From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1200A4657E2 for ; Wed, 6 May 2026 16:36:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778085407; cv=none; b=SvVqcPGuoD2MA+HznAeXw1jDUnWZuwSC3m937xrSNjFBLqrGE1mJE2zwIPnS0Q33H/3K22McQ7NjQi+CYxjGCKcj18qSIeAfMYaU/W619aoI1gXGrbDIjKAmr2yGJ0iH7WiuHIidKYED2vzbnySGTAkvXvdMS6X836tKqzmcE1E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778085407; c=relaxed/simple; bh=YUCDA48aXRxkZw5mYhHWBC3J8D349BVZVO7Begm/rv8=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=OIFmoJIHd/vhuv01MoObfVe9VRXkFwYctlhr4NyO4bYOwjgZ2RIsJ6GEKX7EPSNEQV5WleUrgPrzlOJJIGIRSqOPnTbiFASnjuysOSjUrqIQ1/Lb+vNM5ALHIgUKYgdpWPDFRW1VfjLzRTB/qHHukYw0s5i35FgxZ5oeIHs3zeE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=epMNdibW; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=kHciLMQJ; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="epMNdibW"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="kHciLMQJ" Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 646A4gII3524218 for ; Wed, 6 May 2026 16:36:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= iJmC9RsVHYv/TaiaQgM7ygIb7Mvb3W28zM26saXdFEY=; b=epMNdibWfB6LmuXp 2s4p9v73nC5YP0MaC0kNVX2uk2XbceJmPhO10PWyzz6qqd1Zr2lXDvAZvJrsxKKG dfKjuGLGFTOqhirWYwOHfRYTddnlzZsrgaoxYsfK7Kb36JSqSpK0fd9SmZ6oL+wi C+lai2kvQQRtybHYdhV00G8YheFmLusQK9+SpJ0MqWB81M1tGbX5D/hSYl4U1pCB 3lqKEfiBghY27Sq2Opo1dkDKLhKdn9Ln7N7fOJqAo6DEEBouRGBt8DLYs/5WTt9m 7LK6o4+mhnj42dak+ie6AkTDbhOlFcw4VlhLk9qwaW9vu5o8bGC4QvHTL3v3g6/U huKG3w== Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4e03jwsfru-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Wed, 06 May 2026 16:36:45 +0000 (GMT) Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-2ba838d3fa4so8002265ad.3 for ; Wed, 06 May 2026 09:36:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1778085405; x=1778690205; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=iJmC9RsVHYv/TaiaQgM7ygIb7Mvb3W28zM26saXdFEY=; b=kHciLMQJBLWIO6TXLMsof7i3g0EQft99qvkoReJyHpwUdlaHi/bk6g9GFkOTV+jiEc 1zTVuGrmw/rGhGRMwY7t3XDKFEOG8mfuPAnRrHYGl+2Nlyc03QlwUSKTKzpUh9WONF8G SE3SWA9dYkuUQFO1itr8Cjv6oogOkrglywNphMFyrEV2PgrZapfxspuK2yJbu+NwKreE unUXXRh3/tlX2W0T1/tl9hAKOgMXGeHyELhwptZonW3SB8YuNN8jJXCVTM3oBX6CKYik FsULaRzogKSfHDaFIaX6nQ/+5ZeZ21ReSHp4+/LK2d2B7guhOGMgxBVrC710koafOL5o fMGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778085405; x=1778690205; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iJmC9RsVHYv/TaiaQgM7ygIb7Mvb3W28zM26saXdFEY=; b=QejfnbpTTeDSg+bzycDZcD0sZnG+rUDwFORbEvx89FrKJIZPx66iW4beD630qDGlO7 BVQd195RiSK+vg3wDe8tH5fiIY3+LkLdD0hlyrgUHlYGsbkCKbHacx6eVEeBLDeqg7k2 a2dU8lK5zQnAyPu9jHSr76rBvxQUKZVp+A5oVvYygEBjELOHJaUaT0F1sBRs3WGAotKc Iby8s2Ms926P/NpGRXo0k4OjGQ36v5akgU7HIdoiNSzfn0PA3XB1yMg9c3prtZ6KtKQq 8JR/Tt6M4KwvH2J/VIQVq8cDUWtrvrkhf3n+JBE23763fSVzHVNLf4fGa2x7/q+jzRgN ZLnw== X-Forwarded-Encrypted: i=1; AFNElJ/ekSlvh/MCdtpXg9/Yjhls4ctT5d6wsLluzurt8aqr88scdDZ/ynU8ExrtmMDBPAjXLspBOjXh1gt5WBY=@vger.kernel.org X-Gm-Message-State: AOJu0YxVjK3g2hn2pmWHxJMfcwPPZI2+oWiS359pAW21LT+jBZuIaljr XXp+3hJ+Rg/W1ey4+Wu3rxwEPYo1mesHsQ8QfzT339qNqkRuwckn8NFp84nV/JdNCabm0Y+idcF K17y0HbWSYXAPp0AsUOXigcSmdRVSXLyMvbKGJ1av6d6aOZ8p5nBR8EDAJ8V5nSaIrts= X-Gm-Gg: AeBDievgpsbEt23pAVWmJSMqtZD1yMrpUAkE/lEJusWpY9h808DA69DK5y0/4xK5cbs lYqlmH1TLDDDISrgQo6AYkihmOnku9IlFryYSRU0rMqnubFq8QkrAqYSxjCfE3L7uQK5HDOg6DD WeJDFqZ1WSC5yUz3eSelCiYayQ650or44IBKBE9VOT84TKxcoNHUM367iMVuCdWl1NHVkcqno73 o9kh/HwgkV9BTnF1y6D7Y8Zc4iAnSLreJ9wydJMy3VI7wi66P8jQaa52FMHWbOlPUguwoZGyqKP 6qND4kyJq3tRBsJ/TQSg6bYF8Sc9IQgp6MFeT+G5x/ti7Qp49aDuksV9TONQRH6u5mbL+ahUwDS 4oJ1AOgKLGr9yX7NaUszNop8wZ57bbOHB300wKiGqukKF17hyM/iivK20e39aNz6V X-Received: by 2002:a17:903:24f:b0:2b4:5f67:5914 with SMTP id d9443c01a7336-2ba79becc18mr44285425ad.33.1778085404296; Wed, 06 May 2026 09:36:44 -0700 (PDT) X-Received: by 2002:a17:903:24f:b0:2b4:5f67:5914 with SMTP id d9443c01a7336-2ba79becc18mr44285005ad.33.1778085403722; Wed, 06 May 2026 09:36:43 -0700 (PDT) Received: from [10.206.105.200] ([202.46.23.25]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ba7ca2563dsm29225485ad.76.2026.05.06.09.36.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 06 May 2026 09:36:43 -0700 (PDT) Message-ID: <4d4d8023-57ba-0dec-488f-bce17090a0d4@oss.qualcomm.com> Date: Wed, 6 May 2026 22:06:35 +0530 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v4 07/13] media: iris: Enable Secure PAS support with IOMMU managed by Linux Content-Language: en-US To: Mukesh Ojha Cc: Vikash Garodia , Dikshita Agarwal , Abhinav Kumar , Bryan O'Donoghue , Mauro Carvalho Chehab , Hans Verkuil , Stefan Schmidt , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Stanimir Varbanov , Joerg Roedel , Will Deacon , Robin Murphy , Bjorn Andersson , Konrad Dybcio , linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, iommu@lists.linux.dev References: <20260505-glymur-v4-0-17571dbd1caa@oss.qualcomm.com> <20260505-glymur-v4-7-17571dbd1caa@oss.qualcomm.com> <20260506052129.4kahdrcxxrvl53hy@hu-mojha-hyd.qualcomm.com> From: Vishnu Reddy In-Reply-To: <20260506052129.4kahdrcxxrvl53hy@hu-mojha-hyd.qualcomm.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Authority-Analysis: v=2.4 cv=J4CaKgnS c=1 sm=1 tr=0 ts=69fb6e1d cx=c_pps a=JL+w9abYAAE89/QcEU+0QA==:117 a=ZePRamnt/+rB5gQjfz0u9A==:17 a=IkcTkHD0fZMA:10 a=NGcC8JguVDcA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=_K5XuSEh1TEqbUxoQ0s3:22 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=tkXzD9pcQE_IdLLthRAA:9 a=QEXdDO2ut3YA:10 a=324X-CrmTo6CU4MGRt3R:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTA2MDE2MiBTYWx0ZWRfXw8r7uhW1p+NQ 48huhTF+5NWsiAausJT3hidyNRtmROtOdBk2GbR6u8qfuGz2PGdESD2huKwMo6dOwbf7Jy1au0/ +8LNv/mURxNZrVPhyHdNQ3uHCNH6C3Vw+ncFXQz+bmmMjTsy3N1MNu5CL4VaPq75W2XHwEeMKJj qkxjIia5RAjJuz5GbD5OCtYxbOhSzObyrKQM0lnXZSGg7xzalWR+TgC1DllgVnC0ZtX4DSzZ7Cn 6TCsj/+iEK5w2QGL6Ne3uVfU9qEWaplBGSCedYqCppLjeTGozYkCWB3JxaupcxPARA7OCz1dKlW sY178jEg9K/1VPpl2RH1xH7YlkJ359udCAVAs8BNIqybZzLvF/SVqD7j71yyvm9rJHWsYF9hZzt mjd62DiIiEZBGi8sX7RcDSWCTM0VSk74eh1XOQzX9w62R3Ca1nC9y/yrDXYdhm8/hswH821x+4S sryT2xkpctUbcOKrCeQ== X-Proofpoint-GUID: 9-Zzt5qbooCqe0_fqhHxbgWDPbOfSnMQ X-Proofpoint-ORIG-GUID: 9-Zzt5qbooCqe0_fqhHxbgWDPbOfSnMQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-06_01,2026-05-06_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 clxscore=1015 malwarescore=0 impostorscore=0 adultscore=0 phishscore=0 suspectscore=0 spamscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605060162 On 5/6/2026 10:51 AM, Mukesh Ojha wrote: > On Tue, May 05, 2026 at 12:29:28PM +0530, Vishnu Reddy wrote: >> From: Mukesh Ojha >> >> Most Qualcomm platforms feature a proprietary hypervisor (such as Gunyah >> or QHEE), which typically handles IOMMU configuration. This includes >> mapping memory regions and device memory resources for remote processors >> by intercepting qcom_scm_pas_auth_and_reset() calls. These mappings are >> later removed during teardown. Additionally, SHM bridge setup is required >> to enable memory protection for both remoteproc metadata and its memory >> regions. >> >> When the hypervisor is absent, the operating system must perform these >> configurations instead. >> >> Support for handling IOMMU and SHM setup in the absence of a hypervisor >> is now in place. Extend the Iris driver to enable this functionality on >> platforms where IOMMU is managed by Linux (i.e., non-Gunyah, non-QHEE). >> >> Additionally, the Iris driver must map the firmware and its required >> resources to the firmware SID, which is now specified via iommu-map in >> the device tree. >> >> Co-developed-by: Vikash Garodia >> Signed-off-by: Vikash Garodia >> Signed-off-by: Mukesh Ojha >> Signed-off-by: Vishnu Reddy > I have posted https://lore.kernel.org/lkml/20260506050107.1985033-1-mukesh.ojha@oss.qualcomm.com/#r > for resource table extraction and the API to map and unmap and now you > can use the api similar to below > https://lore.kernel.org/lkml/20250819165447.4149674-12-mukesh.ojha@oss.qualcomm.com/ Thanks for letting me know, rather than introducing a dependency for this series, I'd keep them independent for now. If your series lands first, I can update my patches to use the new API. Otherwise, I'm happy to volunteer a follow-up patch on top of my series once your patches are merged. Thanks, Vishnu Reddy. >> --- >> drivers/media/platform/qcom/iris/iris_core.h | 4 ++ >> drivers/media/platform/qcom/iris/iris_firmware.c | 72 ++++++++++++++++++++---- >> 2 files changed, 66 insertions(+), 10 deletions(-) >> >> diff --git a/drivers/media/platform/qcom/iris/iris_core.h b/drivers/media/platform/qcom/iris/iris_core.h >> index fb194c967ad4..b396c8cf595e 100644 >> --- a/drivers/media/platform/qcom/iris/iris_core.h >> +++ b/drivers/media/platform/qcom/iris/iris_core.h >> @@ -34,6 +34,8 @@ enum domain_type { >> * struct iris_core - holds core parameters valid for all instances >> * >> * @dev: reference to device structure >> + * @fw_dev: reference to the context bank device used for firmware load >> + * @pas_ctx: SCM PAS context for authenticated firmware load and shutdown >> * @reg_base: IO memory base address >> * @irq: iris irq >> * @v4l2_dev: a holder for v4l2 device structure >> @@ -77,6 +79,8 @@ enum domain_type { >> >> struct iris_core { >> struct device *dev; >> + struct device *fw_dev; >> + struct qcom_scm_pas_context *pas_ctx; >> void __iomem *reg_base; >> int irq; >> struct v4l2_device v4l2_dev; >> diff --git a/drivers/media/platform/qcom/iris/iris_firmware.c b/drivers/media/platform/qcom/iris/iris_firmware.c >> index 5f408024e967..0085dd7ec052 100644 >> --- a/drivers/media/platform/qcom/iris/iris_firmware.c >> +++ b/drivers/media/platform/qcom/iris/iris_firmware.c >> @@ -5,6 +5,7 @@ >> >> #include >> #include >> +#include >> #include >> #include >> #include >> @@ -13,12 +14,15 @@ >> #include "iris_firmware.h" >> >> #define MAX_FIRMWARE_NAME_SIZE 128 >> +#define IRIS_FW_START_ADDR 0 >> >> static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) >> { >> + struct device *fw_dev = core->fw_dev ? core->fw_dev : core->dev; >> u32 pas_id = core->iris_platform_data->pas_id; >> const struct firmware *firmware = NULL; >> - struct device *dev = core->dev; >> + struct qcom_scm_pas_context *pas_ctx; >> + struct iommu_domain *domain; >> struct resource res; >> phys_addr_t mem_phys; >> size_t res_size; >> @@ -29,14 +33,18 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) >> if (strlen(fw_name) >= MAX_FIRMWARE_NAME_SIZE - 4) >> return -EINVAL; >> >> - ret = of_reserved_mem_region_to_resource(dev->of_node, 0, &res); >> + ret = of_reserved_mem_region_to_resource(core->dev->of_node, 0, &res); >> if (ret) >> return ret; >> >> mem_phys = res.start; >> res_size = resource_size(&res); >> >> - ret = request_firmware(&firmware, fw_name, dev); >> + pas_ctx = devm_qcom_scm_pas_context_alloc(fw_dev, pas_id, mem_phys, res_size); >> + if (IS_ERR(pas_ctx)) >> + return PTR_ERR(pas_ctx); >> + >> + ret = request_firmware(&firmware, fw_name, fw_dev); >> if (ret) >> return ret; >> >> @@ -52,9 +60,27 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) >> goto err_release_fw; >> } >> >> - ret = qcom_mdt_load(dev, firmware, fw_name, >> - pas_id, mem_virt, mem_phys, res_size, NULL); >> + pas_ctx->use_tzmem = !!core->fw_dev; >> + ret = qcom_mdt_pas_load(pas_ctx, firmware, fw_name, mem_virt, NULL); >> + if (ret) >> + goto err_mem_unmap; >> + >> + if (pas_ctx->use_tzmem) { >> + domain = iommu_get_domain_for_dev(fw_dev); >> + if (!domain) { >> + ret = -ENODEV; >> + goto err_mem_unmap; >> + } >> + >> + ret = iommu_map(domain, IRIS_FW_START_ADDR, mem_phys, res_size, >> + IOMMU_READ | IOMMU_WRITE | IOMMU_PRIV, GFP_KERNEL); >> + if (ret) >> + goto err_mem_unmap; >> + } >> >> + core->pas_ctx = pas_ctx; >> + >> +err_mem_unmap: >> memunmap(mem_virt); >> err_release_fw: >> release_firmware(firmware); >> @@ -62,6 +88,18 @@ static int iris_load_fw_to_memory(struct iris_core *core, const char *fw_name) >> return ret; >> } >> >> +static void iris_fw_iommu_unmap(struct iris_core *core) >> +{ >> + struct iommu_domain *domain; >> + >> + if (!core->pas_ctx->use_tzmem) >> + return; >> + >> + domain = iommu_get_domain_for_dev(core->fw_dev); >> + if (domain) >> + iommu_unmap(domain, IRIS_FW_START_ADDR, core->pas_ctx->mem_size); >> +} >> + >> int iris_fw_load(struct iris_core *core) >> { >> const struct tz_cp_config *cp_config; >> @@ -79,10 +117,10 @@ int iris_fw_load(struct iris_core *core) >> return -ENOMEM; >> } >> >> - ret = qcom_scm_pas_auth_and_reset(core->iris_platform_data->pas_id); >> + ret = qcom_scm_pas_prepare_and_auth_reset(core->pas_ctx); >> if (ret) { >> dev_err(core->dev, "auth and reset failed: %d\n", ret); >> - return ret; >> + goto err_unmap; >> } >> >> for (i = 0; i < core->iris_platform_data->tz_cp_config_data_size; i++) { >> @@ -93,17 +131,31 @@ int iris_fw_load(struct iris_core *core) >> cp_config->cp_nonpixel_size); >> if (ret) { >> dev_err(core->dev, "qcom_scm_mem_protect_video_var failed: %d\n", ret); >> - qcom_scm_pas_shutdown(core->iris_platform_data->pas_id); >> - return ret; >> + goto err_pas_shutdown; >> } >> } >> >> + return 0; >> + >> +err_pas_shutdown: >> + qcom_scm_pas_shutdown(core->pas_ctx->pas_id); >> +err_unmap: >> + iris_fw_iommu_unmap(core); >> + >> return ret; >> } >> >> int iris_fw_unload(struct iris_core *core) >> { >> - return qcom_scm_pas_shutdown(core->iris_platform_data->pas_id); >> + int ret; >> + >> + ret = qcom_scm_pas_shutdown(core->pas_ctx->pas_id); >> + if (ret) >> + return ret; >> + >> + iris_fw_iommu_unmap(core); >> + >> + return ret; >> } >> >> int iris_set_hw_state(struct iris_core *core, bool resume) >> >> -- >> 2.34.1 >>