lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c04a7bc8-c25c-44ed-a182-343ced81ba43@foss.st.com>
Date: Tue, 17 Jun 2025 19:52:48 +0200
From: Arnaud POULIQUEN <arnaud.pouliquen@...s.st.com>
To: Bjorn Andersson <andersson@...nel.org>
CC: Mathieu Poirier <mathieu.poirier@...aro.org>,
        Jens Wiklander
	<jens.wiklander@...aro.org>,
        Rob Herring <robh+dt@...nel.org>,
        "Krzysztof
 Kozlowski" <krzk+dt@...nel.org>,
        Conor Dooley <conor+dt@...nel.org>,
        <linux-stm32@...md-mailman.stormreply.com>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-remoteproc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <op-tee@...ts.trustedfirmware.org>, <devicetree@...r.kernel.org>
Subject: Re: [PATCH v18 2/6] remoteproc: Add TEE support

On 6/17/25 06:34, Bjorn Andersson wrote:
> On Mon, Jun 16, 2025 at 09:55:26AM +0200, Arnaud Pouliquen wrote:
>> Add a remoteproc TEE (Trusted Execution Environment) driver that will be
>> probed by the TEE bus. If the associated Trusted application is supported
>> on the secure part, this driver offers a client interface to load firmware
>> by the secure part.
>> This firmware could be authenticated by the secure trusted application.
>>
>> A specificity of the implementation is that the firmware has to be

[...]

> 
>> +	}
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_release_fw);
>> +
>> +/**
>> + * rproc_tee_load_fw - Load firmware from TEE application
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
>> + *
>> + * This function invokes the TA_RPROC_FW_CMD_LOAD_FW TEE client function to load the firmware.
>> + * It registers the fw->data as a shared memory region with the TEE, and request the TEE to load
>> + * the firmware. This function can be called twice during the remote processor boot, considering
>> + * that the TEE application ignores the command if the firmware is already loaded.
> 
> "can be called twice"? How does this relate to the TEE application
> ignoring the command? How does the client know if the application
> ignored it?

No need that the client is aware. only needed due to the boot sequence
that calls rproc_tee_parse_fw() then the rproc_tee_load_fw()
I will update the comment to make it more explicit.

> 
>> + *
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
> 
> https://docs.kernel.org/doc-guide/kernel-doc.html#function-documentation
> says function name should have () suffix. Then arguments (here you have
> them twice). Then the longer description (for rproc_tee_release_fw() you
> have this before arguments).
> 
> Also, please keep it within 80 characters.
> 
>> + *
>> + * Return: 0 on success, or an error code on failure
>> + */
>> +int rproc_tee_load_fw(struct rproc *rproc, const struct firmware *fw)
>> +{
>> +	struct tee_param param[MAX_TEE_PARAM_ARRAY_MEMBER];
>> +	struct rproc_tee *trproc = rproc_to_trproc(rproc);
>> +	struct tee_ioctl_invoke_arg arg;
>> +	struct tee_shm *fw_shm;
>> +	int ret;
>> +
>> +	if (!rproc_tee_ctx.dev)
>> +		return -ENODEV;
>> +
>> +	if (!trproc)
>> +		return -EINVAL;
>> +
>> +	fw_shm = tee_shm_register_kernel_buf(rproc_tee_ctx.tee_ctx, (void *)fw->data, fw->size);
>> +	if (IS_ERR(fw_shm))
>> +		return PTR_ERR(fw_shm);
>> +
>> +	rproc_tee_prepare_args(trproc, TA_RPROC_FW_CMD_LOAD_FW, &arg, param, 1);
>> +
>> +	/* Provide the address of the firmware image */
>> +	param[1] = (struct tee_param) {
>> +		.attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT,
>> +		.u.memref = {
>> +			.shm = fw_shm,
>> +			.size = fw->size,
>> +			.shm_offs = 0,
>> +		},
>> +	};
>> +
>> +	ret = tee_client_invoke_func(rproc_tee_ctx.tee_ctx, &arg, param);
>> +	if (ret < 0 || arg.ret != 0) {
>> +		dev_err(rproc_tee_ctx.dev,
>> +			"TA_RPROC_FW_CMD_LOAD_FW invoke failed TEE err: %#x, ret:%d\n",
>> +			arg.ret, ret);
>> +		if (!ret)
>> +			ret = -EIO;
> 
> If ret == 0 and arg.ret == <some error>, then this function will print
> an error to the log and return success (0). Same with many of the other
> functions where you have copy pasted this.

If ret == 0 and arg.ret == <some error>, we return -EIO, or I missed something?

> 
>> +	}
>> +
>> +	tee_shm_free(fw_shm);
>> +
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_load_fw);
>> +
>> +static int rproc_tee_get_loaded_rsc_table(struct rproc *rproc, phys_addr_t *rsc_pa,
>> +					  size_t *table_sz)
>> +{
>> +	struct tee_param param[MAX_TEE_PARAM_ARRAY_MEMBER];
>> +	struct rproc_tee *trproc = rproc_to_trproc(rproc);
>> +	struct tee_ioctl_invoke_arg arg;
>> +	int ret;
>> +
>> +	if (!rproc_tee_ctx.dev)
>> +		return -ENODEV;
>> +
>> +	if (!trproc)
>> +		return -EINVAL;
>> +
>> +	rproc_tee_prepare_args(trproc, TA_RPROC_FW_CMD_GET_RSC_TABLE, &arg, param, 2);
>> +
>> +	param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT;
>> +	param[2].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT;
>> +
>> +	ret = tee_client_invoke_func(rproc_tee_ctx.tee_ctx, &arg, param);
>> +	if (ret < 0 || arg.ret != 0) {
>> +		dev_err(rproc_tee_ctx.dev,
>> +			"TA_RPROC_FW_CMD_GET_RSC_TABLE invoke failed TEE err: %#x, ret:%d\n",
>> +			arg.ret, ret);
>> +		return -EIO;
>> +	}
>> +
>> +	*table_sz = param[2].u.value.a;
> 
> What happened to .b?

Not really used for now, but I will add extra code to support addresses and size
in 64-bits testing the sizeof phys_addr_t and size_t.

> 
>> +
>> +	if (*table_sz)
>> +		*rsc_pa = param[1].u.value.a;
> 
> Ditto
> 
>> +	else
>> +		*rsc_pa  = 0;
>> +
>> +	return 0;
>> +}
>> +
>> +/**
>> + * rproc_tee_parse_fw - Get the resource table from TEE application
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
>> + *
>> + * This function retrieves the loaded resource table and creates a cached_table copy. Since the
>> + * firmware image is signed and potentially encrypted, the firmware must be loaded first to
>> + * access the loaded resource table.
>> + *
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
> 
> Duplicated arguments list...
> 
>> + *
>> + * Return: 0 on success, or an error code on failure
>> + */
>> +int rproc_tee_parse_fw(struct rproc *rproc, const struct firmware *fw)
>> +{
>> +	phys_addr_t rsc_table;
>> +	void __iomem *rsc_va;
>> +	size_t table_sz;
>> +	int ret;
>> +
>> +	if (!rproc)
>> +		return -EINVAL;
>> +
>> +	/* We need first to Load the firmware, to be able to get the resource table. */
>> +	ret = rproc_tee_load_fw(rproc, fw);
>> +	if (ret)
>> +		return ret;
>> +
>> +	ret = rproc_tee_get_loaded_rsc_table(rproc, &rsc_table, &table_sz);
>> +	if (ret)
>> +		goto release_fw;
>> +
>> +	/*
>> +	 * We assume here that the memory mapping is the same between the TEE and Linux kernel
>> +	 * contexts. Else a new TEE remoteproc service could be needed to get a copy of the
>> +	 * resource table
>> +	 */
>> +	rsc_va = ioremap_wc(rsc_table, table_sz);
> 
> You're using tee_shm for transferring the image, you don't allow Linux
> access to any part of the firmware (which is the reason why you need to
> load the segments in rproc_parse_fw())...

Right, Linux does not understand the format and could not retrieve the resource
table in case of encryption.

> 
> So just out of curiosity, why is the resource table passed back to Linux
> using a ioremap of some random/undefined chunk of memory?

It is not a random chunck of memory but the address of the table installed in
the remote processor memory. It is the equivalent of get_loaded_rsc_table ops.


> 
>> +	if (!rsc_va) {
>> +		dev_err(rproc_tee_ctx.dev, "Unable to map memory region: %pa+%zx\n",
>> +			&rsc_table, table_sz);
>> +		ret = -ENOMEM;
>> +		goto release_fw;
>> +	}
>> +
>> +	/*
>> +	 * Create a copy of the resource table to have the same behavior as the ELF loader.
>> +	 * This cached table will be used by the remoteproc core after the remoteproc stops
>> +	 * to free resources and for crash recovery to reapply the settings.
>> +	 * The cached table will be freed by the remoteproc core.
>> +	 */
>> +	rproc->cached_table = kmemdup((__force void *)rsc_va, table_sz, GFP_KERNEL);
> 
> Is rsc_va DDR? And if so, wouldn't memremap() be a more accurate choice
> above. If not, why isn't this kzalloc() + memcpy_fromio()?

Here we explicitly want to make a local copy as done in rproc_elf_load_rsc_table().
using  kzalloc() + memcpy_fromio() seems a better implementation
I test your proposal, thanks

> 
>> +	iounmap(rsc_va);
>> +
>> +	if (!rproc->cached_table) {
>> +		ret = -ENOMEM;
>> +		goto release_fw;
>> +	}
>> +
>> +	rproc->table_ptr = rproc->cached_table;
>> +	rproc->table_sz = table_sz;
>> +
>> +	return 0;
>> +
>> +release_fw:
>> +	rproc_tee_release_fw(rproc);
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_parse_fw);
>> +
>> +/**
>> + * rproc_tee_find_loaded_rsc_table - Find the loaded resource table loaded by the TEE application
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
>> + *
>> + * This function retrieves the physical address and size of the resource table loaded by the TEE
>> + * application.
>> + *
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @fw: Pointer to the firmware structure containing the firmware data and size
> 
> More argument duplication.
> 
>> + *
>> + * Return:  pointer to the resource table if found, or NULL if not found or size is 0
>> + */
>> +struct resource_table *rproc_tee_find_loaded_rsc_table(struct rproc *rproc,
>> +						       const struct firmware *fw)
>> +{
>> +	phys_addr_t rsc_table;
>> +	size_t table_sz;
>> +	int ret;
>> +
>> +	ret = rproc_tee_get_loaded_rsc_table(rproc, &rsc_table, &table_sz);
>> +	if (ret)
>> +		return NULL;
>> +
>> +	rproc->table_sz = table_sz;
>> +	if (!table_sz)
>> +		return NULL;
>> +
>> +	/*
>> +	 * At this step the memory area that contains the resource table should have been registered
>> +	 * by the remote proc platform driver and allocated by rproc_alloc_registered_carveouts().
>> +	 */
>> +	return (struct resource_table *)rproc_pa_to_va(rproc, rsc_table, table_sz, NULL);
> 
> rproc_pa_to_va() return type is void *, do you really need this explicit
> typecast?
> 
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_find_loaded_rsc_table);
>> +
>> +/**
>> + * rproc_tee_start - Request the TEE application to start the remote processor
>> + *
>> + * This function invokes the TA_RPROC_FW_CMD_START command to start the remote processor.
>> + *
>> + * @rproc: Pointer to the struct rproc representing the remote processor
> 
> kernel-doc ordering...
> 
>> + *
>> + * Return: Returns 0 on success, -EINVAL or -EIO on failure
>> + */
>> +int rproc_tee_start(struct rproc *rproc)
>> +{
>> +	struct tee_param param[MAX_TEE_PARAM_ARRAY_MEMBER];
>> +	struct rproc_tee *trproc = rproc_to_trproc(rproc);
>> +	struct tee_ioctl_invoke_arg arg;
>> +	int ret = 0;
> 
> First access of ret is an assignment, no need to zero-initialize it
> here.
> 
>> +
>> +	if (!trproc)
>> +		return -EINVAL;
> 
> There's an inconsistency in that rproc_tee_ctx.dev is used without first
> checking that it's valid in this function...
> 
>> +
>> +	rproc_tee_prepare_args(trproc, TA_RPROC_FW_CMD_START, &arg, param, 0);
>> +
>> +	ret = tee_client_invoke_func(rproc_tee_ctx.tee_ctx, &arg, param);
>> +	if (ret < 0 || arg.ret != 0) {
>> +		dev_err(rproc_tee_ctx.dev,
>> +			"TA_RPROC_FW_CMD_START invoke failed TEE err: %#x, ret:%d\n", arg.ret, ret);
>> +		if (!ret)
>> +			return  -EIO;
> 
> Why not assigning ret and falling through, like in most other functions?
> 
>> +	}
>> +
>> +	return 0;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_start);
>> +
>> +/**
>> + * rproc_tee_stop - Request the TEE application to start the remote processor
>> + *
>> + * This function invokes the TA_RPROC_FW_CMD_STOP command to stop the remote processor.
>> + *
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + *
>> + * Return: Returns 0 on success, -EINVAL or -EIO on failure
>> + */
>> +int rproc_tee_stop(struct rproc *rproc)
>> +{
>> +	struct tee_param param[MAX_TEE_PARAM_ARRAY_MEMBER];
>> +	struct rproc_tee *trproc = rproc_to_trproc(rproc);
>> +	struct tee_ioctl_invoke_arg arg;
>> +	int ret;
>> +
>> +	if (!trproc)
>> +		return -EINVAL;
>> +
>> +	rproc_tee_prepare_args(trproc, TA_RPROC_FW_CMD_STOP, &arg, param, 0);
>> +
>> +	ret = tee_client_invoke_func(rproc_tee_ctx.tee_ctx, &arg, param);
>> +	if (ret < 0 || arg.ret != 0) {
>> +		dev_err(rproc_tee_ctx.dev,
>> +			"TA_RPROC_FW_CMD_STOP invoke failed TEE err: %#x, ret:%d\n", arg.ret, ret);
>> +		if (!ret)
>> +			ret = -EIO;
>> +	}
>> +
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_stop);
>> +
>> +static const struct tee_client_device_id rproc_tee_id_table[] = {
>> +	{UUID_INIT(0x80a4c275, 0x0a47, 0x4905, 0x82, 0x85, 0x14, 0x86, 0xa9, 0x77, 0x1a, 0x08)},
>> +	{}
>> +};
>> +
>> +/**
>> + * rproc_tee_register - Register a remote processor controlled by a TEE application.
>> + *
>> + * This function registers a remote processor that will be managed by a TEE application,by opening
>> + * a session with the TEE client.
>> + *
>> + * @dev: Pointer to client rproc device
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + * @rproc_id: ID of the remote processor
>> + *
>> + * Return: Returns 0 on success, or an error code on failure
>> + */
>> +int rproc_tee_register(struct device *dev, struct rproc *rproc, unsigned int rproc_id)
>> +{
>> +	struct tee_param param[MAX_TEE_PARAM_ARRAY_MEMBER];
>> +	struct tee_ioctl_open_session_arg sess_arg;
>> +	struct tee_client_device *tee_device;
>> +	struct rproc_tee *trproc;
>> +	struct device_link *link;
>> +	int ret;
>> +
>> +	spin_lock(&ctx_lock);
> 
> Why is this a spin_lock?
> 
> To my understanding the purpose of ctx_lock is to ensure mutual
> exclusion of access to rproc_tee_ctx, but this doesn't look like it's
> done from a context that isn't able to tolerate a mutex.
> 
> In particular during boot, if you have multiple remoteprocs being
> registred, you're going to waste precious CPU cycles just spinning here.
> 
> 
> And if it is a spinlock because you might enter here from some interrupt
> context, how do you ensure this won't deadlock?

Right I need to use mutex instead and beter protect all the API from concurrent
access to better manage bind/unbind.
> 
>> +	/*
>> +	 * Test if the device has been probed by the TEE bus. In case of failure, we ignore the
>> +	 * reason. The bus could be not yet probed or the service not available in the secure
>> +	 * firmware.The assumption in such a case is that the TEE remoteproc is not probed.
>> +	 */
>> +	if (!rproc_tee_ctx.dev) {
>> +		ret = -EPROBE_DEFER;
>> +		goto out;
>> +	}
>> +
>> +	trproc = kzalloc(sizeof(*trproc), GFP_KERNEL);
>> +	if (!trproc) {
>> +		ret = -ENOMEM;
>> +		goto out;
>> +	}
>> +
>> +	tee_device = to_tee_client_device(rproc_tee_ctx.dev);
>> +	memset(&sess_arg, 0, sizeof(sess_arg));
>> +
>> +	memcpy(sess_arg.uuid, tee_device->id.uuid.b, TEE_IOCTL_UUID_LEN);
>> +
>> +	sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL;
>> +	sess_arg.num_params = 1;
>> +
>> +	param[0] = (struct tee_param) {
>> +		.attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT,
>> +		.u.value.a = rproc_id,
>> +	};
> 
> I'm not familiar with the details of the tee calling convention, but do
> you really need 4 entries in the param array and if so, would it make
> sense to zero-initialize the other elements - like you do in all other
> functions?


In rproc_tee_prepare_args(), we reinitialize the arguments and parameters
because they may be reused from a previous message. This allow to set
only non zero value.

THere as sess_arg.num_params = 1 only param[0] is valid, other param
should be ignored.
In this context use memeset seems over protection here.


Thanks,
Arnaud
> 
>> +
>> +	ret = tee_client_open_session(rproc_tee_ctx.tee_ctx, &sess_arg, param);
>> +	if (ret < 0 || sess_arg.ret != 0) {
>> +		dev_err(dev, "tee_client_open_session failed, err: %#x\n", sess_arg.ret);
>> +		ret = -EINVAL;
>> +		goto free_tproc;
>> +	}
>> +
>> +	trproc->rproc_id = rproc_id;
>> +	trproc->session_id = sess_arg.session;
>> +
>> +	trproc->rproc = rproc;
>> +
>> +	/* Create device link between the rproc device and the TEE device */
> 
> This comment would be more useful if it documented why the link is
> created - the fact that a link is added between the two devices can be
> read on the next line...
> 
>> +	link = device_link_add(dev, rproc_tee_ctx.dev, DL_FLAG_AUTOREMOVE_CONSUMER);
>> +	if (!link) {
>> +		ret = -ENOMEM;
>> +		goto close_tee;
>> +	}
>> +	list_add_tail(&trproc->node, &rproc_tee_ctx.sessions);
>> +
>> +	goto out;
> 
> Please don't use goto to skip over the error handling. ret is going to
> be 0 here, so unlock and return 0 here to make it clear that this is the
> point of successful return.
> 
>> +
>> +close_tee:
>> +	if (tee_client_close_session(rproc_tee_ctx.tee_ctx, trproc->session_id))
>> +		dev_err(rproc_tee_ctx.dev, "tee_client_close_session failed\n");
>> +free_tproc:
>> +	kfree(trproc);
>> +out:
>> +	spin_unlock(&ctx_lock);
>> +
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_register);
>> +
>> +/**
>> + * rproc_tee_unregister - Register a remote processor controlled by a TEE application.
>> + *
>> + * This function unregisters a remote processor previously registered by the rproc_tee_register()
>> + * function.
>> + *
>> + * @dev: Pointer to client rproc device
>> + * @rproc: Pointer to the struct rproc representing the remote processor
>> + *
>> + * Return: Returns 0 on success, or an error code on failure
>> + */
>> +int rproc_tee_unregister(struct device *dev, struct rproc *rproc)
>> +{
>> +	struct rproc_tee *trproc = rproc_to_trproc(rproc);
>> +	int ret;
>> +
>> +	if (!trproc)
>> +		return -EINVAL;
>> +
>> +	spin_lock(&ctx_lock);
> 
> This lock is taken after you have traversed the rproc_tee_ctx.session
> list in a racy fashion.
> 
>> +
>> +	ret = tee_client_close_session(rproc_tee_ctx.tee_ctx, trproc->session_id);
>> +	if (ret < 0)
>> +		dev_err(rproc_tee_ctx.dev, "tee_client_close_session failed, err: %#x\n", ret);
>> +
>> +	spin_unlock(&ctx_lock);
>> +
>> +	list_del(&trproc->node);
> 
> Although, I might misunderstand your locking scheme, because here you're
> modifying the sessions list immediately after leaving the mutual
> exclusion region?
> 
>> +	kfree(trproc);
>> +
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(rproc_tee_unregister);
>> +
>> +static int rproc_tee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
>> +{
>> +	/* Today we support only the OP-TEE, could be extend to other tees */
>> +	return (ver->impl_id == TEE_IMPL_ID_OPTEE);
>> +}
>> +
>> +static int rproc_tee_probe(struct device *dev)
>> +{
>> +	struct tee_context *tee_ctx;
>> +
>> +	/* Open context with TEE driver */
>> +	tee_ctx = tee_client_open_context(NULL, rproc_tee_ctx_match, NULL, NULL);
>> +	if (IS_ERR(tee_ctx))
>> +		return PTR_ERR(tee_ctx);
>> +
>> +	spin_lock(&ctx_lock);
>> +	rproc_tee_ctx.dev = dev;
>> +	rproc_tee_ctx.tee_ctx = tee_ctx;
>> +	INIT_LIST_HEAD(&rproc_tee_ctx.sessions);
>> +	spin_unlock(&ctx_lock);
>> +
>> +	return 0;
>> +}
>> +
>> +static int rproc_tee_remove(struct device *dev)
>> +{
>> +	spin_lock(&ctx_lock);
>> +	tee_client_close_context(rproc_tee_ctx.tee_ctx);
>> +	rproc_tee_ctx.dev = NULL;
>> +	rproc_tee_ctx.tee_ctx = NULL;
>> +	spin_unlock(&ctx_lock);
>> +
>> +	return 0;
>> +}
>> +
>> +MODULE_DEVICE_TABLE(tee, rproc_tee_id_table);
>> +
>> +static struct tee_client_driver rproc_tee_fw_driver = {
>> +	.id_table	= rproc_tee_id_table,
>> +	.driver		= {
>> +		.name		= KBUILD_MODNAME,
>> +		.bus		= &tee_bus_type,
>> +		.probe		= rproc_tee_probe,
>> +		.remove		= rproc_tee_remove,
>> +	},
>> +};
>> +
>> +static int __init rproc_tee_fw_mod_init(void)
>> +{
>> +	return driver_register(&rproc_tee_fw_driver.driver);
>> +}
>> +
>> +static void __exit rproc_tee_fw_mod_exit(void)
>> +{
>> +	driver_unregister(&rproc_tee_fw_driver.driver);
>> +}
>> +
>> +module_init(rproc_tee_fw_mod_init);
>> +module_exit(rproc_tee_fw_mod_exit);
>> +
>> +MODULE_DESCRIPTION(" remote processor TEE module");
> 
> Why is there a space in the start of the description?
> 
>> +MODULE_LICENSE("GPL");
>> diff --git a/include/linux/remoteproc_tee.h b/include/linux/remoteproc_tee.h
>> new file mode 100644
>> index 000000000000..659bd77a4f12
>> --- /dev/null
>> +++ b/include/linux/remoteproc_tee.h
>> @@ -0,0 +1,90 @@
>> +/* SPDX-License-Identifier: GPL-2.0-or-later */
>> +/*
>> + * Copyright(c) 2024 STMicroelectronics
> 
> Year?
> 
>> + */
>> +
>> +#ifndef REMOTEPROC_TEE_H
>> +#define REMOTEPROC_TEE_H
>> +
>> +#include <linux/tee_drv.h>
>> +#include <linux/firmware.h>
>> +#include <linux/remoteproc.h>
>> +
>> +struct rproc;
>> +struct rproc_tee;
> 
> rproc_tee is not used in the API, so there shouldn't be a need for
> forward declaring it.
> 
> struct rproc is defined in linux/remoteproc.h, so that should be fine to
> omit as well.
> 
>> +
>> +#if IS_ENABLED(CONFIG_REMOTEPROC_TEE)
>> +
>> +int rproc_tee_register(struct device *dev, struct rproc *rproc, unsigned int rproc_id);
>> +int rproc_tee_unregister(struct device *dev, struct rproc *rproc);
>> +int rproc_tee_parse_fw(struct rproc *rproc, const struct firmware *fw);
>> +int rproc_tee_load_fw(struct rproc *rproc, const struct firmware *fw);
>> +void rproc_tee_release_fw(struct rproc *rproc);
>> +struct resource_table *rproc_tee_find_loaded_rsc_table(struct rproc *rproc,
>> +						       const struct firmware *fw);
>> +int rproc_tee_start(struct rproc *rproc);
>> +int rproc_tee_stop(struct rproc *rproc);
>> +
>> +#else
>> +
>> +static inline int rproc_tee_register(struct device *dev, struct rproc *rproc, unsigned int rproc_id)
>> +{
>> +	return -ENODEV;
>> +}
>> +
>> +static inline int rproc_tee_parse_fw(struct rproc *rproc, const struct firmware *fw)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return 0;
>> +}
>> +
>> +static inline int rproc_tee_unregister(struct device *dev, struct rproc *rproc)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return 0;
>> +}
>> +
>> +static inline int rproc_tee_load_fw(struct rproc *rproc,  const struct firmware *fw)
> 
> Double space after the ','
> 
> Regards,
> Bjorn
> 
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return 0;
>> +}
>> +
>> +static inline int rproc_tee_start(struct rproc *rproc)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return 0;
>> +}
>> +
>> +static inline int rproc_tee_stop(struct rproc *rproc)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return 0;
>> +}
>> +
>> +static inline void rproc_tee_release_fw(struct rproc *rproc)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +}
>> +
>> +static inline struct resource_table *
>> +rproc_tee_find_loaded_rsc_table(struct rproc *rproc, const struct firmware *fw)
>> +{
>> +	/* This shouldn't be possible */
>> +	WARN_ON(1);
>> +
>> +	return NULL;
>> +}
>> +#endif /* CONFIG_REMOTEPROC_TEE */
>> +#endif /* REMOTEPROC_TEE_H */
>> -- 
>> 2.25.1
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ