usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

EUD_MODE_MANAGER2 register is mapped to a memory region that is marked
as read-only for operating system running at EL1, enforcing access
restrictions that prohibit direct memory-mapped writes via writel().

Attempts to write to this region from HLOS can result in silent failures
or memory access violations, particularly when toggling EUD (Embedded
USB Debugger) state. To ensure secure register access, modify the driver
to use qcom_scm_io_writel(), which routes the write operation to Qualcomm
Secure Channel Monitor (SCM). SCM has the necessary permissions to access
protected memory regions, enabling reliable control over EUD state.

SC7280, the only user of EUD is also affected, indicating that this could
never have worked on a properly fused device.

Fixes: 9a1bf58ccd44 ("usb: misc: eud: Add driver support for Embedded USB Debugger(EUD)")
Signed-off-by: Melody Olvera <quic_molvera@quicinc.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Reviewed-by: Souradeep Chowdhury <quic_schowdhu@quicinc.com>
Signed-off-by: Komal Bajaj <komal.bajaj@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20250731-eud_mode_manager_secure_access-v8-1-4a5dcbb79f41@oss.qualcomm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Komal Bajaj and committed by

Greg Kroah-Hartman 8 months ago c0485e86 73881244

+25 -9

2 changed files

expand all

drivers

usb

misc

Kconfig

qcom_eud.c

drivers/usb/misc/Kconfig

··· 147 147 config USB_QCOM_EUD 148 148 tristate "QCOM Embedded USB Debugger(EUD) Driver" 149 149 depends on ARCH_QCOM || COMPILE_TEST 150 + select QCOM_SCM 150 151 select USB_ROLE_SWITCH 151 152 help 152 153 This module enables support for Qualcomm Technologies, Inc.

+24 -9

drivers/usb/misc/qcom_eud.c

··· 15 15 #include <linux/slab.h> 16 16 #include <linux/sysfs.h> 17 17 #include <linux/usb/role.h> 18 + #include <linux/firmware/qcom/qcom_scm.h> 18 19 19 20 #define EUD_REG_INT1_EN_MASK 0x0024 20 21 #define EUD_REG_INT_STATUS_1 0x0044 ··· 35 34 struct device *dev; 36 35 struct usb_role_switch *role_sw; 37 36 void __iomem *base; 38 - void __iomem *mode_mgr; 37 + phys_addr_t mode_mgr; 39 38 unsigned int int_status; 40 39 int irq; 41 40 bool enabled; ··· 44 43 45 44 static int enable_eud(struct eud_chip *priv) 46 45 { 46 + int ret; 47 + 48 + ret = qcom_scm_io_writel(priv->mode_mgr + EUD_REG_EUD_EN2, 1); 49 + if (ret) 50 + return ret; 51 + 47 52 writel(EUD_ENABLE, priv->base + EUD_REG_CSR_EUD_EN); 48 53 writel(EUD_INT_VBUS | EUD_INT_SAFE_MODE, 49 54 priv->base + EUD_REG_INT1_EN_MASK); 50 - writel(1, priv->mode_mgr + EUD_REG_EUD_EN2); 51 55 52 56 return usb_role_switch_set_role(priv->role_sw, USB_ROLE_DEVICE); 53 57 } 54 58 55 - static void disable_eud(struct eud_chip *priv) 59 + static int disable_eud(struct eud_chip *priv) 56 60 { 61 + int ret; 62 + 63 + ret = qcom_scm_io_writel(priv->mode_mgr + EUD_REG_EUD_EN2, 0); 64 + if (ret) 65 + return ret; 66 + 57 67 writel(0, priv->base + EUD_REG_CSR_EUD_EN); 58 - writel(0, priv->mode_mgr + EUD_REG_EUD_EN2); 68 + return 0; 59 69 } 60 70 61 71 static ssize_t enable_show(struct device *dev, ··· 94 82 chip->enabled = enable; 95 83 else 96 84 disable_eud(chip); 85 + 97 86 } else { 98 - disable_eud(chip); 87 + ret = disable_eud(chip); 99 88 } 100 89 101 - return count; 90 + return ret < 0 ? ret : count; 102 91 } 103 92 104 93 static DEVICE_ATTR_RW(enable); ··· 191 178 static int eud_probe(struct platform_device *pdev) 192 179 { 193 180 struct eud_chip *chip; 181 + struct resource *res; 194 182 int ret; 195 183 196 184 chip = devm_kzalloc(&pdev->dev, sizeof(*chip), GFP_KERNEL); ··· 213 199 if (IS_ERR(chip->base)) 214 200 return PTR_ERR(chip->base); 215 201 216 - chip->mode_mgr = devm_platform_ioremap_resource(pdev, 1); 217 - if (IS_ERR(chip->mode_mgr)) 218 - return PTR_ERR(chip->mode_mgr); 202 + res = platform_get_resource(pdev, IORESOURCE_MEM, 1); 203 + if (!res) 204 + return -ENODEV; 205 + chip->mode_mgr = res->start; 219 206 220 207 chip->irq = platform_get_irq(pdev, 0); 221 208 if (chip->irq < 0)