tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'stm32-bus-firewall-for-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32 into soc/drivers

STM32 Firewall bus for v7.1, round 1

Highlights:
----------
Stm32 SoCs embed debug peripherals such as Coresight. These peripherals
can monitor the activity of the cores. Because of that, they can be
used only if some features in the debug configuration are enabled.
Else, errors or firewall exceptions can be observed. Similarly to
the ETZPC(on stm32mp1x platforms) or the RIFSC(on stm32mp2x platforms),
debug-related peripherals access can be assessed at bus level to
prevent these issues from happening.

The debug configuration can only be accessed by the secure world.
That means that a service must be implemented in the secure world for
the kernel to check the firewall configuration. On OpenSTLinux, it is
done through a Debug access PTA in OP-TEE [1].
To represent the debug peripherals present on a dedicated debug bus,
create a debug bus node in the device tree and the associated driver
that will interact with this PTA.

Plus some fixes.

* tag 'stm32-bus-firewall-for-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32:
pinctrl: stm32: add firewall checks before probing the HDP driver
drivers: bus: add the stm32 debug bus driver
bus: stm32_firewall: add stm32_firewall_get_grant_all_access() API
bus: stm32_firewall: allow check on different firewall controllers
dt-bindings: bus: document the stm32 debug bus
dt-bindings: pinctrl: document access-controllers property for stm32 HDP
dt-bindings: document access-controllers property for coresight peripherals
bus: rifsc: fix RIF configuration check for peripherals
bus: rifsc: Replace snprintf("%s") with strscpy
bus: stm32_firewall: Simplify with scoped for each OF child loop
bus: firewall: move stm32_firewall header file in include folder

Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Arnd Bergmann dc26ea32 720d813b

+472 -53
+3
Documentation/devicetree/bindings/arm/arm,coresight-cti.yaml
··· 128 128 "#address-cells": 129 129 const: 1 130 130 131 + access-controllers: 132 + maxItems: 1 133 + 131 134 patternProperties: 132 135 '^trig-conns@([0-9]+)$': 133 136 type: object
+3
Documentation/devicetree/bindings/arm/arm,coresight-dynamic-funnel.yaml
··· 78 78 description: Output connection to CoreSight Trace bus 79 79 $ref: /schemas/graph.yaml#/properties/port 80 80 81 + access-controllers: 82 + maxItems: 1 83 + 81 84 required: 82 85 - compatible 83 86 - reg
+3
Documentation/devicetree/bindings/arm/arm,coresight-etm.yaml
··· 118 118 description: Output connection from the ETM to CoreSight Trace bus. 119 119 $ref: /schemas/graph.yaml#/properties/port 120 120 121 + access-controllers: 122 + maxItems: 1 123 + 121 124 required: 122 125 - compatible 123 126 - clocks
+3
Documentation/devicetree/bindings/arm/arm,coresight-stm.yaml
··· 73 73 description: Output connection to the CoreSight Trace bus. 74 74 $ref: /schemas/graph.yaml#/properties/port 75 75 76 + access-controllers: 77 + maxItems: 1 78 + 76 79 required: 77 80 - compatible 78 81 - reg
+3
Documentation/devicetree/bindings/arm/arm,coresight-tmc.yaml
··· 128 128 - const: tracedata 129 129 - const: metadata 130 130 131 + access-controllers: 132 + maxItems: 1 133 + 131 134 required: 132 135 - compatible 133 136 - reg
+3
Documentation/devicetree/bindings/arm/arm,coresight-tpiu.yaml
··· 70 70 description: Input connection from the CoreSight Trace bus. 71 71 $ref: /schemas/graph.yaml#/properties/port 72 72 73 + access-controllers: 74 + maxItems: 1 75 + 73 76 required: 74 77 - compatible 75 78 - reg
+76
Documentation/devicetree/bindings/bus/st,stm32mp131-dbg-bus.yaml
··· 1 + # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/bus/st,stm32mp131-dbg-bus.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: STM32 Coresight bus 8 + 9 + maintainers: 10 + - Gatien Chevallier <gatien.chevallier@foss.st.com> 11 + 12 + description: 13 + The STM32 debug bus is in charge of checking the debug configuration 14 + of the platform before probing the peripheral drivers that rely on the debug 15 + domain. 16 + 17 + properties: 18 + compatible: 19 + items: 20 + - enum: 21 + - st,stm32mp131-dbg-bus 22 + - st,stm32mp151-dbg-bus 23 + 24 + "#address-cells": 25 + const: 1 26 + 27 + "#size-cells": 28 + const: 1 29 + 30 + ranges: 31 + minItems: 1 32 + maxItems: 2 33 + 34 + "#access-controller-cells": 35 + const: 1 36 + description: 37 + Contains the debug profile necessary to access the peripheral. 38 + 39 + patternProperties: 40 + "@[0-9a-f]+$": 41 + description: Debug related peripherals 42 + type: object 43 + 44 + additionalProperties: true 45 + 46 + required: 47 + - access-controllers 48 + 49 + required: 50 + - "#access-controller-cells" 51 + - "#address-cells" 52 + - "#size-cells" 53 + - compatible 54 + - ranges 55 + 56 + additionalProperties: false 57 + 58 + examples: 59 + - | 60 + #include <dt-bindings/clock/stm32mp1-clks.h> 61 + 62 + dbg_bus: bus@50080000 { 63 + compatible = "st,stm32mp131-dbg-bus"; 64 + #address-cells = <1>; 65 + #size-cells = <1>; 66 + #access-controller-cells = <1>; 67 + ranges = <0x50080000 0x50080000 0x3f80000>; 68 + 69 + cti@50094000 { 70 + compatible = "arm,coresight-cti", "arm,primecell"; 71 + reg = <0x50094000 0x1000>; 72 + clocks = <&rcc CK_DBG>; 73 + clock-names = "apb_pclk"; 74 + access-controllers = <&dbg_bus 0>; 75 + }; 76 + };
+6
Documentation/devicetree/bindings/pinctrl/st,stm32-hdp.yaml
··· 27 27 clocks: 28 28 maxItems: 1 29 29 30 + access-controllers: 31 + minItems: 1 32 + items: 33 + - description: debug configuration access controller 34 + - description: access controller that manages the HDP as a peripheral 35 + 30 36 patternProperties: 31 37 "^hdp[0-7]-pins$": 32 38 type: object
+1
MAINTAINERS
··· 25009 25009 ST STM32 FIREWALL 25010 25010 M: Gatien Chevallier <gatien.chevallier@foss.st.com> 25011 25011 S: Maintained 25012 + F: drivers/bus/stm32_dbg_bus.c 25012 25013 F: drivers/bus/stm32_etzpc.c 25013 25014 F: drivers/bus/stm32_firewall.c 25014 25015 F: drivers/bus/stm32_rifsc.c
+10
drivers/bus/Kconfig
··· 169 169 i2c/spi/uart controllers, a hexagon core, and a clock controller 170 170 which provides clocks for the above. 171 171 172 + config STM32_DBG_BUS 173 + tristate "OP-TEE based debug access bus" 174 + depends on OPTEE && STM32_FIREWALL 175 + depends on ARCH_STM32 || COMPILE_TEST 176 + help 177 + Select this to get the support for the OP-TEE based STM32 debug bus 178 + driver that is used to handle debug-related peripherals on STM32 179 + platforms when the debug configuration is not accessible by the 180 + normal world. 181 + 172 182 config STM32_FIREWALL 173 183 bool "STM32 Firewall framework" 174 184 depends on (ARCH_STM32 || COMPILE_TEST) && OF
+1
drivers/bus/Makefile
··· 27 27 obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o 28 28 obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o 29 29 obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o 30 + obj-$(CONFIG_STM32_DBG_BUS) += stm32_dbg_bus.o 30 31 obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o stm32_rifsc.o stm32_etzpc.o 31 32 obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o 32 33 obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
+250
drivers/bus/stm32_dbg_bus.c
··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* 3 + * Copyright (C) 2026, STMicroelectronics - All Rights Reserved 4 + */ 5 + 6 + #include <linux/bus/stm32_firewall.h> 7 + #include <linux/bus/stm32_firewall_device.h> 8 + #include <linux/device.h> 9 + #include <linux/err.h> 10 + #include <linux/kernel.h> 11 + #include <linux/module.h> 12 + #include <linux/of.h> 13 + #include <linux/of_platform.h> 14 + #include <linux/platform_device.h> 15 + #include <linux/pm_runtime.h> 16 + #include <linux/tee_drv.h> 17 + #include <linux/types.h> 18 + 19 + enum stm32_dbg_profile { 20 + PERIPHERAL_DBG_PROFILE = 0, 21 + HDP_DBG_PROFILE = 1, 22 + }; 23 + 24 + enum stm32_dbg_pta_command { 25 + /* 26 + * PTA_CMD_GRANT_DBG_ACCESS - Verify the debug configuration against the given debug profile 27 + * and grant access or not 28 + * 29 + * [in] value[0].a Debug profile to grant access to. 30 + */ 31 + PTA_CMD_GRANT_DBG_ACCESS, 32 + }; 33 + 34 + /** 35 + * struct stm32_dbg_bus - OP-TEE based STM32 debug bus private data 36 + * @dev: STM32 debug bus device. 37 + * @ctx: OP-TEE context handler. 38 + */ 39 + struct stm32_dbg_bus { 40 + struct device *dev; 41 + struct tee_context *ctx; 42 + }; 43 + 44 + /* Expect at most 1 instance of this driver */ 45 + static struct stm32_dbg_bus *stm32_dbg_bus_priv; 46 + 47 + static int stm32_dbg_pta_open_session(u32 *id) 48 + { 49 + struct tee_client_device *dbg_bus_dev = to_tee_client_device(stm32_dbg_bus_priv->dev); 50 + struct tee_ioctl_open_session_arg sess_arg; 51 + int ret; 52 + 53 + memset(&sess_arg, 0, sizeof(sess_arg)); 54 + export_uuid(sess_arg.uuid, &dbg_bus_dev->id.uuid); 55 + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; 56 + 57 + ret = tee_client_open_session(stm32_dbg_bus_priv->ctx, &sess_arg, NULL); 58 + if (ret < 0 || sess_arg.ret) { 59 + dev_err(stm32_dbg_bus_priv->dev, "Failed opening tee session, err: %#x\n", 60 + sess_arg.ret); 61 + return -EOPNOTSUPP; 62 + } 63 + 64 + *id = sess_arg.session; 65 + 66 + return 0; 67 + } 68 + 69 + static void stm32_dbg_pta_close_session(u32 id) 70 + { 71 + tee_client_close_session(stm32_dbg_bus_priv->ctx, id); 72 + } 73 + 74 + static int stm32_dbg_bus_grant_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile) 75 + { 76 + struct tee_ioctl_invoke_arg inv_arg = {0}; 77 + struct tee_param param[1] = {0}; 78 + u32 session_id; 79 + int ret; 80 + 81 + if (dbg_profile != PERIPHERAL_DBG_PROFILE && dbg_profile != HDP_DBG_PROFILE) 82 + return -EOPNOTSUPP; 83 + 84 + ret = stm32_dbg_pta_open_session(&session_id); 85 + if (ret) 86 + return ret; 87 + 88 + inv_arg.func = PTA_CMD_GRANT_DBG_ACCESS; 89 + inv_arg.session = session_id; 90 + inv_arg.num_params = 1; 91 + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT; 92 + param[0].u.value.a = dbg_profile; 93 + 94 + ret = tee_client_invoke_func(stm32_dbg_bus_priv->ctx, &inv_arg, param); 95 + if (ret < 0 || inv_arg.ret != 0) { 96 + dev_dbg(stm32_dbg_bus_priv->dev, 97 + "When invoking function, err %x, TEE returns: %x\n", ret, inv_arg.ret); 98 + if (!ret) 99 + ret = -EACCES; 100 + } 101 + 102 + stm32_dbg_pta_close_session(session_id); 103 + 104 + return ret; 105 + } 106 + 107 + /* Implement mandatory release_access ops even if it does nothing*/ 108 + static void stm32_dbg_bus_release_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile) 109 + { 110 + } 111 + 112 + static int stm32_dbg_bus_plat_probe(struct platform_device *pdev) 113 + { 114 + struct stm32_firewall_controller *dbg_controller; 115 + int ret; 116 + 117 + /* Defer if OP-TEE service is not yet available */ 118 + if (!stm32_dbg_bus_priv) 119 + return -EPROBE_DEFER; 120 + 121 + dbg_controller = devm_kzalloc(&pdev->dev, sizeof(*dbg_controller), GFP_KERNEL); 122 + if (!dbg_controller) 123 + return dev_err_probe(&pdev->dev, -ENOMEM, "Couldn't allocate debug controller\n"); 124 + 125 + dbg_controller->dev = &pdev->dev; 126 + dbg_controller->mmio = NULL; 127 + dbg_controller->name = dev_driver_string(dbg_controller->dev); 128 + dbg_controller->type = STM32_PERIPHERAL_FIREWALL; 129 + dbg_controller->grant_access = stm32_dbg_bus_grant_access; 130 + dbg_controller->release_access = stm32_dbg_bus_release_access; 131 + 132 + ret = stm32_firewall_controller_register(dbg_controller); 133 + if (ret) { 134 + dev_err(dbg_controller->dev, "Couldn't register as a firewall controller: %d", ret); 135 + return ret; 136 + } 137 + 138 + ret = stm32_firewall_populate_bus(dbg_controller); 139 + if (ret) { 140 + dev_err(dbg_controller->dev, "Couldn't populate debug bus: %d", ret); 141 + stm32_firewall_controller_unregister(dbg_controller); 142 + return ret; 143 + } 144 + 145 + pm_runtime_enable(&pdev->dev); 146 + 147 + ret = of_platform_populate(pdev->dev.of_node, NULL, NULL, &pdev->dev); 148 + if (ret) { 149 + dev_err(dbg_controller->dev, "Couldn't populate the node: %d", ret); 150 + stm32_firewall_controller_unregister(dbg_controller); 151 + return ret; 152 + } 153 + 154 + return 0; 155 + } 156 + 157 + static const struct of_device_id stm32_dbg_bus_of_match[] = { 158 + { .compatible = "st,stm32mp131-dbg-bus", }, 159 + { .compatible = "st,stm32mp151-dbg-bus", }, 160 + { }, 161 + }; 162 + MODULE_DEVICE_TABLE(of, stm32_dbg_bus_of_match); 163 + 164 + static struct platform_driver stm32_dbg_bus_driver = { 165 + .probe = stm32_dbg_bus_plat_probe, 166 + .driver = { 167 + .name = "stm32-dbg-bus", 168 + .of_match_table = stm32_dbg_bus_of_match, 169 + }, 170 + }; 171 + 172 + static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) 173 + { 174 + return (ver->impl_id == TEE_IMPL_ID_OPTEE); 175 + } 176 + 177 + static void stm32_dbg_bus_remove(struct tee_client_device *tee_dev) 178 + { 179 + tee_client_close_context(stm32_dbg_bus_priv->ctx); 180 + stm32_dbg_bus_priv = NULL; 181 + 182 + of_platform_depopulate(&tee_dev->dev); 183 + } 184 + 185 + static int stm32_dbg_bus_probe(struct tee_client_device *tee_dev) 186 + { 187 + struct device *dev = &tee_dev->dev; 188 + struct stm32_dbg_bus *priv; 189 + int ret = 0; 190 + 191 + if (stm32_dbg_bus_priv) 192 + return dev_err_probe(dev, -EBUSY, 193 + "A STM32 debug bus device is already initialized\n"); 194 + 195 + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); 196 + if (!priv) 197 + return -ENOMEM; 198 + 199 + /* Open context with TEE driver */ 200 + priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL); 201 + if (IS_ERR_OR_NULL(priv->ctx)) 202 + return dev_err_probe(dev, PTR_ERR_OR_ZERO(priv->ctx), "Cannot open TEE context\n"); 203 + 204 + stm32_dbg_bus_priv = priv; 205 + stm32_dbg_bus_priv->dev = dev; 206 + 207 + return ret; 208 + } 209 + 210 + static const struct tee_client_device_id optee_dbg_bus_id_table[] = { 211 + {UUID_INIT(0xdd05bc8b, 0x9f3b, 0x49f0, 212 + 0xb6, 0x49, 0x01, 0xaa, 0x10, 0xc1, 0xc2, 0x10)}, 213 + {} 214 + }; 215 + 216 + static struct tee_client_driver stm32_optee_dbg_bus_driver = { 217 + .id_table = optee_dbg_bus_id_table, 218 + .probe = stm32_dbg_bus_probe, 219 + .remove = stm32_dbg_bus_remove, 220 + .driver = { 221 + .name = "optee_dbg_bus", 222 + }, 223 + }; 224 + 225 + static void __exit stm32_optee_dbg_bus_driver_exit(void) 226 + { 227 + platform_driver_unregister(&stm32_dbg_bus_driver); 228 + tee_client_driver_unregister(&stm32_optee_dbg_bus_driver); 229 + } 230 + module_exit(stm32_optee_dbg_bus_driver_exit); 231 + 232 + static int __init stm32_optee_dbg_bus_driver_init(void) 233 + { 234 + int err; 235 + 236 + err = tee_client_driver_register(&stm32_optee_dbg_bus_driver); 237 + if (err) 238 + return err; 239 + 240 + err = platform_driver_register(&stm32_dbg_bus_driver); 241 + if (err) 242 + tee_client_driver_unregister(&stm32_optee_dbg_bus_driver); 243 + 244 + return err; 245 + } 246 + module_init(stm32_optee_dbg_bus_driver_init); 247 + 248 + MODULE_LICENSE("GPL"); 249 + MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@foss.st.com>"); 250 + MODULE_DESCRIPTION("OP-TEE based STM32 debug access bus driver");
+1 -2
drivers/bus/stm32_etzpc.c
··· 5 5 6 6 #include <linux/bitfield.h> 7 7 #include <linux/bits.h> 8 + #include <linux/bus/stm32_firewall.h> 8 9 #include <linux/device.h> 9 10 #include <linux/err.h> 10 11 #include <linux/init.h> ··· 16 15 #include <linux/of_platform.h> 17 16 #include <linux/platform_device.h> 18 17 #include <linux/types.h> 19 - 20 - #include "stm32_firewall.h" 21 18 22 19 /* 23 20 * ETZPC registers
+47 -12
drivers/bus/stm32_firewall.c
··· 5 5 6 6 #include <linux/bitfield.h> 7 7 #include <linux/bits.h> 8 + #include <linux/bus/stm32_firewall.h> 8 9 #include <linux/bus/stm32_firewall_device.h> 9 10 #include <linux/device.h> 10 11 #include <linux/err.h> ··· 18 17 #include <linux/platform_device.h> 19 18 #include <linux/types.h> 20 19 #include <linux/slab.h> 21 - 22 - #include "stm32_firewall.h" 23 20 24 21 /* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall ID */ 25 22 #define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 1) ··· 184 185 } 185 186 EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id); 186 187 188 + int stm32_firewall_get_grant_all_access(struct device *dev, struct stm32_firewall **firewall, 189 + int *nb_firewall) 190 + { 191 + struct stm32_firewall *loc_firewall; 192 + int err; 193 + int i; 194 + 195 + *nb_firewall = of_count_phandle_with_args(dev->of_node, "access-controllers", 196 + "#access-controller-cells"); 197 + if (*nb_firewall < 0) 198 + return *nb_firewall; 199 + 200 + if (!*nb_firewall) { 201 + *firewall = NULL; 202 + return 0; 203 + } 204 + 205 + loc_firewall = devm_kcalloc(dev, *nb_firewall, sizeof(*loc_firewall), GFP_KERNEL); 206 + if (!loc_firewall) 207 + return -ENOMEM; 208 + 209 + /* Get stm32 firewall information */ 210 + err = stm32_firewall_get_firewall(dev->of_node, loc_firewall, *nb_firewall); 211 + if (err) 212 + return err; 213 + 214 + for (i = 0; i < *nb_firewall; i++) { 215 + err = stm32_firewall_grant_access(&loc_firewall[i]); 216 + if (err) { 217 + while (i--) 218 + stm32_firewall_release_access(&loc_firewall[i]); 219 + 220 + return err; 221 + } 222 + } 223 + 224 + *firewall = loc_firewall; 225 + 226 + return 0; 227 + } 228 + EXPORT_SYMBOL_GPL(stm32_firewall_get_grant_all_access); 229 + 187 230 /* Firewall controller API */ 188 231 189 232 int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller) ··· 282 241 int stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller) 283 242 { 284 243 struct stm32_firewall *firewalls; 285 - struct device_node *child; 286 244 struct device *parent; 287 245 unsigned int i; 288 246 int len; ··· 291 251 292 252 dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev)); 293 253 294 - for_each_available_child_of_node(dev_of_node(parent), child) { 254 + for_each_available_child_of_node_scoped(dev_of_node(parent), child) { 295 255 /* The access-controllers property is mandatory for firewall bus devices */ 296 256 len = of_count_phandle_with_args(child, "access-controllers", 297 257 "#access-controller-cells"); 298 - if (len <= 0) { 299 - of_node_put(child); 258 + if (len <= 0) 300 259 return -EINVAL; 301 - } 302 260 303 261 firewalls = kzalloc_objs(*firewalls, len); 304 - if (!firewalls) { 305 - of_node_put(child); 262 + if (!firewalls) 306 263 return -ENOMEM; 307 - } 308 264 309 265 err = stm32_firewall_get_firewall(child, firewalls, (unsigned int)len); 310 266 if (err) { 311 267 kfree(firewalls); 312 - of_node_put(child); 313 268 return err; 314 269 } 315 270 316 271 for (i = 0; i < len; i++) { 317 - if (firewall_controller->grant_access(firewall_controller, 272 + if (firewall_controller->grant_access(firewalls[i].firewall_ctrl, 318 273 firewalls[i].firewall_id)) { 319 274 /* 320 275 * Peripheral access not allowed or not defined.
drivers/bus/stm32_firewall.h include/linux/bus/stm32_firewall.h
+22 -39
drivers/bus/stm32_rifsc.c
··· 5 5 6 6 #include <linux/bitfield.h> 7 7 #include <linux/bits.h> 8 + #include <linux/bus/stm32_firewall.h> 8 9 #include <linux/debugfs.h> 9 10 #include <linux/device.h> 10 11 #include <linux/err.h> ··· 16 15 #include <linux/of.h> 17 16 #include <linux/of_platform.h> 18 17 #include <linux/platform_device.h> 18 + #include <linux/string.h> 19 19 #include <linux/types.h> 20 - 21 - #include "stm32_firewall.h" 22 20 23 21 /* 24 22 * RIFSC offset register ··· 450 450 const struct stm32_rifsc_resources_names *dbg_names = rifsc->res_names; 451 451 u32 rimc_attr = readl_relaxed(rifsc->mmio + RIFSC_RIMC_ATTR0 + 0x4 * i); 452 452 453 - snprintf(dbg_entry->m_name, sizeof(dbg_entry->m_name), "%s", dbg_names->initiator_names[i]); 453 + strscpy(dbg_entry->m_name, dbg_names->initiator_names[i]); 454 454 dbg_entry->m_cid = FIELD_GET(RIFSC_RIMC_MCID_MASK, rimc_attr); 455 455 dbg_entry->cidsel = rimc_attr & RIFSC_RIMC_CIDSEL; 456 456 dbg_entry->m_sec = rimc_attr & RIFSC_RIMC_MSEC; ··· 469 469 sec_cfgr = readl_relaxed(rifsc->mmio + RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 470 470 priv_cfgr = readl_relaxed(rifsc->mmio + RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 471 471 472 - snprintf(dbg_entry->dev_name, sizeof(dbg_entry->dev_name), "%s", 473 - dbg_names->device_names[i]); 472 + strscpy(dbg_entry->dev_name, dbg_names->device_names[i]); 474 473 dbg_entry->dev_id = i; 475 474 dbg_entry->dev_cid_filt_en = cid_cfgr & CIDCFGR_CFEN; 476 475 dbg_entry->dev_sem_en = cid_cfgr & CIDCFGR_SEMEN; ··· 687 688 sec_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 688 689 cid_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_PER0_CIDCFGR + 0x8 * firewall_id); 689 690 690 - /* First check conditions for semaphore mode, which doesn't take into account static CID. */ 691 - if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) { 692 - if (cid_reg_value & BIT(RIF_CID1 + SEMWL_SHIFT)) { 693 - /* Static CID is irrelevant if semaphore mode */ 694 - goto skip_cid_check; 695 - } else { 696 - dev_dbg(rifsc_controller->dev, 697 - "Invalid bus semaphore configuration: index %d\n", firewall_id); 698 - return -EACCES; 699 - } 700 - } 701 - 702 - /* 703 - * Skip CID check if CID filtering isn't enabled or filtering is enabled on CID0, which 704 - * corresponds to whatever CID. 705 - */ 706 - if (!(cid_reg_value & CIDCFGR_CFEN) || 707 - FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) == RIF_CID0) 708 - goto skip_cid_check; 709 - 710 - /* Coherency check with the CID configuration */ 711 - if (FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) != RIF_CID1) { 712 - dev_dbg(rifsc_controller->dev, "Invalid CID configuration for peripheral: %d\n", 713 - firewall_id); 714 - return -EACCES; 715 - } 716 - 717 - skip_cid_check: 718 691 /* Check security configuration */ 719 692 if (sec_reg_value & BIT(reg_offset)) { 720 693 dev_dbg(rifsc_controller->dev, ··· 694 723 return -EACCES; 695 724 } 696 725 697 - /* 698 - * If the peripheral is in semaphore mode, take the semaphore so that 699 - * the CID1 has the ownership. 700 - */ 701 - if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) { 726 + /* Skip CID check if CID filtering isn't enabled */ 727 + if (!(cid_reg_value & CIDCFGR_CFEN)) 728 + goto skip_cid_check; 729 + 730 + /* First check conditions for semaphore mode, which doesn't take into account static CID. */ 731 + if (cid_reg_value & CIDCFGR_SEMEN) { 732 + if (!(cid_reg_value & BIT(RIF_CID1 + SEMWL_SHIFT))) { 733 + dev_dbg(rifsc_controller->dev, 734 + "Invalid bus semaphore configuration: index %d\n", firewall_id); 735 + return -EACCES; 736 + } 737 + 702 738 rc = stm32_rif_acquire_semaphore(rifsc_controller, firewall_id); 703 739 if (rc) { 704 - dev_err(rifsc_controller->dev, 740 + dev_dbg(rifsc_controller->dev, 705 741 "Couldn't acquire semaphore for peripheral: %d\n", firewall_id); 706 742 return rc; 707 743 } 744 + } else if (FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) != RIF_CID1) { 745 + dev_dbg(rifsc_controller->dev, "Invalid CID configuration for peripheral: %d\n", 746 + firewall_id); 747 + return -EACCES; 708 748 } 709 749 750 + skip_cid_check: 710 751 return 0; 711 752 } 712 753
+14
drivers/pinctrl/stm32/pinctrl-stm32-hdp.c
··· 4 4 * Author: Clément Le Goffic <clement.legoffic@foss.st.com> for STMicroelectronics. 5 5 */ 6 6 #include <linux/bits.h> 7 + #include <linux/bus/stm32_firewall_device.h> 7 8 #include <linux/clk.h> 8 9 #include <linux/gpio/driver.h> 9 10 #include <linux/gpio/generic.h> ··· 47 46 void __iomem *base; 48 47 struct clk *clk; 49 48 struct pinctrl_dev *pctl_dev; 49 + struct stm32_firewall *firewall; 50 50 struct gpio_generic_chip gpio_chip; 51 51 u32 mux_conf; 52 52 u32 gposet_conf; 53 + int nb_firewall_entries; 53 54 const char * const *func_name; 54 55 }; 55 56 ··· 618 615 return -ENOMEM; 619 616 hdp->dev = dev; 620 617 618 + if (IS_ENABLED(CONFIG_STM32_FIREWALL)) { 619 + err = stm32_firewall_get_grant_all_access(dev, &hdp->firewall, 620 + &hdp->nb_firewall_entries); 621 + if (err) 622 + return err; 623 + } 624 + 621 625 platform_set_drvdata(pdev, hdp); 622 626 623 627 hdp->base = devm_platform_ioremap_resource(pdev, 0); ··· 680 670 static void stm32_hdp_remove(struct platform_device *pdev) 681 671 { 682 672 struct stm32_hdp *hdp = platform_get_drvdata(pdev); 673 + int i; 683 674 684 675 writel_relaxed(HDP_CTRL_DISABLE, hdp->base + HDP_CTRL); 676 + 677 + for (i = 0; i < hdp->nb_firewall_entries; i++) 678 + stm32_firewall_release_access(&hdp->firewall[i]); 685 679 } 686 680 687 681 static int stm32_hdp_suspend(struct device *dev)
+26
include/linux/bus/stm32_firewall_device.h
··· 112 112 */ 113 113 void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id); 114 114 115 + /** 116 + * stm32_firewall_get_grant_all_access - Allocate and get all the firewall(s) associated to given 117 + * device. Then, try to grant access rights for each element. 118 + * This function is basically a helper function that wraps 119 + * both stm32_firewall_get_firewall() and 120 + * stm32_firewall_grant_access() on all firewall references of 121 + * a device along with the allocation of the array. 122 + * Realease access using stm32_firewall_release_access* APIs 123 + * when done. 124 + * 125 + * @dev: Device performing the checks 126 + * @firewall: Pointer to the array of firewall references to be allocated 127 + * @nb_firewall: Number of allocated elements in @firewall 128 + * 129 + * Returns 0 on success, or appropriate errno code if error occurred. 130 + */ 131 + int stm32_firewall_get_grant_all_access(struct device *dev, struct stm32_firewall **firewall, 132 + int *nb_firewall); 133 + 115 134 #else /* CONFIG_STM32_FIREWALL */ 116 135 117 136 static inline int stm32_firewall_get_firewall(struct device_node *np, ··· 158 139 static inline void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, 159 140 u32 subsystem_id) 160 141 { 142 + } 143 + 144 + static inline int stm32_firewall_get_grant_all_access(struct device *dev, 145 + struct stm32_firewall **firewall, 146 + int *nb_firewall) 147 + { 148 + return -ENODEV; 161 149 } 162 150 163 151 #endif /* CONFIG_STM32_FIREWALL */