From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D26C3FE368 for ; Fri, 8 May 2026 19:01:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778266909; cv=none; b=Qh6MWQuscc47GRrDvRN0lmuHe+knPH7Sv0ni6JO7IgTqrg95h1yPt7rYdF/QZbDa6WWhZTFCiCwEHSE5C1D/gtYt6hvtnfP48jS0p3ILCAOxy5Dh+NweBD0vRXzSy4hiFRtF4BAkM33z2RhlS3JlUwS0zGfZg2QExeXJCw4OHfQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778266909; c=relaxed/simple; bh=kiHl1lLYV4nKXfICCZXuAhM4nH0bXvbb/KB+ab5VHpE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=nmN4//fTURpYdro9PF2R5ELLyilzylvnCnEGYbU0EicLrIEEZaju4Bav/PxHr3D3kV2P9IBOKQmvVAgkzzDJgy0NcNeoMFq2Pa2otOC4ppVTpVmcw0L+oupqu4gFirdfllgRRApDZKg2uipYhDFRBGnx4PNR7WUba2lfU073t3k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=Uu1roemS; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=KsgxmGqR; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="Uu1roemS"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="KsgxmGqR" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 648GTeY1145187 for ; Fri, 8 May 2026 19:01:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= RYPsAM9GyVf9eOjiRO6hKDynS22g8zyxVf3Jn1km8YU=; b=Uu1roemSq+rFj4Ml ihM70tTc6X/TIgMny2WrqMeePGk4go51ipl/8XU41N+WRi1VEUgA0qWF6JRtVRnE J1y27sblqHiFD7WZ2AReowo5YO0ZLZQuiiNwQ8zuzqVbYgeFLQqt9Lr83I3ewEqr 6eyxFoGDFCMKtkhhkr0X5UAdkwqDvpXmd45AEWyUtE1I7KfdmTr/c4sKQ8u+W0OB 0FE7LQdUN/EheV/eJE9rqk4ejPhqcGcDamjxu+SR1D93OBl9nweu/A1x+lSZ7oyL 2JALS+ZTTafwG37gERKXetAX10Ksdgz0tYPCKo6SOu7hJ3ceR1yGlwOKMp+H5Ads SMTWPA== Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4e1kdc0h16-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 08 May 2026 19:01:47 +0000 (GMT) Received: by mail-pf1-f199.google.com with SMTP id d2e1a72fcca58-82f6e6a3a76so2323899b3a.0 for ; Fri, 08 May 2026 12:01:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1778266907; x=1778871707; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=RYPsAM9GyVf9eOjiRO6hKDynS22g8zyxVf3Jn1km8YU=; b=KsgxmGqRIng/S0Aa9lL7994BcMXw0JeF/X+Od+D2DvmvK5+r3O2pfL5o58K4bgHIwy ytcX4OTwVsQdGArIKU3ZF+8tozqI8QK9ojHm94GQ7SxuOGhXeC0IWyCx9stLvW3aNyiO Ynzoysx9xObi/a8V+zw2bvEWv9qiaqtRPmLWc8x32VXLCM6SHfyF3ymbv+NWi9jLPsuc gFiNBJusXUd+72lZ4trkONirprr3Wgmuh4KlGBD3jxTCCjcr/L2acc5UuCuPDWTpHt7P fujKQH+Q3jT3TgpAwnlEDbN8RtAqdy+xfZ3/Oq9MAAJPwCLw5XRmH1SXn7TKb7isb/b9 60AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778266907; x=1778871707; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RYPsAM9GyVf9eOjiRO6hKDynS22g8zyxVf3Jn1km8YU=; b=qlxY48Vd7Ijs7jXwOKWE8AImVvVnMY1Kz5cqJbhuuZTW1G2J+06ij3p6Uk5bnK+wJd Owz9hsl47PnFzwYxvw9MNSiHt/C+cdcZpBTn9mKohOky0pInP7Vffsa4ADV7vGaN6qF0 W6YARNqiORzm5l48048BdGaHGoiiZkJkevuBf6d4+vWr2Ci43X0QIyQc43R7XR7By69t wT/V2FArqkQlx2qaNtwQrQHNL3jVO8cC8sHbWCGZzpWhyWBfoslUwBvMXhlad81KJ/cD 22sfhvkvUJ128+VOpz+XlQnfbY7qg2NRE/IiLQQTytKu4FcBsvqqobtlKgEN+eRaITCD f/iw== X-Forwarded-Encrypted: i=1; AFNElJ+VYS0M69zOyOFvKRgn+1lwOlZkZ4Yn5Teb3CrN7+gKdWA4/KnxMhPJUvOL5xyLfzCAXAkxVMUqtVaz@vger.kernel.org X-Gm-Message-State: AOJu0YwRWbHZO2PKsd/0vB87zMIb5aHs/SdK1GhJmNWk9anjZ8q+oSrn uX4EHO4Q/MIAtFA93xMeXpd5UPS9S87NHnszDL1jtTQBG5SFyheR+7RUM3XhHFgWUSbkzI9eUaH EM+hsjqMqpQZCD1i5VqU0I7Ee5NVMpnJ36Uh7rJgB7/vExdbt0Q50qLX1nrGJe18V X-Gm-Gg: Acq92OH6rQ5kQm0gYlxtB+Db2ynBVyHJGIjjTDv3150NuJXAuidf8D6nNTEUj6bB1s0 k1dqsBLVy496kYkOHPlIoltrFTislufKQyRH9SzW/a1ZHWtnptKcF4QumHgw/PFbjuJyYUZu7jY C+wWD4R90pXflHkL+zGUM4eTFLB/Z10OB404vXIV/ZYZDkHwUUVKt/Yrf7GpvHH6E/LOHWAQGZu GV+LtZg0Ow+WVx5Nat6uLZcWvGi22a4V/wceZ8wHCyxw4qJI5GxLFCMhUnQSLfZV2oohKpedfxu TLiTFSrkGP93FdpuL3w1Xc49wxT8XDU0dsj1b3dlZYf4Fr998qM6HMoXiACPtLK2eMtUN+TTKQD xjYElL0HzIiAPeKVcSKjfB2/xiut3JPnLicFsZ7k8NNJCiItMhARFbhM= X-Received: by 2002:a05:6a00:1d8c:b0:834:ea1a:4b25 with SMTP id d2e1a72fcca58-83a5c0c170bmr13964808b3a.12.1778266906781; Fri, 08 May 2026 12:01:46 -0700 (PDT) X-Received: by 2002:a05:6a00:1d8c:b0:834:ea1a:4b25 with SMTP id d2e1a72fcca58-83a5c0c170bmr13964762b3a.12.1778266906217; Fri, 08 May 2026 12:01:46 -0700 (PDT) Received: from hu-bvisredd-hyd.qualcomm.com ([202.46.22.19]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-83965a3e3ecsm13395550b3a.19.2026.05.08.12.01.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 May 2026 12:01:45 -0700 (PDT) From: Vishnu Reddy Date: Sat, 09 May 2026 00:29:56 +0530 Subject: [PATCH v5 07/14] media: iris: Enable Secure PAS support with IOMMU managed by Linux Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260509-glymur-v5-7-7fbb340c5dbd@oss.qualcomm.com> References: <20260509-glymur-v5-0-7fbb340c5dbd@oss.qualcomm.com> In-Reply-To: <20260509-glymur-v5-0-7fbb340c5dbd@oss.qualcomm.com> To: Vikash Garodia , Dikshita Agarwal , Abhinav Kumar , Bryan O'Donoghue , Mauro Carvalho Chehab , Joerg Roedel , Will Deacon , Robin Murphy , Hans Verkuil , Stefan Schmidt , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Stanimir Varbanov , Jorge Ramirez-Ortiz , Del Regno , Bjorn Andersson , Konrad Dybcio Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org, iommu@lists.linux.dev, Krzysztof Kozlowski , devicetree@vger.kernel.org, Vishnu Reddy , Mukesh Ojha X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778266845; l=6647; i=busanna.reddy@oss.qualcomm.com; s=20260216; h=from:subject:message-id; bh=UaR2dTIxtzS/tNKuFtSFzOFmr6sz1nG53anx21+ucME=; b=ksbDBtsaICiCigSCrJueomIT4etgGvpPl4AHZ9fo7TnEzQZabzy2Qc2SiaSQsPHJHoFsiTsF8 iR5CCyMyX72BoruM0Pe+FJu6oa8abHugW0rRs7eEHYy4bEic0pOsNke X-Developer-Key: i=busanna.reddy@oss.qualcomm.com; a=ed25519; pk=9vmy9HahBKVAa+GBFj1yHVbz0ey/ucIs1hrlfx+qtok= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTA4MDE5MCBTYWx0ZWRfX13ngZpjdMJYu cWBtvqkD0YvertF3vNsDHoRc/6RrWI4EPrbIfZGHOYxlzKPaL5oPwbpoHezquYTcVrkJNIVq5Bb NWGFER3Jv2r7cIvn9rwj8PnMVOtlF2RNOlTRbjsVkpDhxy0+K7ue/ZGQkVnLpSMA5but4hiNz9g +j1y3Bnor0h0RItEOVNQENXqMPp5q5PaVVEH8qh8CWi0E6kHsGkbOUTEQy6l+1V8FCBo9ggdAl6 FOzwHPUaFETlydx3TztWfuIsS6wMgZ0Hhb9TZ3rxwv78Fr/dMYbg8MRoctLPO3kpZjLpan1LZts P6rjy4GmyMXw1zjdMnoHyApNQ/t9qUE5Ivjz4ROBQNb3l/kO1c4nZp6rqB9gClKaVApkv9C1OHF wg5I/cYZoKpJVDmnS9Jl/WiEO0tIujxIQmHoAksh2kwE4+NwBiZjYDMmbH0C+KTvT6SXs3d7kpy M9icl0zRKlT9sZpp6OQ== X-Authority-Analysis: v=2.4 cv=RZOgzVtv c=1 sm=1 tr=0 ts=69fe331b cx=c_pps a=WW5sKcV1LcKqjgzy2JUPuA==:117 a=fChuTYTh2wq5r3m49p7fHw==:17 a=IkcTkHD0fZMA:10 a=NGcC8JguVDcA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=YMgV9FUhrdKAYTUUvYB2:22 a=EUspDBNiAAAA:8 a=gbwaY6mYjfx-u0ET_fsA:9 a=QEXdDO2ut3YA:10 a=OpyuDcXvxspvyRM73sMx:22 X-Proofpoint-GUID: Y1NfWVWTwPbe0yVJmpDJ9TP3-NYOmsHh X-Proofpoint-ORIG-GUID: Y1NfWVWTwPbe0yVJmpDJ9TP3-NYOmsHh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-07_02,2026-05-08_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 phishscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605080190 From: Mukesh Ojha Most Qualcomm platforms feature a proprietary hypervisor (such as Gunyah or QHEE), which typically handles IOMMU configuration. This includes mapping memory regions and device memory resources for remote processors by intercepting qcom_scm_pas_auth_and_reset() calls. These mappings are later removed during teardown. Additionally, SHM bridge setup is required to enable memory protection for both remoteproc metadata and its memory regions. When the hypervisor is absent, the operating system must perform these configurations instead. Support for handling IOMMU and SHM setup in the absence of a hypervisor is now in place. Extend the Iris driver to enable this functionality on platforms where IOMMU is managed by Linux (i.e., non-Gunyah, non-QHEE). Additionally, the Iris driver must map the firmware and its required resources to the firmware SID, which is now specified via iommu-map in the device tree. Reviewed-by: Vishnu Reddy Co-developed-by: Vikash Garodia Signed-off-by: Vikash Garodia Signed-off-by: Mukesh Ojha Signed-off-by: Vishnu Reddy --- drivers/media/platform/qcom/iris/iris_core.h | 4 ++ drivers/media/platform/qcom/iris/iris_firmware.c | 72 ++++++++++++++++++++---- 2 files changed, 66 insertions(+), 10 deletions(-) diff --git a/drivers/media/platform/qcom/iris/iris_core.h b/drivers/media/platform/qcom/iris/iris_core.h index fb194c967ad4..b396c8cf595e 100644 --- a/drivers/media/platform/qcom/iris/iris_core.h +++ b/drivers/media/platform/qcom/iris/iris_core.h @@ -34,6 +34,8 @@ enum domain_type { * struct iris_core - holds core parameters valid for all instances * * @dev: reference to device structure + * @fw_dev: reference to the context bank device used for firmware load + * @pas_ctx: SCM PAS context for authenticated firmware load and shutdown * @reg_base: IO memory base address * @irq: iris irq * @v4l2_dev: a holder for v4l2 device structure @@ -77,6 +79,8 @@ enum domain_type { struct iris_core { struct device *dev; + struct device *fw_dev; + struct qcom_scm_pas_context *pas_ctx; void __iomem *reg_base; int irq; struct v4l2_device v4l2_dev; diff --git a/drivers/media/platform/qcom/iris/iris_firmware.c b/drivers/media/platform/qcom/iris/iris_firmware.c index 5f408024e967..0085dd7ec052 100644 --- a/drivers/media/platform/qcom/iris/iris_firmware.c +++ b/drivers/media/platform/qcom/iris/iris_firmware.c @@ -5,6 +5,7 @@ #include #include +#include #include #include #include @@ -13,12 +14,15 @@ #include "iris_firmware.h" #define MAX_FIRMWARE_NAME_SIZE 128 +#define IRIS_FW_START_ADDR 0 static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) { + struct device *fw_dev = core->fw_dev ? core->fw_dev : core->dev; u32 pas_id = core->iris_platform_data->pas_id; const struct firmware *firmware = NULL; - struct device *dev = core->dev; + struct qcom_scm_pas_context *pas_ctx; + struct iommu_domain *domain; struct resource res; phys_addr_t mem_phys; size_t res_size; @@ -29,14 +33,18 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) if (strlen(fw_name) >= MAX_FIRMWARE_NAME_SIZE - 4) return -EINVAL; - ret = of_reserved_mem_region_to_resource(dev->of_node, 0, &res); + ret = of_reserved_mem_region_to_resource(core->dev->of_node, 0, &res); if (ret) return ret; mem_phys = res.start; res_size = resource_size(&res); - ret = request_firmware(&firmware, fw_name, dev); + pas_ctx = devm_qcom_scm_pas_context_alloc(fw_dev, pas_id, mem_phys, res_size); + if (IS_ERR(pas_ctx)) + return PTR_ERR(pas_ctx); + + ret = request_firmware(&firmware, fw_name, fw_dev); if (ret) return ret; @@ -52,9 +60,27 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) goto err_release_fw; } - ret = qcom_mdt_load(dev, firmware, fw_name, - pas_id, mem_virt, mem_phys, res_size, NULL); + pas_ctx->use_tzmem = !!core->fw_dev; + ret = qcom_mdt_pas_load(pas_ctx, firmware, fw_name, mem_virt, NULL); + if (ret) + goto err_mem_unmap; + + if (pas_ctx->use_tzmem) { + domain = iommu_get_domain_for_dev(fw_dev); + if (!domain) { + ret = -ENODEV; + goto err_mem_unmap; + } + + ret = iommu_map(domain, IRIS_FW_START_ADDR, mem_phys, res_size, + IOMMU_READ | IOMMU_WRITE | IOMMU_PRIV, GFP_KERNEL); + if (ret) + goto err_mem_unmap; + } + core->pas_ctx = pas_ctx; + +err_mem_unmap: memunmap(mem_virt); err_release_fw: release_firmware(firmware); @@ -62,6 +88,18 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) return ret; } +static void iris_fw_iommu_unmap(struct iris_core *core) +{ + struct iommu_domain *domain; + + if (!core->pas_ctx->use_tzmem) + return; + + domain = iommu_get_domain_for_dev(core->fw_dev); + if (domain) + iommu_unmap(domain, IRIS_FW_START_ADDR, core->pas_ctx->mem_size); +} + int iris_fw_load(struct iris_core *core) { const struct tz_cp_config *cp_config; @@ -79,10 +117,10 @@ int iris_fw_load(struct iris_core *core) return -ENOMEM; } - ret = qcom_scm_pas_auth_and_reset(core->iris_platform_data->pas_id); + ret = qcom_scm_pas_prepare_and_auth_reset(core->pas_ctx); if (ret) { dev_err(core->dev, "auth and reset failed: %d\n", ret); - return ret; + goto err_unmap; } for (i = 0; i < core->iris_platform_data->tz_cp_config_data_size; i++) { @@ -93,17 +131,31 @@ int iris_fw_load(struct iris_core *core) cp_config->cp_nonpixel_size); if (ret) { dev_err(core->dev, "qcom_scm_mem_protect_video_var failed: %d\n", ret); - qcom_scm_pas_shutdown(core->iris_platform_data->pas_id); - return ret; + goto err_pas_shutdown; } } + return 0; + +err_pas_shutdown: + qcom_scm_pas_shutdown(core->pas_ctx->pas_id); +err_unmap: + iris_fw_iommu_unmap(core); + return ret; } int iris_fw_unload(struct iris_core *core) { - return qcom_scm_pas_shutdown(core->iris_platform_data->pas_id); + int ret; + + ret = qcom_scm_pas_shutdown(core->pas_ctx->pas_id); + if (ret) + return ret; + + iris_fw_iommu_unmap(core); + + return ret; } int iris_set_hw_state(struct iris_core *core, bool resume) -- 2.34.1