On Wed 04 Nov 01:03 CST 2020, Sibi Sankar wrote:
> The application processor accessing the MBA region after assigning it to
> the remote Q6 would lead to an XPU violation. Fix this by un-mapping the
> MBA region post firmware copy and MBA text log dumps.
>
> Signed-off-by: Sibi Sankar
Reviewed-by: Bjorn Andersson
I renamed "ptr" to "mba_region" throughout the patch and applied the
pair.
Thanks,
Bjorn
> ---
> drivers/remoteproc/qcom_q6v5_mss.c | 37 ++---
> 1 file changed, 22 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/remoteproc/qcom_q6v5_mss.c
> b/drivers/remoteproc/qcom_q6v5_mss.c
> index 2c866b6da23c..1b4a34325788 100644
> --- a/drivers/remoteproc/qcom_q6v5_mss.c
> +++ b/drivers/remoteproc/qcom_q6v5_mss.c
> @@ -189,7 +189,6 @@ struct q6v5 {
> size_t total_dump_size;
>
> phys_addr_t mba_phys;
> - void *mba_region;
> size_t mba_size;
> size_t dp_size;
>
> @@ -408,7 +407,7 @@ static int q6v5_xfer_mem_ownership(struct q6v5 *qproc,
> int *current_perm,
> current_perm, next, perms);
> }
>
> -static void q6v5_debug_policy_load(struct q6v5 *qproc)
> +static void q6v5_debug_policy_load(struct q6v5 *qproc, void *ptr)
> {
> const struct firmware *dp_fw;
>
> @@ -416,7 +415,7 @@ static void q6v5_debug_policy_load(struct q6v5 *qproc)
> return;
>
> if (SZ_1M + dp_fw->size <= qproc->mba_size) {
> - memcpy(qproc->mba_region + SZ_1M, dp_fw->data, dp_fw->size);
> + memcpy(ptr + SZ_1M, dp_fw->data, dp_fw->size);
> qproc->dp_size = dp_fw->size;
> }
>
> @@ -426,6 +425,7 @@ static void q6v5_debug_policy_load(struct q6v5 *qproc)
> static int q6v5_load(struct rproc *rproc, const struct firmware *fw)
> {
> struct q6v5 *qproc = rproc->priv;
> + void *ptr;
>
> /* MBA is restricted to a maximum size of 1M */
> if (fw->size > qproc->mba_size || fw->size > SZ_1M) {
> @@ -433,8 +433,16 @@ static int q6v5_load(struct rproc *rproc, const struct
> firmware *fw)
> return -EINVAL;
> }
>
> - memcpy(qproc->mba_region, fw->data, fw->size);
> - q6v5_debug_policy_load(qproc);
> + ptr = memremap(qproc->mba_phys, qproc->mba_size, MEMREMAP_WC);
> + if (!ptr) {
> + dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
> + >mba_phys, qproc->mba_size);
> + return -EBUSY;
> + }
> +
> + memcpy(ptr, fw->data, fw->size);
> + q6v5_debug_policy_load(qproc, ptr);
> + memunmap(ptr);
>
> return 0;
> }
> @@ -541,6 +549,7 @@ static void q6v5_dump_mba_logs(struct q6v5 *qproc)
> {
> struct rproc *rproc = qproc->rproc;
> void *data;
> + void *ptr;
>
> if (!qproc->has_mba_logs)
> return;
> @@ -549,12 +558,16 @@ static void q6v5_dump_mba_logs(struct q6v5 *qproc)
> qproc->mba_size))
> return;
>
> - data = vmalloc(MBA_LOG_SIZE);
> - if (!data)
> + ptr = memremap(qproc->mba_phys, qproc->mba_size, MEMREMAP_WC);
> + if (!ptr)
> return;
>
> - memcpy(data, qproc->mba_region, MBA_LOG_SIZE);
> - dev_coredumpv(>dev, data, MBA_LOG_SIZE, GFP_KERNEL);
> + data = vmalloc(MBA_LOG_SIZE);
> + if (data) {
> + memcpy(data, ptr, MBA_LOG_SIZE);
> + dev_coredumpv(>dev, data, MBA_LOG_SIZE, GFP_KERNEL);
> + }
> + memunmap(ptr);
> }
>
> static int q6v5proc_reset(struct q6v5 *qproc)
> @@ -1605,12 +1618,6 @@ static int q6v5_alloc_memory_region(struct q6v5 *qproc)
>
> qproc->mba_phys = r.start;
> qproc->mba_size = resource_size();
> - qproc->mba_region = devm_ioremap_wc(qproc->dev, qproc->mba_phys,
> qproc->mba_size);
> - if (!qproc->mba_region) {
> - dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
> - , qproc->mba_size);
> - return -EBUSY;
> - }
>
> if (!child) {
> node = of_parse_phandle(qproc->dev->of_node,
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
