From: Oleksii Moisieiev <Oleksii_Moisieiev@epam.com>
To: Gatien Chevallier <gatien.chevallier@foss.st.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"robh+dt@kernel.org" <robh+dt@kernel.org>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"alexandre.torgue@foss.st.com" <alexandre.torgue@foss.st.com>,
"vkoul@kernel.org" <vkoul@kernel.org>,
"jic23@kernel.org" <jic23@kernel.org>,
"olivier.moysan@foss.st.com" <olivier.moysan@foss.st.com>,
"arnaud.pouliquen@foss.st.com" <arnaud.pouliquen@foss.st.com>,
"mchehab@kernel.org" <mchehab@kernel.org>,
"fabrice.gasnier@foss.st.com" <fabrice.gasnier@foss.st.com>,
"andi.shyti@kernel.org" <andi.shyti@kernel.org>,
"ulf.hansson@linaro.org" <ulf.hansson@linaro.org>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"hugues.fruchet@foss.st.com" <hugues.fruchet@foss.st.com>,
"lee@kernel.org" <lee@kernel.org>,
"will@kernel.org" <will@kernel.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"arnd@kernel.org" <arnd@kernel.org>,
"richardcochran@gmail.com" <richardcochran@gmail.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-stm32@st-md-mailman.stormreply.com"
<linux-stm32@st-md-mailman.stormreply.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"dmaengine@vger.kernel.org" <dmaengine@vger.kernel.org>,
"linux-i2c@vger.kernel.org" <linux-i2c@vger.kernel.org>,
"linux-iio@vger.kernel.org" <linux-iio@vger.kernel.org>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-phy@lists.infradead.org" <linux-phy@lists.infradead.org>,
"linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"linux-spi@vger.kernel.org" <linux-spi@vger.kernel.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>
Subject: Re: [PATCH 05/10] firewall: introduce stm32_firewall framework
Date: Fri, 7 Jul 2023 13:50:16 +0000 [thread overview]
Message-ID: <87a5w7zv8o.fsf@epam.com> (raw)
In-Reply-To: <20230705172759.1610753-6-gatien.chevallier@foss.st.com>
Gatien Chevallier <gatien.chevallier@foss.st.com> writes:
> Introduce a firewall framework that offers to firewall consumers different
> firewall services such as the ability to check their access rights against
> their firewall controller(s).
>
> The firewall framework offers a generic API that is defined in firewall
> controllers drivers to best fit the specificity of each firewall.
>
> There are various types of firewalls:
> -Peripheral firewalls that filter accesses to peripherals
> -Memory firewalls that filter accesses to memories or memory regions
> -Resource firewalls that filter accesses to internal resources such as
> reset and clock controllers
>
> A firewall controller must be probed at arch_initcall level and register
> to the framework so that consumers can use their services.
>
> Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
> ---
> MAINTAINERS | 5 +
> arch/arm64/Kconfig.platforms | 1 +
> drivers/bus/Kconfig | 10 +
> drivers/bus/Makefile | 1 +
> drivers/bus/stm32_firewall.c | 252 ++++++++++++++++++++++
> drivers/bus/stm32_firewall.h | 83 +++++++
> include/linux/bus/stm32_firewall_device.h | 134 ++++++++++++
> 7 files changed, 486 insertions(+)
> create mode 100644 drivers/bus/stm32_firewall.c
> create mode 100644 drivers/bus/stm32_firewall.h
> create mode 100644 include/linux/bus/stm32_firewall_device.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 41385f01fa98..fabf95ba9b86 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -20123,6 +20123,11 @@ T: git git://linuxtv.org/media_tree.git
> F: Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml
> F: drivers/media/i2c/st-mipid02.c
>
> +ST STM32 FIREWALL
> +M: Gatien Chevallier <gatien.chevallier@foss.st.com>
> +S: Maintained
> +F: drivers/bus/stm32_firewall.c
> +
> ST STM32 I2C/SMBUS DRIVER
> M: Pierre-Yves MORDRET <pierre-yves.mordret@foss.st.com>
> M: Alain Volmat <alain.volmat@foss.st.com>
> diff --git a/arch/arm64/Kconfig.platforms b/arch/arm64/Kconfig.platforms
> index 6069120199bb..5a46e90f1e4e 100644
> --- a/arch/arm64/Kconfig.platforms
> +++ b/arch/arm64/Kconfig.platforms
> @@ -293,6 +293,7 @@ config ARCH_STM32
> select ARM_SMC_MBOX
> select ARM_SCMI_PROTOCOL
> select COMMON_CLK_SCMI
> + select STM32_FIREWALL
> help
> This enables support for ARMv8 based STMicroelectronics
> STM32 family, including:
> diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig
> index fcfa280df98a..4d54a7ea52b2 100644
> --- a/drivers/bus/Kconfig
> +++ b/drivers/bus/Kconfig
> @@ -163,6 +163,16 @@ config QCOM_SSC_BLOCK_BUS
> i2c/spi/uart controllers, a hexagon core, and a clock controller
> which provides clocks for the above.
>
> +config STM32_FIREWALL
> + bool "STM32 Firewall framework"
> + depends on ARCH_STM32
> + default MACH_STM32MP157 || MACH_STM32MP13 || MACH_STM32MP25
> + help
> + Say y to enable firewall framework and its services. Firewall
> + controllers will be able to register to the framework. Firewall
> + controllers must be initialized and register to the firewall framework
> + at arch_initcall level.
> +
> config SUN50I_DE2_BUS
> bool "Allwinner A64 DE2 Bus Driver"
> default ARM64
> diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile
> index d90eed189a65..fc0511450ec2 100644
> --- a/drivers/bus/Makefile
> +++ b/drivers/bus/Makefile
> @@ -26,6 +26,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
> obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
> obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
> obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
> +obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o
> obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
> obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
> obj-$(CONFIG_OF) += simple-pm-bus.o
> diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c
> new file mode 100644
> index 000000000000..510db5bc6eaf
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.c
> @@ -0,0 +1,252 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#include <linux/bitfield.h>
> +#include <linux/bits.h>
> +#include <linux/bus/stm32_firewall_device.h>
> +#include <linux/device.h>
> +#include <linux/err.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/of.h>
> +#include <linux/of_platform.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#include "stm32_firewall.h"
> +
> +/* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall controller reference + firewall ID */
> +#define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 2)
> +
> +static LIST_HEAD(firewall_controller_list);
> +static DEFINE_MUTEX(firewall_controller_list_lock);
> +
> +static int stm32_firewall_get_id(struct device_node *np, u32 *id)
> +{
> + u32 feature_domain_cell[2];
> +
> + /* Get property from device node */
> + if (of_property_read_u32_array(np, "feature-domains",
> + feature_domain_cell,
> + ARRAY_SIZE(feature_domain_cell))) {
> + pr_err("Unable to find get firewall ID property\n");
> + return -ENODEV;
> + }
> +
> + *id = feature_domain_cell[1];
> +
> + return 0;
> +}
> +
> +/* Firewall device API */
> +
> +int stm32_firewall_get_firewall(struct device_node *np,
> + struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *ctrl;
> + struct of_phandle_args args;
> + u32 controller_phandle;
> + bool match = false;
> + size_t i;
> + int err;
> +
> + if (!firewall)
> + return -EINVAL;
> +
> + /* The controller phandle is always the first argument of the feature-domains property. */
> + err = of_property_read_u32(np, "feature-domains", &controller_phandle);
> + if (err) {
> + pr_err("Unable to get feature-domains property for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* Parse property with phandle parsed out */
> + err = of_parse_phandle_with_args(np, "feature-domains", "#feature-domain-cells", 0, &args);
> + if (err) {
> + pr_err("Unable to read feature-domains arguments for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* The phandle is parsed out */
> + if (args.args_count > STM32_FIREWALL_MAX_ARGS - 1)
> + return -EINVAL;
> +
> + of_node_put(np);
> +
> + /* Check if the parsed phandle corresponds to a registered firewall controller */
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry(ctrl, &firewall_controller_list, entry) {
> + if (ctrl->dev->of_node->phandle == controller_phandle) {
> + match = true;
> + firewall->firewall_ctrl = ctrl;
> + break;
> + }
> + }
> + mutex_unlock(&firewall_controller_list_lock);
> + if (!match) {
> + firewall->firewall_ctrl = NULL;
> + pr_err("No firewall controller registered for %s\n", np->full_name);
> + return -ENODEV;
> + }
> +
> + /*
> + * The firewall ID is always the second argument of the feature-domains property.
> + * The first argument is already parsed out, so args.args[0] is the second argument.
> + */
> + firewall->firewall_id = args.args[0];
> +
> + /* Extra args start at the third argument */
> + for (i = 0; i < args.args_count; i++)
> + firewall->extra_args[i] = args.args[i + 1];
> +
> + /* Remove the firewall ID arg that is not an extra argument */
> + if (args.args_count >= 1)
> + firewall->extra_args_size = args.args_count - 1;
As I can see you support some extra args, that can be provided in the
feature-domain property. But in the binding description I see maxItems:
2. I beliewe this should be highlighted in bindings description.
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_get_firewall);
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access);
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access_by_id);
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access);
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id);
> +
> +/* Firewall controller API */
> +
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller)
> +{
> + pr_info("Registering firewall controller %s", dev_name(firewall_controller->dev));
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_add_tail(&firewall_controller->entry, &firewall_controller_list);
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + return 0;
> +
> +}
> +
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct stm32_firewall_controller *ctrl, *tmp;
> + bool controller_removed = false;
> +
> + if (!firewall_controller) {
> + pr_debug("Null reference while unregistering firewall controller");
> + return;
> + }
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry_safe(ctrl, tmp, &firewall_controller_list, entry) {
> + if (ctrl == firewall_controller) {
> + controller_removed = true;
> + list_del_init(&ctrl->entry);
> + break;
> + }
> + }
IIUC list_for_each_entry_safe protects you from removing node during
loop. But all list operations are done under
firewall_controller_list_lock mutex. I beliewe there is no need for
_safe call under the mutex because removing node during loop is
impossible. I think it worth investigation if it's safe to use
list_for_each_entry_safe without lock.
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + if (!controller_removed)
> + pr_debug("There was no firewall controller named %s to unregister",
> + dev_name(firewall_controller->dev));
> +}
> +
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct device_node *child;
> + struct device *parent;
> + u32 firewall_id;
> + int err;
> +
> + parent = firewall_controller->dev;
> +
> + dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev));
> +
> + for_each_available_child_of_node(dev_of_node(parent), child) {
> + err = stm32_firewall_get_id(child, &firewall_id);
> + if (err < 0 ||
> + firewall_controller->grant_access(firewall_controller, firewall_id)) {
> + /*
> + * Peripheral access not allowed or not defined.
> + * Mark the node as populated so platform bus won't probe it
> + */
> + of_node_set_flag(child, OF_POPULATED);
> + dev_err(parent, "%s: Device driver will not be probed\n",
> + child->full_name);
> + }
> + }
> +}
> diff --git a/drivers/bus/stm32_firewall.h b/drivers/bus/stm32_firewall.h
> new file mode 100644
> index 000000000000..8d92e8c1ab77
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.h
> @@ -0,0 +1,83 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef _STM32_FIREWALL_H
> +#define _STM32_FIREWALL_H
> +
> +#include <linux/kernel.h>
> +#include <linux/list.h>
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +/**
> + * STM32_PERIPHERAL_FIREWALL: This type of firewall protects peripherals
Intendation
> + * STM32_MEMORY_FIREWALL: This type of firewall protects memories/subsets of memory
> + * zones
> + * STM32_RESOURCE_FIREWALL: This type of firewall protects internal resources
> + * STM32_NOTYPE_FIREWALL: Undefined firewall type
> + */
> +
> +#define STM32_PERIPHERAL_FIREWALL BIT(1)
Intendation
> +#define STM32_MEMORY_FIREWALL BIT(2)
> +#define STM32_RESOURCE_FIREWALL BIT(3)
> +#define STM32_NOTYPE_FIREWALL BIT(4)
> +
> +/**
> + * struct stm32_firewall_controller - Information on firewall controller supplying services
> + *
> + * @name Name of the firewall controller
> + * @dev Device reference of the firewall controller
Intendation
> + * @mmio Base address of the firewall controller
> + * @entry List entry of the firewall controller list
> + * @type Type of firewall
> + * @max_entries Number of entries covered by the firewall
Intendation
> + * @grant_access Callback used to grant access for a device access against a
> + * firewall controller
> + * @release_access Callback used to release resources taken by a device when access was
> + * granted
> + * @grant_memory_range_access Callback used to grant access for a device to a given memory region
> + */
> +struct stm32_firewall_controller {
> + const char *name;
> + struct device *dev;
> + void __iomem *mmio;
> + struct list_head entry;
> + unsigned int type;
> + unsigned int max_entries;
> +
> + int (*grant_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + void (*release_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + int (*grant_memory_range_access)(struct stm32_firewall_controller *ctrl, phys_addr_t paddr,
> + size_t size);
> +};
> +
> +/**
> + * int stm32_firewall_controller_register - Register a firewall controller to the STM32 firewall
> + * framework
> + * @firewall_controller Firewall controller to register
> + *
> + * Returns 0 in case of success or -ENODEV if no controller was given.
> + */
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * int stm32_firewall_controller_unregister - Unregister a firewall controller from the STM32
> + * firewall framework
> + * @firewall_controller Firewall controller to unregister
> + */
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * stm32_firewall_populate_bus - Populate device tree nodes that have a correct firewall
> + * configuration. This is used at boot-time only, as a sanity check
> + * between device tree and firewalls hardware configurations to
> + * prevent a kernel crash when a device driver is not granted access
> + *
> + * @firewall_controller Firewall controller which nodes will be populated or not
> + */
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller);
> +
> +#endif /* _STM32_FIREWALL_H */
> diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h
> new file mode 100644
> index 000000000000..ccaecea7fc6c
> --- /dev/null
> +++ b/include/linux/bus/stm32_firewall_device.h
> @@ -0,0 +1,134 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef STM32_FIREWALL_DEVICE_H
> +#define STM32_FIREWALL_DEVICE_H
> +
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#define STM32_FIREWALL_MAX_EXTRA_ARGS 5
It's not clear to me why it's 5. Comment above sais this is
implementation defined. Maybe this parameter can be configurable?
> +
> +/* Opaque reference to stm32_firewall_controller */
> +struct stm32_firewall_controller;
> +
> +/**
> + * stm32_firewall - Information on a device's firewall. Each device can have more than one firewall.
> + *
> + * @firewall_ctrl Pointer referencing a firewall controller of the device. It is
> + * opaque so a device cannot manipulate the controller's ops or access
> + * the controller's data
> + * @extra_args Extra arguments that are implementation dependent
> + * @extra_args_size Number of extra arguments
> + * @firewall_id Firewall ID associated the device for this firewall controller
> + */
> +struct stm32_firewall {
> + struct stm32_firewall_controller *firewall_ctrl;
> + u32 extra_args[STM32_FIREWALL_MAX_EXTRA_ARGS];
> + size_t extra_args_size;
> + u32 firewall_id;
> +};
> +
> +#if IS_ENABLED(CONFIG_STM32_FIREWALL)
> +/**
> + * stm32_firewall_get_firewall - Get the firewall(s) associated to given device.
> + * The firewall controller reference is always the first argument
> + * of the feature-domains property.
> + * The firewall ID is always the second argument of the
> + * feature-domains property.
> + *
> + * @np Device node to parse
Intendation
> + * @firewall Resulting firewall reference(s)
> + *
> + * Returns 0 on success, -ENODEV if there's no match with a firewall controller or appropriate errno
> + * code if error occurred.
> + */
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access - Request firewall access rights and grant access.
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_release_access - Release access granted from a call to
> + * stm32_firewall_grant_access().
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + */
> +void stm32_firewall_release_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access_by_id - Request firewall access rights of a given device
> + * based on a specific firewall ID
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
Can we store all registered IDs that were found by populate_bus
functio, or is it expected when this function was called before
populate_bus call?
> +
> +/**
> + * stm32_firewall_release_access_by_id - Release access granted from a call to
> + * stm32_firewall_grant_access_by_id().
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + */
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
> +
> +#else /* CONFIG_STM32_FIREWALL */
> +
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> +}
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> +}
> +
> +#endif /* CONFIG_STM32_FIREWALL */
> +#endif /* STM32_FIREWALL_DEVICE_H */
--
Thanks,
Oleksii
WARNING: multiple messages have this Message-ID (diff)
From: Oleksii Moisieiev <Oleksii_Moisieiev@epam.com>
To: Gatien Chevallier <gatien.chevallier@foss.st.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"robh+dt@kernel.org" <robh+dt@kernel.org>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"alexandre.torgue@foss.st.com" <alexandre.torgue@foss.st.com>,
"vkoul@kernel.org" <vkoul@kernel.org>,
"jic23@kernel.org" <jic23@kernel.org>,
"olivier.moysan@foss.st.com" <olivier.moysan@foss.st.com>,
"arnaud.pouliquen@foss.st.com" <arnaud.pouliquen@foss.st.com>,
"mchehab@kernel.org" <mchehab@kernel.org>,
"fabrice.gasnier@foss.st.com" <fabrice.gasnier@foss.st.com>,
"andi.shyti@kernel.org" <andi.shyti@kernel.org>,
"ulf.hansson@linaro.org" <ulf.hansson@linaro.org>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"hugues.fruchet@foss.st.com" <hugues.fruchet@foss.st.com>,
"lee@kernel.org" <lee@kernel.org>,
"will@kernel.org" <will@kernel.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"arnd@kernel.org" <arnd@kernel.org>,
"richardcochran@gmail.com" <richardcochran@gmail.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-stm32@st-md-mailman.stormreply.com"
<linux-stm32@st-md-mailman.stormreply.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"dmaengine@vger.kernel.org" <dmaengine@vger.kernel.org>,
"linux-i2c@vger.kernel.org" <linux-i2c@vger.kernel.org>,
"linux-iio@vger.kernel.org" <linux-iio@vger.kernel.org>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-phy@lists.infradead.org" <linux-phy@lists.infradead.org>,
"linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"linux-spi@vger.kernel.org" <linux-spi@vger.kernel.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>
Subject: Re: [PATCH 05/10] firewall: introduce stm32_firewall framework
Date: Fri, 7 Jul 2023 13:50:16 +0000 [thread overview]
Message-ID: <87a5w7zv8o.fsf@epam.com> (raw)
In-Reply-To: <20230705172759.1610753-6-gatien.chevallier@foss.st.com>
Gatien Chevallier <gatien.chevallier@foss.st.com> writes:
> Introduce a firewall framework that offers to firewall consumers different
> firewall services such as the ability to check their access rights against
> their firewall controller(s).
>
> The firewall framework offers a generic API that is defined in firewall
> controllers drivers to best fit the specificity of each firewall.
>
> There are various types of firewalls:
> -Peripheral firewalls that filter accesses to peripherals
> -Memory firewalls that filter accesses to memories or memory regions
> -Resource firewalls that filter accesses to internal resources such as
> reset and clock controllers
>
> A firewall controller must be probed at arch_initcall level and register
> to the framework so that consumers can use their services.
>
> Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
> ---
> MAINTAINERS | 5 +
> arch/arm64/Kconfig.platforms | 1 +
> drivers/bus/Kconfig | 10 +
> drivers/bus/Makefile | 1 +
> drivers/bus/stm32_firewall.c | 252 ++++++++++++++++++++++
> drivers/bus/stm32_firewall.h | 83 +++++++
> include/linux/bus/stm32_firewall_device.h | 134 ++++++++++++
> 7 files changed, 486 insertions(+)
> create mode 100644 drivers/bus/stm32_firewall.c
> create mode 100644 drivers/bus/stm32_firewall.h
> create mode 100644 include/linux/bus/stm32_firewall_device.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 41385f01fa98..fabf95ba9b86 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -20123,6 +20123,11 @@ T: git git://linuxtv.org/media_tree.git
> F: Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml
> F: drivers/media/i2c/st-mipid02.c
>
> +ST STM32 FIREWALL
> +M: Gatien Chevallier <gatien.chevallier@foss.st.com>
> +S: Maintained
> +F: drivers/bus/stm32_firewall.c
> +
> ST STM32 I2C/SMBUS DRIVER
> M: Pierre-Yves MORDRET <pierre-yves.mordret@foss.st.com>
> M: Alain Volmat <alain.volmat@foss.st.com>
> diff --git a/arch/arm64/Kconfig.platforms b/arch/arm64/Kconfig.platforms
> index 6069120199bb..5a46e90f1e4e 100644
> --- a/arch/arm64/Kconfig.platforms
> +++ b/arch/arm64/Kconfig.platforms
> @@ -293,6 +293,7 @@ config ARCH_STM32
> select ARM_SMC_MBOX
> select ARM_SCMI_PROTOCOL
> select COMMON_CLK_SCMI
> + select STM32_FIREWALL
> help
> This enables support for ARMv8 based STMicroelectronics
> STM32 family, including:
> diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig
> index fcfa280df98a..4d54a7ea52b2 100644
> --- a/drivers/bus/Kconfig
> +++ b/drivers/bus/Kconfig
> @@ -163,6 +163,16 @@ config QCOM_SSC_BLOCK_BUS
> i2c/spi/uart controllers, a hexagon core, and a clock controller
> which provides clocks for the above.
>
> +config STM32_FIREWALL
> + bool "STM32 Firewall framework"
> + depends on ARCH_STM32
> + default MACH_STM32MP157 || MACH_STM32MP13 || MACH_STM32MP25
> + help
> + Say y to enable firewall framework and its services. Firewall
> + controllers will be able to register to the framework. Firewall
> + controllers must be initialized and register to the firewall framework
> + at arch_initcall level.
> +
> config SUN50I_DE2_BUS
> bool "Allwinner A64 DE2 Bus Driver"
> default ARM64
> diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile
> index d90eed189a65..fc0511450ec2 100644
> --- a/drivers/bus/Makefile
> +++ b/drivers/bus/Makefile
> @@ -26,6 +26,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
> obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
> obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
> obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
> +obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o
> obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
> obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
> obj-$(CONFIG_OF) += simple-pm-bus.o
> diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c
> new file mode 100644
> index 000000000000..510db5bc6eaf
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.c
> @@ -0,0 +1,252 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#include <linux/bitfield.h>
> +#include <linux/bits.h>
> +#include <linux/bus/stm32_firewall_device.h>
> +#include <linux/device.h>
> +#include <linux/err.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/of.h>
> +#include <linux/of_platform.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#include "stm32_firewall.h"
> +
> +/* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall controller reference + firewall ID */
> +#define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 2)
> +
> +static LIST_HEAD(firewall_controller_list);
> +static DEFINE_MUTEX(firewall_controller_list_lock);
> +
> +static int stm32_firewall_get_id(struct device_node *np, u32 *id)
> +{
> + u32 feature_domain_cell[2];
> +
> + /* Get property from device node */
> + if (of_property_read_u32_array(np, "feature-domains",
> + feature_domain_cell,
> + ARRAY_SIZE(feature_domain_cell))) {
> + pr_err("Unable to find get firewall ID property\n");
> + return -ENODEV;
> + }
> +
> + *id = feature_domain_cell[1];
> +
> + return 0;
> +}
> +
> +/* Firewall device API */
> +
> +int stm32_firewall_get_firewall(struct device_node *np,
> + struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *ctrl;
> + struct of_phandle_args args;
> + u32 controller_phandle;
> + bool match = false;
> + size_t i;
> + int err;
> +
> + if (!firewall)
> + return -EINVAL;
> +
> + /* The controller phandle is always the first argument of the feature-domains property. */
> + err = of_property_read_u32(np, "feature-domains", &controller_phandle);
> + if (err) {
> + pr_err("Unable to get feature-domains property for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* Parse property with phandle parsed out */
> + err = of_parse_phandle_with_args(np, "feature-domains", "#feature-domain-cells", 0, &args);
> + if (err) {
> + pr_err("Unable to read feature-domains arguments for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* The phandle is parsed out */
> + if (args.args_count > STM32_FIREWALL_MAX_ARGS - 1)
> + return -EINVAL;
> +
> + of_node_put(np);
> +
> + /* Check if the parsed phandle corresponds to a registered firewall controller */
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry(ctrl, &firewall_controller_list, entry) {
> + if (ctrl->dev->of_node->phandle == controller_phandle) {
> + match = true;
> + firewall->firewall_ctrl = ctrl;
> + break;
> + }
> + }
> + mutex_unlock(&firewall_controller_list_lock);
> + if (!match) {
> + firewall->firewall_ctrl = NULL;
> + pr_err("No firewall controller registered for %s\n", np->full_name);
> + return -ENODEV;
> + }
> +
> + /*
> + * The firewall ID is always the second argument of the feature-domains property.
> + * The first argument is already parsed out, so args.args[0] is the second argument.
> + */
> + firewall->firewall_id = args.args[0];
> +
> + /* Extra args start at the third argument */
> + for (i = 0; i < args.args_count; i++)
> + firewall->extra_args[i] = args.args[i + 1];
> +
> + /* Remove the firewall ID arg that is not an extra argument */
> + if (args.args_count >= 1)
> + firewall->extra_args_size = args.args_count - 1;
As I can see you support some extra args, that can be provided in the
feature-domain property. But in the binding description I see maxItems:
2. I beliewe this should be highlighted in bindings description.
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_get_firewall);
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access);
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access_by_id);
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access);
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id);
> +
> +/* Firewall controller API */
> +
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller)
> +{
> + pr_info("Registering firewall controller %s", dev_name(firewall_controller->dev));
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_add_tail(&firewall_controller->entry, &firewall_controller_list);
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + return 0;
> +
> +}
> +
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct stm32_firewall_controller *ctrl, *tmp;
> + bool controller_removed = false;
> +
> + if (!firewall_controller) {
> + pr_debug("Null reference while unregistering firewall controller");
> + return;
> + }
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry_safe(ctrl, tmp, &firewall_controller_list, entry) {
> + if (ctrl == firewall_controller) {
> + controller_removed = true;
> + list_del_init(&ctrl->entry);
> + break;
> + }
> + }
IIUC list_for_each_entry_safe protects you from removing node during
loop. But all list operations are done under
firewall_controller_list_lock mutex. I beliewe there is no need for
_safe call under the mutex because removing node during loop is
impossible. I think it worth investigation if it's safe to use
list_for_each_entry_safe without lock.
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + if (!controller_removed)
> + pr_debug("There was no firewall controller named %s to unregister",
> + dev_name(firewall_controller->dev));
> +}
> +
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct device_node *child;
> + struct device *parent;
> + u32 firewall_id;
> + int err;
> +
> + parent = firewall_controller->dev;
> +
> + dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev));
> +
> + for_each_available_child_of_node(dev_of_node(parent), child) {
> + err = stm32_firewall_get_id(child, &firewall_id);
> + if (err < 0 ||
> + firewall_controller->grant_access(firewall_controller, firewall_id)) {
> + /*
> + * Peripheral access not allowed or not defined.
> + * Mark the node as populated so platform bus won't probe it
> + */
> + of_node_set_flag(child, OF_POPULATED);
> + dev_err(parent, "%s: Device driver will not be probed\n",
> + child->full_name);
> + }
> + }
> +}
> diff --git a/drivers/bus/stm32_firewall.h b/drivers/bus/stm32_firewall.h
> new file mode 100644
> index 000000000000..8d92e8c1ab77
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.h
> @@ -0,0 +1,83 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef _STM32_FIREWALL_H
> +#define _STM32_FIREWALL_H
> +
> +#include <linux/kernel.h>
> +#include <linux/list.h>
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +/**
> + * STM32_PERIPHERAL_FIREWALL: This type of firewall protects peripherals
Intendation
> + * STM32_MEMORY_FIREWALL: This type of firewall protects memories/subsets of memory
> + * zones
> + * STM32_RESOURCE_FIREWALL: This type of firewall protects internal resources
> + * STM32_NOTYPE_FIREWALL: Undefined firewall type
> + */
> +
> +#define STM32_PERIPHERAL_FIREWALL BIT(1)
Intendation
> +#define STM32_MEMORY_FIREWALL BIT(2)
> +#define STM32_RESOURCE_FIREWALL BIT(3)
> +#define STM32_NOTYPE_FIREWALL BIT(4)
> +
> +/**
> + * struct stm32_firewall_controller - Information on firewall controller supplying services
> + *
> + * @name Name of the firewall controller
> + * @dev Device reference of the firewall controller
Intendation
> + * @mmio Base address of the firewall controller
> + * @entry List entry of the firewall controller list
> + * @type Type of firewall
> + * @max_entries Number of entries covered by the firewall
Intendation
> + * @grant_access Callback used to grant access for a device access against a
> + * firewall controller
> + * @release_access Callback used to release resources taken by a device when access was
> + * granted
> + * @grant_memory_range_access Callback used to grant access for a device to a given memory region
> + */
> +struct stm32_firewall_controller {
> + const char *name;
> + struct device *dev;
> + void __iomem *mmio;
> + struct list_head entry;
> + unsigned int type;
> + unsigned int max_entries;
> +
> + int (*grant_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + void (*release_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + int (*grant_memory_range_access)(struct stm32_firewall_controller *ctrl, phys_addr_t paddr,
> + size_t size);
> +};
> +
> +/**
> + * int stm32_firewall_controller_register - Register a firewall controller to the STM32 firewall
> + * framework
> + * @firewall_controller Firewall controller to register
> + *
> + * Returns 0 in case of success or -ENODEV if no controller was given.
> + */
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * int stm32_firewall_controller_unregister - Unregister a firewall controller from the STM32
> + * firewall framework
> + * @firewall_controller Firewall controller to unregister
> + */
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * stm32_firewall_populate_bus - Populate device tree nodes that have a correct firewall
> + * configuration. This is used at boot-time only, as a sanity check
> + * between device tree and firewalls hardware configurations to
> + * prevent a kernel crash when a device driver is not granted access
> + *
> + * @firewall_controller Firewall controller which nodes will be populated or not
> + */
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller);
> +
> +#endif /* _STM32_FIREWALL_H */
> diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h
> new file mode 100644
> index 000000000000..ccaecea7fc6c
> --- /dev/null
> +++ b/include/linux/bus/stm32_firewall_device.h
> @@ -0,0 +1,134 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef STM32_FIREWALL_DEVICE_H
> +#define STM32_FIREWALL_DEVICE_H
> +
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#define STM32_FIREWALL_MAX_EXTRA_ARGS 5
It's not clear to me why it's 5. Comment above sais this is
implementation defined. Maybe this parameter can be configurable?
> +
> +/* Opaque reference to stm32_firewall_controller */
> +struct stm32_firewall_controller;
> +
> +/**
> + * stm32_firewall - Information on a device's firewall. Each device can have more than one firewall.
> + *
> + * @firewall_ctrl Pointer referencing a firewall controller of the device. It is
> + * opaque so a device cannot manipulate the controller's ops or access
> + * the controller's data
> + * @extra_args Extra arguments that are implementation dependent
> + * @extra_args_size Number of extra arguments
> + * @firewall_id Firewall ID associated the device for this firewall controller
> + */
> +struct stm32_firewall {
> + struct stm32_firewall_controller *firewall_ctrl;
> + u32 extra_args[STM32_FIREWALL_MAX_EXTRA_ARGS];
> + size_t extra_args_size;
> + u32 firewall_id;
> +};
> +
> +#if IS_ENABLED(CONFIG_STM32_FIREWALL)
> +/**
> + * stm32_firewall_get_firewall - Get the firewall(s) associated to given device.
> + * The firewall controller reference is always the first argument
> + * of the feature-domains property.
> + * The firewall ID is always the second argument of the
> + * feature-domains property.
> + *
> + * @np Device node to parse
Intendation
> + * @firewall Resulting firewall reference(s)
> + *
> + * Returns 0 on success, -ENODEV if there's no match with a firewall controller or appropriate errno
> + * code if error occurred.
> + */
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access - Request firewall access rights and grant access.
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_release_access - Release access granted from a call to
> + * stm32_firewall_grant_access().
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + */
> +void stm32_firewall_release_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access_by_id - Request firewall access rights of a given device
> + * based on a specific firewall ID
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
Can we store all registered IDs that were found by populate_bus
functio, or is it expected when this function was called before
populate_bus call?
> +
> +/**
> + * stm32_firewall_release_access_by_id - Release access granted from a call to
> + * stm32_firewall_grant_access_by_id().
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + */
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
> +
> +#else /* CONFIG_STM32_FIREWALL */
> +
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> +}
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> +}
> +
> +#endif /* CONFIG_STM32_FIREWALL */
> +#endif /* STM32_FIREWALL_DEVICE_H */
--
Thanks,
Oleksii
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
WARNING: multiple messages have this Message-ID (diff)
From: Oleksii Moisieiev <Oleksii_Moisieiev@epam.com>
To: Gatien Chevallier <gatien.chevallier@foss.st.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"robh+dt@kernel.org" <robh+dt@kernel.org>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"alexandre.torgue@foss.st.com" <alexandre.torgue@foss.st.com>,
"vkoul@kernel.org" <vkoul@kernel.org>,
"jic23@kernel.org" <jic23@kernel.org>,
"olivier.moysan@foss.st.com" <olivier.moysan@foss.st.com>,
"arnaud.pouliquen@foss.st.com" <arnaud.pouliquen@foss.st.com>,
"mchehab@kernel.org" <mchehab@kernel.org>,
"fabrice.gasnier@foss.st.com" <fabrice.gasnier@foss.st.com>,
"andi.shyti@kernel.org" <andi.shyti@kernel.org>,
"ulf.hansson@linaro.org" <ulf.hansson@linaro.org>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"hugues.fruchet@foss.st.com" <hugues.fruchet@foss.st.com>,
"lee@kernel.org" <lee@kernel.org>,
"will@kernel.org" <will@kernel.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"arnd@kernel.org" <arnd@kernel.org>,
"richardcochran@gmail.com" <richardcochran@gmail.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-stm32@st-md-mailman.stormreply.com"
<linux-stm32@st-md-mailman.stormreply.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"dmaengine@vger.kernel.org" <dmaengine@vger.kernel.org>,
"linux-i2c@vger.kernel.org" <linux-i2c@vger.kernel.org>,
"linux-iio@vger.kernel.org" <linux-iio@vger.kernel.org>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-phy@lists.infradead.org" <linux-phy@lists.infradead.org>,
"linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"linux-spi@vger.kernel.org" <linux-spi@vger.kernel.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>
Subject: Re: [PATCH 05/10] firewall: introduce stm32_firewall framework
Date: Fri, 7 Jul 2023 13:50:16 +0000 [thread overview]
Message-ID: <87a5w7zv8o.fsf@epam.com> (raw)
In-Reply-To: <20230705172759.1610753-6-gatien.chevallier@foss.st.com>
Gatien Chevallier <gatien.chevallier@foss.st.com> writes:
> Introduce a firewall framework that offers to firewall consumers different
> firewall services such as the ability to check their access rights against
> their firewall controller(s).
>
> The firewall framework offers a generic API that is defined in firewall
> controllers drivers to best fit the specificity of each firewall.
>
> There are various types of firewalls:
> -Peripheral firewalls that filter accesses to peripherals
> -Memory firewalls that filter accesses to memories or memory regions
> -Resource firewalls that filter accesses to internal resources such as
> reset and clock controllers
>
> A firewall controller must be probed at arch_initcall level and register
> to the framework so that consumers can use their services.
>
> Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
> ---
> MAINTAINERS | 5 +
> arch/arm64/Kconfig.platforms | 1 +
> drivers/bus/Kconfig | 10 +
> drivers/bus/Makefile | 1 +
> drivers/bus/stm32_firewall.c | 252 ++++++++++++++++++++++
> drivers/bus/stm32_firewall.h | 83 +++++++
> include/linux/bus/stm32_firewall_device.h | 134 ++++++++++++
> 7 files changed, 486 insertions(+)
> create mode 100644 drivers/bus/stm32_firewall.c
> create mode 100644 drivers/bus/stm32_firewall.h
> create mode 100644 include/linux/bus/stm32_firewall_device.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 41385f01fa98..fabf95ba9b86 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -20123,6 +20123,11 @@ T: git git://linuxtv.org/media_tree.git
> F: Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml
> F: drivers/media/i2c/st-mipid02.c
>
> +ST STM32 FIREWALL
> +M: Gatien Chevallier <gatien.chevallier@foss.st.com>
> +S: Maintained
> +F: drivers/bus/stm32_firewall.c
> +
> ST STM32 I2C/SMBUS DRIVER
> M: Pierre-Yves MORDRET <pierre-yves.mordret@foss.st.com>
> M: Alain Volmat <alain.volmat@foss.st.com>
> diff --git a/arch/arm64/Kconfig.platforms b/arch/arm64/Kconfig.platforms
> index 6069120199bb..5a46e90f1e4e 100644
> --- a/arch/arm64/Kconfig.platforms
> +++ b/arch/arm64/Kconfig.platforms
> @@ -293,6 +293,7 @@ config ARCH_STM32
> select ARM_SMC_MBOX
> select ARM_SCMI_PROTOCOL
> select COMMON_CLK_SCMI
> + select STM32_FIREWALL
> help
> This enables support for ARMv8 based STMicroelectronics
> STM32 family, including:
> diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig
> index fcfa280df98a..4d54a7ea52b2 100644
> --- a/drivers/bus/Kconfig
> +++ b/drivers/bus/Kconfig
> @@ -163,6 +163,16 @@ config QCOM_SSC_BLOCK_BUS
> i2c/spi/uart controllers, a hexagon core, and a clock controller
> which provides clocks for the above.
>
> +config STM32_FIREWALL
> + bool "STM32 Firewall framework"
> + depends on ARCH_STM32
> + default MACH_STM32MP157 || MACH_STM32MP13 || MACH_STM32MP25
> + help
> + Say y to enable firewall framework and its services. Firewall
> + controllers will be able to register to the framework. Firewall
> + controllers must be initialized and register to the firewall framework
> + at arch_initcall level.
> +
> config SUN50I_DE2_BUS
> bool "Allwinner A64 DE2 Bus Driver"
> default ARM64
> diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile
> index d90eed189a65..fc0511450ec2 100644
> --- a/drivers/bus/Makefile
> +++ b/drivers/bus/Makefile
> @@ -26,6 +26,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
> obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
> obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
> obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
> +obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o
> obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
> obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
> obj-$(CONFIG_OF) += simple-pm-bus.o
> diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c
> new file mode 100644
> index 000000000000..510db5bc6eaf
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.c
> @@ -0,0 +1,252 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#include <linux/bitfield.h>
> +#include <linux/bits.h>
> +#include <linux/bus/stm32_firewall_device.h>
> +#include <linux/device.h>
> +#include <linux/err.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/of.h>
> +#include <linux/of_platform.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#include "stm32_firewall.h"
> +
> +/* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall controller reference + firewall ID */
> +#define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 2)
> +
> +static LIST_HEAD(firewall_controller_list);
> +static DEFINE_MUTEX(firewall_controller_list_lock);
> +
> +static int stm32_firewall_get_id(struct device_node *np, u32 *id)
> +{
> + u32 feature_domain_cell[2];
> +
> + /* Get property from device node */
> + if (of_property_read_u32_array(np, "feature-domains",
> + feature_domain_cell,
> + ARRAY_SIZE(feature_domain_cell))) {
> + pr_err("Unable to find get firewall ID property\n");
> + return -ENODEV;
> + }
> +
> + *id = feature_domain_cell[1];
> +
> + return 0;
> +}
> +
> +/* Firewall device API */
> +
> +int stm32_firewall_get_firewall(struct device_node *np,
> + struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *ctrl;
> + struct of_phandle_args args;
> + u32 controller_phandle;
> + bool match = false;
> + size_t i;
> + int err;
> +
> + if (!firewall)
> + return -EINVAL;
> +
> + /* The controller phandle is always the first argument of the feature-domains property. */
> + err = of_property_read_u32(np, "feature-domains", &controller_phandle);
> + if (err) {
> + pr_err("Unable to get feature-domains property for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* Parse property with phandle parsed out */
> + err = of_parse_phandle_with_args(np, "feature-domains", "#feature-domain-cells", 0, &args);
> + if (err) {
> + pr_err("Unable to read feature-domains arguments for node %s\n", np->full_name);
> + return err;
> + }
> +
> + /* The phandle is parsed out */
> + if (args.args_count > STM32_FIREWALL_MAX_ARGS - 1)
> + return -EINVAL;
> +
> + of_node_put(np);
> +
> + /* Check if the parsed phandle corresponds to a registered firewall controller */
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry(ctrl, &firewall_controller_list, entry) {
> + if (ctrl->dev->of_node->phandle == controller_phandle) {
> + match = true;
> + firewall->firewall_ctrl = ctrl;
> + break;
> + }
> + }
> + mutex_unlock(&firewall_controller_list_lock);
> + if (!match) {
> + firewall->firewall_ctrl = NULL;
> + pr_err("No firewall controller registered for %s\n", np->full_name);
> + return -ENODEV;
> + }
> +
> + /*
> + * The firewall ID is always the second argument of the feature-domains property.
> + * The first argument is already parsed out, so args.args[0] is the second argument.
> + */
> + firewall->firewall_id = args.args[0];
> +
> + /* Extra args start at the third argument */
> + for (i = 0; i < args.args_count; i++)
> + firewall->extra_args[i] = args.args[i + 1];
> +
> + /* Remove the firewall ID arg that is not an extra argument */
> + if (args.args_count >= 1)
> + firewall->extra_args_size = args.args_count - 1;
As I can see you support some extra args, that can be provided in the
feature-domain property. But in the binding description I see maxItems:
2. I beliewe this should be highlighted in bindings description.
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_get_firewall);
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access);
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX)
> + return -EINVAL;
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + return firewall_controller->grant_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_grant_access_by_id);
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, firewall->firewall_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access);
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + struct stm32_firewall_controller *firewall_controller;
> +
> + if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX) {
> + pr_err("Incorrect arguments when releasing a firewall access");
> + return;
> + }
> +
> + firewall_controller = firewall->firewall_ctrl;
> +
> + if (!firewall_controller) {
> + pr_debug("No firewall controller to release");
> + return;
> + }
> +
> + firewall_controller->release_access(firewall_controller, subsystem_id);
> +}
> +EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id);
> +
> +/* Firewall controller API */
> +
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller)
> +{
> + pr_info("Registering firewall controller %s", dev_name(firewall_controller->dev));
> +
> + if (!firewall_controller)
> + return -ENODEV;
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_add_tail(&firewall_controller->entry, &firewall_controller_list);
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + return 0;
> +
> +}
> +
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct stm32_firewall_controller *ctrl, *tmp;
> + bool controller_removed = false;
> +
> + if (!firewall_controller) {
> + pr_debug("Null reference while unregistering firewall controller");
> + return;
> + }
> +
> + mutex_lock(&firewall_controller_list_lock);
> + list_for_each_entry_safe(ctrl, tmp, &firewall_controller_list, entry) {
> + if (ctrl == firewall_controller) {
> + controller_removed = true;
> + list_del_init(&ctrl->entry);
> + break;
> + }
> + }
IIUC list_for_each_entry_safe protects you from removing node during
loop. But all list operations are done under
firewall_controller_list_lock mutex. I beliewe there is no need for
_safe call under the mutex because removing node during loop is
impossible. I think it worth investigation if it's safe to use
list_for_each_entry_safe without lock.
> + mutex_unlock(&firewall_controller_list_lock);
> +
> + if (!controller_removed)
> + pr_debug("There was no firewall controller named %s to unregister",
> + dev_name(firewall_controller->dev));
> +}
> +
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller)
> +{
> + struct device_node *child;
> + struct device *parent;
> + u32 firewall_id;
> + int err;
> +
> + parent = firewall_controller->dev;
> +
> + dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev));
> +
> + for_each_available_child_of_node(dev_of_node(parent), child) {
> + err = stm32_firewall_get_id(child, &firewall_id);
> + if (err < 0 ||
> + firewall_controller->grant_access(firewall_controller, firewall_id)) {
> + /*
> + * Peripheral access not allowed or not defined.
> + * Mark the node as populated so platform bus won't probe it
> + */
> + of_node_set_flag(child, OF_POPULATED);
> + dev_err(parent, "%s: Device driver will not be probed\n",
> + child->full_name);
> + }
> + }
> +}
> diff --git a/drivers/bus/stm32_firewall.h b/drivers/bus/stm32_firewall.h
> new file mode 100644
> index 000000000000..8d92e8c1ab77
> --- /dev/null
> +++ b/drivers/bus/stm32_firewall.h
> @@ -0,0 +1,83 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef _STM32_FIREWALL_H
> +#define _STM32_FIREWALL_H
> +
> +#include <linux/kernel.h>
> +#include <linux/list.h>
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +/**
> + * STM32_PERIPHERAL_FIREWALL: This type of firewall protects peripherals
Intendation
> + * STM32_MEMORY_FIREWALL: This type of firewall protects memories/subsets of memory
> + * zones
> + * STM32_RESOURCE_FIREWALL: This type of firewall protects internal resources
> + * STM32_NOTYPE_FIREWALL: Undefined firewall type
> + */
> +
> +#define STM32_PERIPHERAL_FIREWALL BIT(1)
Intendation
> +#define STM32_MEMORY_FIREWALL BIT(2)
> +#define STM32_RESOURCE_FIREWALL BIT(3)
> +#define STM32_NOTYPE_FIREWALL BIT(4)
> +
> +/**
> + * struct stm32_firewall_controller - Information on firewall controller supplying services
> + *
> + * @name Name of the firewall controller
> + * @dev Device reference of the firewall controller
Intendation
> + * @mmio Base address of the firewall controller
> + * @entry List entry of the firewall controller list
> + * @type Type of firewall
> + * @max_entries Number of entries covered by the firewall
Intendation
> + * @grant_access Callback used to grant access for a device access against a
> + * firewall controller
> + * @release_access Callback used to release resources taken by a device when access was
> + * granted
> + * @grant_memory_range_access Callback used to grant access for a device to a given memory region
> + */
> +struct stm32_firewall_controller {
> + const char *name;
> + struct device *dev;
> + void __iomem *mmio;
> + struct list_head entry;
> + unsigned int type;
> + unsigned int max_entries;
> +
> + int (*grant_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + void (*release_access)(struct stm32_firewall_controller *ctrl, u32 id);
> + int (*grant_memory_range_access)(struct stm32_firewall_controller *ctrl, phys_addr_t paddr,
> + size_t size);
> +};
> +
> +/**
> + * int stm32_firewall_controller_register - Register a firewall controller to the STM32 firewall
> + * framework
> + * @firewall_controller Firewall controller to register
> + *
> + * Returns 0 in case of success or -ENODEV if no controller was given.
> + */
> +int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * int stm32_firewall_controller_unregister - Unregister a firewall controller from the STM32
> + * firewall framework
> + * @firewall_controller Firewall controller to unregister
> + */
> +void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller);
> +
> +/**
> + * stm32_firewall_populate_bus - Populate device tree nodes that have a correct firewall
> + * configuration. This is used at boot-time only, as a sanity check
> + * between device tree and firewalls hardware configurations to
> + * prevent a kernel crash when a device driver is not granted access
> + *
> + * @firewall_controller Firewall controller which nodes will be populated or not
> + */
> +void stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller);
> +
> +#endif /* _STM32_FIREWALL_H */
> diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h
> new file mode 100644
> index 000000000000..ccaecea7fc6c
> --- /dev/null
> +++ b/include/linux/bus/stm32_firewall_device.h
> @@ -0,0 +1,134 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
> + */
> +
> +#ifndef STM32_FIREWALL_DEVICE_H
> +#define STM32_FIREWALL_DEVICE_H
> +
> +#include <linux/of.h>
> +#include <linux/platform_device.h>
> +#include <linux/types.h>
> +
> +#define STM32_FIREWALL_MAX_EXTRA_ARGS 5
It's not clear to me why it's 5. Comment above sais this is
implementation defined. Maybe this parameter can be configurable?
> +
> +/* Opaque reference to stm32_firewall_controller */
> +struct stm32_firewall_controller;
> +
> +/**
> + * stm32_firewall - Information on a device's firewall. Each device can have more than one firewall.
> + *
> + * @firewall_ctrl Pointer referencing a firewall controller of the device. It is
> + * opaque so a device cannot manipulate the controller's ops or access
> + * the controller's data
> + * @extra_args Extra arguments that are implementation dependent
> + * @extra_args_size Number of extra arguments
> + * @firewall_id Firewall ID associated the device for this firewall controller
> + */
> +struct stm32_firewall {
> + struct stm32_firewall_controller *firewall_ctrl;
> + u32 extra_args[STM32_FIREWALL_MAX_EXTRA_ARGS];
> + size_t extra_args_size;
> + u32 firewall_id;
> +};
> +
> +#if IS_ENABLED(CONFIG_STM32_FIREWALL)
> +/**
> + * stm32_firewall_get_firewall - Get the firewall(s) associated to given device.
> + * The firewall controller reference is always the first argument
> + * of the feature-domains property.
> + * The firewall ID is always the second argument of the
> + * feature-domains property.
> + *
> + * @np Device node to parse
Intendation
> + * @firewall Resulting firewall reference(s)
> + *
> + * Returns 0 on success, -ENODEV if there's no match with a firewall controller or appropriate errno
> + * code if error occurred.
> + */
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access - Request firewall access rights and grant access.
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_release_access - Release access granted from a call to
> + * stm32_firewall_grant_access().
> + *
> + * @firewall Firewall reference containing the ID to check against its firewall
> + * controller
> + */
> +void stm32_firewall_release_access(struct stm32_firewall *firewall);
> +
> +/**
> + * stm32_firewall_grant_access_by_id - Request firewall access rights of a given device
> + * based on a specific firewall ID
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + *
> + * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
> + * appropriate errno code if error occurred
> + */
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
Can we store all registered IDs that were found by populate_bus
functio, or is it expected when this function was called before
populate_bus call?
> +
> +/**
> + * stm32_firewall_release_access_by_id - Release access granted from a call to
> + * stm32_firewall_grant_access_by_id().
> + *
> + * Warnings:
> + * There is no way to ensure that the given ID will correspond to the firewall referenced in the
> + * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
> + * function must be used with caution.
> + * This function should be used for subsystem resources that do not have the same firewall ID
> + * as their parent.
> + * U32_MAX is an invalid ID.
> + *
> + * @firewall Firewall reference containing the firewall controller
> + * @subsystem_id Firewall ID of the subsystem resource
> + */
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
> +
> +#else /* CONFIG_STM32_FIREWALL */
> +
> +int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +int stm32_firewall_grant_access(struct stm32_firewall *firewall)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access(struct stm32_firewall *firewall)
> +{
> +}
> +
> +int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> + return -ENODEV;
> +}
> +
> +void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
> +{
> +}
> +
> +#endif /* CONFIG_STM32_FIREWALL */
> +#endif /* STM32_FIREWALL_DEVICE_H */
--
Thanks,
Oleksii
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-07-10 15:32 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-05 17:27 [PATCH 00/10] Introduce STM32 Firewall framework Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` [IGNORE][PATCH 01/10] dt-bindings: Document common device controller bindings Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-05 17:27 ` [PATCH 02/10] dt-bindings: bus: add device tree bindings for RIFSC Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-06 6:28 ` Krzysztof Kozlowski
2023-07-06 6:28 ` Krzysztof Kozlowski
2023-07-06 6:28 ` Krzysztof Kozlowski
2023-07-06 9:29 ` Gatien CHEVALLIER
2023-07-06 9:29 ` Gatien CHEVALLIER
2023-07-06 9:29 ` Gatien CHEVALLIER
2023-07-20 14:58 ` Gatien CHEVALLIER
2023-07-20 14:58 ` Gatien CHEVALLIER
2023-07-20 14:58 ` Gatien CHEVALLIER
2023-07-05 17:27 ` [PATCH 03/10] dt-bindings: bus: add device tree bindings for ETZPC Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-05 19:39 ` Rob Herring
2023-07-05 17:27 ` [PATCH 04/10] dt-bindings: treewide: add feature-domains description in binding files Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-06 14:51 ` Rob Herring
2023-07-06 14:51 ` Rob Herring
2023-07-06 14:51 ` Rob Herring
2023-07-07 12:28 ` Gatien CHEVALLIER
2023-07-07 12:28 ` Gatien CHEVALLIER
2023-07-07 12:28 ` Gatien CHEVALLIER
2023-07-07 15:20 ` Rob Herring
2023-07-07 15:20 ` Rob Herring
2023-07-07 15:20 ` Rob Herring
2023-07-10 8:22 ` Gatien CHEVALLIER
2023-07-10 8:22 ` Gatien CHEVALLIER
2023-07-10 8:22 ` Gatien CHEVALLIER
2023-07-10 14:42 ` Rob Herring
2023-07-10 14:42 ` Rob Herring
2023-07-10 14:42 ` Rob Herring
2023-07-07 14:07 ` Oleksii Moisieiev
2023-07-07 14:07 ` Oleksii Moisieiev
2023-07-07 14:07 ` Oleksii Moisieiev
2023-07-07 15:26 ` Gatien CHEVALLIER
2023-07-07 15:26 ` Gatien CHEVALLIER
2023-07-07 15:26 ` Gatien CHEVALLIER
2023-07-07 15:27 ` Rob Herring
2023-07-07 15:27 ` Rob Herring
2023-07-07 15:27 ` Rob Herring
2023-07-07 16:10 ` Oleksii Moisieiev
2023-07-07 16:10 ` Oleksii Moisieiev
2023-07-07 16:10 ` Oleksii Moisieiev
2023-07-07 20:33 ` Rob Herring
2023-07-07 20:33 ` Rob Herring
2023-07-07 20:33 ` Rob Herring
2023-07-10 6:27 ` Oleksii Moisieiev
2023-07-10 6:27 ` Oleksii Moisieiev
2023-07-10 6:27 ` Oleksii Moisieiev
2023-07-05 17:27 ` [PATCH 05/10] firewall: introduce stm32_firewall framework Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-06 15:09 ` Rob Herring
2023-07-06 15:09 ` Rob Herring
2023-07-06 15:09 ` Rob Herring
2023-07-07 13:43 ` Gatien CHEVALLIER
2023-07-07 13:43 ` Gatien CHEVALLIER
2023-07-07 13:43 ` Gatien CHEVALLIER
2023-07-07 15:07 ` Rob Herring
2023-07-07 15:07 ` Rob Herring
2023-07-07 15:07 ` Rob Herring
2023-07-13 13:58 ` Gatien CHEVALLIER
2023-07-13 13:58 ` Gatien CHEVALLIER
2023-07-13 13:58 ` Gatien CHEVALLIER
2023-07-13 14:13 ` Oleksii Moisieiev
2023-07-13 14:13 ` Oleksii Moisieiev
2023-07-13 14:13 ` Oleksii Moisieiev
2023-07-07 10:37 ` Greg KH
2023-07-07 10:37 ` Greg KH
2023-07-07 10:37 ` Greg KH
2023-07-07 14:00 ` Gatien CHEVALLIER
2023-07-07 14:00 ` Gatien CHEVALLIER
2023-07-07 14:00 ` Gatien CHEVALLIER
2023-07-07 15:10 ` Greg KH
2023-07-07 15:10 ` Greg KH
2023-07-07 15:10 ` Greg KH
2023-07-07 15:44 ` Gatien CHEVALLIER
2023-07-07 15:44 ` Gatien CHEVALLIER
2023-07-07 15:44 ` Gatien CHEVALLIER
2023-07-07 13:50 ` Oleksii Moisieiev [this message]
2023-07-07 13:50 ` Oleksii Moisieiev
2023-07-07 13:50 ` Oleksii Moisieiev
2023-07-07 15:01 ` Gatien CHEVALLIER
2023-07-07 15:01 ` Gatien CHEVALLIER
2023-07-07 15:01 ` Gatien CHEVALLIER
2023-07-07 16:01 ` Oleksii Moisieiev
2023-07-07 16:01 ` Oleksii Moisieiev
2023-07-07 16:01 ` Oleksii Moisieiev
2023-07-05 17:27 ` [PATCH 06/10] bus: rifsc: introduce RIFSC firewall controller driver Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` [PATCH 07/10] arm64: dts: st: add RIFSC as a domain controller for STM32MP25x boards Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-06 9:25 ` Alexandre TORGUE
2023-07-06 9:25 ` Alexandre TORGUE
2023-07-06 9:25 ` Alexandre TORGUE
2023-07-06 9:30 ` Gatien CHEVALLIER
2023-07-06 9:30 ` Gatien CHEVALLIER
2023-07-06 9:30 ` Gatien CHEVALLIER
2023-07-25 14:07 ` Gatien CHEVALLIER
2023-07-25 14:07 ` Gatien CHEVALLIER
2023-07-05 17:27 ` [PATCH 08/10] bus: etzpc: introduce ETZPC firewall controller driver Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` [PATCH 09/10] ARM: dts: stm32: add ETZPC as a system bus for STM32MP15x boards Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` [PATCH 10/10] ARM: dts: stm32: add ETZPC as a system bus for STM32MP13x boards Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
2023-07-05 17:27 ` Gatien Chevallier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5w7zv8o.fsf@epam.com \
--to=oleksii_moisieiev@epam.com \
--cc=alexandre.torgue@foss.st.com \
--cc=alsa-devel@alsa-project.org \
--cc=andi.shyti@kernel.org \
--cc=arnaud.pouliquen@foss.st.com \
--cc=arnd@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=dmaengine@vger.kernel.org \
--cc=edumazet@google.com \
--cc=fabrice.gasnier@foss.st.com \
--cc=gatien.chevallier@foss.st.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hugues.fruchet@foss.st.com \
--cc=jic23@kernel.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuba@kernel.org \
--cc=lee@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-i2c@vger.kernel.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-phy@lists.infradead.org \
--cc=linux-serial@vger.kernel.org \
--cc=linux-spi@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=linux-usb@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=olivier.moysan@foss.st.com \
--cc=pabeni@redhat.com \
--cc=richardcochran@gmail.com \
--cc=robh+dt@kernel.org \
--cc=ulf.hansson@linaro.org \
--cc=vkoul@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.