lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPLW+4nOq_62rBhwRUf0RW0zTiGa+-Zpt+FLcTa87biX8Nq-BA@mail.gmail.com>
Date: Mon, 19 Feb 2024 17:05:50 -0600
From: Sam Protsenko <semen.protsenko@...aro.org>
To: Peter Griffin <peter.griffin@...aro.org>
Cc: arnd@...db.de, krzysztof.kozlowski@...aro.org, linux@...ck-us.net, 
	wim@...ux-watchdog.org, alim.akhtar@...sung.com, jaewon02.kim@...sung.com, 
	alexey.klimov@...aro.org, kernel-team@...roid.com, tudor.ambarus@...aro.org, 
	andre.draszik@...aro.org, saravanak@...gle.com, willmcvicker@...gle.com, 
	linux-fsd@...la.com, linux-watchdog@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, 
	linux-samsung-soc@...r.kernel.org
Subject: Re: [PATCH v5 1/2] soc: samsung: exynos-pmu: Add regmap support for
 SoCs that protect PMU regs

On Mon, Feb 19, 2024 at 2:42 PM Peter Griffin <peter.griffin@...aroorg> wrote:
>
> Some Exynos based SoCs like Tensor gs101 protect the PMU registers for
> security hardening reasons so that they are only write accessible in el3
> via an SMC call.
>
> As most Exynos drivers that need to write PMU registers currently obtain a
> regmap via syscon (phys, pinctrl, watchdog). Support for the above usecase
> is implemented in this driver using a custom regmap similar to syscon to
> handle the SMC call. Platforms that don't secure PMU registers, get a mmio
> regmap like before. As regmaps abstract out the underlying register access
> changes to the leaf drivers are minimal.
>
> A new API exynos_get_pmu_regmap_by_phandle() is provided for leaf drivers
> that currently use syscon_regmap_lookup_by_phandle(). This also handles
> deferred probing.
>
> Tested-by: Sam Protsenko <semen.protsenko@...aro.org>
> Tested-by: Alexey Klimov <alexey.klimov@...aro.org>
> Reviewed-by: Sam Protsenko <semen.protsenko@...aro.org>
> Signed-off-by: Peter Griffin <peter.griffin@...aro.org>
> ---
> Changes since v4:
>  - Use same argument names as in struct regmap_config
>  - Remove inline keyword and rely on compiler
>  - Update kerneldoc wording
>  - property -> propname argument rename
>  - reverse Xmas tree
>  - Only call of_node_put() when of_parse_phandle is called
>  - Collect tags
>
> Changes since v3:
>  - Fix PMUALIVE_MASK
>  - Add TENSOR_ prefix
>  - clear SET_BITS bits on each loop iteration
>  - change set_bit to set_bits in func name
>  - Fix some alignment
>  - Add missing return on dev_err_probe
>  - Reduce indentation in loop
>
> Changes since v2
>  - Add select REGMAP to Kconfig
>  - Add constant for SET/CLEAR bits
>  - Replace kerneldoc with one line comment
>  - Fix kerneldoc for EXPORT_SYMBOL_GPL funcs
>  - remove superfluous extern keyword
>  - dev_err_probe() on probe error
>  - shorten regmcfg name
>  - no compatibles inside probe, use match data
>  - don't mix declarations with/without initializations
>  - tensor_sec_reg_read() use mmio to avoid access restrictions
>  - Collect up Reviewed-by
>  - const for regmap_config structs
> ---
>  drivers/soc/samsung/Kconfig            |   1 +
>  drivers/soc/samsung/exynos-pmu.c       | 235 ++++++++++++++++++++++++-
>  drivers/soc/samsung/exynos-pmu.h       |   1 +
>  include/linux/soc/samsung/exynos-pmu.h |  11 +-
>  4 files changed, 245 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/soc/samsung/Kconfig b/drivers/soc/samsung/Kconfig
> index 27ec99af77e3..1a5dfdc978dc 100644
> --- a/drivers/soc/samsung/Kconfig
> +++ b/drivers/soc/samsung/Kconfig
> @@ -42,6 +42,7 @@ config EXYNOS_PMU
>         depends on ARCH_EXYNOS || ((ARM || ARM64) && COMPILE_TEST)
>         select EXYNOS_PMU_ARM_DRIVERS if ARM && ARCH_EXYNOS
>         select MFD_CORE
> +       select REGMAP_MMIO
>
>  # There is no need to enable these drivers for ARMv8
>  config EXYNOS_PMU_ARM_DRIVERS
> diff --git a/drivers/soc/samsung/exynos-pmu.c b/drivers/soc/samsung/exynos-pmu.c
> index 250537d7cfd6..d6ae8025fdb4 100644
> --- a/drivers/soc/samsung/exynos-pmu.c
> +++ b/drivers/soc/samsung/exynos-pmu.c
> @@ -5,6 +5,7 @@
>  //
>  // Exynos - CPU PMU(Power Management Unit) support
>
> +#include <linux/arm-smccc.h>
>  #include <linux/of.h>
>  #include <linux/of_address.h>
>  #include <linux/mfd/core.h>
> @@ -12,19 +13,134 @@
>  #include <linux/of_platform.h>
>  #include <linux/platform_device.h>
>  #include <linux/delay.h>
> +#include <linux/regmap.h>
>
>  #include <linux/soc/samsung/exynos-regs-pmu.h>
>  #include <linux/soc/samsung/exynos-pmu.h>
>
>  #include "exynos-pmu.h"
>
> +#define PMUALIVE_MASK                  GENMASK(13, 0)
> +#define TENSOR_SET_BITS                        (BIT(15) | BIT(14))
> +#define TENSOR_CLR_BITS                        BIT(15)
> +#define TENSOR_SMC_PMU_SEC_REG         0x82000504
> +#define TENSOR_PMUREG_READ             0
> +#define TENSOR_PMUREG_WRITE            1
> +#define TENSOR_PMUREG_RMW              2
> +
>  struct exynos_pmu_context {
>         struct device *dev;
>         const struct exynos_pmu_data *pmu_data;
> +       struct regmap *pmureg;
>  };
>
>  void __iomem *pmu_base_addr;
>  static struct exynos_pmu_context *pmu_context;
> +/* forward declaration */
> +static struct platform_driver exynos_pmu_driver;
> +
> +/*
> + * Tensor SoCs are configured so that PMU_ALIVE registers can only be written
> + * from EL3, but are still read accessible. As Linux needs to write some of
> + * these registers, the following functions are provided and exposed via
> + * regmap.
> + *
> + * Note: This SMC interface is known to be implemented on gs101 and derivative
> + * SoCs.
> + */
> +
> +/* Write to a protected PMU register. */
> +static int tensor_sec_reg_write(void *context, unsigned int reg,
> +                               unsigned int val)
> +{
> +       struct arm_smccc_res res;
> +       unsigned long pmu_base = (unsigned long)context;
> +
> +       arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> +                     TENSOR_PMUREG_WRITE, val, 0, 0, 0, 0, &res);
> +
> +       /* returns -EINVAL if access isn't allowed or 0 */
> +       if (res.a0)
> +               pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> +       return (int)res.a0;
> +}
> +
> +/* Read/Modify/Write a protected PMU register. */
> +static int tensor_sec_reg_rmw(void *context, unsigned int reg,
> +                             unsigned int mask, unsigned int val)
> +{
> +       struct arm_smccc_res res;
> +       unsigned long pmu_base = (unsigned long)context;
> +
> +       arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> +                     TENSOR_PMUREG_RMW, mask, val, 0, 0, 0, &res);
> +
> +       /* returns -EINVAL if access isn't allowed or 0 */
> +       if (res.a0)
> +               pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> +       return (int)res.a0;
> +}
> +
> +/*
> + * Read a protected PMU register. All PMU registers can be read by Linux.
> + * Note: The SMC read register is not used, as only registers that can be
> + * written are readable via SMC.
> + */
> +static int tensor_sec_reg_read(void *context, unsigned int reg,
> +                              unsigned int *val)
> +{
> +       *val = pmu_raw_readl(reg);
> +       return 0;
> +}
> +
> +/*
> + * For SoCs that have set/clear bit hardware this function can be used when
> + * the PMU register will be accessed by multiple masters.
> + *
> + * For example, to set bits 13:8 in PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(ctx, 0x3e80, 0x3f00, 0x3f00);
> + *
> + * Set bit 8, and clear bits 13:9 PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(0x3e80, 0x100, 0x3f00);
> + */
> +static int tensor_set_bits_atomic(void *ctx, unsigned int offset, u32 val,
> +                                 u32 mask)
> +{
> +       int ret;
> +       unsigned int i;
> +
> +       for (i = 0; i < 32; i++) {
> +               if (!(mask & BIT(i)))
> +                       continue;
> +
> +               offset &= ~TENSOR_SET_BITS;
> +
> +               if (val & BIT(i))
> +                       offset |= TENSOR_SET_BITS;
> +               else
> +                       offset |= TENSOR_CLR_BITS;
> +
> +               ret = tensor_sec_reg_write(ctx, offset, i);
> +               if (ret)
> +                       return ret;
> +       }
> +       return ret;
> +}
> +
> +static int tensor_sec_update_bits(void *ctx, unsigned int reg,
> +                                 unsigned int mask, unsigned int val)
> +{
> +       /*
> +        * Use atomic operations for PMU_ALIVE registers (offset 0~0x3FFF)
> +        * as the target registers can be accessed by multiple masters.
> +        */
> +       if (reg > PMUALIVE_MASK)
> +               return tensor_sec_reg_rmw(ctx, reg, mask, val);
> +
> +       return tensor_set_bits_atomic(ctx, reg, val, mask);
> +}
>
>  void pmu_raw_writel(u32 val, u32 offset)
>  {
> @@ -75,11 +191,41 @@ void exynos_sys_powerdown_conf(enum sys_powerdown mode)
>  #define exynos_pmu_data_arm_ptr(data)  NULL
>  #endif
>
> +static const struct regmap_config regmap_smccfg = {
> +       .name = "pmu_regs",
> +       .reg_bits = 32,
> +       .reg_stride = 4,
> +       .val_bits = 32,
> +       .fast_io = true,
> +       .use_single_read = true,
> +       .use_single_write = true,
> +       .reg_read = tensor_sec_reg_read,
> +       .reg_write = tensor_sec_reg_write,
> +       .reg_update_bits = tensor_sec_update_bits,
> +};
> +
> +static const struct regmap_config regmap_mmiocfg = {
> +       .name = "pmu_regs",
> +       .reg_bits = 32,
> +       .reg_stride = 4,
> +       .val_bits = 32,
> +       .fast_io = true,
> +       .use_single_read = true,
> +       .use_single_write = true,
> +};
> +
> +static const struct exynos_pmu_data gs101_pmu_data = {
> +       .pmu_secure = true
> +};
> +
>  /*
>   * PMU platform driver and devicetree bindings.
>   */
>  static const struct of_device_id exynos_pmu_of_device_ids[] = {
>         {
> +               .compatible = "google,gs101-pmu",
> +               .data = &gs101_pmu_data,
> +       }, {
>                 .compatible = "samsung,exynos3250-pmu",
>                 .data = exynos_pmu_data_arm_ptr(exynos3250_pmu_data),
>         }, {
> @@ -113,19 +259,75 @@ static const struct mfd_cell exynos_pmu_devs[] = {
>         { .name = "exynos-clkout", },
>  };
>
> +/**
> + * exynos_get_pmu_regmap() - Obtain pmureg regmap
> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
>  struct regmap *exynos_get_pmu_regmap(void)
>  {
>         struct device_node *np = of_find_matching_node(NULL,
>                                                       exynos_pmu_of_device_ids);
>         if (np)
> -               return syscon_node_to_regmap(np);
> +               return exynos_get_pmu_regmap_by_phandle(np, NULL);
>         return ERR_PTR(-ENODEV);
>  }
>  EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap);
>
> +/**
> + * exynos_get_pmu_regmap_by_phandle() - Obtain pmureg regmap via phandle
> + * @np: Device node holding PMU phandle property
> + * @property: Name of property holding phandle value

This doesn't match the actual param name.

> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
> +struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> +                                               const char *propname)
> +{
> +       struct exynos_pmu_context *ctx;
> +       struct device_node *pmu_np;
> +       struct device *dev;
> +
> +       if (propname)
> +               pmu_np = of_parse_phandle(np, propname, 0);
> +       else
> +               pmu_np = np;
> +
> +       if (!pmu_np)
> +               return ERR_PTR(-ENODEV);
> +
> +       /*
> +        * Determine if exynos-pmu device has probed and therefore regmap
> +        * has been created and can be returned to the caller. Otherwise we
> +        * return -EPROBE_DEFER.
> +        */
> +       dev = driver_find_device_by_of_node(&exynos_pmu_driver.driver,
> +                                           (void *)pmu_np);
> +
> +       if (propname)
> +               of_node_put(pmu_np);
> +
> +       if (!dev)
> +               return ERR_PTR(-EPROBE_DEFER);
> +
> +       ctx = dev_get_drvdata(dev);
> +
> +       return ctx->pmureg;
> +}
> +EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap_by_phandle);
> +
>  static int exynos_pmu_probe(struct platform_device *pdev)
>  {
>         struct device *dev = &pdev->dev;
> +       struct regmap_config pmu_regmcfg;
> +       struct regmap *regmap;
> +       struct resource *res;
>         int ret;
>
>         pmu_base_addr = devm_platform_ioremap_resource(pdev, 0);
> @@ -137,9 +339,38 @@ static int exynos_pmu_probe(struct platform_device *pdev)
>                         GFP_KERNEL);
>         if (!pmu_context)
>                 return -ENOMEM;
> -       pmu_context->dev = dev;
> +
> +       res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +       if (!res)
> +               return -ENODEV;
> +
>         pmu_context->pmu_data = of_device_get_match_data(dev);
>
> +       /* For SoCs that secure PMU register writes use custom regmap */
> +       if (pmu_context->pmu_data && pmu_context->pmu_data->pmu_secure) {
> +               pmu_regmcfg = regmap_smccfg;
> +               pmu_regmcfg.max_register = resource_size(res) -
> +                                          pmu_regmcfg.reg_stride;
> +               /* Need physical address for SMC call */
> +               regmap = devm_regmap_init(dev, NULL,
> +                                         (void *)(uintptr_t)res->start,
> +                                         &pmu_regmcfg);
> +       } else {
> +               /* All other SoCs use a MMIO regmap */
> +               pmu_regmcfg = regmap_mmiocfg;
> +               pmu_regmcfg.max_register = resource_size(res) -
> +                                          pmu_regmcfg.reg_stride;
> +               regmap = devm_regmap_init_mmio(dev, pmu_base_addr,
> +                                              &pmu_regmcfg);
> +       }
> +
> +       if (IS_ERR(regmap))
> +               return dev_err_probe(&pdev->dev, PTR_ERR(regmap),
> +                                    "regmap init failed\n");
> +
> +       pmu_context->pmureg = regmap;
> +       pmu_context->dev = dev;
> +
>         if (pmu_context->pmu_data && pmu_context->pmu_data->pmu_init)
>                 pmu_context->pmu_data->pmu_init();
>
> diff --git a/drivers/soc/samsung/exynos-pmu.h b/drivers/soc/samsung/exynos-pmu.h
> index 1c652ffd79b4..0a49a2c9a08e 100644
> --- a/drivers/soc/samsung/exynos-pmu.h
> +++ b/drivers/soc/samsung/exynos-pmu.h
> @@ -21,6 +21,7 @@ struct exynos_pmu_conf {
>  struct exynos_pmu_data {
>         const struct exynos_pmu_conf *pmu_config;
>         const struct exynos_pmu_conf *pmu_config_extra;
> +       bool pmu_secure;
>
>         void (*pmu_init)(void);
>         void (*powerdown_conf)(enum sys_powerdown);
> diff --git a/include/linux/soc/samsung/exynos-pmu.h b/include/linux/soc/samsung/exynos-pmu.h
> index a4f5516cc956..2bd9d12d9a52 100644
> --- a/include/linux/soc/samsung/exynos-pmu.h
> +++ b/include/linux/soc/samsung/exynos-pmu.h
> @@ -10,6 +10,7 @@
>  #define __LINUX_SOC_EXYNOS_PMU_H
>
>  struct regmap;
> +struct device_node;
>
>  enum sys_powerdown {
>         SYS_AFTR,
> @@ -20,12 +21,20 @@ enum sys_powerdown {
>
>  extern void exynos_sys_powerdown_conf(enum sys_powerdown mode);
>  #ifdef CONFIG_EXYNOS_PMU
> -extern struct regmap *exynos_get_pmu_regmap(void);
> +struct regmap *exynos_get_pmu_regmap(void);
> +struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> +                                               const char *propname);
>  #else
>  static inline struct regmap *exynos_get_pmu_regmap(void)
>  {
>         return ERR_PTR(-ENODEV);
>  }
> +
> +static inline struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> +                                                             const char *propname)
> +{
> +       return ERR_PTR(-ENODEV);
> +}
>  #endif
>
>  #endif /* __LINUX_SOC_EXYNOS_PMU_H */
> --
> 2.44.0.rc0.258.g7320e95886-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ