1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2010,2015,2019 The Linux Foundation. All rights reserved. 3 * Copyright (C) 2015 Linaro Ltd. 4 */ 5 6 #include <linux/slab.h> 7 #include <linux/io.h> 8 #include <linux/module.h> 9 #include <linux/mutex.h> 10 #include <linux/errno.h> 11 #include <linux/err.h> 12 #include <linux/firmware/qcom/qcom_scm.h> 13 #include <linux/arm-smccc.h> 14 #include <linux/dma-mapping.h> 15 16 #include "qcom_scm.h" 17 18 static DEFINE_MUTEX(qcom_scm_lock); 19 20 21 /** 22 * struct arm_smccc_args 23 * @args: The array of values used in registers in smc instruction 24 */ 25 struct arm_smccc_args { 26 unsigned long args[8]; 27 }; 28 29 30 /** 31 * struct scm_legacy_command - one SCM command buffer 32 * @len: total available memory for command and response 33 * @buf_offset: start of command buffer 34 * @resp_hdr_offset: start of response buffer 35 * @id: command to be executed 36 * @buf: buffer returned from scm_legacy_get_command_buffer() 37 * 38 * An SCM command is laid out in memory as follows: 39 * 40 * ------------------- <--- struct scm_legacy_command 41 * | command header | 42 * ------------------- <--- scm_legacy_get_command_buffer() 43 * | command buffer | 44 * ------------------- <--- struct scm_legacy_response and 45 * | response header | scm_legacy_command_to_response() 46 * ------------------- <--- scm_legacy_get_response_buffer() 47 * | response buffer | 48 * ------------------- 49 * 50 * There can be arbitrary padding between the headers and buffers so 51 * you should always use the appropriate scm_legacy_get_*_buffer() routines 52 * to access the buffers in a safe manner. 53 */ 54 struct scm_legacy_command { 55 __le32 len; 56 __le32 buf_offset; 57 __le32 resp_hdr_offset; 58 __le32 id; 59 __le32 buf[]; 60 }; 61 62 /** 63 * struct scm_legacy_response - one SCM response buffer 64 * @len: total available memory for response 65 * @buf_offset: start of response data relative to start of scm_legacy_response 66 * @is_complete: indicates if the command has finished processing 67 */ 68 struct scm_legacy_response { 69 __le32 len; 70 __le32 buf_offset; 71 __le32 is_complete; 72 }; 73 74 /** 75 * scm_legacy_command_to_response() - Get a pointer to a scm_legacy_response 76 * @cmd: command 77 * 78 * Returns a pointer to a response for a command. 79 */ 80 static inline struct scm_legacy_response *scm_legacy_command_to_response( 81 const struct scm_legacy_command *cmd) 82 { 83 return (void *)cmd + le32_to_cpu(cmd->resp_hdr_offset); 84 } 85 86 /** 87 * scm_legacy_get_command_buffer() - Get a pointer to a command buffer 88 * @cmd: command 89 * 90 * Returns a pointer to the command buffer of a command. 91 */ 92 static inline void *scm_legacy_get_command_buffer( 93 const struct scm_legacy_command *cmd) 94 { 95 return (void *)cmd->buf; 96 } 97 98 /** 99 * scm_legacy_get_response_buffer() - Get a pointer to a response buffer 100 * @rsp: response 101 * 102 * Returns a pointer to a response buffer of a response. 103 */ 104 static inline void *scm_legacy_get_response_buffer( 105 const struct scm_legacy_response *rsp) 106 { 107 return (void *)rsp + le32_to_cpu(rsp->buf_offset); 108 } 109 110 static void __scm_legacy_do(const struct arm_smccc_args *smc, 111 struct arm_smccc_res *res) 112 { 113 do { 114 arm_smccc_smc(smc->args[0], smc->args[1], smc->args[2], 115 smc->args[3], smc->args[4], smc->args[5], 116 smc->args[6], smc->args[7], res); 117 } while (res->a0 == QCOM_SCM_INTERRUPTED); 118 } 119 120 /** 121 * scm_legacy_call() - Sends a command to the SCM and waits for the command to 122 * finish processing. 123 * @dev: device 124 * @desc: descriptor structure containing arguments and return values 125 * @res: results from SMC call 126 * 127 * A note on cache maintenance: 128 * Note that any buffers that are expected to be accessed by the secure world 129 * must be flushed before invoking qcom_scm_call and invalidated in the cache 130 * immediately after qcom_scm_call returns. Cache maintenance on the command 131 * and response buffers is taken care of by qcom_scm_call; however, callers are 132 * responsible for any other cached buffers passed over to the secure world. 133 */ 134 int scm_legacy_call(struct device *dev, const struct qcom_scm_desc *desc, 135 struct qcom_scm_res *res) 136 { 137 u8 arglen = desc->arginfo & 0xf; 138 int ret = 0, context_id; 139 unsigned int i; 140 struct scm_legacy_command *cmd; 141 struct scm_legacy_response *rsp; 142 struct arm_smccc_args smc = {0}; 143 struct arm_smccc_res smc_res; 144 const size_t cmd_len = arglen * sizeof(__le32); 145 const size_t resp_len = MAX_QCOM_SCM_RETS * sizeof(__le32); 146 size_t alloc_len = sizeof(*cmd) + cmd_len + sizeof(*rsp) + resp_len; 147 dma_addr_t cmd_phys; 148 __le32 *arg_buf; 149 const __le32 *res_buf; 150 151 cmd = kzalloc(PAGE_ALIGN(alloc_len), GFP_KERNEL); 152 if (!cmd) 153 return -ENOMEM; 154 155 cmd->len = cpu_to_le32(alloc_len); 156 cmd->buf_offset = cpu_to_le32(sizeof(*cmd)); 157 cmd->resp_hdr_offset = cpu_to_le32(sizeof(*cmd) + cmd_len); 158 cmd->id = cpu_to_le32(SCM_LEGACY_FNID(desc->svc, desc->cmd)); 159 160 arg_buf = scm_legacy_get_command_buffer(cmd); 161 for (i = 0; i < arglen; i++) 162 arg_buf[i] = cpu_to_le32(desc->args[i]); 163 164 rsp = scm_legacy_command_to_response(cmd); 165 166 cmd_phys = dma_map_single(dev, cmd, alloc_len, DMA_TO_DEVICE); 167 if (dma_mapping_error(dev, cmd_phys)) { 168 kfree(cmd); 169 return -ENOMEM; 170 } 171 172 smc.args[0] = 1; 173 smc.args[1] = (unsigned long)&context_id; 174 smc.args[2] = cmd_phys; 175 176 mutex_lock(&qcom_scm_lock); 177 __scm_legacy_do(&smc, &smc_res); 178 if (smc_res.a0) 179 ret = qcom_scm_remap_error(smc_res.a0); 180 mutex_unlock(&qcom_scm_lock); 181 if (ret) 182 goto out; 183 184 do { 185 dma_sync_single_for_cpu(dev, cmd_phys + sizeof(*cmd) + cmd_len, 186 sizeof(*rsp), DMA_FROM_DEVICE); 187 } while (!rsp->is_complete); 188 189 dma_sync_single_for_cpu(dev, cmd_phys + sizeof(*cmd) + cmd_len + 190 le32_to_cpu(rsp->buf_offset), 191 resp_len, DMA_FROM_DEVICE); 192 193 if (res) { 194 res_buf = scm_legacy_get_response_buffer(rsp); 195 for (i = 0; i < MAX_QCOM_SCM_RETS; i++) 196 res->result[i] = le32_to_cpu(res_buf[i]); 197 } 198 out: 199 dma_unmap_single(dev, cmd_phys, alloc_len, DMA_TO_DEVICE); 200 kfree(cmd); 201 return ret; 202 } 203 204 #define SCM_LEGACY_ATOMIC_N_REG_ARGS 5 205 #define SCM_LEGACY_ATOMIC_FIRST_REG_IDX 2 206 #define SCM_LEGACY_CLASS_REGISTER (0x2 << 8) 207 #define SCM_LEGACY_MASK_IRQS BIT(5) 208 #define SCM_LEGACY_ATOMIC_ID(svc, cmd, n) \ 209 ((SCM_LEGACY_FNID(svc, cmd) << 12) | \ 210 SCM_LEGACY_CLASS_REGISTER | \ 211 SCM_LEGACY_MASK_IRQS | \ 212 (n & 0xf)) 213 214 /** 215 * scm_legacy_call_atomic() - Send an atomic SCM command with up to 5 arguments 216 * and 3 return values 217 * @unused: device, legacy argument, not used, can be NULL 218 * @desc: SCM call descriptor containing arguments 219 * @res: SCM call return values 220 * 221 * This shall only be used with commands that are guaranteed to be 222 * uninterruptable, atomic and SMP safe. 223 */ 224 int scm_legacy_call_atomic(struct device *unused, 225 const struct qcom_scm_desc *desc, 226 struct qcom_scm_res *res) 227 { 228 int context_id; 229 struct arm_smccc_res smc_res; 230 size_t arglen = desc->arginfo & 0xf; 231 232 BUG_ON(arglen > SCM_LEGACY_ATOMIC_N_REG_ARGS); 233 234 arm_smccc_smc(SCM_LEGACY_ATOMIC_ID(desc->svc, desc->cmd, arglen), 235 (unsigned long)&context_id, 236 desc->args[0], desc->args[1], desc->args[2], 237 desc->args[3], desc->args[4], 0, &smc_res); 238 239 if (res) { 240 res->result[0] = smc_res.a1; 241 res->result[1] = smc_res.a2; 242 res->result[2] = smc_res.a3; 243 } 244 245 return smc_res.a0; 246 } 247