1 /* Copyright (c) 2010,2015, The Linux Foundation. All rights reserved.
2 >>>>>>> firmware: qcom: scm: Split out 32-bit specific SCM code
3 * Copyright (C) 2015 Linaro Ltd.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 and
7 * only version 2 as published by the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 #include <linux/slab.h>
22 #include <linux/module.h>
23 #include <linux/mutex.h>
24 #include <linux/errno.h>
25 #include <linux/err.h>
26 #include <linux/qcom_scm.h>
27 #include <linux/dma-mapping.h>
29 #include <asm/cacheflush.h>
33 #define QCOM_SCM_ENOMEM -5
34 #define QCOM_SCM_EOPNOTSUPP -4
35 #define QCOM_SCM_EINVAL_ADDR -3
36 #define QCOM_SCM_EINVAL_ARG -2
37 #define QCOM_SCM_ERROR -1
38 #define QCOM_SCM_INTERRUPTED 1
40 #define QCOM_SCM_FLAG_COLDBOOT_CPU0 0x00
41 #define QCOM_SCM_FLAG_COLDBOOT_CPU1 0x01
42 #define QCOM_SCM_FLAG_COLDBOOT_CPU2 0x08
43 #define QCOM_SCM_FLAG_COLDBOOT_CPU3 0x20
45 #define QCOM_SCM_FLAG_WARMBOOT_CPU0 0x04
46 #define QCOM_SCM_FLAG_WARMBOOT_CPU1 0x02
47 #define QCOM_SCM_FLAG_WARMBOOT_CPU2 0x10
48 #define QCOM_SCM_FLAG_WARMBOOT_CPU3 0x40
50 #define IOMMU_SECURE_PTBL_SIZE 3
51 #define IOMMU_SECURE_PTBL_INIT 4
52 #define IOMMU_SET_CP_POOL_SIZE 5
53 #define IOMMU_SECURE_MAP 6
54 #define IOMMU_SECURE_UNMAP 7
55 #define IOMMU_SECURE_MAP2 0xb
56 #define IOMMU_SECURE_MAP2_FLAT 0x12
57 #define IOMMU_SECURE_UNMAP2 0xc
59 struct qcom_scm_entry {
64 static struct qcom_scm_entry qcom_scm_wb[] = {
65 { .flag = QCOM_SCM_FLAG_WARMBOOT_CPU0 },
66 { .flag = QCOM_SCM_FLAG_WARMBOOT_CPU1 },
67 { .flag = QCOM_SCM_FLAG_WARMBOOT_CPU2 },
68 { .flag = QCOM_SCM_FLAG_WARMBOOT_CPU3 },
71 static DEFINE_MUTEX(qcom_scm_lock);
74 * struct qcom_scm_command - one SCM command buffer
75 * @len: total available memory for command and response
76 * @buf_offset: start of command buffer
77 * @resp_hdr_offset: start of response buffer
78 * @id: command to be executed
79 * @buf: buffer returned from qcom_scm_get_command_buffer()
81 * An SCM command is laid out in memory as follows:
83 * ------------------- <--- struct qcom_scm_command
85 * ------------------- <--- qcom_scm_get_command_buffer()
87 * ------------------- <--- struct qcom_scm_response and
88 * | response header | qcom_scm_command_to_response()
89 * ------------------- <--- qcom_scm_get_response_buffer()
93 * There can be arbitrary padding between the headers and buffers so
94 * you should always use the appropriate qcom_scm_get_*_buffer() routines
95 * to access the buffers in a safe manner.
97 struct qcom_scm_command {
100 __le32 resp_hdr_offset;
106 * struct qcom_scm_response - one SCM response buffer
107 * @len: total available memory for response
108 * @buf_offset: start of response data relative to start of qcom_scm_response
109 * @is_complete: indicates if the command has finished processing
111 struct qcom_scm_response {
118 * alloc_qcom_scm_command() - Allocate an SCM command
119 * @cmd_size: size of the command buffer
120 * @resp_size: size of the response buffer
122 * Allocate an SCM command, including enough room for the command
123 * and response headers as well as the command and response buffers.
125 * Returns a valid &qcom_scm_command on success or %NULL if the allocation fails.
127 static struct qcom_scm_command *alloc_qcom_scm_command(size_t cmd_size, size_t resp_size)
129 struct qcom_scm_command *cmd;
130 size_t len = sizeof(*cmd) + sizeof(struct qcom_scm_response) + cmd_size +
134 cmd = kzalloc(PAGE_ALIGN(len), GFP_KERNEL);
136 cmd->len = cpu_to_le32(len);
137 offset = offsetof(struct qcom_scm_command, buf);
138 cmd->buf_offset = cpu_to_le32(offset);
139 cmd->resp_hdr_offset = cpu_to_le32(offset + cmd_size);
145 * free_qcom_scm_command() - Free an SCM command
146 * @cmd: command to free
148 * Free an SCM command.
150 static inline void free_qcom_scm_command(struct qcom_scm_command *cmd)
156 * qcom_scm_command_to_response() - Get a pointer to a qcom_scm_response
159 * Returns a pointer to a response for a command.
161 static inline struct qcom_scm_response *qcom_scm_command_to_response(
162 const struct qcom_scm_command *cmd)
164 return (void *)cmd + le32_to_cpu(cmd->resp_hdr_offset);
168 * qcom_scm_get_command_buffer() - Get a pointer to a command buffer
171 * Returns a pointer to the command buffer of a command.
173 static inline void *qcom_scm_get_command_buffer(const struct qcom_scm_command *cmd)
175 return (void *)cmd->buf;
179 * qcom_scm_get_response_buffer() - Get a pointer to a response buffer
182 * Returns a pointer to a response buffer of a response.
184 static inline void *qcom_scm_get_response_buffer(const struct qcom_scm_response *rsp)
186 return (void *)rsp + le32_to_cpu(rsp->buf_offset);
189 static u32 smc(u32 cmd_addr)
192 register u32 r0 asm("r0") = 1;
193 register u32 r1 asm("r1") = (u32)&context_id;
194 register u32 r2 asm("r2") = cmd_addr;
202 ".arch_extension sec\n"
204 "smc #0 @ switch to secure world\n"
206 : "r" (r0), "r" (r1), "r" (r2)
208 } while (r0 == QCOM_SCM_INTERRUPTED);
213 static int __qcom_scm_call(const struct qcom_scm_command *cmd)
216 u32 cmd_addr = virt_to_phys(cmd);
219 * Flush the command buffer so that the secure world sees
222 secure_flush_area(cmd, cmd->len);
226 ret = qcom_scm_remap_error(ret);
231 static void qcom_scm_inv_range(unsigned long start, unsigned long end)
233 u32 cacheline_size, ctr;
235 asm volatile("mrc p15, 0, %0, c0, c0, 1" : "=r" (ctr));
236 cacheline_size = 4 << ((ctr >> 16) & 0xf);
238 start = round_down(start, cacheline_size);
239 end = round_up(end, cacheline_size);
240 outer_inv_range(start, end);
241 while (start < end) {
242 asm ("mcr p15, 0, %0, c7, c6, 1" : : "r" (start)
244 start += cacheline_size;
251 * qcom_scm_call() - Send an SCM command
252 * @svc_id: service identifier
253 * @cmd_id: command identifier
254 * @cmd_buf: command buffer
255 * @cmd_len: length of the command buffer
256 * @resp_buf: response buffer
257 * @resp_len: length of the response buffer
259 * Sends a command to the SCM and waits for the command to finish processing.
261 * A note on cache maintenance:
262 * Note that any buffers that are expected to be accessed by the secure world
263 * must be flushed before invoking qcom_scm_call and invalidated in the cache
264 * immediately after qcom_scm_call returns. Cache maintenance on the command
265 * and response buffers is taken care of by qcom_scm_call; however, callers are
266 * responsible for any other cached buffers passed over to the secure world.
268 static int qcom_scm_call(u32 svc_id, u32 cmd_id, const void *cmd_buf,
269 size_t cmd_len, void *resp_buf, size_t resp_len)
272 struct qcom_scm_command *cmd;
273 struct qcom_scm_response *rsp;
274 unsigned long start, end;
276 cmd = alloc_qcom_scm_command(cmd_len, resp_len);
280 cmd->id = cpu_to_le32((svc_id << 10) | cmd_id);
282 memcpy(qcom_scm_get_command_buffer(cmd), cmd_buf, cmd_len);
284 mutex_lock(&qcom_scm_lock);
285 ret = __qcom_scm_call(cmd);
286 mutex_unlock(&qcom_scm_lock);
290 rsp = qcom_scm_command_to_response(cmd);
291 start = (unsigned long)rsp;
294 qcom_scm_inv_range(start, start + sizeof(*rsp));
295 } while (!rsp->is_complete);
297 end = (unsigned long)qcom_scm_get_response_buffer(rsp) + resp_len;
298 qcom_scm_inv_range(start, end);
301 memcpy(resp_buf, qcom_scm_get_response_buffer(rsp), resp_len);
303 free_qcom_scm_command(cmd);
307 #define SCM_CLASS_REGISTER (0x2 << 8)
308 #define SCM_MASK_IRQS BIT(5)
309 #define SCM_ATOMIC(svc, cmd, n) (((((svc) << 10)|((cmd) & 0x3ff)) << 12) | \
310 SCM_CLASS_REGISTER | \
315 * qcom_scm_call_atomic1() - Send an atomic SCM command with one argument
316 * @svc_id: service identifier
317 * @cmd_id: command identifier
318 * @arg1: first argument
320 * This shall only be used with commands that are guaranteed to be
321 * uninterruptable, atomic and SMP safe.
323 static s32 qcom_scm_call_atomic1(u32 svc, u32 cmd, u32 arg1)
327 register u32 r0 asm("r0") = SCM_ATOMIC(svc, cmd, 1);
328 register u32 r1 asm("r1") = (u32)&context_id;
329 register u32 r2 asm("r2") = arg1;
337 ".arch_extension sec\n"
339 "smc #0 @ switch to secure world\n"
341 : "r" (r0), "r" (r1), "r" (r2)
346 u32 qcom_scm_get_version(void)
349 static u32 version = -1;
350 register u32 r0 asm("r0");
351 register u32 r1 asm("r1");
356 mutex_lock(&qcom_scm_lock);
359 r1 = (u32)&context_id;
367 ".arch_extension sec\n"
369 "smc #0 @ switch to secure world\n"
370 : "=r" (r0), "=r" (r1)
373 } while (r0 == QCOM_SCM_INTERRUPTED);
376 mutex_unlock(&qcom_scm_lock);
380 EXPORT_SYMBOL(qcom_scm_get_version);
383 * Set the cold/warm boot address for one of the CPU cores.
385 static int qcom_scm_set_boot_addr(u32 addr, int flags)
392 cmd.addr = cpu_to_le32(addr);
393 cmd.flags = cpu_to_le32(flags);
394 return qcom_scm_call(QCOM_SCM_SVC_BOOT, QCOM_SCM_BOOT_ADDR,
395 &cmd, sizeof(cmd), NULL, 0);
399 * qcom_scm_set_cold_boot_addr() - Set the cold boot address for cpus
400 * @entry: Entry point function for the cpus
401 * @cpus: The cpumask of cpus that will use the entry point
403 * Set the cold boot address of the cpus. Any cpu outside the supported
404 * range would be removed from the cpu present mask.
406 int __qcom_scm_set_cold_boot_addr(void *entry, const cpumask_t *cpus)
410 int scm_cb_flags[] = {
411 QCOM_SCM_FLAG_COLDBOOT_CPU0,
412 QCOM_SCM_FLAG_COLDBOOT_CPU1,
413 QCOM_SCM_FLAG_COLDBOOT_CPU2,
414 QCOM_SCM_FLAG_COLDBOOT_CPU3,
417 if (!cpus || (cpus && cpumask_empty(cpus)))
420 for_each_cpu(cpu, cpus) {
421 if (cpu < ARRAY_SIZE(scm_cb_flags))
422 flags |= scm_cb_flags[cpu];
424 set_cpu_present(cpu, false);
427 return qcom_scm_set_boot_addr(virt_to_phys(entry), flags);
431 * qcom_scm_set_warm_boot_addr() - Set the warm boot address for cpus
432 * @entry: Entry point function for the cpus
433 * @cpus: The cpumask of cpus that will use the entry point
435 * Set the Linux entry point for the SCM to transfer control to when coming
436 * out of a power down. CPU power down may be executed on cpuidle or hotplug.
438 int __qcom_scm_set_warm_boot_addr(void *entry, const cpumask_t *cpus)
445 * Reassign only if we are switching from hotplug entry point
446 * to cpuidle entry point or vice versa.
448 for_each_cpu(cpu, cpus) {
449 if (entry == qcom_scm_wb[cpu].entry)
451 flags |= qcom_scm_wb[cpu].flag;
454 /* No change in entry function */
458 ret = qcom_scm_set_boot_addr(virt_to_phys(entry), flags);
460 for_each_cpu(cpu, cpus)
461 qcom_scm_wb[cpu].entry = entry;
468 * qcom_scm_cpu_power_down() - Power down the cpu
469 * @flags - Flags to flush cache
471 * This is an end point to power down cpu. If there was a pending interrupt,
472 * the control would return from this function, otherwise, the cpu jumps to the
473 * warm boot entry point set for this cpu upon reset.
475 void __qcom_scm_cpu_power_down(u32 flags)
477 qcom_scm_call_atomic1(QCOM_SCM_SVC_BOOT, QCOM_SCM_CMD_TERMINATE_PC,
478 flags & QCOM_SCM_FLUSH_FLAG_MASK);
481 int __qcom_scm_is_call_available(u32 svc_id, u32 cmd_id)
484 __le32 svc_cmd = cpu_to_le32((svc_id << 10) | cmd_id);
487 ret = qcom_scm_call(QCOM_SCM_SVC_INFO, QCOM_IS_CALL_AVAIL_CMD, &svc_cmd,
488 sizeof(svc_cmd), &ret_val, sizeof(ret_val));
492 return le32_to_cpu(ret_val);
495 int __qcom_scm_hdcp_req(struct qcom_scm_hdcp_req *req, u32 req_cnt, u32 *resp)
497 if (req_cnt > QCOM_SCM_HDCP_MAX_REQ_CNT)
500 return qcom_scm_call(QCOM_SCM_SVC_HDCP, QCOM_SCM_CMD_HDCP,
501 req, req_cnt * sizeof(*req), resp, sizeof(*resp));
504 int __qcom_scm_pas_mss_reset(bool reset)
506 __le32 val = cpu_to_le32(reset);
509 return qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_MSS_RESET,
511 &resp, sizeof(resp));
514 bool __qcom_scm_pas_supported(u32 peripheral)
519 ret = qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_IS_SUPPORTED_CMD,
520 &peripheral, sizeof(peripheral),
521 &ret_val, sizeof(ret_val));
523 return ret ? false : !!ret_val;
526 int __qcom_scm_pas_init_image(u32 peripheral, dma_addr_t metadata_phys)
535 request.proc = cpu_to_le32(peripheral);
536 request.image_addr = cpu_to_le32(metadata_phys);
538 ret = qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_INIT_IMAGE_CMD,
539 &request, sizeof(request),
540 &scm_ret, sizeof(scm_ret));
542 return ret ? : le32_to_cpu(scm_ret);
545 int __qcom_scm_pas_mem_setup(u32 peripheral, phys_addr_t addr, phys_addr_t size)
549 struct pas_init_image_req {
555 request.proc = peripheral;
559 ret = qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_MEM_SETUP_CMD,
560 &request, sizeof(request),
561 &scm_ret, sizeof(scm_ret));
563 return ret ? : scm_ret;
566 int __qcom_scm_pas_auth_and_reset(u32 peripheral)
571 ret = qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_AUTH_AND_RESET_CMD,
572 &peripheral, sizeof(peripheral),
573 &scm_ret, sizeof(scm_ret));
575 return ret ? : scm_ret;
578 int __qcom_scm_pas_shutdown(u32 peripheral)
583 ret = qcom_scm_call(QCOM_SCM_SVC_PIL, QCOM_SCM_PAS_SHUTDOWN_CMD,
584 &peripheral, sizeof(peripheral),
585 &scm_ret, sizeof(scm_ret));
587 return ret ? : scm_ret;
591 int __qcom_scm_pil_init_image_cmd(u32 proc, u64 image_addr)
601 req.image_addr = image_addr;
603 ret = qcom_scm_call(SCM_SVC_PIL, PAS_INIT_IMAGE_CMD, &req,
604 sizeof(req), &scm_ret, sizeof(scm_ret));
611 int __qcom_scm_pil_mem_setup_cmd(u32 proc, u64 start_addr, u32 len)
622 req.start_addr = start_addr;
625 ret = qcom_scm_call(SCM_SVC_PIL, PAS_MEM_SETUP_CMD, &req,
626 sizeof(req), &scm_ret, sizeof(scm_ret));
633 int __qcom_scm_pil_auth_and_reset_cmd(u32 proc)
641 ret = qcom_scm_call(SCM_SVC_PIL, PAS_AUTH_AND_RESET_CMD, &req,
642 sizeof(req), &scm_ret, sizeof(scm_ret));
649 int __qcom_scm_pil_shutdown_cmd(u32 proc)
657 ret = qcom_scm_call(SCM_SVC_PIL, PAS_SHUTDOWN_CMD, &req,
658 sizeof(req), &scm_ret, sizeof(scm_ret));
665 #define SCM_SVC_UTIL 0x3
666 #define SCM_SVC_MP 0xc
667 #define IOMMU_DUMP_SMMU_FAULT_REGS 0x0c
669 int __qcom_scm_iommu_dump_fault_regs(u32 id, u32 context, u64 addr, u32 len)
679 return qcom_scm_call(SCM_SVC_UTIL, IOMMU_DUMP_SMMU_FAULT_REGS,
680 &req, sizeof(req), &resp, 1);
683 int __qcom_scm_iommu_set_cp_pool_size(u32 size, u32 spare)
694 return qcom_scm_call(SCM_SVC_MP, IOMMU_SET_CP_POOL_SIZE,
695 &req, sizeof(req), &retval, sizeof(retval));
698 int __qcom_scm_iommu_secure_ptbl_size(u32 spare, int psize[2])
706 return qcom_scm_call(SCM_SVC_MP, IOMMU_SECURE_PTBL_SIZE, &req,
707 sizeof(req), psize, sizeof(psize));
710 int __qcom_scm_iommu_secure_ptbl_init(u64 addr, u32 size, u32 spare)
717 int ret, ptbl_ret = 0;
723 ret = qcom_scm_call(SCM_SVC_MP, IOMMU_SECURE_PTBL_INIT, &req,
724 sizeof(req), &ptbl_ret, sizeof(ptbl_ret));
735 int __qcom_scm_iommu_secure_map(u64 list, u32 list_size, u32 size,
736 u32 id, u32 ctx_id, u64 va, u32 info_size,
742 unsigned int list_size;
756 req.plist.list = list;
757 req.plist.list_size = list_size;
758 req.plist.size = size;
760 req.info.ctx_id = ctx_id;
762 req.info.size = info_size;
765 ret = qcom_scm_call(SCM_SVC_MP, IOMMU_SECURE_MAP2, &req, sizeof(req),
766 &resp, sizeof(resp));
774 int __qcom_scm_iommu_secure_unmap(u32 id, u32 ctx_id, u64 va,
789 req.info.ctx_id = ctx_id;
791 req.info.size = size;
794 return qcom_scm_call(SCM_SVC_MP, IOMMU_SECURE_UNMAP2, &req,
795 sizeof(req), &scm_ret, sizeof(scm_ret));
798 int __qcom_scm_get_feat_version(u32 feat)
802 if (__qcom_scm_is_call_available(SCM_SVC_INFO, GET_FEAT_VERSION_CMD)) {
805 if (!qcom_scm_call(SCM_SVC_INFO, GET_FEAT_VERSION_CMD, &feat,
806 sizeof(feat), &version, sizeof(version)))
813 #define RESTORE_SEC_CFG 2
814 int __qcom_scm_restore_sec_cfg(u32 device_id, u32 spare)
820 int ret, scm_ret = 0;
822 req.device_id = device_id;
825 ret = qcom_scm_call(SCM_SVC_MP, RESTORE_SEC_CFG, &req, sizeof(req),
826 scm_ret, sizeof(scm_ret));
828 return ret ? ret : -EINVAL;
833 #define TZBSP_VIDEO_SET_STATE 0xa
834 int __qcom_scm_set_video_state(u32 state, u32 spare)
846 ret = qcom_scm_call(SCM_SVC_BOOT, TZBSP_VIDEO_SET_STATE, &req,
847 sizeof(req), &scm_ret, sizeof(scm_ret));
849 return ret ? ret : -EINVAL;
854 #define TZBSP_MEM_PROTECT_VIDEO_VAR 0x8
856 int __qcom_scm_mem_protect_video_var(u32 start, u32 size, u32 nonpixel_start,
862 u32 cp_nonpixel_start;
863 u32 cp_nonpixel_size;
867 req.cp_start = start;
869 req.cp_nonpixel_start = nonpixel_start;
870 req.cp_nonpixel_size = nonpixel_size;
872 ret = qcom_scm_call(SCM_SVC_MP, TZBSP_MEM_PROTECT_VIDEO_VAR, &req,
873 sizeof(req), &scm_ret, sizeof(scm_ret));
876 return ret ? ret : -EINVAL;
881 int __qcom_scm_init(void)