Re: [PATCH 05/11] media: iris: Enable Secure PAS support with IOMMU managed by Linux

[Vishnu Reddy <busanna.reddy@oss.qualcomm.com>]

On 4/14/2026 12:01 PM, Mukesh Ojha wrote:
> On Tue, Apr 14, 2026 at 10:30:01AM +0530, Vishnu Reddy wrote:
>> From: Mukesh Ojha<mukesh.ojha@oss.qualcomm.com>
>>
>> Most Qualcomm platforms feature a proprietary hypervisor (such as Gunyah
>> or QHEE), which typically handles IOMMU configuration. This includes
>> mapping memory regions and device memory resources for remote processors
>> by intercepting qcom_scm_pas_auth_and_reset() calls. These mappings are
>> later removed during teardown. Additionally, SHM bridge setup is required
>> to enable memory protection for both remoteproc metadata and its memory
>> regions.
>>
>> When the hypervisor is absent, the operating system must perform these
>> configurations instead.
>>
>> Support for handling IOMMU and SHM setup in the absence of a hypervisor
>> is now in place. Extend the Iris driver to enable this functionality on
>> platforms where IOMMU is managed by Linux (i.e., non-Gunyah, non-QHEE).
>>
>> Additionally, the Iris driver must map the firmware and its required
>> resources to the firmware SID, which is now specified via iommu-map in
>> the device tree.
>>
>> Co-developed-by: Vikash Garodia<vikash.garodia@oss.qualcomm.com>
>> Signed-off-by: Vikash Garodia<vikash.garodia@oss.qualcomm.com>
>> Signed-off-by: Mukesh Ojha<mukesh.ojha@oss.qualcomm.com>
>> Signed-off-by: Vishnu Reddy<busanna.reddy@oss.qualcomm.com>
>> ---
>>   drivers/media/platform/qcom/iris/iris_core.h     |  4 ++
>>   drivers/media/platform/qcom/iris/iris_firmware.c | 71 +++++++++++++++++++++---
>>   2 files changed, 66 insertions(+), 9 deletions(-)
>>
>> diff --git a/drivers/media/platform/qcom/iris/iris_core.h b/drivers/media/platform/qcom/iris/iris_core.h
>> index fb194c967ad4..aa7abef6f0e0 100644
>> --- a/drivers/media/platform/qcom/iris/iris_core.h
>> +++ b/drivers/media/platform/qcom/iris/iris_core.h
>> @@ -34,6 +34,8 @@ enum domain_type {
>>    * struct iris_core - holds core parameters valid for all instances
>>    *
>>    * @dev: reference to device structure
>> + * @dev_fw: reference to the context bank device used for firmware load
>> + * @ctx_fw: SCM PAS context for authenticated firmware load and shutdown
>>    * @reg_base: IO memory base address
>>    * @irq: iris irq
>>    * @v4l2_dev: a holder for v4l2 device structure
>> @@ -77,6 +79,8 @@ enum domain_type {
>>   
>>   struct iris_core {
>>   	struct device				*dev;
>> +	struct device				*dev_fw;
>> +	struct qcom_scm_pas_context		*ctx_fw;
> fw_dev suits better and ctx_fw is always for firmware, maybe pas_ctx is
> better.

Ack

>>   	void __iomem				*reg_base;
>>   	int					irq;
>>   	struct v4l2_device			v4l2_dev;
>> diff --git a/drivers/media/platform/qcom/iris/iris_firmware.c b/drivers/media/platform/qcom/iris/iris_firmware.c
>> index 5f408024e967..93d77996c83f 100644
>> --- a/drivers/media/platform/qcom/iris/iris_firmware.c
>> +++ b/drivers/media/platform/qcom/iris/iris_firmware.c
>> @@ -5,6 +5,7 @@
>>   
>>   #include <linux/firmware.h>
>>   #include <linux/firmware/qcom/qcom_scm.h>
>> +#include <linux/iommu.h>
>>   #include <linux/of_address.h>
>>   #include <linux/of_reserved_mem.h>
>>   #include <linux/soc/qcom/mdt_loader.h>
>> @@ -13,12 +14,15 @@
>>   #include "iris_firmware.h"
>>   
>>   #define MAX_FIRMWARE_NAME_SIZE	128
>> +#define IRIS_FW_START_ADDR	0
>>   
>>   static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
>>   {
>> +	struct device *dev = core->dev_fw ? core->dev_fw : core->dev;
>>   	u32 pas_id = core->iris_platform_data->pas_id;
>>   	const struct firmware *firmware = NULL;
>> -	struct device *dev = core->dev;
>> +	struct qcom_scm_pas_context *ctx_fw;
>> +	struct iommu_domain *domain;
>>   	struct resource res;
>>   	phys_addr_t mem_phys;
>>   	size_t res_size;
>> @@ -29,13 +33,17 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
>>   	if (strlen(fw_name) >= MAX_FIRMWARE_NAME_SIZE - 4)
>>   		return -EINVAL;
>>   
>> -	ret = of_reserved_mem_region_to_resource(dev->of_node, 0, &res);
>> +	ret = of_reserved_mem_region_to_resource(core->dev->of_node, 0, &res);
>>   	if (ret)
>>   		return ret;
>>   
>>   	mem_phys = res.start;
>>   	res_size = resource_size(&res);
>>   
>> +	ctx_fw = devm_qcom_scm_pas_context_alloc(dev, pas_id, mem_phys, res_size);
>> +	if (IS_ERR(ctx_fw))
>> +		return PTR_ERR(ctx_fw);
>> +
>>   	ret = request_firmware(&firmware, fw_name, dev);
>>   	if (ret)
>>   		return ret;
>> @@ -52,9 +60,27 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
>>   		goto err_release_fw;
>>   	}
>>   
>> -	ret = qcom_mdt_load(dev, firmware, fw_name,
>> -			    pas_id, mem_virt, mem_phys, res_size, NULL);
>> +	ctx_fw->use_tzmem = !!core->dev_fw;
>> +	ret = qcom_mdt_pas_load(ctx_fw, firmware, fw_name, mem_virt, NULL);
>> +	if (ret)
>> +		goto err_mem_unmap;
>> +
>> +	if (ctx_fw->use_tzmem) {
>> +		domain = iommu_get_domain_for_dev(core->dev_fw);
>> +		if (!domain) {
>> +			ret = -ENODEV;
>> +			goto err_mem_unmap;
>> +		}
>> +
>> +		ret = iommu_map(domain, IRIS_FW_START_ADDR, mem_phys, res_size,
>> +				IOMMU_READ | IOMMU_WRITE | IOMMU_PRIV, GFP_KERNEL);
>> +		if (ret)
>> +			goto err_mem_unmap;
>> +	}
>>   
>> +	core->ctx_fw = ctx_fw;
>> +
>> +err_mem_unmap:
>>   	memunmap(mem_virt);
>>   err_release_fw:
>>   	release_firmware(firmware);
>> @@ -62,6 +88,19 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name)
>>   	return ret;
>>   }
>>   
>> +static void iris_fw_iommu_unmap(struct iris_core *core)
>> +{
>> +	bool use_tzmem = core->ctx_fw->use_tzmem;
>> +	struct iommu_domain *domain;
>> +
>> +	if (!use_tzmem)
>> +		return;
>> +
>> +	domain = iommu_get_domain_for_dev(core->dev_fw);
>> +	if (domain)
>> +		iommu_unmap(domain, IRIS_FW_START_ADDR, core->ctx_fw->mem_size);
>> +}
>> +
>>   int iris_fw_load(struct iris_core *core)
>>   {
>>   	const struct tz_cp_config *cp_config;
>> @@ -79,10 +118,10 @@ int iris_fw_load(struct iris_core *core)
>>   		return -ENOMEM;
>>   	}
>>   
>> -	ret = qcom_scm_pas_auth_and_reset(core->iris_platform_data->pas_id);
>> +	ret = qcom_scm_pas_prepare_and_auth_reset(core->ctx_fw);
>>   	if (ret)  {
>>   		dev_err(core->dev, "auth and reset failed: %d\n", ret);
>> -		return ret;
>> +		goto err_unmap;
>>   	}
>>   
>>   	for (i = 0; i < core->iris_platform_data->tz_cp_config_data_size; i++) {
>> @@ -93,17 +132,31 @@ int iris_fw_load(struct iris_core *core)
>>   						     cp_config->cp_nonpixel_size);
>>   		if (ret) {
>>   			dev_err(core->dev, "qcom_scm_mem_protect_video_var failed: %d\n", ret);
>> -			qcom_scm_pas_shutdown(core->iris_platform_data->pas_id);
>> -			return ret;
>> +			goto err_pas_shutdown;
>>   		}
>>   	}
>>   
>> +	return 0;
>> +
>> +err_pas_shutdown:
>> +	qcom_scm_pas_shutdown(core->ctx_fw->pas_id);
>> +err_unmap:
>> +	iris_fw_iommu_unmap(core);
>> +
>>   	return ret;
>>   }
>>   
>>   int iris_fw_unload(struct iris_core *core)
>>   {
>> -	return qcom_scm_pas_shutdown(core->iris_platform_data->pas_id);
>> +	int ret;
>> +
>> +	ret = qcom_scm_pas_shutdown(core->ctx_fw->pas_id);
>> +	if (ret)
>> +		return ret;
>> +
>> +	iris_fw_iommu_unmap(core);
>> +
>> +	return ret;
>>   }
>>   
>>   int iris_set_hw_state(struct iris_core *core, bool resume)
>>
>> -- 
>> 2.34.1
>>