From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Andy Gross <agross@kernel.org>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konrad.dybcio@linaro.org>,
Elliot Berman <quic_eberman@quicinc.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
Guru Das Srinagesh <quic_gurus@quicinc.com>,
Andrew Halaney <ahalaney@redhat.com>,
Maximilian Luz <luzmaximilian@gmail.com>,
Alex Elder <elder@linaro.org>,
Srini Kandagatla <srinivas.kandagatla@linaro.org>,
Arnd Bergmann <arnd@arndb.de>
Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kernel@quicinc.com,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
Deepti Jaggi <quic_djaggi@quicinc.com>
Subject: [PATCH v8 10/12] firmware: qcom: tzmem: enable SHM Bridge support
Date: Sun, 3 Mar 2024 16:01:13 +0100 [thread overview]
Message-ID: <20240303150115.133633-11-brgl@bgdev.pl> (raw)
In-Reply-To: <20240303150115.133633-1-brgl@bgdev.pl>
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
SHM Bridge is a safety mechanism allowing to limit the amount of memory
shared between the kernel and the TrustZone to regions explicitly marked
as such.
Add a variant of the tzmem allocator that configures the memory pools as
SHM bridges. It also enables the SHM bridge globally so non-SHM bridge
memory will no longer work with SCM calls.
If enabled at build-time, it will still be checked for availability at
run-time. If the architecture doesn't support SHM Bridge, the allocator
will fall back to the generic mode.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
Tested-by: Deepti Jaggi <quic_djaggi@quicinc.com> #sa8775p-ride
Reviewed-by: Elliot Berman <quic_eberman@quicinc.com>
---
drivers/firmware/qcom/Kconfig | 10 +++++
drivers/firmware/qcom/qcom_tzmem.c | 65 +++++++++++++++++++++++++++++-
2 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/qcom/Kconfig b/drivers/firmware/qcom/Kconfig
index 4634f8cecc7b..7f6eb4174734 100644
--- a/drivers/firmware/qcom/Kconfig
+++ b/drivers/firmware/qcom/Kconfig
@@ -28,6 +28,16 @@ config QCOM_TZMEM_MODE_GENERIC
Use the generic allocator mode. The memory is page-aligned, non-cachable
and physically contiguous.
+config QCOM_TZMEM_MODE_SHMBRIDGE
+ bool "SHM Bridge"
+ help
+ Use Qualcomm Shared Memory Bridge. The memory has the same alignment as
+ in the 'Generic' allocator but is also explicitly marked as an SHM Bridge
+ buffer.
+
+ With this selected, all buffers passed to the TrustZone must be allocated
+ using the TZMem allocator or else the TrustZone will refuse to use them.
+
endchoice
config QCOM_SCM_DOWNLOAD_MODE_DEFAULT
diff --git a/drivers/firmware/qcom/qcom_tzmem.c b/drivers/firmware/qcom/qcom_tzmem.c
index 23f364afa6ca..244615e8c505 100644
--- a/drivers/firmware/qcom/qcom_tzmem.c
+++ b/drivers/firmware/qcom/qcom_tzmem.c
@@ -67,7 +67,70 @@ static void qcom_tzmem_cleanup_area(struct qcom_tzmem_area *area)
}
-#endif /* CONFIG_QCOM_TZMEM_MODE_GENERIC */
+#elif IS_ENABLED(CONFIG_QCOM_TZMEM_MODE_SHMBRIDGE)
+
+#include <linux/firmware/qcom/qcom_scm.h>
+
+#define QCOM_SHM_BRIDGE_NUM_VM_SHIFT 9
+
+static bool qcom_tzmem_using_shm_bridge;
+
+static int qcom_tzmem_init(void)
+{
+ int ret;
+
+ ret = qcom_scm_shm_bridge_enable();
+ if (ret == -EOPNOTSUPP) {
+ dev_info(qcom_tzmem_dev, "SHM Bridge not supported\n");
+ return 0;
+ }
+
+ if (!ret)
+ qcom_tzmem_using_shm_bridge = true;
+
+ return ret;
+}
+
+static int qcom_tzmem_init_area(struct qcom_tzmem_area *area)
+{
+ u64 pfn_and_ns_perm, ipfn_and_s_perm, size_and_flags, ns_perms;
+ int ret;
+
+ if (!qcom_tzmem_using_shm_bridge)
+ return 0;
+
+ ns_perms = (QCOM_SCM_PERM_WRITE | QCOM_SCM_PERM_READ);
+ pfn_and_ns_perm = (u64)area->paddr | ns_perms;
+ ipfn_and_s_perm = (u64)area->paddr | ns_perms;
+ size_and_flags = area->size | (1 << QCOM_SHM_BRIDGE_NUM_VM_SHIFT);
+
+ u64 *handle __free(kfree) = kzalloc(sizeof(*handle), GFP_KERNEL);
+ if (!handle)
+ return -ENOMEM;
+
+ ret = qcom_scm_shm_bridge_create(qcom_tzmem_dev, pfn_and_ns_perm,
+ ipfn_and_s_perm, size_and_flags,
+ QCOM_SCM_VMID_HLOS, handle);
+ if (ret)
+ return ret;
+
+ area->priv = no_free_ptr(handle);
+
+ return 0;
+}
+
+static void qcom_tzmem_cleanup_area(struct qcom_tzmem_area *area)
+{
+ u64 *handle = area->priv;
+
+ if (!qcom_tzmem_using_shm_bridge)
+ return;
+
+ qcom_scm_shm_bridge_delete(qcom_tzmem_dev, *handle);
+ kfree(handle);
+}
+
+#endif /* CONFIG_QCOM_TZMEM_MODE_SHMBRIDGE */
static int qcom_tzmem_pool_add_memory(struct qcom_tzmem_pool *pool,
size_t size, gfp_t gfp)
--
2.40.1
WARNING: multiple messages have this Message-ID (diff)
From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Andy Gross <agross@kernel.org>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konrad.dybcio@linaro.org>,
Elliot Berman <quic_eberman@quicinc.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
Guru Das Srinagesh <quic_gurus@quicinc.com>,
Andrew Halaney <ahalaney@redhat.com>,
Maximilian Luz <luzmaximilian@gmail.com>,
Alex Elder <elder@linaro.org>,
Srini Kandagatla <srinivas.kandagatla@linaro.org>,
Arnd Bergmann <arnd@arndb.de>
Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kernel@quicinc.com,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
Deepti Jaggi <quic_djaggi@quicinc.com>
Subject: [PATCH v8 10/12] firmware: qcom: tzmem: enable SHM Bridge support
Date: Sun, 3 Mar 2024 16:01:13 +0100 [thread overview]
Message-ID: <20240303150115.133633-11-brgl@bgdev.pl> (raw)
In-Reply-To: <20240303150115.133633-1-brgl@bgdev.pl>
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
SHM Bridge is a safety mechanism allowing to limit the amount of memory
shared between the kernel and the TrustZone to regions explicitly marked
as such.
Add a variant of the tzmem allocator that configures the memory pools as
SHM bridges. It also enables the SHM bridge globally so non-SHM bridge
memory will no longer work with SCM calls.
If enabled at build-time, it will still be checked for availability at
run-time. If the architecture doesn't support SHM Bridge, the allocator
will fall back to the generic mode.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
Tested-by: Deepti Jaggi <quic_djaggi@quicinc.com> #sa8775p-ride
Reviewed-by: Elliot Berman <quic_eberman@quicinc.com>
---
drivers/firmware/qcom/Kconfig | 10 +++++
drivers/firmware/qcom/qcom_tzmem.c | 65 +++++++++++++++++++++++++++++-
2 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/qcom/Kconfig b/drivers/firmware/qcom/Kconfig
index 4634f8cecc7b..7f6eb4174734 100644
--- a/drivers/firmware/qcom/Kconfig
+++ b/drivers/firmware/qcom/Kconfig
@@ -28,6 +28,16 @@ config QCOM_TZMEM_MODE_GENERIC
Use the generic allocator mode. The memory is page-aligned, non-cachable
and physically contiguous.
+config QCOM_TZMEM_MODE_SHMBRIDGE
+ bool "SHM Bridge"
+ help
+ Use Qualcomm Shared Memory Bridge. The memory has the same alignment as
+ in the 'Generic' allocator but is also explicitly marked as an SHM Bridge
+ buffer.
+
+ With this selected, all buffers passed to the TrustZone must be allocated
+ using the TZMem allocator or else the TrustZone will refuse to use them.
+
endchoice
config QCOM_SCM_DOWNLOAD_MODE_DEFAULT
diff --git a/drivers/firmware/qcom/qcom_tzmem.c b/drivers/firmware/qcom/qcom_tzmem.c
index 23f364afa6ca..244615e8c505 100644
--- a/drivers/firmware/qcom/qcom_tzmem.c
+++ b/drivers/firmware/qcom/qcom_tzmem.c
@@ -67,7 +67,70 @@ static void qcom_tzmem_cleanup_area(struct qcom_tzmem_area *area)
}
-#endif /* CONFIG_QCOM_TZMEM_MODE_GENERIC */
+#elif IS_ENABLED(CONFIG_QCOM_TZMEM_MODE_SHMBRIDGE)
+
+#include <linux/firmware/qcom/qcom_scm.h>
+
+#define QCOM_SHM_BRIDGE_NUM_VM_SHIFT 9
+
+static bool qcom_tzmem_using_shm_bridge;
+
+static int qcom_tzmem_init(void)
+{
+ int ret;
+
+ ret = qcom_scm_shm_bridge_enable();
+ if (ret == -EOPNOTSUPP) {
+ dev_info(qcom_tzmem_dev, "SHM Bridge not supported\n");
+ return 0;
+ }
+
+ if (!ret)
+ qcom_tzmem_using_shm_bridge = true;
+
+ return ret;
+}
+
+static int qcom_tzmem_init_area(struct qcom_tzmem_area *area)
+{
+ u64 pfn_and_ns_perm, ipfn_and_s_perm, size_and_flags, ns_perms;
+ int ret;
+
+ if (!qcom_tzmem_using_shm_bridge)
+ return 0;
+
+ ns_perms = (QCOM_SCM_PERM_WRITE | QCOM_SCM_PERM_READ);
+ pfn_and_ns_perm = (u64)area->paddr | ns_perms;
+ ipfn_and_s_perm = (u64)area->paddr | ns_perms;
+ size_and_flags = area->size | (1 << QCOM_SHM_BRIDGE_NUM_VM_SHIFT);
+
+ u64 *handle __free(kfree) = kzalloc(sizeof(*handle), GFP_KERNEL);
+ if (!handle)
+ return -ENOMEM;
+
+ ret = qcom_scm_shm_bridge_create(qcom_tzmem_dev, pfn_and_ns_perm,
+ ipfn_and_s_perm, size_and_flags,
+ QCOM_SCM_VMID_HLOS, handle);
+ if (ret)
+ return ret;
+
+ area->priv = no_free_ptr(handle);
+
+ return 0;
+}
+
+static void qcom_tzmem_cleanup_area(struct qcom_tzmem_area *area)
+{
+ u64 *handle = area->priv;
+
+ if (!qcom_tzmem_using_shm_bridge)
+ return;
+
+ qcom_scm_shm_bridge_delete(qcom_tzmem_dev, *handle);
+ kfree(handle);
+}
+
+#endif /* CONFIG_QCOM_TZMEM_MODE_SHMBRIDGE */
static int qcom_tzmem_pool_add_memory(struct qcom_tzmem_pool *pool,
size_t size, gfp_t gfp)
--
2.40.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-03-03 15:01 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-03 15:01 [PATCH v8 00/12] firmware: qcom: implement support for and enable SHM bridge Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 01/12] firmware: qcom: add a dedicated TrustZone buffer allocator Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-04 16:07 ` Jeff Johnson
2024-03-04 16:07 ` Jeff Johnson
2024-03-03 15:01 ` [PATCH v8 02/12] firmware: qcom: scm: enable the TZ mem allocator Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 20:58 ` kernel test robot
2024-03-03 15:01 ` [PATCH v8 03/12] firmware: qcom: scm: smc: switch to using the SCM allocator Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 04/12] firmware: qcom: scm: make qcom_scm_assign_mem() use the TZ allocator Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 05/12] firmware: qcom: scm: make qcom_scm_ice_set_key() " Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 06/12] firmware: qcom: scm: make qcom_scm_lmh_dcvsh() " Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 07/12] firmware: qcom: scm: make qcom_scm_qseecom_app_get_id() " Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 08/12] firmware: qcom: qseecom: convert to using " Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 09/12] firmware: qcom: scm: add support for SHM bridge operations Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski [this message]
2024-03-03 15:01 ` [PATCH v8 10/12] firmware: qcom: tzmem: enable SHM Bridge support Bartosz Golaszewski
2024-03-04 10:21 ` Kuldeep Singh
2024-03-04 10:21 ` Kuldeep Singh
2024-03-03 15:01 ` [PATCH v8 11/12] firmware: qcom: scm: clarify the comment in qcom_scm_pas_init_image() Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
2024-03-03 15:01 ` [PATCH v8 12/12] arm64: defconfig: enable SHM Bridge support for the TZ memory allocator Bartosz Golaszewski
2024-03-03 15:01 ` Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240303150115.133633-11-brgl@bgdev.pl \
--to=brgl@bgdev.pl \
--cc=agross@kernel.org \
--cc=ahalaney@redhat.com \
--cc=andersson@kernel.org \
--cc=arnd@arndb.de \
--cc=bartosz.golaszewski@linaro.org \
--cc=elder@linaro.org \
--cc=kernel@quicinc.com \
--cc=konrad.dybcio@linaro.org \
--cc=krzysztof.kozlowski@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luzmaximilian@gmail.com \
--cc=quic_djaggi@quicinc.com \
--cc=quic_eberman@quicinc.com \
--cc=quic_gurus@quicinc.com \
--cc=srinivas.kandagatla@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.