diff options
18 files changed, 472 insertions, 53 deletions
diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-cti.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-cti.yaml index 2a91670ccb8c..949444aba1f8 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-cti.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-cti.yaml @@ -128,6 +128,9 @@ properties: "#address-cells": const: 1 + access-controllers: + maxItems: 1 + patternProperties: '^trig-conns@([0-9]+)$': type: object diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-dynamic-funnel.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-dynamic-funnel.yaml index b74db15e5f8a..b0693cd46d27 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-dynamic-funnel.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-dynamic-funnel.yaml @@ -78,6 +78,9 @@ properties: description: Output connection to CoreSight Trace bus $ref: /schemas/graph.yaml#/properties/port + access-controllers: + maxItems: 1 + required: - compatible - reg diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-etm.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-etm.yaml index 71f2e1ed27e5..10ebbbeadf93 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-etm.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-etm.yaml @@ -118,6 +118,9 @@ properties: description: Output connection from the ETM to CoreSight Trace bus. $ref: /schemas/graph.yaml#/properties/port + access-controllers: + maxItems: 1 + required: - compatible - clocks diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-stm.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-stm.yaml index 378380c3f5aa..f243e76f597f 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-stm.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-stm.yaml @@ -73,6 +73,9 @@ properties: description: Output connection to the CoreSight Trace bus. $ref: /schemas/graph.yaml#/properties/port + access-controllers: + maxItems: 1 + required: - compatible - reg diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-tmc.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-tmc.yaml index 96dd5b5f771a..9dc096698c65 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-tmc.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-tmc.yaml @@ -128,6 +128,9 @@ properties: - const: tracedata - const: metadata + access-controllers: + maxItems: 1 + required: - compatible - reg diff --git a/Documentation/devicetree/bindings/arm/arm,coresight-tpiu.yaml b/Documentation/devicetree/bindings/arm/arm,coresight-tpiu.yaml index a207f6899e67..29bbc3961fdf 100644 --- a/Documentation/devicetree/bindings/arm/arm,coresight-tpiu.yaml +++ b/Documentation/devicetree/bindings/arm/arm,coresight-tpiu.yaml @@ -70,6 +70,9 @@ properties: description: Input connection from the CoreSight Trace bus. $ref: /schemas/graph.yaml#/properties/port + access-controllers: + maxItems: 1 + required: - compatible - reg diff --git a/Documentation/devicetree/bindings/bus/st,stm32mp131-dbg-bus.yaml b/Documentation/devicetree/bindings/bus/st,stm32mp131-dbg-bus.yaml new file mode 100644 index 000000000000..6c74433efbe3 --- /dev/null +++ b/Documentation/devicetree/bindings/bus/st,stm32mp131-dbg-bus.yaml @@ -0,0 +1,76 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/bus/st,stm32mp131-dbg-bus.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: STM32 Coresight bus + +maintainers: + - Gatien Chevallier <gatien.chevallier@foss.st.com> + +description: + The STM32 debug bus is in charge of checking the debug configuration + of the platform before probing the peripheral drivers that rely on the debug + domain. + +properties: + compatible: + items: + - enum: + - st,stm32mp131-dbg-bus + - st,stm32mp151-dbg-bus + + "#address-cells": + const: 1 + + "#size-cells": + const: 1 + + ranges: + minItems: 1 + maxItems: 2 + + "#access-controller-cells": + const: 1 + description: + Contains the debug profile necessary to access the peripheral. + +patternProperties: + "@[0-9a-f]+$": + description: Debug related peripherals + type: object + + additionalProperties: true + + required: + - access-controllers + +required: + - "#access-controller-cells" + - "#address-cells" + - "#size-cells" + - compatible + - ranges + +additionalProperties: false + +examples: + - | + #include <dt-bindings/clock/stm32mp1-clks.h> + + dbg_bus: bus@50080000 { + compatible = "st,stm32mp131-dbg-bus"; + #address-cells = <1>; + #size-cells = <1>; + #access-controller-cells = <1>; + ranges = <0x50080000 0x50080000 0x3f80000>; + + cti@50094000 { + compatible = "arm,coresight-cti", "arm,primecell"; + reg = <0x50094000 0x1000>; + clocks = <&rcc CK_DBG>; + clock-names = "apb_pclk"; + access-controllers = <&dbg_bus 0>; + }; + }; diff --git a/Documentation/devicetree/bindings/pinctrl/st,stm32-hdp.yaml b/Documentation/devicetree/bindings/pinctrl/st,stm32-hdp.yaml index 845b6b7b7552..8f8b4b68aaa3 100644 --- a/Documentation/devicetree/bindings/pinctrl/st,stm32-hdp.yaml +++ b/Documentation/devicetree/bindings/pinctrl/st,stm32-hdp.yaml @@ -27,6 +27,12 @@ properties: clocks: maxItems: 1 + access-controllers: + minItems: 1 + items: + - description: debug configuration access controller + - description: access controller that manages the HDP as a peripheral + patternProperties: "^hdp[0-7]-pins$": type: object diff --git a/MAINTAINERS b/MAINTAINERS index 55af015174a5..63f59748d661 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -25009,6 +25009,7 @@ F: drivers/hwmon/pmbus/stef48h28.c ST STM32 FIREWALL M: Gatien Chevallier <gatien.chevallier@foss.st.com> S: Maintained +F: drivers/bus/stm32_dbg_bus.c F: drivers/bus/stm32_etzpc.c F: drivers/bus/stm32_firewall.c F: drivers/bus/stm32_rifsc.c diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig index 2a1b46f07080..7a1b04007efb 100644 --- a/drivers/bus/Kconfig +++ b/drivers/bus/Kconfig @@ -169,6 +169,16 @@ config QCOM_SSC_BLOCK_BUS i2c/spi/uart controllers, a hexagon core, and a clock controller which provides clocks for the above. +config STM32_DBG_BUS + tristate "OP-TEE based debug access bus" + depends on OPTEE && STM32_FIREWALL + depends on ARCH_STM32 || COMPILE_TEST + help + Select this to get the support for the OP-TEE based STM32 debug bus + driver that is used to handle debug-related peripherals on STM32 + platforms when the debug configuration is not accessible by the + normal world. + config STM32_FIREWALL bool "STM32 Firewall framework" depends on (ARCH_STM32 || COMPILE_TEST) && OF diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile index 8e693fe8a03a..799724cfc2df 100644 --- a/drivers/bus/Makefile +++ b/drivers/bus/Makefile @@ -27,6 +27,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o +obj-$(CONFIG_STM32_DBG_BUS) += stm32_dbg_bus.o obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o stm32_rifsc.o stm32_etzpc.o obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o diff --git a/drivers/bus/stm32_dbg_bus.c b/drivers/bus/stm32_dbg_bus.c new file mode 100644 index 000000000000..e30ef3465609 --- /dev/null +++ b/drivers/bus/stm32_dbg_bus.c @@ -0,0 +1,250 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2026, STMicroelectronics - All Rights Reserved + */ + +#include <linux/bus/stm32_firewall.h> +#include <linux/bus/stm32_firewall_device.h> +#include <linux/device.h> +#include <linux/err.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/of.h> +#include <linux/of_platform.h> +#include <linux/platform_device.h> +#include <linux/pm_runtime.h> +#include <linux/tee_drv.h> +#include <linux/types.h> + +enum stm32_dbg_profile { + PERIPHERAL_DBG_PROFILE = 0, + HDP_DBG_PROFILE = 1, +}; + +enum stm32_dbg_pta_command { + /* + * PTA_CMD_GRANT_DBG_ACCESS - Verify the debug configuration against the given debug profile + * and grant access or not + * + * [in] value[0].a Debug profile to grant access to. + */ + PTA_CMD_GRANT_DBG_ACCESS, +}; + +/** + * struct stm32_dbg_bus - OP-TEE based STM32 debug bus private data + * @dev: STM32 debug bus device. + * @ctx: OP-TEE context handler. + */ +struct stm32_dbg_bus { + struct device *dev; + struct tee_context *ctx; +}; + +/* Expect at most 1 instance of this driver */ +static struct stm32_dbg_bus *stm32_dbg_bus_priv; + +static int stm32_dbg_pta_open_session(u32 *id) +{ + struct tee_client_device *dbg_bus_dev = to_tee_client_device(stm32_dbg_bus_priv->dev); + struct tee_ioctl_open_session_arg sess_arg; + int ret; + + memset(&sess_arg, 0, sizeof(sess_arg)); + export_uuid(sess_arg.uuid, &dbg_bus_dev->id.uuid); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; + + ret = tee_client_open_session(stm32_dbg_bus_priv->ctx, &sess_arg, NULL); + if (ret < 0 || sess_arg.ret) { + dev_err(stm32_dbg_bus_priv->dev, "Failed opening tee session, err: %#x\n", + sess_arg.ret); + return -EOPNOTSUPP; + } + + *id = sess_arg.session; + + return 0; +} + +static void stm32_dbg_pta_close_session(u32 id) +{ + tee_client_close_session(stm32_dbg_bus_priv->ctx, id); +} + +static int stm32_dbg_bus_grant_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile) +{ + struct tee_ioctl_invoke_arg inv_arg = {0}; + struct tee_param param[1] = {0}; + u32 session_id; + int ret; + + if (dbg_profile != PERIPHERAL_DBG_PROFILE && dbg_profile != HDP_DBG_PROFILE) + return -EOPNOTSUPP; + + ret = stm32_dbg_pta_open_session(&session_id); + if (ret) + return ret; + + inv_arg.func = PTA_CMD_GRANT_DBG_ACCESS; + inv_arg.session = session_id; + inv_arg.num_params = 1; + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; + param[0].u.value.a = dbg_profile; + + ret = tee_client_invoke_func(stm32_dbg_bus_priv->ctx, &inv_arg, param); + if (ret < 0 || inv_arg.ret != 0) { + dev_dbg(stm32_dbg_bus_priv->dev, + "When invoking function, err %x, TEE returns: %x\n", ret, inv_arg.ret); + if (!ret) + ret = -EACCES; + } + + stm32_dbg_pta_close_session(session_id); + + return ret; +} + +/* Implement mandatory release_access ops even if it does nothing*/ +static void stm32_dbg_bus_release_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile) +{ +} + +static int stm32_dbg_bus_plat_probe(struct platform_device *pdev) +{ + struct stm32_firewall_controller *dbg_controller; + int ret; + + /* Defer if OP-TEE service is not yet available */ + if (!stm32_dbg_bus_priv) + return -EPROBE_DEFER; + + dbg_controller = devm_kzalloc(&pdev->dev, sizeof(*dbg_controller), GFP_KERNEL); + if (!dbg_controller) + return dev_err_probe(&pdev->dev, -ENOMEM, "Couldn't allocate debug controller\n"); + + dbg_controller->dev = &pdev->dev; + dbg_controller->mmio = NULL; + dbg_controller->name = dev_driver_string(dbg_controller->dev); + dbg_controller->type = STM32_PERIPHERAL_FIREWALL; + dbg_controller->grant_access = stm32_dbg_bus_grant_access; + dbg_controller->release_access = stm32_dbg_bus_release_access; + + ret = stm32_firewall_controller_register(dbg_controller); + if (ret) { + dev_err(dbg_controller->dev, "Couldn't register as a firewall controller: %d", ret); + return ret; + } + + ret = stm32_firewall_populate_bus(dbg_controller); + if (ret) { + dev_err(dbg_controller->dev, "Couldn't populate debug bus: %d", ret); + stm32_firewall_controller_unregister(dbg_controller); + return ret; + } + + pm_runtime_enable(&pdev->dev); + + ret = of_platform_populate(pdev->dev.of_node, NULL, NULL, &pdev->dev); + if (ret) { + dev_err(dbg_controller->dev, "Couldn't populate the node: %d", ret); + stm32_firewall_controller_unregister(dbg_controller); + return ret; + } + + return 0; +} + +static const struct of_device_id stm32_dbg_bus_of_match[] = { + { .compatible = "st,stm32mp131-dbg-bus", }, + { .compatible = "st,stm32mp151-dbg-bus", }, + { }, +}; +MODULE_DEVICE_TABLE(of, stm32_dbg_bus_of_match); + +static struct platform_driver stm32_dbg_bus_driver = { + .probe = stm32_dbg_bus_plat_probe, + .driver = { + .name = "stm32-dbg-bus", + .of_match_table = stm32_dbg_bus_of_match, + }, +}; + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + return (ver->impl_id == TEE_IMPL_ID_OPTEE); +} + +static void stm32_dbg_bus_remove(struct tee_client_device *tee_dev) +{ + tee_client_close_context(stm32_dbg_bus_priv->ctx); + stm32_dbg_bus_priv = NULL; + + of_platform_depopulate(&tee_dev->dev); +} + +static int stm32_dbg_bus_probe(struct tee_client_device *tee_dev) +{ + struct device *dev = &tee_dev->dev; + struct stm32_dbg_bus *priv; + int ret = 0; + + if (stm32_dbg_bus_priv) + return dev_err_probe(dev, -EBUSY, + "A STM32 debug bus device is already initialized\n"); + + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + /* Open context with TEE driver */ + priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL); + if (IS_ERR_OR_NULL(priv->ctx)) + return dev_err_probe(dev, PTR_ERR_OR_ZERO(priv->ctx), "Cannot open TEE context\n"); + + stm32_dbg_bus_priv = priv; + stm32_dbg_bus_priv->dev = dev; + + return ret; +} + +static const struct tee_client_device_id optee_dbg_bus_id_table[] = { + {UUID_INIT(0xdd05bc8b, 0x9f3b, 0x49f0, + 0xb6, 0x49, 0x01, 0xaa, 0x10, 0xc1, 0xc2, 0x10)}, + {} +}; + +static struct tee_client_driver stm32_optee_dbg_bus_driver = { + .id_table = optee_dbg_bus_id_table, + .probe = stm32_dbg_bus_probe, + .remove = stm32_dbg_bus_remove, + .driver = { + .name = "optee_dbg_bus", + }, +}; + +static void __exit stm32_optee_dbg_bus_driver_exit(void) +{ + platform_driver_unregister(&stm32_dbg_bus_driver); + tee_client_driver_unregister(&stm32_optee_dbg_bus_driver); +} +module_exit(stm32_optee_dbg_bus_driver_exit); + +static int __init stm32_optee_dbg_bus_driver_init(void) +{ + int err; + + err = tee_client_driver_register(&stm32_optee_dbg_bus_driver); + if (err) + return err; + + err = platform_driver_register(&stm32_dbg_bus_driver); + if (err) + tee_client_driver_unregister(&stm32_optee_dbg_bus_driver); + + return err; +} +module_init(stm32_optee_dbg_bus_driver_init); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@foss.st.com>"); +MODULE_DESCRIPTION("OP-TEE based STM32 debug access bus driver"); diff --git a/drivers/bus/stm32_etzpc.c b/drivers/bus/stm32_etzpc.c index 7fc0f16960be..4918a14e507e 100644 --- a/drivers/bus/stm32_etzpc.c +++ b/drivers/bus/stm32_etzpc.c @@ -5,6 +5,7 @@ #include <linux/bitfield.h> #include <linux/bits.h> +#include <linux/bus/stm32_firewall.h> #include <linux/device.h> #include <linux/err.h> #include <linux/init.h> @@ -16,8 +17,6 @@ #include <linux/platform_device.h> #include <linux/types.h> -#include "stm32_firewall.h" - /* * ETZPC registers */ diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c index 7e7afe8007db..e3619dba8b06 100644 --- a/drivers/bus/stm32_firewall.c +++ b/drivers/bus/stm32_firewall.c @@ -5,6 +5,7 @@ #include <linux/bitfield.h> #include <linux/bits.h> +#include <linux/bus/stm32_firewall.h> #include <linux/bus/stm32_firewall_device.h> #include <linux/device.h> #include <linux/err.h> @@ -18,8 +19,6 @@ #include <linux/types.h> #include <linux/slab.h> -#include "stm32_firewall.h" - /* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall ID */ #define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 1) @@ -185,6 +184,48 @@ void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 su } EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id); +int stm32_firewall_get_grant_all_access(struct device *dev, struct stm32_firewall **firewall, + int *nb_firewall) +{ + struct stm32_firewall *loc_firewall; + int err; + int i; + + *nb_firewall = of_count_phandle_with_args(dev->of_node, "access-controllers", + "#access-controller-cells"); + if (*nb_firewall < 0) + return *nb_firewall; + + if (!*nb_firewall) { + *firewall = NULL; + return 0; + } + + loc_firewall = devm_kcalloc(dev, *nb_firewall, sizeof(*loc_firewall), GFP_KERNEL); + if (!loc_firewall) + return -ENOMEM; + + /* Get stm32 firewall information */ + err = stm32_firewall_get_firewall(dev->of_node, loc_firewall, *nb_firewall); + if (err) + return err; + + for (i = 0; i < *nb_firewall; i++) { + err = stm32_firewall_grant_access(&loc_firewall[i]); + if (err) { + while (i--) + stm32_firewall_release_access(&loc_firewall[i]); + + return err; + } + } + + *firewall = loc_firewall; + + return 0; +} +EXPORT_SYMBOL_GPL(stm32_firewall_get_grant_all_access); + /* Firewall controller API */ int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller) @@ -241,7 +282,6 @@ EXPORT_SYMBOL_GPL(stm32_firewall_controller_unregister); int stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller) { struct stm32_firewall *firewalls; - struct device_node *child; struct device *parent; unsigned int i; int len; @@ -251,30 +291,25 @@ int stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_contr dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev)); - for_each_available_child_of_node(dev_of_node(parent), child) { + for_each_available_child_of_node_scoped(dev_of_node(parent), child) { /* The access-controllers property is mandatory for firewall bus devices */ len = of_count_phandle_with_args(child, "access-controllers", "#access-controller-cells"); - if (len <= 0) { - of_node_put(child); + if (len <= 0) return -EINVAL; - } firewalls = kzalloc_objs(*firewalls, len); - if (!firewalls) { - of_node_put(child); + if (!firewalls) return -ENOMEM; - } err = stm32_firewall_get_firewall(child, firewalls, (unsigned int)len); if (err) { kfree(firewalls); - of_node_put(child); return err; } for (i = 0; i < len; i++) { - if (firewall_controller->grant_access(firewall_controller, + if (firewall_controller->grant_access(firewalls[i].firewall_ctrl, firewalls[i].firewall_id)) { /* * Peripheral access not allowed or not defined. diff --git a/drivers/bus/stm32_rifsc.c b/drivers/bus/stm32_rifsc.c index debeaf8ea1bd..19d10379dcef 100644 --- a/drivers/bus/stm32_rifsc.c +++ b/drivers/bus/stm32_rifsc.c @@ -5,6 +5,7 @@ #include <linux/bitfield.h> #include <linux/bits.h> +#include <linux/bus/stm32_firewall.h> #include <linux/debugfs.h> #include <linux/device.h> #include <linux/err.h> @@ -15,10 +16,9 @@ #include <linux/of.h> #include <linux/of_platform.h> #include <linux/platform_device.h> +#include <linux/string.h> #include <linux/types.h> -#include "stm32_firewall.h" - /* * RIFSC offset register */ @@ -450,7 +450,7 @@ static void stm32_rifsc_fill_rimu_dbg_entry(struct rifsc_dbg_private *rifsc, const struct stm32_rifsc_resources_names *dbg_names = rifsc->res_names; u32 rimc_attr = readl_relaxed(rifsc->mmio + RIFSC_RIMC_ATTR0 + 0x4 * i); - snprintf(dbg_entry->m_name, sizeof(dbg_entry->m_name), "%s", dbg_names->initiator_names[i]); + strscpy(dbg_entry->m_name, dbg_names->initiator_names[i]); dbg_entry->m_cid = FIELD_GET(RIFSC_RIMC_MCID_MASK, rimc_attr); dbg_entry->cidsel = rimc_attr & RIFSC_RIMC_CIDSEL; dbg_entry->m_sec = rimc_attr & RIFSC_RIMC_MSEC; @@ -469,8 +469,7 @@ static void stm32_rifsc_fill_dev_dbg_entry(struct rifsc_dbg_private *rifsc, sec_cfgr = readl_relaxed(rifsc->mmio + RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); priv_cfgr = readl_relaxed(rifsc->mmio + RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); - snprintf(dbg_entry->dev_name, sizeof(dbg_entry->dev_name), "%s", - dbg_names->device_names[i]); + strscpy(dbg_entry->dev_name, dbg_names->device_names[i]); dbg_entry->dev_id = i; dbg_entry->dev_cid_filt_en = cid_cfgr & CIDCFGR_CFEN; dbg_entry->dev_sem_en = cid_cfgr & CIDCFGR_SEMEN; @@ -688,34 +687,6 @@ static int stm32_rifsc_grant_access(struct stm32_firewall_controller *ctrl, u32 sec_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); cid_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_PER0_CIDCFGR + 0x8 * firewall_id); - /* First check conditions for semaphore mode, which doesn't take into account static CID. */ - if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) { - if (cid_reg_value & BIT(RIF_CID1 + SEMWL_SHIFT)) { - /* Static CID is irrelevant if semaphore mode */ - goto skip_cid_check; - } else { - dev_dbg(rifsc_controller->dev, - "Invalid bus semaphore configuration: index %d\n", firewall_id); - return -EACCES; - } - } - - /* - * Skip CID check if CID filtering isn't enabled or filtering is enabled on CID0, which - * corresponds to whatever CID. - */ - if (!(cid_reg_value & CIDCFGR_CFEN) || - FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) == RIF_CID0) - goto skip_cid_check; - - /* Coherency check with the CID configuration */ - if (FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) != RIF_CID1) { - dev_dbg(rifsc_controller->dev, "Invalid CID configuration for peripheral: %d\n", - firewall_id); - return -EACCES; - } - -skip_cid_check: /* Check security configuration */ if (sec_reg_value & BIT(reg_offset)) { dev_dbg(rifsc_controller->dev, @@ -723,19 +694,31 @@ skip_cid_check: return -EACCES; } - /* - * If the peripheral is in semaphore mode, take the semaphore so that - * the CID1 has the ownership. - */ - if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) { + /* Skip CID check if CID filtering isn't enabled */ + if (!(cid_reg_value & CIDCFGR_CFEN)) + goto skip_cid_check; + + /* First check conditions for semaphore mode, which doesn't take into account static CID. */ + if (cid_reg_value & CIDCFGR_SEMEN) { + if (!(cid_reg_value & BIT(RIF_CID1 + SEMWL_SHIFT))) { + dev_dbg(rifsc_controller->dev, + "Invalid bus semaphore configuration: index %d\n", firewall_id); + return -EACCES; + } + rc = stm32_rif_acquire_semaphore(rifsc_controller, firewall_id); if (rc) { - dev_err(rifsc_controller->dev, + dev_dbg(rifsc_controller->dev, "Couldn't acquire semaphore for peripheral: %d\n", firewall_id); return rc; } + } else if (FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) != RIF_CID1) { + dev_dbg(rifsc_controller->dev, "Invalid CID configuration for peripheral: %d\n", + firewall_id); + return -EACCES; } +skip_cid_check: return 0; } diff --git a/drivers/pinctrl/stm32/pinctrl-stm32-hdp.c b/drivers/pinctrl/stm32/pinctrl-stm32-hdp.c index 0b1dff01e04c..cce477e86ef9 100644 --- a/drivers/pinctrl/stm32/pinctrl-stm32-hdp.c +++ b/drivers/pinctrl/stm32/pinctrl-stm32-hdp.c @@ -4,6 +4,7 @@ * Author: Clément Le Goffic <clement.legoffic@foss.st.com> for STMicroelectronics. */ #include <linux/bits.h> +#include <linux/bus/stm32_firewall_device.h> #include <linux/clk.h> #include <linux/gpio/driver.h> #include <linux/gpio/generic.h> @@ -46,9 +47,11 @@ struct stm32_hdp { void __iomem *base; struct clk *clk; struct pinctrl_dev *pctl_dev; + struct stm32_firewall *firewall; struct gpio_generic_chip gpio_chip; u32 mux_conf; u32 gposet_conf; + int nb_firewall_entries; const char * const *func_name; }; @@ -615,6 +618,13 @@ static int stm32_hdp_probe(struct platform_device *pdev) return -ENOMEM; hdp->dev = dev; + if (IS_ENABLED(CONFIG_STM32_FIREWALL)) { + err = stm32_firewall_get_grant_all_access(dev, &hdp->firewall, + &hdp->nb_firewall_entries); + if (err) + return err; + } + platform_set_drvdata(pdev, hdp); hdp->base = devm_platform_ioremap_resource(pdev, 0); @@ -670,8 +680,12 @@ static int stm32_hdp_probe(struct platform_device *pdev) static void stm32_hdp_remove(struct platform_device *pdev) { struct stm32_hdp *hdp = platform_get_drvdata(pdev); + int i; writel_relaxed(HDP_CTRL_DISABLE, hdp->base + HDP_CTRL); + + for (i = 0; i < hdp->nb_firewall_entries; i++) + stm32_firewall_release_access(&hdp->firewall[i]); } static int stm32_hdp_suspend(struct device *dev) diff --git a/drivers/bus/stm32_firewall.h b/include/linux/bus/stm32_firewall.h index e5fac85fe346..e5fac85fe346 100644 --- a/drivers/bus/stm32_firewall.h +++ b/include/linux/bus/stm32_firewall.h diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h index eaa7a3f54450..6c878f3ca86f 100644 --- a/include/linux/bus/stm32_firewall_device.h +++ b/include/linux/bus/stm32_firewall_device.h @@ -112,6 +112,25 @@ int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsy */ void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id); +/** + * stm32_firewall_get_grant_all_access - Allocate and get all the firewall(s) associated to given + * device. Then, try to grant access rights for each element. + * This function is basically a helper function that wraps + * both stm32_firewall_get_firewall() and + * stm32_firewall_grant_access() on all firewall references of + * a device along with the allocation of the array. + * Realease access using stm32_firewall_release_access* APIs + * when done. + * + * @dev: Device performing the checks + * @firewall: Pointer to the array of firewall references to be allocated + * @nb_firewall: Number of allocated elements in @firewall + * + * Returns 0 on success, or appropriate errno code if error occurred. + */ +int stm32_firewall_get_grant_all_access(struct device *dev, struct stm32_firewall **firewall, + int *nb_firewall); + #else /* CONFIG_STM32_FIREWALL */ static inline int stm32_firewall_get_firewall(struct device_node *np, @@ -141,5 +160,12 @@ static inline void stm32_firewall_release_access_by_id(struct stm32_firewall *fi { } +static inline int stm32_firewall_get_grant_all_access(struct device *dev, + struct stm32_firewall **firewall, + int *nb_firewall) +{ + return -ENODEV; +} + #endif /* CONFIG_STM32_FIREWALL */ #endif /* STM32_FIREWALL_DEVICE_H */ |