Requirements: In QCE crypto driver we are accessing the crypto engine registers directly via CPU read/write. Trust Zone could possibly to perform some crypto operations simultaneously, a race condition will be created and this could result in undefined behavior. To avoid this behavior we need to use BAM HW LOCK/UNLOCK feature on BAM pipes, and this LOCK/UNLOCK will be set via sending a command descriptor, where the HLOS/TZ QCE crypto driver prepares a command descriptor with a dummy write operation on one of the QCE crypto engine register and pass the LOCK/UNLOCK flag along with it. This feature tested with tcrypt.ko and "libkcapi" with all the AES algorithm supported by QCE crypto engine. Tested on IPQ9574 and qcm6490.LE chipset. insmod tcrypt.ko mode=101 insmod tcrypt.ko mode=102 insmod tcrypt.ko mode=155 insmod tcrypt.ko mode=180 insmod tcrypt.ko mode=181 insmod tcrypt.ko mode=182 insmod tcrypt.ko mode=185 insmod tcrypt.ko mode=186 insmod tcrypt.ko mode=212 insmod tcrypt.ko mode=216 insmod tcrypt.ko mode=403 insmod tcrypt.ko mode=404 insmod tcrypt.ko mode=500 insmod tcrypt.ko mode=501 insmod tcrypt.ko mode=502 insmod tcrypt.ko mode=600 insmod tcrypt.ko mode=601 insmod tcrypt.ko mode=602 Encryption command line: ./kcapi -x 1 -e -c "cbc(aes)" -k 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i 7fbc02ebf5b93322329df9bfccb635af -p 48981da18e4bb9ef7e2e3162d16b1910 * 8b19050f66582cb7f7e4b6c873819b71 * Decryption command line: * $ ./kcapi -x 1 -c "cbc(aes)" -k 3023b2418ea59a841757dcf07881b3a8def1c97b659a4dad -i 95aa5b68130be6fcf5cabe7d9f898a41 -q c313c6b50145b69a77b33404cb422598 * 836de0065f9d6f6a3dd2c53cd17e33a * $ ./kcapi -x 3 -c sha256 -p 38f86d * cc42f645c5aa76ac3154b023359b665375fc3ae42f025fe961fb0f65205ad70e * $ ./kcapi -x 3 -c sha256 -p bbb300ac5eda9d * 61f7b48577a613fbdfe0d6d90b49985e07a42c99e7a439b6efb76d5ec71b3d30 ./kcapi -x 12 -c "hmac(sha256)" -k 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -i 000102030405060708090a0b0c -p f0f1f2f3f4f5f6f7f8f9 -b 42 * 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf3400720 8d5b887185865 Paraller test with two different EE's (Execution Environment) EE1 (Trust Zone) EE2 (HLOS) There is a TZ application which "libkcapi" or "tcrypt.ko" will run in will do continuous enc/dec with continuous loop to do enc/dec with different AES algorithm supported different algorithm supported QCE by QCE crypto engine. crypto engine. 1) dummy write with LOCK bit set 1) dummy write with LOCK bit set 2) bam will lock all other pipes 2) bam will lock all other pipes which which not belongs to current not belongs to current EE's, i.e tz EE's, i.e HLOS pipe and keep pipe and keep handling current handling current pipe only. pipe only. 3) hlos prepare data descriptor and 3) tz prepare data descriptor submit to CE5 and submit to CE5 4) dummy write with UNLOCK bit set 4) dummy write with UNLOCK bit 5) bam will release all the locked set pipes 5) bam will release all the locked pipes Upon encountering a descriptor with Lock bit set, the BAM will lock all other pipes not related to the current pipe group, and keep handling the current pipe only until it sees the Un-Lock set (then it will release all locked pipes). The actual locking is done on the new descriptor fetching for publishing, i.e. locked pipe will not fetch new descriptors even if it got event/events adding more descriptors for this pipe. v5: * Added DMA_PREP_LOCK and DMA_PREP_UNLOCK flag support in separate patch * Removed DMA_PREP_LOCK & DMA_PREP_UNLOCK flag * Added FIELD_GET and GENMASK macro to extract major and minor version v4: * Added feature description and test hardware with test command * Fixed patch version numbering * Dropped dt-binding patch * Dropped device tree changes * Added BAM_SW_VERSION register read * Handled the error path for the api dma_map_resource() in probe * updated the commit messages for batter redability * Squash the change where qce_bam_acquire_lock() and qce_bam_release_lock() api got introduce to the change where the lock/unlock flag get introced * changed cover letter subject heading to "dmaengine: qcom: bam_dma: add cmd descriptor support" * Added the very initial post for BAM lock/unlock patch link as v1 to track this feature v3: * https://lore.kernel.org/lkml/183d4f5e-e00a-8ef6-a589-f5704bc83d4a@xxxxxxxxxxx/ * Addressed all the comments from v2 * Added the dt-binding * Fix alignment issue * Removed type casting from qce_write_reg_dma() and qce_read_reg_dma() * Removed qce_bam_txn = dma->qce_bam_txn; line from qce_alloc_bam_txn() api and directly returning dma->qce_bam_txn v2: * https://lore.kernel.org/lkml/20231214114239.2635325-1-quic_mdalam@xxxxxxxxxxx/ * Initial set of patches for cmd descriptor support * Add client driver to use BAM lock/unlock feature * Added register read/write via BAM in QCE Crypto driver to use BAM lock/unlock feature v1: * https://lore.kernel.org/all/1608215842-15381-1-git-send-email-mdalam@xxxxxxxxxxxxxx/ * Initial support for LOCK/UNLOCK in bam_dma driver Md Sadre Alam (12): dmaengine: qcom: bam_dma: Add bam_sw_version register read dmaengine: add DMA_PREP_LOCK and DMA_PREP_UNLOCK flag dmaengine: qcom: bam_dma: add bam_pipe_lock flag support crypto: qce - Add support for crypto address read crypto: qce - Add bam dma support for crypto register r/w crypto: qce - Convert register r/w for skcipher via BAM/DMA crypto: qce - Convert register r/w for sha via BAM/DMA crypto: qce - Convert register r/w for aead via BAM/DMA crypto: qce - Add LOCK and UNLOCK flag support crypto: qce - Add support for lock/unlock in skcipher crypto: qce - Add support for lock/unlock in sha crypto: qce - Add support for lock/unlock in aead .../driver-api/dmaengine/provider.rst | 15 ++ drivers/crypto/qce/aead.c | 4 + drivers/crypto/qce/common.c | 141 +++++++---- drivers/crypto/qce/core.c | 14 +- drivers/crypto/qce/core.h | 12 + drivers/crypto/qce/dma.c | 232 ++++++++++++++++++ drivers/crypto/qce/dma.h | 26 +- drivers/crypto/qce/sha.c | 4 + drivers/crypto/qce/skcipher.c | 4 + drivers/dma/qcom/bam_dma.c | 32 ++- include/linux/dmaengine.h | 6 + 11 files changed, 445 insertions(+), 45 deletions(-) -- 2.34.1