Commit fc156629 authored by Sibi Sankar's avatar Sibi Sankar Committed by Bjorn Andersson
Browse files

remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after use 



The application processor accessing the dynamically assigned metadata
region after assigning it to the remote Q6 would lead to an XPU violation.
Fix this by un-mapping the metadata region post firmware header copy. The
metadata region is freed only after the modem Q6 is done with fw header
authentication.

Signed-off-by: default avatarSibi Sankar <quic_sibis@quicinc.com>
Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/1652248625-990-1-git-send-email-quic_sibis@quicinc.com
parent 8672e79d

drivers/remoteproc/qcom_q6v5_mss.c

+32 −6
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@ 
#include <linux/clk.h>

#include <linux/delay.h>

#include <linux/devcoredump.h>

#include <linux/dma-map-ops.h>

#include <linux/dma-mapping.h>

#include <linux/interrupt.h>

#include <linux/kernel.h>
@@ -932,27 +933,52 @@ static void q6v5proc_halt_axi_port(struct q6v5 *qproc, 
static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw,

				const char *fw_name)

{

	unsigned long dma_attrs = DMA_ATTR_FORCE_CONTIGUOUS;

	unsigned long dma_attrs = DMA_ATTR_FORCE_CONTIGUOUS | DMA_ATTR_NO_KERNEL_MAPPING;

	unsigned long flags = VM_DMA_COHERENT | VM_FLUSH_RESET_PERMS;

	struct page **pages;

	struct page *page;

	dma_addr_t phys;

	void *metadata;

	int mdata_perm;

	int xferop_ret;

	size_t size;

	void *ptr;

	void *vaddr;

	int count;

	int ret;

	int i;



	metadata = qcom_mdt_read_metadata(fw, &size, fw_name, qproc->dev);

	if (IS_ERR(metadata))

		return PTR_ERR(metadata);



	ptr = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);

	if (!ptr) {

	page = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);

	if (!page) {

		kfree(metadata);

		dev_err(qproc->dev, "failed to allocate mdt buffer\n");

		return -ENOMEM;

	}



	memcpy(ptr, metadata, size);

	count = PAGE_ALIGN(size) >> PAGE_SHIFT;

	pages = kmalloc_array(count, sizeof(struct page *), GFP_KERNEL);

	if (!pages) {

		ret = -ENOMEM;

		goto free_dma_attrs;

	}



	for (i = 0; i < count; i++)

		pages[i] = nth_page(page, i);



	vaddr = vmap(pages, count, flags, pgprot_dmacoherent(PAGE_KERNEL));

	kfree(pages);

	if (!vaddr) {

		dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n", &phys, size);

		ret = -EBUSY;

		goto free_dma_attrs;

	}



	memcpy(vaddr, metadata, size);



	vunmap(vaddr);



	/* Hypervisor mapping to access metadata by modem */

	mdata_perm = BIT(QCOM_SCM_VMID_HLOS);
@@ -982,7 +1008,7 @@ static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw, 
			 "mdt buffer not reclaimed system may become unstable\n");



free_dma_attrs:

	dma_free_attrs(qproc->dev, size, ptr, phys, dma_attrs);

	dma_free_attrs(qproc->dev, size, page, phys, dma_attrs);

	kfree(metadata);



	return ret < 0 ? ret : 0;