| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Jun 2017 11:22:42 -0700
From: Stephen Boyd <sboyd@...eaurora.org>
To: Avaneesh Kumar Dwivedi <akdwived@...eaurora.org>
Cc: bjorn.andersson@...aro.org, agross@...eaurora.org,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-remoteproc@...r.kernel.org
Subject: Re: [PATCH v5 1/4] firmware: scm: Add new SCM call API for switching
memory ownership
On 06/02, Avaneesh Kumar Dwivedi wrote:
> Two different processors on a SOC need to switch memory ownership
> during load/unload. To enable this, level second memory map table
second level page tables instead of level second memory map table
> need to be updated, which is done by secure layer.
> This patch add the interface for making secure monitor call for
s/add/adds/
> memory ownership switching request.
> diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
> index bb16510..9da3c6d 100644
> --- a/drivers/firmware/qcom_scm.c
> +++ b/drivers/firmware/qcom_scm.c
> @@ -292,6 +304,86 @@ int qcom_scm_pas_shutdown(u32 peripheral)
> }
> EXPORT_SYMBOL(qcom_scm_pas_shutdown);
>
> +/**
> + * qcom_scm_assign_mem() - Make a secure call to reassign memory ownership
> + *
> + * @mem_addr: mem region whose ownership need to be reassigned
> + * @mem_sz: size of the region.
> + * @srcvm: vmid for current set of owners, each set bit in
> + * flag indicate a unique owner
> + * @newvm: array having new owners and corrsponding permission
> + * flags
> + * @dest_cnt: number of owners in next set.
> + * Return next set of owners on success.
> + */
> +int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz, int srcvm,
> + struct qcom_scm_vmperm *newvm, int dest_cnt)
> +{
> + unsigned long dma_attrs = DMA_ATTR_FORCE_CONTIGUOUS;
> + struct qcom_scm_current_perm_info *destvm;
> + struct qcom_scm_mem_map_info *mem;
> + phys_addr_t memory_phys;
> + phys_addr_t dest_phys;
> + phys_addr_t src_phys;
> + size_t mem_all_sz;
> + size_t memory_sz;
> + size_t dest_sz;
> + size_t src_sz;
> + int next_vm;
> + __le32 *src;
> + void *ptr;
> + int ret;
> + int i;
Yay reverse christmas tre.
> +
> + src_sz = hweight_long(srcvm)*sizeof(*src);
Please add space around that '*':
src_sz = hweight_long(srcvm) * sizeof(*src);
> + memory_sz = sizeof(*mem);
> + dest_sz = dest_cnt*sizeof(*destvm);
> + mem_all_sz = src_sz + memory_sz + dest_sz;
> +
> + ptr = dma_alloc_attrs(__scm->dev, ALIGN(mem_all_sz, SZ_64),
> + &src_phys, GFP_KERNEL, dma_attrs);
> + if (!ptr) {
> + pr_err("mem alloc failed\n");
We don't want memory allocation failure prints. Please remove.
> + return -ENOMEM;
> + }
Newline here!
> + /* Fill source vmid detail */
> + src = (__le32 *)(ptr);
Drop useless parenthesis around ptr please.
> + ret = hweight_long(srcvm);
len = hweight_long(...)?
> + for (i = 0; i < ret; i++) {
i to ret is really weird looking!
> + src[i] = cpu_to_le32(ffs(srcvm) - 1);
> + srcvm ^= 1 << (ffs(srcvm) - 1);
> + }
What if the loop was written like:
for_each_set_bit(i, &srcvm, sizeof(srcvm))
src[i] = cpu_to_le32(i);
I guess srvcm would have to be a long then.
> +
> + /* Fill details of mem buff to map */
> + mem = (struct qcom_scm_mem_map_info *)(ptr + ALIGN(src_sz, SZ_64));
Useless cast from void *.
> + memory_phys = src_phys + ALIGN(src_sz, SZ_64);
> + mem[0].mem_addr = cpu_to_le64(mem_addr);
> + mem[0].mem_size = cpu_to_le64(mem_sz);
> +
> + next_vm = 0;
> + /* Fill details of next vmid detail */
> + destvm = (struct qcom_scm_current_perm_info *)
> + (ptr + ALIGN(memory_sz, SZ_64) + ALIGN(src_sz, SZ_64));
Useless cast from void.
> + dest_phys = memory_phys + ALIGN(memory_sz, SZ_64);
> + for (i = 0; i < dest_cnt; i++) {
> + destvm[i].vmid = cpu_to_le32(newvm[i].vmid);
> + destvm[i].perm = cpu_to_le32(newvm[i].perm);
> + destvm[i].ctx = 0;
> + destvm[i].ctx_size = 0;
> + next_vm |= BIT(newvm[i].vmid);
> + }
Newline please!
> + ret = __qcom_scm_assign_mem(__scm->dev, memory_phys,
> + memory_sz, src_phys, src_sz, dest_phys, dest_sz);
> + dma_free_attrs(__scm->dev, ALIGN(mem_all_sz, SZ_64),
> + ptr, src_phys, dma_attrs);
> + if (ret == 0)
> + return next_vm;
> + else if (ret > 0)
> + return -ret;
When is ret > 0?
> + return ret;
> +}
> +EXPORT_SYMBOL(qcom_scm_assign_mem);
> +
> static int qcom_scm_pas_reset_assert(struct reset_controller_dev *rcdev,
> unsigned long idx)
> {
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
Powered by blists - more mailing lists