqhci_ops = {
-	.enable		= sdhci_cqe_enable,
+	.enable		= sdhci_msm_cqe_enable,
 	.disable	= sdhci_msm_cqe_disable,
+#ifdef CONFIG_MMC_CRYPTO
+	.program_key	= sdhci_msm_program_key,
+#endif
 };
 
 static int sdhci_msm_cqe_add_host(struct sdhci_host *host,
@@ -1872,6 +2122,10 @@ static int sdhci_msm_cqe_add_host(struct sdhci_host *host,
 
 	dma64 = host->flags & SDHCI_USE_64_BIT_DMA;
 
+	ret = sdhci_msm_ice_init(msm_host, cq_host);
+	if (ret)
+		goto cleanup;
+
 	ret = cqhci_init(cq_host, host->mmc, dma64);
 	if (ret) {
 		dev_err(&pdev->dev, "%s: CQE init: failed (%d)\n",
@@ -2321,6 +2575,11 @@ static int sdhci_msm_probe(struct platform_device *pdev)
 		clk = NULL;
 	msm_host->bulk_clks[3].clk = clk;
 
+	clk = sdhci_msm_ice_get_clk(&pdev->dev);
+	if (IS_ERR(clk))
+		clk = NULL;
+	msm_host->bulk_clks[4].clk = clk;
+
 	ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks),
 				      msm_host->bulk_clks);
 	if (ret)
@@ -2531,12 +2790,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev)
 	 * Whenever core-clock is gated dynamically, it's needed to
 	 * restore the SDR DLL settings when the clock is ungated.
 	 */
-	if (msm_host->restore_dll_config && msm_host->clk_rate)
+	if (msm_host->restore_dll_config && msm_host->clk_rate) {
 		ret = sdhci_msm_restore_sdr_dll_config(host);
+		if (ret)
+			return ret;
+	}
 
 	dev_pm_opp_set_rate(dev, msm_host->clk_rate);
 
-	return ret;
+	return sdhci_msm_ice_resume(msm_host);
 }
 
 static const struct dev_pm_ops sdhci_msm_pm_ops = {
-- 
2.29.2

Re: [PATCH 8/8] mmc: sdhci-msm: add Inline Crypto Engine support

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 1746 bytes --]

Hi Eric,

I love your patch! Yet something to improve:

[auto build test ERROR on f8394f232b1eab649ce2df5c5f15b0e528c92091]

url:    https://github.com/0day-ci/linux/commits/Eric-Biggers/eMMC-inline-encryption-support/20201113-034356
base:    f8394f232b1eab649ce2df5c5f15b0e528c92091
config: parisc-allyesconfig (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/d1b20af644c3648a52d1dc7be21d7bd21fc5d854
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Eric-Biggers/eMMC-inline-encryption-support/20201113-034356
        git checkout d1b20af644c3648a52d1dc7be21d7bd21fc5d854
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=parisc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   hppa-linux-ld: drivers/firmware/qcom_scm-smc.o: in function `__scm_smc_do_quirk':
>> (.text+0x7c): undefined reference to `__arm_smccc_smc'
   hppa-linux-ld: drivers/firmware/qcom_scm-legacy.o: in function `scm_legacy_call':
   (.text+0x1a4): undefined reference to `__arm_smccc_smc'
   hppa-linux-ld: drivers/firmware/qcom_scm-legacy.o: in function `scm_legacy_call_atomic':
   (.text+0x434): undefined reference to `__arm_smccc_smc'

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 67238 bytes --]

Re: [PATCH 8/8] mmc: sdhci-msm: add Inline Crypto Engine support

[Eric Biggers]

On Thu, Nov 12, 2020 at 11:40:11AM -0800, Eric Biggers wrote:
> diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig
> index 31481c9fcc2ec..2ede2c86f173b 100644
> --- a/drivers/mmc/host/Kconfig
> +++ b/drivers/mmc/host/Kconfig
> @@ -544,6 +544,7 @@ config MMC_SDHCI_MSM
>  	depends on MMC_SDHCI_PLTFM
>  	select MMC_SDHCI_IO_ACCESSORS
>  	select MMC_CQHCI
> +	select QCOM_SCM if MMC_CRYPTO
>  	help
>  	  This selects the Secure Digital Host Controller Interface (SDHCI)
>  	  support present in Qualcomm SOCs. The controller supports

The kernel test robot reported linkage errors caused by QCOM_SCM being selected
without its dependency (ARM || ARM64).  I'll probably fix this by doing:

	select QCOM_SCM if MMC_CRYPTO && ARCH_QCOM

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

On Thu, Nov 12, 2020 at 11:40:03AM -0800, Eric Biggers wrote:
> Hello,
> 
> This patchset adds support for eMMC inline encryption, as specified by
> the upcoming version of the eMMC specification and as already
> implemented and used on many devices.  Building on that, it then adds
> Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.
> 
> Inline encryption hardware improves the performance of storage
> encryption and reduces power usage.  See
> Documentation/block/inline-encryption.rst for more information about
> inline encryption and the blk-crypto framework (upstreamed in v5.8)
> which supports it.  Most mobile devices already use UFS or eMMC inline
> encryption hardware; UFS support was already upstreamed in v5.9.
> 
> Patches 1-3 add support for the standard eMMC inline encryption.
> 
> However, as with UFS, host controller-specific patches are needed on top
> of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
> (Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.
> 
> To test this I took advantage of the recently upstreamed support for the
> Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
> project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
> particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
> a Debian chroot.  Among other things, these tests verified that the
> correct ciphertext is written to disk (the same as software encryption).
> 
> It will also be possible to add support for Mediatek eMMC inline
> encryption hardware in mtk-sd, and it should be easier than the Qualcomm
> hardware since the Mediatek hardware follows the standard more closely.
> I.e., patches 1-3 should be almost enough for the Mediatek hardware.
> However, I don't have the hardware to do this yet.
> 
> This patchset is based on v5.10-rc3, and it can also be retrieved from
> tag "mmc-crypto-v1" of
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
> 
> Note: the fscrypt inline encryption support is partially broken in
> v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
> https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org
> 
> Eric Biggers (8):
>   mmc: add basic support for inline encryption
>   mmc: cqhci: rename cqhci.c to cqhci-core.c
>   mmc: cqhci: add support for inline encryption
>   mmc: cqhci: add cqhci_host_ops::program_key
>   firmware: qcom_scm: update comment for ICE-related functions
>   dt-bindings: mmc: sdhci-msm: add ICE registers and clock
>   arm64: dts: qcom: sdm630: add ICE registers and clocks
>   mmc: sdhci-msm: add Inline Crypto Engine support

Any comments on this patchset?

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Adrian Hunter]

On 20/11/20 8:54 pm, Eric Biggers wrote:
> On Thu, Nov 12, 2020 at 11:40:03AM -0800, Eric Biggers wrote:
>> Hello,
>>
>> This patchset adds support for eMMC inline encryption, as specified by
>> the upcoming version of the eMMC specification and as already
>> implemented and used on many devices.  Building on that, it then adds
>> Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.
>>
>> Inline encryption hardware improves the performance of storage
>> encryption and reduces power usage.  See
>> Documentation/block/inline-encryption.rst for more information about
>> inline encryption and the blk-crypto framework (upstreamed in v5.8)
>> which supports it.  Most mobile devices already use UFS or eMMC inline
>> encryption hardware; UFS support was already upstreamed in v5.9.
>>
>> Patches 1-3 add support for the standard eMMC inline encryption.
>>
>> However, as with UFS, host controller-specific patches are needed on top
>> of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
>> (Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.
>>
>> To test this I took advantage of the recently upstreamed support for the
>> Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
>> project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
>> particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
>> a Debian chroot.  Among other things, these tests verified that the
>> correct ciphertext is written to disk (the same as software encryption).
>>
>> It will also be possible to add support for Mediatek eMMC inline
>> encryption hardware in mtk-sd, and it should be easier than the Qualcomm
>> hardware since the Mediatek hardware follows the standard more closely.
>> I.e., patches 1-3 should be almost enough for the Mediatek hardware.
>> However, I don't have the hardware to do this yet.
>>
>> This patchset is based on v5.10-rc3, and it can also be retrieved from
>> tag "mmc-crypto-v1" of
>> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
>>
>> Note: the fscrypt inline encryption support is partially broken in
>> v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
>> https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org
>>
>> Eric Biggers (8):
>>   mmc: add basic support for inline encryption
>>   mmc: cqhci: rename cqhci.c to cqhci-core.c
>>   mmc: cqhci: add support for inline encryption
>>   mmc: cqhci: add cqhci_host_ops::program_key
>>   firmware: qcom_scm: update comment for ICE-related functions
>>   dt-bindings: mmc: sdhci-msm: add ICE registers and clock
>>   arm64: dts: qcom: sdm630: add ICE registers and clocks
>>   mmc: sdhci-msm: add Inline Crypto Engine support
> 
> Any comments on this patchset?

I haven't had a chance to look at it properly, but I do have a couple of
dumb questions.  How do you ensure the host controller is not runtime
suspended when the key is programmed?  Are the keys lost when the host
controller is reset, and then how do you know the host controller does not
get reset after the key is programmed but before the I/O is submitted?

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

Hi Adrian,

On Fri, Nov 20, 2020 at 09:29:59PM +0200, Adrian Hunter wrote:
> I haven't had a chance to look at it properly, but I do have a couple of
> dumb questions.  How do you ensure the host controller is not runtime
> suspended when the key is programmed?

This is handled by the block layer, in block/keyslot-manager.c.  It ensures that
the device is resumed before calling blk_ksm_ll_ops::keyslot_program() or
blk_ksm_ll_ops::keyslot_evict().  See blk_ksm_hw_enter().

> Are the keys lost when the host controller is reset, and then how do you know
> the host controller does not get reset after the key is programmed but before
> the I/O is submitted?

As with UFS, keys might be lost when the host controller is reset, so we're
reprogramming all the keys when that happens.  See patch 1:

    mmc_set_initial_state()
        mmc_crypto_set_initial_state()
            blk_ksm_reprogram_all_keys()

(That's the intent, at least.  For MMC, I'm not sure if resets were properly
covered by the testing I've done so far.  But the code looks right to me.)

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Adrian Hunter]

On 20/11/20 9:44 pm, Eric Biggers wrote:
> Hi Adrian,
> 
> On Fri, Nov 20, 2020 at 09:29:59PM +0200, Adrian Hunter wrote:
>> I haven't had a chance to look at it properly, but I do have a couple of
>> dumb questions.  How do you ensure the host controller is not runtime
>> suspended when the key is programmed?
> 
> This is handled by the block layer, in block/keyslot-manager.c.  It ensures that
> the device is resumed before calling blk_ksm_ll_ops::keyslot_program() or
> blk_ksm_ll_ops::keyslot_evict().  See blk_ksm_hw_enter().

Cool, although cqhci is doing a lazy kind of resume, so maybe not be enabled
when a key is programmed?  Would that be a problem?

> 
>> Are the keys lost when the host controller is reset, and then how do you know
>> the host controller does not get reset after the key is programmed but before
>> the I/O is submitted?
> 
> As with UFS, keys might be lost when the host controller is reset, so we're
> reprogramming all the keys when that happens.  See patch 1:
> 
>     mmc_set_initial_state()
>         mmc_crypto_set_initial_state()
>             blk_ksm_reprogram_all_keys()
> 
> (That's the intent, at least.  For MMC, I'm not sure if resets were properly
> covered by the testing I've done so far.  But the code looks right to me.)

After reset, cqhci will not necessarily be enabled at this point.  Is that OK?

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

Hi Adrian,

On Mon, Nov 23, 2020 at 09:04:12AM +0200, Adrian Hunter wrote:
> On 20/11/20 9:44 pm, Eric Biggers wrote:
> > Hi Adrian,
> > 
> > On Fri, Nov 20, 2020 at 09:29:59PM +0200, Adrian Hunter wrote:
> >> I haven't had a chance to look at it properly, but I do have a couple of
> >> dumb questions.  How do you ensure the host controller is not runtime
> >> suspended when the key is programmed?
> > 
> > This is handled by the block layer, in block/keyslot-manager.c.  It ensures that
> > the device is resumed before calling blk_ksm_ll_ops::keyslot_program() or
> > blk_ksm_ll_ops::keyslot_evict().  See blk_ksm_hw_enter().
> 
> Cool, although cqhci is doing a lazy kind of resume, so maybe not be enabled
> when a key is programmed?  Would that be a problem?
> 
> > 
> >> Are the keys lost when the host controller is reset, and then how do you know
> >> the host controller does not get reset after the key is programmed but before
> >> the I/O is submitted?
> > 
> > As with UFS, keys might be lost when the host controller is reset, so we're
> > reprogramming all the keys when that happens.  See patch 1:
> > 
> >     mmc_set_initial_state()
> >         mmc_crypto_set_initial_state()
> >             blk_ksm_reprogram_all_keys()
> > 
> > (That's the intent, at least.  For MMC, I'm not sure if resets were properly
> > covered by the testing I've done so far.  But the code looks right to me.)
> 
> After reset, cqhci will not necessarily be enabled at this point.  Is that OK?

The hardware that I have (sdm630) appears to allow programming and evicting keys
even while CQHCI_CFG.CQHCI_ENABLE is clear, i.e. even when the CQE is "off".
I tested it using the patch below.

The eMMC specification isn't clear about this point.  But I'm thinking that the
crypto configuration registers (the keyslots) are probably supposed to work like
most of the other CQHCI registers, which can be written to while CQHCI_ENABLE is
clear.  Then setting CQHCI_ENABLE just enables the ability to actually issue
requests.  Likewise, setting CQHCI_CRYPTO_GENERAL_ENABLE just allows using
crypto in requests; it isn't needed to write to the crypto configurations.

For what it's worth, UFS crypto (which has been supported by upstream since
v5.9) works similarly.  Keys can be programmed while the UFS host is powered on,
even before it's "enabled".

But maybe someone interpreted the eMMC specification differently.  Hopefully
Mediatek can give some insight into how they implemented it, and test this
patchset on their hardware too.

Here's the patch I used to verify that sdm630 allows programming and evicting
keys even while the CQE is off:

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index eaf2f1074326..eb2d88d0b3ba 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -1406,6 +1406,9 @@ static void mmc_blk_cqe_complete_rq(struct mmc_queue *mq, struct request *req)
 
 	mmc_cqe_check_busy(mq);
 
+	if (mmc_tot_in_flight(mq) == 0 && host->cqe_on)
+		host->cqe_ops->cqe_off(host);
+
 	spin_unlock_irqrestore(&mq->lock, flags);
 
 	if (!mq->cqe_busy)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 6ce21414d510..70d8dbc6515f 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -1971,6 +1971,12 @@ static int sdhci_msm_program_key(struct cqhci_host *cq_host,
 	int i;
 	int err;
 
+	if (!cq_host->mmc->cqe_on) {
+		pr_info("@@@ cqe is off for %s slot %d\n",
+			(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE) ?
+			"program" : "evict", slot);
+	}
+
 	if (!(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE))
 		return qcom_scm_ice_invalidate_key(slot);

Re: [PATCH 0/8] eMMC inline encryption support

[Stanley Chu]

Hi Eric,

On Mon, 2020-11-23 at 18:01 -0800, Eric Biggers wrote:
> Hi Adrian,
> 
> On Mon, Nov 23, 2020 at 09:04:12AM +0200, Adrian Hunter wrote:
> > On 20/11/20 9:44 pm, Eric Biggers wrote:
> > > Hi Adrian,
> > > 
> > > On Fri, Nov 20, 2020 at 09:29:59PM +0200, Adrian Hunter wrote:
> > >> I haven't had a chance to look at it properly, but I do have a couple of
> > >> dumb questions.  How do you ensure the host controller is not runtime
> > >> suspended when the key is programmed?
> > > 
> > > This is handled by the block layer, in block/keyslot-manager.c.  It ensures that
> > > the device is resumed before calling blk_ksm_ll_ops::keyslot_program() or
> > > blk_ksm_ll_ops::keyslot_evict().  See blk_ksm_hw_enter().
> > 
> > Cool, although cqhci is doing a lazy kind of resume, so maybe not be enabled
> > when a key is programmed?  Would that be a problem?
> > 
> > > 
> > >> Are the keys lost when the host controller is reset, and then how do you know
> > >> the host controller does not get reset after the key is programmed but before
> > >> the I/O is submitted?
> > > 
> > > As with UFS, keys might be lost when the host controller is reset, so we're
> > > reprogramming all the keys when that happens.  See patch 1:
> > > 
> > >     mmc_set_initial_state()
> > >         mmc_crypto_set_initial_state()
> > >             blk_ksm_reprogram_all_keys()
> > > 
> > > (That's the intent, at least.  For MMC, I'm not sure if resets were properly
> > > covered by the testing I've done so far.  But the code looks right to me.)
> > 
> > After reset, cqhci will not necessarily be enabled at this point.  Is that OK?
> 
> The hardware that I have (sdm630) appears to allow programming and evicting keys
> even while CQHCI_CFG.CQHCI_ENABLE is clear, i.e. even when the CQE is "off".
> I tested it using the patch below.
> 
> The eMMC specification isn't clear about this point.  But I'm thinking that the
> crypto configuration registers (the keyslots) are probably supposed to work like
> most of the other CQHCI registers, which can be written to while CQHCI_ENABLE is
> clear.  Then setting CQHCI_ENABLE just enables the ability to actually issue
> requests.  Likewise, setting CQHCI_CRYPTO_GENERAL_ENABLE just allows using
> crypto in requests; it isn't needed to write to the crypto configurations.
> 
> For what it's worth, UFS crypto (which has been supported by upstream since
> v5.9) works similarly.  Keys can be programmed while the UFS host is powered on,
> even before it's "enabled".
> 
> But maybe someone interpreted the eMMC specification differently.  Hopefully
> Mediatek can give some insight into how they implemented it, and test this
> patchset on their hardware too.

MediaTek CQHCI also works in this way.

Complete test is on-going now and we will update the results as soon as
possible.

Thanks,
Stanley Chu

> 
> Here's the patch I used to verify that sdm630 allows programming and evicting
> keys even while the CQE is off:
> 
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index eaf2f1074326..eb2d88d0b3ba 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -1406,6 +1406,9 @@ static void mmc_blk_cqe_complete_rq(struct mmc_queue *mq, struct request *req)
>  
>  	mmc_cqe_check_busy(mq);
>  
> +	if (mmc_tot_in_flight(mq) == 0 && host->cqe_on)
> +		host->cqe_ops->cqe_off(host);
> +
>  	spin_unlock_irqrestore(&mq->lock, flags);
>  
>  	if (!mq->cqe_busy)
> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> index 6ce21414d510..70d8dbc6515f 100644
> --- a/drivers/mmc/host/sdhci-msm.c
> +++ b/drivers/mmc/host/sdhci-msm.c
> @@ -1971,6 +1971,12 @@ static int sdhci_msm_program_key(struct cqhci_host *cq_host,
>  	int i;
>  	int err;
>  
> +	if (!cq_host->mmc->cqe_on) {
> +		pr_info("@@@ cqe is off for %s slot %d\n",
> +			(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE) ?
> +			"program" : "evict", slot);
> +	}
> +
>  	if (!(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE))
>  		return qcom_scm_ice_invalidate_key(slot);

Re: [PATCH 0/8] eMMC inline encryption support

[Ulf Hansson]

On Fri, 20 Nov 2020 at 19:54, Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Thu, Nov 12, 2020 at 11:40:03AM -0800, Eric Biggers wrote:
> > Hello,
> >
> > This patchset adds support for eMMC inline encryption, as specified by
> > the upcoming version of the eMMC specification and as already
> > implemented and used on many devices.  Building on that, it then adds
> > Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.
> >
> > Inline encryption hardware improves the performance of storage
> > encryption and reduces power usage.  See
> > Documentation/block/inline-encryption.rst for more information about
> > inline encryption and the blk-crypto framework (upstreamed in v5.8)
> > which supports it.  Most mobile devices already use UFS or eMMC inline
> > encryption hardware; UFS support was already upstreamed in v5.9.
> >
> > Patches 1-3 add support for the standard eMMC inline encryption.
> >
> > However, as with UFS, host controller-specific patches are needed on top
> > of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
> > (Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.
> >
> > To test this I took advantage of the recently upstreamed support for the
> > Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
> > project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
> > particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
> > a Debian chroot.  Among other things, these tests verified that the
> > correct ciphertext is written to disk (the same as software encryption).
> >
> > It will also be possible to add support for Mediatek eMMC inline
> > encryption hardware in mtk-sd, and it should be easier than the Qualcomm
> > hardware since the Mediatek hardware follows the standard more closely.
> > I.e., patches 1-3 should be almost enough for the Mediatek hardware.
> > However, I don't have the hardware to do this yet.
> >
> > This patchset is based on v5.10-rc3, and it can also be retrieved from
> > tag "mmc-crypto-v1" of
> > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
> >
> > Note: the fscrypt inline encryption support is partially broken in
> > v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
> > https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org
> >
> > Eric Biggers (8):
> >   mmc: add basic support for inline encryption
> >   mmc: cqhci: rename cqhci.c to cqhci-core.c
> >   mmc: cqhci: add support for inline encryption
> >   mmc: cqhci: add cqhci_host_ops::program_key
> >   firmware: qcom_scm: update comment for ICE-related functions
> >   dt-bindings: mmc: sdhci-msm: add ICE registers and clock
> >   arm64: dts: qcom: sdm630: add ICE registers and clocks
> >   mmc: sdhci-msm: add Inline Crypto Engine support
>
> Any comments on this patchset?

I have been busy, but just wanted to let you know that I am moving to
start reviewing this series shortly.

I also need to catch up on the eMMC spec a bit, before I can provide
you with comments.

Kind regards
Uffe

Re: [PATCH 3/8] mmc: cqhci: add support for inline encryption

[Adrian Hunter]

On 12/11/20 9:40 pm, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Add support for eMMC inline encryption using the blk-crypto framework
> (Documentation/block/inline-encryption.rst).
> 
> eMMC inline encryption support is specified by the upcoming JEDEC eMMC
> v5.2 specification.  It is only specified for the CQ interface, not the
> non-CQ interface.  Although the eMMC v5.2 specification hasn't been
> officially released yet, the crypto support was already agreed on
> several years ago, and it was already implemented by at least two major
> hardware vendors.  Lots of hardware in the field already supports and
> uses it, e.g. Snapdragon 630 to give one example.
> 
> eMMC inline encryption support is very similar to the UFS inline
> encryption support which was standardized in the UFS v2.1 specification
> and was already upstreamed.  The only major difference is that eMMC
> limits data unit numbers to 32 bits, unlike UFS's 64 bits.
> 
> Like we did with UFS, make the crypto support opt-in by individual
> drivers; don't enable it automatically whenever the hardware declares
> crypto support.  This is necessary because in every case we've seen,
> some extra vendor-specific logic is needed to use the crypto support.
> 
> Co-developed-by: Satya Tangirala <satyat@google.com>
> Signed-off-by: Satya Tangirala <satyat@google.com>
> Signed-off-by: Eric Biggers <ebiggers@google.com>

One minor comment and a question below.

> ---
>  drivers/mmc/host/Makefile       |   1 +
>  drivers/mmc/host/cqhci-core.c   |  66 +++++++--
>  drivers/mmc/host/cqhci-crypto.c | 233 ++++++++++++++++++++++++++++++++
>  drivers/mmc/host/cqhci-crypto.h |  47 +++++++
>  drivers/mmc/host/cqhci.h        |  81 ++++++++++-
>  5 files changed, 416 insertions(+), 12 deletions(-)
>  create mode 100644 drivers/mmc/host/cqhci-crypto.c
>  create mode 100644 drivers/mmc/host/cqhci-crypto.h
> 
> diff --git a/drivers/mmc/host/Makefile b/drivers/mmc/host/Makefile
> index 20c2f9463d0dc..35158508ab63d 100644
> --- a/drivers/mmc/host/Makefile
> +++ b/drivers/mmc/host/Makefile
> @@ -105,6 +105,7 @@ obj-$(CONFIG_MMC_SDHCI_OMAP)		+= sdhci-omap.o
>  obj-$(CONFIG_MMC_SDHCI_SPRD)		+= sdhci-sprd.o
>  obj-$(CONFIG_MMC_CQHCI)			+= cqhci.o
>  cqhci-y					+= cqhci-core.o
> +cqhci-$(CONFIG_MMC_CRYPTO)		+= cqhci-crypto.o
>  obj-$(CONFIG_MMC_HSQ)			+= mmc_hsq.o
>  
>  ifeq ($(CONFIG_CB710_DEBUG),y)
> diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c
> index 697fe40756bf2..ac0f886b1e7d2 100644
> --- a/drivers/mmc/host/cqhci-core.c
> +++ b/drivers/mmc/host/cqhci-core.c
> @@ -18,6 +18,7 @@
>  #include <linux/mmc/card.h>
>  
>  #include "cqhci.h"
> +#include "cqhci-crypto.h"
>  
>  #define DCMD_SLOT 31
>  #define NUM_SLOTS 32
> @@ -258,6 +259,9 @@ static void __cqhci_enable(struct cqhci_host *cq_host)
>  	if (cq_host->caps & CQHCI_TASK_DESC_SZ_128)
>  		cqcfg |= CQHCI_TASK_DESC_SZ;
>  
> +	if (mmc->caps2 & MMC_CAP2_CRYPTO)
> +		cqcfg |= CQHCI_CRYPTO_GENERAL_ENABLE;
> +
>  	cqhci_writel(cq_host, cqcfg, CQHCI_CFG);
>  
>  	cqhci_writel(cq_host, lower_32_bits(cq_host->desc_dma_base),
> @@ -408,13 +412,15 @@ static void cqhci_disable(struct mmc_host *mmc)
>  }
>  
>  static void cqhci_prep_task_desc(struct mmc_request *mrq,
> -					u64 *data, bool intr)
> +				 struct cqhci_host *cq_host, int tag)

It would be neater if the changes to cqhci_prep_task_desc() parameters could
be a separate patch.

>  {
> +	__le64 *task_desc = (__le64 __force *)get_desc(cq_host, tag);
>  	u32 req_flags = mrq->data->flags;
> +	u64 desc0;
>  
> -	*data = CQHCI_VALID(1) |
> +	desc0 = CQHCI_VALID(1) |
>  		CQHCI_END(1) |
> -		CQHCI_INT(intr) |
> +		CQHCI_INT(1) |
>  		CQHCI_ACT(0x5) |
>  		CQHCI_FORCED_PROG(!!(req_flags & MMC_DATA_FORCED_PRG)) |
>  		CQHCI_DATA_TAG(!!(req_flags & MMC_DATA_DAT_TAG)) |
> @@ -425,8 +431,19 @@ static void cqhci_prep_task_desc(struct mmc_request *mrq,
>  		CQHCI_BLK_COUNT(mrq->data->blocks) |
>  		CQHCI_BLK_ADDR((u64)mrq->data->blk_addr);
>  
> -	pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx\n",
> -		 mmc_hostname(mrq->host), mrq->tag, (unsigned long long)*data);
> +	task_desc[0] = cpu_to_le64(desc0);
> +
> +	if (cq_host->caps & CQHCI_TASK_DESC_SZ_128) {
> +		u64 desc1 = cqhci_crypto_prep_task_desc(mrq);
> +
> +		task_desc[1] = cpu_to_le64(desc1);
> +
> +		pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx%016llx\n",
> +			 mmc_hostname(mrq->host), mrq->tag, desc1, desc0);
> +	} else {
> +		pr_debug("%s: cqhci: tag %d task descriptor 0x%016llx\n",
> +			 mmc_hostname(mrq->host), mrq->tag, desc0);
> +	}
>  }
>  
>  static int cqhci_dma_map(struct mmc_host *host, struct mmc_request *mrq)
> @@ -567,8 +584,6 @@ static inline int cqhci_tag(struct mmc_request *mrq)
>  static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq)
>  {
>  	int err = 0;
> -	u64 data = 0;
> -	u64 *task_desc = NULL;
>  	int tag = cqhci_tag(mrq);
>  	struct cqhci_host *cq_host = mmc->cqe_private;
>  	unsigned long flags;
> @@ -598,9 +613,8 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq)
>  	}
>  
>  	if (mrq->data) {
> -		task_desc = (__le64 __force *)get_desc(cq_host, tag);
> -		cqhci_prep_task_desc(mrq, &data, 1);
> -		*task_desc = cpu_to_le64(data);
> +		cqhci_prep_task_desc(mrq, cq_host, tag);
> +
>  		err = cqhci_prep_tran_desc(mrq, cq_host, tag);
>  		if (err) {
>  			pr_err("%s: cqhci: failed to setup tx desc: %d\n",
> @@ -671,6 +685,7 @@ static void cqhci_error_irq(struct mmc_host *mmc, u32 status, int cmd_error,
>  	struct cqhci_host *cq_host = mmc->cqe_private;
>  	struct cqhci_slot *slot;
>  	u32 terri;
> +	u32 tdpe;
>  	int tag;
>  
>  	spin_lock(&cq_host->lock);
> @@ -709,6 +724,27 @@ static void cqhci_error_irq(struct mmc_host *mmc, u32 status, int cmd_error,
>  		}
>  	}
>  
> +	/*
> +	 * Handle "Invalid Crypto Configuration Error".  This should never
> +	 * happen, since the block layer ensures that all crypto-enabled I/O
> +	 * requests have a valid keyslot before they reach the driver.
> +	 */
> +	if (status & CQHCI_IS_ICCE) {
> +		tdpe = cqhci_readl(cq_host, CQHCI_TDPE);
> +		WARN_ONCE(1,
> +			  "%s: cqhci: invalid crypto configuration error. IRQ status: 0x%08x TDPE: 0x%08x\n",
> +			  mmc_hostname(mmc), status, tdpe);
> +		while (tdpe != 0) {
> +			tag = __ffs(tdpe);
> +			tdpe &= ~(1 << tag);
> +			slot = &cq_host->slot[tag];
> +			if (!slot->mrq)
> +				continue;
> +			slot->flags = cqhci_error_flags(data_error, cmd_error);
> +			cqhci_recovery_needed(mmc, slot->mrq, true);
> +		}
> +	}
> +

What about GCE?

>  	if (!cq_host->recovery_halt) {
>  		/*
>  		 * The only way to guarantee forward progress is to mark at
> @@ -774,7 +810,8 @@ irqreturn_t cqhci_irq(struct mmc_host *mmc, u32 intmask, int cmd_error,
>  
>  	pr_debug("%s: cqhci: IRQ status: 0x%08x\n", mmc_hostname(mmc), status);
>  
> -	if ((status & CQHCI_IS_RED) || cmd_error || data_error)
> +	if ((status & (CQHCI_IS_RED | CQHCI_IS_GCE | CQHCI_IS_ICCE)) ||
> +	    cmd_error || data_error)
>  		cqhci_error_irq(mmc, status, cmd_error, data_error);
>  
>  	if (status & CQHCI_IS_TCC) {
> @@ -1141,6 +1178,13 @@ int cqhci_init(struct cqhci_host *cq_host, struct mmc_host *mmc,
>  		goto out_err;
>  	}
>  
> +	err = cqhci_crypto_init(cq_host);
> +	if (err) {
> +		pr_err("%s: CQHCI crypto initialization failed\n",
> +		       mmc_hostname(mmc));
> +		goto out_err;
> +	}
> +
>  	spin_lock_init(&cq_host->lock);
>  
>  	init_completion(&cq_host->halt_comp);
> diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
> new file mode 100644
> index 0000000000000..b14a5a15f5b52
> --- /dev/null
> +++ b/drivers/mmc/host/cqhci-crypto.c
> @@ -0,0 +1,233 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * CQHCI crypto engine (inline encryption) support
> + *
> + * Copyright 2020 Google LLC
> + */
> +
> +#include <linux/blk-crypto.h>
> +#include <linux/keyslot-manager.h>
> +#include <linux/mmc/host.h>
> +
> +#include "cqhci-crypto.h"
> +
> +/* Map from blk-crypto modes to CQHCI crypto algorithm IDs and key sizes */
> +static const struct cqhci_crypto_alg_entry {
> +	enum cqhci_crypto_alg alg;
> +	enum cqhci_crypto_key_size key_size;
> +} cqhci_crypto_algs[BLK_ENCRYPTION_MODE_MAX] = {
> +	[BLK_ENCRYPTION_MODE_AES_256_XTS] = {
> +		.alg = CQHCI_CRYPTO_ALG_AES_XTS,
> +		.key_size = CQHCI_CRYPTO_KEY_SIZE_256,
> +	},
> +};
> +
> +static inline struct cqhci_host *
> +cqhci_host_from_ksm(struct blk_keyslot_manager *ksm)
> +{
> +	struct mmc_host *mmc = container_of(ksm, struct mmc_host, ksm);
> +
> +	return mmc->cqe_private;
> +}
> +
> +static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
> +				     const union cqhci_crypto_cfg_entry *cfg,
> +				     int slot)
> +{
> +	u32 slot_offset = cq_host->crypto_cfg_register + slot * sizeof(*cfg);
> +	int i;
> +
> +	/* Clear CFGE */
> +	cqhci_writel(cq_host, 0, slot_offset + 16 * sizeof(cfg->reg_val[0]));
> +
> +	/* Write the key */
> +	for (i = 0; i < 16; i++) {
> +		cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[i]),
> +			     slot_offset + i * sizeof(cfg->reg_val[0]));
> +	}
> +	/* Write dword 17 */
> +	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[17]),
> +		     slot_offset + 17 * sizeof(cfg->reg_val[0]));
> +	/* Write dword 16, which includes the new value of CFGE */
> +	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[16]),
> +		     slot_offset + 16 * sizeof(cfg->reg_val[0]));
> +}
> +
> +static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
> +					const struct blk_crypto_key *key,
> +					unsigned int slot)
> +
> +{
> +	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
> +	const union cqhci_crypto_cap_entry *ccap_array =
> +		cq_host->crypto_cap_array;
> +	const struct cqhci_crypto_alg_entry *alg =
> +			&cqhci_crypto_algs[key->crypto_cfg.crypto_mode];
> +	u8 data_unit_mask = key->crypto_cfg.data_unit_size / 512;
> +	int i;
> +	int cap_idx = -1;
> +	union cqhci_crypto_cfg_entry cfg = {};
> +
> +	BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
> +	for (i = 0; i < cq_host->crypto_capabilities.num_crypto_cap; i++) {
> +		if (ccap_array[i].algorithm_id == alg->alg &&
> +		    ccap_array[i].key_size == alg->key_size &&
> +		    (ccap_array[i].sdus_mask & data_unit_mask)) {
> +			cap_idx = i;
> +			break;
> +		}
> +	}
> +	if (WARN_ON(cap_idx < 0))
> +		return -EOPNOTSUPP;
> +
> +	cfg.data_unit_size = data_unit_mask;
> +	cfg.crypto_cap_idx = cap_idx;
> +	cfg.config_enable = CQHCI_CRYPTO_CONFIGURATION_ENABLE;
> +
> +	if (ccap_array[cap_idx].algorithm_id == CQHCI_CRYPTO_ALG_AES_XTS) {
> +		/* In XTS mode, the blk_crypto_key's size is already doubled */
> +		memcpy(cfg.crypto_key, key->raw, key->size/2);
> +		memcpy(cfg.crypto_key + CQHCI_CRYPTO_KEY_MAX_SIZE/2,
> +		       key->raw + key->size/2, key->size/2);
> +	} else {
> +		memcpy(cfg.crypto_key, key->raw, key->size);
> +	}
> +
> +	cqhci_crypto_program_key(cq_host, &cfg, slot);
> +
> +	memzero_explicit(&cfg, sizeof(cfg));
> +	return 0;
> +}
> +
> +static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
> +{
> +	/*
> +	 * Clear the crypto cfg on the device. Clearing CFGE
> +	 * might not be sufficient, so just clear the entire cfg.
> +	 */
> +	union cqhci_crypto_cfg_entry cfg = {};
> +
> +	cqhci_crypto_program_key(cq_host, &cfg, slot);
> +}
> +
> +static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
> +				      const struct blk_crypto_key *key,
> +				      unsigned int slot)
> +{
> +	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
> +
> +	cqhci_crypto_clear_keyslot(cq_host, slot);
> +	return 0;
> +}
> +
> +static const struct blk_ksm_ll_ops cqhci_ksm_ops = {
> +	.keyslot_program	= cqhci_crypto_keyslot_program,
> +	.keyslot_evict		= cqhci_crypto_keyslot_evict,
> +};
> +
> +static enum blk_crypto_mode_num
> +cqhci_find_blk_crypto_mode(union cqhci_crypto_cap_entry cap)
> +{
> +	int i;
> +
> +	for (i = 0; i < ARRAY_SIZE(cqhci_crypto_algs); i++) {
> +		BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
> +		if (cqhci_crypto_algs[i].alg == cap.algorithm_id &&
> +		    cqhci_crypto_algs[i].key_size == cap.key_size)
> +			return i;
> +	}
> +	return BLK_ENCRYPTION_MODE_INVALID;
> +}
> +
> +/**
> + * cqhci_crypto_init - initialize CQHCI crypto support
> + * @cq_host: a cqhci host
> + *
> + * If the driver previously set MMC_CAP2_CRYPTO and the CQE declares
> + * CQHCI_CAP_CS, initialize the crypto support.  This involves reading the
> + * crypto capability registers, initializing the keyslot manager, clearing all
> + * keyslots, and enabling 128-bit task descriptors.
> + *
> + * Return: 0 if crypto was initialized or isn't supported; whether
> + *	   MMC_CAP2_CRYPTO remains set indicates which one of those cases it is.
> + *	   Also can return a negative errno value on unexpected error.
> + */
> +int cqhci_crypto_init(struct cqhci_host *cq_host)
> +{
> +	struct mmc_host *mmc = cq_host->mmc;
> +	struct device *dev = mmc_dev(mmc);
> +	struct blk_keyslot_manager *ksm = &mmc->ksm;
> +	unsigned int num_keyslots;
> +	unsigned int cap_idx;
> +	enum blk_crypto_mode_num blk_mode_num;
> +	unsigned int slot;
> +	int err = 0;
> +
> +	if (!(mmc->caps2 & MMC_CAP2_CRYPTO) ||
> +	    !(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS))
> +		goto out;
> +
> +	cq_host->crypto_capabilities.reg_val =
> +			cpu_to_le32(cqhci_readl(cq_host, CQHCI_CCAP));
> +
> +	cq_host->crypto_cfg_register =
> +		(u32)cq_host->crypto_capabilities.config_array_ptr * 0x100;
> +
> +	cq_host->crypto_cap_array =
> +		devm_kcalloc(dev, cq_host->crypto_capabilities.num_crypto_cap,
> +			     sizeof(cq_host->crypto_cap_array[0]), GFP_KERNEL);
> +	if (!cq_host->crypto_cap_array) {
> +		err = -ENOMEM;
> +		goto out;
> +	}
> +
> +	/*
> +	 * CCAP.CFGC is off by one, so the actual number of crypto
> +	 * configurations (a.k.a. keyslots) is CCAP.CFGC + 1.
> +	 */
> +	num_keyslots = cq_host->crypto_capabilities.config_count + 1;
> +
> +	err = blk_ksm_init(ksm, num_keyslots);
> +	if (err)
> +		goto out_free_caps;
> +
> +	ksm->ksm_ll_ops = cqhci_ksm_ops;
> +	ksm->dev = dev;
> +
> +	/* Unfortunately, CQHCI crypto only supports 32 DUN bits. */
> +	ksm->max_dun_bytes_supported = 4;
> +
> +	/*
> +	 * Cache all the crypto capabilities and advertise the supported crypto
> +	 * modes and data unit sizes to the block layer.
> +	 */
> +	for (cap_idx = 0; cap_idx < cq_host->crypto_capabilities.num_crypto_cap;
> +	     cap_idx++) {
> +		cq_host->crypto_cap_array[cap_idx].reg_val =
> +			cpu_to_le32(cqhci_readl(cq_host,
> +						CQHCI_CRYPTOCAP +
> +						cap_idx * sizeof(__le32)));
> +		blk_mode_num = cqhci_find_blk_crypto_mode(
> +					cq_host->crypto_cap_array[cap_idx]);
> +		if (blk_mode_num == BLK_ENCRYPTION_MODE_INVALID)
> +			continue;
> +		ksm->crypto_modes_supported[blk_mode_num] |=
> +			cq_host->crypto_cap_array[cap_idx].sdus_mask * 512;
> +	}
> +
> +	/* Clear all the keyslots so that we start in a known state. */
> +	for (slot = 0; slot < num_keyslots; slot++)
> +		cqhci_crypto_clear_keyslot(cq_host, slot);
> +
> +	/* CQHCI crypto requires the use of 128-bit task descriptors. */
> +	cq_host->caps |= CQHCI_TASK_DESC_SZ_128;
> +
> +	return 0;
> +
> +out_free_caps:
> +	devm_kfree(dev, cq_host->crypto_cap_array);
> +	cq_host->crypto_cap_array = NULL;
> +out:
> +	mmc->caps2 &= ~MMC_CAP2_CRYPTO;
> +	return err;
> +}
> diff --git a/drivers/mmc/host/cqhci-crypto.h b/drivers/mmc/host/cqhci-crypto.h
> new file mode 100644
> index 0000000000000..60b58ee0e6256
> --- /dev/null
> +++ b/drivers/mmc/host/cqhci-crypto.h
> @@ -0,0 +1,47 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * CQHCI crypto engine (inline encryption) support
> + *
> + * Copyright 2020 Google LLC
> + */
> +
> +#ifndef LINUX_MMC_CQHCI_CRYPTO_H
> +#define LINUX_MMC_CQHCI_CRYPTO_H
> +
> +#include <linux/mmc/host.h>
> +
> +#include "cqhci.h"
> +
> +#ifdef CONFIG_MMC_CRYPTO
> +
> +int cqhci_crypto_init(struct cqhci_host *host);
> +
> +/*
> + * Returns the crypto bits that should be set in bits 64-127 of the
> + * task descriptor.
> + */
> +static inline u64 cqhci_crypto_prep_task_desc(struct mmc_request *mrq)
> +{
> +	if (!mrq->crypto_enabled)
> +		return 0;
> +
> +	return CQHCI_CRYPTO_ENABLE_BIT |
> +	       CQHCI_CRYPTO_KEYSLOT(mrq->crypto_key_slot) |
> +	       mrq->data_unit_num;
> +}
> +
> +#else /* CONFIG_MMC_CRYPTO */
> +
> +static inline int cqhci_crypto_init(struct cqhci_host *host)
> +{
> +	return 0;
> +}
> +
> +static inline u64 cqhci_crypto_prep_task_desc(struct mmc_request *mrq)
> +{
> +	return 0;
> +}
> +
> +#endif /* !CONFIG_MMC_CRYPTO */
> +
> +#endif /* LINUX_MMC_CQHCI_CRYPTO_H */
> diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
> index 89bf6adbce8ca..5c18734624fea 100644
> --- a/drivers/mmc/host/cqhci.h
> +++ b/drivers/mmc/host/cqhci.h
> @@ -22,10 +22,13 @@
>  
>  /* capabilities */
>  #define CQHCI_CAP			0x04
> +#define CQHCI_CAP_CS			0x10000000 /* Crypto Support */
> +
>  /* configuration */
>  #define CQHCI_CFG			0x08
>  #define CQHCI_DCMD			0x00001000
>  #define CQHCI_TASK_DESC_SZ		0x00000100
> +#define CQHCI_CRYPTO_GENERAL_ENABLE	0x00000002
>  #define CQHCI_ENABLE			0x00000001
>  
>  /* control */
> @@ -39,8 +42,11 @@
>  #define CQHCI_IS_TCC			BIT(1)
>  #define CQHCI_IS_RED			BIT(2)
>  #define CQHCI_IS_TCL			BIT(3)
> +#define CQHCI_IS_GCE			BIT(4) /* General Crypto Error */
> +#define CQHCI_IS_ICCE			BIT(5) /* Invalid Crypto Config Error */
>  
> -#define CQHCI_IS_MASK (CQHCI_IS_TCC | CQHCI_IS_RED)
> +#define CQHCI_IS_MASK (CQHCI_IS_TCC | CQHCI_IS_RED | \
> +		       CQHCI_IS_GCE | CQHCI_IS_ICCE)
>  
>  /* interrupt status enable */
>  #define CQHCI_ISTE			0x14
> @@ -78,6 +84,9 @@
>  /* task clear */
>  #define CQHCI_TCLR			0x38
>  
> +/* task descriptor processing error */
> +#define CQHCI_TDPE			0x3c
> +
>  /* send status config 1 */
>  #define CQHCI_SSC1			0x40
>  #define CQHCI_SSC1_CBC_MASK		GENMASK(19, 16)
> @@ -107,6 +116,10 @@
>  /* command response argument */
>  #define CQHCI_CRA			0x5C
>  
> +/* crypto capabilities */
> +#define CQHCI_CCAP			0x100
> +#define CQHCI_CRYPTOCAP			0x104
> +
>  #define CQHCI_INT_ALL			0xF
>  #define CQHCI_IC_DEFAULT_ICCTH		31
>  #define CQHCI_IC_DEFAULT_ICTOVAL	1
> @@ -133,11 +146,71 @@
>  #define CQHCI_CMD_TIMING(x)		(((x) & 1) << 22)
>  #define CQHCI_RESP_TYPE(x)		(((x) & 0x3) << 23)
>  
> +/* crypto task descriptor fields (for bits 64-127 of task descriptor) */
> +#define CQHCI_CRYPTO_ENABLE_BIT		(1ULL << 47)
> +#define CQHCI_CRYPTO_KEYSLOT(x)		((u64)(x) << 32)
> +
>  /* transfer descriptor fields */
>  #define CQHCI_DAT_LENGTH(x)		(((x) & 0xFFFF) << 16)
>  #define CQHCI_DAT_ADDR_LO(x)		(((x) & 0xFFFFFFFF) << 32)
>  #define CQHCI_DAT_ADDR_HI(x)		(((x) & 0xFFFFFFFF) << 0)
>  
> +/* CCAP - Crypto Capability 100h */
> +union cqhci_crypto_capabilities {
> +	__le32 reg_val;
> +	struct {
> +		u8 num_crypto_cap;
> +		u8 config_count;
> +		u8 reserved;
> +		u8 config_array_ptr;
> +	};
> +};
> +
> +enum cqhci_crypto_key_size {
> +	CQHCI_CRYPTO_KEY_SIZE_INVALID	= 0,
> +	CQHCI_CRYPTO_KEY_SIZE_128	= 1,
> +	CQHCI_CRYPTO_KEY_SIZE_192	= 2,
> +	CQHCI_CRYPTO_KEY_SIZE_256	= 3,
> +	CQHCI_CRYPTO_KEY_SIZE_512	= 4,
> +};
> +
> +enum cqhci_crypto_alg {
> +	CQHCI_CRYPTO_ALG_AES_XTS		= 0,
> +	CQHCI_CRYPTO_ALG_BITLOCKER_AES_CBC	= 1,
> +	CQHCI_CRYPTO_ALG_AES_ECB		= 2,
> +	CQHCI_CRYPTO_ALG_ESSIV_AES_CBC		= 3,
> +};
> +
> +/* x-CRYPTOCAP - Crypto Capability X */
> +union cqhci_crypto_cap_entry {
> +	__le32 reg_val;
> +	struct {
> +		u8 algorithm_id;
> +		u8 sdus_mask; /* Supported data unit size mask */
> +		u8 key_size;
> +		u8 reserved;
> +	};
> +};
> +
> +#define CQHCI_CRYPTO_CONFIGURATION_ENABLE (1 << 7)
> +#define CQHCI_CRYPTO_KEY_MAX_SIZE 64
> +/* x-CRYPTOCFG - Crypto Configuration X */
> +union cqhci_crypto_cfg_entry {
> +	__le32 reg_val[32];
> +	struct {
> +		u8 crypto_key[CQHCI_CRYPTO_KEY_MAX_SIZE];
> +		/* 4KB/512 = 8 */
> +		u8 data_unit_size;
> +		u8 crypto_cap_idx;
> +		u8 reserved_1;
> +		u8 config_enable;
> +		u8 reserved_multi_host;
> +		u8 reserved_2;
> +		u8 vsb[2];
> +		u8 reserved_3[56];
> +	};
> +};
> +
>  struct cqhci_host_ops;
>  struct mmc_host;
>  struct mmc_request;
> @@ -196,6 +269,12 @@ struct cqhci_host {
>  	struct completion halt_comp;
>  	wait_queue_head_t wait_queue;
>  	struct cqhci_slot *slot;
> +
> +#ifdef CONFIG_MMC_CRYPTO
> +	union cqhci_crypto_capabilities crypto_capabilities;
> +	union cqhci_crypto_cap_entry *crypto_cap_array;
> +	u32 crypto_cfg_register;
> +#endif
>  };
>  
>  struct cqhci_host_ops {
> 

Re: [PATCH 2/8] mmc: cqhci: rename cqhci.c to cqhci-core.c

[Adrian Hunter]

On 12/11/20 9:40 pm, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Rename cqhci.c to cqhci-core.c so that another source file can be added
> to the cqhci module without having to rename the module.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Acked-by: Adrian Hunter <adrian.hunter@intel.com>

> ---
>  drivers/mmc/host/Makefile                  | 1 +
>  drivers/mmc/host/{cqhci.c => cqhci-core.c} | 0
>  2 files changed, 1 insertion(+)
>  rename drivers/mmc/host/{cqhci.c => cqhci-core.c} (100%)
> 
> diff --git a/drivers/mmc/host/Makefile b/drivers/mmc/host/Makefile
> index 451c25fc2c692..20c2f9463d0dc 100644
> --- a/drivers/mmc/host/Makefile
> +++ b/drivers/mmc/host/Makefile
> @@ -104,6 +104,7 @@ obj-$(CONFIG_MMC_SDHCI_BRCMSTB)		+= sdhci-brcmstb.o
>  obj-$(CONFIG_MMC_SDHCI_OMAP)		+= sdhci-omap.o
>  obj-$(CONFIG_MMC_SDHCI_SPRD)		+= sdhci-sprd.o
>  obj-$(CONFIG_MMC_CQHCI)			+= cqhci.o
> +cqhci-y					+= cqhci-core.o
>  obj-$(CONFIG_MMC_HSQ)			+= mmc_hsq.o
>  
>  ifeq ($(CONFIG_CB710_DEBUG),y)
> diff --git a/drivers/mmc/host/cqhci.c b/drivers/mmc/host/cqhci-core.c
> similarity index 100%
> rename from drivers/mmc/host/cqhci.c
> rename to drivers/mmc/host/cqhci-core.c
> 

Re: [PATCH 4/8] mmc: cqhci: add cqhci_host_ops::program_key

[Adrian Hunter]

On 12/11/20 9:40 pm, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> On Snapdragon SoCs, the Linux kernel isn't permitted to directly access
> the standard CQHCI crypto configuration registers.  Instead, programming
> and evicting keys must be done through vendor-specific SMC calls.
> 
> To support this hardware, add a ->program_key() method to
> 'struct cqhci_host_ops'.  This allows overriding the standard CQHCI
> crypto key programming / eviction procedure.
> 
> This is inspired by the corresponding UFS crypto support, which uses
> these same SMC calls.  See commit 1bc726e26ef3 ("scsi: ufs: Add
> program_key() variant op").
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Acked-by: Adrian Hunter <adrian.hunter@intel.com>

> ---
>  drivers/mmc/host/cqhci-crypto.c | 22 +++++++++++++---------
>  drivers/mmc/host/cqhci.h        |  4 ++++
>  2 files changed, 17 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
> index b14a5a15f5b52..5e3488c19f70e 100644
> --- a/drivers/mmc/host/cqhci-crypto.c
> +++ b/drivers/mmc/host/cqhci-crypto.c
> @@ -30,13 +30,16 @@ cqhci_host_from_ksm(struct blk_keyslot_manager *ksm)
>  	return mmc->cqe_private;
>  }
>  
> -static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
> -				     const union cqhci_crypto_cfg_entry *cfg,
> -				     int slot)
> +static int cqhci_crypto_program_key(struct cqhci_host *cq_host,
> +				    const union cqhci_crypto_cfg_entry *cfg,
> +				    int slot)
>  {
>  	u32 slot_offset = cq_host->crypto_cfg_register + slot * sizeof(*cfg);
>  	int i;
>  
> +	if (cq_host->ops->program_key)
> +		return cq_host->ops->program_key(cq_host, cfg, slot);
> +
>  	/* Clear CFGE */
>  	cqhci_writel(cq_host, 0, slot_offset + 16 * sizeof(cfg->reg_val[0]));
>  
> @@ -51,6 +54,7 @@ static void cqhci_crypto_program_key(struct cqhci_host *cq_host,
>  	/* Write dword 16, which includes the new value of CFGE */
>  	cqhci_writel(cq_host, le32_to_cpu(cfg->reg_val[16]),
>  		     slot_offset + 16 * sizeof(cfg->reg_val[0]));
> +	return 0;
>  }
>  
>  static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
> @@ -67,6 +71,7 @@ static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
>  	int i;
>  	int cap_idx = -1;
>  	union cqhci_crypto_cfg_entry cfg = {};
> +	int err;
>  
>  	BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
>  	for (i = 0; i < cq_host->crypto_capabilities.num_crypto_cap; i++) {
> @@ -93,13 +98,13 @@ static int cqhci_crypto_keyslot_program(struct blk_keyslot_manager *ksm,
>  		memcpy(cfg.crypto_key, key->raw, key->size);
>  	}
>  
> -	cqhci_crypto_program_key(cq_host, &cfg, slot);
> +	err = cqhci_crypto_program_key(cq_host, &cfg, slot);
>  
>  	memzero_explicit(&cfg, sizeof(cfg));
> -	return 0;
> +	return err;
>  }
>  
> -static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
> +static int cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
>  {
>  	/*
>  	 * Clear the crypto cfg on the device. Clearing CFGE
> @@ -107,7 +112,7 @@ static void cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot)
>  	 */
>  	union cqhci_crypto_cfg_entry cfg = {};
>  
> -	cqhci_crypto_program_key(cq_host, &cfg, slot);
> +	return cqhci_crypto_program_key(cq_host, &cfg, slot);
>  }
>  
>  static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
> @@ -116,8 +121,7 @@ static int cqhci_crypto_keyslot_evict(struct blk_keyslot_manager *ksm,
>  {
>  	struct cqhci_host *cq_host = cqhci_host_from_ksm(ksm);
>  
> -	cqhci_crypto_clear_keyslot(cq_host, slot);
> -	return 0;
> +	return cqhci_crypto_clear_keyslot(cq_host, slot);
>  }
>  
>  static const struct blk_ksm_ll_ops cqhci_ksm_ops = {
> diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
> index 5c18734624fea..ece997dd8bcc7 100644
> --- a/drivers/mmc/host/cqhci.h
> +++ b/drivers/mmc/host/cqhci.h
> @@ -287,6 +287,10 @@ struct cqhci_host_ops {
>  				 u64 *data);
>  	void (*pre_enable)(struct mmc_host *mmc);
>  	void (*post_disable)(struct mmc_host *mmc);
> +#ifdef CONFIG_MMC_CRYPTO
> +	int (*program_key)(struct cqhci_host *cq_host,
> +			   const union cqhci_crypto_cfg_entry *cfg, int slot);
> +#endif
>  };
>  
>  static inline void cqhci_writel(struct cqhci_host *host, u32 val, int reg)
> 

Re: [PATCH 8/8] mmc: sdhci-msm: add Inline Crypto Engine support

[Adrian Hunter]

On 12/11/20 9:40 pm, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Add support for Qualcomm Inline Crypto Engine (ICE) to sdhci-msm.
> 
> The standard-compliant parts, such as querying the crypto capabilities
> and enabling crypto for individual MMC requests, are already handled by
> cqhci-crypto.c, which itself is wired into the blk-crypto framework.
> However, ICE requires vendor-specific init, enable, and resume logic,
> and it requires that keys be programmed and evicted by vendor-specific
> SMC calls.  Make the sdhci-msm driver handle these details.
> 
> This is heavily inspired by the similar changes made for UFS, since the
> UFS and eMMC ICE instances are very similar.  See commit df4ec2fa7a4d
> ("scsi: ufs-qcom: Add Inline Crypto Engine support").
> 
> I tested this on a Sony Xperia 10, which uses the Snapdragon 630 SoC,
> which has basic upstream support.  Mainly, I used android-xfstests
> (https://github.com/tytso/xfstests-bld/blob/master/Documentation/android-xfstests.md)
> to run the ext4 and f2fs encryption tests in a Debian chroot:
> 
> 	android-xfstests -c ext4,f2fs -g encrypt -m inlinecrypt
> 
> These tests included tests which verify that the on-disk ciphertext is
> identical to that produced by a software implementation.  I also
> verified that ICE was actually being used.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Just 2 minor comments below

> ---
>  drivers/mmc/host/Kconfig     |   1 +
>  drivers/mmc/host/sdhci-msm.c | 270 ++++++++++++++++++++++++++++++++++-
>  2 files changed, 267 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig
> index 31481c9fcc2ec..2ede2c86f173b 100644
> --- a/drivers/mmc/host/Kconfig
> +++ b/drivers/mmc/host/Kconfig
> @@ -544,6 +544,7 @@ config MMC_SDHCI_MSM
>  	depends on MMC_SDHCI_PLTFM
>  	select MMC_SDHCI_IO_ACCESSORS
>  	select MMC_CQHCI
> +	select QCOM_SCM if MMC_CRYPTO
>  	help
>  	  This selects the Secure Digital Host Controller Interface (SDHCI)
>  	  support present in Qualcomm SOCs. The controller supports
> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> index 3451eb3255135..6ce21414d5104 100644
> --- a/drivers/mmc/host/sdhci-msm.c
> +++ b/drivers/mmc/host/sdhci-msm.c
> @@ -13,6 +13,7 @@
>  #include <linux/pm_opp.h>
>  #include <linux/slab.h>
>  #include <linux/iopoll.h>
> +#include <linux/qcom_scm.h>
>  #include <linux/regulator/consumer.h>
>  #include <linux/interconnect.h>
>  #include <linux/pinctrl/consumer.h>
> @@ -256,10 +257,12 @@ struct sdhci_msm_variant_info {
>  struct sdhci_msm_host {
>  	struct platform_device *pdev;
>  	void __iomem *core_mem;	/* MSM SDCC mapped address */
> +	void __iomem *ice_mem;	/* MSM ICE mapped address (if available) */
>  	int pwr_irq;		/* power irq */
>  	struct clk *bus_clk;	/* SDHC bus voter clock */
>  	struct clk *xo_clk;	/* TCXO clk needed for FLL feature of cm_dll*/
> -	struct clk_bulk_data bulk_clks[4]; /* core, iface, cal, sleep clocks */
> +	/* core, iface, cal, sleep, and ice clocks */
> +	struct clk_bulk_data bulk_clks[5];
>  	unsigned long clk_rate;
>  	struct mmc_host *mmc;
>  	struct opp_table *opp_table;
> @@ -1785,6 +1788,240 @@ static void sdhci_msm_set_clock(struct sdhci_host *host, unsigned int clock)
>  	__sdhci_msm_set_clock(host, clock);
>  }
>  
> +/*****************************************************************************\
> + *                                                                           *
> + * Inline Crypto Engine (ICE) support                                        *
> + *                                                                           *
> +\*****************************************************************************/
> +
> +#ifdef CONFIG_MMC_CRYPTO
> +
> +#define AES_256_XTS_KEY_SIZE			64
> +
> +/* QCOM ICE registers */
> +
> +#define QCOM_ICE_REG_VERSION			0x0008
> +
> +#define QCOM_ICE_REG_FUSE_SETTING		0x0010
> +#define QCOM_ICE_FUSE_SETTING_MASK		0x1
> +#define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK	0x2
> +#define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK	0x4
> +
> +#define QCOM_ICE_REG_BIST_STATUS		0x0070
> +#define QCOM_ICE_BIST_STATUS_MASK		0xF0000000
> +
> +#define QCOM_ICE_REG_ADVANCED_CONTROL		0x1000
> +
> +#define sdhci_msm_ice_writel(host, val, reg)	\
> +	writel((val), (host)->ice_mem + (reg))
> +#define sdhci_msm_ice_readl(host, reg)	\
> +	readl((host)->ice_mem + (reg))
> +
> +static bool sdhci_msm_ice_supported(struct sdhci_msm_host *msm_host)
> +{
> +	struct device *dev = mmc_dev(msm_host->mmc);
> +	u32 regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_VERSION);
> +	int major = regval >> 24;
> +	int minor = (regval >> 16) & 0xFF;
> +	int step = regval & 0xFFFF;
> +
> +	/* For now this driver only supports ICE version 3. */
> +	if (major != 3) {
> +		dev_warn(dev, "Unsupported ICE version: v%d.%d.%d\n",
> +			 major, minor, step);
> +		return false;
> +	}
> +
> +	dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n",
> +		 major, minor, step);
> +
> +	/* If fuses are blown, ICE might not work in the standard way. */
> +	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_FUSE_SETTING);
> +	if (regval & (QCOM_ICE_FUSE_SETTING_MASK |
> +		      QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK |
> +		      QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK)) {
> +		dev_warn(dev, "Fuses are blown; ICE is unusable!\n");
> +		return false;
> +	}
> +	return true;
> +}
> +
> +static inline struct clk *sdhci_msm_ice_get_clk(struct device *dev)
> +{
> +	return devm_clk_get(dev, "ice");
> +}
> +
> +static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
> +			      struct cqhci_host *cq_host)
> +{
> +	struct mmc_host *mmc = msm_host->mmc;
> +	struct device *dev = mmc_dev(mmc);
> +	struct resource *res;
> +	int err;
> +
> +	if (!(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS))
> +		return 0;
> +
> +	res = platform_get_resource_byname(msm_host->pdev, IORESOURCE_MEM,
> +					   "ice");
> +	if (!res) {
> +		dev_warn(dev, "ICE registers not found\n");
> +		goto disable;
> +	}
> +
> +	if (!qcom_scm_ice_available()) {
> +		dev_warn(dev, "ICE SCM interface not found\n");
> +		goto disable;
> +	}
> +
> +	msm_host->ice_mem = devm_ioremap_resource(dev, res);
> +	if (IS_ERR(msm_host->ice_mem)) {
> +		err = PTR_ERR(msm_host->ice_mem);
> +		dev_err(dev, "Failed to map ICE registers; err=%d\n", err);
> +		return err;
> +	}
> +
> +	if (!sdhci_msm_ice_supported(msm_host))
> +		goto disable;
> +
> +	mmc->caps2 |= MMC_CAP2_CRYPTO;
> +	return 0;
> +
> +disable:
> +	dev_warn(dev, "Disabling inline encryption support\n");
> +	return 0;
> +}
> +
> +static void sdhci_msm_ice_low_power_mode_enable(struct sdhci_msm_host *msm_host)
> +{
> +	u32 regval;
> +
> +	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_ADVANCED_CONTROL);
> +	/*
> +	 * Enable low power mode sequence
> +	 * [0]-0, [1]-0, [2]-0, [3]-E, [4]-0, [5]-0, [6]-0, [7]-0
> +	 */
> +	regval |= 0x7000;
> +	sdhci_msm_ice_writel(msm_host, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
> +}
> +
> +static void sdhci_msm_ice_optimization_enable(struct sdhci_msm_host *msm_host)
> +{
> +	u32 regval;
> +
> +	/* ICE Optimizations Enable Sequence */
> +	regval = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_ADVANCED_CONTROL);
> +	regval |= 0xD807100;
> +	/* ICE HPG requires delay before writing */
> +	udelay(5);
> +	sdhci_msm_ice_writel(msm_host, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
> +	udelay(5);
> +}
> +
> +/* Poll until all BIST (built-in self test) bits are reset */
> +static int sdhci_msm_ice_wait_bist_status(struct sdhci_msm_host *msm_host)
> +{
> +	int count;
> +	u32 reg;
> +
> +	for (count = 0; count < 100; count++) {
> +		reg = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_BIST_STATUS);
> +		if (!(reg & QCOM_ICE_BIST_STATUS_MASK))
> +			break;
> +		udelay(50);

usleep_range ?

Also could use read_poll_timeout() here

> +	}
> +	if (reg) {
> +		dev_err(mmc_dev(msm_host->mmc),
> +			"Timed out waiting for ICE self-test to complete\n");
> +		return -ETIMEDOUT;
> +	}
> +	return 0;
> +}
> +
> +static void sdhci_msm_ice_enable(struct sdhci_msm_host *msm_host)
> +{
> +	if (!(msm_host->mmc->caps2 & MMC_CAP2_CRYPTO))
> +		return;
> +	sdhci_msm_ice_low_power_mode_enable(msm_host);
> +	sdhci_msm_ice_optimization_enable(msm_host);
> +	sdhci_msm_ice_wait_bist_status(msm_host);
> +}
> +
> +static int __maybe_unused sdhci_msm_ice_resume(struct sdhci_msm_host *msm_host)
> +{
> +	if (!(msm_host->mmc->caps2 & MMC_CAP2_CRYPTO))
> +		return 0;
> +	return sdhci_msm_ice_wait_bist_status(msm_host);
> +}
> +
> +/*
> + * Program a key into a QC ICE keyslot, or evict a keyslot.  QC ICE requires
> + * vendor-specific SCM calls for this; it doesn't support the standard way.
> + */
> +static int sdhci_msm_program_key(struct cqhci_host *cq_host,
> +				 const union cqhci_crypto_cfg_entry *cfg,
> +				 int slot)
> +{
> +	struct device *dev = mmc_dev(cq_host->mmc);
> +	union cqhci_crypto_cap_entry cap;
> +	union {
> +		u8 bytes[AES_256_XTS_KEY_SIZE];
> +		u32 words[AES_256_XTS_KEY_SIZE / sizeof(u32)];
> +	} key;
> +	int i;
> +	int err;
> +
> +	if (!(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE))
> +		return qcom_scm_ice_invalidate_key(slot);
> +
> +	/* Only AES-256-XTS has been tested so far. */
> +	cap = cq_host->crypto_cap_array[cfg->crypto_cap_idx];
> +	if (cap.algorithm_id != CQHCI_CRYPTO_ALG_AES_XTS ||
> +	    cap.key_size != CQHCI_CRYPTO_KEY_SIZE_256) {
> +		dev_err_ratelimited(dev,
> +				    "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n",
> +				    cap.algorithm_id, cap.key_size);
> +		return -EINVAL;
> +	}
> +
> +	memcpy(key.bytes, cfg->crypto_key, AES_256_XTS_KEY_SIZE);
> +
> +	/*
> +	 * The SCM call byte-swaps the 32-bit words of the key.  So we have to
> +	 * do the same, in order for the final key be correct.
> +	 */
> +	for (i = 0; i < ARRAY_SIZE(key.words); i++)
> +		__cpu_to_be32s(&key.words[i]);
> +
> +	err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE,
> +				   QCOM_SCM_ICE_CIPHER_AES_256_XTS,
> +				   cfg->data_unit_size);
> +	memzero_explicit(&key, sizeof(key));
> +	return err;
> +}
> +#else /* CONFIG_MMC_CRYPTO */
> +static inline struct clk *sdhci_msm_ice_get_clk(struct device *dev)
> +{
> +	return NULL;
> +}
> +
> +static inline int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
> +				     struct cqhci_host *cq_host)
> +{
> +	return 0;
> +}
> +
> +static inline void sdhci_msm_ice_enable(struct sdhci_msm_host *msm_host)
> +{
> +}
> +
> +static inline int __maybe_unused
> +sdhci_msm_ice_resume(struct sdhci_msm_host *msm_host)
> +{
> +	return 0;
> +}
> +#endif /* !CONFIG_MMC_CRYPTO */
> +
>  /*****************************************************************************\
>   *                                                                           *
>   * MSM Command Queue Engine (CQE)                                            *
> @@ -1803,6 +2040,16 @@ static u32 sdhci_msm_cqe_irq(struct sdhci_host *host, u32 intmask)
>  	return 0;
>  }
>  
> +static void sdhci_msm_cqe_enable(struct mmc_host *mmc)
> +{
> +	struct sdhci_host *host = mmc_priv(mmc);
> +	struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> +	struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> +
> +	sdhci_cqe_enable(mmc);
> +	sdhci_msm_ice_enable(msm_host);
> +}
> +
>  static void sdhci_msm_cqe_disable(struct mmc_host *mmc, bool recovery)
>  {
>  	struct sdhci_host *host = mmc_priv(mmc);
> @@ -1835,8 +2082,11 @@ static void sdhci_msm_cqe_disable(struct mmc_host *mmc, bool recovery)
>  }
>  
>  static const struct cqhci_host_ops sdhci_msm_cqhci_ops = {
> -	.enable		= sdhci_cqe_enable,
> +	.enable		= sdhci_msm_cqe_enable,
>  	.disable	= sdhci_msm_cqe_disable,
> +#ifdef CONFIG_MMC_CRYPTO
> +	.program_key	= sdhci_msm_program_key,
> +#endif
>  };
>  
>  static int sdhci_msm_cqe_add_host(struct sdhci_host *host,
> @@ -1872,6 +2122,10 @@ static int sdhci_msm_cqe_add_host(struct sdhci_host *host,
>  
>  	dma64 = host->flags & SDHCI_USE_64_BIT_DMA;
>  
> +	ret = sdhci_msm_ice_init(msm_host, cq_host);
> +	if (ret)
> +		goto cleanup;
> +
>  	ret = cqhci_init(cq_host, host->mmc, dma64);
>  	if (ret) {
>  		dev_err(&pdev->dev, "%s: CQE init: failed (%d)\n",
> @@ -2321,6 +2575,11 @@ static int sdhci_msm_probe(struct platform_device *pdev)
>  		clk = NULL;
>  	msm_host->bulk_clks[3].clk = clk;
>  
> +	clk = sdhci_msm_ice_get_clk(&pdev->dev);
> +	if (IS_ERR(clk))
> +		clk = NULL;
> +	msm_host->bulk_clks[4].clk = clk;
> +
>  	ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks),
>  				      msm_host->bulk_clks);
>  	if (ret)
> @@ -2531,12 +2790,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev)
>  	 * Whenever core-clock is gated dynamically, it's needed to
>  	 * restore the SDR DLL settings when the clock is ungated.
>  	 */
> -	if (msm_host->restore_dll_config && msm_host->clk_rate)
> +	if (msm_host->restore_dll_config && msm_host->clk_rate) {
>  		ret = sdhci_msm_restore_sdr_dll_config(host);
> +		if (ret)
> +			return ret;
> +	}
>  
>  	dev_pm_opp_set_rate(dev, msm_host->clk_rate);
>  
> -	return ret;
> +	return sdhci_msm_ice_resume(msm_host);
>  }
>  
>  static const struct dev_pm_ops sdhci_msm_pm_ops = {
> 

Re: [PATCH 1/8] mmc: add basic support for inline encryption

[Adrian Hunter]

On 12/11/20 9:40 pm, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> In preparation for adding CQHCI crypto engine (inline encryption)
> support, add the code required to make mmc_core and mmc_block aware of
> inline encryption.  Specifically:
> 
> - Add a capability flag MMC_CAP2_CRYPTO to struct mmc_host.  Drivers
>   will set this if the host and driver support inline encryption.
> 
> - Embed a blk_keyslot_manager in struct mmc_host.  Drivers will
>   initialize this if the host and driver support inline encryption.
>   mmc_block registers this keyslot manager with the request_queue of any
>   MMC card attached to the host.  mmc_core destroys this keyslot manager
>   when freeing the mmc_host.
> 
> - Make mmc_block copy the crypto keyslot and crypto data unit number
>   from struct request to struct mmc_request, so that drivers will have
>   access to them.
> 
> - If the MMC host is reset, reprogram all the keyslots to ensure that
>   the software state stays in sync with the hardware state.
> 
> Co-developed-by: Satya Tangirala <satyat@google.com>
> Signed-off-by: Satya Tangirala <satyat@google.com>
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Acked-by: Adrian Hunter <adrian.hunter@intel.com>

> ---
>  drivers/mmc/core/Kconfig  |  8 ++++++
>  drivers/mmc/core/Makefile |  1 +
>  drivers/mmc/core/block.c  |  3 +++
>  drivers/mmc/core/core.c   |  3 +++
>  drivers/mmc/core/crypto.c | 54 +++++++++++++++++++++++++++++++++++++++
>  drivers/mmc/core/crypto.h | 46 +++++++++++++++++++++++++++++++++
>  drivers/mmc/core/host.c   |  2 ++
>  drivers/mmc/core/queue.c  |  3 +++
>  include/linux/mmc/core.h  |  6 +++++
>  include/linux/mmc/host.h  |  7 +++++
>  10 files changed, 133 insertions(+)
>  create mode 100644 drivers/mmc/core/crypto.c
>  create mode 100644 drivers/mmc/core/crypto.h
> 
> diff --git a/drivers/mmc/core/Kconfig b/drivers/mmc/core/Kconfig
> index c12fe13e4b147..ae8b69aee6190 100644
> --- a/drivers/mmc/core/Kconfig
> +++ b/drivers/mmc/core/Kconfig
> @@ -81,3 +81,11 @@ config MMC_TEST
>  	  This driver is only of interest to those developing or
>  	  testing a host driver. Most people should say N here.
>  
> +config MMC_CRYPTO
> +	bool "MMC Crypto Engine Support"
> +	depends on BLK_INLINE_ENCRYPTION
> +	help
> +	  Enable Crypto Engine Support in MMC.
> +	  Enabling this makes it possible for the kernel to use the crypto
> +	  capabilities of the MMC device (if present) to perform crypto
> +	  operations on data being transferred to/from the device.
> diff --git a/drivers/mmc/core/Makefile b/drivers/mmc/core/Makefile
> index 95ffe008ebdf8..6a907736cd7a5 100644
> --- a/drivers/mmc/core/Makefile
> +++ b/drivers/mmc/core/Makefile
> @@ -18,3 +18,4 @@ obj-$(CONFIG_MMC_BLOCK)		+= mmc_block.o
>  mmc_block-objs			:= block.o queue.o
>  obj-$(CONFIG_MMC_TEST)		+= mmc_test.o
>  obj-$(CONFIG_SDIO_UART)		+= sdio_uart.o
> +mmc_core-$(CONFIG_MMC_CRYPTO)	+= crypto.o
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index 8d3df0be0355c..eaf2f10743260 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -51,6 +51,7 @@
>  #include "block.h"
>  #include "core.h"
>  #include "card.h"
> +#include "crypto.h"
>  #include "host.h"
>  #include "bus.h"
>  #include "mmc_ops.h"
> @@ -1247,6 +1248,8 @@ static void mmc_blk_data_prep(struct mmc_queue *mq, struct mmc_queue_req *mqrq,
>  
>  	memset(brq, 0, sizeof(struct mmc_blk_request));
>  
> +	mmc_crypto_prepare_req(mqrq);
> +
>  	brq->mrq.data = &brq->data;
>  	brq->mrq.tag = req->tag;
>  
> diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
> index d42037f0f10d7..275de270232b3 100644
> --- a/drivers/mmc/core/core.c
> +++ b/drivers/mmc/core/core.c
> @@ -37,6 +37,7 @@
>  
>  #include "core.h"
>  #include "card.h"
> +#include "crypto.h"
>  #include "bus.h"
>  #include "host.h"
>  #include "sdio_bus.h"
> @@ -992,6 +993,8 @@ void mmc_set_initial_state(struct mmc_host *host)
>  		host->ops->hs400_enhanced_strobe(host, &host->ios);
>  
>  	mmc_set_ios(host);
> +
> +	mmc_crypto_set_initial_state(host);
>  }
>  
>  /**
> diff --git a/drivers/mmc/core/crypto.c b/drivers/mmc/core/crypto.c
> new file mode 100644
> index 0000000000000..4f47eb4740db0
> --- /dev/null
> +++ b/drivers/mmc/core/crypto.c
> @@ -0,0 +1,54 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * MMC crypto engine (inline encryption) support
> + *
> + * Copyright 2020 Google LLC
> + */
> +
> +#include <linux/blk-crypto.h>
> +#include <linux/mmc/host.h>
> +
> +#include "core.h"
> +#include "crypto.h"
> +#include "queue.h"
> +
> +void mmc_crypto_set_initial_state(struct mmc_host *host)
> +{
> +	/* Reset might clear all keys, so reprogram all the keys. */
> +	if (host->caps2 & MMC_CAP2_CRYPTO)
> +		blk_ksm_reprogram_all_keys(&host->ksm);
> +}
> +
> +void mmc_crypto_free_host(struct mmc_host *host)
> +{
> +	if (host->caps2 & MMC_CAP2_CRYPTO)
> +		blk_ksm_destroy(&host->ksm);
> +}
> +
> +void mmc_crypto_setup_queue(struct request_queue *q, struct mmc_host *host)
> +{
> +	if (host->caps2 & MMC_CAP2_CRYPTO)
> +		blk_ksm_register(&host->ksm, q);
> +}
> +EXPORT_SYMBOL_GPL(mmc_crypto_setup_queue);
> +
> +void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq)
> +{
> +	struct request *req = mmc_queue_req_to_req(mqrq);
> +	struct mmc_request *mrq = &mqrq->brq.mrq;
> +
> +	if (!req->crypt_keyslot)
> +		return;
> +
> +	mrq->crypto_enabled = true;
> +	mrq->crypto_key_slot = blk_ksm_get_slot_idx(req->crypt_keyslot);
> +
> +	/*
> +	 * For now we assume that all MMC drivers set max_dun_bytes_supported=4,
> +	 * which is the limit for CQHCI crypto.  So all DUNs should be 32-bit.
> +	 */
> +	WARN_ON_ONCE(req->crypt_ctx->bc_dun[0] > U32_MAX);
> +
> +	mrq->data_unit_num = req->crypt_ctx->bc_dun[0];
> +}
> +EXPORT_SYMBOL_GPL(mmc_crypto_prepare_req);
> diff --git a/drivers/mmc/core/crypto.h b/drivers/mmc/core/crypto.h
> new file mode 100644
> index 0000000000000..4780639b832f4
> --- /dev/null
> +++ b/drivers/mmc/core/crypto.h
> @@ -0,0 +1,46 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * MMC crypto engine (inline encryption) support
> + *
> + * Copyright 2020 Google LLC
> + */
> +
> +#ifndef _MMC_CORE_CRYPTO_H
> +#define _MMC_CORE_CRYPTO_H
> +
> +struct mmc_host;
> +struct mmc_queue_req;
> +struct request_queue;
> +
> +#ifdef CONFIG_MMC_CRYPTO
> +
> +void mmc_crypto_set_initial_state(struct mmc_host *host);
> +
> +void mmc_crypto_free_host(struct mmc_host *host);
> +
> +void mmc_crypto_setup_queue(struct request_queue *q, struct mmc_host *host);
> +
> +void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq);
> +
> +#else /* CONFIG_MMC_CRYPTO */
> +
> +static inline void mmc_crypto_set_initial_state(struct mmc_host *host)
> +{
> +}
> +
> +static inline void mmc_crypto_free_host(struct mmc_host *host)
> +{
> +}
> +
> +static inline void mmc_crypto_setup_queue(struct request_queue *q,
> +					  struct mmc_host *host)
> +{
> +}
> +
> +static inline void mmc_crypto_prepare_req(struct mmc_queue_req *mqrq)
> +{
> +}
> +
> +#endif /* !CONFIG_MMC_CRYPTO */
> +
> +#endif /* _MMC_CORE_CRYPTO_H */
> diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c
> index 96b2ca1f1b06d..d962b9ca0e37a 100644
> --- a/drivers/mmc/core/host.c
> +++ b/drivers/mmc/core/host.c
> @@ -25,6 +25,7 @@
>  #include <linux/mmc/slot-gpio.h>
>  
>  #include "core.h"
> +#include "crypto.h"
>  #include "host.h"
>  #include "slot-gpio.h"
>  #include "pwrseq.h"
> @@ -532,6 +533,7 @@ EXPORT_SYMBOL(mmc_remove_host);
>   */
>  void mmc_free_host(struct mmc_host *host)
>  {
> +	mmc_crypto_free_host(host);
>  	mmc_pwrseq_free(host);
>  	put_device(&host->class_dev);
>  }
> diff --git a/drivers/mmc/core/queue.c b/drivers/mmc/core/queue.c
> index de7cb0369c308..d96db852bb91a 100644
> --- a/drivers/mmc/core/queue.c
> +++ b/drivers/mmc/core/queue.c
> @@ -19,6 +19,7 @@
>  #include "block.h"
>  #include "core.h"
>  #include "card.h"
> +#include "crypto.h"
>  #include "host.h"
>  
>  #define MMC_DMA_MAP_MERGE_SEGMENTS	512
> @@ -405,6 +406,8 @@ static void mmc_setup_queue(struct mmc_queue *mq, struct mmc_card *card)
>  	mutex_init(&mq->complete_lock);
>  
>  	init_waitqueue_head(&mq->wait);
> +
> +	mmc_crypto_setup_queue(mq->queue, host);
>  }
>  
>  static inline bool mmc_merge_capable(struct mmc_host *host)
> diff --git a/include/linux/mmc/core.h b/include/linux/mmc/core.h
> index 29aa507116261..ab19245e99451 100644
> --- a/include/linux/mmc/core.h
> +++ b/include/linux/mmc/core.h
> @@ -162,6 +162,12 @@ struct mmc_request {
>  	bool			cap_cmd_during_tfr;
>  
>  	int			tag;
> +
> +#ifdef CONFIG_MMC_CRYPTO
> +	bool			crypto_enabled;
> +	int			crypto_key_slot;
> +	u32			data_unit_num;
> +#endif
>  };
>  
>  struct mmc_card;
> diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
> index c079b932330f2..550460bf1b37c 100644
> --- a/include/linux/mmc/host.h
> +++ b/include/linux/mmc/host.h
> @@ -15,6 +15,7 @@
>  #include <linux/mmc/card.h>
>  #include <linux/mmc/pm.h>
>  #include <linux/dma-direction.h>
> +#include <linux/keyslot-manager.h>
>  
>  struct mmc_ios {
>  	unsigned int	clock;			/* clock rate */
> @@ -377,6 +378,7 @@ struct mmc_host {
>  #define MMC_CAP2_CQE_DCMD	(1 << 24)	/* CQE can issue a direct command */
>  #define MMC_CAP2_AVOID_3_3V	(1 << 25)	/* Host must negotiate down from 3.3V */
>  #define MMC_CAP2_MERGE_CAPABLE	(1 << 26)	/* Host can merge a segment over the segment size */
> +#define MMC_CAP2_CRYPTO		(1 << 27)	/* Host supports inline encryption */
>  
>  	int			fixed_drv_type;	/* fixed driver type for non-removable media */
>  
> @@ -471,6 +473,11 @@ struct mmc_host {
>  	bool			cqe_enabled;
>  	bool			cqe_on;
>  
> +	/* Inline encryption support */
> +#ifdef CONFIG_MMC_CRYPTO
> +	struct blk_keyslot_manager ksm;
> +#endif
> +
>  	/* Host Software Queue support */
>  	bool			hsq_enabled;
>  
> 

Re: [PATCH 3/8] mmc: cqhci: add support for inline encryption

[Eric Biggers]

On Wed, Dec 02, 2020 at 03:14:25PM +0200, Adrian Hunter wrote:
> >  static void cqhci_prep_task_desc(struct mmc_request *mrq,
> > -					u64 *data, bool intr)
> > +				 struct cqhci_host *cq_host, int tag)
> 
> It would be neater if the changes to cqhci_prep_task_desc() parameters could
> be a separate patch.
> 

I'll move it to a separate patch
"mmc: cqhci: initialize upper 64 bits of 128-bit task descriptors".

> > @@ -709,6 +724,27 @@ static void cqhci_error_irq(struct mmc_host *mmc, u32 status, int cmd_error,
> >  		}
> >  	}
> >  
> > +	/*
> > +	 * Handle "Invalid Crypto Configuration Error".  This should never
> > +	 * happen, since the block layer ensures that all crypto-enabled I/O
> > +	 * requests have a valid keyslot before they reach the driver.
> > +	 */
> > +	if (status & CQHCI_IS_ICCE) {
> > +		tdpe = cqhci_readl(cq_host, CQHCI_TDPE);
> > +		WARN_ONCE(1,
> > +			  "%s: cqhci: invalid crypto configuration error. IRQ status: 0x%08x TDPE: 0x%08x\n",
> > +			  mmc_hostname(mmc), status, tdpe);
> > +		while (tdpe != 0) {
> > +			tag = __ffs(tdpe);
> > +			tdpe &= ~(1 << tag);
> > +			slot = &cq_host->slot[tag];
> > +			if (!slot->mrq)
> > +				continue;
> > +			slot->flags = cqhci_error_flags(data_error, cmd_error);
> > +			cqhci_recovery_needed(mmc, slot->mrq, true);
> > +		}
> > +	}
> > +
> 
> What about GCE?

I don't think anything more is needed for GCE (General Crypto Error).  As per
the eMMC specification, GCE occurs during the execution of a task, and task
error information is stored in the TERRI register -- just like some of the
non-crypto related errors.  This patch already updates cqhci_irq() to call
cqhci_error_irq() if the GCE bit is set, and cqhci_error_irq() already handles
task errors by checking the TERRI register.  Also, cqhci_irq() already
acknowledges all interrupts, including GCE.

So I think GCE is handled correctly, though I don't currently have a way to
actually test it.

- Eric

Re: [PATCH 8/8] mmc: sdhci-msm: add Inline Crypto Engine support

[Eric Biggers]

On Wed, Dec 02, 2020 at 03:56:21PM +0200, Adrian Hunter wrote:
> > +/* Poll until all BIST (built-in self test) bits are reset */
> > +static int sdhci_msm_ice_wait_bist_status(struct sdhci_msm_host *msm_host)
> > +{
> > +	int count;
> > +	u32 reg;
> > +
> > +	for (count = 0; count < 100; count++) {
> > +		reg = sdhci_msm_ice_readl(msm_host, QCOM_ICE_REG_BIST_STATUS);
> > +		if (!(reg & QCOM_ICE_BIST_STATUS_MASK))
> > +			break;
> > +		udelay(50);
> 
> usleep_range ?
> 
> Also could use read_poll_timeout() here
> 

I'll change it to use readl_poll_timeout().

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

On Thu, Dec 17, 2020 at 05:21:32PM +0800, Peng.Zhou wrote:
> 
> On Wed, 2020-11-25 at 17:03 +0800, Stanley Chu wrote:
> > Hi Eric,
> > 
> > On Mon, 2020-11-23 at 18:01 -0800, Eric Biggers wrote:
> > > Hi Adrian,
> > > 
> > > On Mon, Nov 23, 2020 at 09:04:12AM +0200, Adrian Hunter wrote:
> > > > On 20/11/20 9:44 pm, Eric Biggers wrote:
> > > > > Hi Adrian,
> > > > > 
> > > > > On Fri, Nov 20, 2020 at 09:29:59PM +0200, Adrian Hunter wrote:
> > > > >> I haven't had a chance to look at it properly, but I do have a couple of
> > > > >> dumb questions.  How do you ensure the host controller is not runtime
> > > > >> suspended when the key is programmed?
> > > > > 
> > > > > This is handled by the block layer, in block/keyslot-manager.c.  It ensures that
> > > > > the device is resumed before calling blk_ksm_ll_ops::keyslot_program() or
> > > > > blk_ksm_ll_ops::keyslot_evict().  See blk_ksm_hw_enter().
> > > > 
> > > > Cool, although cqhci is doing a lazy kind of resume, so maybe not be enabled
> > > > when a key is programmed?  Would that be a problem?
> > > > 
> > > > > 
> > > > >> Are the keys lost when the host controller is reset, and then how do you know
> > > > >> the host controller does not get reset after the key is programmed but before
> > > > >> the I/O is submitted?
> > > > > 
> > > > > As with UFS, keys might be lost when the host controller is reset, so we're
> > > > > reprogramming all the keys when that happens.  See patch 1:
> > > > > 
> > > > >     mmc_set_initial_state()
> > > > >         mmc_crypto_set_initial_state()
> > > > >             blk_ksm_reprogram_all_keys()
> > > > > 
> > > > > (That's the intent, at least.  For MMC, I'm not sure if resets were properly
> > > > > covered by the testing I've done so far.  But the code looks right to me.)
> > > > 
> > > > After reset, cqhci will not necessarily be enabled at this point.  Is that OK?
> > > 
> > > The hardware that I have (sdm630) appears to allow programming and evicting keys
> > > even while CQHCI_CFG.CQHCI_ENABLE is clear, i.e. even when the CQE is "off".
> > > I tested it using the patch below.
> > > 
> > > The eMMC specification isn't clear about this point.  But I'm thinking that the
> > > crypto configuration registers (the keyslots) are probably supposed to work like
> > > most of the other CQHCI registers, which can be written to while CQHCI_ENABLE is
> > > clear.  Then setting CQHCI_ENABLE just enables the ability to actually issue
> > > requests.  Likewise, setting CQHCI_CRYPTO_GENERAL_ENABLE just allows using
> > > crypto in requests; it isn't needed to write to the crypto configurations.
> > > 
> > > For what it's worth, UFS crypto (which has been supported by upstream since
> > > v5.9) works similarly.  Keys can be programmed while the UFS host is powered on,
> > > even before it's "enabled".
> > > 
> > > But maybe someone interpreted the eMMC specification differently.  Hopefully
> > > Mediatek can give some insight into how they implemented it, and test this
> > > patchset on their hardware too.
> > 
> > MediaTek CQHCI also works in this way.
> > 
> > Complete test is on-going now and we will update the results as soon as
> > possible.
> > 
> > Thanks,
> > Stanley Chu
> > 
> > > 
> > > Here's the patch I used to verify that sdm630 allows programming and evicting
> > > keys even while the CQE is off:
> > > 
> > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > index eaf2f1074326..eb2d88d0b3ba 100644
> > > --- a/drivers/mmc/core/block.c
> > > +++ b/drivers/mmc/core/block.c
> > > @@ -1406,6 +1406,9 @@ static void mmc_blk_cqe_complete_rq(struct mmc_queue *mq, struct request *req)
> > >  
> > >  	mmc_cqe_check_busy(mq);
> > >  
> > > +	if (mmc_tot_in_flight(mq) == 0 && host->cqe_on)
> > > +		host->cqe_ops->cqe_off(host);
> > > +
> > >  	spin_unlock_irqrestore(&mq->lock, flags);
> > >  
> > >  	if (!mq->cqe_busy)
> > > diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> > > index 6ce21414d510..70d8dbc6515f 100644
> > > --- a/drivers/mmc/host/sdhci-msm.c
> > > +++ b/drivers/mmc/host/sdhci-msm.c
> > > @@ -1971,6 +1971,12 @@ static int sdhci_msm_program_key(struct cqhci_host *cq_host,
> > >  	int i;
> > >  	int err;
> > >  
> > > +	if (!cq_host->mmc->cqe_on) {
> > > +		pr_info("@@@ cqe is off for %s slot %d\n",
> > > +			(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE) ?
> > > +			"program" : "evict", slot);
> > > +	}
> > > +
> > >  	if (!(cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE))
> > >  		return qcom_scm_ice_invalidate_key(slot);
> > 
> > 
> 
> Hi Eric,
> 
> I also have a question about reprogramming keys scenarios, if some SoC
> vensors' eMMC host will power down or something else like that keys will
> be lost after runtime suspend, that means we must do reprogramming keys
> in runtime resume, right? Do you think that we should add it in
> cqhci-core layer(such as __cqhci_enable()) or every SoC vendor's host
> driver resume path?
> 

The keys should only be lost on reset, not on runtime suspend.  So I believe the
code I've proposed is sufficient.

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

On Fri, Dec 18, 2020 at 07:40:41AM +0800, Peng.Zhou wrote:
> > > Hi Eric,
> > > 
> > > I also have a question about reprogramming keys scenarios, if some SoC
> > > vensors' eMMC host will power down or something else like that keys will
> > > be lost after runtime suspend, that means we must do reprogramming keys
> > > in runtime resume, right? Do you think that we should add it in
> > > cqhci-core layer(such as __cqhci_enable()) or every SoC vendor's host
> > > driver resume path?
> > > 
> > 
> > The keys should only be lost on reset, not on runtime suspend.  So I believe the
> > code I've proposed is sufficient.
> > 
> > - Eric
> 
> That's a little too absolute for me...anyway that's my concern for much
> more SoC vendors who want to be compatible with your framework in
> future.Thank you for explanation.

But the current approach works on all the hardware that's been tested so far,
right?  And programming the keys can take a long time, so it shouldn't be done
unnecessarily.  (I've heard it's fairly fast on Mediatek SoCs.  However, with
Qualcomm ICE it takes longer.)

It seems that host controller configuration typically doesn't get lost during
runtime suspend, and the keyslots are no exception to that.

And if (hypothetically) a host controller that adds crypto support in the future
actually does need to restore the keys during runtime resume, it can just do it
in its ->runtime_resume() method.

So from what I can see, there isn't anything else we should do for now.

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Eric Biggers]

On Wed, Nov 25, 2020 at 10:56:42AM +0100, Ulf Hansson wrote:
> On Fri, 20 Nov 2020 at 19:54, Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > On Thu, Nov 12, 2020 at 11:40:03AM -0800, Eric Biggers wrote:
> > > Hello,
> > >
> > > This patchset adds support for eMMC inline encryption, as specified by
> > > the upcoming version of the eMMC specification and as already
> > > implemented and used on many devices.  Building on that, it then adds
> > > Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.
> > >
> > > Inline encryption hardware improves the performance of storage
> > > encryption and reduces power usage.  See
> > > Documentation/block/inline-encryption.rst for more information about
> > > inline encryption and the blk-crypto framework (upstreamed in v5.8)
> > > which supports it.  Most mobile devices already use UFS or eMMC inline
> > > encryption hardware; UFS support was already upstreamed in v5.9.
> > >
> > > Patches 1-3 add support for the standard eMMC inline encryption.
> > >
> > > However, as with UFS, host controller-specific patches are needed on top
> > > of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
> > > (Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.
> > >
> > > To test this I took advantage of the recently upstreamed support for the
> > > Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
> > > project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
> > > particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
> > > a Debian chroot.  Among other things, these tests verified that the
> > > correct ciphertext is written to disk (the same as software encryption).
> > >
> > > It will also be possible to add support for Mediatek eMMC inline
> > > encryption hardware in mtk-sd, and it should be easier than the Qualcomm
> > > hardware since the Mediatek hardware follows the standard more closely.
> > > I.e., patches 1-3 should be almost enough for the Mediatek hardware.
> > > However, I don't have the hardware to do this yet.
> > >
> > > This patchset is based on v5.10-rc3, and it can also be retrieved from
> > > tag "mmc-crypto-v1" of
> > > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
> > >
> > > Note: the fscrypt inline encryption support is partially broken in
> > > v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
> > > https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org
> > >
> > > Eric Biggers (8):
> > >   mmc: add basic support for inline encryption
> > >   mmc: cqhci: rename cqhci.c to cqhci-core.c
> > >   mmc: cqhci: add support for inline encryption
> > >   mmc: cqhci: add cqhci_host_ops::program_key
> > >   firmware: qcom_scm: update comment for ICE-related functions
> > >   dt-bindings: mmc: sdhci-msm: add ICE registers and clock
> > >   arm64: dts: qcom: sdm630: add ICE registers and clocks
> > >   mmc: sdhci-msm: add Inline Crypto Engine support
> >
> > Any comments on this patchset?
> 
> I have been busy, but just wanted to let you know that I am moving to
> start reviewing this series shortly.
> 
> I also need to catch up on the eMMC spec a bit, before I can provide
> you with comments.
> 
> Kind regards
> Uffe

Ulf, are you still planning to review this patchset?  I just sent out v4 of this
patchset based on v5.11-rc2, but not a lot has changed from previous versions,
since people have generally seemed happy with it.  Any chance that you will
apply it for 5.12?  Thanks!

- Eric

Re: [PATCH 0/8] eMMC inline encryption support

[Ulf Hansson]

On Mon, 4 Jan 2021 at 21:46, Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Wed, Nov 25, 2020 at 10:56:42AM +0100, Ulf Hansson wrote:
> > On Fri, 20 Nov 2020 at 19:54, Eric Biggers <ebiggers@kernel.org> wrote:
> > >
> > > On Thu, Nov 12, 2020 at 11:40:03AM -0800, Eric Biggers wrote:
> > > > Hello,
> > > >
> > > > This patchset adds support for eMMC inline encryption, as specified by
> > > > the upcoming version of the eMMC specification and as already
> > > > implemented and used on many devices.  Building on that, it then adds
> > > > Qualcomm ICE support and wires it up for the Snapdragon 630 SoC.
> > > >
> > > > Inline encryption hardware improves the performance of storage
> > > > encryption and reduces power usage.  See
> > > > Documentation/block/inline-encryption.rst for more information about
> > > > inline encryption and the blk-crypto framework (upstreamed in v5.8)
> > > > which supports it.  Most mobile devices already use UFS or eMMC inline
> > > > encryption hardware; UFS support was already upstreamed in v5.9.
> > > >
> > > > Patches 1-3 add support for the standard eMMC inline encryption.
> > > >
> > > > However, as with UFS, host controller-specific patches are needed on top
> > > > of the standard support.  Therefore, patches 4-8 add Qualcomm ICE
> > > > (Inline Crypto Engine) support and wire it up on the Snapdragon 630 SoC.
> > > >
> > > > To test this I took advantage of the recently upstreamed support for the
> > > > Snapdragon 630 SoC, plus work-in-progress patches from the SoMainline
> > > > project (https://github.com/SoMainline/linux/tree/konrad/v5.10-rc3).  In
> > > > particular, I was able to run the fscrypt xfstests for ext4 and f2fs in
> > > > a Debian chroot.  Among other things, these tests verified that the
> > > > correct ciphertext is written to disk (the same as software encryption).
> > > >
> > > > It will also be possible to add support for Mediatek eMMC inline
> > > > encryption hardware in mtk-sd, and it should be easier than the Qualcomm
> > > > hardware since the Mediatek hardware follows the standard more closely.
> > > > I.e., patches 1-3 should be almost enough for the Mediatek hardware.
> > > > However, I don't have the hardware to do this yet.
> > > >
> > > > This patchset is based on v5.10-rc3, and it can also be retrieved from
> > > > tag "mmc-crypto-v1" of
> > > > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
> > > >
> > > > Note: the fscrypt inline encryption support is partially broken in
> > > > v5.10-rc3, so for testing a fscrypt fix needs to be applied too:
> > > > https://lkml.kernel.org/r/20201111015224.303073-1-ebiggers@kernel.org
> > > >
> > > > Eric Biggers (8):
> > > >   mmc: add basic support for inline encryption
> > > >   mmc: cqhci: rename cqhci.c to cqhci-core.c
> > > >   mmc: cqhci: add support for inline encryption
> > > >   mmc: cqhci: add cqhci_host_ops::program_key
> > > >   firmware: qcom_scm: update comment for ICE-related functions
> > > >   dt-bindings: mmc: sdhci-msm: add ICE registers and clock
> > > >   arm64: dts: qcom: sdm630: add ICE registers and clocks
> > > >   mmc: sdhci-msm: add Inline Crypto Engine support
> > >
> > > Any comments on this patchset?
> >
> > I have been busy, but just wanted to let you know that I am moving to
> > start reviewing this series shortly.
> >
> > I also need to catch up on the eMMC spec a bit, before I can provide
> > you with comments.
> >
> > Kind regards
> > Uffe
>
> Ulf, are you still planning to review this patchset?  I just sent out v4 of this
> patchset based on v5.11-rc2, but not a lot has changed from previous versions,
> since people have generally seemed happy with it.  Any chance that you will
> apply it for 5.12?  Thanks!

My apologies for the delay. I certainly appreciate the review that's
been done by people and I intend to have a look myself within the
coming week.

I definitely think it should be possible to get this queued for v5.12,
unless I find some very weird things, which I doubt.

Kind regards
Uffe