Hello Bjorn, On 9/26/24 05:51, Bjorn Andersson wrote: > On Fri, Aug 30, 2024 at 11:51:44AM GMT, Arnaud Pouliquen wrote: >> Add support for releasing remote processor firmware through >> the Trusted Execution Environment (TEE) interface. >> >> The tee_rproc_release_fw() function is called in the following cases: >> >> - An error occurs in rproc_start() between the loading of the segments and >> the start of the remote processor. >> - When rproc_release_fw is called on error or after stopping the remote >> processor. >> >> Signed-off-by: Arnaud Pouliquen <arnaud.pouliq...@foss.st.com> >> --- >> drivers/remoteproc/remoteproc_core.c | 10 ++++++++-- >> 1 file changed, 8 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/remoteproc/remoteproc_core.c >> b/drivers/remoteproc/remoteproc_core.c >> index 7694817f25d4..32052dedc149 100644 >> --- a/drivers/remoteproc/remoteproc_core.c >> +++ b/drivers/remoteproc/remoteproc_core.c >> @@ -29,6 +29,7 @@ >> #include <linux/debugfs.h> >> #include <linux/rculist.h> >> #include <linux/remoteproc.h> >> +#include <linux/remoteproc_tee.h> >> #include <linux/iommu.h> >> #include <linux/idr.h> >> #include <linux/elf.h> >> @@ -1258,6 +1259,9 @@ static int rproc_alloc_registered_carveouts(struct >> rproc *rproc) >> >> static void rproc_release_fw(struct rproc *rproc) >> { >> + if (rproc->state == RPROC_OFFLINE && rproc->tee_interface) >> + tee_rproc_release_fw(rproc); > > I don't like the idea of having op-tee specific calls made from the > core. If the problem is that we need to unroll something we did at load, > can we instead come up with a more generic mechanism to unload that? Or
As proposed in [1] an alternative could be to define a new rproc_ops->release_fw operation that will be initialized to tee_rproc_release_fw in the platform driver. > can we perhaps postpone the tee interaction until start() to avoid the > gap? In such a case, the management of the resource table should also be postponed as the firmware has to be authenticated first. The OP-TEE implementation authenticates the firmware during the load (in-destination memory authentication), so the sequence is: 1) Load the firmware. 2) Get the resource table and initialize resources. 3) Start the firmware. The tee_rproc_release_fw() is used if something goes wrong during step 2 an3. >From my perspective, this would result in an alternative boot sequence, as we have today for "attach". I proposed this approach in my V3 [2]. But this add complexity in remote proc core. Please, could you align with Mathieu to define how we should move forward to address your concerns? [1]https://lkml.org/lkml/2024/9/18/612 [2]https://lore.kernel.org/lkml/8af59b01-53cf-4fc4-9946-6c630fb7b...@quicinc.com/T/ Thanks and Regards, Arnaud > > > PS. Most of the Qualcomm drivers are TEE-based...so the "tee_interface" > boolean check here is not very nice. > > Regards, > Bjorn > >> + >> /* Free the copy of the resource table */ >> kfree(rproc->cached_table); >> rproc->cached_table = NULL; >> @@ -1348,7 +1352,7 @@ static int rproc_start(struct rproc *rproc, const >> struct firmware *fw) >> if (ret) { >> dev_err(dev, "failed to prepare subdevices for %s: %d\n", >> rproc->name, ret); >> - goto reset_table_ptr; >> + goto release_fw; >> } >> >> /* power up the remote processor */ >> @@ -1376,7 +1380,9 @@ static int rproc_start(struct rproc *rproc, const >> struct firmware *fw) >> rproc->ops->stop(rproc); >> unprepare_subdevices: >> rproc_unprepare_subdevices(rproc); >> -reset_table_ptr: >> +release_fw: >> + if (rproc->tee_interface) >> + tee_rproc_release_fw(rproc); >> rproc->table_ptr = rproc->cached_table; >> >> return ret; >> -- >> 2.25.1 >>