| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <qqjynnzjhpe6elglh3xb4ghbtesfkr4ssxyq5flhcy7a5jp6ym@3viy7jyesamq>
Date: Tue, 7 Oct 2025 14:23:51 -0700
From: Manivannan Sadhasivam <mani@...nel.org>
To: Mukesh Ojha <mukesh.ojha@....qualcomm.com>
Cc: Bjorn Andersson <andersson@...nel.org>,
Mathieu Poirier <mathieu.poirier@...aro.org>, Rob Herring <robh@...nel.org>,
Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>,
Konrad Dybcio <konradybcio@...nel.org>, linux-arm-msm@...r.kernel.org, linux-remoteproc@...r.kernel.org,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
Bryan O'Donoghue <bryan.odonoghue@...aro.org>
Subject: Re: [PATCH v4 03/12] firmware: qcom_scm: Introduce PAS context
initialization and destroy helper
On Tue, Oct 07, 2025 at 10:18:48PM +0530, Mukesh Ojha wrote:
> When the Peripheral Authentication Service (PAS) method runs on a SoC
> where Linux operates at EL2 (i.e., without the Gunyah hypervisor), the
> reset sequences are handled by TrustZone. In such cases, Linux must
> perform additional steps before invoking PAS SMC calls, such as creating
> a SHM bridge. Therefore, PAS SMC calls require awareness and handling of
> these additional steps when Linux runs at EL2.
>
> To support this, there is a need for a data structure that can be
> initialized prior to invoking any SMC or MDT functions. This structure
> allows those functions to determine whether they are operating in the
> presence or absence of the Gunyah hypervisor and behave accordingly.
>
> Currently, remoteproc and non-remoteproc subsystems use different
> variants of the MDT loader helper API, primarily due to differences in
> metadata context handling. Remoteproc subsystems retain the metadata
> context until authentication and reset are completed, while
> non-remoteproc subsystems (e.g., video, graphics, IPA, etc.) do not
> retain the metadata context and can free it within the
> qcom_scm_pas_init() call by passing a NULL context parameter and due to
> these differences, it is not possible to extend metadata context
> handling to support remoteproc and non remoteproc subsystem use PAS
> operations, when Linux operates at EL2.
>
> Add PAS context data structure and helper functions to initialize and
> destroy it.
>
> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@...aro.org>
> Signed-off-by: Mukesh Ojha <mukesh.ojha@....qualcomm.com>
> ---
> drivers/firmware/qcom/qcom_scm.c | 54 ++++++++++++++++++++++++++++++++++
> include/linux/firmware/qcom/qcom_scm.h | 11 +++++++
> 2 files changed, 65 insertions(+)
>
> diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c
> index 3379607eaf94..b8ce4fc34dbe 100644
> --- a/drivers/firmware/qcom/qcom_scm.c
> +++ b/drivers/firmware/qcom/qcom_scm.c
> @@ -558,6 +558,60 @@ static void qcom_scm_set_download_mode(u32 dload_mode)
> dev_err(__scm->dev, "failed to set download mode: %d\n", ret);
> }
>
> +/**
> + * qcom_scm_pas_context_init() - Initialize peripheral authentication service
> + * context for a given peripheral and it can be
> + * destroyed with qcom_scm_pas_context_destroy()
> + * to release the context
> + *
> + * @dev: PAS firmware device
> + * @pas_id: peripheral authentication service id
> + * @mem_phys: Subsystem reserve memory start address
> + * @mem_size: Subsystem reserve memory size
> + *
> + * Upon successful, returns the PAS context or ERR_PTR() of the error otherwise.
> + */
> +void *qcom_scm_pas_context_init(struct device *dev, u32 pas_id, phys_addr_t mem_phys,
> + size_t mem_size)
> +{
> + struct qcom_scm_pas_context *ctx;
> +
> + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
> + if (!ctx)
> + return ERR_PTR(-ENOMEM);
> +
> + ctx->dev = dev;
> + ctx->pas_id = pas_id;
> + ctx->mem_phys = mem_phys;
> + ctx->mem_size = mem_size;
> +
> + ctx->metadata = kzalloc(sizeof(*ctx->metadata), GFP_KERNEL);
> + if (!ctx->metadata) {
> + kfree(ctx);
> + return ERR_PTR(-ENOMEM);
> + }
> +
> + return ctx;
> +}
> +EXPORT_SYMBOL_GPL(qcom_scm_pas_context_init);
> +
> +/**
> + * qcom_scm_pas_context_destroy() - release PAS context
> + *
> + * @ctx: PAS context
> + */
> +void qcom_scm_pas_context_destroy(struct qcom_scm_pas_context *ctx)
> +{
> + kfree(ctx->metadata);
> + ctx->metadata = NULL;
> + ctx->dev = NULL;
> + ctx->pas_id = 0;
> + ctx->mem_phys = 0;
> + ctx->mem_size = 0;
Why do you need to zero initialize these fields before freeing? Are they
carrying any sensitive data that warrants zero initialization?
- Mani
--
மணிவண்ணன் சதாசிவம்
Powered by blists - more mailing lists