- Linaro-mm-sig - lists.linaro.org

[PATCH v4] Documentation: dma-buf: heaps: Add naming guidelines

by Maxime Ripard

We've discussed a number of times of how some heap names are bad, but not really what makes a good heap name. Let's document what we expect the heap names to look like. Reviewed-by: Andrew Davis <afd(a)ti.com> Reviewed-by: Bagas Sanjaya <bagasdotme(a)gmail.com> Signed-off-by: Maxime Ripard <mripard(a)kernel.org> --- Changes in v4: - Dropped *all* the cacheable mentions - Link to v3: https://lore.kernel.org/r/20250717-dma-buf-heap-names-doc-v3-1-d2dbb4b95ef6… Changes in v3: - Grammar, spelling fixes - Remove the cacheable / uncacheable name suggestion - Link to v2: https://lore.kernel.org/r/20250616-dma-buf-heap-names-doc-v2-1-8ae43174cdbf… Changes in v2: - Added justifications for each requirement / suggestions - Added a mention and example of buffer attributes - Link to v1: https://lore.kernel.org/r/20250520-dma-buf-heap-names-doc-v1-1-ab31f74809ee… --- Documentation/userspace-api/dma-buf-heaps.rst | 35 +++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/Documentation/userspace-api/dma-buf-heaps.rst b/Documentation/userspace-api/dma-buf-heaps.rst index 535f49047ce6450796bf4380c989e109355efc05..1ced2720f929432661182f1a3a88aa1ff80bd6af 100644 --- a/Documentation/userspace-api/dma-buf-heaps.rst +++ b/Documentation/userspace-api/dma-buf-heaps.rst @@ -21,5 +21,40 @@ following heaps: usually created either through the kernel commandline through the `cma` parameter, a memory region Device-Tree node with the `linux,cma-default` property set, or through the `CMA_SIZE_MBYTES` or `CMA_SIZE_PERCENTAGE` Kconfig options. Depending on the platform, it might be called ``reserved``, ``linux,cma``, or ``default-pool``. + +Naming Convention +================= + +``dma-buf`` heaps name should meet a number of constraints: + +- The name must be stable, and must not change from one version to the other. + Userspace identifies heaps by their name, so if the names ever change, we + would be likely to introduce regressions. + +- The name must describe the memory region the heap will allocate from, and + must uniquely identify it in a given platform. Since userspace applications + use the heap name as the discriminant, it must be able to tell which heap it + wants to use reliably if there's multiple heaps. + +- The name must not mention implementation details, such as the allocator. The + heap driver will change over time, and implementation details when it was + introduced might not be relevant in the future. + +- The name should describe properties of the buffers that would be allocated. + Doing so will make heap identification easier for userspace. Such properties + are: + + - ``contiguous`` for physically contiguous buffers; + + - ``protected`` for encrypted buffers not accessible the OS; + +- The name may describe intended usage. Doing so will make heap identification + easier for userspace applications and users. + +For example, assuming a platform with a reserved memory region located +at the RAM address 0x42000000, intended to allocate video framebuffers, +physically contiguous, and backed by the CMA kernel allocator, good +names would be ``memory@42000000-contiguous`` or ``video@42000000``, but +``cma-video`` wouldn't. --- base-commit: 038d61fd642278bab63ee8ef722c50d10ab01e8f change-id: 20250520-dma-buf-heap-names-doc-31261aa0cfe6 Best regards, -- Maxime Ripard <mripard(a)kernel.org>

2 months, 2 weeks

2
2
0 0

[PATCH] dma-buf: fix reference count leak in dma_buf_poll_add_cb()

by Dan Carpenter

Call dma_fence_put(fence) if dma_fence_add_callback() fails. Fixes: 6b51b02a3a0a ("dma-buf: fix and rework dma_buf_poll v7") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- From code review, not from testing. Please review carefully. drivers/dma-buf/dma-buf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 2bcf9ceca997..a14e1f50b090 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -301,9 +301,9 @@ static bool dma_buf_poll_add_cb(struct dma_resv *resv, bool write, fence) { dma_fence_get(fence); r = dma_fence_add_callback(fence, &dcb->cb, dma_buf_poll_cb); + dma_fence_put(fence); if (!r) return true; - dma_fence_put(fence); } return false; -- 2.51.0

2 months, 3 weeks

2
2
0 0

Re: [PATCH] dma-buf/sw-sync: Hide the feature by default

by Christian König

On 22.09.25 15:24, Janusz Krzysztofik wrote: > When multiple fences of an sw_sync timeline are signaled via > sw_sync_ioctl_inc(), we now disable interrupts and keep them disabled > while signaling all requested fences of the timeline in a loop. Since > user space may set up an arbitrary long timeline of fences with > arbitrarily expensive callbacks added to each fence, we may end up running > with interrupts disabled for too long, longer than NMI watchdog limit. > That potentially risky scenario has been demonstrated on Intel DRM CI > trybot[1], on a low end machine fi-pnv-d510, with one of new IGT subtests > that tried to reimplement wait_* test cases of a dma_fence_chain selftest > in user space. > > [141.993704] [IGT] syncobj_timeline: starting subtest stress-enable-all-signal-all-forward > [164.964389] watchdog: CPU3: Watchdog detected hard LOCKUP on cpu 3 > [164.964407] Modules linked in: snd_hda_codec_alc662 snd_hda_codec_realtek_lib snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore i915 prime_numbers ttm drm_buddy drm_display_helper cec rc_core i2c_algo_bit video wmi overlay at24 ppdev gpio_ich binfmt_misc nls_iso8859_1 coretemp i2c_i801 i2c_mux i2c_smbus r8169 lpc_ich realtek parport_pc parport nvme_fabrics dm_multipath fuse msr efi_pstore nfnetlink autofs4 > [164.964569] irq event stamp: 1002206 > [164.964575] hardirqs last enabled at (1002205): [<ffffffff82898ac7>] _raw_spin_unlock_irq+0x27/0x70 > [164.964599] hardirqs last disabled at (1002206): [<ffffffff8287d021>] sysvec_irq_work+0x11/0xc0 > [164.964616] softirqs last enabled at (1002138): [<ffffffff81341bc5>] fpu_clone+0xb5/0x270 > [164.964631] softirqs last disabled at (1002136): [<ffffffff81341b97>] fpu_clone+0x87/0x270 > [164.964650] CPU: 3 UID: 0 PID: 1515 Comm: syncobj_timelin Tainted: G U 6.17.0-rc6-Trybot_154715v1-gc1b827f32471+ #1 PREEMPT(voluntary) > [164.964662] Tainted: [U]=USER > [164.964665] Hardware name: /D510MO, BIOS MOPNV10J.86A.0311.2010.0802.2346 08/02/2010 > [164.964669] RIP: 0010:lock_release+0x13d/0x2a0 > [164.964680] Code: c2 01 48 8d 4d c8 44 89 f6 4c 89 ef e8 bc fc ff ff 0b 05 96 ca 42 06 0f 84 fc 00 00 00 b8 ff ff ff ff 65 0f c1 05 0b 71 a9 02 <83> f8 01 0f 85 2f 01 00 00 48 f7 45 c0 00 02 00 00 74 06 fb 0f 1f > [164.964686] RSP: 0018:ffffc90000170e70 EFLAGS: 00000057 > [164.964693] RAX: 0000000000000001 RBX: ffffffff83595520 RCX: 0000000000000000 > [164.964698] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [164.964701] RBP: ffffc90000170eb0 R08: 0000000000000000 R09: 0000000000000000 > [164.964706] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8226a948 > [164.964710] R13: ffff88802423b340 R14: 0000000000000001 R15: ffff88802423c238 > [164.964714] FS: 0000729f4d972940(0000) GS:ffff8880f8e77000(0000) knlGS:0000000000000000 > [164.964720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [164.964725] CR2: 0000729f4d92e720 CR3: 000000003afe4000 CR4: 00000000000006f0 > [164.964729] Call Trace: > [164.964734] <IRQ> > [164.964750] dma_fence_chain_get_prev+0x13d/0x240 > [164.964769] dma_fence_chain_walk+0xbd/0x200 > [164.964784] dma_fence_chain_enable_signaling+0xb2/0x280 > [164.964803] dma_fence_chain_irq_work+0x1b/0x80 > [164.964816] irq_work_single+0x75/0xa0 > [164.964834] irq_work_run_list+0x33/0x60 > [164.964846] irq_work_run+0x18/0x40 > [164.964856] __sysvec_irq_work+0x35/0x170 > [164.964868] sysvec_irq_work+0x9b/0xc0 > [164.964879] </IRQ> > [164.964882] <TASK> > [164.964890] asm_sysvec_irq_work+0x1b/0x20 > [164.964900] RIP: 0010:_raw_spin_unlock_irq+0x2d/0x70 > [164.964907] Code: 00 00 55 48 89 e5 53 48 89 fb 48 83 c7 18 48 8b 75 08 e8 06 63 bf fe 48 89 df e8 be 98 bf fe e8 59 ee d3 fe fb 0f 1f 44 00 00 <65> ff 0d 5c 85 68 01 74 14 48 8b 5d f8 c9 31 c0 31 d2 31 c9 31 f6 > [164.964913] RSP: 0018:ffffc9000070fca0 EFLAGS: 00000246 > [164.964919] RAX: 0000000000000000 RBX: ffff88800c2d8b10 RCX: 0000000000000000 > [164.964923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [164.964927] RBP: ffffc9000070fca8 R08: 0000000000000000 R09: 0000000000000000 > [164.964931] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88800c2d8ac0 > [164.964934] R13: ffffc9000070fcc8 R14: ffff88800c2d8ac0 R15: 00000000ffffffff > [164.964967] sync_timeline_signal+0x153/0x2c0 > [164.964989] sw_sync_ioctl+0x98/0x580 > [164.965017] __x64_sys_ioctl+0xa2/0x100 > [164.965034] x64_sys_call+0x1226/0x2680 > [164.965046] do_syscall_64+0x93/0x980 > [164.965057] ? do_syscall_64+0x1b7/0x980 > [164.965070] ? lock_release+0xce/0x2a0 > [164.965082] ? __might_fault+0x53/0xb0 > [164.965096] ? __might_fault+0x89/0xb0 > [164.965104] ? __might_fault+0x53/0xb0 > [164.965116] ? _copy_to_user+0x53/0x70 > [164.965131] ? __x64_sys_rt_sigprocmask+0x8f/0xe0 > [164.965152] ? do_syscall_64+0x1b7/0x980 > [164.965169] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [164.965176] RIP: 0033:0x729f4fb24ded > [164.965188] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 > [164.965193] RSP: 002b:00007ffdc36220e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > [164.965200] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000729f4fb24ded > [164.965205] RDX: 00007ffdc3622174 RSI: 0000000040045701 RDI: 0000000000000007 > [164.965209] RBP: 00007ffdc3622130 R08: 0000000000000000 R09: 0000000000000000 > [164.965213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc3622174 > [164.965217] R13: 0000000040045701 R14: 0000000000000007 R15: 0000000000000003 > [164.965248] </TASK> > [166.952984] perf: interrupt took too long (11861 > 6217), lowering kernel.perf_event_max_sample_rate to 16000 > [166.953134] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 13036276804 wd_nsec: 13036274445 > > As explained by Christian Köenig[2], "The purpose of the sw-sync is to > test what happens if drivers exposing dma-fences doesn't behave well. So > being able to trigger the NMI watchdog for example is part of why that > functionality exists in the first place. ... You can actually use the > functionality to intentionally deadlock drivers and even the core memory > management." > > Let the feature show up only if EXPERT is selected. > > [1] https://patchwork.freedesktop.org/series/154715/ > [2] https://patchwork.freedesktop.org/patch/675579/#comment_1239269 > > Fixes: 35538d7822e86 ("dma-buf/sw_sync: de-stage SW_SYNC") > Cc: Christian König <christian.koenig(a)amd.com> > Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Good idea, we have previously discussed to taint the kernel if sw_sync is used but that is also a clearly step in the right direction. Reviewed-by: Christian König <christian.koenig(a)amd.com> Regards, Christian. > --- > drivers/dma-buf/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig > index b46eb8a552d7b..e726948b64f67 100644 > --- a/drivers/dma-buf/Kconfig > +++ b/drivers/dma-buf/Kconfig > @@ -18,7 +18,7 @@ config SYNC_FILE > Documentation/driver-api/sync_file.rst. > > config SW_SYNC > - bool "Sync File Validation Framework" > + bool "Sync File Validation Framework" if EXPERT > default n > depends on SYNC_FILE > depends on DEBUG_FS

2 months, 3 weeks

1
0
0 0

Re: [PATCH] dma-buf/sw-sync: Fix interrupts disabled excessively long

by Christian König

On 19.09.25 12:44, Janusz Krzysztofik wrote: > When multiple fences of an sw_sync timeline are signaled via > sw_sync_ioctl_inc(), we now disable interrupts and keep them disabled > while signaling all requested fences of the timeline in a loop. Since > user space may set up an arbitrary long timeline of fences with > arbitrarily expensive callbacks added to each fence, we may end up running > with interrupts disabled for too long, longer than NMI watchdog limit. > That potentially risky scenario has been demonstrated on Intel DRM CI > trybot[1], on a low end machine fi-pnv-d510, with one of new IGT subtests > that try to reimplement wait_* test cases of a dma_fence_chain selftest in > user space. The purpose of the sw-sync is to test what happens if drivers exposing dma-fences doesn't behave well. So being able to trigger the NMI watchdog for example is part of why that functionality exists in the first place. See this WARNING in the Kconfig file as well: config SW_SYNC bool "Sync File Validation Framework" default n depends on SYNC_FILE depends on DEBUG_FS help A sync object driver that uses a 32bit counter to coordinate synchronization. Useful when there is no hardware primitive backing the synchronization. WARNING: improper use of this can result in deadlocking kernel drivers from userspace. Intended for test and debug only. You can actually use the functionality to intentionally deadlock drivers and even the core memory management. Regards, Christian. > > [141.993704] [IGT] syncobj_timeline: starting subtest stress-enable-all-signal-all-forward > [164.964389] watchdog: CPU3: Watchdog detected hard LOCKUP on cpu 3 > [164.964407] Modules linked in: snd_hda_codec_alc662 snd_hda_codec_realtek_lib snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore i915 prime_numbers ttm drm_buddy drm_display_helper cec rc_core i2c_algo_bit video wmi overlay at24 ppdev gpio_ich binfmt_misc nls_iso8859_1 coretemp i2c_i801 i2c_mux i2c_smbus r8169 lpc_ich realtek parport_pc parport nvme_fabrics dm_multipath fuse msr efi_pstore nfnetlink autofs4 > [164.964569] irq event stamp: 1002206 > [164.964575] hardirqs last enabled at (1002205): [<ffffffff82898ac7>] _raw_spin_unlock_irq+0x27/0x70 > [164.964599] hardirqs last disabled at (1002206): [<ffffffff8287d021>] sysvec_irq_work+0x11/0xc0 > [164.964616] softirqs last enabled at (1002138): [<ffffffff81341bc5>] fpu_clone+0xb5/0x270 > [164.964631] softirqs last disabled at (1002136): [<ffffffff81341b97>] fpu_clone+0x87/0x270 > [164.964650] CPU: 3 UID: 0 PID: 1515 Comm: syncobj_timelin Tainted: G U 6.17.0-rc6-Trybot_154715v1-gc1b827f32471+ #1 PREEMPT(voluntary) > [164.964662] Tainted: [U]=USER > [164.964665] Hardware name: /D510MO, BIOS MOPNV10J.86A.0311.2010.0802.2346 08/02/2010 > [164.964669] RIP: 0010:lock_release+0x13d/0x2a0 > [164.964680] Code: c2 01 48 8d 4d c8 44 89 f6 4c 89 ef e8 bc fc ff ff 0b 05 96 ca 42 06 0f 84 fc 00 00 00 b8 ff ff ff ff 65 0f c1 05 0b 71 a9 02 <83> f8 01 0f 85 2f 01 00 00 48 f7 45 c0 00 02 00 00 74 06 fb 0f 1f > [164.964686] RSP: 0018:ffffc90000170e70 EFLAGS: 00000057 > [164.964693] RAX: 0000000000000001 RBX: ffffffff83595520 RCX: 0000000000000000 > [164.964698] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [164.964701] RBP: ffffc90000170eb0 R08: 0000000000000000 R09: 0000000000000000 > [164.964706] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8226a948 > [164.964710] R13: ffff88802423b340 R14: 0000000000000001 R15: ffff88802423c238 > [164.964714] FS: 0000729f4d972940(0000) GS:ffff8880f8e77000(0000) knlGS:0000000000000000 > [164.964720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [164.964725] CR2: 0000729f4d92e720 CR3: 000000003afe4000 CR4: 00000000000006f0 > [164.964729] Call Trace: > [164.964734] <IRQ> > [164.964750] dma_fence_chain_get_prev+0x13d/0x240 > [164.964769] dma_fence_chain_walk+0xbd/0x200 > [164.964784] dma_fence_chain_enable_signaling+0xb2/0x280 > [164.964803] dma_fence_chain_irq_work+0x1b/0x80 > [164.964816] irq_work_single+0x75/0xa0 > [164.964834] irq_work_run_list+0x33/0x60 > [164.964846] irq_work_run+0x18/0x40 > [164.964856] __sysvec_irq_work+0x35/0x170 > [164.964868] sysvec_irq_work+0x9b/0xc0 > [164.964879] </IRQ> > [164.964882] <TASK> > [164.964890] asm_sysvec_irq_work+0x1b/0x20 > [164.964900] RIP: 0010:_raw_spin_unlock_irq+0x2d/0x70 > [164.964907] Code: 00 00 55 48 89 e5 53 48 89 fb 48 83 c7 18 48 8b 75 08 e8 06 63 bf fe 48 89 df e8 be 98 bf fe e8 59 ee d3 fe fb 0f 1f 44 00 00 <65> ff 0d 5c 85 68 01 74 14 48 8b 5d f8 c9 31 c0 31 d2 31 c9 31 f6 > [164.964913] RSP: 0018:ffffc9000070fca0 EFLAGS: 00000246 > [164.964919] RAX: 0000000000000000 RBX: ffff88800c2d8b10 RCX: 0000000000000000 > [164.964923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [164.964927] RBP: ffffc9000070fca8 R08: 0000000000000000 R09: 0000000000000000 > [164.964931] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88800c2d8ac0 > [164.964934] R13: ffffc9000070fcc8 R14: ffff88800c2d8ac0 R15: 00000000ffffffff > [164.964967] sync_timeline_signal+0x153/0x2c0 > [164.964989] sw_sync_ioctl+0x98/0x580 > [164.965017] __x64_sys_ioctl+0xa2/0x100 > [164.965034] x64_sys_call+0x1226/0x2680 > [164.965046] do_syscall_64+0x93/0x980 > [164.965057] ? do_syscall_64+0x1b7/0x980 > [164.965070] ? lock_release+0xce/0x2a0 > [164.965082] ? __might_fault+0x53/0xb0 > [164.965096] ? __might_fault+0x89/0xb0 > [164.965104] ? __might_fault+0x53/0xb0 > [164.965116] ? _copy_to_user+0x53/0x70 > [164.965131] ? __x64_sys_rt_sigprocmask+0x8f/0xe0 > [164.965152] ? do_syscall_64+0x1b7/0x980 > [164.965169] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [164.965176] RIP: 0033:0x729f4fb24ded > [164.965188] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 > [164.965193] RSP: 002b:00007ffdc36220e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > [164.965200] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000729f4fb24ded > [164.965205] RDX: 00007ffdc3622174 RSI: 0000000040045701 RDI: 0000000000000007 > [164.965209] RBP: 00007ffdc3622130 R08: 0000000000000000 R09: 0000000000000000 > [164.965213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc3622174 > [164.965217] R13: 0000000040045701 R14: 0000000000000007 R15: 0000000000000003 > [164.965248] </TASK> > [166.952984] perf: interrupt took too long (11861 > 6217), lowering kernel.perf_event_max_sample_rate to 16000 > [166.953134] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 13036276804 wd_nsec: 13036274445 > > Avoid potentially expensive signaling of each fence when removing it from > the timeline from inside the loop under protection of a common lock and > disabled interrupts, do that only after interrupts are re-enabled. Each > call to dma_fence_signal() will then disable and re-enable interrputs as > needed for processing of each signaled fence. > > [1] https://patchwork.freedesktop.org/series/154715/ > > Fixes: 0f0d8406fb9c3 ("android: convert sync to fence api, v6") > Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> > --- > drivers/dma-buf/sw_sync.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c > index 3c20f1d31cf54..638c2f756299a 100644 > --- a/drivers/dma-buf/sw_sync.c > +++ b/drivers/dma-buf/sw_sync.c > @@ -224,13 +224,12 @@ static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc) > > list_move_tail(&pt->link, &signalled); > rb_erase(&pt->node, &obj->pt_tree); > - > - dma_fence_signal_locked(&pt->base); > } > > spin_unlock_irq(&obj->lock); > > list_for_each_entry_safe(pt, next, &signalled, link) { > + dma_fence_signal(&pt->base); > list_del_init(&pt->link); > dma_fence_put(&pt->base); > }

2 months, 3 weeks

1
0
0 0

Re: [PATCH v1 1/2] drm/amdgpu: make non-NULL out fence mandatory

by Christian König

On 16.09.25 13:58, Pierre-Eric Pelloux-Prayer wrote: > > > Le 16/09/2025 à 12:52, Christian König a écrit : >> On 16.09.25 11:46, Pierre-Eric Pelloux-Prayer wrote: >>> >>> >>> Le 16/09/2025 à 11:25, Christian König a écrit : >>>> On 16.09.25 09:08, Pierre-Eric Pelloux-Prayer wrote: >>>>> amdgpu_ttm_copy_mem_to_mem has a single caller, make sure the out >>>>> fence is non-NULL to simplify the code. >>>>> Since none of the pointers should be NULL, we can enable >>>>> __attribute__((nonnull))__. >>>>> >>>>> While at it make the function static since it's only used from >>>>> amdgpuu_ttm.c. >>>>> >>>>> Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> >>>>> --- >>>>> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 17 ++++++++--------- >>>>> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 6 ------ >>>>> 2 files changed, 8 insertions(+), 15 deletions(-) >>>>> >>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>>>> index 27ab4e754b2a..70b817b5578d 100644 >>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>>>> @@ -284,12 +284,13 @@ static int amdgpu_ttm_map_buffer(struct ttm_buffer_object *bo, >>>>> * move and different for a BO to BO copy. >>>>> * >>>>> */ >>>>> -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>>>> - const struct amdgpu_copy_mem *src, >>>>> - const struct amdgpu_copy_mem *dst, >>>>> - uint64_t size, bool tmz, >>>>> - struct dma_resv *resv, >>>>> - struct dma_fence **f) >>>>> +__attribute__((nonnull)) >>>> >>>> That looks fishy. >>>> >>>>> +static int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>>>> + const struct amdgpu_copy_mem *src, >>>>> + const struct amdgpu_copy_mem *dst, >>>>> + uint64_t size, bool tmz, >>>>> + struct dma_resv *resv, >>>>> + struct dma_fence **f) >>>> >>>> I'm not an expert for those, but looking at other examples that should be here and look something like: >>>> >>>> __attribute__((nonnull(7))) >>> >>> Both syntax are valid. The GCC docs says: >>> >>> If no arg-index is given to the nonnull attribute, all pointer arguments are marked as non-null >> >> Never seen that before. Is that gcc specifc or standardized? > > clang supports it: > > https://clang.llvm.org/docs/AttributeReference.html#id10 > > And both syntaxes are already used in the drm subtree by i915. Ok in that case Reviewed-by: Christian König <christian.koenig(a)amd.com>. Regards, Christian. > > Pierre-Eric > >> >>> >>> >>>> >>>> But I think for this case here it is also not a must have to have that. >>> >>> I can remove it if you prefer, but it doesn't hurt to have the compiler validate usage of the functions. >> >> Yeah it's clearly useful, but I'm worried that clang won't like it. >> >> Christian. >> >>> >>> Pierre-Eric >>> >>> >>>> >>>> Regards, >>>> Christian. >>>> >>>>> { >>>>> struct amdgpu_ring *ring = adev->mman.buffer_funcs_ring; >>>>> struct amdgpu_res_cursor src_mm, dst_mm; >>>>> @@ -363,9 +364,7 @@ int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>>>> } >>>>> error: >>>>> mutex_unlock(&adev->mman.gtt_window_lock); >>>>> - if (f) >>>>> - *f = dma_fence_get(fence); >>>>> - dma_fence_put(fence); >>>>> + *f = fence; >>>>> return r; >>>>> } >>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>>>> index bb17987f0447..07ae2853c77c 100644 >>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>>>> @@ -170,12 +170,6 @@ int amdgpu_copy_buffer(struct amdgpu_ring *ring, uint64_t src_offset, >>>>> struct dma_resv *resv, >>>>> struct dma_fence **fence, bool direct_submit, >>>>> bool vm_needs_flush, uint32_t copy_flags); >>>>> -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>>>> - const struct amdgpu_copy_mem *src, >>>>> - const struct amdgpu_copy_mem *dst, >>>>> - uint64_t size, bool tmz, >>>>> - struct dma_resv *resv, >>>>> - struct dma_fence **f); >>>>> int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo, >>>>> struct dma_resv *resv, >>>>> struct dma_fence **fence); >>

2 months, 4 weeks

1
0
0 0

Re: [PATCH v1 1/2] drm/amdgpu: make non-NULL out fence mandatory

by Christian König

On 16.09.25 11:46, Pierre-Eric Pelloux-Prayer wrote: > > > Le 16/09/2025 à 11:25, Christian König a écrit : >> On 16.09.25 09:08, Pierre-Eric Pelloux-Prayer wrote: >>> amdgpu_ttm_copy_mem_to_mem has a single caller, make sure the out >>> fence is non-NULL to simplify the code. >>> Since none of the pointers should be NULL, we can enable >>> __attribute__((nonnull))__. >>> >>> While at it make the function static since it's only used from >>> amdgpuu_ttm.c. >>> >>> Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> >>> --- >>> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 17 ++++++++--------- >>> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 6 ------ >>> 2 files changed, 8 insertions(+), 15 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> index 27ab4e754b2a..70b817b5578d 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> @@ -284,12 +284,13 @@ static int amdgpu_ttm_map_buffer(struct ttm_buffer_object *bo, >>> * move and different for a BO to BO copy. >>> * >>> */ >>> -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>> - const struct amdgpu_copy_mem *src, >>> - const struct amdgpu_copy_mem *dst, >>> - uint64_t size, bool tmz, >>> - struct dma_resv *resv, >>> - struct dma_fence **f) >>> +__attribute__((nonnull)) >> >> That looks fishy. >> >>> +static int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>> + const struct amdgpu_copy_mem *src, >>> + const struct amdgpu_copy_mem *dst, >>> + uint64_t size, bool tmz, >>> + struct dma_resv *resv, >>> + struct dma_fence **f) >> >> I'm not an expert for those, but looking at other examples that should be here and look something like: >> >> __attribute__((nonnull(7))) > > Both syntax are valid. The GCC docs says: > > If no arg-index is given to the nonnull attribute, all pointer arguments are marked as non-null Never seen that before. Is that gcc specifc or standardized? > > >> >> But I think for this case here it is also not a must have to have that. > > I can remove it if you prefer, but it doesn't hurt to have the compiler validate usage of the functions. Yeah it's clearly useful, but I'm worried that clang won't like it. Christian. > > Pierre-Eric > > >> >> Regards, >> Christian. >> >>> { >>> struct amdgpu_ring *ring = adev->mman.buffer_funcs_ring; >>> struct amdgpu_res_cursor src_mm, dst_mm; >>> @@ -363,9 +364,7 @@ int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>> } >>> error: >>> mutex_unlock(&adev->mman.gtt_window_lock); >>> - if (f) >>> - *f = dma_fence_get(fence); >>> - dma_fence_put(fence); >>> + *f = fence; >>> return r; >>> } >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>> index bb17987f0447..07ae2853c77c 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h >>> @@ -170,12 +170,6 @@ int amdgpu_copy_buffer(struct amdgpu_ring *ring, uint64_t src_offset, >>> struct dma_resv *resv, >>> struct dma_fence **fence, bool direct_submit, >>> bool vm_needs_flush, uint32_t copy_flags); >>> -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, >>> - const struct amdgpu_copy_mem *src, >>> - const struct amdgpu_copy_mem *dst, >>> - uint64_t size, bool tmz, >>> - struct dma_resv *resv, >>> - struct dma_fence **f); >>> int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo, >>> struct dma_resv *resv, >>> struct dma_fence **fence);

2 months, 4 weeks

1
0
0 0

Re: [PATCH v1 1/2] drm/amdgpu: make non-NULL out fence mandatory

by Christian König

On 16.09.25 09:08, Pierre-Eric Pelloux-Prayer wrote: > amdgpu_ttm_copy_mem_to_mem has a single caller, make sure the out > fence is non-NULL to simplify the code. > Since none of the pointers should be NULL, we can enable > __attribute__((nonnull))__. > > While at it make the function static since it's only used from > amdgpuu_ttm.c. > > Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 17 ++++++++--------- > drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 6 ------ > 2 files changed, 8 insertions(+), 15 deletions(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > index 27ab4e754b2a..70b817b5578d 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > @@ -284,12 +284,13 @@ static int amdgpu_ttm_map_buffer(struct ttm_buffer_object *bo, > * move and different for a BO to BO copy. > * > */ > -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, > - const struct amdgpu_copy_mem *src, > - const struct amdgpu_copy_mem *dst, > - uint64_t size, bool tmz, > - struct dma_resv *resv, > - struct dma_fence **f) > +__attribute__((nonnull)) That looks fishy. > +static int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, > + const struct amdgpu_copy_mem *src, > + const struct amdgpu_copy_mem *dst, > + uint64_t size, bool tmz, > + struct dma_resv *resv, > + struct dma_fence **f) I'm not an expert for those, but looking at other examples that should be here and look something like: __attribute__((nonnull(7))) But I think for this case here it is also not a must have to have that. Regards, Christian. > { > struct amdgpu_ring *ring = adev->mman.buffer_funcs_ring; > struct amdgpu_res_cursor src_mm, dst_mm; > @@ -363,9 +364,7 @@ int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, > } > error: > mutex_unlock(&adev->mman.gtt_window_lock); > - if (f) > - *f = dma_fence_get(fence); > - dma_fence_put(fence); > + *f = fence; > return r; > } > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > index bb17987f0447..07ae2853c77c 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > @@ -170,12 +170,6 @@ int amdgpu_copy_buffer(struct amdgpu_ring *ring, uint64_t src_offset, > struct dma_resv *resv, > struct dma_fence **fence, bool direct_submit, > bool vm_needs_flush, uint32_t copy_flags); > -int amdgpu_ttm_copy_mem_to_mem(struct amdgpu_device *adev, > - const struct amdgpu_copy_mem *src, > - const struct amdgpu_copy_mem *dst, > - uint64_t size, bool tmz, > - struct dma_resv *resv, > - struct dma_fence **f); > int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo, > struct dma_resv *resv, > struct dma_fence **fence);

2 months, 4 weeks

1
0
0 0

Re: [PATCH v12 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Jens Wiklander

Hi, On Fri, Sep 12, 2025 at 6:07 AM Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> wrote: > > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > [snip] I'm OK with the TEE patches, Sumit and I have reviewed them. There were some minor conflicts with other patches I have in the pipe for this merge window, so this patchset is on top of what I have to avoid merge conflicts. However, the firmware patches are for code maintained by Björn. Björn, how would you like to do this? Can I take them via my tree, or what do you suggest? It's urgent to get this patchset into linux-next if it's to make it for the coming merge window. Ideally, I'd like to send my pull request to arm-soc during this week. Cheers, Jens > > --- > Amirreza Zarrabi (11): > firmware: qcom: tzmem: export shm_bridge create/delete > firmware: qcom: scm: add support for object invocation > tee: allow a driver to allocate a tee_device without a pool > tee: add close_context to TEE driver operation > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > tee: increase TEE_MAX_ARG_SIZE to 4096 > tee: add Qualcomm TEE driver > tee: qcom: add primordial object > tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl > Documentation: tee: Add Qualcomm TEE driver > > Documentation/tee/index.rst | 1 + > Documentation/tee/qtee.rst | 96 ++++ > MAINTAINERS | 7 + > drivers/firmware/qcom/qcom_scm.c | 119 ++++ > drivers/firmware/qcom/qcom_scm.h | 7 + > drivers/firmware/qcom/qcom_tzmem.c | 63 ++- > drivers/tee/Kconfig | 1 + > drivers/tee/Makefile | 1 + > drivers/tee/qcomtee/Kconfig | 12 + > drivers/tee/qcomtee/Makefile | 9 + > drivers/tee/qcomtee/async.c | 182 ++++++ > drivers/tee/qcomtee/call.c | 820 +++++++++++++++++++++++++++ > drivers/tee/qcomtee/core.c | 915 +++++++++++++++++++++++++++++++ > drivers/tee/qcomtee/mem_obj.c | 169 ++++++ > drivers/tee/qcomtee/primordial_obj.c | 113 ++++ > drivers/tee/qcomtee/qcomtee.h | 185 +++++++ > drivers/tee/qcomtee/qcomtee_msg.h | 304 ++++++++++ > drivers/tee/qcomtee/qcomtee_object.h | 316 +++++++++++ > drivers/tee/qcomtee/shm.c | 150 +++++ > drivers/tee/qcomtee/user_obj.c | 692 +++++++++++++++++++++++ > drivers/tee/tee_core.c | 127 ++++- > drivers/tee/tee_private.h | 6 - > include/linux/firmware/qcom/qcom_scm.h | 6 + > include/linux/firmware/qcom/qcom_tzmem.h | 15 + > include/linux/tee_core.h | 54 +- > include/linux/tee_drv.h | 12 + > include/uapi/linux/tee.h | 56 +- > 27 files changed, 4410 insertions(+), 28 deletions(-) > --- > base-commit: 8b8aefa5a5c7d4a65883e5653cf12f94c0b68dbf > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > Best regards, > -- > Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> >

3 months

2
2
0 0

[PATCH v4 0/3] Batch 2 of rust gem shmem work

by Lyude Paul

Now that we're getting close to reaching the finish line for upstreaming the rust gem shmem bindings, we've got another batch of patches that have been reviewed and can be safely pushed to drm-rust-next independently of the rest of the series. These patches of course apply against the drm-rust-next branch, and are part of the gem shmem series, the latest version of which can be found here: https://patchwork.freedesktop.org/series/146465/ Lyude Paul (3): drm/gem/shmem: Extract drm_gem_shmem_init() from drm_gem_shmem_create() drm/gem/shmem: Extract drm_gem_shmem_release() from drm_gem_shmem_free() rust: Add dma_buf stub bindings drivers/gpu/drm/drm_gem_shmem_helper.c | 98 ++++++++++++++++++-------- include/drm/drm_gem_shmem_helper.h | 2 + rust/kernel/dma_buf.rs | 40 +++++++++++ rust/kernel/lib.rs | 1 + 4 files changed, 111 insertions(+), 30 deletions(-) create mode 100644 rust/kernel/dma_buf.rs base-commit: cf4fd52e323604ccfa8390917593e1fb965653ee -- 2.51.0

3 months

2
8
0 0

Re: (subset) [PATCH v12 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Bjorn Andersson

On Thu, 11 Sep 2025 21:07:39 -0700, Amirreza Zarrabi wrote: > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > > [...] Applied, thanks! [01/11] firmware: qcom: tzmem: export shm_bridge create/delete commit: 8aa1e3a6f0ffbcfdf3bd7d87feb9090f96c54bc4 [02/11] firmware: qcom: scm: add support for object invocation commit: 4b700098c0fc4a76c5c1e54465c8f35e13755294 Best regards, -- Bjorn Andersson <andersson(a)kernel.org>

3 months

1
0
0 0

Re: [PATCH v1 10/10] vfio/pci: Add dma-buf export support for MMIO regions

by Leon Romanovsky

On Fri, Sep 12, 2025 at 11:55:29AM -0700, Alex Mastro wrote: > On Mon, Aug 04, 2025 at 04:00:45PM +0300, Leon Romanovsky wrote: > > +static void dma_ranges_to_p2p_phys(struct vfio_pci_dma_buf *priv, > > + struct vfio_device_feature_dma_buf *dma_buf, > > + struct vfio_region_dma_range *dma_ranges) > > +{ > > + struct pci_dev *pdev = priv->vdev->pdev; > > + phys_addr_t pci_start; > > + int i; > > + > > + pci_start = pci_resource_start(pdev, dma_buf->region_index); > > + for (i = 0; i < dma_buf->nr_ranges; i++) { > > + priv->phys_vec[i].len = dma_ranges[i].length; > > + priv->phys_vec[i].paddr += pci_start + dma_ranges[i].offset; > > Is the intent really to += paddr? I would have expected a plain assignment. In this specific case, there is no difference, because phys_vec is initialized to 0, but It needs to be "=" and not "+=". > > > + priv->size += priv->phys_vec[i].len; > > + } > > + priv->nr_ranges = dma_buf->nr_ranges; > > +} > > ... > > > + priv->phys_vec = kcalloc(get_dma_buf.nr_ranges, sizeof(*priv->phys_vec), > > + GFP_KERNEL); > > + if (!priv->phys_vec) { > > + ret = -ENOMEM; > > + goto err_free_priv; > > + } > > + > > + priv->vdev = vdev; > > + dma_ranges_to_p2p_phys(priv, &get_dma_buf, dma_ranges); >

3 months

1
0
0 0

[PATCH v12 0/9] TEE subsystem for protected dma-buf allocations

by Jens Wiklander

Hi, This patch set allocates the protected DMA-bufs from a DMA-heap instantiated from the TEE subsystem. The TEE subsystem handles the DMA-buf allocations since it is the TEE (OP-TEE, AMD-TEE, TS-TEE, or perhaps a future QTEE) which sets up the protection for the memory used for the DMA-bufs. The DMA-heap uses a protected memory pool provided by the backend TEE driver, allowing it to choose how to allocate the protected physical memory. The allocated DMA-bufs must be imported with a new TEE_IOC_SHM_REGISTER_FD before they can be passed as arguments when requesting services from the secure world. Three use-cases (Secure Video Playback, Trusted UI, and Secure Video Recording) have been identified so far to serve as examples of what can be expected. The use-cases have predefined DMA-heap names, "protected,secure-video", "protected,trusted-ui", and "protected,secure-video-record". The backend driver registers protected memory pools for the use-cases it supports. Each use-case has its own protected memory pool since different use-cases require isolation from different parts of the system. A protected memory pool can be based on a static carveout instantiated while probing the TEE backend driver, or dynamically allocated from CMA (dma_alloc_pages()) and made protected as needed by the TEE. This can be tested on a RockPi 4B+ with the following steps: repo init -u https://github.com/jenswi-linaro/manifest.git -m rockpi4.xml \ -b prototype/sdp-v12 repo sync -j8 cd build make toolchains -j$(nproc) make all -j$(nproc) # Copy ../out/rockpi4.img to an SD card and boot the RockPi from that # Connect a monitor to the RockPi # login and at the prompt: gst-launch-1.0 videotestsrc ! \ aesenc key=1f9423681beb9a79215820f6bda73d0f \ iv=e9aa8e834d8d70b7e0d254ff670dd718 serialize-iv=true ! \ aesdec key=1f9423681beb9a79215820f6bda73d0f ! \ kmssink The aesdec module has been hacked to use an OP-TEE TA to decrypt the stream into protected DMA-bufs which are consumed by the kmssink. The primitive QEMU tests from previous patch sets can be tested on RockPi in the same way using: xtest --sdp-basic The primitive tests are tested on QEMU with the following steps: repo init -u https://github.com/jenswi-linaro/manifest.git -m qemu_v8.xml \ -b prototype/sdp-v12 repo sync -j8 cd build make toolchains -j$(nproc) make SPMC_AT_EL=1 all -j$(nproc) make SPMC_AT_EL=1 run-only # login and at the prompt: xtest --sdp-basic The SPMC_AT_EL=1 parameter configures the build with FF-A and an SPMC at S-EL1 inside OP-TEE. The parameter can be changed to SPMC_AT_EL=n to test without FF-A using the original SMC ABI instead. Please remember to do %make arm-tf-clean for TF-A to be rebuilt properly using the new configuration. https://optee.readthedocs.io/en/latest/building/prerequisites.html list dependencies required to build the above. The primitive tests are pretty basic, mostly checking that a Trusted Application in the secure world can access and manipulate the memory. There are also some negative tests for out of bounds buffers, etc. Thanks, Jens Changes since V11: * In "dma-buf: dma-heap: export declared functions": - use EXPORT_SYMBOL_NS_GPL() - Added TJ's R-B and Sumit's Ack * In "tee: implement protected DMA-heap", import the namespaces "DMA_BUF" and "DMA_BUF_HEAP" as needed. Changes since V10: * Changed the new ABI OPTEE_MSG_CMD_GET_PROTMEM_CONFIG to report a list of u32 memory attributes instead of u16 endpoints to make room for both endpoint and access permissions in each entry. * In "tee: new ioctl to a register tee_shm from a dmabuf file descriptor", remove the unused path for DMA-bufs allocated by other means than the on in the TEE SS. * In "tee: implement protected DMA-heap", handle unloading of the backend driver module implementing the heap. The heap is reference counted and also calls tee_device_get() to guarantee that the module remains available while the heap is instantiated. * In "optee: support protected memory allocation", use dma_coerce_mask_and_coherent() instead of open-coding the function. * Added Sumit's R-B to - "optee: smc abi: dynamic protected memory allocation" - "optee: FF-A: dynamic protected memory allocation" - "optee: support protected memory allocation" - "tee: implement protected DMA-heap" - "dma-buf: dma-heap: export declared functions" Changes since V9: * Adding Sumit's R-B to "optee: sync secure world ABI headers" * Update commit message as requested for "dma-buf: dma-heap: export declared functions". * In "tee: implement protected DMA-heap": - add the hidden config option TEE_DMABUF_HEAPS to tell if the TEE subsystem can support DMA heaps - add a pfn_valid() to check that the passed physical address can be used by __pfn_to_page() and friends - remove the memremap() call, the caller is should do that instead if needed * In "tee: add tee_shm_alloc_dma_mem()" guard the calls to dma_alloc_pages() and dma_free_pages() with TEE_DMABUF_HEAPS to avoid linking errors in some configurations * In "optee: support protected memory allocation": - add the hidden config option OPTEE_STATIC_PROTMEM_POOL to tell if the driver can support a static protected memory pool - optee_protmem_pool_init() is slightly refactored to make the patches that follow easier - Call devm_memremap() before calling tee_protmem_static_pool_alloc() Changes since V8: * Using dma_alloc_pages() instead of cma_alloc() so the direct dependency on CMA can be removed together with the patches "cma: export cma_alloc() and cma_release()" and "dma-contiguous: export dma_contiguous_default_area". The patch * Renaming the patch "tee: add tee_shm_alloc_cma_phys_mem()" to "tee: add tee_shm_alloc_dma_mem()" * Setting DMA mask for the OP-TEE TEE device based on input from the secure world instead of relying on the parent device so following patches are removed: "tee: tee_device_alloc(): copy dma_mask from parent device" and "optee: pass parent device to tee_device_alloc()". * Adding Sumit Garg's R-B to "tee: refactor params_from_user()" * In the patch "tee: implement protected DMA-heap", map the physical memory passed to tee_protmem_static_pool_alloc(). Changes since V7: * Adding "dma-buf: dma-heap: export declared functions", "cma: export cma_alloc() and cma_release()", and "dma-contiguous: export dma_contiguous_default_area" to export the symbols needed to keep the TEE subsystem as a load module. * Removing CONFIG_TEE_DMABUF_HEAP and CONFIG_TEE_CMA since they aren't needed any longer. * Addressing review comments in "optee: sync secure world ABI headers" * Better align protected memory pool initialization between the smc-abi and ffa-abi parts of the optee driver. * Removing the patch "optee: account for direction while converting parameters" Changes since V6: * Restricted memory is now known as protected memory since to use the same term as https://docs.vulkan.org/guide/latest/protected.html. Update all patches to consistently use protected memory. * In "tee: implement protected DMA-heap" add the hidden config option TEE_DMABUF_HEAP to tell if the DMABUF_HEAPS functions are available for the TEE subsystem * Adding "tee: refactor params_from_user()", broken out from the patch "tee: new ioctl to a register tee_shm from a dmabuf file descriptor" * For "tee: new ioctl to a register tee_shm from a dmabuf file descriptor": - Update commit message to mention protected memory - Remove and open code tee_shm_get_parent_shm() in param_from_user_memref() * In "tee: add tee_shm_alloc_cma_phys_mem" add the hidden config option TEE_CMA to tell if the CMA functions are available for the TEE subsystem * For "tee: tee_device_alloc(): copy dma_mask from parent device" and "optee: pass parent device to tee_device_alloc", added Reviewed-by: Sumit Garg <sumit.garg(a)kernel.org> Changes since V5: * Removing "tee: add restricted memory allocation" and "tee: add TEE_IOC_RSTMEM_FD_INFO" * Adding "tee: implement restricted DMA-heap", "tee: new ioctl to a register tee_shm from a dmabuf file descriptor", "tee: add tee_shm_alloc_cma_phys_mem()", "optee: pass parent device to tee_device_alloc()", and "tee: tee_device_alloc(): copy dma_mask from parent device" * The two TEE driver OPs "rstmem_alloc()" and "rstmem_free()" are replaced with a struct tee_rstmem_pool abstraction. * Replaced the the TEE_IOC_RSTMEM_ALLOC user space API with the DMA-heap API Changes since V4: * Adding the patch "tee: add TEE_IOC_RSTMEM_FD_INFO" needed by the GStreamer demo * Removing the dummy CPU access and mmap functions from the dma_buf_ops * Fixing a compile error in "optee: FF-A: dynamic restricted memory allocation" reported by kernel test robot <lkp(a)intel.com> Changes since V3: * Make the use_case and flags field in struct tee_shm u32's instead of u16's * Add more description for TEE_IOC_RSTMEM_ALLOC in the header file * Import namespace DMA_BUF in module tee, reported by lkp(a)intel.com * Added a note in the commit message for "optee: account for direction while converting parameters" why it's needed * Factor out dynamic restricted memory allocation from "optee: support restricted memory allocation" into two new commits "optee: FF-A: dynamic restricted memory allocation" and "optee: smc abi: dynamic restricted memory allocation" * Guard CMA usage with #ifdef CONFIG_CMA, effectively disabling dynamic restricted memory allocate if CMA isn't configured Changes since the V2 RFC: * Based on v6.12 * Replaced the flags for SVP and Trusted UID memory with a u32 field with unique id for each use case * Added dynamic allocation of restricted memory pools * Added OP-TEE ABI both with and without FF-A for dynamic restricted memory * Added support for FF-A with FFA_LEND Changes since the V1 RFC: * Based on v6.11 * Complete rewrite, replacing the restricted heap with TEE_IOC_RSTMEM_ALLOC Changes since Olivier's post [2]: * Based on Yong Wu's post [1] where much of dma-buf handling is done in the generic restricted heap * Simplifications and cleanup * New commit message for "dma-buf: heaps: add Linaro restricted dmabuf heap support" * Replaced the word "secure" with "restricted" where applicable Etienne Carriere (1): tee: new ioctl to a register tee_shm from a dmabuf file descriptor Jens Wiklander (8): optee: sync secure world ABI headers dma-buf: dma-heap: export declared functions tee: implement protected DMA-heap tee: refactor params_from_user() tee: add tee_shm_alloc_dma_mem() optee: support protected memory allocation optee: FF-A: dynamic protected memory allocation optee: smc abi: dynamic protected memory allocation drivers/dma-buf/dma-heap.c | 4 + drivers/tee/Kconfig | 5 + drivers/tee/Makefile | 1 + drivers/tee/optee/Kconfig | 5 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/core.c | 7 + drivers/tee/optee/ffa_abi.c | 146 ++++++++- drivers/tee/optee/optee_ffa.h | 27 +- drivers/tee/optee/optee_msg.h | 84 ++++- drivers/tee/optee/optee_private.h | 15 +- drivers/tee/optee/optee_smc.h | 37 ++- drivers/tee/optee/protmem.c | 335 ++++++++++++++++++++ drivers/tee/optee/smc_abi.c | 141 ++++++++- drivers/tee/tee_core.c | 158 +++++++--- drivers/tee/tee_heap.c | 500 ++++++++++++++++++++++++++++++ drivers/tee/tee_private.h | 14 + drivers/tee/tee_shm.c | 157 +++++++++- include/linux/tee_core.h | 59 ++++ include/linux/tee_drv.h | 10 + include/uapi/linux/tee.h | 31 ++ 20 files changed, 1670 insertions(+), 67 deletions(-) create mode 100644 drivers/tee/optee/protmem.c create mode 100644 drivers/tee/tee_heap.c base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9 -- 2.43.0

3 months

1
10
0 0

[PATCH v7 0/5] dma-buf: heaps: Create a CMA heap for each CMA reserved region

by Maxime Ripard

Hi, Here's another attempt at supporting user-space allocations from a specific carved-out reserved memory region. The initial problem we were discussing was that I'm currently working on a platform which has a memory layout with ECC enabled. However, enabling the ECC has a number of drawbacks on that platform: lower performance, increased memory usage, etc. So for things like framebuffers, the trade-off isn't great and thus there's a memory region with ECC disabled to allocate from for such use cases. After a suggestion from John, I chose to first start using heap allocations flags to allow for userspace to ask for a particular ECC setup. This is then backed by a new heap type that runs from reserved memory chunks flagged as such, and the existing DT properties to specify the ECC properties. After further discussion, it was considered that flags were not the right solution, and relying on the names of the heaps would be enough to let userspace know the kind of buffer it deals with. Thus, even though the uAPI part of it had been dropped in this second version, we still needed a driver to create heaps out of carved-out memory regions. In addition to the original usecase, a similar driver can be found in BSPs from most vendors, so I believe it would be a useful addition to the kernel. Some extra discussion with Rob Herring [1] came to the conclusion that some specific compatible for this is not great either, and as such an new driver probably isn't called for either. Some other discussions we had with John [2] also dropped some hints that multiple CMA heaps might be a good idea, and some vendors seem to do that too. So here's another attempt that doesn't affect the device tree at all and will just create a heap for every CMA reserved memory region. It also falls nicely into the current plan we have to support cgroups in DRM/KMS and v4l2, which is an additional benefit. Let me know what you think, Maxime 1: https://lore.kernel.org/all/20250707-cobalt-dingo-of-serenity-dbf92c@houat/ 2: https://lore.kernel.org/all/CANDhNCroe6ZBtN_o=c71kzFFaWK-fF5rCdnr9P5h1sgPOW… Let me know what you think, Maxime Signed-off-by: Maxime Ripard <mripard(a)kernel.org> --- Changes in v7: - Invert the logic and register CMA heap from the reserved memory / dma contiguous code, instead of iterating over them from the CMA heap. - Link to v6: https://lore.kernel.org/r/20250709-dma-buf-ecc-heap-v6-0-dac9bf80f35d@kerne… Changes in v6: - Drop the new driver and allocate a CMA heap for each region now - Dropped the binding - Rebased on 6.16-rc5 - Link to v5: https://lore.kernel.org/r/20250617-dma-buf-ecc-heap-v5-0-0abdc5863a4f@kerne… Changes in v5: - Rebased on 6.16-rc2 - Switch from property to dedicated binding - Link to v4: https://lore.kernel.org/r/20250520-dma-buf-ecc-heap-v4-1-bd2e1f1bb42c@kerne… Changes in v4: - Rebased on 6.15-rc7 - Map buffers only when map is actually called, not at allocation time - Deal with restricted-dma-pool and shared-dma-pool - Reword Kconfig options - Properly report dma_map_sgtable failures - Link to v3: https://lore.kernel.org/r/20250407-dma-buf-ecc-heap-v3-0-97cdd36a5f29@kerne… Changes in v3: - Reworked global variable patch - Link to v2: https://lore.kernel.org/r/20250401-dma-buf-ecc-heap-v2-0-043fd006a1af@kerne… Changes in v2: - Add vmap/vunmap operations - Drop ECC flags uapi - Rebase on top of 6.14 - Link to v1: https://lore.kernel.org/r/20240515-dma-buf-ecc-heap-v1-0-54cbbd049511@kerne… --- Maxime Ripard (5): doc: dma-buf: List the heaps by name dma-buf: heaps: cma: Register list of CMA regions at boot dma: contiguous: Register reusable CMA regions at boot dma: contiguous: Reserve default CMA heap dma-buf: heaps: cma: Create CMA heap for each CMA reserved region Documentation/userspace-api/dma-buf-heaps.rst | 24 ++++++++------ MAINTAINERS | 1 + drivers/dma-buf/heaps/Kconfig | 10 ------ drivers/dma-buf/heaps/cma_heap.c | 47 +++++++++++++++++---------- include/linux/dma-buf/heaps/cma.h | 16 +++++++++ kernel/dma/contiguous.c | 11 +++++++ 6 files changed, 72 insertions(+), 37 deletions(-) --- base-commit: 47633099a672fc7bfe604ef454e4f116e2c954b1 change-id: 20240515-dma-buf-ecc-heap-28a311d2c94e prerequisite-message-id: <20250610131231.1724627-1-jkangas(a)redhat.com> prerequisite-patch-id: bc44be5968feb187f2bc1b8074af7209462b18e7 prerequisite-patch-id: f02a91b723e5ec01fbfedf3c3905218b43d432da prerequisite-patch-id: e944d0a3e22f2cdf4d3b3906e5603af934696deb Best regards, -- Maxime Ripard <mripard(a)kernel.org>

3 months

2
10
0 0

Re: [PATCH v11 2/9] dma-buf: dma-heap: export declared functions

by T.J. Mercier

On Wed, Aug 13, 2025 at 11:13 PM Sumit Garg <sumit.garg(a)kernel.org> wrote: > > On Wed, Aug 13, 2025 at 08:02:51AM +0200, Jens Wiklander wrote: > > Export the dma-buf heap functions to allow them to be used by the OP-TEE > > driver. The OP-TEE driver wants to register and manage specific secure > > DMA heaps with it. > > > > Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> > > Reviewed-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> > > --- > > drivers/dma-buf/dma-heap.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > Can we get an ack from DMAbuf maintainers here? With that we should be > able to queue this patch-set for linux-next targetting the 6.18 merge > window. > > -Sumit Reviewed-by: T.J. Mercier <tjmercier(a)google.com> Sorry I haven't been able to participate much upstream lately. > > > diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c > > index 3cbe87d4a464..cdddf0e24dce 100644 > > --- a/drivers/dma-buf/dma-heap.c > > +++ b/drivers/dma-buf/dma-heap.c > > @@ -202,6 +202,7 @@ void *dma_heap_get_drvdata(struct dma_heap *heap) > > { > > return heap->priv; > > } > > +EXPORT_SYMBOL(dma_heap_get_drvdata); > > > > /** > > * dma_heap_get_name - get heap name > > @@ -214,6 +215,7 @@ const char *dma_heap_get_name(struct dma_heap *heap) > > { > > return heap->name; > > } > > +EXPORT_SYMBOL(dma_heap_get_name); > > > > /** > > * dma_heap_add - adds a heap to dmabuf heaps > > @@ -303,6 +305,7 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info) > > kfree(heap); > > return err_ret; > > } > > +EXPORT_SYMBOL(dma_heap_add); > > > > static char *dma_heap_devnode(const struct device *dev, umode_t *mode) > > { > > -- > > 2.43.0 > >

3 months

3
4
0 0

Re: [PATCH v11 05/11] tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF

by Jens Wiklander

Hi Amir, On Thu, Sep 11, 2025 at 5:41 AM Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> wrote: > > For drivers that can transfer data to the TEE without using shared > memory from client, it is necessary to receive the user address > directly, bypassing any processing by the TEE subsystem. Introduce > TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent > userspace buffers. > > Reviewed-by: Sumit Garg <sumit.garg(a)oss.qualcomm.com> > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> > Tested-by: Harshal Dev <quic_hdev(a)quicinc.com> > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > --- > drivers/tee/tee_core.c | 33 +++++++++++++++++++++++++++++++++ > include/linux/tee_drv.h | 6 ++++++ > include/uapi/linux/tee.h | 22 ++++++++++++++++------ > 3 files changed, 55 insertions(+), 6 deletions(-) > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c > index f8534a00c56c..bb2e3a6c23a3 100644 > --- a/drivers/tee/tee_core.c > +++ b/drivers/tee/tee_core.c > @@ -457,6 +457,17 @@ static int params_from_user(struct tee_context *ctx, struct tee_param *params, > params[n].u.value.b = ip.b; > params[n].u.value.c = ip.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + params[n].u.ubuf.uaddr = u64_to_user_ptr(ip.a); > + params[n].u.ubuf.size = ip.b; > + > + if (!access_ok(params[n].u.ubuf.uaddr, > + params[n].u.ubuf.size)) > + return -EFAULT; > + > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > @@ -490,6 +501,11 @@ static int params_to_user(struct tee_ioctl_param __user *uparams, > put_user(p->u.value.c, &up->c)) > return -EFAULT; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + if (put_user((u64)p->u.ubuf.size, &up->b)) > + return -EFAULT; > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > if (put_user((u64)p->u.memref.size, &up->b)) > @@ -690,6 +706,13 @@ static int params_to_supp(struct tee_context *ctx, > ip.b = p->u.value.b; > ip.c = p->u.value.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + ip.a = (__force u64)p->u.ubuf.uaddr; There's a warning on arm32: drivers/tee/tee_core.c: In function 'params_to_supp': drivers/tee/tee_core.c:821:32: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 821 | ip.a = (__force u64)p->u.ubuf.uaddr; I think you need to cast to unsigned long instead. Cheers, Jens > + ip.b = p->u.ubuf.size; > + ip.c = 0; > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > @@ -792,6 +815,16 @@ static int params_from_supp(struct tee_param *params, size_t num_params, > p->u.value.b = ip.b; > p->u.value.c = ip.c; > break; > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT: > + case TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT: > + p->u.ubuf.uaddr = u64_to_user_ptr(ip.a); > + p->u.ubuf.size = ip.b; > + > + if (!access_ok(params[n].u.ubuf.uaddr, > + params[n].u.ubuf.size)) > + return -EFAULT; > + > + break; > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT: > case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT: > /* > diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h > index 824f1251de60..7915e8869cbd 100644 > --- a/include/linux/tee_drv.h > +++ b/include/linux/tee_drv.h > @@ -82,6 +82,11 @@ struct tee_param_memref { > struct tee_shm *shm; > }; > > +struct tee_param_ubuf { > + void __user *uaddr; > + size_t size; > +}; > + > struct tee_param_value { > u64 a; > u64 b; > @@ -92,6 +97,7 @@ struct tee_param { > u64 attr; > union { > struct tee_param_memref memref; > + struct tee_param_ubuf ubuf; > struct tee_param_value value; > } u; > }; > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h > index d843cf980d98..0e3b735dcfca 100644 > --- a/include/uapi/linux/tee.h > +++ b/include/uapi/linux/tee.h > @@ -151,6 +151,13 @@ struct tee_ioctl_buf_data { > #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6 > #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */ > > +/* > + * These defines userspace buffer parameters. > + */ > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT 8 > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_OUTPUT 9 > +#define TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INOUT 10 /* input and output */ > + > /* > * Mask for the type part of the attribute, leaves room for more types > */ > @@ -186,14 +193,17 @@ struct tee_ioctl_buf_data { > /** > * struct tee_ioctl_param - parameter > * @attr: attributes > - * @a: if a memref, offset into the shared memory object, else a value parameter > - * @b: if a memref, size of the buffer, else a value parameter > + * @a: if a memref, offset into the shared memory object, > + * else if a ubuf, address of the user buffer, > + * else a value parameter > + * @b: if a memref or ubuf, size of the buffer, else a value parameter > * @c: if a memref, shared memory identifier, else a value parameter > * > - * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in > - * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and > - * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE > - * indicates that none of the members are used. > + * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref, ubuf, or value is > + * used in the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value, > + * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref, and TEE_PARAM_ATTR_TYPE_UBUF_* > + * indicates ubuf. TEE_PARAM_ATTR_TYPE_NONE indicates that none of the members > + * are used. > * > * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an > * identifier representing the shared memory object. A memref can reference > > -- > 2.34.1 >

3 months

1
0
0 0

Re: [PATCH v9 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Bjorn Andersson

On Mon, Sep 01, 2025 at 09:55:47PM -0700, Amirreza Zarrabi wrote: > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > > Kernel and userspace services are also available to QTEE through a > similar approach. QTEE makes callback requests that are converted into > object invocations. These objects can represent services within the > kernel or userspace process. > > Note: This patch series focuses on QTEE objects and userspace services. > > Linux already provides a TEE subsystem, which is described in [1]. The > tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which > can be used by userspace to talk to a TEE backend driver. We extend the > Linux TEE subsystem to understand object parameters and an ioctl call so > client can invoke objects in QTEE: > > - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* > - TEE_IOC_OBJECT_INVOKE > > The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are > used for invoking services in the userspace process by QTEE. > > The TEE backend driver uses the QTEE Transport Message to communicate > with QTEE. Interactions through the object INVOKE interface are > translated into QTEE messages. Likewise, object invocations from QTEE > for userspace objects are converted into SEND/RECV ioctl calls to > supplicants. > > The details of QTEE Transport Message to communicate with QTEE is > available in [PATCH 12/12] Documentation: tee: Add Qualcomm TEE driver. > > You can run basic tests with following steps: > git clone https://github.com/quic/quic-teec.git > cd quic-teec > mkdir build > cmake .. -DCMAKE_TOOLCHAIN_FILE=CMakeToolchain.txt -DBUILD_UNITTEST=ON > > https://github.com/quic/quic-teec/blob/main/README.md lists dependencies > needed to build the above. > > More comprehensive tests are availabe at > https://github.com/qualcomm/minkipc. > > root@qcom-armv8a:~# qtee_supplicant & > root@qcom-armv8a:~# qtee_supplicant: process entry PPID = 378 > Total listener services to start = 4 > Opening CRequestTABuffer_open > Path /data/ > register_service ::Opening CRegisterTABufCBO_UID > Calling TAbufCBO Register > QTEE_SUPPLICANT RUNNING > > root@qcom-armv8a:~# smcinvoke_client -c /data 1 > Run callback obj test... > Load /data/tzecotestapp.mbn, size 52192, buf 0x1e44ba0. > System Time: 2024-02-27 17:26:31 > PASSED - Callback tests with Buffer inputs. > PASSED - Callback tests with Remote and Callback object inputs. > PASSED - Callback tests with Memory Object inputs. > TEST PASSED! > root@qcom-armv8a:~# > root@qcom-armv8a:~# smcinvoke_client -m /data 1 > Run memory obj test... > Load /data/tzecotestapp.mbn, size 52192, buf 0x26cafba0. > System Time: 2024-02-27 17:26:39 > PASSED - Single Memory Object access Test. > PASSED - Two Memory Object access Test. > TEST PASSED! > > This series has been tested for QTEE object invocations, including > loading a TA, requesting services from the TA, memory sharing, and > handling callback requests to a supplicant. > > Tested platforms: sm8650-mtp, sm8550-qrd, sm8650-qrd, sm8650-hdk > > [1] https://www.kernel.org/doc/Documentation/tee.txt > > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > Changes in v9: > - Remove unnecessary logging in qcom_scm_probe(). > - Replace the platform_device_alloc()/add() sequence with > platform_device_register_data(). > - Fixed sparse warning. > - Fixed documentation typo. > - Link to v8: > https://lore.kernel.org/r/20250820-qcom-tee-using-tee-ss-without-mem-obj-v8… > > Changes in v8: > - Check if arguments to qcom_scm_qtee_invoke_smc() and > qcom_scm_qtee_callback_response() are NULL. > - Add CPU_BIG_ENDIAN as a dependency to Kconfig. > - Fixed kernel bot errors. > - Link to v7: > https://lore.kernel.org/r/20250812-qcom-tee-using-tee-ss-without-mem-obj-v7… > > Changes in v7: > - Updated copyrights. > - Updated Acked-by: tags. > - Fixed kernel bot errors. > - Link to v6: > https://lore.kernel.org/r/20250713-qcom-tee-using-tee-ss-without-mem-obj-v6… > > Changes in v6: > - Relocate QTEE version into the driver's main service structure. > - Simplfies qcomtee_objref_to_arg() and qcomtee_objref_from_arg(). > - Enhanced the return logic of qcomtee_object_do_invoke_internal(). > - Improve comments and remove redundant checks. > - Improve helpers in qcomtee_msh.h to use GENMASK() and FIELD_GET(). > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > - Link to v5: > https://lore.kernel.org/r/20250526-qcom-tee-using-tee-ss-without-mem-obj-v5… > > Changes in v5: > - Remove references to kernel services and public APIs. > - Support auto detection for failing devices (e.g., RB1, RB4). > - Add helpers for obtaining client environment and service objects. > - Query the QTEE version and print it. > - Move remaining static variables, including the object table, to struct > qcomtee. > - Update TEE_MAX_ARG_SIZE to 4096. > - Add a dependancy to QCOM_TZMEM_MODE_SHMBRIDGE in Kconfig > - Reorganize code by removing release.c and qcom_scm.c. > - Add more error messages and improve comments. > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > - Link to v4: https://lore.kernel.org/r/20250428-qcom-tee-using-tee-ss-without-mem-obj-v4… > > Changes in v4: > - Move teedev_ctx_get/put and tee_device_get/put to tee_core.h. > - Rename object to id in struct tee_ioctl_object_invoke_arg. > - Replace spinlock with mutex for qtee_objects_idr. > - Move qcomtee_object_get to qcomtee_user/memobj_param_to_object. > - More code cleanup following the comments. > - Cleanup documentations. > - Update MAINTAINERS file. > - Link to v3: https://lore.kernel.org/r/20250327-qcom-tee-using-tee-ss-without-mem-obj-v3… > > Changes in v3: > - Export shm_bridge create/delete APIs. > - Enable support for QTEE memory objects. > - Update the memory management code to use the TEE subsystem for all > allocations using the pool. > - Move all driver states into the driver's main service struct. > - Add more documentations. > - Link to v2: https://lore.kernel.org/r/20250202-qcom-tee-using-tee-ss-without-mem-obj-v2… > > Changes in v2: > - Clean up commit messages and comments. > - Use better names such as ubuf instead of membuf or QCOMTEE prefix > instead of QCOM_TEE, or names that are more consistent with other > TEE-backend drivers such as qcomtee_context_data instead of > qcom_tee_context. > - Drop the DTS patch and instantiate the device from the scm driver. > - Use a single structure for all driver's internal states. > - Drop srcu primitives and use the existing mutex for synchronization > between the supplicant and QTEE. > - Directly use tee_context to track the lifetime of qcomtee_context_data. > - Add close_context() to be called when the user closes the tee_context. > - Link to v1: https://lore.kernel.org/r/20241202-qcom-tee-using-tee-ss-without-mem-obj-v1… > > Changes in v1: > - It is a complete rewrite to utilize the TEE subsystem. > - Link to RFC: https://lore.kernel.org/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3d… > > --- > Amirreza Zarrabi (11): > tee: allow a driver to allocate a tee_device without a pool > tee: add close_context to TEE driver operation > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > tee: increase TEE_MAX_ARG_SIZE to 4096 > firmware: qcom: scm: add support for object invocation > firmware: qcom: tzmem: export shm_bridge create/delete These two patches are for code maintained by me, the rest by Jens. So we will have to dance to get this merged. Is there are reason why these two are in the middle of the series? Do they need to come after the first 5 but before the next 3? Regards, Bjorn > tee: add Qualcomm TEE driver > tee: qcom: add primordial object > tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl > Documentation: tee: Add Qualcomm TEE driver > > Documentation/tee/index.rst | 1 + > Documentation/tee/qtee.rst | 96 ++++ > MAINTAINERS | 7 + > drivers/firmware/qcom/qcom_scm.c | 124 +++++ > drivers/firmware/qcom/qcom_scm.h | 7 + > drivers/firmware/qcom/qcom_tzmem.c | 63 ++- > drivers/tee/Kconfig | 1 + > drivers/tee/Makefile | 1 + > drivers/tee/qcomtee/Kconfig | 12 + > drivers/tee/qcomtee/Makefile | 9 + > drivers/tee/qcomtee/async.c | 182 ++++++ > drivers/tee/qcomtee/call.c | 820 +++++++++++++++++++++++++++ > drivers/tee/qcomtee/core.c | 915 +++++++++++++++++++++++++++++++ > drivers/tee/qcomtee/mem_obj.c | 169 ++++++ > drivers/tee/qcomtee/primordial_obj.c | 113 ++++ > drivers/tee/qcomtee/qcomtee.h | 185 +++++++ > drivers/tee/qcomtee/qcomtee_msg.h | 304 ++++++++++ > drivers/tee/qcomtee/qcomtee_object.h | 316 +++++++++++ > drivers/tee/qcomtee/shm.c | 150 +++++ > drivers/tee/qcomtee/user_obj.c | 692 +++++++++++++++++++++++ > drivers/tee/tee_core.c | 127 ++++- > drivers/tee/tee_private.h | 6 - > include/linux/firmware/qcom/qcom_scm.h | 6 + > include/linux/firmware/qcom/qcom_tzmem.h | 15 + > include/linux/tee_core.h | 54 +- > include/linux/tee_drv.h | 12 + > include/uapi/linux/tee.h | 56 +- > 27 files changed, 4415 insertions(+), 28 deletions(-) > --- > base-commit: 33bcf93b9a6b028758105680f8b538a31bc563cf > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > Best regards, > -- > Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> >

3 months

1
0
0 0

Re: [PATCH v9 06/11] firmware: qcom: scm: add support for object invocation

by Bjorn Andersson

On Mon, Sep 01, 2025 at 09:55:53PM -0700, Amirreza Zarrabi wrote: > Qualcomm TEE (QTEE) hosts Trusted Applications (TAs) and services in > the secure world, accessed via objects. A QTEE client can invoke these > objects to request services. Similarly, QTEE can request services from > the nonsecure world using objects exported to the secure world. > > Add low-level primitives to facilitate the invocation of objects hosted > in QTEE, as well as those hosted in the nonsecure world. > > If support for object invocation is available, the qcom_scm allocates > a dedicated child platform device. The driver for this device communicates > with QTEE using low-level primitives. > > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> > Tested-by: Harshal Dev <quic_hdev(a)quicinc.com> > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > --- > drivers/firmware/qcom/qcom_scm.c | 124 +++++++++++++++++++++++++++++++++ > drivers/firmware/qcom/qcom_scm.h | 7 ++ > include/linux/firmware/qcom/qcom_scm.h | 6 ++ > 3 files changed, 137 insertions(+) > > diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c > index edeae6cdcf31..739ee9819549 100644 > --- a/drivers/firmware/qcom/qcom_scm.c > +++ b/drivers/firmware/qcom/qcom_scm.c > @@ -2094,6 +2094,127 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm) > > #endif /* CONFIG_QCOM_QSEECOM */ > > +/** > + * qcom_scm_qtee_invoke_smc() - Invoke a QTEE object. > + * @inbuf: start address of memory area used for inbound buffer. > + * @inbuf_size: size of the memory area used for inbound buffer. > + * @outbuf: start address of memory area used for outbound buffer. > + * @outbuf_size: size of the memory area used for outbound buffer. > + * @result: result of QTEE object invocation. > + * @response_type: response type returned by QTEE. > + * > + * @response_type determines how the contents of @inbuf and @outbuf > + * should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_INVOKE, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = inbuf, > + .args[1] = inbuf_size, > + .args[2] = outbuf, > + .args[3] = outbuf_size, > + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RW, QCOM_SCM_VAL, > + QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + if (response_type) > + *response_type = res.result[0]; > + > + if (result) > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_invoke_smc); > + > +/** > + * qcom_scm_qtee_callback_response() - Submit response for callback request. > + * @buf: start address of memory area used for outbound buffer. > + * @buf_size: size of the memory area used for outbound buffer. > + * @result: Result of QTEE object invocation. > + * @response_type: Response type returned by QTEE. > + * > + * @response_type determines how the contents of @buf should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_CB_RSP, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = buf, > + .args[1] = buf_size, > + .arginfo = QCOM_SCM_ARGS(2, QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + if (response_type) > + *response_type = res.result[0]; > + > + if (result) > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_callback_response); > + > +static void qcom_scm_qtee_free(void *data) > +{ > + struct platform_device *qtee_dev = data; > + > + platform_device_unregister(qtee_dev); > +} > + > +static void qcom_scm_qtee_init(struct qcom_scm *scm) > +{ > + struct platform_device *qtee_dev; > + u64 result, response_type; > + int ret; > + > + /* > + * Probe for smcinvoke support. This will fail due to invalid buffers, > + * but first, it checks whether the call is supported in QTEE syscall > + * handler. If it is not supported, -EIO is returned. > + */ > + ret = qcom_scm_qtee_invoke_smc(0, 0, 0, 0, &result, &response_type); > + if (ret == -EIO) > + return; > + > + /* Setup QTEE interface device. */ > + qtee_dev = platform_device_register_data(scm->dev, "qcomtee", > + PLATFORM_DEVID_NONE, NULL, 0); > + if (IS_ERR(qtee_dev)) { > + dev_err(scm->dev, "qcomtee: register failed: %d\n", > + PTR_ERR(qtee_dev)); This isn't going to fail, and all expected paths that it would fail will be -ENOMEM which already printed a warning. So, I'd suggest that you resolve the LKP build warning by dropping the print. > + return; > + } > + > + ret = devm_add_action_or_reset(scm->dev, qcom_scm_qtee_free, qtee_dev); > + if (ret) > + dev_err(scm->dev, "qcomtee: add action failed: %d\n", ret); The only possible error here is -ENOMEM, so you can skip the print. Regards, Bjorn > +} > + > /** > * qcom_scm_is_available() - Checks if SCM is available > */ > @@ -2326,6 +2447,9 @@ static int qcom_scm_probe(struct platform_device *pdev) > ret = qcom_scm_qseecom_init(scm); > WARN(ret < 0, "failed to initialize qseecom: %d\n", ret); > > + /* Initialize the QTEE object interface. */ > + qcom_scm_qtee_init(scm); > + > return 0; > } > > diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h > index 0e8dd838099e..a56c8212cc0c 100644 > --- a/drivers/firmware/qcom/qcom_scm.h > +++ b/drivers/firmware/qcom/qcom_scm.h > @@ -156,6 +156,13 @@ int qcom_scm_shm_bridge_enable(struct device *scm_dev); > #define QCOM_SCM_SVC_GPU 0x28 > #define QCOM_SCM_SVC_GPU_INIT_REGS 0x01 > > +/* ARM_SMCCC_OWNER_TRUSTED_OS calls */ > + > +#define QCOM_SCM_SVC_SMCINVOKE 0x06 > +#define QCOM_SCM_SMCINVOKE_INVOKE_LEGACY 0x00 > +#define QCOM_SCM_SMCINVOKE_CB_RSP 0x01 > +#define QCOM_SCM_SMCINVOKE_INVOKE 0x02 > + > /* common error codes */ > #define QCOM_SCM_V2_EBUSY -12 > #define QCOM_SCM_ENOMEM -5 > diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h > index 0f667bf1d4d9..a55ca771286b 100644 > --- a/include/linux/firmware/qcom/qcom_scm.h > +++ b/include/linux/firmware/qcom/qcom_scm.h > @@ -175,4 +175,10 @@ static inline int qcom_scm_qseecom_app_send(u32 app_id, > > #endif /* CONFIG_QCOM_QSEECOM */ > > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type); > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type); > + > #endif > > -- > 2.34.1 >

3 months

1
0
0 0

Re: [PATCH v7 00/11] Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE)

by Jens Wiklander

On Tue, Sep 9, 2025 at 6:34 AM Sumit Garg <sumit.garg(a)kernel.org> wrote: > > On Tue, Aug 12, 2025 at 05:35:29PM -0700, Amirreza Zarrabi wrote: > > This patch series introduces a Trusted Execution Environment (TEE) > > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > > and services to run securely. It uses an object-based interface, where > > each service is an object with sets of operations. Clients can invoke > > these operations on objects, which can generate results, including other > > objects. For example, an object can load a TA and return another object > > that represents the loaded TA, allowing access to its services. > > > > Kernel and userspace services are also available to QTEE through a > > similar approach. QTEE makes callback requests that are converted into > > object invocations. These objects can represent services within the > > kernel or userspace process. > > > > Note: This patch series focuses on QTEE objects and userspace services. > > > > Linux already provides a TEE subsystem, which is described in [1]. The > > tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which > > can be used by userspace to talk to a TEE backend driver. We extend the > > Linux TEE subsystem to understand object parameters and an ioctl call so > > client can invoke objects in QTEE: > > > > - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* > > - TEE_IOC_OBJECT_INVOKE > > > > The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are > > used for invoking services in the userspace process by QTEE. > > > > The TEE backend driver uses the QTEE Transport Message to communicate > > with QTEE. Interactions through the object INVOKE interface are > > translated into QTEE messages. Likewise, object invocations from QTEE > > for userspace objects are converted into SEND/RECV ioctl calls to > > supplicants. > > > > The details of QTEE Transport Message to communicate with QTEE is > > available in [PATCH 12/12] Documentation: tee: Add Qualcomm TEE driver. > > > > You can run basic tests with following steps: > > git clone https://github.com/quic/quic-teec.git > > cd quic-teec > > mkdir build > > cmake .. -DCMAKE_TOOLCHAIN_FILE=CMakeToolchain.txt -DBUILD_UNITTEST=ON > > > > https://github.com/quic/quic-teec/blob/main/README.md lists dependencies > > needed to build the above. > > > > More comprehensive tests are availabe at > > https://github.com/qualcomm/minkipc. > > > > root@qcom-armv8a:~# qtee_supplicant & > > root@qcom-armv8a:~# qtee_supplicant: process entry PPID = 378 > > Total listener services to start = 4 > > Opening CRequestTABuffer_open > > Path /data/ > > register_service ::Opening CRegisterTABufCBO_UID > > Calling TAbufCBO Register > > QTEE_SUPPLICANT RUNNING > > > > root@qcom-armv8a:~# smcinvoke_client -c /data 1 > > Run callback obj test... > > Load /data/tzecotestapp.mbn, size 52192, buf 0x1e44ba0. > > System Time: 2024-02-27 17:26:31 > > PASSED - Callback tests with Buffer inputs. > > PASSED - Callback tests with Remote and Callback object inputs. > > PASSED - Callback tests with Memory Object inputs. > > TEST PASSED! > > root@qcom-armv8a:~# > > root@qcom-armv8a:~# smcinvoke_client -m /data 1 > > Run memory obj test... > > Load /data/tzecotestapp.mbn, size 52192, buf 0x26cafba0. > > System Time: 2024-02-27 17:26:39 > > PASSED - Single Memory Object access Test. > > PASSED - Two Memory Object access Test. > > TEST PASSED! > > > > This series has been tested for QTEE object invocations, including > > loading a TA, requesting services from the TA, memory sharing, and > > handling callback requests to a supplicant. > > > > Tested platforms: sm8650-mtp, sm8550-qrd, sm8650-qrd, sm8650-hdk > > > > [1] https://www.kernel.org/doc/Documentation/tee.txt > > > > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > > > At this point, I think this series is ready to be applied to linux-next. There are still some warnings in "[PATCH v9 06/11] firmware: qcom: scm: add support for object invocation" /Jens > > > Changes in v7: > > - Updated copyrights. > > - Updated Acked-by: tags. > > - Fixed kernel bot errors. > > - Link to v6: > > https://lore.kernel.org/r/20250713-qcom-tee-using-tee-ss-without-mem-obj-v6… > > > > Changes in v6: > > - Relocate QTEE version into the driver's main service structure. > > - Simplfies qcomtee_objref_to_arg() and qcomtee_objref_from_arg(). > > - Enhanced the return logic of qcomtee_object_do_invoke_internal(). > > - Improve comments and remove redundant checks. > > - Improve helpers in qcomtee_msh.h to use GENMASK() and FIELD_GET(). > > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > > - Link to v5: > > https://lore.kernel.org/r/20250526-qcom-tee-using-tee-ss-without-mem-obj-v5… > > > > Changes in v5: > > - Remove references to kernel services and public APIs. > > - Support auto detection for failing devices (e.g., RB1, RB4). > > - Add helpers for obtaining client environment and service objects. > > - Query the QTEE version and print it. > > - Move remaining static variables, including the object table, to struct > > qcomtee. > > - Update TEE_MAX_ARG_SIZE to 4096. > > - Add a dependancy to QCOM_TZMEM_MODE_SHMBRIDGE in Kconfig > > - Reorganize code by removing release.c and qcom_scm.c. > > - Add more error messages and improve comments. > > - updated Tested-by:, Acked-by:, and Reviewed-by: tags > > - Link to v4: https://lore.kernel.org/r/20250428-qcom-tee-using-tee-ss-without-mem-obj-v4… > > > > Changes in v4: > > - Move teedev_ctx_get/put and tee_device_get/put to tee_core.h. > > - Rename object to id in struct tee_ioctl_object_invoke_arg. > > - Replace spinlock with mutex for qtee_objects_idr. > > - Move qcomtee_object_get to qcomtee_user/memobj_param_to_object. > > - More code cleanup following the comments. > > - Cleanup documentations. > > - Update MAINTAINERS file. > > - Link to v3: https://lore.kernel.org/r/20250327-qcom-tee-using-tee-ss-without-mem-obj-v3… > > > > Changes in v3: > > - Export shm_bridge create/delete APIs. > > - Enable support for QTEE memory objects. > > - Update the memory management code to use the TEE subsystem for all > > allocations using the pool. > > - Move all driver states into the driver's main service struct. > > - Add more documentations. > > - Link to v2: https://lore.kernel.org/r/20250202-qcom-tee-using-tee-ss-without-mem-obj-v2… > > > > Changes in v2: > > - Clean up commit messages and comments. > > - Use better names such as ubuf instead of membuf or QCOMTEE prefix > > instead of QCOM_TEE, or names that are more consistent with other > > TEE-backend drivers such as qcomtee_context_data instead of > > qcom_tee_context. > > - Drop the DTS patch and instantiate the device from the scm driver. > > - Use a single structure for all driver's internal states. > > - Drop srcu primitives and use the existing mutex for synchronization > > between the supplicant and QTEE. > > - Directly use tee_context to track the lifetime of qcomtee_context_data. > > - Add close_context() to be called when the user closes the tee_context. > > - Link to v1: https://lore.kernel.org/r/20241202-qcom-tee-using-tee-ss-without-mem-obj-v1… > > > > Changes in v1: > > - It is a complete rewrite to utilize the TEE subsystem. > > - Link to RFC: https://lore.kernel.org/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3d… > > > > --- > > Amirreza Zarrabi (11): > > tee: allow a driver to allocate a tee_device without a pool > > tee: add close_context to TEE driver operation > > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF > > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > > tee: increase TEE_MAX_ARG_SIZE to 4096 > > > firmware: qcom: scm: add support for object invocation > > firmware: qcom: tzmem: export shm_bridge create/delete > > Bjorn/Konrad, > > Since majority of this series belong to TEE subsystem, are you folks > fine to ack these patches for Jens to pick them up for next? > > -Sumit > > > tee: add Qualcomm TEE driver > > qcomtee: add primordial object > > qcomtee: enable TEE_IOC_SHM_ALLOC ioctl > > Documentation: tee: Add Qualcomm TEE driver > > > > > > > Documentation/tee/index.rst | 1 + > > Documentation/tee/qtee.rst | 96 ++++ > > MAINTAINERS | 7 + > > drivers/firmware/qcom/qcom_scm.c | 128 +++++ > > drivers/firmware/qcom/qcom_scm.h | 7 + > > drivers/firmware/qcom/qcom_tzmem.c | 63 ++- > > drivers/tee/Kconfig | 1 + > > drivers/tee/Makefile | 1 + > > drivers/tee/qcomtee/Kconfig | 11 + > > drivers/tee/qcomtee/Makefile | 9 + > > drivers/tee/qcomtee/async.c | 183 ++++++ > > drivers/tee/qcomtee/call.c | 820 +++++++++++++++++++++++++++ > > drivers/tee/qcomtee/core.c | 920 +++++++++++++++++++++++++++++++ > > drivers/tee/qcomtee/mem_obj.c | 169 ++++++ > > drivers/tee/qcomtee/primordial_obj.c | 116 ++++ > > drivers/tee/qcomtee/qcomtee.h | 185 +++++++ > > drivers/tee/qcomtee/qcomtee_msg.h | 300 ++++++++++ > > drivers/tee/qcomtee/qcomtee_object.h | 316 +++++++++++ > > drivers/tee/qcomtee/shm.c | 150 +++++ > > drivers/tee/qcomtee/user_obj.c | 692 +++++++++++++++++++++++ > > drivers/tee/tee_core.c | 127 ++++- > > drivers/tee/tee_private.h | 6 - > > include/linux/firmware/qcom/qcom_scm.h | 6 + > > include/linux/firmware/qcom/qcom_tzmem.h | 15 + > > include/linux/tee_core.h | 54 +- > > include/linux/tee_drv.h | 12 + > > include/uapi/linux/tee.h | 56 +- > > 27 files changed, 4423 insertions(+), 28 deletions(-) > > --- > > base-commit: 2674d1eadaa2fd3a918dfcdb6d0bb49efe8a8bb9 > > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > > > Best regards, > > -- > > Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> > > > >

3 months, 1 week

1
0
0 0

Re: [PATCH v7 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support

by kernel test robot

Hi Jyothi, kernel test robot noticed the following build warnings: [auto build test WARNING on vkoul-dmaengine/next] [also build test WARNING on andi-shyti/i2c/i2c-host linus/master v6.17-rc4 next-20250905] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Jyothi-Kumar-Seerapu/dmaengi… base: https://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine.git next patch link: https://lore.kernel.org/r/20250903073059.2151837-3-quic_jseerapu%40quicinc.… patch subject: [PATCH v7 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20250906/202509062008.lSOdhd4U-lkp@…) compiler: gcc-13 (Debian 13.3.0-16) 13.3.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250906/202509062008.lSOdhd4U-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202509062008.lSOdhd4U-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/i2c/busses/i2c-qcom-geni.c: In function 'geni_i2c_gpi_multi_desc_unmap': >> drivers/i2c/busses/i2c-qcom-geni.c:576:42: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 576 | NULL, (dma_addr_t)NULL); | ^ vim +576 drivers/i2c/busses/i2c-qcom-geni.c 555 556 /** 557 * geni_i2c_gpi_multi_desc_unmap() - Unmaps DMA buffers post multi message TX transfers 558 * @gi2c: I2C dev handle 559 * @msgs: Array of I2C messages 560 * @peripheral: Pointer to gpi_i2c_config 561 */ 562 static void geni_i2c_gpi_multi_desc_unmap(struct geni_i2c_dev *gi2c, struct i2c_msg msgs[], 563 struct gpi_i2c_config *peripheral) 564 { 565 u32 msg_xfer_cnt, wr_idx = 0; 566 struct geni_i2c_gpi_multi_desc_xfer *tx_multi_xfer = &gi2c->i2c_multi_desc_config; 567 568 msg_xfer_cnt = gi2c->err ? tx_multi_xfer->msg_idx_cnt : tx_multi_xfer->irq_cnt; 569 570 /* Unmap the processed DMA buffers based on the received interrupt count */ 571 for (; tx_multi_xfer->unmap_msg_cnt < msg_xfer_cnt; tx_multi_xfer->unmap_msg_cnt++) { 572 wr_idx = tx_multi_xfer->unmap_msg_cnt; 573 geni_i2c_gpi_unmap(gi2c, &msgs[wr_idx], 574 tx_multi_xfer->dma_buf[wr_idx], 575 tx_multi_xfer->dma_addr[wr_idx], > 576 NULL, (dma_addr_t)NULL); 577 578 if (tx_multi_xfer->unmap_msg_cnt == gi2c->num_msgs - 1) { 579 kfree(tx_multi_xfer->dma_buf); 580 kfree(tx_multi_xfer->dma_addr); 581 break; 582 } 583 } 584 } 585 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

3 months, 1 week

1
0
0 0

[PATCH 0/9] dma-buf: heaps: Add Tegra VPR support

by Thierry Reding

From: Thierry Reding <treding(a)nvidia.com> Hi, This series adds support for the video protection region (VPR) used on Tegra SoC devices. It's a special region of memory that is protected from accesses by the CPU and used to store DRM protected content (both decrypted stream data as well as decoded video frames). Patches 1 and 2 add DT binding documentation for the VPR and add the VPR to the list of memory-region items for display and host1x. Patch 3 introduces new APIs needed by the Tegra VPR implementation that allow CMA areas to be dynamically created at runtime rather than using the fixed, system-wide list. This is used in this driver specifically because it can use an arbitrary number of these areas (though they are currently limited to 4). Patch 4 adds some infrastructure for DMA heap implementations to provide information through debugfs. The Tegra VPR implementation is added in patch 5. See its commit message for more details about the specifics of this implementation. Finally, patches 6-9 add the VPR placeholder node on Tegra234 and hook it up to the host1x and GPU nodes so that they can make use of this region. Thierry Thierry Reding (9): dt-bindings: reserved-memory: Document Tegra VPR dt-bindings: display: tegra: Document memory regions mm/cma: Allow dynamically creating CMA areas dma-buf: heaps: Add debugfs support dma-buf: heaps: Add support for Tegra VPR arm64: tegra: Add VPR placeholder node on Tegra234 arm64: tegra: Add GPU node on Tegra234 arm64: tegra: Hook up VPR to host1x arm64: tegra: Hook up VPR to the GPU .../display/tegra/nvidia,tegra186-dc.yaml | 10 + .../display/tegra/nvidia,tegra20-dc.yaml | 10 +- .../display/tegra/nvidia,tegra20-host1x.yaml | 7 + .../nvidia,tegra-video-protection-region.yaml | 55 ++ arch/arm64/boot/dts/nvidia/tegra234.dtsi | 57 ++ drivers/dma-buf/dma-heap.c | 56 ++ drivers/dma-buf/heaps/Kconfig | 7 + drivers/dma-buf/heaps/Makefile | 1 + drivers/dma-buf/heaps/tegra-vpr.c | 831 ++++++++++++++++++ include/linux/cma.h | 16 + include/linux/dma-heap.h | 2 + include/trace/events/tegra_vpr.h | 57 ++ mm/cma.c | 89 +- 13 files changed, 1175 insertions(+), 23 deletions(-) create mode 100644 Documentation/devicetree/bindings/reserved-memory/nvidia,tegra-video-protection-region.yaml create mode 100644 drivers/dma-buf/heaps/tegra-vpr.c create mode 100644 include/trace/events/tegra_vpr.h -- 2.50.0

3 months, 1 week

5
18
0 0

Re: [PATCH 3/9] mm/cma: Allow dynamically creating CMA areas

by Thierry Reding

On Wed, Sep 03, 2025 at 09:41:18AM -0700, Frank van der Linden wrote: > On Wed, Sep 3, 2025 at 9:05 AM Thierry Reding <thierry.reding(a)gmail.com> wrote: > > > > On Tue, Sep 02, 2025 at 10:27:01AM -0700, Frank van der Linden wrote: > > > On Tue, Sep 2, 2025 at 8:46 AM Thierry Reding <thierry.reding(a)gmail.com> wrote: > > > > > > > > From: Thierry Reding <treding(a)nvidia.com> > > > > > > > > There is no technical reason why there should be a limited number of CMA > > > > regions, so extract some code into helpers and use them to create extra > > > > functions (cma_create() and cma_free()) that allow creating and freeing, > > > > respectively, CMA regions dynamically at runtime. > > > > > > > > Note that these dynamically created CMA areas are treated specially and > > > > do not contribute to the number of total CMA pages so that this count > > > > still only applies to the fixed number of CMA areas. > > > > > > > > Signed-off-by: Thierry Reding <treding(a)nvidia.com> > > > > --- > > > > include/linux/cma.h | 16 ++++++++ > > > > mm/cma.c | 89 ++++++++++++++++++++++++++++++++++----------- > > > > 2 files changed, 83 insertions(+), 22 deletions(-) > > [...] > > > I agree that supporting dynamic CMA areas would be good. However, by > > > doing it like this, these CMA areas are invisible to the rest of the > > > system. E.g. cma_for_each_area() does not know about them. It seems a > > > bit inconsistent that there will now be some areas that are globally > > > known, and some that are not. > > > > That was kind of the point of this experiment. When I started on this I > > ran into the case where I was running out of predefined CMA areas and as > > I went looking for ways on how to fix this, I realized that there's not > > much reason to keep a global list of these areas. And even less reason > > to limit the number of CMA areas to this predefined list. Very little > > code outside of the core CMA code even uses this. > > > > There's one instance of cma_for_each_area() that I don't grok. There's > > another early MMU fixup for CMA areas in 32-bit ARM that. Other than > > that there's a few places where the total CMA page count is shown for > > informational purposes and I don't know how useful that really is > > because totalcma_pages doesn't really track how many pages are used for > > CMA, but pages that could potentially be used for CMA. > > > > And that's about it. > > > > It seems like there are cases where we might really need to globally > > know about some of these areas, specifically ones that are allocated > > very early during boot and then used for very specific purposes. > > > > However, it seems to me like CMA is more universally useful than just > > for these cases and I don't see the usefulness of tracking these more > > generic uses. > > > > > I am being somewhat selfish here, as I have some WIP code that needs > > > the global list :-) But I think the inconsistency is a more general > > > point than just what I want (and the s390 code does use > > > cma_for_each_area()). Maybe you could keep maintaining a global > > > structure containing all areas? > > > > If it's really useful to be able to access all CMA areas, then we could > > easily just add them all to a global linked list upon activation (we may > > still want/need to keep the predefined list around for all those early > > allocation cases). That way we'd get the best of both worlds. > > > > > What do you think are the chances of running out of the global count > > > of areas? > > > > Well, I did run out of CMA areas during the early VPR testing because I > > was initially testing with 16 areas and a different allocation scheme > > that turned out to cause too many resizes in common cases. > > > > However, given that the default is 8 on normal systems (20 on NUMA) and > > is configurable, it means that even with restricting this to 4 for VPR > > doesn't always guarantee that all 4 are available. Again, yes, we could > > keep bumping that number, but why not turn this into something a bit > > more robust where nobody has to know or care about how many there are? > > > > > Also, you say that "these are treated specially and do not contribute > > > to the number of total CMA pages". But, if I'm reading this right, you > > > do call cma_activate_area(), which will do > > > init_cma_reserved_pageblock() for each pageblock in it. Which adjusts > > > the CMA counters for the zone they are in. But your change does not > > > adjust totalcma_pages for dynamically created areas. That seems > > > inconsistent, too. > > > > I was referring to just totalcma_pages that isn't impacted by these > > dynamically allocated regions. This is, again, because I don't see why > > that information would be useful. It's a fairly easy change to update > > that value, so if people prefer that, I can add that. > > > > I don't see an immediate connection between totalcma_pages and > > init_cma_reserved_pageblock(). I thought the latter was primarily useful > > for making sure that the CMA pages can be migrated, which is still > > critical for this use-case. > > My comment was about statistics, they would be inconsistent after your > change. E.g. currently, totalcma_pages is equal to the sum of CMA > pages in each zone. But that would no longer be true, and applications > / administrators looking at those statistics might see the > inconsistency (between meminfo and vmstat) and wonder what's going on. > It seems best to keep those numbers in sync. > > In general, I think it's fine to support dynamic allocation, and I > agree with your arguments that it doesn't seem right to set the number > of CMA areas via a config option. I would just like there to be a > canonical way to find all CMA areas. Okay, so judging by your and David's feedback, it sounds like I should add a bit of code to track dynamically allocated areas within a global list, along with the existing predefined regions and keep totalcma_pages updated so that the global view is consistent. I'll look into that. Thanks for the feedback. Thierry

3 months, 1 week

1
0
0 0

Re: [PATCH v5 3/3] drm: tiny: Add support for Mayqueen Pixpaper e-ink panel

by Thomas Zimmermann

Hi Am 02.09.25 um 08:53 schrieb LiangCheng Wang: > Introduce a DRM driver for the Mayqueen Pixpaper e-ink display panel, > which is controlled via SPI. The driver supports a 122x250 resolution > display with XRGB8888 format. > > Also, add a MAINTAINERS entry for the Pixpaper driver. > > Signed-off-by: LiangCheng Wang <zaq14760(a)gmail.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Thank you so much for the driver. I will merge the series into drm-misc-next soon. Best regards Thomas > --- > MAINTAINERS | 7 + > drivers/gpu/drm/tiny/Kconfig | 15 + > drivers/gpu/drm/tiny/Makefile | 1 + > drivers/gpu/drm/tiny/pixpaper.c | 1171 +++++++++++++++++++++++++++++++++++++++ > 4 files changed, 1194 insertions(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 6dcfbd11efef87927041f5cf58d70633dbb4b18d..790bc2d0b34fc08e9f73c9caa1e6ddada57d07ac 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -7866,6 +7866,13 @@ T: git https://gitlab.freedesktop.org/drm/misc/kernel.git > F: Documentation/devicetree/bindings/display/repaper.txt > F: drivers/gpu/drm/tiny/repaper.c > > +DRM DRIVER FOR PIXPAPER E-INK PANEL > +M: LiangCheng Wang <zaq14760(a)gmail.com> > +L: dri-devel(a)lists.freedesktop.org > +S: Maintained > +F: Documentation/devicetree/bindings/display/mayqueen,pixpaper.yaml > +F: drivers/gpu/drm/tiny/pixpaper.c > + > DRM DRIVER FOR QEMU'S CIRRUS DEVICE > M: Dave Airlie <airlied(a)redhat.com> > M: Gerd Hoffmann <kraxel(a)redhat.com> > diff --git a/drivers/gpu/drm/tiny/Kconfig b/drivers/gpu/drm/tiny/Kconfig > index 06e54694a7f2fe1649e1886f039926b24f698e0d..94a5bf61a115929640022128e20c723ab7c0e735 100644 > --- a/drivers/gpu/drm/tiny/Kconfig > +++ b/drivers/gpu/drm/tiny/Kconfig > @@ -82,6 +82,21 @@ config DRM_PANEL_MIPI_DBI > https://github.com/notro/panel-mipi-dbi/wiki. > To compile this driver as a module, choose M here. > > +config DRM_PIXPAPER > + tristate "DRM support for PIXPAPER display panels" > + depends on DRM && SPI > + select DRM_CLIENT_SELECTION > + select DRM_GEM_DMA_HELPER > + select DRM_KMS_HELPER > + help > + DRM driver for the Mayqueen Pixpaper e-ink display panel. > + > + This driver supports small e-paper displays connected over SPI, > + with a resolution of 122x250 and XRGB8888 framebuffer format. > + It is intended for low-power embedded applications. > + > + If M is selected, the module will be built as pixpaper.ko. > + > config TINYDRM_HX8357D > tristate "DRM support for HX8357D display panels" > depends on DRM && SPI > diff --git a/drivers/gpu/drm/tiny/Makefile b/drivers/gpu/drm/tiny/Makefile > index 4a9ff61ec25420e2c0a648c04eaab7ca25dd5407..48d30bf6152f979404ac1004174587823a30109e 100644 > --- a/drivers/gpu/drm/tiny/Makefile > +++ b/drivers/gpu/drm/tiny/Makefile > @@ -6,6 +6,7 @@ obj-$(CONFIG_DRM_BOCHS) += bochs.o > obj-$(CONFIG_DRM_CIRRUS_QEMU) += cirrus-qemu.o > obj-$(CONFIG_DRM_GM12U320) += gm12u320.o > obj-$(CONFIG_DRM_PANEL_MIPI_DBI) += panel-mipi-dbi.o > +obj-$(CONFIG_DRM_PIXPAPER) += pixpaper.o > obj-$(CONFIG_TINYDRM_HX8357D) += hx8357d.o > obj-$(CONFIG_TINYDRM_ILI9163) += ili9163.o > obj-$(CONFIG_TINYDRM_ILI9225) += ili9225.o > diff --git a/drivers/gpu/drm/tiny/pixpaper.c b/drivers/gpu/drm/tiny/pixpaper.c > new file mode 100644 > index 0000000000000000000000000000000000000000..80ac8af1ba280483d3d210f10f5143441764ee94 > --- /dev/null > +++ b/drivers/gpu/drm/tiny/pixpaper.c > @@ -0,0 +1,1171 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * DRM driver for PIXPAPER e-ink panel > + * > + * Author: LiangCheng Wang <zaq14760(a)gmail.com>, > + */ > +#include <linux/delay.h> > +#include <linux/module.h> > +#include <linux/spi/spi.h> > + > +#include <drm/clients/drm_client_setup.h> > +#include <drm/drm_atomic.h> > +#include <drm/drm_atomic_helper.h> > +#include <drm/drm_drv.h> > +#include <drm/drm_fbdev_shmem.h> > +#include <drm/drm_framebuffer.h> > +#include <drm/drm_gem_atomic_helper.h> > +#include <drm/drm_gem_shmem_helper.h> > +#include <drm/drm_gem_framebuffer_helper.h> > +#include <drm/drm_probe_helper.h> > + > +/* > + * Note on Undocumented Commands/Registers: > + * > + * Several commands and register parameters defined in this header are not > + * documented in the datasheet. Their values and usage have been derived > + * through analysis of existing userspace example programs. > + * > + * These 'unknown' definitions are crucial for the proper initialization > + * and stable operation of the panel. Modifying these values without > + * thorough understanding may lead to display anomalies, panel damage, > + * or unexpected behavior. > + */ > + > +/* Command definitions */ > +#define PIXPAPER_CMD_PANEL_SETTING 0x00 /* R00H: Panel settings */ > +#define PIXPAPER_CMD_POWER_SETTING 0x01 /* R01H: Power settings */ > +#define PIXPAPER_CMD_POWER_OFF 0x02 /* R02H: Power off */ > +#define PIXPAPER_CMD_POWER_OFF_SEQUENCE 0x03 /* R03H: Power off sequence */ > +#define PIXPAPER_CMD_POWER_ON 0x04 /* R04H: Power on */ > +#define PIXPAPER_CMD_BOOSTER_SOFT_START 0x06 /* R06H: Booster soft start */ > +#define PIXPAPER_CMD_DEEP_SLEEP 0x07 /* R07H: Deep sleep */ > +#define PIXPAPER_CMD_DATA_START_TRANSMISSION 0x10 > +/* R10H: Data transmission start */ > +#define PIXPAPER_CMD_DISPLAY_REFRESH 0x12 /* R12H: Display refresh */ > +#define PIXPAPER_CMD_PLL_CONTROL 0x30 /* R30H: PLL control */ > +#define PIXPAPER_CMD_TEMP_SENSOR_CALIB 0x41 > +/* R41H: Temperature sensor calibration */ > +#define PIXPAPER_CMD_UNKNOWN_4D 0x4D /* R4DH: Unknown command */ > +#define PIXPAPER_CMD_VCOM_INTERVAL 0x50 /* R50H: VCOM interval */ > +#define PIXPAPER_CMD_UNKNOWN_60 0x60 /* R60H: Unknown command */ > +#define PIXPAPER_CMD_RESOLUTION_SETTING 0x61 /* R61H: Resolution settings */ > +#define PIXPAPER_CMD_GATE_SOURCE_START 0x65 /* R65H: Gate/source start */ > +#define PIXPAPER_CMD_UNKNOWN_B4 0xB4 /* RB4H: Unknown command */ > +#define PIXPAPER_CMD_UNKNOWN_B5 0xB5 /* RB5H: Unknown command */ > +#define PIXPAPER_CMD_UNKNOWN_E0 0xE0 /* RE0H: Unknown command */ > +#define PIXPAPER_CMD_POWER_SAVING 0xE3 /* RE3H: Power saving */ > +#define PIXPAPER_CMD_UNKNOWN_E7 0xE7 /* RE7H: Unknown command */ > +#define PIXPAPER_CMD_UNKNOWN_E9 0xE9 /* RE9H: Unknown command */ > + > +/* R00H PSR - First Parameter */ > +#define PIXPAPER_PSR_RST_N BIT(0) > +/* Bit 0: RST_N, 1=no effect (default), 0=reset with booster OFF */ > +#define PIXPAPER_PSR_SHD_N BIT(1) > +/* Bit 1: SHD_N, 1=booster ON (default), 0=booster OFF */ > +#define PIXPAPER_PSR_SHL BIT(2) > +/* Bit 2: SHL, 1=shift right (default), 0=shift left */ > +#define PIXPAPER_PSR_UD BIT(3) > +/* Bit 3: UD, 1=scan up (default), 0=scan down */ > +#define PIXPAPER_PSR_PST_MODE BIT(5) > +/* Bit 5: PST_MODE, 0=frame scanning (default), 1=external */ > +#define PIXPAPER_PSR_RES_MASK (3 << 6) > +/* Bits 7-6: RES[1:0], resolution setting */ > +#define PIXPAPER_PSR_RES_176x296 (0x0 << 6) /* 00: 176x296 */ > +#define PIXPAPER_PSR_RES_128x296 (0x1 << 6) /* 01: 128x296 */ > +#define PIXPAPER_PSR_RES_128x250 (0x2 << 6) /* 10: 128x250 */ > +#define PIXPAPER_PSR_RES_112x204 (0x3 << 6) /* 11: 112x204 */ > +#define PIXPAPER_PSR_CONFIG \ > + (PIXPAPER_PSR_RST_N | PIXPAPER_PSR_SHD_N | PIXPAPER_PSR_SHL | \ > + PIXPAPER_PSR_UD) > +/* 0x0F: Default settings, resolution set by R61H */ > + > +/* R00H PSR - Second Parameter */ > +#define PIXPAPER_PSR2_VC_LUTZ \ > + (1 << 0) /* Bit 0: VC_LUTZ, 1=VCOM float after refresh (default), 0=no effect */ > +#define PIXPAPER_PSR2_NORG \ > + (1 << 1) /* Bit 1: NORG, 1=VCOM to GND before power off, 0=no effect (default) */ > +#define PIXPAPER_PSR2_TIEG \ > + (1 << 2) /* Bit 2: TIEG, 1=VGN to GND on power off, 0=no effect (default) */ > +#define PIXPAPER_PSR2_TS_AUTO \ > + (1 << 3) /* Bit 3: TS_AUTO, 1=sensor on RST_N low to high (default), 0=on booster */ > +#define PIXPAPER_PSR2_VCMZ \ > + (1 << 4) /* Bit 4: VCMZ, 1=VCOM always floating, 0=no effect (default) */ > +#define PIXPAPER_PSR2_FOPT \ > + (1 << 5) /* Bit 5: FOPT, 0=scan 1 frame (default), 1=no scan, HiZ */ > +#define PIXPAPER_PSR_CONFIG2 \ > + (PIXPAPER_PSR2_VC_LUTZ | \ > + PIXPAPER_PSR2_TS_AUTO) /* 0x09: Default VCOM and temp sensor settings */ > + > +/* R01H PWR - Power Setting Register */ > +/* First Parameter */ > +#define PIXPAPER_PWR_VDG_EN \ > + (1 << 0) /* Bit 0: VDG_EN, 1=internal DCDC for VGP/VGN (default), 0=external */ > +#define PIXPAPER_PWR_VDS_EN \ > + (1 << 1) /* Bit 1: VDS_EN, 1=internal regulator for VSP/VSN (default), 0=external */ > +#define PIXPAPER_PWR_VSC_EN \ > + (1 << 2) /* Bit 2: VSC_EN, 1=internal regulator for VSPL (default), 0=external */ > +#define PIXPAPER_PWR_V_MODE \ > + (1 << 3) /* Bit 3: V_MODE, 0=Mode0 (default), 1=Mode1 */ > +#define PIXPAPER_PWR_CONFIG1 \ > + (PIXPAPER_PWR_VDG_EN | PIXPAPER_PWR_VDS_EN | \ > + PIXPAPER_PWR_VSC_EN) /* 0x07: Internal power for VGP/VGN, VSP/VSN, VSPL */ > + > +/* Second Parameter */ > +#define PIXPAPER_PWR_VGPN_MASK \ > + (3 << 0) /* Bits 1-0: VGPN, VGP/VGN voltage levels */ > +#define PIXPAPER_PWR_VGPN_20V (0x0 << 0) /* 00: VGP=20V, VGN=-20V (default) */ > +#define PIXPAPER_PWR_VGPN_17V (0x1 << 0) /* 01: VGP=17V, VGN=-17V */ > +#define PIXPAPER_PWR_VGPN_15V (0x2 << 0) /* 10: VGP=15V, VGN=-15V */ > +#define PIXPAPER_PWR_VGPN_10V (0x3 << 0) /* 11: VGP=10V, VGN=-10V */ > +#define PIXPAPER_PWR_CONFIG2 PIXPAPER_PWR_VGPN_20V /* 0x00: VGP=20V, VGN=-20V */ > + > +/* Third, Fourth, Sixth Parameters (VSP_1, VSPL_0, VSPL_1) */ > +#define PIXPAPER_PWR_VSP_8_2V 0x22 /* VSP_1/VSPL_1: 8.2V (34 decimal) */ > +#define PIXPAPER_PWR_VSPL_15V 0x78 /* VSPL_0: 15V (120 decimal) */ > + > +/* Fifth Parameter (VSN_1) */ > +#define PIXPAPER_PWR_VSN_4V 0x0A /* VSN_1: -4V (10 decimal) */ > + > +/* R03H PFS - Power Off Sequence Setting Register */ > +/* First Parameter */ > +#define PIXPAPER_PFS_T_VDS_OFF_MASK \ > + (3 << 0) /* Bits 1-0: T_VDS_OFF, VSP/VSN power-off sequence */ > +#define PIXPAPER_PFS_T_VDS_OFF_20MS (0x0 << 0) /* 00: 20 ms (default) */ > +#define PIXPAPER_PFS_T_VDS_OFF_40MS (0x1 << 0) /* 01: 40 ms */ > +#define PIXPAPER_PFS_T_VDS_OFF_60MS (0x2 << 0) /* 10: 60 ms */ > +#define PIXPAPER_PFS_T_VDS_OFF_80MS (0x3 << 0) /* 11: 80 ms */ > +#define PIXPAPER_PFS_T_VDPG_OFF_MASK \ > + (3 << 4) /* Bits 5-4: T_VDPG_OFF, VGP/VGN power-off sequence */ > +#define PIXPAPER_PFS_T_VDPG_OFF_20MS (0x0 << 4) /* 00: 20 ms (default) */ > +#define PIXPAPER_PFS_T_VDPG_OFF_40MS (0x1 << 4) /* 01: 40 ms */ > +#define PIXPAPER_PFS_T_VDPG_OFF_60MS (0x2 << 4) /* 10: 60 ms */ > +#define PIXPAPER_PFS_T_VDPG_OFF_80MS (0x3 << 4) /* 11: 80 ms */ > +#define PIXPAPER_PFS_CONFIG1 \ > + (PIXPAPER_PFS_T_VDS_OFF_20MS | \ > + PIXPAPER_PFS_T_VDPG_OFF_20MS) /* 0x10: Default 20 ms for VSP/VSN and VGP/VGN */ > + > +/* Second Parameter */ > +#define PIXPAPER_PFS_VGP_EXT_MASK \ > + (0xF << 0) /* Bits 3-0: VGP_EXT, VGP extension time */ > +#define PIXPAPER_PFS_VGP_EXT_0MS (0x0 << 0) /* 0000: 0 ms */ > +#define PIXPAPER_PFS_VGP_EXT_500MS (0x1 << 0) /* 0001: 500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_1000MS (0x2 << 0) /* 0010: 1000 ms */ > +#define PIXPAPER_PFS_VGP_EXT_1500MS (0x3 << 0) /* 0011: 1500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_2000MS (0x4 << 0) /* 0100: 2000 ms (default) */ > +#define PIXPAPER_PFS_VGP_EXT_2500MS (0x5 << 0) /* 0101: 2500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_3000MS (0x6 << 0) /* 0110: 3000 ms */ > +#define PIXPAPER_PFS_VGP_EXT_3500MS (0x7 << 0) /* 0111: 3500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_4000MS (0x8 << 0) /* 1000: 4000 ms */ > +#define PIXPAPER_PFS_VGP_EXT_4500MS (0x9 << 0) /* 1001: 4500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_5000MS (0xA << 0) /* 1010: 5000 ms */ > +#define PIXPAPER_PFS_VGP_EXT_5500MS (0xB << 0) /* 1011: 5500 ms */ > +#define PIXPAPER_PFS_VGP_EXT_6000MS (0xC << 0) /* 1100: 6000 ms */ > +#define PIXPAPER_PFS_VGP_EXT_6500MS (0xD << 0) /* 1101: 6500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_MASK \ > + (0xF << 4) /* Bits 7-4: VGP_LEN, VGP at 10V during power-off */ > +#define PIXPAPER_PFS_VGP_LEN_0MS (0x0 << 4) /* 0000: 0 ms */ > +#define PIXPAPER_PFS_VGP_LEN_500MS (0x1 << 4) /* 0001: 500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_1000MS (0x2 << 4) /* 0010: 1000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_1500MS (0x3 << 4) /* 0011: 1500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_2000MS (0x4 << 4) /* 0100: 2000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_2500MS (0x5 << 4) /* 0101: 2500 ms (default) */ > +#define PIXPAPER_PFS_VGP_LEN_3000MS (0x6 << 4) /* 0110: 3000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_3500MS (0x7 << 4) /* 0111: 3500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_4000MS (0x8 << 4) /* 1000: 4000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_4500MS (0x9 << 4) /* 1001: 4500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_5000MS (0xA << 4) /* 1010: 5000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_5500MS (0xB << 4) /* 1011: 5500 ms */ > +#define PIXPAPER_PFS_VGP_LEN_6000MS (0xC << 4) /* 1100: 6000 ms */ > +#define PIXPAPER_PFS_VGP_LEN_6500MS (0xD << 4) /* 1101: 6500 ms */ > +#define PIXPAPER_PFS_CONFIG2 \ > + (PIXPAPER_PFS_VGP_EXT_1000MS | \ > + PIXPAPER_PFS_VGP_LEN_2500MS) /* 0x54: VGP extension 1000 ms, VGP at 10V for 2500 ms */ > + > +/* Third Parameter */ > +#define PIXPAPER_PFS_XON_LEN_MASK \ > + (0xF << 0) /* Bits 3-0: XON_LEN, XON enable time */ > +#define PIXPAPER_PFS_XON_LEN_0MS (0x0 << 0) /* 0000: 0 ms */ > +#define PIXPAPER_PFS_XON_LEN_500MS (0x1 << 0) /* 0001: 500 ms */ > +#define PIXPAPER_PFS_XON_LEN_1000MS (0x2 << 0) /* 0010: 1000 ms */ > +#define PIXPAPER_PFS_XON_LEN_1500MS (0x3 << 0) /* 0011: 1500 ms */ > +#define PIXPAPER_PFS_XON_LEN_2000MS (0x4 << 0) /* 0100: 2000 ms (default) */ > +#define PIXPAPER_PFS_XON_LEN_2500MS (0x5 << 0) /* 0101: 2500 ms */ > +#define PIXPAPER_PFS_XON_LEN_3000MS (0x6 << 0) /* 0110: 3000 ms */ > +#define PIXPAPER_PFS_XON_LEN_3500MS (0x7 << 0) /* 0111: 3500 ms */ > +#define PIXPAPER_PFS_XON_LEN_4000MS (0x8 << 0) /* 1000: 4000 ms */ > +#define PIXPAPER_PFS_XON_LEN_4500MS (0x9 << 0) /* 1001: 4500 ms */ > +#define PIXPAPER_PFS_XON_LEN_5000MS (0xA << 0) /* 1010: 5000 ms */ > +#define PIXPAPER_PFS_XON_LEN_5500MS (0xB << 0) /* 1011: 5500 ms */ > +#define PIXPAPER_PFS_XON_LEN_6000MS (0xC << 0) /* 1100: 6000 ms */ > +#define PIXPAPER_PFS_XON_DLY_MASK \ > + (0xF << 4) /* Bits 7-4: XON_DLY, XON delay time */ > +#define PIXPAPER_PFS_XON_DLY_0MS (0x0 << 4) /* 0000: 0 ms */ > +#define PIXPAPER_PFS_XON_DLY_500MS (0x1 << 4) /* 0001: 500 ms */ > +#define PIXPAPER_PFS_XON_DLY_1000MS (0x2 << 4) /* 0010: 1000 ms */ > +#define PIXPAPER_PFS_XON_DLY_1500MS (0x3 << 4) /* 0011: 1500 ms */ > +#define PIXPAPER_PFS_XON_DLY_2000MS (0x4 << 4) /* 0100: 2000 ms (default) */ > +#define PIXPAPER_PFS_XON_DLY_2500MS (0x5 << 4) /* 0101: 2500 ms */ > +#define PIXPAPER_PFS_XON_DLY_3000MS (0x6 << 4) /* 0110: 3000 ms */ > +#define PIXPAPER_PFS_XON_DLY_3500MS (0x7 << 4) /* 0111: 3500 ms */ > +#define PIXPAPER_PFS_XON_DLY_4000MS (0x8 << 4) /* 1000: 4000 ms */ > +#define PIXPAPER_PFS_XON_DLY_4500MS (0x9 << 4) /* 1001: 4500 ms */ > +#define PIXPAPER_PFS_XON_DLY_5000MS (0xA << 4) /* 1010: 5000 ms */ > +#define PIXPAPER_PFS_XON_DLY_5500MS (0xB << 4) /* 1011: 5500 ms */ > +#define PIXPAPER_PFS_XON_DLY_6000MS (0xC << 4) /* 1100: 6000 ms */ > +#define PIXPAPER_PFS_CONFIG3 \ > + (PIXPAPER_PFS_XON_LEN_2000MS | \ > + PIXPAPER_PFS_XON_DLY_2000MS) /* 0x44: XON enable and delay at 2000 ms */ > + > +/* R06H BTST - Booster Soft Start Command */ > +/* First Parameter */ > +#define PIXPAPER_BTST_PHA_SFT_MASK \ > + (3 << 0) /* Bits 1-0: PHA_SFT, soft start period for phase A */ > +#define PIXPAPER_BTST_PHA_SFT_10MS (0x0 << 0) /* 00: 10 ms (default) */ > +#define PIXPAPER_BTST_PHA_SFT_20MS (0x1 << 0) /* 01: 20 ms */ > +#define PIXPAPER_BTST_PHA_SFT_30MS (0x2 << 0) /* 10: 30 ms */ > +#define PIXPAPER_BTST_PHA_SFT_40MS (0x3 << 0) /* 11: 40 ms */ > +#define PIXPAPER_BTST_PHB_SFT_MASK \ > + (3 << 2) /* Bits 3-2: PHB_SFT, soft start period for phase B */ > +#define PIXPAPER_BTST_PHB_SFT_10MS (0x0 << 2) /* 00: 10 ms (default) */ > +#define PIXPAPER_BTST_PHB_SFT_20MS (0x1 << 2) /* 01: 20 ms */ > +#define PIXPAPER_BTST_PHB_SFT_30MS (0x2 << 2) /* 10: 30 ms */ > +#define PIXPAPER_BTST_PHB_SFT_40MS (0x3 << 2) /* 11: 40 ms */ > +#define PIXPAPER_BTST_CONFIG1 \ > + (PIXPAPER_BTST_PHA_SFT_40MS | \ > + PIXPAPER_BTST_PHB_SFT_40MS) /* 0x0F: 40 ms for phase A and B */ > + > +/* Second to Seventh Parameters (Driving Strength or Minimum OFF Time) */ > +#define PIXPAPER_BTST_CONFIG2 0x0A /* Strength11 */ > +#define PIXPAPER_BTST_CONFIG3 0x2F /* Period48 */ > +#define PIXPAPER_BTST_CONFIG4 0x25 /* Strength38 */ > +#define PIXPAPER_BTST_CONFIG5 0x22 /* Period35 */ > +#define PIXPAPER_BTST_CONFIG6 0x2E /* Strength47 */ > +#define PIXPAPER_BTST_CONFIG7 0x21 /* Period34 */ > + > +/* R12H: DRF (Display Refresh) */ > +#define PIXPAPER_DRF_VCOM_AC 0x00 /* AC VCOM: VCOM follows LUTC (default) */ > +#define PIXPAPER_DRF_VCOM_DC 0x01 /* DC VCOM: VCOM fixed to VCOMDC */ > + > +/* R30H PLL - PLL Control Register */ > +/* First Parameter */ > +#define PIXPAPER_PLL_FR_MASK (0x7 << 0) /* Bits 2-0: FR, frame rate */ > +#define PIXPAPER_PLL_FR_12_5HZ (0x0 << 0) /* 000: 12.5 Hz */ > +#define PIXPAPER_PLL_FR_25HZ (0x1 << 0) /* 001: 25 Hz */ > +#define PIXPAPER_PLL_FR_50HZ (0x2 << 0) /* 010: 50 Hz (default) */ > +#define PIXPAPER_PLL_FR_65HZ (0x3 << 0) /* 011: 65 Hz */ > +#define PIXPAPER_PLL_FR_75HZ (0x4 << 0) /* 100: 75 Hz */ > +#define PIXPAPER_PLL_FR_85HZ (0x5 << 0) /* 101: 85 Hz */ > +#define PIXPAPER_PLL_FR_100HZ (0x6 << 0) /* 110: 100 Hz */ > +#define PIXPAPER_PLL_FR_120HZ (0x7 << 0) /* 111: 120 Hz */ > +#define PIXPAPER_PLL_DFR \ > + (1 << 3) /* Bit 3: Dynamic frame rate, 0=disabled (default), 1=enabled */ > +#define PIXPAPER_PLL_CONFIG \ > + (PIXPAPER_PLL_FR_50HZ) /* 0x02: 50 Hz, dynamic frame rate disabled */ > + > +/* R41H TSE - Temperature Sensor Calibration Register */ > +/* First Parameter */ > +#define PIXPAPER_TSE_TO_MASK \ > + (0xF << 0) /* Bits 3-0: TO[3:0], temperature offset */ > +#define PIXPAPER_TSE_TO_POS_0C (0x0 << 0) /* 0000: +0°C (default) */ > +#define PIXPAPER_TSE_TO_POS_0_5C (0x1 << 0) /* 0001: +0.5°C */ > +#define PIXPAPER_TSE_TO_POS_1C (0x2 << 0) /* 0010: +1°C */ > +#define PIXPAPER_TSE_TO_POS_1_5C (0x3 << 0) /* 0011: +1.5°C */ > +#define PIXPAPER_TSE_TO_POS_2C (0x4 << 0) /* 0100: +2°C */ > +#define PIXPAPER_TSE_TO_POS_2_5C (0x5 << 0) /* 0101: +2.5°C */ > +#define PIXPAPER_TSE_TO_POS_3C (0x6 << 0) /* 0110: +3°C */ > +#define PIXPAPER_TSE_TO_POS_3_5C (0x7 << 0) /* 0111: +3.5°C */ > +#define PIXPAPER_TSE_TO_NEG_4C (0x8 << 0) /* 1000: -4°C */ > +#define PIXPAPER_TSE_TO_NEG_3_5C (0x9 << 0) /* 1001: -3.5°C */ > +#define PIXPAPER_TSE_TO_NEG_3C (0xA << 0) /* 1010: -3°C */ > +#define PIXPAPER_TSE_TO_NEG_2_5C (0xB << 0) /* 1011: -2.5°C */ > +#define PIXPAPER_TSE_TO_NEG_2C (0xC << 0) /* 1100: -2°C */ > +#define PIXPAPER_TSE_TO_NEG_1_5C (0xD << 0) /* 1101: -1.5°C */ > +#define PIXPAPER_TSE_TO_NEG_1C (0xE << 0) /* 1110: -1°C */ > +#define PIXPAPER_TSE_TO_NEG_0_5C (0xF << 0) /* 1111: -0.5°C */ > +#define PIXPAPER_TSE_TO_FINE_MASK \ > + (0x3 << 4) /* Bits 5-4: TO[5:4], fine adjustment for positive offsets */ > +#define PIXPAPER_TSE_TO_FINE_0C (0x0 << 4) /* 00: +0.0°C (default) */ > +#define PIXPAPER_TSE_TO_FINE_0_25C (0x1 << 4) /* 01: +0.25°C */ > +#define PIXPAPER_TSE_ENABLE \ > + (0 << 7) /* Bit 7: TSE, 0=internal sensor enabled (default), 1=disabled (external) */ > +#define PIXPAPER_TSE_DISABLE \ > + (1 << 7) /* Bit 7: TSE, 1=internal sensor disabled, use external */ > +#define PIXPAPER_TSE_CONFIG \ > + (PIXPAPER_TSE_TO_POS_0C | PIXPAPER_TSE_TO_FINE_0C | \ > + PIXPAPER_TSE_ENABLE) /* 0x00: Internal sensor enabled, +0°C offset */ > + > +/* R4DH */ > +#define PIXPAPER_UNKNOWN_4D_CONFIG \ > + 0x78 /* This value is essential for initialization, derived from userspace examples. */ > + > +/* R50H CDI - VCOM and DATA Interval Setting Register */ > +/* First Parameter */ > +#define PIXPAPER_CDI_INTERVAL_MASK \ > + (0xF << 0) /* Bits 3-0: CDI[3:0], VCOM and data interval (hsync) */ > +#define PIXPAPER_CDI_17_HSYNC (0x0 << 0) /* 0000: 17 hsync */ > +#define PIXPAPER_CDI_16_HSYNC (0x1 << 0) /* 0001: 16 hsync */ > +#define PIXPAPER_CDI_15_HSYNC (0x2 << 0) /* 0010: 15 hsync */ > +#define PIXPAPER_CDI_14_HSYNC (0x3 << 0) /* 0011: 14 hsync */ > +#define PIXPAPER_CDI_13_HSYNC (0x4 << 0) /* 0100: 13 hsync */ > +#define PIXPAPER_CDI_12_HSYNC (0x5 << 0) /* 0101: 12 hsync */ > +#define PIXPAPER_CDI_11_HSYNC (0x6 << 0) /* 0110: 11 hsync */ > +#define PIXPAPER_CDI_10_HSYNC (0x7 << 0) /* 0111: 10 hsync (default) */ > +#define PIXPAPER_CDI_9_HSYNC (0x8 << 0) /* 1000: 9 hsync */ > +#define PIXPAPER_CDI_8_HSYNC (0x9 << 0) /* 1001: 8 hsync */ > +#define PIXPAPER_CDI_7_HSYNC (0xA << 0) /* 1010: 7 hsync */ > +#define PIXPAPER_CDI_6_HSYNC (0xB << 0) /* 1011: 6 hsync */ > +#define PIXPAPER_CDI_5_HSYNC (0xC << 0) /* 1100: 5 hsync */ > +#define PIXPAPER_CDI_4_HSYNC (0xD << 0) /* 1101: 4 hsync */ > +#define PIXPAPER_CDI_3_HSYNC (0xE << 0) /* 1110: 3 hsync */ > +#define PIXPAPER_CDI_2_HSYNC (0xF << 0) /* 1111: 2 hsync */ > +#define PIXPAPER_CDI_DDX \ > + (1 << 4) /* Bit 4: DDX, 0=grayscale mapping 0, 1=grayscale mapping 1 (default) */ > +#define PIXPAPER_CDI_VBD_MASK \ > + (0x7 << 5) /* Bits 7-5: VBD[2:0], border data selection */ > +#define PIXPAPER_CDI_VBD_FLOAT (0x0 << 5) /* 000: Floating (DDX=0 or 1) */ > +#define PIXPAPER_CDI_VBD_GRAY3_DDX0 \ > + (0x1 << 5) /* 001: Gray3 (border_buf=011) when DDX=0 */ > +#define PIXPAPER_CDI_VBD_GRAY2_DDX0 \ > + (0x2 << 5) /* 010: Gray2 (border_buf=010) when DDX=0 */ > +#define PIXPAPER_CDI_VBD_GRAY1_DDX0 \ > + (0x3 << 5) /* 011: Gray1 (border_buf=001) when DDX=0 */ > +#define PIXPAPER_CDI_VBD_GRAY0_DDX0 \ > + (0x4 << 5) /* 100: Gray0 (border_buf=000) when DDX=0 */ > +#define PIXPAPER_CDI_VBD_GRAY0_DDX1 \ > + (0x0 << 5) /* 000: Gray0 (border_buf=000) when DDX=1 */ > +#define PIXPAPER_CDI_VBD_GRAY1_DDX1 \ > + (0x1 << 5) /* 001: Gray1 (border_buf=001) when DDX=1 */ > +#define PIXPAPER_CDI_VBD_GRAY2_DDX1 \ > + (0x2 << 5) /* 010: Gray2 (border_buf=010) when DDX=1 */ > +#define PIXPAPER_CDI_VBD_GRAY3_DDX1 \ > + (0x3 << 5) /* 011: Gray3 (border_buf=011) when DDX=1 */ > +#define PIXPAPER_CDI_VBD_FLOAT_DDX1 (0x4 << 5) /* 100: Floating when DDX=1 */ > +#define PIXPAPER_CDI_CONFIG \ > + (PIXPAPER_CDI_10_HSYNC | PIXPAPER_CDI_DDX | \ > + PIXPAPER_CDI_VBD_GRAY1_DDX1) /* 0x37: 10 hsync, DDX=1, border Gray1 */ > + > +/* R60H */ > +#define PIXPAPER_UNKNOWN_60_CONFIG1 \ > + 0x02 /* This value is essential for initialization, derived from userspace examples. */ > +#define PIXPAPER_UNKNOWN_60_CONFIG2 \ > + 0x02 /* This value is essential for initialization, derived from userspace examples. */ > + > +/* R61H TRES - Resolution Setting Register */ > +#define PIXPAPER_TRES_HRES_H \ > + ((PIXPAPER_PANEL_BUFFER_WIDTH >> 8) & \ > + 0xFF) /* HRES[9:8]: High byte of horizontal resolution (128) */ > +#define PIXPAPER_TRES_HRES_L \ > + (PIXPAPER_PANEL_BUFFER_WIDTH & \ > + 0xFF) /* HRES[7:0]: Low byte of horizontal resolution (128 = 0x80) */ > +#define PIXPAPER_TRES_VRES_H \ > + ((PIXPAPER_HEIGHT >> 8) & \ > + 0xFF) /* VRES[9:8]: High byte of vertical resolution (250) */ > +#define PIXPAPER_TRES_VRES_L \ > + (PIXPAPER_HEIGHT & \ > + 0xFF) /* VRES[7:0]: Low byte of vertical resolution (250 = 0xFA) */ > + > +/* R65H GSST - Gate/Source Start Setting Register */ > +#define PIXPAPER_GSST_S_START 0x00 /* S_Start[7:0]: First source line (S0) */ > +#define PIXPAPER_GSST_RESERVED 0x00 /* Reserved byte */ > +#define PIXPAPER_GSST_G_START_H \ > + 0x00 /* G_Start[8]: High bit of first gate line (G0) */ > +#define PIXPAPER_GSST_G_START_L \ > + 0x00 /* G_Start[7:0]: Low byte of first gate line (G0) */ > + > +/* RB4H */ > +#define PIXPAPER_UNKNOWN_B4_CONFIG \ > + 0xD0 /* This value is essential for initialization, derived from userspace examples. */ > + > +/* RB5H */ > +#define PIXPAPER_UNKNOWN_B5_CONFIG \ > + 0x03 /* This value is essential for initialization, derived from userspace examples. */ > + > +/* RE0H */ > +#define PIXPAPER_UNKNOWN_E0_CONFIG \ > + 0x00 /* This value is essential for initialization, derived from userspace examples. */ > + > +/* RE3H PWS - Power Saving Register */ > +/* First Parameter */ > +#define PIXPAPER_PWS_VCOM_W_MASK \ > + (0xF \ > + << 4) /* Bits 7-4: VCOM_W[3:0], VCOM power-saving width (line periods) */ > +#define PIXPAPER_PWS_VCOM_W_0 (0x0 << 4) /* 0000: 0 line periods */ > +#define PIXPAPER_PWS_VCOM_W_1 (0x1 << 4) /* 0001: 1 line period */ > +#define PIXPAPER_PWS_VCOM_W_2 (0x2 << 4) /* 0010: 2 line periods */ > +#define PIXPAPER_PWS_VCOM_W_3 (0x3 << 4) /* 0011: 3 line periods */ > +#define PIXPAPER_PWS_VCOM_W_4 (0x4 << 4) /* 0100: 4 line periods */ > +#define PIXPAPER_PWS_VCOM_W_5 (0x5 << 4) /* 0101: 5 line periods */ > +#define PIXPAPER_PWS_VCOM_W_6 (0x6 << 4) /* 0110: 6 line periods */ > +#define PIXPAPER_PWS_VCOM_W_7 (0x7 << 4) /* 0111: 7 line periods */ > +#define PIXPAPER_PWS_VCOM_W_8 (0x8 << 4) /* 1000: 8 line periods */ > +#define PIXPAPER_PWS_VCOM_W_9 (0x9 << 4) /* 1001: 9 line periods */ > +#define PIXPAPER_PWS_VCOM_W_10 (0xA << 4) /* 1010: 10 line periods */ > +#define PIXPAPER_PWS_VCOM_W_11 (0xB << 4) /* 1011: 11 line periods */ > +#define PIXPAPER_PWS_VCOM_W_12 (0xC << 4) /* 1100: 12 line periods */ > +#define PIXPAPER_PWS_VCOM_W_13 (0xD << 4) /* 1101: 13 line periods */ > +#define PIXPAPER_PWS_VCOM_W_14 (0xE << 4) /* 1110: 14 line periods */ > +#define PIXPAPER_PWS_VCOM_W_15 (0xF << 4) /* 1111: 15 line periods */ > +#define PIXPAPER_PWS_SD_W_MASK \ > + (0xF << 0) /* Bits 3-0: SD_W[3:0], source power-saving width (660 ns units) */ > +#define PIXPAPER_PWS_SD_W_0 (0x0 << 0) /* 0000: 0 ns */ > +#define PIXPAPER_PWS_SD_W_1 (0x1 << 0) /* 0001: 660 ns */ > +#define PIXPAPER_PWS_SD_W_2 (0x2 << 0) /* 0010: 1320 ns */ > +#define PIXPAPER_PWS_SD_W_3 (0x3 << 0) /* 0011: 1980 ns */ > +#define PIXPAPER_PWS_SD_W_4 (0x4 << 0) /* 0100: 2640 ns */ > +#define PIXPAPER_PWS_SD_W_5 (0x5 << 0) /* 0101: 3300 ns */ > +#define PIXPAPER_PWS_SD_W_6 (0x6 << 0) /* 0110: 3960 ns */ > +#define PIXPAPER_PWS_SD_W_7 (0x7 << 0) /* 0111: 4620 ns */ > +#define PIXPAPER_PWS_SD_W_8 (0x8 << 0) /* 1000: 5280 ns */ > +#define PIXPAPER_PWS_SD_W_9 (0x9 << 0) /* 1001: 5940 ns */ > +#define PIXPAPER_PWS_SD_W_10 (0xA << 0) /* 1010: 6600 ns */ > +#define PIXPAPER_PWS_SD_W_11 (0xB << 0) /* 1011: 7260 ns */ > +#define PIXPAPER_PWS_SD_W_12 (0xC << 0) /* 1100: 7920 ns */ > +#define PIXPAPER_PWS_SD_W_13 (0xD << 0) /* 1101: 8580 ns */ > +#define PIXPAPER_PWS_SD_W_14 (0xE << 0) /* 1110: 9240 ns */ > +#define PIXPAPER_PWS_SD_W_15 (0xF << 0) /* 1111: 9900 ns */ > +#define PIXPAPER_PWS_CONFIG \ > + (PIXPAPER_PWS_VCOM_W_2 | \ > + PIXPAPER_PWS_SD_W_2) /* 0x22: VCOM 2 line periods (160 µs), source 1320 ns */ > + > +/* RE7H */ > +#define PIXPAPER_UNKNOWN_E7_CONFIG \ > + 0x1C /* This value is essential for initialization, derived from userspace examples. */ > + > +/* RE9H */ > +#define PIXPAPER_UNKNOWN_E9_CONFIG \ > + 0x01 /* This value is essential for initialization, derived from userspace examples. */ > + > +MODULE_IMPORT_NS("DMA_BUF"); > + > +/* > + * The panel has a visible resolution of 122x250. > + * However, the controller requires the horizontal resolution to be aligned to 128 pixels. > + * No porch or sync timing values are provided in the datasheet, so we define minimal > + * placeholder values to satisfy the DRM framework. > + */ > + > +/* Panel visible resolution */ > +#define PIXPAPER_WIDTH 122 > +#define PIXPAPER_HEIGHT 250 > + > +/* Controller requires 128 horizontal pixels total (for memory alignment) */ > +#define PIXPAPER_HTOTAL 128 > +#define PIXPAPER_HFP 2 > +#define PIXPAPER_HSYNC 2 > +#define PIXPAPER_HBP (PIXPAPER_HTOTAL - PIXPAPER_WIDTH - PIXPAPER_HFP - PIXPAPER_HSYNC) > + > +/* > + * According to the datasheet, the total vertical blanking must be 55 lines, > + * regardless of how the vertical back porch is set. > + * Here we allocate VFP=2, VSYNC=2, and VBP=51 to sum up to 55 lines. > + * Total vertical lines = 250 (visible) + 55 (blanking) = 305. > + */ > +#define PIXPAPER_VTOTAL (250 + 55) > +#define PIXPAPER_VFP 2 > +#define PIXPAPER_VSYNC 2 > +#define PIXPAPER_VBP (55 - PIXPAPER_VFP - PIXPAPER_VSYNC) > + > +/* > + * Pixel clock calculation: > + * pixel_clock = htotal * vtotal * refresh_rate > + * = 128 * 305 * 50 > + * = 1,952,000 Hz = 1952 kHz > + */ > +#define PIXPAPER_PIXEL_CLOCK 1952 > + > +#define PIXPAPER_WIDTH_MM 24 /* approximate from 23.7046mm */ > +#define PIXPAPER_HEIGHT_MM 49 /* approximate from 48.55mm */ > + > +#define PIXPAPER_SPI_BITS_PER_WORD 8 > +#define PIXPAPER_SPI_SPEED_DEFAULT 1000000 > + > +#define PIXPAPER_PANEL_BUFFER_WIDTH 128 > +#define PIXPAPER_PANEL_BUFFER_TWO_BYTES_PER_ROW (PIXPAPER_PANEL_BUFFER_WIDTH / 4) > + > +#define PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL 60 > +#define PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL 200 > +#define PIXPAPER_COLOR_THRESHOLD_YELLOW_MIN_GREEN 180 > + > +struct pixpaper_error_ctx { > + int errno_code; > +}; > + > +struct pixpaper_panel { > + struct drm_device drm; > + struct drm_plane plane; > + struct drm_crtc crtc; > + struct drm_encoder encoder; > + struct drm_connector connector; > + > + struct spi_device *spi; > + struct gpio_desc *reset; > + struct gpio_desc *busy; > + struct gpio_desc *dc; > +}; > + > +static inline struct pixpaper_panel *to_pixpaper_panel(struct drm_device *drm) > +{ > + return container_of(drm, struct pixpaper_panel, drm); > +} > + > +static void pixpaper_wait_for_panel(struct pixpaper_panel *panel) > +{ > + unsigned int timeout_ms = 10000; > + unsigned long timeout_jiffies = jiffies + msecs_to_jiffies(timeout_ms); > + > + usleep_range(1000, 1500); > + while (gpiod_get_value_cansleep(panel->busy) != 1) { > + if (time_after(jiffies, timeout_jiffies)) { > + drm_warn(&panel->drm, "Busy wait timed out\n"); > + return; > + } > + usleep_range(100, 200); > + } > +} > + > +static void pixpaper_spi_sync(struct spi_device *spi, struct spi_message *msg, > + struct pixpaper_error_ctx *err) > +{ > + if (err->errno_code) > + return; > + > + int ret = spi_sync(spi, msg); > + > + if (ret < 0) > + err->errno_code = ret; > +} > + > +static void pixpaper_send_cmd(struct pixpaper_panel *panel, u8 cmd, > + struct pixpaper_error_ctx *err) > +{ > + if (err->errno_code) > + return; > + > + struct spi_transfer xfer = { > + .tx_buf = &cmd, > + .len = 1, > + }; > + struct spi_message msg; > + > + spi_message_init(&msg); > + spi_message_add_tail(&xfer, &msg); > + > + gpiod_set_value_cansleep(panel->dc, 0); > + usleep_range(1, 5); > + pixpaper_spi_sync(panel->spi, &msg, err); > +} > + > +static void pixpaper_send_data(struct pixpaper_panel *panel, u8 data, > + struct pixpaper_error_ctx *err) > +{ > + if (err->errno_code) > + return; > + > + struct spi_transfer xfer = { > + .tx_buf = &data, > + .len = 1, > + }; > + struct spi_message msg; > + > + spi_message_init(&msg); > + spi_message_add_tail(&xfer, &msg); > + > + gpiod_set_value_cansleep(panel->dc, 1); > + usleep_range(1, 5); > + pixpaper_spi_sync(panel->spi, &msg, err); > +} > + > +static int pixpaper_panel_hw_init(struct pixpaper_panel *panel) > +{ > + struct pixpaper_error_ctx err = { .errno_code = 0 }; > + > + gpiod_set_value_cansleep(panel->reset, 0); > + msleep(50); > + gpiod_set_value_cansleep(panel->reset, 1); > + msleep(50); > + > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_4D, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_4D_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_PANEL_SETTING, &err); > + pixpaper_send_data(panel, PIXPAPER_PSR_CONFIG, &err); > + pixpaper_send_data(panel, PIXPAPER_PSR_CONFIG2, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_SETTING, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_CONFIG1, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_CONFIG2, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_VSP_8_2V, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_VSPL_15V, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_VSN_4V, &err); > + pixpaper_send_data(panel, PIXPAPER_PWR_VSP_8_2V, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_OFF_SEQUENCE, &err); > + pixpaper_send_data(panel, PIXPAPER_PFS_CONFIG1, &err); > + pixpaper_send_data(panel, PIXPAPER_PFS_CONFIG2, &err); > + pixpaper_send_data(panel, PIXPAPER_PFS_CONFIG3, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_BOOSTER_SOFT_START, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG1, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG2, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG3, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG4, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG5, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG6, &err); > + pixpaper_send_data(panel, PIXPAPER_BTST_CONFIG7, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_PLL_CONTROL, &err); > + pixpaper_send_data(panel, PIXPAPER_PLL_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_TEMP_SENSOR_CALIB, &err); > + pixpaper_send_data(panel, PIXPAPER_TSE_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_VCOM_INTERVAL, &err); > + pixpaper_send_data(panel, PIXPAPER_CDI_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_60, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_60_CONFIG1, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_60_CONFIG2, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_RESOLUTION_SETTING, &err); > + pixpaper_send_data(panel, PIXPAPER_TRES_HRES_H, &err); > + pixpaper_send_data(panel, PIXPAPER_TRES_HRES_L, &err); > + pixpaper_send_data(panel, PIXPAPER_TRES_VRES_H, &err); > + pixpaper_send_data(panel, PIXPAPER_TRES_VRES_L, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_GATE_SOURCE_START, &err); > + pixpaper_send_data(panel, PIXPAPER_GSST_S_START, &err); > + pixpaper_send_data(panel, PIXPAPER_GSST_RESERVED, &err); > + pixpaper_send_data(panel, PIXPAPER_GSST_G_START_H, &err); > + pixpaper_send_data(panel, PIXPAPER_GSST_G_START_L, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_E7, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_E7_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_SAVING, &err); > + pixpaper_send_data(panel, PIXPAPER_PWS_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_E0, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_E0_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_B4, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_B4_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_B5, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_B5_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_UNKNOWN_E9, &err); > + pixpaper_send_data(panel, PIXPAPER_UNKNOWN_E9_CONFIG, &err); > + if (err.errno_code) > + goto init_fail; > + pixpaper_wait_for_panel(panel); > + > + return 0; > + > +init_fail: > + drm_err(&panel->drm, "Hardware initialization failed (err=%d)\n", > + err.errno_code); > + return err.errno_code; > +} > + > +/* > + * Convert framebuffer pixels to 2-bit e-paper format: > + * 00 - White > + * 01 - Black > + * 10 - Yellow > + * 11 - Red > + */ > +static u8 pack_pixels_to_byte(__le32 *src_pixels, int i, int j, > + struct drm_framebuffer *fb) > +{ > + u8 packed_byte = 0; > + int k; > + > + for (k = 0; k < 4; k++) { > + int current_pixel_x = j * 4 + k; > + u8 two_bit_val; > + > + if (current_pixel_x < PIXPAPER_WIDTH) { > + u32 pixel_offset = > + (i * (fb->pitches[0] / 4)) + current_pixel_x; > + u32 pixel = le32_to_cpu(src_pixels[pixel_offset]); > + u32 r = (pixel >> 16) & 0xFF; > + u32 g = (pixel >> 8) & 0xFF; > + u32 b = pixel & 0xFF; > + > + if (r < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL && > + g < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL && > + b < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL) { > + two_bit_val = 0b00; > + } else if (r > PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL && > + g > PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL && > + b > PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL) { > + two_bit_val = 0b01; > + } else if (r > PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL && > + g < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL && > + b < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL) { > + two_bit_val = 0b11; > + } else if (r > PIXPAPER_COLOR_THRESHOLD_HIGH_CHANNEL && > + g > PIXPAPER_COLOR_THRESHOLD_YELLOW_MIN_GREEN && > + b < PIXPAPER_COLOR_THRESHOLD_LOW_CHANNEL) { > + two_bit_val = 0b10; > + } else { > + two_bit_val = 0b01; > + } > + } else { > + two_bit_val = 0b01; > + } > + > + packed_byte |= two_bit_val << ((3 - k) * 2); > + } > + > + return packed_byte; > +} > + > +static int pixpaper_plane_helper_atomic_check(struct drm_plane *plane, > + struct drm_atomic_state *state) > +{ > + struct drm_plane_state *new_plane_state = > + drm_atomic_get_new_plane_state(state, plane); > + struct drm_crtc *new_crtc = new_plane_state->crtc; > + struct drm_crtc_state *new_crtc_state = NULL; > + int ret; > + > + if (new_crtc) > + new_crtc_state = drm_atomic_get_new_crtc_state(state, new_crtc); > + > + ret = drm_atomic_helper_check_plane_state(new_plane_state, > + new_crtc_state, DRM_PLANE_NO_SCALING, > + DRM_PLANE_NO_SCALING, false, false); > + if (ret) > + return ret; > + else if (!new_plane_state->visible) > + return 0; > + > + return 0; > +} > + > +static int pixpaper_crtc_helper_atomic_check(struct drm_crtc *crtc, > + struct drm_atomic_state *state) > +{ > + struct drm_crtc_state *crtc_state = > + drm_atomic_get_new_crtc_state(state, crtc); > + > + if (!crtc_state->enable) > + return 0; > + > + return drm_atomic_helper_check_crtc_primary_plane(crtc_state); > +} > + > +static void pixpaper_crtc_atomic_enable(struct drm_crtc *crtc, > + struct drm_atomic_state *state) > +{ > + struct pixpaper_panel *panel = to_pixpaper_panel(crtc->dev); > + struct drm_device *drm = &panel->drm; > + int idx; > + struct pixpaper_error_ctx err = { .errno_code = 0 }; > + > + if (!drm_dev_enter(drm, &idx)) > + return; > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_ON, &err); > + if (err.errno_code) { > + drm_err_once(drm, "Failed to send PON command: %d\n", > + err.errno_code); > + goto exit_drm_dev; > + } > + > + pixpaper_wait_for_panel(panel); > + > + drm_dbg(drm, "Panel enabled and powered on\n"); > + > +exit_drm_dev: > + drm_dev_exit(idx); > +} > + > +static void pixpaper_crtc_atomic_disable(struct drm_crtc *crtc, > + struct drm_atomic_state *state) > +{ > + struct pixpaper_panel *panel = to_pixpaper_panel(crtc->dev); > + struct drm_device *drm = &panel->drm; > + struct pixpaper_error_ctx err = { .errno_code = 0 }; > + int idx; > + > + if (!drm_dev_enter(drm, &idx)) > + return; > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_OFF, &err); > + if (err.errno_code) { > + drm_err_once(drm, "Failed to send POF command: %d\n", > + err.errno_code); > + goto exit_drm_dev; > + } > + pixpaper_wait_for_panel(panel); > + > + drm_dbg(drm, "Panel disabled\n"); > + > +exit_drm_dev: > + drm_dev_exit(idx); > +} > + > +static void pixpaper_plane_atomic_update(struct drm_plane *plane, > + struct drm_atomic_state *state) > +{ > + struct drm_plane_state *plane_state = > + drm_atomic_get_new_plane_state(state, plane); > + struct drm_shadow_plane_state *shadow_plane_state = > + to_drm_shadow_plane_state(plane_state); > + struct drm_crtc *crtc = plane_state->crtc; > + struct pixpaper_panel *panel = to_pixpaper_panel(crtc->dev); > + > + struct drm_device *drm = &panel->drm; > + struct drm_framebuffer *fb = plane_state->fb; > + struct iosys_map map = shadow_plane_state->data[0]; > + void *vaddr = map.vaddr; > + int i, j, idx; > + __le32 *src_pixels = NULL; > + struct pixpaper_error_ctx err = { .errno_code = 0 }; > + > + if (!drm_dev_enter(drm, &idx)) > + return; > + > + drm_dbg(drm, "Starting frame update (phys=%dx%d, buf_w=%d)\n", > + PIXPAPER_WIDTH, PIXPAPER_HEIGHT, PIXPAPER_PANEL_BUFFER_WIDTH); > + > + if (!fb || !plane_state->visible) { > + drm_err_once(drm, > + "No framebuffer or plane not visible, skipping update\n"); > + goto update_cleanup; > + } > + > + src_pixels = (__le32 *)vaddr; > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_DATA_START_TRANSMISSION, &err); > + if (err.errno_code) > + goto update_cleanup; > + > + pixpaper_wait_for_panel(panel); > + > + for (i = 0; i < PIXPAPER_HEIGHT; i++) { > + for (j = 0; j < PIXPAPER_PANEL_BUFFER_TWO_BYTES_PER_ROW; j++) { > + u8 packed_byte = > + pack_pixels_to_byte(src_pixels, i, j, fb); > + > + pixpaper_wait_for_panel(panel); > + pixpaper_send_data(panel, packed_byte, &err); > + } > + } > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_POWER_ON, &err); > + if (err.errno_code) { > + drm_err_once(drm, "Failed to send PON command: %d\n", > + err.errno_code); > + goto update_cleanup; > + } > + pixpaper_wait_for_panel(panel); > + > + pixpaper_send_cmd(panel, PIXPAPER_CMD_DISPLAY_REFRESH, &err); > + pixpaper_send_data(panel, PIXPAPER_DRF_VCOM_AC, &err); > + if (err.errno_code) { > + drm_err_once(drm, "Failed sending data after DRF: %d\n", > + err.errno_code); > + goto update_cleanup; > + } > + pixpaper_wait_for_panel(panel); > + > +update_cleanup: > + if (err.errno_code && err.errno_code != -ETIMEDOUT) > + drm_err_once(drm, "Frame update function failed with error %d\n", > + err.errno_code); > + > + drm_dev_exit(idx); > +} > + > +static const struct drm_display_mode pixpaper_mode = { > + .clock = PIXPAPER_PIXEL_CLOCK, > + .hdisplay = PIXPAPER_WIDTH, > + .hsync_start = PIXPAPER_WIDTH + PIXPAPER_HFP, > + .hsync_end = PIXPAPER_WIDTH + PIXPAPER_HFP + PIXPAPER_HSYNC, > + .htotal = PIXPAPER_HTOTAL, > + .vdisplay = PIXPAPER_HEIGHT, > + .vsync_start = PIXPAPER_HEIGHT + PIXPAPER_VFP, > + .vsync_end = PIXPAPER_HEIGHT + PIXPAPER_VFP + PIXPAPER_VSYNC, > + .vtotal = PIXPAPER_VTOTAL, > + .width_mm = PIXPAPER_WIDTH_MM, > + .height_mm = PIXPAPER_HEIGHT_MM, > + .type = DRM_MODE_TYPE_DRIVER | DRM_MODE_TYPE_PREFERRED, > +}; > + > +static int pixpaper_connector_get_modes(struct drm_connector *connector) > +{ > + return drm_connector_helper_get_modes_fixed(connector, &pixpaper_mode); > +} > + > +static const struct drm_plane_funcs pixpaper_plane_funcs = { > + .update_plane = drm_atomic_helper_update_plane, > + .disable_plane = drm_atomic_helper_disable_plane, > + .destroy = drm_plane_cleanup, > + DRM_GEM_SHADOW_PLANE_FUNCS, > +}; > + > +static const struct drm_plane_helper_funcs pixpaper_plane_helper_funcs = { > + DRM_GEM_SHADOW_PLANE_HELPER_FUNCS, > + .atomic_check = pixpaper_plane_helper_atomic_check, > + .atomic_update = pixpaper_plane_atomic_update, > +}; > + > +static const struct drm_crtc_funcs pixpaper_crtc_funcs = { > + .set_config = drm_atomic_helper_set_config, > + .page_flip = drm_atomic_helper_page_flip, > + .reset = drm_atomic_helper_crtc_reset, > + .destroy = drm_crtc_cleanup, > + .atomic_duplicate_state = drm_atomic_helper_crtc_duplicate_state, > + .atomic_destroy_state = drm_atomic_helper_crtc_destroy_state, > +}; > + > +static int pixpaper_mode_valid(struct drm_crtc *crtc, > + const struct drm_display_mode *mode) > +{ > + if (mode->hdisplay == PIXPAPER_WIDTH && > + mode->vdisplay == PIXPAPER_HEIGHT) { > + return MODE_OK; > + } > + return MODE_BAD; > +} > + > +static const struct drm_crtc_helper_funcs pixpaper_crtc_helper_funcs = { > + .mode_valid = pixpaper_mode_valid, > + .atomic_check = pixpaper_crtc_helper_atomic_check, > + .atomic_enable = pixpaper_crtc_atomic_enable, > + .atomic_disable = pixpaper_crtc_atomic_disable, > +}; > + > +static const struct drm_encoder_funcs pixpaper_encoder_funcs = { > + .destroy = drm_encoder_cleanup, > +}; > + > +static const struct drm_connector_funcs pixpaper_connector_funcs = { > + .reset = drm_atomic_helper_connector_reset, > + .fill_modes = drm_helper_probe_single_connector_modes, > + .destroy = drm_connector_cleanup, > + .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, > + .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, > +}; > + > +static const struct drm_connector_helper_funcs pixpaper_connector_helper_funcs = { > + .get_modes = pixpaper_connector_get_modes, > +}; > + > +DEFINE_DRM_GEM_FOPS(pixpaper_fops); > + > +static struct drm_driver pixpaper_drm_driver = { > + .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC, > + .fops = &pixpaper_fops, > + .name = "pixpaper", > + .desc = "DRM driver for PIXPAPER e-ink", > + .major = 1, > + .minor = 0, > + DRM_GEM_SHMEM_DRIVER_OPS, > + DRM_FBDEV_SHMEM_DRIVER_OPS, > +}; > + > +static const struct drm_mode_config_funcs pixpaper_mode_config_funcs = { > + .fb_create = drm_gem_fb_create_with_dirty, > + .atomic_check = drm_atomic_helper_check, > + .atomic_commit = drm_atomic_helper_commit, > +}; > + > +static int pixpaper_probe(struct spi_device *spi) > +{ > + struct device *dev = &spi->dev; > + struct pixpaper_panel *panel; > + struct drm_device *drm; > + int ret; > + > + panel = devm_drm_dev_alloc(dev, &pixpaper_drm_driver, > + struct pixpaper_panel, drm); > + if (IS_ERR(panel)) > + return PTR_ERR(panel); > + > + drm = &panel->drm; > + panel->spi = spi; > + spi_set_drvdata(spi, panel); > + > + spi->mode = SPI_MODE_0; > + spi->bits_per_word = PIXPAPER_SPI_BITS_PER_WORD; > + > + if (!spi->max_speed_hz) { > + drm_warn(drm, > + "spi-max-frequency not specified in DT, using default %u Hz\n", > + PIXPAPER_SPI_SPEED_DEFAULT); > + spi->max_speed_hz = PIXPAPER_SPI_SPEED_DEFAULT; > + } > + > + ret = spi_setup(spi); > + if (ret < 0) { > + drm_err(drm, "SPI setup failed: %d\n", ret); > + return ret; > + } > + > + if (!dev->dma_mask) > + dev->dma_mask = &dev->coherent_dma_mask; > + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32)); > + if (ret) { > + drm_err(drm, "Failed to set DMA mask: %d\n", ret); > + return ret; > + } > + > + panel->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); > + if (IS_ERR(panel->reset)) > + return PTR_ERR(panel->reset); > + > + panel->busy = devm_gpiod_get(dev, "busy", GPIOD_IN); > + if (IS_ERR(panel->busy)) > + return PTR_ERR(panel->busy); > + > + panel->dc = devm_gpiod_get(dev, "dc", GPIOD_OUT_HIGH); > + if (IS_ERR(panel->dc)) > + return PTR_ERR(panel->dc); > + > + ret = pixpaper_panel_hw_init(panel); > + if (ret) { > + drm_err(drm, "Panel hardware initialization failed: %d\n", ret); > + return ret; > + } > + > + ret = drmm_mode_config_init(drm); > + if (ret) > + return ret; > + drm->mode_config.funcs = &pixpaper_mode_config_funcs; > + drm->mode_config.min_width = PIXPAPER_WIDTH; > + drm->mode_config.max_width = PIXPAPER_WIDTH; > + drm->mode_config.min_height = PIXPAPER_HEIGHT; > + drm->mode_config.max_height = PIXPAPER_HEIGHT; > + > + ret = drm_universal_plane_init(drm, &panel->plane, 1, > + &pixpaper_plane_funcs, > + (const uint32_t[]){ DRM_FORMAT_XRGB8888 }, > + 1, NULL, DRM_PLANE_TYPE_PRIMARY, NULL); > + if (ret) > + return ret; > + drm_plane_helper_add(&panel->plane, &pixpaper_plane_helper_funcs); > + > + ret = drm_crtc_init_with_planes(drm, &panel->crtc, &panel->plane, NULL, > + &pixpaper_crtc_funcs, NULL); > + if (ret) > + return ret; > + drm_crtc_helper_add(&panel->crtc, &pixpaper_crtc_helper_funcs); > + > + ret = drm_encoder_init(drm, &panel->encoder, &pixpaper_encoder_funcs, > + DRM_MODE_ENCODER_NONE, NULL); > + if (ret) > + return ret; > + panel->encoder.possible_crtcs = drm_crtc_mask(&panel->crtc); > + > + ret = drm_connector_init(drm, &panel->connector, > + &pixpaper_connector_funcs, > + DRM_MODE_CONNECTOR_SPI); > + if (ret) > + return ret; > + > + drm_connector_helper_add(&panel->connector, > + &pixpaper_connector_helper_funcs); > + drm_connector_attach_encoder(&panel->connector, &panel->encoder); > + > + drm_mode_config_reset(drm); > + > + ret = drm_dev_register(drm, 0); > + if (ret) > + return ret; > + > + drm_client_setup(drm, NULL); > + > + return 0; > +} > + > +static void pixpaper_remove(struct spi_device *spi) > +{ > + struct pixpaper_panel *panel = spi_get_drvdata(spi); > + > + if (!panel) > + return; > + > + drm_dev_unplug(&panel->drm); > + drm_atomic_helper_shutdown(&panel->drm); > +} > + > +static const struct spi_device_id pixpaper_ids[] = { { "pixpaper", 0 }, {} }; > +MODULE_DEVICE_TABLE(spi, pixpaper_ids); > + > +static const struct of_device_id pixpaper_dt_ids[] = { > + { .compatible = "mayqueen,pixpaper" }, > + {} > +}; > +MODULE_DEVICE_TABLE(of, pixpaper_dt_ids); > + > +static struct spi_driver pixpaper_spi_driver = { > + .driver = { > + .name = "pixpaper", > + .of_match_table = pixpaper_dt_ids, > + }, > + .id_table = pixpaper_ids, > + .probe = pixpaper_probe, > + .remove = pixpaper_remove, > +}; > + > +module_spi_driver(pixpaper_spi_driver); > + > +MODULE_AUTHOR("LiangCheng Wang"); > +MODULE_DESCRIPTION("DRM SPI driver for PIXPAPER e-ink panel"); > +MODULE_LICENSE("GPL"); > -- -- Thomas Zimmermann Graphics Driver Developer SUSE Software Solutions Germany GmbH Frankenstrasse 146, 90461 Nuernberg, Germany GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)

3 months, 1 week

1
0
0 0

Re: [PATCH net-next v2 1/6] net: ti: icssg-prueth: Add functions to create and destroy Rx/Tx queues

by Jakub Kicinski

On Mon, 1 Sep 2025 15:32:22 +0530 Meghana Malladi wrote: > if (!emac->xdpi.prog && !prog) > return 0; > > - WRITE_ONCE(emac->xdp_prog, prog); > + if (netif_running(emac->ndev)) { > + prueth_destroy_txq(emac); > + prueth_destroy_rxq(emac); > + } > + > + old_prog = xchg(&emac->xdp_prog, prog); > + if (old_prog) > + bpf_prog_put(old_prog); > + > + if (netif_running(emac->ndev)) { > + ret = prueth_create_rxq(emac); shutting the device down and freeing all rx memory for reconfig is not okay. If the system is low on memory the Rx buffer allocations may fail and system may drop off the network. You must either pre-allocate or avoid freeing the memory, and just restart the queues. > + if (ret) { > + netdev_err(emac->ndev, "Failed to create RX queue: %d\n", ret); > + return ret; > + } > + > + ret = prueth_create_txq(emac); > + if (ret) { > + netdev_err(emac->ndev, "Failed to create TX queue: %d\n", ret); > + prueth_destroy_rxq(emac); > + emac->xdp_prog = NULL; > + return ret; > + } > + } > > xdp_attachment_setup(&emac->xdpi, bpf);

3 months, 1 week

1
0
0 0

Re: [PATCH] dma-buf: system_heap: use larger contiguous mappings instead of per-page mmap

by John Stultz

On Sat, Aug 30, 2025 at 4:58 PM Barry Song <21cnbao(a)gmail.com> wrote: > > From: Barry Song <v-songbaohua(a)oppo.com> > > We can allocate high-order pages, but mapping them one by > one is inefficient. This patch changes the code to map > as large a chunk as possible. The code looks somewhat > complicated mainly because supporting mmap with a > non-zero offset is a bit tricky. > > Using the micro-benchmark below, we see that mmap becomes > 3.5X faster: ... It's been awhile since I've done mm things, so take it with a pinch of salt, but this seems reasonable to me. Though, one thought below... > diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c > index bbe7881f1360..4c782fe33fd4 100644 > --- a/drivers/dma-buf/heaps/system_heap.c > +++ b/drivers/dma-buf/heaps/system_heap.c > @@ -186,20 +186,35 @@ static int system_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) > struct system_heap_buffer *buffer = dmabuf->priv; > struct sg_table *table = &buffer->sg_table; > unsigned long addr = vma->vm_start; > - struct sg_page_iter piter; > - int ret; > + unsigned long pgoff = vma->vm_pgoff; > + struct scatterlist *sg; > + int i, ret; > + > + for_each_sgtable_sg(table, sg, i) { > + unsigned long n = sg->length >> PAGE_SHIFT; > > - for_each_sgtable_page(table, &piter, vma->vm_pgoff) { > - struct page *page = sg_page_iter_page(&piter); > + if (pgoff < n) > + break; > + pgoff -= n; > + } > + > + for (; sg && addr < vma->vm_end; sg = sg_next(sg)) { > + unsigned long n = (sg->length >> PAGE_SHIFT) - pgoff; > + struct page *page = sg_page(sg) + pgoff; > + unsigned long size = n << PAGE_SHIFT; > + > + if (addr + size > vma->vm_end) > + size = vma->vm_end - addr; > > - ret = remap_pfn_range(vma, addr, page_to_pfn(page), PAGE_SIZE, > - vma->vm_page_prot); > + ret = remap_pfn_range(vma, addr, page_to_pfn(page), > + size, vma->vm_page_prot); It feels like this sort of mapping loop for higher order pages wouldn't be a unique pattern to just this code. Would this be better worked into a helper so it would be more generally usable? Otherwise, Acked-by: John Stultz <jstultz(a)google.com> thanks -john

3 months, 1 week

1
0
0 0

Re: [PATCH 3/9] mm/cma: Allow dynamically creating CMA areas

by David Hildenbrand

>> +>> +struct cma *__init cma_create(phys_addr_t base, phys_addr_t size, >> + unsigned int order_per_bit, const char *name) >> +{ >> + struct cma *cma; >> + int ret; >> + >> + ret = cma_check_memory(base, size); >> + if (ret < 0) >> + return ERR_PTR(ret); >> + >> + cma = kzalloc(sizeof(*cma), GFP_KERNEL); >> + if (!cma) >> + return ERR_PTR(-ENOMEM); >> + >> + cma_init_area(cma, name, size, order_per_bit); >> + cma->ranges[0].base_pfn = PFN_DOWN(base); >> + cma->ranges[0].early_pfn = PFN_DOWN(base); >> + cma->ranges[0].count = cma->count; >> + cma->nranges = 1; >> + >> + cma_activate_area(cma); >> + >> + return cma; >> +} >> + >> +void cma_free(struct cma *cma) >> +{ >> + kfree(cma); >> +} >> -- >> 2.50.0 > > > I agree that supporting dynamic CMA areas would be good. However, by > doing it like this, these CMA areas are invisible to the rest of the > system. E.g. cma_for_each_area() does not know about them. It seems a > bit inconsistent that there will now be some areas that are globally > known, and some that are not. Yeah, I'm not a fan of that. What is the big problem we are trying to solve here? Why do they have to be dynamic, why do they even have to support freeing? -- Cheers David / dhildenb

3 months, 1 week

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig