7ab36b51 | 30-Jun-2025 |
Bartosz Golaszewski <bartosz.golaszewski@linaro.org> |
firmware: qcom: scm: request the waitqueue irq *after* initializing SCM
There's a subtle race in the SCM driver: we assign the __scm pointer before requesting the waitqueue interrupt. Assigning __sc
firmware: qcom: scm: request the waitqueue irq *after* initializing SCM
There's a subtle race in the SCM driver: we assign the __scm pointer before requesting the waitqueue interrupt. Assigning __scm marks the SCM API as ready to accept calls. It's possible that a user makes a call right after we set __scm and the firmware raises an interrupt before the driver's ready to service it. Move the __scm assignment after we request the interrupt.
This has the added benefit of allowing us to drop the goto label.
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Link: https://lore.kernel.org/r/20250630-qcom-scm-race-v2-4-fa3851c98611@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
87be3e7a | 30-Jun-2025 |
Bartosz Golaszewski <bartosz.golaszewski@linaro.org> |
firmware: qcom: scm: initialize tzmem before marking SCM as available
Now that qcom_scm_shm_bridge_enable() uses the struct device passed to it as argument to make the QCOM_SCM_MP_SHM_BRIDGE_ENABLE
firmware: qcom: scm: initialize tzmem before marking SCM as available
Now that qcom_scm_shm_bridge_enable() uses the struct device passed to it as argument to make the QCOM_SCM_MP_SHM_BRIDGE_ENABLE SCM call, we can move the TZMem initialization before the assignment of the __scm pointer in the SCM driver (which marks SCM as ready to users) thus fixing the potential race between consumer calls and the memory pool initialization.
Reported-by: Johan Hovold <johan+linaro@kernel.org> Closes: https://lore.kernel.org/all/20250120151000.13870-1-johan+linaro@kernel.org/ Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Link: https://lore.kernel.org/r/20250630-qcom-scm-race-v2-3-fa3851c98611@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
dc3f4e75 | 30-Jun-2025 |
Bartosz Golaszewski <bartosz.golaszewski@linaro.org> |
firmware: qcom: scm: take struct device as argument in SHM bridge enable
qcom_scm_shm_bridge_enable() is used early in the SCM initialization routine. It makes an SCM call and so expects the interna
firmware: qcom: scm: take struct device as argument in SHM bridge enable
qcom_scm_shm_bridge_enable() is used early in the SCM initialization routine. It makes an SCM call and so expects the internal __scm pointer in the SCM driver to be assigned. For this reason the tzmem memory pool is allocated *after* this pointer is assigned. However, this can lead to a crash if another consumer of the SCM API makes a call using the memory pool between the assignment of the __scm pointer and the initialization of the tzmem memory pool.
As qcom_scm_shm_bridge_enable() is a special case, not meant to be called by ordinary users, pull it into the local SCM header. Make it take struct device as argument. This is the device that will be used to make the SCM call as opposed to the global __scm pointer. This will allow us to move the tzmem initialization *before* the __scm assignment in the core SCM driver.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/r/20250630-qcom-scm-race-v2-2-fa3851c98611@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
936badf2 | 03-Apr-2025 |
Unnathi Chalicheemala <unnathi.chalicheemala@oss.qualcomm.com> |
docs: firmware: qcom_scm: Fix kernel-doc warning
Add description for members of qcom_scm_desc struct to avoid:
drivers/firmware/qcom/qcom_scm.h:56: warning: Function parameter or struct member 'svc
docs: firmware: qcom_scm: Fix kernel-doc warning
Add description for members of qcom_scm_desc struct to avoid:
drivers/firmware/qcom/qcom_scm.h:56: warning: Function parameter or struct member 'svc' not described in 'qcom_scm_desc'
drivers/firmware/qcom/qcom_scm.h:56: warning: Function parameter or struct member 'cmd' not described in 'qcom_scm_desc'
drivers/firmware/qcom/qcom_scm.h:56: warning: Function parameter or struct member 'owner' not described in 'qcom_scm_desc'
Signed-off-by: Unnathi Chalicheemala <unnathi.chalicheemala@oss.qualcomm.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/r/20250403-fix_scm_doc_warn-v1-1-9cd36345db77@oss.qualcomm.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
da8d493a | 20-Jan-2025 |
Johan Hovold <johan+linaro@kernel.org> |
firmware: qcom: uefisecapp: fix efivars registration race
Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which
firmware: qcom: uefisecapp: fix efivars registration race
Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access.
Make sure that all resources have been set up before registering the efivars.
Fixes: 6612103ec35a ("firmware: qcom: qseecom: convert to using the TZ allocator") Cc: stable@vger.kernel.org # 6.11 Cc: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Johan Hovold <johan+linaro@kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Reviewed-by: Maximilian Luz <luzmaximilian@gmail.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Link: https://lore.kernel.org/r/20250120151000.13870-1-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
1d45a1cd | 13-Dec-2024 |
Gaurav Kashyap <quic_gaurkash@quicinc.com> |
firmware: qcom: scm: add calls for wrapped key support
Add helper functions for the SCM calls required to support hardware-wrapped inline storage encryption keys. These SCM calls manage wrapped key
firmware: qcom: scm: add calls for wrapped key support
Add helper functions for the SCM calls required to support hardware-wrapped inline storage encryption keys. These SCM calls manage wrapped keys via Qualcomm's Hardware Key Manager (HWKM), which can only be accessed from TrustZone.
QCOM_SCM_ES_GENERATE_ICE_KEY and QCOM_SCM_ES_IMPORT_ICE_KEY create a new long-term wrapped key, with the former making the hardware generate the key and the latter importing a raw key. QCOM_SCM_ES_PREPARE_ICE_KEY converts the key to ephemerally-wrapped form so that it can be used for inline storage encryption. These are planned to be wired up to new ioctls via the blk-crypto framework; see the proposed documentation for the hardware-wrapped keys feature for more information.
Similarly there's also QCOM_SCM_ES_DERIVE_SW_SECRET which derives a "software secret" from an ephemerally-wrapped key and will be wired up to the corresponding operation in the blk_crypto_profile.
These will all be used by the ICE driver in drivers/soc/qcom/ice.c.
[EB: merged related patches, fixed error handling, fixed naming, fixed docs for size parameters, fixed qcom_scm_has_wrapped_key_support(), improved comments, improved commit message.]
Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Link: https://lore.kernel.org/r/20241213041958.202565-9-ebiggers@kernel.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
a4332f6c | 09-Dec-2024 |
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> |
firmware: qcom: scm: smc: Narrow 'mempool' variable scope
Only part of the __scm_smc_call() function uses 'mempool' variable, so narrow the scope to make it more readable.
Reviewed-by: Bartosz Gola
firmware: qcom: scm: smc: Narrow 'mempool' variable scope
Only part of the __scm_smc_call() function uses 'mempool' variable, so narrow the scope to make it more readable.
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-6-9061013c8d92@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
94f48ecf | 09-Dec-2024 |
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> |
firmware: qcom: scm: smc: Handle missing SCM device
Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, ther
firmware: qcom: scm: smc: Handle missing SCM device
Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-5-9061013c8d92@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
1e76b546 | 09-Dec-2024 |
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> |
firmware: qcom: scm: Cleanup global '__scm' on probe failures
If SCM driver fails the probe, it should not leave global '__scm' variable assigned, because external users of this driver will assume t
firmware: qcom: scm: Cleanup global '__scm' on probe failures
If SCM driver fails the probe, it should not leave global '__scm' variable assigned, because external users of this driver will assume the probe finished successfully. For example TZMEM parts ('__scm->mempool') are initialized later in the probe, but users of it (__scm_smc_call()) rely on the '__scm' variable.
This fixes theoretical NULL pointer exception, triggered via introducing probe deferral in SCM driver with call trace:
qcom_tzmem_alloc+0x70/0x1ac (P) qcom_tzmem_alloc+0x64/0x1ac (L) qcom_scm_assign_mem+0x78/0x194 qcom_rmtfs_mem_probe+0x2d4/0x38c platform_probe+0x68/0xc8
Fixes: 40289e35ca52 ("firmware: qcom: scm: enable the TZ mem allocator") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-4-9061013c8d92@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
b6285103 | 09-Dec-2024 |
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> |
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barr
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrier in probe function to store global '__scm' variable. We all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), therefore accessing it from concurrent contexts requires read barrier. Previous commit added such barrier in qcom_scm_is_available(), so let's use that directly.
Lack of this read barrier can result in fetching stale '__scm' variable value, NULL, and dereferencing it.
Note that barrier in qcom_scm_is_available() satisfies here the control dependency.
Fixes: ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") Fixes: 449d0d84bcd8 ("firmware: qcom: scm: smc: switch to using the SCM allocator") Cc: stable@vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-2-9061013c8d92@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
0a744cce | 09-Dec-2024 |
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> |
firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available()
Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrie
firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available()
Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrier in probe function to store global '__scm' variable. It also claimed that it added a read barrier, because as we all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), however it did not really add it.
The offending commit used READ_ONCE() to access '__scm' global which is not a barrier.
The barrier is needed so the store to '__scm' will be properly visible. This is most likely not fatal in current driver design, because missing read barrier would mean qcom_scm_is_available() callers will access old value, NULL. Driver does not support unbinding and does not correctly handle probe failures, thus there is no risk of stale or old pointer in '__scm' variable.
However for code correctness, readability and to be sure that we did not mess up something in this tricky topic of SMP barriers, add a read barrier for accessing '__scm'. Change also comment from useless/obvious what does barrier do, to what is expected: which other parts of the code are involved here.
Fixes: 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") Cc: stable@vger.kernel.org Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-1-9061013c8d92@linaro.org Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
f900709e | 20-Dec-2024 |
Pengyu Luo <mitltlatltl@gmail.com> |
firmware: qcom: scm: Allow QSEECOM on Huawei Matebook E Go (sc8280xp)
Add the SC8280XP-based Huawei Matebook E Go (sc8280xp) to the allowlist.
Signed-off-by: Pengyu Luo <mitltlatltl@gmail.com> Link
firmware: qcom: scm: Allow QSEECOM on Huawei Matebook E Go (sc8280xp)
Add the SC8280XP-based Huawei Matebook E Go (sc8280xp) to the allowlist.
Signed-off-by: Pengyu Luo <mitltlatltl@gmail.com> Link: https://lore.kernel.org/r/20241220160530.444864-3-mitltlatltl@gmail.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
96ac7982 | 02-Dec-2024 |
Jens Glathe <jens.glathe@oldschoolsolutions.biz> |
firmware: qcom: scm: Allow QSEECOM for Windows Dev Kit 2023
add "microsoft,blackrock" as compatible device for QSEECOM
This is required to get access to efivars and uefi boot loader support.
Signe
firmware: qcom: scm: Allow QSEECOM for Windows Dev Kit 2023
add "microsoft,blackrock" as compatible device for QSEECOM
This is required to get access to efivars and uefi boot loader support.
Signed-off-by: Jens Glathe <jens.glathe@oldschoolsolutions.biz> Link: https://lore.kernel.org/r/20241202-jg-blackrock-for-upstream-v9-2-385bb46ca122@oldschoolsolutions.biz Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
7d467c1b | 02-Dec-2024 |
Jens Glathe <jens.glathe@oldschoolsolutions.biz> |
firmware: qcom: scm: Allow QSEECOM for HP Omnibook X14
add "hp,omnibook-x14" as compatible device for QSEECOM
This is required to get access to efivars and uefi boot loader support.
Signed-off-by:
firmware: qcom: scm: Allow QSEECOM for HP Omnibook X14
add "hp,omnibook-x14" as compatible device for QSEECOM
This is required to get access to efivars and uefi boot loader support.
Signed-off-by: Jens Glathe <jens.glathe@oldschoolsolutions.biz> Link: https://lore.kernel.org/r/20241202-hp-omnibook-x14-v3-2-0fcd96483723@oldschoolsolutions.biz Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
9b01fc6b | 16-Nov-2024 |
Maud Spierings <maud_spierings@hotmail.com> |
firmware: qcom: scm: Allow QSEECOM on the asus vivobook s15
Add the asus vivobook s15 to the compatible list to allow access to efivars
Signed-off-by: Maud Spierings <maud_spierings@hotmail.com> Li
firmware: qcom: scm: Allow QSEECOM on the asus vivobook s15
Add the asus vivobook s15 to the compatible list to allow access to efivars
Signed-off-by: Maud Spierings <maud_spierings@hotmail.com> Link: https://lore.kernel.org/r/20241116-add_asus_qcom_scm-v1-1-5aa2b0fb52bd@hotmail.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
1af75b2a | 10-Nov-2024 |
Bjorn Andersson <bjorn.andersson@oss.qualcomm.com> |
firmware: qcom: scm: Introduce CP_SMMU_APERTURE_ID
The QCOM_SCM_SVC_MP service provides QCOM_SCM_MP_CP_SMMU_APERTURE_ID, which is used to trigger the mapping of register banks into the SMMU context
firmware: qcom: scm: Introduce CP_SMMU_APERTURE_ID
The QCOM_SCM_SVC_MP service provides QCOM_SCM_MP_CP_SMMU_APERTURE_ID, which is used to trigger the mapping of register banks into the SMMU context for per-processes page tables to function (in case this isn't statically setup by firmware).
This is necessary on e.g. QCS6490 Rb3Gen2, in order to avoid "CP | AHB bus error"-errors from the GPU.
Introduce a function to allow the msm driver to invoke this call.
Signed-off-by: Bjorn Andersson <bjorn.andersson@oss.qualcomm.com> Reviewed-by: Rob Clark <robdclark@gmail.com> Link: https://lore.kernel.org/r/20241110-adreno-smmu-aparture-v2-1-9b1fb2ee41d4@oss.qualcomm.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|
f489f6c6 | 22-Oct-2024 |
Qingqing Zhou <quic_qqzhou@quicinc.com> |
firmware: qcom: scm: Return -EOPNOTSUPP for unsupported SHM bridge enabling
When enabling SHM bridge, QTEE returns 0 and sets error 4 in result to qcom_scm for unsupported platforms. Currently, tzme
firmware: qcom: scm: Return -EOPNOTSUPP for unsupported SHM bridge enabling
When enabling SHM bridge, QTEE returns 0 and sets error 4 in result to qcom_scm for unsupported platforms. Currently, tzmem interprets this as an unknown error rather than recognizing it as an unsupported platform.
Error log: [ 0.177224] qcom_scm firmware:scm: error (____ptrval____): Failed to enable the TrustZone memory allocator [ 0.177244] qcom_scm firmware:scm: probe with driver qcom_scm failed with error 4
To address this, modify the function call qcom_scm_shm_bridge_enable() to remap result to indicate an unsupported error. This way, tzmem will correctly identify it as an unsupported platform case instead of reporting it as an error.
Fixes: 178e19c0df1b ("firmware: qcom: scm: add support for SHM bridge operations") Signed-off-by: Qingqing Zhou <quic_qqzhou@quicinc.com> Co-developed-by: Kuldeep Singh <quic_kuldsing@quicinc.com> Signed-off-by: Kuldeep Singh <quic_kuldsing@quicinc.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com> Link: https://lore.kernel.org/r/20241022192148.1626633-1-quic_kuldsing@quicinc.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
show more ...
|