Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97e923e1 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "soc: qcom: scm: QHEE SMC call to enable kernel memory protection" into msm-4.14

parents bccf1ca8 0893d9da
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -59,6 +59,8 @@
#include <asm/virt.h>
#include <asm/system_misc.h>

#include <soc/qcom/scm.h>

#define CREATE_TRACE_POINTS
#include <trace/events/ipi.h>

@@ -437,6 +439,7 @@ void __init smp_cpus_done(unsigned int max_cpus)
	setup_cpu_features();
	hyp_mode_check();
	apply_alternatives_all();
	scm_enable_mem_protection();
	mark_linear_text_alias_ro();
}

+9 −0
Original line number Diff line number Diff line
@@ -622,4 +622,13 @@ config QMP_DEBUGFS_CLIENT
	help
	  This options enables a driver which allows clients to send messages
	  to Alway On processor using QMP transport.

config QCOM_QHEE_ENABLE_MEM_PROTECTION
	bool "QHEE enable kernel memory protection"
	depends on QCOM_SCM
	default y
	help
	  When this option is enabled, an SCM call will be invoked to enable
	  kernel memory protection in stage 2 memory mappings on kernel boot.
	  This is part of a security feature enabled in QHEE.
endmenu
+41 −0
Original line number Diff line number Diff line
@@ -618,3 +618,44 @@ bool scm_is_secure_device(void)
		return false;
}
EXPORT_SYMBOL(scm_is_secure_device);

/*
 * SCM call command ID to protect kernel memory
 * in Hyp Stage 2 page tables.
 * Return zero for success.
 * Return non-zero for failure.
 */
#define TZ_RTIC_ENABLE_MEM_PROTECTION	0x4
#if IS_ENABLED(CONFIG_QCOM_QHEE_ENABLE_MEM_PROTECTION)
int scm_enable_mem_protection(void)
{
	struct scm_desc desc = {0};
	int ret = 0, resp;

	desc.args[0] = 0;
	desc.arginfo = 0;
	ret = scm_call2(SCM_SIP_FNID(SCM_SVC_RTIC,
			TZ_RTIC_ENABLE_MEM_PROTECTION),
			&desc);
	resp = desc.ret[0];

	if (ret == -1) {
		pr_err("%s: SCM call not supported\n", __func__);
		return ret;
	} else if (ret || resp) {
		pr_err("%s: SCM call failed\n", __func__);
		if (ret)
			return ret;
		else
			return resp;
	}

	return resp;
}
#else
inline int scm_enable_mem_protection(void)
{
	return 0;
}
#endif
EXPORT_SYMBOL(scm_enable_mem_protection);
+8 −1
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@
#define SCM_SVC_LMH			0x13
#define SCM_SVC_SMMU_PROGRAM		0x15
#define SCM_SVC_QDSS			0x16
#define SCM_SVC_RTIC			0x19
#define SCM_SVC_TZSCHEDULER		0xFC

#define SCM_FUSE_READ			0x7
@@ -105,6 +106,7 @@ extern int scm_is_call_available(u32 svc_id, u32 cmd_id);
extern u32 scm_io_read(phys_addr_t address);
extern int scm_io_write(phys_addr_t address, u32 val);
extern bool scm_is_secure_device(void);
extern int scm_enable_mem_protection(void);

extern struct mutex scm_lmh_lock;

@@ -150,9 +152,14 @@ static inline int scm_io_write(phys_addr_t address, u32 val)
	return 0;
}

inline bool scm_is_secure_device(void)
static inline bool scm_is_secure_device(void)
{
	return false;
}

static inline int scm_enable_mem_protection(void)
{
	return 0;
}
#endif
#endif