On Wed, 6 May 2026 15:12:37 +0200 Maxime Ripard mripard@kernel.org wrote:
On Wed, May 06, 2026 at 12:50:15PM +0200, Boris Brezillon wrote:
On Wed, 6 May 2026 12:08:24 +0200 Maxime Ripard mripard@kernel.org wrote:
Hi,
On Tue, May 05, 2026 at 04:05:10PM +0200, Ketil Johnsen wrote:
From: Florent Tomasin florent.tomasin@arm.com
This patch allows Panthor to allocate buffer objects from a protected heap. The Panthor driver should be seen as a consumer of the heap and not an exporter.
Protected memory buffers needed by the Panthor driver:
- On CSF FW load, the Panthor driver must allocate a protected buffer object to hold data to use by the FW when in protected mode. This protected buffer object is owned by the device and does not belong to a process.
- On CSG creation, the Panthor driver must allocate a protected suspend buffer object for the FW to store data when suspending the CSG while in protected mode. The kernel owns this allocation and does not allow user space mapping. The format of the data in this buffer is only known by the FW and does not need to be shared with other entities.
The driver will retrieve the protected heap using the name of the heap provided to the driver as module parameter.
I know it's what dma_heap_find asks for, but I wonder if it wouldn't be better in the device tree and lookup through the device node? heaps are going to have a node anyway, right?
I'm not too sure. Take the PROTMEM (name="protected,xxxx") dma_heaps instantiated by optee for instance, I don't think the originating tee_device comes from a device node, nor is the underlying heap described as a device node. The reserved memory pool this protected heap comes from is most likely defined somewhere as reserved memory in the DT, but there's nothing to correlate this range of reserved mem to some sub-range that the TEE implementation is carving out to provide protected memory.
Maybe we should be working on a dt bindings for heaps then? Something simple like we have for clocks with a phandle and an ID would probably be enough. In optee's case, it looks like it would map nicely with TEE_DMA_HEAP_* flags too.
Sure.
The only two that wouldn't be covered would be the system and default CMA heap if not setup in the DT, which shouldn't be too bad for this particular use-case.
I'm not opposed to the idea of describing the association through the DT (with a <phandle, ID> pair). My main fear is that it drags us into endless discussions around what's considered HW description and what's not (PTSD of all those DT-bindings discussions I suppose :-)), which ends up delaying the merging of Panthor's protected memory support.
Honestly, at this point I'm considering going back to my initial suggestion to add a dedicated ioctl() (requiring high privilege) to let the user pass the memory for the FW protected sections as a dmabuf FD. Given we don't need those sections to be populated for the FW to boot, it wouldn't block the probe of the driver, it would just prevent PROTM usage until those sections are populated.
This would let us make progress with the rest of the changes in this patchset, while the community decides how they want to expose dma_heaps to in-kernel users.