Re: [PATCH v2 2/2] soc: mediatek: devapc: add devapc-mt6873 driver

From: Chun-Kuang Hu
Date: Fri Jun 19 2020 - 12:26:22 EST


Hi, Neal:

Neal Liu <neal.liu@xxxxxxxxxxxx> æ 2020å6æ19æ éä äå6:01åéï
>
> MT6873 bus frabric provides TrustZone security support and data
> protection to prevent slaves from being accessed by unexpected
> masters.
> The security violations are logged and sent to the processor for
> further analysis or countermeasures.
>
> Any occurrence of security violation would raise an interrupt, and
> it will be handled by devapc-mt6873 driver. The violation
> information is printed in order to find the murderer.
>
> Signed-off-by: Neal Liu <neal.liu@xxxxxxxxxxxx>
> ---

[snip]

> +
> +/*
> + * mtk_devapc_pd_get - get devapc pd_types of register address.
> + *
> + * Returns the value of reg addr
> + */
> +static void __iomem *mtk_devapc_pd_get(struct mtk_devapc_context *devapc_ctx,
> + int slave_type,
> + enum DEVAPC_PD_REG_TYPE pd_reg_type,
> + u32 index)
> +{
> + struct mtk_devapc_vio_info *vio_info = devapc_ctx->soc->vio_info;
> + u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> + const u32 *devapc_pds = devapc_ctx->soc->devapc_pds;

devapc_pds = mt6873_devapc_pds;


> + void __iomem *reg;
> +
> + if (!devapc_pds)

Never happen.

> + return NULL;
> +
> + if ((slave_type < slave_type_num &&
> + index < vio_info->vio_mask_sta_num[slave_type]) &&
> + pd_reg_type < PD_REG_TYPE_NUM) {

Always true.

> + reg = devapc_ctx->devapc_pd_base[slave_type] +
> + devapc_pds[pd_reg_type];
> +
> + if (pd_reg_type == VIO_MASK || pd_reg_type == VIO_STA)
> + reg += 0x4 * index;
> +
> + } else {
> + pr_err(PFX "Out Of Boundary, slave_type:0x%x/pd_reg_type:0x%x/index:0x%x\n",
> + slave_type, pd_reg_type, index);
> + return NULL;
> + }
> +
> + return reg;
> +}
> +

[snip]

> +
> +/*
> + * start_devapc - initialize devapc status and start receiving interrupt
> + * while devapc violation is triggered.
> + */
> +static void start_devapc(struct mtk_devapc_context *devapc_ctx)
> +{
> + u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> + const struct mtk_device_info **device_info;
> + const struct mtk_device_num *ndevices;
> + void __iomem *pd_vio_shift_sta_reg;
> + void __iomem *pd_apc_con_reg;
> + int slave_type, i, vio_idx, index;
> + u32 vio_shift_sta;
> +
> + ndevices = devapc_ctx->soc->ndevices;

ndevices = mtk6873_devices_num;


> +
> + device_info = devapc_ctx->soc->device_info;
> +
> + for (slave_type = 0; slave_type < slave_type_num; slave_type++) {
> + pd_apc_con_reg = mtk_devapc_pd_get(devapc_ctx, slave_type,
> + APC_CON, 0);
> + pd_vio_shift_sta_reg = mtk_devapc_pd_get(devapc_ctx, slave_type,
> + VIO_SHIFT_STA, 0);
> +
> + if (!pd_apc_con_reg || !pd_vio_shift_sta_reg || !device_info)
> + return;
> +
> + /* Clear DEVAPC violation status */
> + writel(BIT(31), pd_apc_con_reg);
> +
> + /* Clear violation shift status */
> + vio_shift_sta = readl(pd_vio_shift_sta_reg);
> + if (vio_shift_sta)
> + writel(vio_shift_sta, pd_vio_shift_sta_reg);
> +
> + /* Clear type 2 violation status */
> + check_type2_vio_status(devapc_ctx, slave_type, &vio_idx, &i);
> +
> + /* Clear violation status */
> + for (i = 0; i < ndevices[slave_type].vio_slave_num; i++) {
> + vio_idx = device_info[slave_type][i].vio_index;
> + if ((check_vio_status(devapc_ctx, slave_type, vio_idx)
> + == VIOLATION_TRIGGERED) &&
> + clear_vio_status(devapc_ctx, slave_type,
> + vio_idx)) {
> + pr_warn(PFX "Clear vio status failed, slave_type:0x%x, vio_index:0x%x\n",
> + slave_type, vio_idx);
> +
> + index = i;
> + mtk_devapc_dump_vio_dbg(devapc_ctx, slave_type,
> + &vio_idx, &index);
> + i = index - 1;
> + }
> +
> + mask_module_irq(devapc_ctx, slave_type, vio_idx, false);
> + }
> + }
> +}
> +
> +static DEFINE_SPINLOCK(devapc_lock);

Useless, so remove it.

> +
> +/*
> + * devapc_violation_irq - the devapc Interrupt Service Routine (ISR) will dump
> + * violation information including which master violates
> + * access slave.
> + */
> +static irqreturn_t devapc_violation_irq(int irq_number,
> + struct mtk_devapc_context *devapc_ctx)
> +{
> + u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> + const struct mtk_device_info **device_info;
> + struct mtk_devapc_vio_info *vio_info;
> + int slave_type, vio_idx, index;
> + const char *vio_master;
> + unsigned long flags;
> + u8 perm;
> +
> + spin_lock_irqsave(&devapc_lock, flags);
> +
> + device_info = devapc_ctx->soc->device_info;
> + vio_info = devapc_ctx->soc->vio_info;
> + vio_idx = -1;
> + index = -1;
> +
> + /* There are multiple DEVAPC_PD */
> + for (slave_type = 0; slave_type < slave_type_num; slave_type++) {
> + if (!check_type2_vio_status(devapc_ctx, slave_type, &vio_idx,
> + &index))
> + if (!mtk_devapc_dump_vio_dbg(devapc_ctx, slave_type,
> + &vio_idx, &index))
> + continue;
> +
> + /* Ensure that violation info are written before
> + * further operations
> + */
> + smp_mb();
> +
> + mask_module_irq(devapc_ctx, slave_type, vio_idx, true);
> +
> + clear_vio_status(devapc_ctx, slave_type, vio_idx);
> +
> + perm = get_permission(devapc_ctx, slave_type, index,
> + vio_info->domain_id);
> +
> + vio_master = devapc_ctx->soc->master_get
> + (vio_info->master_id,
> + vio_info->vio_addr,
> + slave_type,
> + vio_info->shift_sta_bit,
> + vio_info->domain_id);

Call mt6873_bus_id_to_master() directly.

> +
> + if (!vio_master)
> + vio_master = "UNKNOWN_MASTER";
> +
> + pr_info(PFX "Violation - slave_type:0x%x, sys_index:0x%x, ctrl_index:0x%x, vio_index:0x%x\n",
> + slave_type,
> + device_info[slave_type][index].sys_index,
> + device_info[slave_type][index].ctrl_index,
> + device_info[slave_type][index].vio_index);
> +
> + pr_info(PFX "Violation Master: %s\n", vio_master);
> +
> + devapc_vio_reason(perm);
> +
> + mask_module_irq(devapc_ctx, slave_type, vio_idx, false);
> + }
> +
> + spin_unlock_irqrestore(&devapc_lock, flags);
> + return IRQ_HANDLED;
> +}
> +

[snip]

> +
> +/******************************************************************************
> + * VARIABLE DEFINATION
> + ******************************************************************************/
> +#define MOD_NO_IN_1_DEVAPC 16
> +#define VIOLATION_TRIGGERED 1
> +#define VIOLATION_MASKED 1
> +#define DEAD 0xdeadbeaf
> +#define PFX "[DEVAPC]: "
> +#define SLAVE_TYPE_NUM_MAX 5

SLAVE_TYPE_NUM is 4, why SLAVE_TYPE_NUM_MAX is 5?

> +
> +#define devapc_log(p, s, fmt, args...) \
> + do { \
> + typeof(p) (_p) = (p); \
> + ((_p) += scnprintf(_p, sizeof(s) - strlen(s), fmt, ##args)); \
> + } while (0)

Useless, so remove it.

> +
> +#define UNUSED(x) (void)(x)

Useless, so remove it.

> +
> +/******************************************************************************
> + * DATA STRUCTURE & FUNCTION DEFINATION
> + ******************************************************************************/
> +enum DEVAPC_PD_REG_TYPE {
> + VIO_MASK = 0,
> + VIO_STA,
> + VIO_DBG0,
> + VIO_DBG1,
> + VIO_DBG2,
> + APC_CON,
> + VIO_SHIFT_STA,
> + VIO_SHIFT_SEL,
> + VIO_SHIFT_CON,
> + PD_REG_TYPE_NUM,
> +};
> +
> +enum DEVAPC_UT_CMD {
> + DEVAPC_UT_DAPC_VIO = 1,
> + DEVAPC_UT_SRAM_VIO,
> +};

Useless, so remove it.

> +
> +enum DEVAPC_DOM_ID {
> + DOMAIN_0 = 0,
> + DOMAIN_1,
> + DOMAIN_2,
> + DOMAIN_3,
> + DOMAIN_4,
> + DOMAIN_5,
> + DOMAIN_6,
> + DOMAIN_7,
> + DOMAIN_8,
> + DOMAIN_9,
> + DOMAIN_10,
> + DOMAIN_11,
> + DOMAIN_12,
> + DOMAIN_13,
> + DOMAIN_14,
> + DOMAIN_15,
> + DOMAIN_OTHERS,
> +};

Useless, so remove it.

> +
> +enum SRAMROM_VIO {
> + ROM_VIOLATION = 0,
> + SRAM_VIOLATION,
> +};
> +
> +enum DEVAPC_PERM_TYPE {
> + NO_PROTECTION = 0,
> + SEC_RW_ONLY,
> + SEC_RW_NS_R,
> + FORBIDDEN,
> + PERM_TYPE_NUM,
> +};
> +
> +struct mtk_devapc_dbg_status {
> + bool enable_ut;
> + bool enable_dapc; /* dump APC */
> +};

Useless, so remove it.

Regards,
Chun-Kuang.