[PATCH 2/2] remoteproc: qcom_q6v5_mss: map/unmap MBA region before/after use

From: Sibi Sankar
Date: Wed Nov 04 2020 - 02:04:11 EST


The application processor accessing the MBA region after assigning it to
the remote Q6 would lead to an XPU violation. Fix this by un-mapping the
MBA region post firmware copy and MBA text log dumps.

Signed-off-by: Sibi Sankar <sibis@xxxxxxxxxxxxxx>
---
drivers/remoteproc/qcom_q6v5_mss.c | 37 ++++++++++++++++++++++---------------
1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/drivers/remoteproc/qcom_q6v5_mss.c b/drivers/remoteproc/qcom_q6v5_mss.c
index 2c866b6da23c..1b4a34325788 100644
--- a/drivers/remoteproc/qcom_q6v5_mss.c
+++ b/drivers/remoteproc/qcom_q6v5_mss.c
@@ -189,7 +189,6 @@ struct q6v5 {
size_t total_dump_size;

phys_addr_t mba_phys;
- void *mba_region;
size_t mba_size;
size_t dp_size;

@@ -408,7 +407,7 @@ static int q6v5_xfer_mem_ownership(struct q6v5 *qproc, int *current_perm,
current_perm, next, perms);
}

-static void q6v5_debug_policy_load(struct q6v5 *qproc)
+static void q6v5_debug_policy_load(struct q6v5 *qproc, void *ptr)
{
const struct firmware *dp_fw;

@@ -416,7 +415,7 @@ static void q6v5_debug_policy_load(struct q6v5 *qproc)
return;

if (SZ_1M + dp_fw->size <= qproc->mba_size) {
- memcpy(qproc->mba_region + SZ_1M, dp_fw->data, dp_fw->size);
+ memcpy(ptr + SZ_1M, dp_fw->data, dp_fw->size);
qproc->dp_size = dp_fw->size;
}

@@ -426,6 +425,7 @@ static void q6v5_debug_policy_load(struct q6v5 *qproc)
static int q6v5_load(struct rproc *rproc, const struct firmware *fw)
{
struct q6v5 *qproc = rproc->priv;
+ void *ptr;

/* MBA is restricted to a maximum size of 1M */
if (fw->size > qproc->mba_size || fw->size > SZ_1M) {
@@ -433,8 +433,16 @@ static int q6v5_load(struct rproc *rproc, const struct firmware *fw)
return -EINVAL;
}

- memcpy(qproc->mba_region, fw->data, fw->size);
- q6v5_debug_policy_load(qproc);
+ ptr = memremap(qproc->mba_phys, qproc->mba_size, MEMREMAP_WC);
+ if (!ptr) {
+ dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
+ &qproc->mba_phys, qproc->mba_size);
+ return -EBUSY;
+ }
+
+ memcpy(ptr, fw->data, fw->size);
+ q6v5_debug_policy_load(qproc, ptr);
+ memunmap(ptr);

return 0;
}
@@ -541,6 +549,7 @@ static void q6v5_dump_mba_logs(struct q6v5 *qproc)
{
struct rproc *rproc = qproc->rproc;
void *data;
+ void *ptr;

if (!qproc->has_mba_logs)
return;
@@ -549,12 +558,16 @@ static void q6v5_dump_mba_logs(struct q6v5 *qproc)
qproc->mba_size))
return;

- data = vmalloc(MBA_LOG_SIZE);
- if (!data)
+ ptr = memremap(qproc->mba_phys, qproc->mba_size, MEMREMAP_WC);
+ if (!ptr)
return;

- memcpy(data, qproc->mba_region, MBA_LOG_SIZE);
- dev_coredumpv(&rproc->dev, data, MBA_LOG_SIZE, GFP_KERNEL);
+ data = vmalloc(MBA_LOG_SIZE);
+ if (data) {
+ memcpy(data, ptr, MBA_LOG_SIZE);
+ dev_coredumpv(&rproc->dev, data, MBA_LOG_SIZE, GFP_KERNEL);
+ }
+ memunmap(ptr);
}

static int q6v5proc_reset(struct q6v5 *qproc)
@@ -1605,12 +1618,6 @@ static int q6v5_alloc_memory_region(struct q6v5 *qproc)

qproc->mba_phys = r.start;
qproc->mba_size = resource_size(&r);
- qproc->mba_region = devm_ioremap_wc(qproc->dev, qproc->mba_phys, qproc->mba_size);
- if (!qproc->mba_region) {
- dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
- &r.start, qproc->mba_size);
- return -EBUSY;
- }

if (!child) {
node = of_parse_phandle(qproc->dev->of_node,
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project