From nobody Tue Nov 26 13:40:01 2024
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id C9CFD13C816;
	Fri, 18 Oct 2024 08:06:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=217.140.110.172
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1729238821; cv=none;
 b=IBUFNezQCUrApP//MVHlqdTKtusSvKvg1gCDx4vj6qW7JnFZv69PNWpVLEk/fWte+lZDfY1bPwGMGhu5nEBSpLaGqaXP3q8odCcTdeAteveOe5BX4JuMeUXMMz1eMGCdElja9nLaUivqbAJ0PDyfaXw1af8V7tdE1TjrmGwV07M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1729238821; c=relaxed/simple;
	bh=8rcG9F8Uqd+aePWWiv52iJ62M9YyiNOckXge+WZno0Q=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Ds2TIu32R6KzKcozIhwlSzoTU4JNsYIHQ70/5PkZ/ciAk37I1Sb7w2fuJ8M5/2dF69cg3QBum2cxja19lB++1DbtGR149i/36kx9Xl46qRG9CCAw2qNY3JJeGzo9DZbnTELr8VFGo9fYANGF6tnepnXuDX2qV1ev8T/XM0+JDHs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=arm.com;
 spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=arm.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=arm.com
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F26B91477;
	Fri, 18 Oct 2024 01:07:22 -0700 (PDT)
Received: from pluto.. (usa-sjc-mx-foss1.foss.arm.com [172.31.20.19])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 55E943F528;
	Fri, 18 Oct 2024 01:06:51 -0700 (PDT)
From: Cristian Marussi <cristian.marussi@arm.com>
To: linux-kernel@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org,
	arm-scmi@vger.kernel.org
Cc: sudeep.holla@arm.com,
	james.quinlan@broadcom.com,
	f.fainelli@gmail.com,
	vincent.guittot@linaro.org,
	etienne.carriere@st.com,
	peng.fan@oss.nxp.com,
	michal.simek@amd.com,
	quic_sibis@quicinc.com,
	quic_nkela@quicinc.com,
	dan.carpenter@linaro.org,
	Cristian Marussi <cristian.marussi@arm.com>
Subject: [PATCH 1/5] firmware: arm_scmi: Account for SHMEM memory overhead
Date: Fri, 18 Oct 2024 09:05:58 +0100
Message-ID: <20241018080602.3952869-2-cristian.marussi@arm.com>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20241018080602.3952869-1-cristian.marussi@arm.com>
References: <20241018080602.3952869-1-cristian.marussi@arm.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Transports using shared memory have to consider the overhead due to the
layout area when determining the area effectively available for messages.

Till now, such definitions were ambiguos across the SCMI stack and the
overhead layout area was not considered at all.

Add proper checks in the shmem layer to validate the provided max_msg_size
against the effectively available memory area, less the layout.

Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
---
Note that as a consequence of this fix the default max_msg_size is reduced
to 104 bytes for shmem-based transports, in order to fit into the most
common implementations where the whole shmem area is sized at 128,
including the 24 bytes of standard layout area.

This should have NO bad side effects, since the current maximum payload
size of any messages across any protocol (including all the known vendor
ones) is 76 bytes.
---
 drivers/firmware/arm_scmi/common.h             | 4 +++-
 drivers/firmware/arm_scmi/driver.c             | 1 +
 drivers/firmware/arm_scmi/shmem.c              | 7 +++++++
 drivers/firmware/arm_scmi/transports/mailbox.c | 4 +++-
 drivers/firmware/arm_scmi/transports/optee.c   | 2 +-
 drivers/firmware/arm_scmi/transports/smc.c     | 4 +++-
 6 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/arm_scmi/common.h b/drivers/firmware/arm_scmi=
/common.h
index 6c2032d4f767..d867bcc6883b 100644
--- a/drivers/firmware/arm_scmi/common.h
+++ b/drivers/firmware/arm_scmi/common.h
@@ -165,6 +165,7 @@ void scmi_protocol_release(const struct scmi_handle *ha=
ndle, u8 protocol_id);
  *	 channel
  * @is_p2a: A flag to identify a channel as P2A (RX)
  * @rx_timeout_ms: The configured RX timeout in milliseconds.
+ * @max_msg_size: Maximum size of message payload.
  * @handle: Pointer to SCMI entity handle
  * @no_completion_irq: Flag to indicate that this channel has no completion
  *		       interrupt mechanism for synchronous commands.
@@ -177,6 +178,7 @@ struct scmi_chan_info {
 	struct device *dev;
 	bool is_p2a;
 	unsigned int rx_timeout_ms;
+	unsigned int max_msg_size;
 	struct scmi_handle *handle;
 	bool no_completion_irq;
 	void *transport_info;
@@ -224,7 +226,7 @@ struct scmi_transport_ops {
  * @max_msg: Maximum number of messages for a channel type (tx or rx) that=
 can
  *	be pending simultaneously in the system. May be overridden by the
  *	get_max_msg op.
- * @max_msg_size: Maximum size of data per message that can be handled.
+ * @max_msg_size: Maximum size of data payload per message that can be han=
dled.
  * @force_polling: Flag to force this whole transport to use SCMI core pol=
ling
  *		   mechanism instead of completion interrupts even if available.
  * @sync_cmds_completed_on_ret: Flag to indicate that the transport assures
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi=
/driver.c
index dccd066e3ba8..015a4d52ae37 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -2645,6 +2645,7 @@ static int scmi_chan_setup(struct scmi_info *info, st=
ruct device_node *of_node,
=20
 	cinfo->is_p2a =3D !tx;
 	cinfo->rx_timeout_ms =3D info->desc->max_rx_timeout_ms;
+	cinfo->max_msg_size =3D info->desc->max_msg_size;
=20
 	/* Create a unique name for this transport device */
 	snprintf(name, 32, "__scmi_transport_device_%s_%02X",
diff --git a/drivers/firmware/arm_scmi/shmem.c b/drivers/firmware/arm_scmi/=
shmem.c
index e9f30ab671a8..11c347bff766 100644
--- a/drivers/firmware/arm_scmi/shmem.c
+++ b/drivers/firmware/arm_scmi/shmem.c
@@ -16,6 +16,8 @@
=20
 #include "common.h"
=20
+#define SCMI_SHMEM_LAYOUT_OVERHEAD	24
+
 /*
  * SCMI specification requires all parameters, message headers, return
  * arguments or any protocol data to be expressed in little endian
@@ -221,6 +223,11 @@ static void __iomem *shmem_setup_iomap(struct scmi_cha=
n_info *cinfo,
 	}
=20
 	size =3D resource_size(res);
+	if (cinfo->max_msg_size + SCMI_SHMEM_LAYOUT_OVERHEAD > size) {
+		dev_err(dev, "misconfigured SCMI shared memory\n");
+		return IOMEM_ERR_PTR(-ENOSPC);
+	}
+
 	addr =3D devm_ioremap(dev, res->start, size);
 	if (!addr) {
 		dev_err(dev, "failed to ioremap SCMI %s shared memory\n", desc);
diff --git a/drivers/firmware/arm_scmi/transports/mailbox.c b/drivers/firmw=
are/arm_scmi/transports/mailbox.c
index e7efa3376aae..4e0396250ad0 100644
--- a/drivers/firmware/arm_scmi/transports/mailbox.c
+++ b/drivers/firmware/arm_scmi/transports/mailbox.c
@@ -16,6 +16,8 @@
=20
 #include "../common.h"
=20
+#define SCMI_MAILBOX_MAX_MSG_SIZE	104
+
 /**
  * struct scmi_mailbox - Structure representing a SCMI mailbox transport
  *
@@ -371,7 +373,7 @@ static struct scmi_desc scmi_mailbox_desc =3D {
 	.ops =3D &scmi_mailbox_ops,
 	.max_rx_timeout_ms =3D 30, /* We may increase this if required */
 	.max_msg =3D 20, /* Limited by MBOX_TX_QUEUE_LEN */
-	.max_msg_size =3D 128,
+	.max_msg_size =3D SCMI_MAILBOX_MAX_MSG_SIZE,
 };
=20
 static const struct of_device_id scmi_of_match[] =3D {
diff --git a/drivers/firmware/arm_scmi/transports/optee.c b/drivers/firmwar=
e/arm_scmi/transports/optee.c
index 663272879edf..9c0bc2c4dbcd 100644
--- a/drivers/firmware/arm_scmi/transports/optee.c
+++ b/drivers/firmware/arm_scmi/transports/optee.c
@@ -17,7 +17,7 @@
=20
 #include "../common.h"
=20
-#define SCMI_OPTEE_MAX_MSG_SIZE		128
+#define SCMI_OPTEE_MAX_MSG_SIZE		104
=20
 enum scmi_optee_pta_cmd {
 	/*
diff --git a/drivers/firmware/arm_scmi/transports/smc.c b/drivers/firmware/=
arm_scmi/transports/smc.c
index 2f0e981e7599..098bbd7e67b8 100644
--- a/drivers/firmware/arm_scmi/transports/smc.c
+++ b/drivers/firmware/arm_scmi/transports/smc.c
@@ -22,6 +22,8 @@
=20
 #include "../common.h"
=20
+#define SCMI_SMC_MAX_MSG_SIZE	104
+
 /*
  * The shmem address is split into 4K page and offset.
  * This is to make sure the parameters fit in 32bit arguments of the
@@ -282,7 +284,7 @@ static struct scmi_desc scmi_smc_desc =3D {
 	.ops =3D &scmi_smc_ops,
 	.max_rx_timeout_ms =3D 30,
 	.max_msg =3D 20,
-	.max_msg_size =3D 128,
+	.max_msg_size =3D SCMI_SMC_MAX_MSG_SIZE,
 	/*
 	 * Setting .sync_cmds_atomic_replies to true for SMC assumes that,
 	 * once the SMC instruction has completed successfully, the issued
--=20
2.46.1