On Tue, Oct 07, 2025 at 10:18:48PM +0530, Mukesh Ojha wrote: > When the Peripheral Authentication Service (PAS) method runs on a SoC > where Linux operates at EL2 (i.e., without the Gunyah hypervisor), the > reset sequences are handled by TrustZone. In such cases, Linux must > perform additional steps before invoking PAS SMC calls, such as creating > a SHM bridge. Therefore, PAS SMC calls require awareness and handling of > these additional steps when Linux runs at EL2. > > To support this, there is a need for a data structure that can be > initialized prior to invoking any SMC or MDT functions. This structure > allows those functions to determine whether they are operating in the > presence or absence of the Gunyah hypervisor and behave accordingly. > > Currently, remoteproc and non-remoteproc subsystems use different > variants of the MDT loader helper API, primarily due to differences in > metadata context handling. Remoteproc subsystems retain the metadata > context until authentication and reset are completed, while > non-remoteproc subsystems (e.g., video, graphics, IPA, etc.) do not > retain the metadata context and can free it within the > qcom_scm_pas_init() call by passing a NULL context parameter and due to > these differences, it is not possible to extend metadata context > handling to support remoteproc and non remoteproc subsystem use PAS > operations, when Linux operates at EL2. > > Add PAS context data structure and helper functions to initialize and > destroy it. > > Reviewed-by: Bryan O'Donoghue <[email protected]> > Signed-off-by: Mukesh Ojha <[email protected]> > --- > drivers/firmware/qcom/qcom_scm.c | 54 > ++++++++++++++++++++++++++++++++++ > include/linux/firmware/qcom/qcom_scm.h | 11 +++++++ > 2 files changed, 65 insertions(+) > > diff --git a/drivers/firmware/qcom/qcom_scm.c > b/drivers/firmware/qcom/qcom_scm.c > index 3379607eaf94..b8ce4fc34dbe 100644 > --- a/drivers/firmware/qcom/qcom_scm.c > +++ b/drivers/firmware/qcom/qcom_scm.c > @@ -558,6 +558,60 @@ static void qcom_scm_set_download_mode(u32 dload_mode) > dev_err(__scm->dev, "failed to set download mode: %d\n", ret); > } > > +/** > + * qcom_scm_pas_context_init() - Initialize peripheral authentication service > + * context for a given peripheral and it can be > + * destroyed with qcom_scm_pas_context_destroy() > + * to release the context > + * > + * @dev: PAS firmware device > + * @pas_id: peripheral authentication service id > + * @mem_phys: Subsystem reserve memory start address > + * @mem_size: Subsystem reserve memory size > + * > + * Upon successful, returns the PAS context or ERR_PTR() of the error > otherwise. > + */ > +void *qcom_scm_pas_context_init(struct device *dev, u32 pas_id, phys_addr_t > mem_phys, > + size_t mem_size) > +{ > + struct qcom_scm_pas_context *ctx; > + > + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); > + if (!ctx) > + return ERR_PTR(-ENOMEM); > + > + ctx->dev = dev; > + ctx->pas_id = pas_id; > + ctx->mem_phys = mem_phys; > + ctx->mem_size = mem_size; > + > + ctx->metadata = kzalloc(sizeof(*ctx->metadata), GFP_KERNEL); > + if (!ctx->metadata) { > + kfree(ctx); > + return ERR_PTR(-ENOMEM); > + } > + > + return ctx; > +} > +EXPORT_SYMBOL_GPL(qcom_scm_pas_context_init); > + > +/** > + * qcom_scm_pas_context_destroy() - release PAS context > + * > + * @ctx: PAS context > + */ > +void qcom_scm_pas_context_destroy(struct qcom_scm_pas_context *ctx) > +{ > + kfree(ctx->metadata); > + ctx->metadata = NULL; > + ctx->dev = NULL; > + ctx->pas_id = 0; > + ctx->mem_phys = 0; > + ctx->mem_size = 0;
Why do you need to zero initialize these fields before freeing? Are they carrying any sensitive data that warrants zero initialization? - Mani -- மணிவண்ணன் சதாசிவம்
