1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
4  */
5 
6 #ifndef STM32_FIREWALL_DEVICE_H
7 #define STM32_FIREWALL_DEVICE_H
8 
9 #include <linux/of.h>
10 #include <linux/platform_device.h>
11 #include <linux/types.h>
12 
13 #define STM32_FIREWALL_MAX_EXTRA_ARGS		5
14 
15 /* Opaque reference to stm32_firewall_controller */
16 struct stm32_firewall_controller;
17 
18 /**
19  * struct stm32_firewall - Information on a device's firewall. Each device can have more than one
20  *			   firewall.
21  *
22  * @firewall_ctrl:		Pointer referencing a firewall controller of the device. It is
23  *				opaque so a device cannot manipulate the controller's ops or access
24  *				the controller's data
25  * @extra_args:			Extra arguments that are implementation dependent
26  * @entry:			Name of the firewall entry
27  * @extra_args_size:		Number of extra arguments
28  * @firewall_id:		Firewall ID associated the device for this firewall controller
29  */
30 struct stm32_firewall {
31 	struct stm32_firewall_controller *firewall_ctrl;
32 	u32 extra_args[STM32_FIREWALL_MAX_EXTRA_ARGS];
33 	const char *entry;
34 	size_t extra_args_size;
35 	u32 firewall_id;
36 };
37 
38 #if IS_ENABLED(CONFIG_STM32_FIREWALL)
39 /**
40  * stm32_firewall_get_firewall - Get the firewall(s) associated to given device.
41  *				 The firewall controller reference is always the first argument
42  *				 of each of the access-controller property entries.
43  *				 The firewall ID is always the second argument of each of the
44  *				 access-controller  property entries.
45  *				 If there's no argument linked to the phandle, then the firewall ID
46  *				 field is set to U32_MAX, which is an invalid ID.
47  *
48  * @np:				Device node to parse
49  * @firewall:			Array of firewall references
50  * @nb_firewall:		Number of firewall references to get. Must be at least 1.
51  *
52  * Returns 0 on success, -ENODEV if there's no match with a firewall controller or appropriate errno
53  * code if error occurred.
54  */
55 int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall,
56 				unsigned int nb_firewall);
57 
58 /**
59  * stm32_firewall_grant_access - Request firewall access rights and grant access.
60  *
61  * @firewall:			Firewall reference containing the ID to check against its firewall
62  *				controller
63  *
64  * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
65  * appropriate errno code if error occurred
66  */
67 int stm32_firewall_grant_access(struct stm32_firewall *firewall);
68 
69 /**
70  * stm32_firewall_release_access - Release access granted from a call to
71  *				   stm32_firewall_grant_access().
72  *
73  * @firewall:			Firewall reference containing the ID to check against its firewall
74  *				controller
75  */
76 void stm32_firewall_release_access(struct stm32_firewall *firewall);
77 
78 /**
79  * stm32_firewall_grant_access_by_id - Request firewall access rights of a given device
80  *				       based on a specific firewall ID
81  *
82  * Warnings:
83  * There is no way to ensure that the given ID will correspond to the firewall referenced in the
84  * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
85  * function must be used with caution.
86  * This function should be used for subsystem resources that do not have the same firewall ID
87  * as their parent.
88  * U32_MAX is an invalid ID.
89  *
90  * @firewall:			Firewall reference containing the firewall controller
91  * @subsystem_id:		Firewall ID of the subsystem resource
92  *
93  * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
94  * appropriate errno code if error occurred
95  */
96 int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
97 
98 /**
99  * stm32_firewall_release_access_by_id - Release access granted from a call to
100  *					 stm32_firewall_grant_access_by_id().
101  *
102  * Warnings:
103  * There is no way to ensure that the given ID will correspond to the firewall referenced in the
104  * device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
105  * function must be used with caution.
106  * This function should be used for subsystem resources that do not have the same firewall ID
107  * as their parent.
108  * U32_MAX is an invalid ID.
109  *
110  * @firewall:			Firewall reference containing the firewall controller
111  * @subsystem_id:		Firewall ID of the subsystem resource
112  */
113 void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
114 
115 #else /* CONFIG_STM32_FIREWALL */
116 
117 int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall,
118 				unsigned int nb_firewall);
119 {
120 	return -ENODEV;
121 }
122 
stm32_firewall_grant_access(struct stm32_firewall * firewall)123 int stm32_firewall_grant_access(struct stm32_firewall *firewall)
124 {
125 	return -ENODEV;
126 }
127 
stm32_firewall_release_access(struct stm32_firewall * firewall)128 void stm32_firewall_release_access(struct stm32_firewall *firewall)
129 {
130 }
131 
stm32_firewall_grant_access_by_id(struct stm32_firewall * firewall,u32 subsystem_id)132 int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
133 {
134 	return -ENODEV;
135 }
136 
stm32_firewall_release_access_by_id(struct stm32_firewall * firewall,u32 subsystem_id)137 void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
138 {
139 }
140 
141 #endif /* CONFIG_STM32_FIREWALL */
142 #endif /* STM32_FIREWALL_DEVICE_H */
143