[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPLW+4nOq_62rBhwRUf0RW0zTiGa+-Zpt+FLcTa87biX8Nq-BA@mail.gmail.com>
Date: Mon, 19 Feb 2024 17:05:50 -0600
From: Sam Protsenko <semen.protsenko@...aro.org>
To: Peter Griffin <peter.griffin@...aro.org>
Cc: arnd@...db.de, krzysztof.kozlowski@...aro.org, linux@...ck-us.net,
wim@...ux-watchdog.org, alim.akhtar@...sung.com, jaewon02.kim@...sung.com,
alexey.klimov@...aro.org, kernel-team@...roid.com, tudor.ambarus@...aro.org,
andre.draszik@...aro.org, saravanak@...gle.com, willmcvicker@...gle.com,
linux-fsd@...la.com, linux-watchdog@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-samsung-soc@...r.kernel.org
Subject: Re: [PATCH v5 1/2] soc: samsung: exynos-pmu: Add regmap support for
SoCs that protect PMU regs
On Mon, Feb 19, 2024 at 2:42 PM Peter Griffin <peter.griffin@...aroorg> wrote:
>
> Some Exynos based SoCs like Tensor gs101 protect the PMU registers for
> security hardening reasons so that they are only write accessible in el3
> via an SMC call.
>
> As most Exynos drivers that need to write PMU registers currently obtain a
> regmap via syscon (phys, pinctrl, watchdog). Support for the above usecase
> is implemented in this driver using a custom regmap similar to syscon to
> handle the SMC call. Platforms that don't secure PMU registers, get a mmio
> regmap like before. As regmaps abstract out the underlying register access
> changes to the leaf drivers are minimal.
>
> A new API exynos_get_pmu_regmap_by_phandle() is provided for leaf drivers
> that currently use syscon_regmap_lookup_by_phandle(). This also handles
> deferred probing.
>
> Tested-by: Sam Protsenko <semen.protsenko@...aro.org>
> Tested-by: Alexey Klimov <alexey.klimov@...aro.org>
> Reviewed-by: Sam Protsenko <semen.protsenko@...aro.org>
> Signed-off-by: Peter Griffin <peter.griffin@...aro.org>
> ---
> Changes since v4:
> - Use same argument names as in struct regmap_config
> - Remove inline keyword and rely on compiler
> - Update kerneldoc wording
> - property -> propname argument rename
> - reverse Xmas tree
> - Only call of_node_put() when of_parse_phandle is called
> - Collect tags
>
> Changes since v3:
> - Fix PMUALIVE_MASK
> - Add TENSOR_ prefix
> - clear SET_BITS bits on each loop iteration
> - change set_bit to set_bits in func name
> - Fix some alignment
> - Add missing return on dev_err_probe
> - Reduce indentation in loop
>
> Changes since v2
> - Add select REGMAP to Kconfig
> - Add constant for SET/CLEAR bits
> - Replace kerneldoc with one line comment
> - Fix kerneldoc for EXPORT_SYMBOL_GPL funcs
> - remove superfluous extern keyword
> - dev_err_probe() on probe error
> - shorten regmcfg name
> - no compatibles inside probe, use match data
> - don't mix declarations with/without initializations
> - tensor_sec_reg_read() use mmio to avoid access restrictions
> - Collect up Reviewed-by
> - const for regmap_config structs
> ---
> drivers/soc/samsung/Kconfig | 1 +
> drivers/soc/samsung/exynos-pmu.c | 235 ++++++++++++++++++++++++-
> drivers/soc/samsung/exynos-pmu.h | 1 +
> include/linux/soc/samsung/exynos-pmu.h | 11 +-
> 4 files changed, 245 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/soc/samsung/Kconfig b/drivers/soc/samsung/Kconfig
> index 27ec99af77e3..1a5dfdc978dc 100644
> --- a/drivers/soc/samsung/Kconfig
> +++ b/drivers/soc/samsung/Kconfig
> @@ -42,6 +42,7 @@ config EXYNOS_PMU
> depends on ARCH_EXYNOS || ((ARM || ARM64) && COMPILE_TEST)
> select EXYNOS_PMU_ARM_DRIVERS if ARM && ARCH_EXYNOS
> select MFD_CORE
> + select REGMAP_MMIO
>
> # There is no need to enable these drivers for ARMv8
> config EXYNOS_PMU_ARM_DRIVERS
> diff --git a/drivers/soc/samsung/exynos-pmu.c b/drivers/soc/samsung/exynos-pmu.c
> index 250537d7cfd6..d6ae8025fdb4 100644
> --- a/drivers/soc/samsung/exynos-pmu.c
> +++ b/drivers/soc/samsung/exynos-pmu.c
> @@ -5,6 +5,7 @@
> //
> // Exynos - CPU PMU(Power Management Unit) support
>
> +#include <linux/arm-smccc.h>
> #include <linux/of.h>
> #include <linux/of_address.h>
> #include <linux/mfd/core.h>
> @@ -12,19 +13,134 @@
> #include <linux/of_platform.h>
> #include <linux/platform_device.h>
> #include <linux/delay.h>
> +#include <linux/regmap.h>
>
> #include <linux/soc/samsung/exynos-regs-pmu.h>
> #include <linux/soc/samsung/exynos-pmu.h>
>
> #include "exynos-pmu.h"
>
> +#define PMUALIVE_MASK GENMASK(13, 0)
> +#define TENSOR_SET_BITS (BIT(15) | BIT(14))
> +#define TENSOR_CLR_BITS BIT(15)
> +#define TENSOR_SMC_PMU_SEC_REG 0x82000504
> +#define TENSOR_PMUREG_READ 0
> +#define TENSOR_PMUREG_WRITE 1
> +#define TENSOR_PMUREG_RMW 2
> +
> struct exynos_pmu_context {
> struct device *dev;
> const struct exynos_pmu_data *pmu_data;
> + struct regmap *pmureg;
> };
>
> void __iomem *pmu_base_addr;
> static struct exynos_pmu_context *pmu_context;
> +/* forward declaration */
> +static struct platform_driver exynos_pmu_driver;
> +
> +/*
> + * Tensor SoCs are configured so that PMU_ALIVE registers can only be written
> + * from EL3, but are still read accessible. As Linux needs to write some of
> + * these registers, the following functions are provided and exposed via
> + * regmap.
> + *
> + * Note: This SMC interface is known to be implemented on gs101 and derivative
> + * SoCs.
> + */
> +
> +/* Write to a protected PMU register. */
> +static int tensor_sec_reg_write(void *context, unsigned int reg,
> + unsigned int val)
> +{
> + struct arm_smccc_res res;
> + unsigned long pmu_base = (unsigned long)context;
> +
> + arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> + TENSOR_PMUREG_WRITE, val, 0, 0, 0, 0, &res);
> +
> + /* returns -EINVAL if access isn't allowed or 0 */
> + if (res.a0)
> + pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> + return (int)res.a0;
> +}
> +
> +/* Read/Modify/Write a protected PMU register. */
> +static int tensor_sec_reg_rmw(void *context, unsigned int reg,
> + unsigned int mask, unsigned int val)
> +{
> + struct arm_smccc_res res;
> + unsigned long pmu_base = (unsigned long)context;
> +
> + arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> + TENSOR_PMUREG_RMW, mask, val, 0, 0, 0, &res);
> +
> + /* returns -EINVAL if access isn't allowed or 0 */
> + if (res.a0)
> + pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> + return (int)res.a0;
> +}
> +
> +/*
> + * Read a protected PMU register. All PMU registers can be read by Linux.
> + * Note: The SMC read register is not used, as only registers that can be
> + * written are readable via SMC.
> + */
> +static int tensor_sec_reg_read(void *context, unsigned int reg,
> + unsigned int *val)
> +{
> + *val = pmu_raw_readl(reg);
> + return 0;
> +}
> +
> +/*
> + * For SoCs that have set/clear bit hardware this function can be used when
> + * the PMU register will be accessed by multiple masters.
> + *
> + * For example, to set bits 13:8 in PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(ctx, 0x3e80, 0x3f00, 0x3f00);
> + *
> + * Set bit 8, and clear bits 13:9 PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(0x3e80, 0x100, 0x3f00);
> + */
> +static int tensor_set_bits_atomic(void *ctx, unsigned int offset, u32 val,
> + u32 mask)
> +{
> + int ret;
> + unsigned int i;
> +
> + for (i = 0; i < 32; i++) {
> + if (!(mask & BIT(i)))
> + continue;
> +
> + offset &= ~TENSOR_SET_BITS;
> +
> + if (val & BIT(i))
> + offset |= TENSOR_SET_BITS;
> + else
> + offset |= TENSOR_CLR_BITS;
> +
> + ret = tensor_sec_reg_write(ctx, offset, i);
> + if (ret)
> + return ret;
> + }
> + return ret;
> +}
> +
> +static int tensor_sec_update_bits(void *ctx, unsigned int reg,
> + unsigned int mask, unsigned int val)
> +{
> + /*
> + * Use atomic operations for PMU_ALIVE registers (offset 0~0x3FFF)
> + * as the target registers can be accessed by multiple masters.
> + */
> + if (reg > PMUALIVE_MASK)
> + return tensor_sec_reg_rmw(ctx, reg, mask, val);
> +
> + return tensor_set_bits_atomic(ctx, reg, val, mask);
> +}
>
> void pmu_raw_writel(u32 val, u32 offset)
> {
> @@ -75,11 +191,41 @@ void exynos_sys_powerdown_conf(enum sys_powerdown mode)
> #define exynos_pmu_data_arm_ptr(data) NULL
> #endif
>
> +static const struct regmap_config regmap_smccfg = {
> + .name = "pmu_regs",
> + .reg_bits = 32,
> + .reg_stride = 4,
> + .val_bits = 32,
> + .fast_io = true,
> + .use_single_read = true,
> + .use_single_write = true,
> + .reg_read = tensor_sec_reg_read,
> + .reg_write = tensor_sec_reg_write,
> + .reg_update_bits = tensor_sec_update_bits,
> +};
> +
> +static const struct regmap_config regmap_mmiocfg = {
> + .name = "pmu_regs",
> + .reg_bits = 32,
> + .reg_stride = 4,
> + .val_bits = 32,
> + .fast_io = true,
> + .use_single_read = true,
> + .use_single_write = true,
> +};
> +
> +static const struct exynos_pmu_data gs101_pmu_data = {
> + .pmu_secure = true
> +};
> +
> /*
> * PMU platform driver and devicetree bindings.
> */
> static const struct of_device_id exynos_pmu_of_device_ids[] = {
> {
> + .compatible = "google,gs101-pmu",
> + .data = &gs101_pmu_data,
> + }, {
> .compatible = "samsung,exynos3250-pmu",
> .data = exynos_pmu_data_arm_ptr(exynos3250_pmu_data),
> }, {
> @@ -113,19 +259,75 @@ static const struct mfd_cell exynos_pmu_devs[] = {
> { .name = "exynos-clkout", },
> };
>
> +/**
> + * exynos_get_pmu_regmap() - Obtain pmureg regmap
> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
> struct regmap *exynos_get_pmu_regmap(void)
> {
> struct device_node *np = of_find_matching_node(NULL,
> exynos_pmu_of_device_ids);
> if (np)
> - return syscon_node_to_regmap(np);
> + return exynos_get_pmu_regmap_by_phandle(np, NULL);
> return ERR_PTR(-ENODEV);
> }
> EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap);
>
> +/**
> + * exynos_get_pmu_regmap_by_phandle() - Obtain pmureg regmap via phandle
> + * @np: Device node holding PMU phandle property
> + * @property: Name of property holding phandle value
This doesn't match the actual param name.
> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
> +struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> + const char *propname)
> +{
> + struct exynos_pmu_context *ctx;
> + struct device_node *pmu_np;
> + struct device *dev;
> +
> + if (propname)
> + pmu_np = of_parse_phandle(np, propname, 0);
> + else
> + pmu_np = np;
> +
> + if (!pmu_np)
> + return ERR_PTR(-ENODEV);
> +
> + /*
> + * Determine if exynos-pmu device has probed and therefore regmap
> + * has been created and can be returned to the caller. Otherwise we
> + * return -EPROBE_DEFER.
> + */
> + dev = driver_find_device_by_of_node(&exynos_pmu_driver.driver,
> + (void *)pmu_np);
> +
> + if (propname)
> + of_node_put(pmu_np);
> +
> + if (!dev)
> + return ERR_PTR(-EPROBE_DEFER);
> +
> + ctx = dev_get_drvdata(dev);
> +
> + return ctx->pmureg;
> +}
> +EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap_by_phandle);
> +
> static int exynos_pmu_probe(struct platform_device *pdev)
> {
> struct device *dev = &pdev->dev;
> + struct regmap_config pmu_regmcfg;
> + struct regmap *regmap;
> + struct resource *res;
> int ret;
>
> pmu_base_addr = devm_platform_ioremap_resource(pdev, 0);
> @@ -137,9 +339,38 @@ static int exynos_pmu_probe(struct platform_device *pdev)
> GFP_KERNEL);
> if (!pmu_context)
> return -ENOMEM;
> - pmu_context->dev = dev;
> +
> + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> + if (!res)
> + return -ENODEV;
> +
> pmu_context->pmu_data = of_device_get_match_data(dev);
>
> + /* For SoCs that secure PMU register writes use custom regmap */
> + if (pmu_context->pmu_data && pmu_context->pmu_data->pmu_secure) {
> + pmu_regmcfg = regmap_smccfg;
> + pmu_regmcfg.max_register = resource_size(res) -
> + pmu_regmcfg.reg_stride;
> + /* Need physical address for SMC call */
> + regmap = devm_regmap_init(dev, NULL,
> + (void *)(uintptr_t)res->start,
> + &pmu_regmcfg);
> + } else {
> + /* All other SoCs use a MMIO regmap */
> + pmu_regmcfg = regmap_mmiocfg;
> + pmu_regmcfg.max_register = resource_size(res) -
> + pmu_regmcfg.reg_stride;
> + regmap = devm_regmap_init_mmio(dev, pmu_base_addr,
> + &pmu_regmcfg);
> + }
> +
> + if (IS_ERR(regmap))
> + return dev_err_probe(&pdev->dev, PTR_ERR(regmap),
> + "regmap init failed\n");
> +
> + pmu_context->pmureg = regmap;
> + pmu_context->dev = dev;
> +
> if (pmu_context->pmu_data && pmu_context->pmu_data->pmu_init)
> pmu_context->pmu_data->pmu_init();
>
> diff --git a/drivers/soc/samsung/exynos-pmu.h b/drivers/soc/samsung/exynos-pmu.h
> index 1c652ffd79b4..0a49a2c9a08e 100644
> --- a/drivers/soc/samsung/exynos-pmu.h
> +++ b/drivers/soc/samsung/exynos-pmu.h
> @@ -21,6 +21,7 @@ struct exynos_pmu_conf {
> struct exynos_pmu_data {
> const struct exynos_pmu_conf *pmu_config;
> const struct exynos_pmu_conf *pmu_config_extra;
> + bool pmu_secure;
>
> void (*pmu_init)(void);
> void (*powerdown_conf)(enum sys_powerdown);
> diff --git a/include/linux/soc/samsung/exynos-pmu.h b/include/linux/soc/samsung/exynos-pmu.h
> index a4f5516cc956..2bd9d12d9a52 100644
> --- a/include/linux/soc/samsung/exynos-pmu.h
> +++ b/include/linux/soc/samsung/exynos-pmu.h
> @@ -10,6 +10,7 @@
> #define __LINUX_SOC_EXYNOS_PMU_H
>
> struct regmap;
> +struct device_node;
>
> enum sys_powerdown {
> SYS_AFTR,
> @@ -20,12 +21,20 @@ enum sys_powerdown {
>
> extern void exynos_sys_powerdown_conf(enum sys_powerdown mode);
> #ifdef CONFIG_EXYNOS_PMU
> -extern struct regmap *exynos_get_pmu_regmap(void);
> +struct regmap *exynos_get_pmu_regmap(void);
> +struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> + const char *propname);
> #else
> static inline struct regmap *exynos_get_pmu_regmap(void)
> {
> return ERR_PTR(-ENODEV);
> }
> +
> +static inline struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> + const char *propname)
> +{
> + return ERR_PTR(-ENODEV);
> +}
> #endif
>
> #endif /* __LINUX_SOC_EXYNOS_PMU_H */
> --
> 2.44.0.rc0.258.g7320e95886-goog
>
Powered by blists - more mailing lists