From: "Rutkowski, Adam J" <adam.j.rutkowski@intel.com>
To: "Madajczak, Tomasz" <Tomasz.Madajczak@intel.com>,
"Lespiau, Damien" <damien.lespiau@intel.com>,
Ben Widawsky <ben@bwidawsk.net>,
"Wilson, Chris" <chris.wilson@intel.com>,
"Mateo Lozano, Oscar" <oscar.mateo@intel.com>
Cc: "Intel-gfx@lists.freedesktop.org" <Intel-gfx@lists.freedesktop.org>
Subject: Re: pin OABUFFER to GGTT
Date: Wed, 2 Jul 2014 13:19:42 +0000 [thread overview]
Message-ID: <092ACDCAA6E4654AAFE75E8A5E9EAB7B2CBE6F1D@IRSMSX102.ger.corp.intel.com> (raw)
In-Reply-To: <F4B171067D52CE4D8BE01C491BC4F26634E26CCE@IRSMSX106.ger.corp.intel.com>
Hi
> Chris alludes to the fact that if there's a way for one application to gather
> data about other applications (whatever kind of data), that's an automatic
> security concern.
We have a few use cases for OA buffer and "one application to gather data about other applications" is basically a definition of at least some of them.
> I'm unclear why they need the offset. Can it not work like any other relocation, except with the requirement that it's in the GGTT?
We read OA_TAIL_PTR register via batch buffer (SRM) and we need to subtract OA buffer offset from it to get the relative tail.
Currently in most cases we write to OACONTROL, OABUFFER and other OA registers via MMIO in user mode.
I suppose your answer is to move OA ownership to kernel and provide new API for this. This is fine for us as long as multiple non-root applications are able to freely access contents of OA buffer in an efficient manner. We are ok with limiting other functionalities (like setting up / programming OA) to root only.
One more thing. Assuming usermode has OA buffer mapped I don't see how to avoid exposing of OA buffer offset to user mode in real life scenarios. To profile selected commands usermode driver must read OA_TAIL_PTR via SRM (so that it is written to memory together with perf counters). And it needs to know how the value read translates to offset in OA buffer. This implies usermode needs to know OA buffer offset (since the address in OA_BUFFER_PTR is not relative to the buffer boundary).
Having said all this, how about restoring the pin_ioctl? At least for some time? We do have a use case and moving to other - better - solution would take time. I think backward compatibility is something that you take into consideration as well.
Thanks
Adam
> -----Original Message-----
> From: Intel-gfx [mailto:intel-gfx-bounces@lists.freedesktop.org] On Behalf
> Of Madajczak, Tomasz
> Sent: Wednesday, July 2, 2014 1:12 PM
> To: Lespiau, Damien
> Cc: Ben Widawsky; Intel-gfx@lists.freedesktop.org
> Subject: Re: [Intel-gfx] pin OABUFFER to GGTT
>
> bo_pin had so far root privileges - they were sufficient and it would be
> enough to get bo_pin back the same way. This also implies that root can only
> start the OA buffer measurements.
>
> -Tomasz
>
> -----Original Message-----
> From: Lespiau, Damien
> Sent: Wednesday, July 02, 2014 12:49 PM
> To: Madajczak, Tomasz
> Cc: Mateo Lozano, Oscar; Chris Wilson; Ben Widawsky; Intel-
> gfx@lists.freedesktop.org
> Subject: Re: [Intel-gfx] pin OABUFFER to GGTT
>
> On Wed, Jul 02, 2014 at 10:31:45AM +0000, Madajczak, Tomasz wrote:
> > There isn't any secret or privacy in that OA buffer data - just
> > results of performance counters, shown by tools such as GPA/ Vtune.
>
> Chris alludes to the fact that if there's a way for one application to gather
> data about other applications (whatever kind of data), that's an automatic
> security concern.
>
> One may think that's only very theoretical, but the side channel attacks are
> (surpringly) real and effective. It cannot be proven easily that exposing data
> about other contexes is totally secure.
>
> There are ways around that however. If only root can gather that data, I think
> we've contained the issue enough for the case at hand?
>
> --
> Damien
--------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek
przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by
others is strictly prohibited.
next prev parent reply other threads:[~2014-07-02 13:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-01 16:24 pin OABUFFER to GGTT Mateo Lozano, Oscar
2014-07-01 16:30 ` Chris Wilson
2014-07-01 16:34 ` Mateo Lozano, Oscar
2014-07-01 16:51 ` Chris Wilson
2014-07-01 17:13 ` Mateo Lozano, Oscar
2014-07-01 17:16 ` Mateo Lozano, Oscar
2014-07-01 19:54 ` Chris Wilson
2014-07-02 6:40 ` Ben Widawsky
2014-07-02 6:55 ` Chris Wilson
2014-07-02 8:49 ` Mateo Lozano, Oscar
2014-07-02 10:31 ` Madajczak, Tomasz
2014-07-02 10:49 ` Damien Lespiau
2014-07-02 11:11 ` Madajczak, Tomasz
2014-07-02 13:19 ` Rutkowski, Adam J [this message]
2014-07-03 7:17 ` Damien Lespiau
2014-07-03 17:10 ` Ben Widawsky
2014-07-03 20:45 ` Ben Widawsky
2014-07-02 17:36 ` Ben Widawsky
2014-07-07 20:43 ` Daniel Vetter
2014-07-07 23:59 ` Bragg, Robert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=092ACDCAA6E4654AAFE75E8A5E9EAB7B2CBE6F1D@IRSMSX102.ger.corp.intel.com \
--to=adam.j.rutkowski@intel.com \
--cc=Intel-gfx@lists.freedesktop.org \
--cc=Tomasz.Madajczak@intel.com \
--cc=ben@bwidawsk.net \
--cc=chris.wilson@intel.com \
--cc=damien.lespiau@intel.com \
--cc=oscar.mateo@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.