From 83e007a0c6a3f4bfdf8f3f8d0fc266cda189b3d6 Mon Sep 17 00:00:00 2001 From: Carlo Caione Date: Fri, 3 Mar 2017 16:17:58 +0100 Subject: firmware: meson-sm: Check for buffer output size After the data is read by the secure monitor driver it is being copied in the output buffer checking only the size of the bounce buffer but not the size of the output buffer. Fix this in the secure monitor driver slightly changing the API. Fix also the efuse driver that it is the only driver using this API to not break bisectability. Signed-off-by: Carlo Caione Acked-by: Srinivas Kandagatla # for nvmem Acked-by: Mark Rutland Signed-off-by: Kevin Hilman --- drivers/firmware/meson/meson_sm.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'drivers/firmware') diff --git a/drivers/firmware/meson/meson_sm.c b/drivers/firmware/meson/meson_sm.c index b0d254930ed3..5f30a5774e57 100644 --- a/drivers/firmware/meson/meson_sm.c +++ b/drivers/firmware/meson/meson_sm.c @@ -127,6 +127,7 @@ EXPORT_SYMBOL(meson_sm_call); * meson_sm_call_read - retrieve data from secure-monitor * * @buffer: Buffer to store the retrieved data + * @bsize: Size of the buffer * @cmd_index: Index of the SMC32 function ID * @arg0: SMC32 Argument 0 * @arg1: SMC32 Argument 1 @@ -136,8 +137,8 @@ EXPORT_SYMBOL(meson_sm_call); * * Return: size of read data on success, a negative value on error */ -int meson_sm_call_read(void *buffer, unsigned int cmd_index, u32 arg0, - u32 arg1, u32 arg2, u32 arg3, u32 arg4) +int meson_sm_call_read(void *buffer, unsigned int bsize, unsigned int cmd_index, + u32 arg0, u32 arg1, u32 arg2, u32 arg3, u32 arg4) { u32 size; @@ -147,10 +148,13 @@ int meson_sm_call_read(void *buffer, unsigned int cmd_index, u32 arg0, if (!fw.chip->cmd_shmem_out_base) return -EINVAL; + if (bsize > fw.chip->shmem_size) + return -EINVAL; + if (meson_sm_call(cmd_index, &size, arg0, arg1, arg2, arg3, arg4) < 0) return -EINVAL; - if (!size || size > fw.chip->shmem_size) + if (!size || size > bsize) return -EINVAL; if (buffer) -- cgit From 7a9bc330df9b8fb3245d50a198b5c6d4d634b06f Mon Sep 17 00:00:00 2001 From: Carlo Caione Date: Fri, 3 Mar 2017 16:17:59 +0100 Subject: firmware: meson-sm: Allow 0 as valid return value Some special SMC calls (i.e. the function used to retrieve the serial number of the Amlogic SoCs) returns 0 in the register 0 also when the data was successfully read instead of using the register to hold the number of bytes returned in the bounce buffer as expected. With the current implementation of the driver this is seen as an error and meson_sm_call_read() returns an error even though the data was correctly read. To deal with this when we have no information about the amount of read data (that is 0 is returned by the SMC call) we return to the caller the requested amount of data and 0 as return value. Signed-off-by: Carlo Caione Acked-by: Mark Rutland Signed-off-by: Kevin Hilman --- drivers/firmware/meson/meson_sm.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'drivers/firmware') diff --git a/drivers/firmware/meson/meson_sm.c b/drivers/firmware/meson/meson_sm.c index 5f30a5774e57..ff204421117b 100644 --- a/drivers/firmware/meson/meson_sm.c +++ b/drivers/firmware/meson/meson_sm.c @@ -136,11 +136,14 @@ EXPORT_SYMBOL(meson_sm_call); * @arg4: SMC32 Argument 4 * * Return: size of read data on success, a negative value on error + * When 0 is returned there is no guarantee about the amount of + * data read and bsize bytes are copied in buffer. */ int meson_sm_call_read(void *buffer, unsigned int bsize, unsigned int cmd_index, u32 arg0, u32 arg1, u32 arg2, u32 arg3, u32 arg4) { u32 size; + int ret; if (!fw.chip) return -ENOENT; @@ -154,13 +157,18 @@ int meson_sm_call_read(void *buffer, unsigned int bsize, unsigned int cmd_index, if (meson_sm_call(cmd_index, &size, arg0, arg1, arg2, arg3, arg4) < 0) return -EINVAL; - if (!size || size > bsize) + if (size > bsize) return -EINVAL; + ret = size; + + if (!size) + size = bsize; + if (buffer) memcpy(buffer, fw.sm_shmem_out_base, size); - return size; + return ret; } EXPORT_SYMBOL(meson_sm_call_read); -- cgit From a2c680c6ce386e9ca6cdf362e8b01789126c9bf7 Mon Sep 17 00:00:00 2001 From: Rob Clark Date: Tue, 14 Mar 2017 11:18:03 -0400 Subject: firmware/qcom: add qcom_scm_restore_sec_cfg() Signed-off-by: Rob Clark Signed-off-by: Andy Gross --- drivers/firmware/qcom_scm-32.c | 6 ++++++ drivers/firmware/qcom_scm-64.c | 16 ++++++++++++++++ drivers/firmware/qcom_scm.c | 6 ++++++ drivers/firmware/qcom_scm.h | 5 +++++ 4 files changed, 33 insertions(+) (limited to 'drivers/firmware') diff --git a/drivers/firmware/qcom_scm-32.c b/drivers/firmware/qcom_scm-32.c index 8ad226c60374..722e65af588d 100644 --- a/drivers/firmware/qcom_scm-32.c +++ b/drivers/firmware/qcom_scm-32.c @@ -578,3 +578,9 @@ int __qcom_scm_set_remote_state(struct device *dev, u32 state, u32 id) return ret ? : le32_to_cpu(scm_ret); } + +int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, + u32 spare) +{ + return -ENODEV; +} diff --git a/drivers/firmware/qcom_scm-64.c b/drivers/firmware/qcom_scm-64.c index c9332590e8c6..550e3a34e260 100644 --- a/drivers/firmware/qcom_scm-64.c +++ b/drivers/firmware/qcom_scm-64.c @@ -381,3 +381,19 @@ int __qcom_scm_set_remote_state(struct device *dev, u32 state, u32 id) return ret ? : res.a1; } + +int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, u32 spare) +{ + struct qcom_scm_desc desc = {0}; + struct arm_smccc_res res; + int ret; + + desc.args[0] = device_id; + desc.args[1] = spare; + desc.arginfo = QCOM_SCM_ARGS(2); + + ret = qcom_scm_call(dev, QCOM_SCM_SVC_MP, QCOM_SCM_RESTORE_SEC_CFG, + &desc, &res); + + return ret ? : res.a1; +} diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c index d987bcc7489d..ae1f4732e060 100644 --- a/drivers/firmware/qcom_scm.c +++ b/drivers/firmware/qcom_scm.c @@ -315,6 +315,12 @@ static const struct reset_control_ops qcom_scm_pas_reset_ops = { .deassert = qcom_scm_pas_reset_deassert, }; +int qcom_scm_restore_sec_cfg(u32 device_id, u32 spare) +{ + return __qcom_scm_restore_sec_cfg(__scm->dev, device_id, spare); +} +EXPORT_SYMBOL(qcom_scm_restore_sec_cfg); + /** * qcom_scm_is_available() - Checks if SCM is available */ diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h index 6a0f15469344..31fc732960ca 100644 --- a/drivers/firmware/qcom_scm.h +++ b/drivers/firmware/qcom_scm.h @@ -85,4 +85,9 @@ static inline int qcom_scm_remap_error(int err) return -EINVAL; } +#define QCOM_SCM_SVC_MP 0xc +#define QCOM_SCM_RESTORE_SEC_CFG 2 +extern int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, + u32 spare); + #endif -- cgit From b182cc4d597a6e73ff04ee1b7fb4f1a28f56ae3d Mon Sep 17 00:00:00 2001 From: Stanimir Varbanov Date: Tue, 14 Mar 2017 11:18:04 -0400 Subject: firmware: qcom_scm: add two scm calls for iommu secure page table Those two new SCM calls are needed from qcom-iommu driver in order to initialize secure iommu page table. Signed-off-by: Stanimir Varbanov Signed-off-by: Rob Clark Signed-off-by: Andy Gross --- drivers/firmware/qcom_scm-32.c | 12 ++++++++++++ drivers/firmware/qcom_scm-64.c | 42 ++++++++++++++++++++++++++++++++++++++++++ drivers/firmware/qcom_scm.c | 12 ++++++++++++ drivers/firmware/qcom_scm.h | 6 ++++++ 4 files changed, 72 insertions(+) (limited to 'drivers/firmware') diff --git a/drivers/firmware/qcom_scm-32.c b/drivers/firmware/qcom_scm-32.c index 722e65af588d..93e3b96b6dfa 100644 --- a/drivers/firmware/qcom_scm-32.c +++ b/drivers/firmware/qcom_scm-32.c @@ -584,3 +584,15 @@ int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, { return -ENODEV; } + +int __qcom_scm_iommu_secure_ptbl_size(struct device *dev, u32 spare, + size_t *size) +{ + return -ENODEV; +} + +int __qcom_scm_iommu_secure_ptbl_init(struct device *dev, u64 addr, u32 size, + u32 spare) +{ + return -ENODEV; +} diff --git a/drivers/firmware/qcom_scm-64.c b/drivers/firmware/qcom_scm-64.c index 550e3a34e260..6e6d561708e2 100644 --- a/drivers/firmware/qcom_scm-64.c +++ b/drivers/firmware/qcom_scm-64.c @@ -397,3 +397,45 @@ int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, u32 spare) return ret ? : res.a1; } + +int __qcom_scm_iommu_secure_ptbl_size(struct device *dev, u32 spare, + size_t *size) +{ + struct qcom_scm_desc desc = {0}; + struct arm_smccc_res res; + int ret; + + desc.args[0] = spare; + desc.arginfo = QCOM_SCM_ARGS(1); + + ret = qcom_scm_call(dev, QCOM_SCM_SVC_MP, + QCOM_SCM_IOMMU_SECURE_PTBL_SIZE, &desc, &res); + + if (size) + *size = res.a1; + + return ret ? : res.a2; +} + +int __qcom_scm_iommu_secure_ptbl_init(struct device *dev, u64 addr, u32 size, + u32 spare) +{ + struct qcom_scm_desc desc = {0}; + struct arm_smccc_res res; + int ret; + + desc.args[0] = addr; + desc.args[1] = size; + desc.args[2] = spare; + desc.arginfo = QCOM_SCM_ARGS(3, QCOM_SCM_RW, QCOM_SCM_VAL, + QCOM_SCM_VAL); + + ret = qcom_scm_call(dev, QCOM_SCM_SVC_MP, + QCOM_SCM_IOMMU_SECURE_PTBL_INIT, &desc, &res); + + /* the pg table has been initialized already, ignore the error */ + if (ret == -EPERM) + ret = 0; + + return ret; +} diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c index ae1f4732e060..bb16510d75ba 100644 --- a/drivers/firmware/qcom_scm.c +++ b/drivers/firmware/qcom_scm.c @@ -321,6 +321,18 @@ int qcom_scm_restore_sec_cfg(u32 device_id, u32 spare) } EXPORT_SYMBOL(qcom_scm_restore_sec_cfg); +int qcom_scm_iommu_secure_ptbl_size(u32 spare, size_t *size) +{ + return __qcom_scm_iommu_secure_ptbl_size(__scm->dev, spare, size); +} +EXPORT_SYMBOL(qcom_scm_iommu_secure_ptbl_size); + +int qcom_scm_iommu_secure_ptbl_init(u64 addr, u32 size, u32 spare) +{ + return __qcom_scm_iommu_secure_ptbl_init(__scm->dev, addr, size, spare); +} +EXPORT_SYMBOL(qcom_scm_iommu_secure_ptbl_init); + /** * qcom_scm_is_available() - Checks if SCM is available */ diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h index 31fc732960ca..9bea691f30fb 100644 --- a/drivers/firmware/qcom_scm.h +++ b/drivers/firmware/qcom_scm.h @@ -89,5 +89,11 @@ static inline int qcom_scm_remap_error(int err) #define QCOM_SCM_RESTORE_SEC_CFG 2 extern int __qcom_scm_restore_sec_cfg(struct device *dev, u32 device_id, u32 spare); +#define QCOM_SCM_IOMMU_SECURE_PTBL_SIZE 3 +#define QCOM_SCM_IOMMU_SECURE_PTBL_INIT 4 +extern int __qcom_scm_iommu_secure_ptbl_size(struct device *dev, u32 spare, + size_t *size); +extern int __qcom_scm_iommu_secure_ptbl_init(struct device *dev, u64 addr, + u32 size, u32 spare); #endif -- cgit From c511fa3f35e30982445fae2946f4aade3f42203d Mon Sep 17 00:00:00 2001 From: Alexey Klimov Date: Wed, 29 Mar 2017 19:16:27 +0100 Subject: firmware: arm_scpi: reinit completion instead of full init_completion() Instead of performing full initialization of the completion structure on each transfer in scpi_send_message(), we initialize it at boot time (more specifically, in the relevant probe() function) and use reinit_completion() to reset ->done counter on each message transfer. Signed-off-by: Alexey Klimov Signed-off-by: Sudeep Holla --- drivers/firmware/arm_scpi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'drivers/firmware') diff --git a/drivers/firmware/arm_scpi.c b/drivers/firmware/arm_scpi.c index 9ad0b1934be9..f6cfc31d34c7 100644 --- a/drivers/firmware/arm_scpi.c +++ b/drivers/firmware/arm_scpi.c @@ -538,7 +538,7 @@ static int scpi_send_message(u8 idx, void *tx_buf, unsigned int tx_len, msg->tx_len = tx_len; msg->rx_buf = rx_buf; msg->rx_len = rx_len; - init_completion(&msg->done); + reinit_completion(&msg->done); ret = mbox_send_message(scpi_chan->chan, msg); if (ret < 0 || !rx_buf) @@ -872,8 +872,11 @@ static int scpi_alloc_xfer_list(struct device *dev, struct scpi_chan *ch) return -ENOMEM; ch->xfers = xfers; - for (i = 0; i < MAX_SCPI_XFERS; i++, xfers++) + for (i = 0; i < MAX_SCPI_XFERS; i++, xfers++) { + init_completion(&xfers->done); list_add_tail(&xfers->node, &ch->xfers_list); + } + return 0; } -- cgit