Loading arch/arm64/kernel/smp.c +3 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,8 @@ #include <asm/virt.h> #include <asm/system_misc.h> #include <soc/qcom/scm.h> #define CREATE_TRACE_POINTS #include <trace/events/ipi.h> Loading Loading @@ -437,6 +439,7 @@ void __init smp_cpus_done(unsigned int max_cpus) setup_cpu_features(); hyp_mode_check(); apply_alternatives_all(); scm_enable_mem_protection(); mark_linear_text_alias_ro(); } Loading drivers/soc/qcom/Kconfig +9 −0 Original line number Diff line number Diff line Loading @@ -622,4 +622,13 @@ config QMP_DEBUGFS_CLIENT help This options enables a driver which allows clients to send messages to Alway On processor using QMP transport. config QCOM_QHEE_ENABLE_MEM_PROTECTION bool "QHEE enable kernel memory protection" depends on QCOM_SCM default y help When this option is enabled, an SCM call will be invoked to enable kernel memory protection in stage 2 memory mappings on kernel boot. This is part of a security feature enabled in QHEE. endmenu drivers/soc/qcom/scm.c +41 −0 Original line number Diff line number Diff line Loading @@ -618,3 +618,44 @@ bool scm_is_secure_device(void) return false; } EXPORT_SYMBOL(scm_is_secure_device); /* * SCM call command ID to protect kernel memory * in Hyp Stage 2 page tables. * Return zero for success. * Return non-zero for failure. */ #define TZ_RTIC_ENABLE_MEM_PROTECTION 0x4 #if IS_ENABLED(CONFIG_QCOM_QHEE_ENABLE_MEM_PROTECTION) int scm_enable_mem_protection(void) { struct scm_desc desc = {0}; int ret = 0, resp; desc.args[0] = 0; desc.arginfo = 0; ret = scm_call2(SCM_SIP_FNID(SCM_SVC_RTIC, TZ_RTIC_ENABLE_MEM_PROTECTION), &desc); resp = desc.ret[0]; if (ret == -1) { pr_err("%s: SCM call not supported\n", __func__); return ret; } else if (ret || resp) { pr_err("%s: SCM call failed\n", __func__); if (ret) return ret; else return resp; } return resp; } #else inline int scm_enable_mem_protection(void) { return 0; } #endif EXPORT_SYMBOL(scm_enable_mem_protection); include/soc/qcom/scm.h +8 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #define SCM_SVC_LMH 0x13 #define SCM_SVC_SMMU_PROGRAM 0x15 #define SCM_SVC_QDSS 0x16 #define SCM_SVC_RTIC 0x19 #define SCM_SVC_TZSCHEDULER 0xFC #define SCM_FUSE_READ 0x7 Loading Loading @@ -105,6 +106,7 @@ extern int scm_is_call_available(u32 svc_id, u32 cmd_id); extern u32 scm_io_read(phys_addr_t address); extern int scm_io_write(phys_addr_t address, u32 val); extern bool scm_is_secure_device(void); extern int scm_enable_mem_protection(void); extern struct mutex scm_lmh_lock; Loading Loading @@ -150,9 +152,14 @@ static inline int scm_io_write(phys_addr_t address, u32 val) return 0; } inline bool scm_is_secure_device(void) static inline bool scm_is_secure_device(void) { return false; } static inline int scm_enable_mem_protection(void) { return 0; } #endif #endif Loading
arch/arm64/kernel/smp.c +3 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,8 @@ #include <asm/virt.h> #include <asm/system_misc.h> #include <soc/qcom/scm.h> #define CREATE_TRACE_POINTS #include <trace/events/ipi.h> Loading Loading @@ -437,6 +439,7 @@ void __init smp_cpus_done(unsigned int max_cpus) setup_cpu_features(); hyp_mode_check(); apply_alternatives_all(); scm_enable_mem_protection(); mark_linear_text_alias_ro(); } Loading
drivers/soc/qcom/Kconfig +9 −0 Original line number Diff line number Diff line Loading @@ -622,4 +622,13 @@ config QMP_DEBUGFS_CLIENT help This options enables a driver which allows clients to send messages to Alway On processor using QMP transport. config QCOM_QHEE_ENABLE_MEM_PROTECTION bool "QHEE enable kernel memory protection" depends on QCOM_SCM default y help When this option is enabled, an SCM call will be invoked to enable kernel memory protection in stage 2 memory mappings on kernel boot. This is part of a security feature enabled in QHEE. endmenu
drivers/soc/qcom/scm.c +41 −0 Original line number Diff line number Diff line Loading @@ -618,3 +618,44 @@ bool scm_is_secure_device(void) return false; } EXPORT_SYMBOL(scm_is_secure_device); /* * SCM call command ID to protect kernel memory * in Hyp Stage 2 page tables. * Return zero for success. * Return non-zero for failure. */ #define TZ_RTIC_ENABLE_MEM_PROTECTION 0x4 #if IS_ENABLED(CONFIG_QCOM_QHEE_ENABLE_MEM_PROTECTION) int scm_enable_mem_protection(void) { struct scm_desc desc = {0}; int ret = 0, resp; desc.args[0] = 0; desc.arginfo = 0; ret = scm_call2(SCM_SIP_FNID(SCM_SVC_RTIC, TZ_RTIC_ENABLE_MEM_PROTECTION), &desc); resp = desc.ret[0]; if (ret == -1) { pr_err("%s: SCM call not supported\n", __func__); return ret; } else if (ret || resp) { pr_err("%s: SCM call failed\n", __func__); if (ret) return ret; else return resp; } return resp; } #else inline int scm_enable_mem_protection(void) { return 0; } #endif EXPORT_SYMBOL(scm_enable_mem_protection);
include/soc/qcom/scm.h +8 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #define SCM_SVC_LMH 0x13 #define SCM_SVC_SMMU_PROGRAM 0x15 #define SCM_SVC_QDSS 0x16 #define SCM_SVC_RTIC 0x19 #define SCM_SVC_TZSCHEDULER 0xFC #define SCM_FUSE_READ 0x7 Loading Loading @@ -105,6 +106,7 @@ extern int scm_is_call_available(u32 svc_id, u32 cmd_id); extern u32 scm_io_read(phys_addr_t address); extern int scm_io_write(phys_addr_t address, u32 val); extern bool scm_is_secure_device(void); extern int scm_enable_mem_protection(void); extern struct mutex scm_lmh_lock; Loading Loading @@ -150,9 +152,14 @@ static inline int scm_io_write(phys_addr_t address, u32 val) return 0; } inline bool scm_is_secure_device(void) static inline bool scm_is_secure_device(void) { return false; } static inline int scm_enable_mem_protection(void) { return 0; } #endif #endif
