[v1] firmware: qcom: scm: fix potential race condition with tzmem

[PATCH 0/4] firmware: qcom: scm: fix potential race condition with tzmem

Bartosz Golaszewski posted 4 patches 3 months, 2 weeks ago

Diff against v2
Download series mbox

There is a newer version of this series

drivers/firmware/qcom/qcom_scm.c       | 83 ++++++++++++++--------------------
drivers/firmware/qcom/qcom_scm.h       |  1 +
drivers/firmware/qcom/qcom_tzmem.c     | 11 +++--
include/linux/firmware/qcom/qcom_scm.h |  5 +-
4 files changed, 43 insertions(+), 57 deletions(-)

Expand all Fold all

[PATCH 0/4] firmware: qcom: scm: fix potential race condition with tzmem

Posted by Bartosz Golaszewski 3 months, 2 weeks ago

There's a race condition between the SCM call API consumers and the TZMem
initialization in the SCM firmware driver. The internal __scm pointer is
assigned - marking SCM as ready for accepting calls - before the tzmem
memory pool is fully initialized. While the race is unlikely to be hit
thanks to the SCM driver being initialized early, it still must be
addressed.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
Bartosz Golaszewski (4):
      firmware: qcom: scm: remove unused arguments from SHM bridge routines
      firmware: qcom: scm: take struct device as argument in SHM bridge enable
      firmware: qcom: scm: initialize tzmem before marking SCM as available
      firmware: qcom: scm: request the waitqueue irq *after* initializing SCM

 drivers/firmware/qcom/qcom_scm.c       | 83 ++++++++++++++--------------------
 drivers/firmware/qcom/qcom_scm.h       |  1 +
 drivers/firmware/qcom/qcom_tzmem.c     | 11 +++--
 include/linux/firmware/qcom/qcom_scm.h |  5 +-
 4 files changed, 43 insertions(+), 57 deletions(-)
---
base-commit: f817b6dd2b62d921a6cdc0a3ac599cd1851f343c
change-id: 20250624-qcom-scm-race-5e7737f7f39f

Best regards,
-- 
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>