Re: [PATCH v4 1/2] soc: samsung: exynos-pmu: Add regmap support for SoCs that protect PMU regs

From: Krzysztof Kozlowski
Date: Thu Feb 15 2024 - 13:38:03 EST

Next message: Kent Overstreet: "Re: [PATCH v3 31/35] lib: add memory allocations report in show_mem()"
Previous message: Florian Fainelli: "Re: [PATCH v1 1/1] serial: 8250_bcm7271: Replace custom unit definitions"
In reply to: Sam Protsenko: "Re: [PATCH v4 1/2] soc: samsung: exynos-pmu: Add regmap support for SoCs that protect PMU regs"
Next in thread: Peter Griffin: "[PATCH v4 2/2] watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/02/2024 17:16, Peter Griffin wrote:
> Some Exynos based SoCs like Tensor gs101 protect the PMU registers for
> security hardening reasons so that they are only write accessible in el3
> via an SMC call.
>
> As most Exynos drivers that need to write PMU registers currently obtain a
> regmap via syscon (phys, pinctrl, watchdog). Support for the above usecase
> is implemented in this driver using a custom regmap similar to syscon to
> handle the SMC call. Platforms that don't secure PMU registers, get a mmio
> regmap like before. As regmaps abstract out the underlying register access
> changes to the leaf drivers are minimal.
>
> A new API exynos_get_pmu_regmap_by_phandle() is provided for leaf drivers
> that currently use syscon_regmap_lookup_by_phandle(). This also handles
> deferred probing.

I found an issue, which needs new version, so I also found few more nits.

>
> Signed-off-by: Peter Griffin <peter.griffin@xxxxxxxxxx>
> ---
> Changes since v3:
> - Fix PMUALIVE_MASK
> - Add TENSOR_ prefix
> - clear SET_BITS bits on each loop iteration
> - change set_bit to set_bits in func name
> - Fix some alignment
> - Add missing return on dev_err_probe
> - Reduce indentation in loop
>
> Changes since v2
> - Add select REGMAP to Kconfig
> - Add constant for SET/CLEAR bits
> - Replace kerneldoc with one line comment
> - Fix kerneldoc for EXPORT_SYMBOL_GPL funcs
> - remove superfluous extern keyword
> - dev_err_probe() on probe error
> - shorten regmcfg name
> - no compatibles inside probe, use match data
> - don't mix declarations with/without initializations
> - tensor_sec_reg_read() use mmio to avoid access restrictions
> - Collect up Reviewed-by
> - const for regmap_config structs
> ---
> drivers/soc/samsung/Kconfig | 1 +
> drivers/soc/samsung/exynos-pmu.c | 235 ++++++++++++++++++++++++-
> drivers/soc/samsung/exynos-pmu.h | 1 +
> include/linux/soc/samsung/exynos-pmu.h | 11 +-
> 4 files changed, 243 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/soc/samsung/Kconfig b/drivers/soc/samsung/Kconfig
> index 27ec99af77e3..1a5dfdc978dc 100644
> --- a/drivers/soc/samsung/Kconfig
> +++ b/drivers/soc/samsung/Kconfig
> @@ -42,6 +42,7 @@ config EXYNOS_PMU
> depends on ARCH_EXYNOS || ((ARM || ARM64) && COMPILE_TEST)
> select EXYNOS_PMU_ARM_DRIVERS if ARM && ARCH_EXYNOS
> select MFD_CORE
> + select REGMAP_MMIO
>
> # There is no need to enable these drivers for ARMv8
> config EXYNOS_PMU_ARM_DRIVERS
> diff --git a/drivers/soc/samsung/exynos-pmu.c b/drivers/soc/samsung/exynos-pmu.c
> index 250537d7cfd6..b846e343fcdd 100644
> --- a/drivers/soc/samsung/exynos-pmu.c
> +++ b/drivers/soc/samsung/exynos-pmu.c
> @@ -5,6 +5,7 @@
> //
> // Exynos - CPU PMU(Power Management Unit) support
>
> +#include <linux/arm-smccc.h>
> #include <linux/of.h>
> #include <linux/of_address.h>
> #include <linux/mfd/core.h>
> @@ -12,19 +13,132 @@
> #include <linux/of_platform.h>
> #include <linux/platform_device.h>
> #include <linux/delay.h>
> +#include <linux/regmap.h>
>
> #include <linux/soc/samsung/exynos-regs-pmu.h>
> #include <linux/soc/samsung/exynos-pmu.h>
>
> #include "exynos-pmu.h"
>
> +#define PMUALIVE_MASK GENMASK(13, 0)
> +#define TENSOR_SET_BITS (BIT(15) | BIT(14))
> +#define TENSOR_CLR_BITS BIT(15)
> +#define TENSOR_SMC_PMU_SEC_REG 0x82000504
> +#define TENSOR_PMUREG_READ 0
> +#define TENSOR_PMUREG_WRITE 1
> +#define TENSOR_PMUREG_RMW 2
> +
> struct exynos_pmu_context {
> struct device *dev;
> const struct exynos_pmu_data *pmu_data;
> + struct regmap *pmureg;
> };
>
> void __iomem *pmu_base_addr;
> static struct exynos_pmu_context *pmu_context;
> +/* forward declaration */
> +static struct platform_driver exynos_pmu_driver;
> +
> +/*
> + * Tensor SoCs are configured so that PMU_ALIVE registers can only be written
> + * from EL3, but are still read accessible. As Linux needs to write some of
> + * these registers, the following functions are provided and exposed via
> + * regmap.
> + *
> + * Note: This SMC interface is known to be implemented on gs101 and derivative
> + * SoCs.
> + */
> +
> +/* Write to a protected PMU register. */
> +static int tensor_sec_reg_write(void *base, unsigned int reg, unsigned int val)

Please use the same argument names in all these regmap functions as in
struct regmap_config, so base->context

> +{
> + struct arm_smccc_res res;
> + unsigned long pmu_base = (unsigned long)base;
> +
> + arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> + TENSOR_PMUREG_WRITE, val, 0, 0, 0, 0, &res);
> +
> + /* returns -EINVAL if access isn't allowed or 0 */
> + if (res.a0)
> + pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> + return (int)res.a0;
> +}
> +
> +/* Read/Modify/Write a protected PMU register. */
> +static int tensor_sec_reg_rmw(void *base, unsigned int reg,
> + unsigned int mask, unsigned int val)
> +{
> + struct arm_smccc_res res;
> + unsigned long pmu_base = (unsigned long)base;
> +
> + arm_smccc_smc(TENSOR_SMC_PMU_SEC_REG, pmu_base + reg,
> + TENSOR_PMUREG_RMW, mask, val, 0, 0, 0, &res);
> +
> + /* returns -EINVAL if access isn't allowed or 0 */
> + if (res.a0)
> + pr_warn("%s(): SMC failed: %d\n", __func__, (int)res.a0);
> +
> + return (int)res.a0;
> +}
> +
> +/*
> + * Read a protected PMU register. All PMU registers can be read by Linux.
> + * Note: The SMC read register is not used, as only registers that can be
> + * written are readable via SMC.
> + */
> +static int tensor_sec_reg_read(void *base, unsigned int reg, unsigned int *val)
> +{
> + *val = pmu_raw_readl(reg);
> + return 0;
> +}
> +
> +/*
> + * For SoCs that have set/clear bit hardware this function can be used when
> + * the PMU register will be accessed by multiple masters.
> + *
> + * For example, to set bits 13:8 in PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(ctx, 0x3e80, 0x3f00, 0x3f00);
> + *
> + * Set bit 8, and clear bits 13:9 PMU reg offset 0x3e80
> + * tensor_set_bits_atomic(0x3e80, 0x100, 0x3f00);
> + */
> +static inline int tensor_set_bits_atomic(void *ctx, unsigned int offset,

Usual practice is to rely on compiler to inline, so let's drop the
keyword here.

> + u32 val, u32 mask)
> +{
> + int ret;
> + unsigned int i;
> +
> + for (i = 0; i < 32; i++) {
> + if (!(mask & BIT(i)))
> + continue;
> +
> + offset &= ~TENSOR_SET_BITS;
> +
> + if (val & BIT(i))
> + offset |= TENSOR_SET_BITS;
> + else
> + offset |= TENSOR_CLR_BITS;
> +
> + ret = tensor_sec_reg_write(ctx, offset, i);
> + if (ret)
> + return ret;
> + }
> + return ret;
> +}
> +
> +static int tensor_sec_update_bits(void *ctx, unsigned int reg,
> + unsigned int mask, unsigned int val)
> +{
> + /*
> + * Use atomic operations for PMU_ALIVE registers (offset 0~0x3FFF)
> + * as the target registers can be accessed by multiple masters.
> + */
> + if (reg > PMUALIVE_MASK)
> + return tensor_sec_reg_rmw(ctx, reg, mask, val);
> +
> + return tensor_set_bits_atomic(ctx, reg, val, mask);
> +}
>
> void pmu_raw_writel(u32 val, u32 offset)
> {
> @@ -75,11 +189,41 @@ void exynos_sys_powerdown_conf(enum sys_powerdown mode)
> #define exynos_pmu_data_arm_ptr(data) NULL
> #endif
>
> +static const struct regmap_config regmap_smccfg = {
> + .name = "pmu_regs",
> + .reg_bits = 32,
> + .reg_stride = 4,
> + .val_bits = 32,
> + .fast_io = true,
> + .use_single_read = true,
> + .use_single_write = true,
> + .reg_read = tensor_sec_reg_read,
> + .reg_write = tensor_sec_reg_write,
> + .reg_update_bits = tensor_sec_update_bits,

> +};
> +
> +static const struct regmap_config regmap_mmiocfg = {
> + .name = "pmu_regs",
> + .reg_bits = 32,
> + .reg_stride = 4,
> + .val_bits = 32,
> + .fast_io = true,
> + .use_single_read = true,
> + .use_single_write = true,
> +};
> +
> +static const struct exynos_pmu_data gs101_pmu_data = {
> + .pmu_secure = true
> +};
> +
> /*
> * PMU platform driver and devicetree bindings.
> */
> static const struct of_device_id exynos_pmu_of_device_ids[] = {
> {
> + .compatible = "google,gs101-pmu",
> + .data = &gs101_pmu_data,
> + }, {
> .compatible = "samsung,exynos3250-pmu",
> .data = exynos_pmu_data_arm_ptr(exynos3250_pmu_data),
> }, {
> @@ -113,19 +257,73 @@ static const struct mfd_cell exynos_pmu_devs[] = {
> { .name = "exynos-clkout", },
> };
>
> +/**
> + * exynos_get_pmu_regmap() - Obtain pmureg regmap
> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
> struct regmap *exynos_get_pmu_regmap(void)
> {
> struct device_node *np = of_find_matching_node(NULL,
> exynos_pmu_of_device_ids);
> if (np)
> - return syscon_node_to_regmap(np);
> + return exynos_get_pmu_regmap_by_phandle(np, NULL);
> return ERR_PTR(-ENODEV);
> }
> EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap);
>
> +/**
> + * exynos_get_pmu_regmap_by_phandle() - Obtain pmureg regmap via phandle
> + * @np: Pointer to device's Device Tree node

A bit unusual naming... drop "Device Tree" anywhere here. This is:
"device node holding PMU phandle property"

> + * @property: Device Tree property name which references the pmu

Name of property holding a phandle value

> + *
> + * Find the pmureg regmap previously configured in probe() and return regmap
> + * pointer.
> + *
> + * Return: A pointer to regmap if found or ERR_PTR error value.
> + */
> +struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np,
> + const char *property)

property -> propname

> +{
> + struct device *dev;
> + struct exynos_pmu_context *ctx;
> + struct device_node *pmu_np;

Reversed christmass tree.

> +
> + if (property)
> + pmu_np = of_parse_phandle(np, property, 0);
> + else
> + pmu_np = np;
> +
> + if (!pmu_np)
> + return ERR_PTR(-ENODEV);
> +
> + /*
> + * Determine if exynos-pmu device has probed and therefore regmap
> + * has been created and can be returned to the caller. Otherwise we
> + * return -EPROBE_DEFER.
> + */
> + dev = driver_find_device_by_of_node(&exynos_pmu_driver.driver,
> + (void *)pmu_np);
> +
> + of_node_put(pmu_np);

You are dropping now referencen from np when property==NULL. This does
no look right.

> + if (!dev)
> + return ERR_PTR(-EPROBE_DEFER);
> +
> + ctx = dev_get_drvdata(dev);
> +
> + return ctx->pmureg;
> +}
> +EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap_by_phandle);
> +
> static int exynos_pmu_probe(struct platform_device *pdev)
> {
> struct device *dev = &pdev->dev;
> + struct regmap_config pmu_regmcfg;
> + struct regmap *regmap;
> + struct resource *res;
> int ret;
>
> pmu_base_addr = devm_platform_ioremap_resource(pdev, 0);
> @@ -133,13 +331,42 @@ static int exynos_pmu_probe(struct platform_device *pdev)
> return PTR_ERR(pmu_base_addr);
>
> pmu_context = devm_kzalloc(&pdev->dev,
> - sizeof(struct exynos_pmu_context),
> - GFP_KERNEL);
> + sizeof(struct exynos_pmu_context),
> + GFP_KERNEL);

Not related here. You could have separate patch for cleanups or just
skip such change.

> if (!pmu_context)
> return -ENOMEM;
> - pmu_context->dev = dev;
> +
> + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> + if (!res)
> + return -ENODEV;
> +

Best regards,
Krzysztof

Next message: Kent Overstreet: "Re: [PATCH v3 31/35] lib: add memory allocations report in show_mem()"
Previous message: Florian Fainelli: "Re: [PATCH v1 1/1] serial: 8250_bcm7271: Replace custom unit definitions"
In reply to: Sam Protsenko: "Re: [PATCH v4 1/2] soc: samsung: exynos-pmu: Add regmap support for SoCs that protect PMU regs"
Next in thread: Peter Griffin: "[PATCH v4 2/2] watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]