From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konradybcio@kernel.org>,
Johan Hovold <johan@kernel.org>
Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>,
Johan Hovold <johan+linaro@kernel.org>
Subject: [PATCH v2 0/4] firmware: qcom: scm: fix potential race condition with tzmem
Date: Mon, 30 Jun 2025 14:12:01 +0200 [thread overview]
Message-ID: <20250630-qcom-scm-race-v2-0-fa3851c98611@linaro.org> (raw)
There's a race condition between the SCM call API consumers and the TZMem
initialization in the SCM firmware driver. The internal __scm pointer is
assigned - marking SCM as ready for accepting calls - before the tzmem
memory pool is fully initialized. While the race is unlikely to be hit
thanks to the SCM driver being initialized early, it still must be
addressed.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
Changes in v2:
- add comments explaining the ordering of operations in probe()
- add Johan's Reported-by and Closes tags
- Link to v1: https://lore.kernel.org/r/20250625-qcom-scm-race-v1-0-45601e1f248b@linaro.org
---
Bartosz Golaszewski (4):
firmware: qcom: scm: remove unused arguments from SHM bridge routines
firmware: qcom: scm: take struct device as argument in SHM bridge enable
firmware: qcom: scm: initialize tzmem before marking SCM as available
firmware: qcom: scm: request the waitqueue irq *after* initializing SCM
drivers/firmware/qcom/qcom_scm.c | 95 ++++++++++++++++------------------
drivers/firmware/qcom/qcom_scm.h | 1 +
drivers/firmware/qcom/qcom_tzmem.c | 11 ++--
include/linux/firmware/qcom/qcom_scm.h | 5 +-
4 files changed, 55 insertions(+), 57 deletions(-)
---
base-commit: f817b6dd2b62d921a6cdc0a3ac599cd1851f343c
change-id: 20250624-qcom-scm-race-5e7737f7f39f
Best regards,
--
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
next reply other threads:[~2025-06-30 12:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-30 12:12 Bartosz Golaszewski [this message]
2025-06-30 12:12 ` [PATCH v2 1/4] firmware: qcom: scm: remove unused arguments from SHM bridge routines Bartosz Golaszewski
2025-06-30 12:12 ` [PATCH v2 2/4] firmware: qcom: scm: take struct device as argument in SHM bridge enable Bartosz Golaszewski
2025-06-30 12:43 ` Konrad Dybcio
2025-06-30 12:12 ` [PATCH v2 3/4] firmware: qcom: scm: initialize tzmem before marking SCM as available Bartosz Golaszewski
2025-06-30 12:12 ` [PATCH v2 4/4] firmware: qcom: scm: request the waitqueue irq *after* initializing SCM Bartosz Golaszewski
2025-07-11 7:52 ` [PATCH v2 0/4] firmware: qcom: scm: fix potential race condition with tzmem Bartosz Golaszewski
2025-07-17 4:30 ` Bjorn Andersson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250630-qcom-scm-race-v2-0-fa3851c98611@linaro.org \
--to=brgl@bgdev.pl \
--cc=andersson@kernel.org \
--cc=bartosz.golaszewski@linaro.org \
--cc=johan+linaro@kernel.org \
--cc=johan@kernel.org \
--cc=konrad.dybcio@oss.qualcomm.com \
--cc=konradybcio@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).