From: Vishnu Reddy <busanna.reddy@oss.qualcomm.com>
To: Bryan O'Donoghue <bod@kernel.org>,
Vikash Garodia <vikash.garodia@oss.qualcomm.com>,
Dikshita Agarwal <dikshita.agarwal@oss.qualcomm.com>,
Abhinav Kumar <abhinav.kumar@linux.dev>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konradybcio@kernel.org>,
Stefan Schmidt <stefan.schmidt@linaro.org>,
Hans Verkuil <hverkuil@kernel.org>
Cc: linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
iommu@lists.linux.dev,
Vishnu Reddy <busanna.reddy@oss.qualcomm.com>,
Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
Subject: [PATCH 05/11] media: iris: Enable Secure PAS support with IOMMU managed by Linux
Date: Tue, 14 Apr 2026 10:30:01 +0530 [thread overview]
Message-ID: <20260414-glymur-v1-5-7d3d1cf57b16@oss.qualcomm.com> (raw)
In-Reply-To: <20260414-glymur-v1-0-7d3d1cf57b16@oss.qualcomm.com>
From: Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
Most Qualcomm platforms feature a proprietary hypervisor (such as Gunyah
or QHEE), which typically handles IOMMU configuration. This includes
mapping memory regions and device memory resources for remote processors
by intercepting qcom_scm_pas_auth_and_reset() calls. These mappings are
later removed during teardown. Additionally, SHM bridge setup is required
to enable memory protection for both remoteproc metadata and its memory
regions.
When the hypervisor is absent, the operating system must perform these
configurations instead.
Support for handling IOMMU and SHM setup in the absence of a hypervisor
is now in place. Extend the Iris driver to enable this functionality on
platforms where IOMMU is managed by Linux (i.e., non-Gunyah, non-QHEE).
Additionally, the Iris driver must map the firmware and its required
resources to the firmware SID, which is now specified via iommu-map in
the device tree.
Co-developed-by: Vikash Garodia <vikash.garodia@oss.qualcomm.com>
Signed-off-by: Vikash Garodia <vikash.garodia@oss.qualcomm.com>
Signed-off-by: Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
Signed-off-by: Vishnu Reddy <busanna.reddy@oss.qualcomm.com>
---
drivers/media/platform/qcom/iris/iris_core.h | 4 ++
drivers/media/platform/qcom/iris/iris_firmware.c | 71 +++++++++++++++++++++---
2 files changed, 66 insertions(+), 9 deletions(-)
diff --git a/drivers/media/platform/qcom/iris/iris_core.h b/drivers/media/platform/qcom/iris/iris_core.h
index fb194c967ad4..aa7abef6f0e0 100644
--- a/drivers/media/platform/qcom/iris/iris_core.h
+++ b/drivers/media/platform/qcom/iris/iris_core.h
@@ -34,6 +34,8 @@ enum domain_type {
* struct iris_core - holds core parameters valid for all instances
*
* @dev: reference to device structure
+ * @dev_fw: reference to the context bank device used for firmware load
+ * @ctx_fw: SCM PAS context for authenticated firmware load and shutdown
* @reg_base: IO memory base address
* @irq: iris irq
* @v4l2_dev: a holder for v4l2 device structure
@@ -77,6 +79,8 @@ enum domain_type {
struct iris_core {
struct device *dev;
+ struct device *dev_fw;
+ struct qcom_scm_pas_context *ctx_fw;
void __iomem *reg_base;
int irq;
struct v4l2_device v4l2_dev;
diff --git a/drivers/media/platform/qcom/iris/iris_firmware.c b/drivers/media/platform/qcom/iris/iris_firmware.c
index 5f408024e967..93d77996c83f 100644
--- a/drivers/media/platform/qcom/iris/iris_firmware.c
+++ b/drivers/media/platform/qcom/iris/iris_firmware.c
@@ -5,6 +5,7 @@
#include <linux/firmware.h>
#include <linux/firmware/qcom/qcom_scm.h>
+#include <linux/iommu.h>
#include <linux/of_address.h>
#include <linux/of_reserved_mem.h>
#include <linux/soc/qcom/mdt_loader.h>
@@ -13,12 +14,15 @@
#include "iris_firmware.h"
#define MAX_FIRMWARE_NAME_SIZE 128
+#define IRIS_FW_START_ADDR 0
static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
{
+ struct device *dev = core->dev_fw ? core->dev_fw : core->dev;
u32 pas_id = core->iris_platform_data->pas_id;
const struct firmware *firmware = NULL;
- struct device *dev = core->dev;
+ struct qcom_scm_pas_context *ctx_fw;
+ struct iommu_domain *domain;
struct resource res;
phys_addr_t mem_phys;
size_t res_size;
@@ -29,13 +33,17 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
if (strlen(fw_name) >= MAX_FIRMWARE_NAME_SIZE - 4)
return -EINVAL;
- ret = of_reserved_mem_region_to_resource(dev->of_node, 0, &res);
+ ret = of_reserved_mem_region_to_resource(core->dev->of_node, 0, &res);
if (ret)
return ret;
mem_phys = res.start;
res_size = resource_size(&res);
+ ctx_fw = devm_qcom_scm_pas_context_alloc(dev, pas_id, mem_phys, res_size);
+ if (IS_ERR(ctx_fw))
+ return PTR_ERR(ctx_fw);
+
ret = request_firmware(&firmware, fw_name, dev);
if (ret)
return ret;
@@ -52,9 +60,27 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
goto err_release_fw;
}
- ret = qcom_mdt_load(dev, firmware, fw_name,
- pas_id, mem_virt, mem_phys, res_size, NULL);
+ ctx_fw->use_tzmem = !!core->dev_fw;
+ ret = qcom_mdt_pas_load(ctx_fw, firmware, fw_name, mem_virt, NULL);
+ if (ret)
+ goto err_mem_unmap;
+
+ if (ctx_fw->use_tzmem) {
+ domain = iommu_get_domain_for_dev(core->dev_fw);
+ if (!domain) {
+ ret = -ENODEV;
+ goto err_mem_unmap;
+ }
+
+ ret = iommu_map(domain, IRIS_FW_START_ADDR, mem_phys, res_size,
+ IOMMU_READ | IOMMU_WRITE | IOMMU_PRIV, GFP_KERNEL);
+ if (ret)
+ goto err_mem_unmap;
+ }
+ core->ctx_fw = ctx_fw;
+
+err_mem_unmap:
memunmap(mem_virt);
err_release_fw:
release_firmware(firmware);
@@ -62,6 +88,19 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
return ret;
}
+static void iris_fw_iommu_unmap(struct iris_core *core)
+{
+ bool use_tzmem = core->ctx_fw->use_tzmem;
+ struct iommu_domain *domain;
+
+ if (!use_tzmem)
+ return;
+
+ domain = iommu_get_domain_for_dev(core->dev_fw);
+ if (domain)
+ iommu_unmap(domain, IRIS_FW_START_ADDR, core->ctx_fw->mem_size);
+}
+
int iris_fw_load(struct iris_core *core)
{
const struct tz_cp_config *cp_config;
@@ -79,10 +118,10 @@ int iris_fw_load(struct iris_core *core)
return -ENOMEM;
}
- ret = qcom_scm_pas_auth_and_reset(core->iris_platform_data->pas_id);
+ ret = qcom_scm_pas_prepare_and_auth_reset(core->ctx_fw);
if (ret) {
dev_err(core->dev, "auth and reset failed: %d\n", ret);
- return ret;
+ goto err_unmap;
}
for (i = 0; i < core->iris_platform_data->tz_cp_config_data_size; i++) {
@@ -93,17 +132,31 @@ int iris_fw_load(struct iris_core *core)
cp_config->cp_nonpixel_size);
if (ret) {
dev_err(core->dev, "qcom_scm_mem_protect_video_var failed: %d\n", ret);
- qcom_scm_pas_shutdown(core->iris_platform_data->pas_id);
- return ret;
+ goto err_pas_shutdown;
}
}
+ return 0;
+
+err_pas_shutdown:
+ qcom_scm_pas_shutdown(core->ctx_fw->pas_id);
+err_unmap:
+ iris_fw_iommu_unmap(core);
+
return ret;
}
int iris_fw_unload(struct iris_core *core)
{
- return qcom_scm_pas_shutdown(core->iris_platform_data->pas_id);
+ int ret;
+
+ ret = qcom_scm_pas_shutdown(core->ctx_fw->pas_id);
+ if (ret)
+ return ret;
+
+ iris_fw_iommu_unmap(core);
+
+ return ret;
}
int iris_set_hw_state(struct iris_core *core, bool resume)
--
2.34.1
next prev parent reply other threads:[~2026-04-14 5:01 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 4:59 [PATCH 00/11] media: iris: Add support for glymur platform Vishnu Reddy
2026-04-14 4:59 ` [PATCH 01/11] dt-bindings: media: qcom,glymur-iris: Add glymur video codec Vishnu Reddy
2026-04-14 7:25 ` Krzysztof Kozlowski
2026-04-14 9:46 ` Vishnu Reddy
2026-04-14 4:59 ` [PATCH 02/11] media: iris: Add iris vpu bus support and register it with iommu_buses Vishnu Reddy
2026-04-14 15:14 ` Dmitry Baryshkov
[not found] ` <5dee6da0-9170-d9e0-5ff7-f8436331c6a9@oss.qualcomm.com>
2026-04-17 14:59 ` Vishnu Reddy
2026-04-17 18:19 ` Dmitry Baryshkov
2026-04-20 14:02 ` Vishnu Reddy
2026-04-20 17:56 ` Dmitry Baryshkov
2026-04-14 4:59 ` [PATCH 03/11] media: iris: Add context bank hooks for platform specific initialization Vishnu Reddy
2026-04-14 15:16 ` Dmitry Baryshkov
2026-04-17 15:03 ` Vishnu Reddy
2026-04-14 5:00 ` [PATCH 04/11] media: iris: Add helper to create a context bank device on iris vpu bus Vishnu Reddy
2026-04-14 15:18 ` Dmitry Baryshkov
2026-04-17 15:19 ` Vishnu Reddy
2026-04-17 18:23 ` Dmitry Baryshkov
2026-04-20 14:03 ` Vishnu Reddy
2026-04-20 17:56 ` Dmitry Baryshkov
2026-04-22 6:19 ` Vishnu Reddy
2026-04-14 5:00 ` Vishnu Reddy [this message]
2026-04-14 6:31 ` [PATCH 05/11] media: iris: Enable Secure PAS support with IOMMU managed by Linux Mukesh Ojha
2026-04-14 9:33 ` Mukesh Ojha
2026-04-15 7:36 ` Mukesh Ojha
2026-04-15 7:41 ` Mukesh Ojha
2026-04-17 15:20 ` Vishnu Reddy
2026-04-14 14:09 ` Konrad Dybcio
2026-04-17 15:27 ` Vishnu Reddy
2026-04-14 5:00 ` [PATCH 06/11] media: iris: Fix VM count passed to firmware Vishnu Reddy
2026-04-14 6:33 ` Mukesh Ojha
2026-04-17 15:28 ` Vishnu Reddy
2026-04-14 9:29 ` Konrad Dybcio
2026-04-17 14:35 ` Vishnu Reddy
2026-04-14 15:20 ` Dmitry Baryshkov
2026-04-17 15:29 ` Vishnu Reddy
2026-04-22 7:37 ` Vikash Garodia
2026-04-14 5:00 ` [PATCH 07/11] media: iris: Rename clock and power domain macros to use vcodec prefix Vishnu Reddy
2026-04-14 6:38 ` Mukesh Ojha
2026-04-14 7:20 ` Vishnu Reddy
2026-04-14 5:00 ` [PATCH 08/11] media: iris: Add power sequence for Glymur Vishnu Reddy
2026-04-14 9:49 ` Konrad Dybcio
2026-04-17 16:04 ` Vishnu Reddy
2026-04-14 15:23 ` Dmitry Baryshkov
2026-04-14 5:00 ` [PATCH 09/11] media: iris: Add support to select core for dual core platforms Vishnu Reddy
2026-04-14 9:51 ` Konrad Dybcio
2026-04-17 15:36 ` Vishnu Reddy
2026-04-14 16:02 ` Dmitry Baryshkov
2026-04-22 6:04 ` Vikash Garodia
2026-04-14 5:00 ` [PATCH 10/11] media: iris: Add platform data for glymur Vishnu Reddy
2026-04-14 16:05 ` Dmitry Baryshkov
2026-04-17 15:52 ` Vishnu Reddy
2026-04-14 5:00 ` [PATCH 11/11] arm64: dts: qcom: glymur: Add iris video node Vishnu Reddy
2026-04-14 14:10 ` Konrad Dybcio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260414-glymur-v1-5-7d3d1cf57b16@oss.qualcomm.com \
--to=busanna.reddy@oss.qualcomm.com \
--cc=abhinav.kumar@linux.dev \
--cc=andersson@kernel.org \
--cc=bod@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dikshita.agarwal@oss.qualcomm.com \
--cc=hverkuil@kernel.org \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=konradybcio@kernel.org \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=mukesh.ojha@oss.qualcomm.com \
--cc=robh@kernel.org \
--cc=robin.murphy@arm.com \
--cc=stefan.schmidt@linaro.org \
--cc=vikash.garodia@oss.qualcomm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox