[PATCH v2 00/11] Add mediate-drm secure flow for SVP

[PATCH v2 00/11] Add mediate-drm secure flow for SVP

[Jason-JH.Lin]

The patch series provides drm driver support for enabling secure video
path (SVP) playback on MediaiTek hardware in the Linux kernel.

Memory Definitions:
secure memory - Memory allocated in the TEE (Trusted Execution
Environment) which is inaccessible in the REE (Rich Execution
Environment, i.e. linux kernel/userspace).
secure handle - Integer value which acts as reference to 'secure
memory'. Used in communication between TEE and REE to reference
'secure memory'.
secure buffer - 'secure memory' that is used to store decrypted,
compressed video or for other general purposes in the TEE.
secure surface - 'secure memory' that is used to store graphic buffers.

Memory Usage in SVP:
The overall flow of SVP starts with encrypted video coming in from an
outside source into the REE. The REE will then allocate a 'secure
buffer' and send the corresponding 'secure handle' along with the
encrypted, compressed video data to the TEE. The TEE will then decrypt
the video and store the result in the 'secure buffer'. The REE will
then allocate a 'secure surface'. The REE will pass the 'secure
handles' for both the 'secure buffer' and 'secure surface' into the
TEE for video decoding. The video decoder HW will then decode the
contents of the 'secure buffer' and place the result in the 'secure
surface'. The REE will then attach the 'secure surface' to the overlay
plane for rendering of the video.

Everything relating to ensuring security of the actual contents of the
'secure buffer' and 'secure surface' is out of scope for the REE and
is the responsibility of the TEE.

DRM driver handles allocation of gem objects that are backed by a 'secure
surface' and for displaying a 'secure surface' on the overlay plane.
This introduces a new flag for object creation called
DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a 'secure
surface'. All changes here are in MediaTek specific code.

---
Based on 3 series and 1 patch:
[1] dma-buf: heaps: Add MediaTek secure heap
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=782776

[2] add driver to support secure video decoder
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=782922

[3] soc: mediatek: Add register definitions for GCE
- https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/

[4] Add CMDQ secure driver for SVP
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=795502
---
Change in v2:

1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
2. move cmdq_insert_backup_cookie into client driver
3. move secure gce node define from mt8195-cherry.dtsi to mt8195.dtsi
---

CK Hu (1):
  drm/mediatek: Add interface to allocate MediaTek GEM buffer.

Jason-JH.Lin (10):
  drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag
  drm/mediatek: Add secure buffer control flow to mtk_drm_gem
  drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane
  drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info
  drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
  drm/mediatek: Add secure layer config support for ovl
  drm/mediatek: Add secure layer config support for ovl_adaptor
  drm/mediatek: Add secure flow support to mediatek-drm
  drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize
  arm64: dts: mt8195: Add secure mbox settings for vdosys

 arch/arm64/boot/dts/mediatek/mt8195.dtsi      |   6 +-
 drivers/gpu/drm/mediatek/mtk_disp_drv.h       |   3 +
 drivers/gpu/drm/mediatek/mtk_disp_ovl.c       |  31 +-
 .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   |  15 +
 drivers/gpu/drm/mediatek/mtk_drm_crtc.c       | 274 +++++++++++++++++-
 drivers/gpu/drm/mediatek/mtk_drm_crtc.h       |   1 +
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  14 +
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h   |  13 +
 drivers/gpu/drm/mediatek/mtk_drm_drv.c        |  13 +
 drivers/gpu/drm/mediatek/mtk_drm_gem.c        | 121 ++++++++
 drivers/gpu/drm/mediatek/mtk_drm_gem.h        |  16 +
 drivers/gpu/drm/mediatek/mtk_drm_plane.c      |   7 +
 drivers/gpu/drm/mediatek/mtk_drm_plane.h      |   2 +
 drivers/gpu/drm/mediatek/mtk_mdp_rdma.c       |  11 +-
 drivers/gpu/drm/mediatek/mtk_mdp_rdma.h       |   2 +
 include/uapi/drm/mediatek_drm.h               |  59 ++++
 16 files changed, 570 insertions(+), 18 deletions(-)
 create mode 100644 include/uapi/drm/mediatek_drm.h

-- 
2.18.0

[PATCH v2 01/11] drm/mediatek: Add interface to allocate MediaTek GEM buffer.

[Jason-JH.Lin]

From: CK Hu <ck.hu@mediatek.com>

Add an interface to allocate MediaTek GEM buffers, allow the IOCTLs
to be used by render nodes.
This patch also sets the RENDER driver feature.

Signed-off-by: CK Hu <ck.hu@mediatek.com>
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Daniel Kurtz <djkurtz@chromium.org>
Tested-by: Pi-Hsun Shih <pihsun@chromium.org>

---
 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 13 ++++++
 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 39 +++++++++++++++++
 drivers/gpu/drm/mediatek/mtk_drm_gem.h | 12 ++++++
 include/uapi/drm/mediatek_drm.h        | 58 ++++++++++++++++++++++++++
 4 files changed, 122 insertions(+)
 create mode 100644 include/uapi/drm/mediatek_drm.h

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
index 93552d76b6e7..e3e9dbdf265b 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
@@ -24,6 +24,7 @@
 #include <drm/drm_of.h>
 #include <drm/drm_probe_helper.h>
 #include <drm/drm_vblank.h>
+#include <drm/mediatek_drm.h>
 
 #include "mtk_drm_crtc.h"
 #include "mtk_drm_ddp_comp.h"
@@ -541,6 +542,14 @@ static void mtk_drm_kms_deinit(struct drm_device *drm)
 	component_unbind_all(drm->dev, drm);
 }
 
+static const struct drm_ioctl_desc mtk_ioctls[] = {
+	DRM_IOCTL_DEF_DRV(MTK_GEM_CREATE, mtk_gem_create_ioctl,
+			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
+	DRM_IOCTL_DEF_DRV(MTK_GEM_MAP_OFFSET,
+			  mtk_gem_map_offset_ioctl,
+			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
+};
+
 DEFINE_DRM_GEM_FOPS(mtk_drm_fops);
 
 /*
@@ -562,6 +571,10 @@ static const struct drm_driver mtk_drm_driver = {
 
 	.gem_prime_import = mtk_drm_gem_prime_import,
 	.gem_prime_import_sg_table = mtk_gem_prime_import_sg_table,
+
+	.ioctls = mtk_ioctls,
+	.num_ioctls = ARRAY_SIZE(mtk_ioctls),
+
 	.fops = &mtk_drm_fops,
 
 	.name = DRIVER_NAME,
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 9f364df52478..bcce723f257d 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -4,6 +4,7 @@
  */
 
 #include <linux/dma-buf.h>
+#include <drm/mediatek_drm.h>
 
 #include <drm/drm.h>
 #include <drm/drm_device.h>
@@ -272,3 +273,41 @@ void mtk_drm_gem_prime_vunmap(struct drm_gem_object *obj,
 	mtk_gem->kvaddr = NULL;
 	kfree(mtk_gem->pages);
 }
+
+int mtk_gem_map_offset_ioctl(struct drm_device *drm, void *data,
+			     struct drm_file *file_priv)
+{
+	struct drm_mtk_gem_map_off *args = data;
+
+	return drm_gem_dumb_map_offset(file_priv, drm, args->handle,
+				       &args->offset);
+}
+
+int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
+			 struct drm_file *file_priv)
+{
+	struct mtk_drm_gem_obj *mtk_gem;
+	struct drm_mtk_gem_create *args = data;
+	int ret;
+
+	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
+	if (IS_ERR(mtk_gem))
+		return PTR_ERR(mtk_gem);
+
+	/*
+	 * allocate a id of idr table where the obj is registered
+	 * and handle has the id what user can see.
+	 */
+	ret = drm_gem_handle_create(file_priv, &mtk_gem->base, &args->handle);
+	if (ret)
+		goto err_handle_create;
+
+	/* drop reference from allocate - handle holds it now. */
+	drm_gem_object_put(&mtk_gem->base);
+
+	return 0;
+
+err_handle_create:
+	mtk_drm_gem_free_object(&mtk_gem->base);
+	return ret;
+}
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
index 78f23b07a02e..90f3d2916ec5 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
@@ -46,4 +46,16 @@ int mtk_drm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map);
 void mtk_drm_gem_prime_vunmap(struct drm_gem_object *obj,
 			      struct iosys_map *map);
 
+/*
+ * request gem object creation and buffer allocation as the size
+ * that it is calculated with framebuffer information such as width,
+ * height and bpp.
+ */
+int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
+			 struct drm_file *file_priv);
+
+/* get buffer offset to map to user space. */
+int mtk_gem_map_offset_ioctl(struct drm_device *dev, void *data,
+			     struct drm_file *file_priv);
+
 #endif
diff --git a/include/uapi/drm/mediatek_drm.h b/include/uapi/drm/mediatek_drm.h
new file mode 100644
index 000000000000..c050de320a84
--- /dev/null
+++ b/include/uapi/drm/mediatek_drm.h
@@ -0,0 +1,58 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Copyright (c) 2015 MediaTek Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef _UAPI_MEDIATEK_DRM_H
+#define _UAPI_MEDIATEK_DRM_H
+
+#include <drm/drm.h>
+
+/**
+ * User-desired buffer creation information structure.
+ *
+ * @size: user-desired memory allocation size.
+ *	- this size value would be page-aligned internally.
+ * @flags: user request for setting memory type or cache attributes.
+ * @handle: returned a handle to created gem object.
+ *	- this handle will be set by gem module of kernel side.
+ */
+struct drm_mtk_gem_create {
+	uint64_t size;
+	uint32_t flags;
+	uint32_t handle;
+};
+
+/**
+ * A structure for getting buffer offset.
+ *
+ * @handle: a pointer to gem object created.
+ * @pad: just padding to be 64-bit aligned.
+ * @offset: relatived offset value of the memory region allocated.
+ *     - this value should be set by user.
+ */
+struct drm_mtk_gem_map_off {
+	uint32_t handle;
+	uint32_t pad;
+	uint64_t offset;
+};
+
+#define DRM_MTK_GEM_CREATE		0x00
+#define DRM_MTK_GEM_MAP_OFFSET		0x01
+
+#define DRM_IOCTL_MTK_GEM_CREATE	DRM_IOWR(DRM_COMMAND_BASE + \
+		DRM_MTK_GEM_CREATE, struct drm_mtk_gem_create)
+
+#define DRM_IOCTL_MTK_GEM_MAP_OFFSET	DRM_IOWR(DRM_COMMAND_BASE + \
+		DRM_MTK_GEM_MAP_OFFSET, struct drm_mtk_gem_map_off)
+
+#endif /* _UAPI_MEDIATEK_DRM_H */
-- 
2.18.0

[PATCH v2 02/11] drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag

[Jason-JH.Lin]

Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag to allocate a secure buffer
to support secure video path feature.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 include/uapi/drm/mediatek_drm.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/uapi/drm/mediatek_drm.h b/include/uapi/drm/mediatek_drm.h
index c050de320a84..93f25e0c21d7 100644
--- a/include/uapi/drm/mediatek_drm.h
+++ b/include/uapi/drm/mediatek_drm.h
@@ -48,6 +48,7 @@ struct drm_mtk_gem_map_off {
 
 #define DRM_MTK_GEM_CREATE		0x00
 #define DRM_MTK_GEM_MAP_OFFSET		0x01
+#define DRM_MTK_GEM_CREATE_ENCRYPTED	0x02
 
 #define DRM_IOCTL_MTK_GEM_CREATE	DRM_IOWR(DRM_COMMAND_BASE + \
 		DRM_MTK_GEM_CREATE, struct drm_mtk_gem_create)
-- 
2.18.0

[PATCH v2 03/11] drm/mediatek: Add secure buffer control flow to mtk_drm_gem

[Jason-JH.Lin]

Add secure buffer control flow to mtk_drm_gem.

When user space takes DRM_MTK_GEM_CREATE_ENCRYPTED flag and size
to create a mtk_drm_gem object, mtk_drm_gem will find a matched size
dma buffer from secure dma-heap and bind it to mtk_drm_gem object.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 84 +++++++++++++++++++++++++-
 drivers/gpu/drm/mediatek/mtk_drm_gem.h |  4 ++
 2 files changed, 87 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index bcce723f257d..2064ccd7dde0 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -4,6 +4,8 @@
  */
 
 #include <linux/dma-buf.h>
+#include <linux/dma-heap.h>
+#include <uapi/linux/dma-heap.h>
 #include <drm/mediatek_drm.h>
 
 #include <drm/drm.h>
@@ -55,6 +57,80 @@ static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev,
 	return mtk_gem_obj;
 }
 
+struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct drm_device *dev,
+						     const char *heap, size_t size)
+{
+	struct mtk_drm_private *priv = dev->dev_private;
+	struct mtk_drm_gem_obj *mtk_gem;
+	struct drm_gem_object *obj;
+	struct dma_heap *dma_heap;
+	struct dma_buf *dma_buf;
+	struct dma_buf_attachment *attach;
+	struct sg_table *sgt;
+	struct iosys_map map = {};
+	int ret;
+
+	mtk_gem = mtk_drm_gem_init(dev, size);
+	if (IS_ERR(mtk_gem))
+		return ERR_CAST(mtk_gem);
+
+	obj = &mtk_gem->base;
+
+	dma_heap = dma_heap_find(heap);
+	if (!dma_heap) {
+		DRM_ERROR("heap find fail\n");
+		goto err_gem_free;
+	}
+	dma_buf = dma_heap_buffer_alloc(dma_heap, size,
+					O_RDWR | O_CLOEXEC, DMA_HEAP_VALID_HEAP_FLAGS);
+	if (IS_ERR(dma_buf)) {
+		DRM_ERROR("buffer alloc fail\n");
+		dma_heap_put(dma_heap);
+		goto err_gem_free;
+	}
+	dma_heap_put(dma_heap);
+
+	attach = dma_buf_attach(dma_buf, priv->dma_dev);
+	if (IS_ERR(attach)) {
+		DRM_ERROR("attach fail, return\n");
+		dma_buf_put(dma_buf);
+		goto err_gem_free;
+	}
+	sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL);
+	if (IS_ERR(sgt)) {
+		DRM_ERROR("map failed, detach and return\n");
+		dma_buf_detach(dma_buf, attach);
+		dma_buf_put(dma_buf);
+		goto err_gem_free;
+	}
+	obj->import_attach = attach;
+	mtk_gem->dma_addr = sg_dma_address(sgt->sgl);
+	mtk_gem->sg = sgt;
+	mtk_gem->size = dma_buf->size;
+
+	if (!strcmp(heap, "mtk_svp") || !strcmp(heap, "mtk_svp_cma")) {
+		/* secure buffer can not be mapped */
+		mtk_gem->sec = true;
+	} else {
+		ret = dma_buf_vmap(dma_buf, &map);
+		mtk_gem->kvaddr = map.vaddr;
+		if (ret) {
+			DRM_ERROR("map failed, ret=%d\n", ret);
+			dma_buf_unmap_attachment(attach, sgt, DMA_BIDIRECTIONAL);
+			dma_buf_detach(dma_buf, attach);
+			dma_buf_put(dma_buf);
+			mtk_gem->kvaddr = NULL;
+		}
+	}
+
+	return mtk_gem;
+
+err_gem_free:
+	drm_gem_object_release(obj);
+	kfree(mtk_gem);
+	return ERR_PTR(-ENOMEM);
+}
+
 struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
 					   size_t size, bool alloc_kmap)
 {
@@ -218,7 +294,9 @@ struct drm_gem_object *mtk_gem_prime_import_sg_table(struct drm_device *dev,
 	if (IS_ERR(mtk_gem))
 		return ERR_CAST(mtk_gem);
 
+	mtk_gem->sec = !sg_page(sg->sgl);
 	mtk_gem->dma_addr = sg_dma_address(sg->sgl);
+	mtk_gem->size = attach->dmabuf->size;
 	mtk_gem->sg = sg;
 
 	return &mtk_gem->base;
@@ -290,7 +368,11 @@ int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
 	struct drm_mtk_gem_create *args = data;
 	int ret;
 
-	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
+	if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
+		mtk_gem = mtk_drm_gem_create_from_heap(dev, "mtk_svp_cma", args->size);
+	else
+		mtk_gem = mtk_drm_gem_create(dev, args->size, false);
+
 	if (IS_ERR(mtk_gem))
 		return PTR_ERR(mtk_gem);
 
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
index 90f3d2916ec5..ed4d23e252e9 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
@@ -27,9 +27,11 @@ struct mtk_drm_gem_obj {
 	void			*cookie;
 	void			*kvaddr;
 	dma_addr_t		dma_addr;
+	size_t			size;
 	unsigned long		dma_attrs;
 	struct sg_table		*sg;
 	struct page		**pages;
+	bool			sec;
 };
 
 #define to_mtk_gem_obj(x)	container_of(x, struct mtk_drm_gem_obj, base)
@@ -37,6 +39,8 @@ struct mtk_drm_gem_obj {
 void mtk_drm_gem_free_object(struct drm_gem_object *gem);
 struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev, size_t size,
 					   bool alloc_kmap);
+struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct drm_device *dev,
+						     const char *heap, size_t size);
 int mtk_drm_gem_dumb_create(struct drm_file *file_priv, struct drm_device *dev,
 			    struct drm_mode_create_dumb *args);
 struct sg_table *mtk_gem_prime_get_sg_table(struct drm_gem_object *obj);
-- 
2.18.0

[PATCH v2 04/11] drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane

[Jason-JH.Lin]

Add is_sec flag to identify current mtk_drm_plane is secure.
Add mtk_plane_is_sec_fb() to check current drm_framebuffer is secure.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_plane.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
index 99aff7da0831..fe60e20a6e1c 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
@@ -33,6 +33,7 @@ struct mtk_plane_pending_state {
 	bool				async_dirty;
 	bool				async_config;
 	enum drm_color_encoding		color_encoding;
+	bool				is_sec;
 };
 
 struct mtk_plane_state {
@@ -46,6 +47,7 @@ to_mtk_plane_state(struct drm_plane_state *state)
 	return container_of(state, struct mtk_plane_state, base);
 }
 
+bool mtk_plane_fb_is_secure(struct drm_framebuffer *fb);
 int mtk_plane_init(struct drm_device *dev, struct drm_plane *plane,
 		   unsigned long possible_crtcs, enum drm_plane_type type,
 		   unsigned int supported_rotations, const u32 *formats,
-- 
2.18.0

[PATCH v2 05/11] drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info

[Jason-JH.Lin]

Add mtk_ddp_sec_write to configure secure buffer information to
cmdq secure packet data.
Then secure cmdq driver will use these information to configure
curresponding secure DRAM address to HW overlay in secure world.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 12 ++++++++++++
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
index 771f4e173353..3dca936b9143 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
@@ -111,6 +111,18 @@ void mtk_ddp_write_mask(struct cmdq_pkt *cmdq_pkt, unsigned int value,
 #endif
 }
 
+void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64 base,
+		       const enum cmdq_iwc_addr_metadata_type type,
+		       const u32 offset, const u32 size, const u32 port)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+	/* secure buffer will be 4K alignment */
+	if (cmdq_pkt)
+		cmdq_sec_pkt_write(cmdq_pkt, addr, base, type,
+				   offset, ALIGN(size, PAGE_SIZE), port);
+#endif
+}
+
 static int mtk_ddp_clk_enable(struct device *dev)
 {
 	struct mtk_ddp_comp_dev *priv = dev_get_drvdata(dev);
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
index febcaeef16a1..239a65140352 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
@@ -7,6 +7,7 @@
 #define MTK_DRM_DDP_COMP_H
 
 #include <linux/io.h>
+#include <linux/mailbox/mtk-cmdq-sec-mailbox.h>
 #include <linux/soc/mediatek/mtk-cmdq.h>
 #include <linux/soc/mediatek/mtk-mmsys.h>
 #include <linux/soc/mediatek/mtk-mutex.h>
@@ -291,4 +292,7 @@ void mtk_ddp_write_relaxed(struct cmdq_pkt *cmdq_pkt, unsigned int value,
 void mtk_ddp_write_mask(struct cmdq_pkt *cmdq_pkt, unsigned int value,
 			struct cmdq_client_reg *cmdq_reg, void __iomem *regs,
 			unsigned int offset, unsigned int mask);
+void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64 base,
+		       const enum cmdq_iwc_addr_metadata_type type,
+		       const u32 offset, const u32 size, const u32 port);
 #endif /* MTK_DRM_DDP_COMP_H */
-- 
2.18.0

[PATCH v2 06/11] drm/mediatek: Add get_sec_port interface to mtk_ddp_comp

[Jason-JH.Lin]

Add get_sec_port interface to ddp_comp to get the secure port settings
from ovl and ovl_adaptor.
Then mediatek-drm will use secure cmdq driver to configure DRAM access
permission in secure world by their secure port settings.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
index 239a65140352..5831ad343e4f 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h
@@ -81,6 +81,7 @@ struct mtk_ddp_comp_funcs {
 	void (*disconnect)(struct device *dev, struct device *mmsys_dev, unsigned int next);
 	void (*add)(struct device *dev, struct mtk_mutex *mutex);
 	void (*remove)(struct device *dev, struct mtk_mutex *mutex);
+	u64 (*get_sec_port)(struct mtk_ddp_comp *comp, unsigned int idx);
 };
 
 struct mtk_ddp_comp {
@@ -187,6 +188,14 @@ static inline void mtk_ddp_comp_layer_config(struct mtk_ddp_comp *comp,
 		comp->funcs->layer_config(comp->dev, idx, state, cmdq_pkt);
 }
 
+static inline u64 mtk_ddp_comp_layer_get_sec_port(struct mtk_ddp_comp *comp,
+						  unsigned int idx)
+{
+	if (comp->funcs && comp->funcs->get_sec_port)
+		return comp->funcs->get_sec_port(comp, idx);
+	return 0;
+}
+
 static inline void mtk_ddp_gamma_set(struct mtk_ddp_comp *comp,
 				     struct drm_crtc_state *state)
 {
-- 
2.18.0

[PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[Jason-JH.Lin]

Add secure layer config support for ovl.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
 drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31 +++++++++++++++++--
 .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
 4 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
index 2254038519e1..dec937b183a8 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
+++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
@@ -9,6 +9,7 @@
 #include <linux/soc/mediatek/mtk-cmdq.h>
 #include <linux/soc/mediatek/mtk-mmsys.h>
 #include <linux/soc/mediatek/mtk-mutex.h>
+#include "mtk_drm_ddp_comp.h"
 #include "mtk_drm_plane.h"
 #include "mtk_mdp_rdma.h"
 
@@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
 void mtk_ovl_config(struct device *dev, unsigned int w,
 		    unsigned int h, unsigned int vrefresh,
 		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
+u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx);
 int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
 			struct mtk_plane_state *mtk_state);
 void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
@@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device *dev);
 void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
 			    unsigned int h, unsigned int vrefresh,
 			    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
+u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx);
 void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int idx,
 				  struct mtk_plane_state *state,
 				  struct cmdq_pkt *cmdq_pkt);
diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
index 2bffe4245466..76e832e4875a 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
+++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
@@ -46,6 +46,7 @@
 #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr + 0x20 * (n))
 #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data->addr + 0x20 * (n) + 0x04)
 #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data->addr + 0x20 * (n) + 0x08)
+#define DISP_REG_OVL_SECURE			0x0fc0
 
 #define GMC_THRESHOLD_BITS	16
 #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
@@ -126,8 +127,19 @@ struct mtk_disp_ovl {
 	const struct mtk_disp_ovl_data	*data;
 	void				(*vblank_cb)(void *data);
 	void				*vblank_cb_data;
+	resource_size_t			regs_pa;
 };
 
+u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx)
+{
+	if (comp->id == DDP_COMPONENT_OVL0)
+		return 1ULL << CMDQ_SEC_DISP_OVL0;
+	else if (comp->id == DDP_COMPONENT_OVL1)
+		return 1ULL << CMDQ_SEC_DISP_OVL1;
+
+	return 0;
+}
+
 static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
 {
 	struct mtk_disp_ovl *priv = dev_id;
@@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
 			      DISP_REG_OVL_SRC_SIZE(idx));
 	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl->regs,
 			      DISP_REG_OVL_OFFSET(idx));
-	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
-			      DISP_REG_OVL_ADDR(ovl, idx));
+
+	if (state->pending.is_sec) {
+		const struct drm_format_info *fmt_info = drm_format_info(fmt);
+		unsigned int buf_size = (pending->height - 1) * pending->pitch +
+					pending->width * fmt_info->cpp[0];
+
+		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg, ovl->regs,
+				   DISP_REG_OVL_SECURE, BIT(idx));
+		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa + DISP_REG_OVL_ADDR(ovl, idx),
+				  pending->addr, CMDQ_IWC_H_2_MVA, 0, buf_size, 0);
+	} else {
+		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl->regs,
+				   DISP_REG_OVL_SECURE, BIT(idx));
+		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
+				      DISP_REG_OVL_ADDR(ovl, idx));
+	}
 
 	if (is_afbc) {
 		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl->cmdq_reg, ovl->regs,
@@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev)
 	}
 
 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+	priv->regs_pa = res->start;
 	priv->regs = devm_ioremap_resource(dev, res);
 	if (IS_ERR(priv->regs)) {
 		dev_err(dev, "failed to ioremap ovl\n");
diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
index 6bf6367853fb..28a0bccfb0b9 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
+++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
@@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match comp_matches[OVL_ADAPTOR_ID_MAX] = {
 	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
 };
 
+static const u64 ovl_adaptor_sec_port[] = {
+	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,
+	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L1,
+	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L2,
+	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L3,
+};
+
+u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx)
+{
+	return ovl_adaptor_sec_port[idx];
+}
+
 void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int idx,
 				  struct mtk_plane_state *state,
 				  struct cmdq_pkt *cmdq_pkt)
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
index 3dca936b9143..eec3a1cc2ed4 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
@@ -373,6 +373,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl = {
 	.bgclr_in_off = mtk_ovl_bgclr_in_off,
 	.get_formats = mtk_ovl_get_formats,
 	.get_num_formats = mtk_ovl_get_num_formats,
+	.get_sec_port = mtk_ovl_get_sec_port,
 };
 
 static const struct mtk_ddp_comp_funcs ddp_postmask = {
@@ -424,6 +425,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl_adaptor = {
 	.remove = mtk_ovl_adaptor_remove_comp,
 	.get_formats = mtk_ovl_adaptor_get_formats,
 	.get_num_formats = mtk_ovl_adaptor_get_num_formats,
+	.get_sec_port = mtk_ovl_adaptor_get_sec_port,
 };
 
 static const char * const mtk_ddp_comp_stem[MTK_DDP_COMP_TYPE_MAX] = {
-- 
2.18.0

[PATCH v2 08/11] drm/mediatek: Add secure layer config support for ovl_adaptor

[Jason-JH.Lin]

Add secure layer config support for ovl_adaptor and sub driver mdp_rdma.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c |  3 +++
 drivers/gpu/drm/mediatek/mtk_mdp_rdma.c         | 11 ++++++++---
 drivers/gpu/drm/mediatek/mtk_mdp_rdma.h         |  2 ++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
index 28a0bccfb0b9..274961222672 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
+++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
@@ -153,6 +153,9 @@ void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int idx,
 	rdma_config.pitch = pending->pitch;
 	rdma_config.fmt = pending->format;
 	rdma_config.color_encoding = pending->color_encoding;
+	rdma_config.source_size = (pending->height - 1) * pending->pitch +
+				  pending->width * fmt_info->cpp[0];
+	rdma_config.is_sec = state->pending.is_sec;
 	mtk_mdp_rdma_config(rdma_l, &rdma_config, cmdq_pkt);
 
 	if (use_dual_pipe) {
diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
index c3adaeefd551..1c4798e3bbc3 100644
--- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
+++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
@@ -94,6 +94,7 @@ struct mtk_mdp_rdma {
 	void __iomem		*regs;
 	struct clk		*clk;
 	struct cmdq_client_reg	cmdq_reg;
+	resource_size_t		regs_pa;
 };
 
 static unsigned int rdma_fmt_convert(unsigned int fmt)
@@ -198,9 +199,12 @@ void mtk_mdp_rdma_config(struct device *dev, struct mtk_mdp_rdma_cfg *cfg,
 	else
 		mtk_ddp_write_mask(cmdq_pkt, 0, &priv->cmdq_reg, priv->regs,
 				   MDP_RDMA_SRC_CON, FLD_OUTPUT_ARGB);
-
-	mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv->cmdq_reg, priv->regs,
-			   MDP_RDMA_SRC_BASE_0, FLD_SRC_BASE_0);
+	if (cfg->is_sec)
+		mtk_ddp_sec_write(cmdq_pkt, priv->regs_pa + MDP_RDMA_SRC_BASE_0,
+				  cfg->addr0, CMDQ_IWC_H_2_MVA, 0, cfg->source_size, 0);
+	else
+		mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv->cmdq_reg, priv->regs,
+				   MDP_RDMA_SRC_BASE_0, FLD_SRC_BASE_0);
 
 	mtk_ddp_write_mask(cmdq_pkt, src_pitch_y, &priv->cmdq_reg, priv->regs,
 			   MDP_RDMA_MF_BKGD_SIZE_IN_BYTE, FLD_MF_BKGD_WB);
@@ -285,6 +289,7 @@ static int mtk_mdp_rdma_probe(struct platform_device *pdev)
 		return -ENOMEM;
 
 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+	priv->regs_pa = res->start;
 	priv->regs = devm_ioremap_resource(dev, res);
 	if (IS_ERR(priv->regs)) {
 		dev_err(dev, "failed to ioremap rdma\n");
diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
index 9943ee3aac31..9add18e96319 100644
--- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
+++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
@@ -15,6 +15,8 @@ struct mtk_mdp_rdma_cfg {
 	unsigned int	y_top;
 	int		fmt;
 	int		color_encoding;
+	unsigned int	source_size;
+	unsigned int	is_sec;
 };
 
 #endif // __MTK_MDP_RDMA_H__
-- 
2.18.0

[PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[Jason-JH.Lin]

To add secure flow support for mediatek-drm, each crtc have to
create a secure cmdq mailbox channel. Then cmdq packets with
display HW configuration will be sent to secure cmdq mailbox channel
and configured in the secure world.

Each crtc have to use secure cmdq interface to configure some secure
settings for display HW before sending cmdq packets to secure cmdq
mailbox channel.

If any of fb get from current drm_atomic_state is secure, then crtc
will switch to the secure flow to configure display HW.
If all fbs are not secure in current drm_atomic_state, then crtc will
switch to the normal flow.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272 ++++++++++++++++++++++-
 drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
 drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
 3 files changed, 269 insertions(+), 11 deletions(-)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
index b6fa4ad2f94d..6c2cf339b923 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
@@ -56,6 +56,11 @@ struct mtk_drm_crtc {
 	u32				cmdq_event;
 	u32				cmdq_vblank_cnt;
 	wait_queue_head_t		cb_blocking_queue;
+
+	struct cmdq_client		sec_cmdq_client;
+	struct cmdq_pkt			sec_cmdq_handle;
+	bool				sec_cmdq_working;
+	wait_queue_head_t		sec_cb_blocking_queue;
 #endif
 
 	struct device			*mmsys_dev;
@@ -67,6 +72,7 @@ struct mtk_drm_crtc {
 	/* lock for display hardware access */
 	struct mutex			hw_lock;
 	bool				config_updating;
+	bool				sec_on;
 };
 
 struct mtk_crtc_state {
@@ -109,6 +115,154 @@ static void mtk_drm_finish_page_flip(struct mtk_drm_crtc *mtk_crtc)
 	}
 }
 
+void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
+	int i;
+	struct mtk_ddp_comp *ddp_first_comp;
+	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
+	u64 sec_engine = 0; /* for hw engine write output secure fb */
+	u64 sec_port = 0; /* for larb port read input secure fb */
+
+	mutex_lock(&mtk_crtc->hw_lock);
+
+	if (!mtk_crtc->sec_cmdq_client.chan) {
+		pr_err("crtc-%d secure mbox channel is NULL\n", drm_crtc_index(crtc));
+		goto err;
+	}
+
+	if (!mtk_crtc->sec_on) {
+		pr_debug("crtc-%d is already disabled!\n", drm_crtc_index(crtc));
+		goto err;
+	}
+
+	mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
+	mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
+
+	if (mtk_crtc->sec_cmdq_handle.sec_data) {
+		struct cmdq_sec_data *sec_data;
+
+		sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
+		sec_data->addrMetadataCount = 0;
+		sec_data->addrMetadatas = (uintptr_t)NULL;
+	}
+
+	/*
+	 * Secure path only support DL mode, so we just wait
+	 * the first path frame done here
+	 */
+	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event, false);
+
+	ddp_first_comp = mtk_crtc->ddp_comp[0];
+	for (i = 0; i < mtk_crtc->layer_nr; i++) {
+		struct drm_plane *plane = &mtk_crtc->planes[i];
+
+		sec_port |= mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
+
+		/* make sure secure layer off before switching secure state */
+		if (!mtk_plane_fb_is_secure(plane->state->fb)) {
+			struct mtk_plane_state *plane_state = to_mtk_plane_state(plane->state);
+
+			plane_state->pending.enable = false;
+			mtk_ddp_comp_layer_config(ddp_first_comp, i, plane_state,
+						  &mtk_crtc->sec_cmdq_handle);
+		}
+	}
+
+	/* Disable secure path */
+	if (drm_crtc_index(crtc) == 0)
+		sec_scn = CMDQ_SEC_PRIMARY_DISP_DISABLE;
+	else if (drm_crtc_index(crtc) == 1)
+		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
+
+	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_engine, sec_scn);
+
+	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
+	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan->mbox->dev,
+				   mtk_crtc->sec_cmdq_handle.pa_base,
+				   mtk_crtc->sec_cmdq_handle.cmd_buf_size,
+				   DMA_TO_DEVICE);
+
+	mtk_crtc->sec_cmdq_working = true;
+	mbox_send_message(mtk_crtc->sec_cmdq_client.chan, &mtk_crtc->sec_cmdq_handle);
+	mbox_client_txdone(mtk_crtc->sec_cmdq_client.chan, 0);
+
+	// Wait for sec state to be disabled by cmdq
+	wait_event_timeout(mtk_crtc->sec_cb_blocking_queue,
+			   !mtk_crtc->sec_cmdq_working,
+			   msecs_to_jiffies(500));
+
+	mtk_crtc->sec_on = false;
+	pr_debug("crtc-%d disable secure plane!\n", drm_crtc_index(crtc));
+
+err:
+	mutex_unlock(&mtk_crtc->hw_lock);
+#endif
+}
+
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
+{
+	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
+	int i;
+	struct mtk_ddp_comp *ddp_first_comp;
+	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
+	u64 sec_engine = 0; /* for hw engine write output secure fb */
+	u64 sec_port = 0; /* for larb port read input secure fb */
+
+	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event, false);
+
+	ddp_first_comp = mtk_crtc->ddp_comp[0];
+	for (i = 0; i < mtk_crtc->layer_nr; i++)
+		if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
+			sec_port |= mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
+
+	if (drm_crtc_index(crtc) == 0)
+		sec_scn = CMDQ_SEC_PRIMARY_DISP;
+	else if (drm_crtc_index(crtc) == 1)
+		sec_scn = CMDQ_SEC_SUB_DISP;
+
+	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_port, sec_scn);
+
+	pr_debug("crtc-%d enable secure plane!\n", drm_crtc_index(crtc));
+}
+#endif
+
+static void mtk_drm_crtc_plane_switch_sec_state(struct drm_crtc *crtc,
+						struct drm_atomic_state *state)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+	bool sec_on[MAX_CRTC] = {0};
+	int i;
+	struct drm_crtc_state *crtc_state;
+	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
+	struct drm_plane *plane;
+	struct drm_plane_state *old_plane_state;
+
+	for_each_old_plane_in_state(state, plane, old_plane_state, i) {
+		if (!plane->state->crtc)
+			continue;
+
+		if (plane->state->fb &&
+		    mtk_plane_fb_is_secure(plane->state->fb) &&
+		    mtk_crtc->sec_cmdq_client.chan)
+			sec_on[drm_crtc_index(plane->state->crtc)] = true;
+	}
+
+	for_each_old_crtc_in_state(state, crtc, crtc_state, i) {
+		mtk_crtc = to_mtk_crtc(crtc);
+
+		if (!sec_on[i])
+			mtk_crtc_disable_secure_state(crtc);
+
+		mutex_lock(&mtk_crtc->hw_lock);
+		mtk_crtc->sec_on = true;
+		mutex_unlock(&mtk_crtc->hw_lock);
+	}
+#endif
+}
+
 #if IS_REACHABLE(CONFIG_MTK_CMDQ)
 static int mtk_drm_cmdq_pkt_create(struct cmdq_client *client, struct cmdq_pkt *pkt,
 				   size_t size)
@@ -144,22 +298,33 @@ static void mtk_drm_cmdq_pkt_destroy(struct cmdq_pkt *pkt)
 	dma_unmap_single(client->chan->mbox->dev, pkt->pa_base, pkt->buf_size,
 			 DMA_TO_DEVICE);
 	kfree(pkt->va_base);
+	kfree(pkt->sec_data);
 }
 #endif
 
 static void mtk_drm_crtc_destroy(struct drm_crtc *crtc)
 {
 	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
+	struct mtk_drm_private *priv = crtc->dev->dev_private;
 	int i;
 
+	priv = priv->all_drm_private[drm_crtc_index(crtc)];
+
 	mtk_mutex_put(mtk_crtc->mutex);
 #if IS_REACHABLE(CONFIG_MTK_CMDQ)
 	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->cmdq_handle);
+	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->sec_cmdq_handle);
 
 	if (mtk_crtc->cmdq_client.chan) {
 		mbox_free_channel(mtk_crtc->cmdq_client.chan);
 		mtk_crtc->cmdq_client.chan = NULL;
 	}
+
+	if (mtk_crtc->sec_cmdq_client.chan) {
+		device_link_remove(priv->dev, mtk_crtc->sec_cmdq_client.chan->mbox->dev);
+		mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
+		mtk_crtc->sec_cmdq_client.chan = NULL;
+	}
 #endif
 
 	for (i = 0; i < mtk_crtc->ddp_comp_nr; i++) {
@@ -286,13 +451,18 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
 {
 	struct cmdq_cb_data *data = mssg;
 	struct cmdq_client *cmdq_cl = container_of(cl, struct cmdq_client, client);
-	struct mtk_drm_crtc *mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc, cmdq_client);
+	struct mtk_drm_crtc *mtk_crtc;
 	struct mtk_crtc_state *state;
 	unsigned int i;
 
 	if (data->sta < 0)
 		return;
 
+	if (!data->pkt || !data->pkt->sec_data)
+		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc, cmdq_client);
+	else
+		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc, sec_cmdq_client);
+
 	state = to_mtk_crtc_state(mtk_crtc->base.state);
 
 	state->pending_config = false;
@@ -321,6 +491,11 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
 		mtk_crtc->pending_async_planes = false;
 	}
 
+	if (mtk_crtc->sec_cmdq_working) {
+		mtk_crtc->sec_cmdq_working = false;
+		wake_up(&mtk_crtc->sec_cb_blocking_queue);
+	}
+
 	mtk_crtc->cmdq_vblank_cnt = 0;
 	wake_up(&mtk_crtc->cb_blocking_queue);
 }
@@ -544,7 +719,8 @@ static void mtk_drm_crtc_update_config(struct mtk_drm_crtc *mtk_crtc,
 				       bool needs_vblank)
 {
 #if IS_REACHABLE(CONFIG_MTK_CMDQ)
-	struct cmdq_pkt *cmdq_handle = &mtk_crtc->cmdq_handle;
+	struct cmdq_client cmdq_client;
+	struct cmdq_pkt *cmdq_handle;
 #endif
 	struct drm_crtc *crtc = &mtk_crtc->base;
 	struct mtk_drm_private *priv = crtc->dev->dev_private;
@@ -582,14 +758,36 @@ static void mtk_drm_crtc_update_config(struct mtk_drm_crtc *mtk_crtc,
 		mtk_mutex_release(mtk_crtc->mutex);
 	}
 #if IS_REACHABLE(CONFIG_MTK_CMDQ)
-	if (mtk_crtc->cmdq_client.chan) {
+	if (mtk_crtc->sec_on) {
+		mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
+		mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
+
+		if (mtk_crtc->sec_cmdq_handle.sec_data) {
+			struct cmdq_sec_data *sec_data;
+
+			sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
+			sec_data->addrMetadataCount = 0;
+			sec_data->addrMetadatas = (uintptr_t)NULL;
+		}
+
+		mtk_crtc_enable_secure_state(crtc);
+
+		cmdq_client = mtk_crtc->sec_cmdq_client;
+		cmdq_handle = &mtk_crtc->sec_cmdq_handle;
+	} else if (mtk_crtc->cmdq_client.chan) {
 		mbox_flush(mtk_crtc->cmdq_client.chan, 2000);
-		cmdq_handle->cmd_buf_size = 0;
+		mtk_crtc->cmdq_handle.cmd_buf_size = 0;
+
+		cmdq_client =  mtk_crtc->cmdq_client;
+		cmdq_handle = &mtk_crtc->cmdq_handle;
+	}
+
+	if (cmdq_client.chan) {
 		cmdq_pkt_clear_event(cmdq_handle, mtk_crtc->cmdq_event);
 		cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
 		mtk_crtc_ddp_config(crtc, cmdq_handle);
 		cmdq_pkt_finalize(cmdq_handle);
-		dma_sync_single_for_device(mtk_crtc->cmdq_client.chan->mbox->dev,
+		dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
 					   cmdq_handle->pa_base,
 					   cmdq_handle->cmd_buf_size,
 					   DMA_TO_DEVICE);
@@ -602,8 +800,8 @@ static void mtk_drm_crtc_update_config(struct mtk_drm_crtc *mtk_crtc,
 		 */
 		mtk_crtc->cmdq_vblank_cnt = 3;
 
-		mbox_send_message(mtk_crtc->cmdq_client.chan, cmdq_handle);
-		mbox_client_txdone(mtk_crtc->cmdq_client.chan, 0);
+		mbox_send_message(cmdq_client.chan, cmdq_handle);
+		mbox_client_txdone(cmdq_client.chan, 0);
 	}
 #endif
 	mtk_crtc->config_updating = false;
@@ -706,6 +904,8 @@ static void mtk_drm_crtc_atomic_disable(struct drm_crtc *crtc,
 	if (!mtk_crtc->enabled)
 		return;
 
+	mtk_crtc_disable_secure_state(crtc);
+
 	/* Set all pending plane state to disabled */
 	for (i = 0; i < mtk_crtc->layer_nr; i++) {
 		struct drm_plane *plane = &mtk_crtc->planes[i];
@@ -745,6 +945,8 @@ static void mtk_drm_crtc_atomic_begin(struct drm_crtc *crtc,
 	struct mtk_crtc_state *mtk_crtc_state = to_mtk_crtc_state(crtc_state);
 	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
 
+	mtk_drm_crtc_plane_switch_sec_state(crtc, state);
+
 	if (mtk_crtc->event && mtk_crtc_state->base.event)
 		DRM_ERROR("new event while there is still a pending event\n");
 
@@ -1020,8 +1222,7 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
 		if (ret) {
 			dev_dbg(dev, "mtk_crtc %d failed to get mediatek,gce-events property\n",
 				drm_crtc_index(&mtk_crtc->base));
-			mbox_free_channel(mtk_crtc->cmdq_client.chan);
-			mtk_crtc->cmdq_client.chan = NULL;
+			goto cmdq_err;
 		} else {
 			ret = mtk_drm_cmdq_pkt_create(&mtk_crtc->cmdq_client,
 						      &mtk_crtc->cmdq_handle,
@@ -1029,14 +1230,63 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
 			if (ret) {
 				dev_dbg(dev, "mtk_crtc %d failed to create cmdq packet\n",
 					drm_crtc_index(&mtk_crtc->base));
-				mbox_free_channel(mtk_crtc->cmdq_client.chan);
-				mtk_crtc->cmdq_client.chan = NULL;
+				goto cmdq_err;
 			}
 		}
 
 		/* for sending blocking cmd in crtc disable */
 		init_waitqueue_head(&mtk_crtc->cb_blocking_queue);
 	}
+
+	mtk_crtc->sec_cmdq_client.client.dev = mtk_crtc->mmsys_dev;
+	mtk_crtc->sec_cmdq_client.client.tx_block = false;
+	mtk_crtc->sec_cmdq_client.client.knows_txdone = true;
+	mtk_crtc->sec_cmdq_client.client.rx_callback = ddp_cmdq_cb;
+	mtk_crtc->sec_cmdq_client.chan =
+			mbox_request_channel(&mtk_crtc->sec_cmdq_client.client, i + 1);
+	if (IS_ERR(mtk_crtc->sec_cmdq_client.chan)) {
+		dev_err(dev, "mtk_crtc %d failed to create sec mailbox client\n",
+			drm_crtc_index(&mtk_crtc->base));
+		mtk_crtc->sec_cmdq_client.chan = NULL;
+	}
+
+	if (mtk_crtc->sec_cmdq_client.chan) {
+		struct device_link *link;
+
+		/* add devlink to cmdq dev to make sure suspend/resume order is correct */
+		link = device_link_add(priv->dev, mtk_crtc->sec_cmdq_client.chan->mbox->dev,
+				       DL_FLAG_PM_RUNTIME | DL_FLAG_STATELESS);
+		if (!link) {
+			dev_err(priv->dev, "Unable to link dev=%s\n",
+				dev_name(mtk_crtc->sec_cmdq_client.chan->mbox->dev));
+			ret = -ENODEV;
+			goto cmdq_err;
+		}
+
+		ret = mtk_drm_cmdq_pkt_create(&mtk_crtc->sec_cmdq_client,
+					      &mtk_crtc->sec_cmdq_handle,
+					      PAGE_SIZE);
+		if (ret) {
+			dev_dbg(dev, "mtk_crtc %d failed to create cmdq secure packet\n",
+				drm_crtc_index(&mtk_crtc->base));
+			goto cmdq_err;
+		}
+
+		/* for sending blocking cmd in crtc disable */
+		init_waitqueue_head(&mtk_crtc->sec_cb_blocking_queue);
+	}
+
+cmdq_err:
+	if (ret) {
+		if (mtk_crtc->cmdq_client.chan) {
+			mbox_free_channel(mtk_crtc->cmdq_client.chan);
+			mtk_crtc->cmdq_client.chan = NULL;
+		}
+		if (mtk_crtc->sec_cmdq_client.chan) {
+			mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
+			mtk_crtc->sec_cmdq_client.chan = NULL;
+		}
+	}
 #endif
 	return 0;
 }
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
index 3e9046993d09..ff7f81fa6184 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
+++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
@@ -19,6 +19,7 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
 			const unsigned int *path,
 			unsigned int path_len,
 			int priv_data_index);
+void mtk_crtc_disable_secure_state(struct drm_crtc *crtc);
 int mtk_drm_crtc_plane_check(struct drm_crtc *crtc, struct drm_plane *plane,
 			     struct mtk_plane_state *state);
 void mtk_drm_crtc_async_update(struct drm_crtc *crtc, struct drm_plane *plane,
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
index db2f70ae060d..89b5a4e87548 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
@@ -265,6 +265,13 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane,
 	mtk_plane_state->pending.enable = false;
 	wmb(); /* Make sure the above parameter is set before update */
 	mtk_plane_state->pending.dirty = true;
+
+	if (mtk_plane_state->pending.is_sec) {
+		struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, plane);
+
+		if (old_state->crtc)
+			mtk_crtc_disable_secure_state(old_state->crtc);
+	}
 }
 
 static void mtk_plane_atomic_update(struct drm_plane *plane,
-- 
2.18.0

[PATCH v2 10/11] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize

[Jason-JH.Lin]

Add cmdq_insert_backup_cookie to append some commands before EOC:
1. Get GCE HW thread execute count from the GCE HW register.
2. Add 1 to the execute count and then store into a shared memory.
3. Set a software event siganl as secure irq to GCE HW.

Since the value of execute count + 1 is stored in a shared memory,
CMDQ driver in the normal world can use it to handle task done in irq
handler and CMDQ driver in the secure world will use it to schedule
the task slot for each secure thread.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
index 6c2cf339b923..399aa6bb2f8d 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
@@ -177,7 +177,7 @@ void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
 		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
 
 	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_engine, sec_scn);
-
+	cmdq_sec_insert_backup_cookie(&mtk_crtc->sec_cmdq_handle);
 	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
 	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan->mbox->dev,
 				   mtk_crtc->sec_cmdq_handle.pa_base,
@@ -786,6 +786,8 @@ static void mtk_drm_crtc_update_config(struct mtk_drm_crtc *mtk_crtc,
 		cmdq_pkt_clear_event(cmdq_handle, mtk_crtc->cmdq_event);
 		cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
 		mtk_crtc_ddp_config(crtc, cmdq_handle);
+		if (cmdq_handle->sec_data)
+			cmdq_sec_insert_backup_cookie(cmdq_handle);
 		cmdq_pkt_finalize(cmdq_handle);
 		dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
 					   cmdq_handle->pa_base,
-- 
2.18.0

[PATCH v2 11/11] arm64: dts: mt8195: Add secure mbox settings for vdosys

[Jason-JH.Lin]

Add a secure mailbox channel to support secure video path on
vdosys0 and vdosys1.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
---
 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/boot/dts/mediatek/mt8195.dtsi b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
index 42f9fdf696fe..d14113c89a9b 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
@@ -2619,7 +2619,8 @@
 		vdosys0: syscon@1c01a000 {
 			compatible = "mediatek,mt8195-vdosys0", "mediatek,mt8195-mmsys", "syscon";
 			reg = <0 0x1c01a000 0 0x1000>;
-			mboxes = <&gce0 0 CMDQ_THR_PRIO_4>;
+			mboxes = <&gce0 0 CMDQ_THR_PRIO_4>,
+				 <&gce0 8 CMDQ_THR_PRIO_4>; /* secure mbox */
 			#clock-cells = <1>;
 		};
 
@@ -2804,7 +2805,8 @@
 		vdosys1: syscon@1c100000 {
 			compatible = "mediatek,mt8195-vdosys1", "syscon";
 			reg = <0 0x1c100000 0 0x1000>;
-			mboxes = <&gce0 1 CMDQ_THR_PRIO_4>;
+			mboxes = <&gce0 1 CMDQ_THR_PRIO_4>,
+				 <&gce0 9 CMDQ_THR_PRIO_4>; /* secure mbox */;
 			mediatek,gce-client-reg = <&gce0 SUBSYS_1c10XXXX 0x0000 0x1000>;
 			#clock-cells = <1>;
 			#reset-cells = <1>;
-- 
2.18.0

Re: [PATCH v2 04/11] drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 2810 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1291 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> Add is_sec flag to identify current mtk_drm_plane is secure.
> Add mtk_plane_is_sec_fb() to check current drm_framebuffer is secure.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_plane.h | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> index 99aff7da0831..fe60e20a6e1c 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> @@ -33,6 +33,7 @@ struct mtk_plane_pending_state {
>  	bool				async_dirty;
>  	bool				async_config;
>  	enum drm_color_encoding		color_encoding;
> +	bool				is_sec;

Where do you set this flag?

Regards,
CK

>  };
>  
>  struct mtk_plane_state {
> @@ -46,6 +47,7 @@ to_mtk_plane_state(struct drm_plane_state *state)
>  	return container_of(state, struct mtk_plane_state, base);
>  }
>  
> +bool mtk_plane_fb_is_secure(struct drm_framebuffer *fb);
>  int mtk_plane_init(struct drm_device *dev, struct drm_plane *plane,
>  		   unsigned long possible_crtcs, enum drm_plane_type
> type,
>  		   unsigned int supported_rotations, const u32
> *formats,

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 26732 bytes --]

[-- Attachment #2: Type: text/plain, Size: 17387 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> To add secure flow support for mediatek-drm, each crtc have to
> create a secure cmdq mailbox channel. Then cmdq packets with
> display HW configuration will be sent to secure cmdq mailbox channel
> and configured in the secure world.
> 
> Each crtc have to use secure cmdq interface to configure some secure
> settings for display HW before sending cmdq packets to secure cmdq
> mailbox channel.
> 
> If any of fb get from current drm_atomic_state is secure, then crtc
> will switch to the secure flow to configure display HW.
> If all fbs are not secure in current drm_atomic_state, then crtc will
> switch to the normal flow.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> ++++++++++++++++++++++-
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
>  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
>  3 files changed, 269 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> index b6fa4ad2f94d..6c2cf339b923 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> @@ -56,6 +56,11 @@ struct mtk_drm_crtc {
>  	u32				cmdq_event;
>  	u32				cmdq_vblank_cnt;
>  	wait_queue_head_t		cb_blocking_queue;
> +
> +	struct cmdq_client		sec_cmdq_client;
> +	struct cmdq_pkt			sec_cmdq_handle;
> +	bool				sec_cmdq_working;
> +	wait_queue_head_t		sec_cb_blocking_queue;
>  #endif
>  
>  	struct device			*mmsys_dev;
> @@ -67,6 +72,7 @@ struct mtk_drm_crtc {
>  	/* lock for display hardware access */
>  	struct mutex			hw_lock;
>  	bool				config_updating;
> +	bool				sec_on;
>  };
>  
>  struct mtk_crtc_state {
> @@ -109,6 +115,154 @@ static void mtk_drm_finish_page_flip(struct
> mtk_drm_crtc *mtk_crtc)
>  	}
>  }
>  
> +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
> +{
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> +	int i;
> +	struct mtk_ddp_comp *ddp_first_comp;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> +	u64 sec_port = 0; /* for larb port read input secure fb */
> +
> +	mutex_lock(&mtk_crtc->hw_lock);
> +
> +	if (!mtk_crtc->sec_cmdq_client.chan) {
> +		pr_err("crtc-%d secure mbox channel is NULL\n",
> drm_crtc_index(crtc));
> +		goto err;
> +	}
> +
> +	if (!mtk_crtc->sec_on) {
> +		pr_debug("crtc-%d is already disabled!\n",
> drm_crtc_index(crtc));
> +		goto err;
> +	}
> +
> +	mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> +	mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> +
> +	if (mtk_crtc->sec_cmdq_handle.sec_data) {
> +		struct cmdq_sec_data *sec_data;
> +
> +		sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> +		sec_data->addrMetadataCount = 0;
> +		sec_data->addrMetadatas = (uintptr_t)NULL;
> +	}
> +
> +	/*
> +	 * Secure path only support DL mode, so we just wait
> +	 * the first path frame done here
> +	 */
> +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> false);
> +
> +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> +	for (i = 0; i < mtk_crtc->layer_nr; i++) {
> +		struct drm_plane *plane = &mtk_crtc->planes[i];
> +
> +		sec_port |=
> mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> +
> +		/* make sure secure layer off before switching secure
> state */
> +		if (!mtk_plane_fb_is_secure(plane->state->fb)) {
> +			struct mtk_plane_state *plane_state =
> to_mtk_plane_state(plane->state);
> +
> +			plane_state->pending.enable = false;
> +			mtk_ddp_comp_layer_config(ddp_first_comp, i,
> plane_state,
> +						  &mtk_crtc-
> >sec_cmdq_handle);

You disable layer here and disable secure path in
cmdq_sec_pkt_set_data() later. But this is real world and could be
hacked by hacker. If hacker do not disable layer here but disable
secure path in cmdq_sec_pkt_set_data() later, the hardware would keep
reading secure buffer and path is not secure? That means video could
output to HDMI without HDCP?

Regards,
CK 

> +		}
> +	}
> +
> +	/* Disable secure path */
> +	if (drm_crtc_index(crtc) == 0)
> +		sec_scn = CMDQ_SEC_PRIMARY_DISP_DISABLE;
> +	else if (drm_crtc_index(crtc) == 1)
> +		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
> +
> +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> sec_engine, sec_scn);
> +
> +	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
> +	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan-
> >mbox->dev,
> +				   mtk_crtc->sec_cmdq_handle.pa_base,
> +				   mtk_crtc-
> >sec_cmdq_handle.cmd_buf_size,
> +				   DMA_TO_DEVICE);
> +
> +	mtk_crtc->sec_cmdq_working = true;
> +	mbox_send_message(mtk_crtc->sec_cmdq_client.chan, &mtk_crtc-
> >sec_cmdq_handle);
> +	mbox_client_txdone(mtk_crtc->sec_cmdq_client.chan, 0);
> +
> +	// Wait for sec state to be disabled by cmdq
> +	wait_event_timeout(mtk_crtc->sec_cb_blocking_queue,
> +			   !mtk_crtc->sec_cmdq_working,
> +			   msecs_to_jiffies(500));
> +
> +	mtk_crtc->sec_on = false;
> +	pr_debug("crtc-%d disable secure plane!\n",
> drm_crtc_index(crtc));
> +
> +err:
> +	mutex_unlock(&mtk_crtc->hw_lock);
> +#endif
> +}
> +
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
> +{
> +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> +	int i;
> +	struct mtk_ddp_comp *ddp_first_comp;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> +	u64 sec_port = 0; /* for larb port read input secure fb */
> +
> +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> false);
> +
> +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> +		if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
> +			sec_port |=
> mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> +
> +	if (drm_crtc_index(crtc) == 0)
> +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> +	else if (drm_crtc_index(crtc) == 1)
> +		sec_scn = CMDQ_SEC_SUB_DISP;
> +
> +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> sec_port, sec_scn);
> +
> +	pr_debug("crtc-%d enable secure plane!\n",
> drm_crtc_index(crtc));
> +}
> +#endif
> +
> +static void mtk_drm_crtc_plane_switch_sec_state(struct drm_crtc
> *crtc,
> +						struct drm_atomic_state
> *state)
> +{
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +	bool sec_on[MAX_CRTC] = {0};
> +	int i;
> +	struct drm_crtc_state *crtc_state;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	struct drm_plane *plane;
> +	struct drm_plane_state *old_plane_state;
> +
> +	for_each_old_plane_in_state(state, plane, old_plane_state, i) {
> +		if (!plane->state->crtc)
> +			continue;
> +
> +		if (plane->state->fb &&
> +		    mtk_plane_fb_is_secure(plane->state->fb) &&
> +		    mtk_crtc->sec_cmdq_client.chan)
> +			sec_on[drm_crtc_index(plane->state->crtc)] =
> true;
> +	}
> +
> +	for_each_old_crtc_in_state(state, crtc, crtc_state, i) {
> +		mtk_crtc = to_mtk_crtc(crtc);
> +
> +		if (!sec_on[i])
> +			mtk_crtc_disable_secure_state(crtc);
> +
> +		mutex_lock(&mtk_crtc->hw_lock);
> +		mtk_crtc->sec_on = true;
> +		mutex_unlock(&mtk_crtc->hw_lock);
> +	}
> +#endif
> +}
> +
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
>  static int mtk_drm_cmdq_pkt_create(struct cmdq_client *client,
> struct cmdq_pkt *pkt,
>  				   size_t size)
> @@ -144,22 +298,33 @@ static void mtk_drm_cmdq_pkt_destroy(struct
> cmdq_pkt *pkt)
>  	dma_unmap_single(client->chan->mbox->dev, pkt->pa_base, pkt-
> >buf_size,
>  			 DMA_TO_DEVICE);
>  	kfree(pkt->va_base);
> +	kfree(pkt->sec_data);
>  }
>  #endif
>  
>  static void mtk_drm_crtc_destroy(struct drm_crtc *crtc)
>  {
>  	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	struct mtk_drm_private *priv = crtc->dev->dev_private;
>  	int i;
>  
> +	priv = priv->all_drm_private[drm_crtc_index(crtc)];
> +
>  	mtk_mutex_put(mtk_crtc->mutex);
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
>  	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->cmdq_handle);
> +	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->sec_cmdq_handle);
>  
>  	if (mtk_crtc->cmdq_client.chan) {
>  		mbox_free_channel(mtk_crtc->cmdq_client.chan);
>  		mtk_crtc->cmdq_client.chan = NULL;
>  	}
> +
> +	if (mtk_crtc->sec_cmdq_client.chan) {
> +		device_link_remove(priv->dev, mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev);
> +		mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
> +		mtk_crtc->sec_cmdq_client.chan = NULL;
> +	}
>  #endif
>  
>  	for (i = 0; i < mtk_crtc->ddp_comp_nr; i++) {
> @@ -286,13 +451,18 @@ static void ddp_cmdq_cb(struct mbox_client *cl,
> void *mssg)
>  {
>  	struct cmdq_cb_data *data = mssg;
>  	struct cmdq_client *cmdq_cl = container_of(cl, struct
> cmdq_client, client);
> -	struct mtk_drm_crtc *mtk_crtc = container_of(cmdq_cl, struct
> mtk_drm_crtc, cmdq_client);
> +	struct mtk_drm_crtc *mtk_crtc;
>  	struct mtk_crtc_state *state;
>  	unsigned int i;
>  
>  	if (data->sta < 0)
>  		return;
>  
> +	if (!data->pkt || !data->pkt->sec_data)
> +		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc,
> cmdq_client);
> +	else
> +		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc,
> sec_cmdq_client);
> +
>  	state = to_mtk_crtc_state(mtk_crtc->base.state);
>  
>  	state->pending_config = false;
> @@ -321,6 +491,11 @@ static void ddp_cmdq_cb(struct mbox_client *cl,
> void *mssg)
>  		mtk_crtc->pending_async_planes = false;
>  	}
>  
> +	if (mtk_crtc->sec_cmdq_working) {
> +		mtk_crtc->sec_cmdq_working = false;
> +		wake_up(&mtk_crtc->sec_cb_blocking_queue);
> +	}
> +
>  	mtk_crtc->cmdq_vblank_cnt = 0;
>  	wake_up(&mtk_crtc->cb_blocking_queue);
>  }
> @@ -544,7 +719,8 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  				       bool needs_vblank)
>  {
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
> -	struct cmdq_pkt *cmdq_handle = &mtk_crtc->cmdq_handle;
> +	struct cmdq_client cmdq_client;
> +	struct cmdq_pkt *cmdq_handle;
>  #endif
>  	struct drm_crtc *crtc = &mtk_crtc->base;
>  	struct mtk_drm_private *priv = crtc->dev->dev_private;
> @@ -582,14 +758,36 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  		mtk_mutex_release(mtk_crtc->mutex);
>  	}
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
> -	if (mtk_crtc->cmdq_client.chan) {
> +	if (mtk_crtc->sec_on) {
> +		mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> +		mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> +
> +		if (mtk_crtc->sec_cmdq_handle.sec_data) {
> +			struct cmdq_sec_data *sec_data;
> +
> +			sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> +			sec_data->addrMetadataCount = 0;
> +			sec_data->addrMetadatas = (uintptr_t)NULL;
> +		}
> +
> +		mtk_crtc_enable_secure_state(crtc);
> +
> +		cmdq_client = mtk_crtc->sec_cmdq_client;
> +		cmdq_handle = &mtk_crtc->sec_cmdq_handle;
> +	} else if (mtk_crtc->cmdq_client.chan) {
>  		mbox_flush(mtk_crtc->cmdq_client.chan, 2000);
> -		cmdq_handle->cmd_buf_size = 0;
> +		mtk_crtc->cmdq_handle.cmd_buf_size = 0;
> +
> +		cmdq_client =  mtk_crtc->cmdq_client;
> +		cmdq_handle = &mtk_crtc->cmdq_handle;
> +	}
> +
> +	if (cmdq_client.chan) {
>  		cmdq_pkt_clear_event(cmdq_handle, mtk_crtc-
> >cmdq_event);
>  		cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
>  		mtk_crtc_ddp_config(crtc, cmdq_handle);
>  		cmdq_pkt_finalize(cmdq_handle);
> -		dma_sync_single_for_device(mtk_crtc->cmdq_client.chan-
> >mbox->dev,
> +		dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
>  					   cmdq_handle->pa_base,
>  					   cmdq_handle->cmd_buf_size,
>  					   DMA_TO_DEVICE);
> @@ -602,8 +800,8 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  		 */
>  		mtk_crtc->cmdq_vblank_cnt = 3;
>  
> -		mbox_send_message(mtk_crtc->cmdq_client.chan,
> cmdq_handle);
> -		mbox_client_txdone(mtk_crtc->cmdq_client.chan, 0);
> +		mbox_send_message(cmdq_client.chan, cmdq_handle);
> +		mbox_client_txdone(cmdq_client.chan, 0);
>  	}
>  #endif
>  	mtk_crtc->config_updating = false;
> @@ -706,6 +904,8 @@ static void mtk_drm_crtc_atomic_disable(struct
> drm_crtc *crtc,
>  	if (!mtk_crtc->enabled)
>  		return;
>  
> +	mtk_crtc_disable_secure_state(crtc);
> +
>  	/* Set all pending plane state to disabled */
>  	for (i = 0; i < mtk_crtc->layer_nr; i++) {
>  		struct drm_plane *plane = &mtk_crtc->planes[i];
> @@ -745,6 +945,8 @@ static void mtk_drm_crtc_atomic_begin(struct
> drm_crtc *crtc,
>  	struct mtk_crtc_state *mtk_crtc_state =
> to_mtk_crtc_state(crtc_state);
>  	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
>  
> +	mtk_drm_crtc_plane_switch_sec_state(crtc, state);
> +
>  	if (mtk_crtc->event && mtk_crtc_state->base.event)
>  		DRM_ERROR("new event while there is still a pending
> event\n");
>  
> @@ -1020,8 +1222,7 @@ int mtk_drm_crtc_create(struct drm_device
> *drm_dev,
>  		if (ret) {
>  			dev_dbg(dev, "mtk_crtc %d failed to get
> mediatek,gce-events property\n",
>  				drm_crtc_index(&mtk_crtc->base));
> -			mbox_free_channel(mtk_crtc->cmdq_client.chan);
> -			mtk_crtc->cmdq_client.chan = NULL;
> +			goto cmdq_err;
>  		} else {
>  			ret = mtk_drm_cmdq_pkt_create(&mtk_crtc-
> >cmdq_client,
>  						      &mtk_crtc-
> >cmdq_handle,
> @@ -1029,14 +1230,63 @@ int mtk_drm_crtc_create(struct drm_device
> *drm_dev,
>  			if (ret) {
>  				dev_dbg(dev, "mtk_crtc %d failed to
> create cmdq packet\n",
>  					drm_crtc_index(&mtk_crtc-
> >base));
> -				mbox_free_channel(mtk_crtc-
> >cmdq_client.chan);
> -				mtk_crtc->cmdq_client.chan = NULL;
> +				goto cmdq_err;
>  			}
>  		}
>  
>  		/* for sending blocking cmd in crtc disable */
>  		init_waitqueue_head(&mtk_crtc->cb_blocking_queue);
>  	}
> +
> +	mtk_crtc->sec_cmdq_client.client.dev = mtk_crtc->mmsys_dev;
> +	mtk_crtc->sec_cmdq_client.client.tx_block = false;
> +	mtk_crtc->sec_cmdq_client.client.knows_txdone = true;
> +	mtk_crtc->sec_cmdq_client.client.rx_callback = ddp_cmdq_cb;
> +	mtk_crtc->sec_cmdq_client.chan =
> +			mbox_request_channel(&mtk_crtc-
> >sec_cmdq_client.client, i + 1);
> +	if (IS_ERR(mtk_crtc->sec_cmdq_client.chan)) {
> +		dev_err(dev, "mtk_crtc %d failed to create sec mailbox
> client\n",
> +			drm_crtc_index(&mtk_crtc->base));
> +		mtk_crtc->sec_cmdq_client.chan = NULL;
> +	}
> +
> +	if (mtk_crtc->sec_cmdq_client.chan) {
> +		struct device_link *link;
> +
> +		/* add devlink to cmdq dev to make sure suspend/resume
> order is correct */
> +		link = device_link_add(priv->dev, mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev,
> +				       DL_FLAG_PM_RUNTIME |
> DL_FLAG_STATELESS);
> +		if (!link) {
> +			dev_err(priv->dev, "Unable to link dev=%s\n",
> +				dev_name(mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev));
> +			ret = -ENODEV;
> +			goto cmdq_err;
> +		}
> +
> +		ret = mtk_drm_cmdq_pkt_create(&mtk_crtc-
> >sec_cmdq_client,
> +					      &mtk_crtc-
> >sec_cmdq_handle,
> +					      PAGE_SIZE);
> +		if (ret) {
> +			dev_dbg(dev, "mtk_crtc %d failed to create cmdq
> secure packet\n",
> +				drm_crtc_index(&mtk_crtc->base));
> +			goto cmdq_err;
> +		}
> +
> +		/* for sending blocking cmd in crtc disable */
> +		init_waitqueue_head(&mtk_crtc->sec_cb_blocking_queue);
> +	}
> +
> +cmdq_err:
> +	if (ret) {
> +		if (mtk_crtc->cmdq_client.chan) {
> +			mbox_free_channel(mtk_crtc->cmdq_client.chan);
> +			mtk_crtc->cmdq_client.chan = NULL;
> +		}
> +		if (mtk_crtc->sec_cmdq_client.chan) {
> +			mbox_free_channel(mtk_crtc-
> >sec_cmdq_client.chan);
> +			mtk_crtc->sec_cmdq_client.chan = NULL;
> +		}
> +	}
>  #endif
>  	return 0;
>  }
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> index 3e9046993d09..ff7f81fa6184 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> @@ -19,6 +19,7 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
>  			const unsigned int *path,
>  			unsigned int path_len,
>  			int priv_data_index);
> +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc);
>  int mtk_drm_crtc_plane_check(struct drm_crtc *crtc, struct drm_plane
> *plane,
>  			     struct mtk_plane_state *state);
>  void mtk_drm_crtc_async_update(struct drm_crtc *crtc, struct
> drm_plane *plane,
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> index db2f70ae060d..89b5a4e87548 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> @@ -265,6 +265,13 @@ static void mtk_plane_atomic_disable(struct
> drm_plane *plane,
>  	mtk_plane_state->pending.enable = false;
>  	wmb(); /* Make sure the above parameter is set before update */
>  	mtk_plane_state->pending.dirty = true;
> +
> +	if (mtk_plane_state->pending.is_sec) {
> +		struct drm_plane_state *old_state =
> drm_atomic_get_old_plane_state(state, plane);
> +
> +		if (old_state->crtc)
> +			mtk_crtc_disable_secure_state(old_state->crtc);
> +	}
>  }
>  
>  static void mtk_plane_atomic_update(struct drm_plane *plane,

Re: [PATCH v2 08/11] drm/mediatek: Add secure layer config support for ovl_adaptor

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> Add secure layer config support for ovl_adaptor and sub driver mdp_rdma.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>   drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c |  3 +++
>   drivers/gpu/drm/mediatek/mtk_mdp_rdma.c         | 11 ++++++++---
>   drivers/gpu/drm/mediatek/mtk_mdp_rdma.h         |  2 ++
>   3 files changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> index 28a0bccfb0b9..274961222672 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> @@ -153,6 +153,9 @@ void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int idx,
>   	rdma_config.pitch = pending->pitch;
>   	rdma_config.fmt = pending->format;
>   	rdma_config.color_encoding = pending->color_encoding;
> +	rdma_config.source_size = (pending->height - 1) * pending->pitch +
> +				  pending->width * fmt_info->cpp[0];
> +	rdma_config.is_sec = state->pending.is_sec;
>   	mtk_mdp_rdma_config(rdma_l, &rdma_config, cmdq_pkt);
>   
>   	if (use_dual_pipe) {
> diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> index c3adaeefd551..1c4798e3bbc3 100644
> --- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> +++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> @@ -94,6 +94,7 @@ struct mtk_mdp_rdma {
>   	void __iomem		*regs;
>   	struct clk		*clk;
>   	struct cmdq_client_reg	cmdq_reg;
> +	resource_size_t		regs_pa;
>   };
>   
>   static unsigned int rdma_fmt_convert(unsigned int fmt)
> @@ -198,9 +199,12 @@ void mtk_mdp_rdma_config(struct device *dev, struct mtk_mdp_rdma_cfg *cfg,
>   	else
>   		mtk_ddp_write_mask(cmdq_pkt, 0, &priv->cmdq_reg, priv->regs,
>   				   MDP_RDMA_SRC_CON, FLD_OUTPUT_ARGB);
> -
> -	mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv->cmdq_reg, priv->regs,
> -			   MDP_RDMA_SRC_BASE_0, FLD_SRC_BASE_0);
> +	if (cfg->is_sec)
> +		mtk_ddp_sec_write(cmdq_pkt, priv->regs_pa + MDP_RDMA_SRC_BASE_0,
> +				  cfg->addr0, CMDQ_IWC_H_2_MVA, 0, cfg->source_size, 0);
> +	else
> +		mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv->cmdq_reg, priv->regs,
> +				   MDP_RDMA_SRC_BASE_0, FLD_SRC_BASE_0);
>   
>   	mtk_ddp_write_mask(cmdq_pkt, src_pitch_y, &priv->cmdq_reg, priv->regs,
>   			   MDP_RDMA_MF_BKGD_SIZE_IN_BYTE, FLD_MF_BKGD_WB);
> @@ -285,6 +289,7 @@ static int mtk_mdp_rdma_probe(struct platform_device *pdev)
>   		return -ENOMEM;
>   
>   	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	priv->regs_pa = res->start;
>   	priv->regs = devm_ioremap_resource(dev, res);
>   	if (IS_ERR(priv->regs)) {
>   		dev_err(dev, "failed to ioremap rdma\n");
> diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> index 9943ee3aac31..9add18e96319 100644
> --- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> +++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> @@ -15,6 +15,8 @@ struct mtk_mdp_rdma_cfg {
>   	unsigned int	y_top;
>   	int		fmt;
>   	int		color_encoding;
> +	unsigned int	source_size;
> +	unsigned int	is_sec;

is_secure looks better.

Regards,
Angelo

>   };
>   
>   #endif // __MTK_MDP_RDMA_H__

Re: [PATCH v2 05/11] drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> Add mtk_ddp_sec_write to configure secure buffer information to
> cmdq secure packet data.
> Then secure cmdq driver will use these information to configure
> curresponding secure DRAM address to HW overlay in secure world.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 12 ++++++++++++
>   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h |  4 ++++
>   2 files changed, 16 insertions(+)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> index 771f4e173353..3dca936b9143 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> @@ -111,6 +111,18 @@ void mtk_ddp_write_mask(struct cmdq_pkt *cmdq_pkt, unsigned int value,
>   #endif
>   }
>   
> +void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64 base,
> +		       const enum cmdq_iwc_addr_metadata_type type,
> +		       const u32 offset, const u32 size, const u32 port)
> +{
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +	/* secure buffer will be 4K alignment */
> +	if (cmdq_pkt)

	if (!cmdq_pkt)
		return;
	cmdq_sec_pkt_write....

Regards,
Angelo

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> Add secure layer config support for ovl.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>   drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
>   drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31 +++++++++++++++++--
>   .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
>   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
>   4 files changed, 46 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> index 2254038519e1..dec937b183a8 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> @@ -9,6 +9,7 @@
>   #include <linux/soc/mediatek/mtk-cmdq.h>
>   #include <linux/soc/mediatek/mtk-mmsys.h>
>   #include <linux/soc/mediatek/mtk-mutex.h>
> +#include "mtk_drm_ddp_comp.h"
>   #include "mtk_drm_plane.h"
>   #include "mtk_mdp_rdma.h"
>   
> @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
>   void mtk_ovl_config(struct device *dev, unsigned int w,
>   		    unsigned int h, unsigned int vrefresh,
>   		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx);
>   int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
>   			struct mtk_plane_state *mtk_state);
>   void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device *dev);
>   void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
>   			    unsigned int h, unsigned int vrefresh,
>   			    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx);
>   void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int idx,
>   				  struct mtk_plane_state *state,
>   				  struct cmdq_pkt *cmdq_pkt);
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> index 2bffe4245466..76e832e4875a 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> @@ -46,6 +46,7 @@
>   #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr + 0x20 * (n))
>   #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data->addr + 0x20 * (n) + 0x04)
>   #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data->addr + 0x20 * (n) + 0x08)
> +#define DISP_REG_OVL_SECURE			0x0fc0
>   
>   #define GMC_THRESHOLD_BITS	16
>   #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
>   	const struct mtk_disp_ovl_data	*data;
>   	void				(*vblank_cb)(void *data);
>   	void				*vblank_cb_data;
> +	resource_size_t			regs_pa;
>   };
>   
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx)
> +{
> +	if (comp->id == DDP_COMPONENT_OVL0)
> +		return 1ULL << CMDQ_SEC_DISP_OVL0;

This is BIT_ULL():

return BIT_ULL(CMDQ_SEC_DISP_OVL0);

> +	else if (comp->id == DDP_COMPONENT_OVL1)
> +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> +
> +	return 0;
> +}
> +
>   static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
>   {
>   	struct mtk_disp_ovl *priv = dev_id;
> @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
>   			      DISP_REG_OVL_SRC_SIZE(idx));
>   	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl->regs,
>   			      DISP_REG_OVL_OFFSET(idx));
> -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
> -			      DISP_REG_OVL_ADDR(ovl, idx));
> +
> +	if (state->pending.is_sec) {
> +		const struct drm_format_info *fmt_info = drm_format_info(fmt);
> +		unsigned int buf_size = (pending->height - 1) * pending->pitch +
> +					pending->width * fmt_info->cpp[0];
> +
> +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg, ovl->regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));
> +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa + DISP_REG_OVL_ADDR(ovl, idx),
> +				  pending->addr, CMDQ_IWC_H_2_MVA, 0, buf_size, 0);
> +	} else {
> +		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl->regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));
> +		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
> +				      DISP_REG_OVL_ADDR(ovl, idx));
> +	}
>   
>   	if (is_afbc) {
>   		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl->cmdq_reg, ovl->regs,
> @@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev)
>   	}
>   
>   	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	priv->regs_pa = res->start;
>   	priv->regs = devm_ioremap_resource(dev, res);
>   	if (IS_ERR(priv->regs)) {
>   		dev_err(dev, "failed to ioremap ovl\n");
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> index 6bf6367853fb..28a0bccfb0b9 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> @@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match comp_matches[OVL_ADAPTOR_ID_MAX] = {
>   	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
>   };
>   
> +static const u64 ovl_adaptor_sec_port[] = {
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,

BIT_ULL(CMDQ_SEC_VDO1_DISP_RDMA_L0),
BIT_ULL(......),


Regards,
Angelo

Re: [PATCH v2 03/11] drm/mediatek: Add secure buffer control flow to mtk_drm_gem

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> Add secure buffer control flow to mtk_drm_gem.
> 
> When user space takes DRM_MTK_GEM_CREATE_ENCRYPTED flag and size
> to create a mtk_drm_gem object, mtk_drm_gem will find a matched size
> dma buffer from secure dma-heap and bind it to mtk_drm_gem object.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>   drivers/gpu/drm/mediatek/mtk_drm_gem.c | 84 +++++++++++++++++++++++++-
>   drivers/gpu/drm/mediatek/mtk_drm_gem.h |  4 ++
>   2 files changed, 87 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index bcce723f257d..2064ccd7dde0 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -4,6 +4,8 @@
>    */
>   
>   #include <linux/dma-buf.h>
> +#include <linux/dma-heap.h>
> +#include <uapi/linux/dma-heap.h>
>   #include <drm/mediatek_drm.h>
>   
>   #include <drm/drm.h>
> @@ -55,6 +57,80 @@ static struct mtk_drm_gem_obj *mtk_drm_gem_init(struct drm_device *dev,
>   	return mtk_gem_obj;
>   }
>   
> +struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct drm_device *dev,
> +						     const char *heap, size_t size)
> +{
> +	struct mtk_drm_private *priv = dev->dev_private;
> +	struct mtk_drm_gem_obj *mtk_gem;
> +	struct drm_gem_object *obj;
> +	struct dma_heap *dma_heap;
> +	struct dma_buf *dma_buf;
> +	struct dma_buf_attachment *attach;
> +	struct sg_table *sgt;
> +	struct iosys_map map = {};
> +	int ret;
> +
> +	mtk_gem = mtk_drm_gem_init(dev, size);
> +	if (IS_ERR(mtk_gem))
> +		return ERR_CAST(mtk_gem);
> +
> +	obj = &mtk_gem->base;
> +
> +	dma_heap = dma_heap_find(heap);
> +	if (!dma_heap) {
> +		DRM_ERROR("heap find fail\n");
> +		goto err_gem_free;
> +	}
> +	dma_buf = dma_heap_buffer_alloc(dma_heap, size,
> +					O_RDWR | O_CLOEXEC, DMA_HEAP_VALID_HEAP_FLAGS);
> +	if (IS_ERR(dma_buf)) {
> +		DRM_ERROR("buffer alloc fail\n");
> +		dma_heap_put(dma_heap);
> +		goto err_gem_free;
> +	}
> +	dma_heap_put(dma_heap);
> +
> +	attach = dma_buf_attach(dma_buf, priv->dma_dev);
> +	if (IS_ERR(attach)) {
> +		DRM_ERROR("attach fail, return\n");
> +		dma_buf_put(dma_buf);
> +		goto err_gem_free;
> +	}

blank line here please

> +	sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL);
> +	if (IS_ERR(sgt)) {
> +		DRM_ERROR("map failed, detach and return\n");
> +		dma_buf_detach(dma_buf, attach);
> +		dma_buf_put(dma_buf);
> +		goto err_gem_free;
> +	}
> +	obj->import_attach = attach;
> +	mtk_gem->dma_addr = sg_dma_address(sgt->sgl);
> +	mtk_gem->sg = sgt;
> +	mtk_gem->size = dma_buf->size;
> +
> +	if (!strcmp(heap, "mtk_svp") || !strcmp(heap, "mtk_svp_cma")) {
> +		/* secure buffer can not be mapped */
> +		mtk_gem->sec = true;
> +	} else {
> +		ret = dma_buf_vmap(dma_buf, &map);
> +		mtk_gem->kvaddr = map.vaddr;
> +		if (ret) {
> +			DRM_ERROR("map failed, ret=%d\n", ret);
> +			dma_buf_unmap_attachment(attach, sgt, DMA_BIDIRECTIONAL);
> +			dma_buf_detach(dma_buf, attach);
> +			dma_buf_put(dma_buf);
> +			mtk_gem->kvaddr = NULL;
> +		}
> +	}
> +
> +	return mtk_gem;
> +
> +err_gem_free:
> +	drm_gem_object_release(obj);
> +	kfree(mtk_gem);
> +	return ERR_PTR(-ENOMEM);
> +}
> +
>   struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev,
>   					   size_t size, bool alloc_kmap)
>   {
> @@ -218,7 +294,9 @@ struct drm_gem_object *mtk_gem_prime_import_sg_table(struct drm_device *dev,
>   	if (IS_ERR(mtk_gem))
>   		return ERR_CAST(mtk_gem);
>   
> +	mtk_gem->sec = !sg_page(sg->sgl);
>   	mtk_gem->dma_addr = sg_dma_address(sg->sgl);
> +	mtk_gem->size = attach->dmabuf->size;
>   	mtk_gem->sg = sg;
>   
>   	return &mtk_gem->base;
> @@ -290,7 +368,11 @@ int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
>   	struct drm_mtk_gem_create *args = data;
>   	int ret;
>   
> -	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> +	if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
> +		mtk_gem = mtk_drm_gem_create_from_heap(dev, "mtk_svp_cma", args->size);
> +	else
> +		mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> +
>   	if (IS_ERR(mtk_gem))
>   		return PTR_ERR(mtk_gem);
>   
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> index 90f3d2916ec5..ed4d23e252e9 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> @@ -27,9 +27,11 @@ struct mtk_drm_gem_obj {
>   	void			*cookie;
>   	void			*kvaddr;
>   	dma_addr_t		dma_addr;
> +	size_t			size;
>   	unsigned long		dma_attrs;
>   	struct sg_table		*sg;
>   	struct page		**pages;
> +	bool			sec;

`sec` may be ambiguous. You can call that `secure` or `is_secure_buf`.

>   };
>   
>   #define to_mtk_gem_obj(x)	container_of(x, struct mtk_drm_gem_obj, base)
> @@ -37,6 +39,8 @@ struct mtk_drm_gem_obj {
>   void mtk_drm_gem_free_object(struct drm_gem_object *gem);
>   struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device *dev, size_t size,
>   					   bool alloc_kmap);
> +struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct drm_device *dev,
> +						     const char *heap, size_t size);
>   int mtk_drm_gem_dumb_create(struct drm_file *file_priv, struct drm_device *dev,
>   			    struct drm_mode_create_dumb *args);
>   struct sg_table *mtk_gem_prime_get_sg_table(struct drm_gem_object *obj);

Re: [PATCH v2 01/11] drm/mediatek: Add interface to allocate MediaTek GEM buffer.

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> From: CK Hu <ck.hu@mediatek.com>
> 
> Add an interface to allocate MediaTek GEM buffers, allow the IOCTLs
> to be used by render nodes.
> This patch also sets the RENDER driver feature.
> 
> Signed-off-by: CK Hu <ck.hu@mediatek.com>
> Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
> Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>
> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
> Tested-by: Daniel Kurtz <djkurtz@chromium.org>
> Tested-by: Pi-Hsun Shih <pihsun@chromium.org>
> 
> ---
>   drivers/gpu/drm/mediatek/mtk_drm_drv.c | 13 ++++++
>   drivers/gpu/drm/mediatek/mtk_drm_gem.c | 39 +++++++++++++++++
>   drivers/gpu/drm/mediatek/mtk_drm_gem.h | 12 ++++++
>   include/uapi/drm/mediatek_drm.h        | 58 ++++++++++++++++++++++++++
>   4 files changed, 122 insertions(+)
>   create mode 100644 include/uapi/drm/mediatek_drm.h
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> index 93552d76b6e7..e3e9dbdf265b 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> @@ -24,6 +24,7 @@
>   #include <drm/drm_of.h>
>   #include <drm/drm_probe_helper.h>
>   #include <drm/drm_vblank.h>
> +#include <drm/mediatek_drm.h>
>   
>   #include "mtk_drm_crtc.h"
>   #include "mtk_drm_ddp_comp.h"
> @@ -541,6 +542,14 @@ static void mtk_drm_kms_deinit(struct drm_device *drm)
>   	component_unbind_all(drm->dev, drm);
>   }
>   
> +static const struct drm_ioctl_desc mtk_ioctls[] = {
> +	DRM_IOCTL_DEF_DRV(MTK_GEM_CREATE, mtk_gem_create_ioctl,
> +			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
> +	DRM_IOCTL_DEF_DRV(MTK_GEM_MAP_OFFSET,
> +			  mtk_gem_map_offset_ioctl,
> +			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
> +};
> +
>   DEFINE_DRM_GEM_FOPS(mtk_drm_fops);
>   
>   /*
> @@ -562,6 +571,10 @@ static const struct drm_driver mtk_drm_driver = {
>   
>   	.gem_prime_import = mtk_drm_gem_prime_import,
>   	.gem_prime_import_sg_table = mtk_gem_prime_import_sg_table,
> +
> +	.ioctls = mtk_ioctls,
> +	.num_ioctls = ARRAY_SIZE(mtk_ioctls),
> +
>   	.fops = &mtk_drm_fops,
>   
>   	.name = DRIVER_NAME,
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> index 9f364df52478..bcce723f257d 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> @@ -4,6 +4,7 @@
>    */
>   
>   #include <linux/dma-buf.h>
> +#include <drm/mediatek_drm.h>
>   
>   #include <drm/drm.h>
>   #include <drm/drm_device.h>
> @@ -272,3 +273,41 @@ void mtk_drm_gem_prime_vunmap(struct drm_gem_object *obj,
>   	mtk_gem->kvaddr = NULL;
>   	kfree(mtk_gem->pages);
>   }
> +
> +int mtk_gem_map_offset_ioctl(struct drm_device *drm, void *data,
> +			     struct drm_file *file_priv)
> +{
> +	struct drm_mtk_gem_map_off *args = data;
> +
> +	return drm_gem_dumb_map_offset(file_priv, drm, args->handle,
> +				       &args->offset);
> +}
> +
> +int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
> +			 struct drm_file *file_priv)
> +{
> +	struct mtk_drm_gem_obj *mtk_gem;
> +	struct drm_mtk_gem_create *args = data;
> +	int ret;
> +
> +	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> +	if (IS_ERR(mtk_gem))
> +		return PTR_ERR(mtk_gem);
> +
> +	/*
> +	 * allocate a id of idr table where the obj is registered
> +	 * and handle has the id what user can see.
> +	 */
> +	ret = drm_gem_handle_create(file_priv, &mtk_gem->base, &args->handle);
> +	if (ret)
> +		goto err_handle_create;
> +
> +	/* drop reference from allocate - handle holds it now. */
> +	drm_gem_object_put(&mtk_gem->base);
> +
> +	return 0;
> +
> +err_handle_create:
> +	mtk_drm_gem_free_object(&mtk_gem->base);
> +	return ret;
> +}
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> index 78f23b07a02e..90f3d2916ec5 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> @@ -46,4 +46,16 @@ int mtk_drm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map);
>   void mtk_drm_gem_prime_vunmap(struct drm_gem_object *obj,
>   			      struct iosys_map *map);
>   
> +/*
> + * request gem object creation and buffer allocation as the size
> + * that it is calculated with framebuffer information such as width,
> + * height and bpp.
> + */
> +int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
> +			 struct drm_file *file_priv);
> +
> +/* get buffer offset to map to user space. */
> +int mtk_gem_map_offset_ioctl(struct drm_device *dev, void *data,
> +			     struct drm_file *file_priv);
> +
>   #endif
> diff --git a/include/uapi/drm/mediatek_drm.h b/include/uapi/drm/mediatek_drm.h
> new file mode 100644
> index 000000000000..c050de320a84
> --- /dev/null
> +++ b/include/uapi/drm/mediatek_drm.h
> @@ -0,0 +1,58 @@
> +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
> +/*
> + * Copyright (c) 2015 MediaTek Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + */
> +
> +#ifndef _UAPI_MEDIATEK_DRM_H
> +#define _UAPI_MEDIATEK_DRM_H
> +
> +#include <drm/drm.h>
> +
> +/**
> + * User-desired buffer creation information structure.

You're almost there.... Read:

https://docs.kernel.org/doc-guide/kernel-doc.html#structure-union-and-enumeration-documentation

Regards,
Angelo

Re: [PATCH v2 02/11] drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag

[AngeloGioacchino Del Regno]

Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag to allocate a secure buffer
> to support secure video path feature.
> 

You have a typo in both the commit description and the title. Please fix.

> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>   include/uapi/drm/mediatek_drm.h | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/include/uapi/drm/mediatek_drm.h b/include/uapi/drm/mediatek_drm.h
> index c050de320a84..93f25e0c21d7 100644
> --- a/include/uapi/drm/mediatek_drm.h
> +++ b/include/uapi/drm/mediatek_drm.h
> @@ -48,6 +48,7 @@ struct drm_mtk_gem_map_off {
>   
>   #define DRM_MTK_GEM_CREATE		0x00
>   #define DRM_MTK_GEM_MAP_OFFSET		0x01
> +#define DRM_MTK_GEM_CREATE_ENCRYPTED	0x02
>   
>   #define DRM_IOCTL_MTK_GEM_CREATE	DRM_IOWR(DRM_COMMAND_BASE + \
>   		DRM_MTK_GEM_CREATE, struct drm_mtk_gem_create)

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 11323 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6888 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> Add secure layer config support for ovl.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
>  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> +++++++++++++++++--
>  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
>  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
>  4 files changed, 46 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> index 2254038519e1..dec937b183a8 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> @@ -9,6 +9,7 @@
>  #include <linux/soc/mediatek/mtk-cmdq.h>
>  #include <linux/soc/mediatek/mtk-mmsys.h>
>  #include <linux/soc/mediatek/mtk-mutex.h>
> +#include "mtk_drm_ddp_comp.h"
>  #include "mtk_drm_plane.h"
>  #include "mtk_mdp_rdma.h"
>  
> @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
>  void mtk_ovl_config(struct device *dev, unsigned int w,
>  		    unsigned int h, unsigned int vrefresh,
>  		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> idx);
>  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
>  			struct mtk_plane_state *mtk_state);
>  void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device
> *dev);
>  void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
>  			    unsigned int h, unsigned int vrefresh,
>  			    unsigned int bpc, struct cmdq_pkt
> *cmdq_pkt);
> +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> int idx);
>  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> idx,
>  				  struct mtk_plane_state *state,
>  				  struct cmdq_pkt *cmdq_pkt);
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> index 2bffe4245466..76e832e4875a 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> @@ -46,6 +46,7 @@
>  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr +
> 0x20 * (n))
>  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> >addr + 0x20 * (n) + 0x04)
>  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> >addr + 0x20 * (n) + 0x08)
> +#define DISP_REG_OVL_SECURE			0x0fc0
>  
>  #define GMC_THRESHOLD_BITS	16
>  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
>  	const struct mtk_disp_ovl_data	*data;
>  	void				(*vblank_cb)(void *data);
>  	void				*vblank_cb_data;
> +	resource_size_t			regs_pa;
>  };
>  
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> idx)
> +{
> +	if (comp->id == DDP_COMPONENT_OVL0)
> +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> +	else if (comp->id == DDP_COMPONENT_OVL1)
> +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> +
> +	return 0;
> +}
> +
>  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
>  {
>  	struct mtk_disp_ovl *priv = dev_id;
> @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev,
> unsigned int idx,
>  			      DISP_REG_OVL_SRC_SIZE(idx));
>  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> >regs,
>  			      DISP_REG_OVL_OFFSET(idx));
> -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> >regs,
> -			      DISP_REG_OVL_ADDR(ovl, idx));
> +
> +	if (state->pending.is_sec) {
> +		const struct drm_format_info *fmt_info =
> drm_format_info(fmt);
> +		unsigned int buf_size = (pending->height - 1) *
> pending->pitch +
> +					pending->width * fmt_info-
> >cpp[0];
> +
> +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> ovl->regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));
> +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> DISP_REG_OVL_ADDR(ovl, idx),
> +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> buf_size, 0);
> +	} else {
> +		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl-
> >regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));

What's the function of this register? Does it means that layer is ABLE
to read secure buffer? And this register could be controlled in normal
world?

Regards,
CK

> +		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg,
> ovl->regs,
> +				      DISP_REG_OVL_ADDR(ovl, idx));
> +	}
>  
>  	if (is_afbc) {
>  		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl-
> >cmdq_reg, ovl->regs,
> @@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct
> platform_device *pdev)
>  	}
>  
>  	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	priv->regs_pa = res->start;
>  	priv->regs = devm_ioremap_resource(dev, res);
>  	if (IS_ERR(priv->regs)) {
>  		dev_err(dev, "failed to ioremap ovl\n");
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> index 6bf6367853fb..28a0bccfb0b9 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> @@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match
> comp_matches[OVL_ADAPTOR_ID_MAX] = {
>  	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
>  };
>  
> +static const u64 ovl_adaptor_sec_port[] = {
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L1,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L2,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L3,
> +};
> +
> +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> int idx)
> +{
> +	return ovl_adaptor_sec_port[idx];
> +}
> +
>  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> idx,
>  				  struct mtk_plane_state *state,
>  				  struct cmdq_pkt *cmdq_pkt)
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> index 3dca936b9143..eec3a1cc2ed4 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> @@ -373,6 +373,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl =
> {
>  	.bgclr_in_off = mtk_ovl_bgclr_in_off,
>  	.get_formats = mtk_ovl_get_formats,
>  	.get_num_formats = mtk_ovl_get_num_formats,
> +	.get_sec_port = mtk_ovl_get_sec_port,
>  };
>  
>  static const struct mtk_ddp_comp_funcs ddp_postmask = {
> @@ -424,6 +425,7 @@ static const struct mtk_ddp_comp_funcs
> ddp_ovl_adaptor = {
>  	.remove = mtk_ovl_adaptor_remove_comp,
>  	.get_formats = mtk_ovl_adaptor_get_formats,
>  	.get_num_formats = mtk_ovl_adaptor_get_num_formats,
> +	.get_sec_port = mtk_ovl_adaptor_get_sec_port,
>  };
>  
>  static const char * const mtk_ddp_comp_stem[MTK_DDP_COMP_TYPE_MAX] =
> {

Re: [PATCH v2 04/11] drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 2664 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1085 bytes --]

Hi CK,

On Tue, 2023-10-24 at 03:35 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > Add is_sec flag to identify current mtk_drm_plane is secure.
> > Add mtk_plane_is_sec_fb() to check current drm_framebuffer is
> > secure.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.h | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> > b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> > index 99aff7da0831..fe60e20a6e1c 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.h
> > @@ -33,6 +33,7 @@ struct mtk_plane_pending_state {
> >  	bool				async_dirty;
> >  	bool				async_config;
> >  	enum drm_color_encoding		color_encoding;
> > +	bool				is_sec;
> 
> Where do you set this flag?
> 

I think I lost that part of code in this patch...
I'll add them in the next version.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 

Re: [PATCH v2 01/11] drm/mediatek: Add interface to allocate MediaTek GEM buffer.

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 12608 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6819 bytes --]

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > From: CK Hu <ck.hu@mediatek.com>
> > 
> > Add an interface to allocate MediaTek GEM buffers, allow the IOCTLs
> > to be used by render nodes.
> > This patch also sets the RENDER driver feature.
> > 
> > Signed-off-by: CK Hu <ck.hu@mediatek.com>
> > Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
> > Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>
> > Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
> > Tested-by: Daniel Kurtz <djkurtz@chromium.org>
> > Tested-by: Pi-Hsun Shih <pihsun@chromium.org>
> > 
> > ---
> >   drivers/gpu/drm/mediatek/mtk_drm_drv.c | 13 ++++++
> >   drivers/gpu/drm/mediatek/mtk_drm_gem.c | 39 +++++++++++++++++
> >   drivers/gpu/drm/mediatek/mtk_drm_gem.h | 12 ++++++
> >   include/uapi/drm/mediatek_drm.h        | 58
> > ++++++++++++++++++++++++++
> >   4 files changed, 122 insertions(+)
> >   create mode 100644 include/uapi/drm/mediatek_drm.h
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> > index 93552d76b6e7..e3e9dbdf265b 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> > @@ -24,6 +24,7 @@
> >   #include <drm/drm_of.h>
> >   #include <drm/drm_probe_helper.h>
> >   #include <drm/drm_vblank.h>
> > +#include <drm/mediatek_drm.h>
> >   
> >   #include "mtk_drm_crtc.h"
> >   #include "mtk_drm_ddp_comp.h"
> > @@ -541,6 +542,14 @@ static void mtk_drm_kms_deinit(struct
> > drm_device *drm)
> >   	component_unbind_all(drm->dev, drm);
> >   }
> >   
> > +static const struct drm_ioctl_desc mtk_ioctls[] = {
> > +	DRM_IOCTL_DEF_DRV(MTK_GEM_CREATE, mtk_gem_create_ioctl,
> > +			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
> > +	DRM_IOCTL_DEF_DRV(MTK_GEM_MAP_OFFSET,
> > +			  mtk_gem_map_offset_ioctl,
> > +			  DRM_UNLOCKED | DRM_AUTH | DRM_RENDER_ALLOW),
> > +};
> > +
> >   DEFINE_DRM_GEM_FOPS(mtk_drm_fops);
> >   
> >   /*
> > @@ -562,6 +571,10 @@ static const struct drm_driver mtk_drm_driver
> > = {
> >   
> >   	.gem_prime_import = mtk_drm_gem_prime_import,
> >   	.gem_prime_import_sg_table = mtk_gem_prime_import_sg_table,
> > +
> > +	.ioctls = mtk_ioctls,
> > +	.num_ioctls = ARRAY_SIZE(mtk_ioctls),
> > +
> >   	.fops = &mtk_drm_fops,
> >   
> >   	.name = DRIVER_NAME,
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > index 9f364df52478..bcce723f257d 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > @@ -4,6 +4,7 @@
> >    */
> >   
> >   #include <linux/dma-buf.h>
> > +#include <drm/mediatek_drm.h>
> >   
> >   #include <drm/drm.h>
> >   #include <drm/drm_device.h>
> > @@ -272,3 +273,41 @@ void mtk_drm_gem_prime_vunmap(struct
> > drm_gem_object *obj,
> >   	mtk_gem->kvaddr = NULL;
> >   	kfree(mtk_gem->pages);
> >   }
> > +
> > +int mtk_gem_map_offset_ioctl(struct drm_device *drm, void *data,
> > +			     struct drm_file *file_priv)
> > +{
> > +	struct drm_mtk_gem_map_off *args = data;
> > +
> > +	return drm_gem_dumb_map_offset(file_priv, drm, args->handle,
> > +				       &args->offset);
> > +}
> > +
> > +int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
> > +			 struct drm_file *file_priv)
> > +{
> > +	struct mtk_drm_gem_obj *mtk_gem;
> > +	struct drm_mtk_gem_create *args = data;
> > +	int ret;
> > +
> > +	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> > +	if (IS_ERR(mtk_gem))
> > +		return PTR_ERR(mtk_gem);
> > +
> > +	/*
> > +	 * allocate a id of idr table where the obj is registered
> > +	 * and handle has the id what user can see.
> > +	 */
> > +	ret = drm_gem_handle_create(file_priv, &mtk_gem->base, &args-
> > >handle);
> > +	if (ret)
> > +		goto err_handle_create;
> > +
> > +	/* drop reference from allocate - handle holds it now. */
> > +	drm_gem_object_put(&mtk_gem->base);
> > +
> > +	return 0;
> > +
> > +err_handle_create:
> > +	mtk_drm_gem_free_object(&mtk_gem->base);
> > +	return ret;
> > +}
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > index 78f23b07a02e..90f3d2916ec5 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > @@ -46,4 +46,16 @@ int mtk_drm_gem_prime_vmap(struct drm_gem_object
> > *obj, struct iosys_map *map);
> >   void mtk_drm_gem_prime_vunmap(struct drm_gem_object *obj,
> >   			      struct iosys_map *map);
> >   
> > +/*
> > + * request gem object creation and buffer allocation as the size
> > + * that it is calculated with framebuffer information such as
> > width,
> > + * height and bpp.
> > + */
> > +int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
> > +			 struct drm_file *file_priv);
> > +
> > +/* get buffer offset to map to user space. */
> > +int mtk_gem_map_offset_ioctl(struct drm_device *dev, void *data,
> > +			     struct drm_file *file_priv);
> > +
> >   #endif
> > diff --git a/include/uapi/drm/mediatek_drm.h
> > b/include/uapi/drm/mediatek_drm.h
> > new file mode 100644
> > index 000000000000..c050de320a84
> > --- /dev/null
> > +++ b/include/uapi/drm/mediatek_drm.h
> > @@ -0,0 +1,58 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
> > +/*
> > + * Copyright (c) 2015 MediaTek Inc.
> > + *
> > + * This program is free software; you can redistribute it and/or
> > modify
> > + * it under the terms of the GNU General Public License version 2
> > as
> > + * published by the Free Software Foundation.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + */
> > +
> > +#ifndef _UAPI_MEDIATEK_DRM_H
> > +#define _UAPI_MEDIATEK_DRM_H
> > +
> > +#include <drm/drm.h>
> > +
> > +/**
> > + * User-desired buffer creation information structure.
> 
> You're almost there.... Read:
> 
> 
https://urldefense.com/v3/__https://docs.kernel.org/doc-guide/kernel-doc.html*structure-union-and-enumeration-documentation__;Iw!!CTRNKA9wMg0ARbw!kERlb86VAz8ud_XHQQwv1hHLb2Ffjz-ECgPk74SE7PUwOIyIbCh8cHKZj2w12qOeIKktUQQAIklBO9aQ8_W_A2VaNK09ty9HBQ$
>  

OK, Thanks for your help.
I can use that `scripts/kernel-doc` to scan my code now!

Will fix them in the next version.

Regards,
Jason-JH.Lin

> 
> Regards,
> Angelo
> 
> 

Re: [PATCH v2 03/11] drm/mediatek: Add secure buffer control flow to mtk_drm_gem

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 11390 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6145 bytes --]

Hi Angelo,

Thanks for the reviews.

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > Add secure buffer control flow to mtk_drm_gem.
> > 
> > When user space takes DRM_MTK_GEM_CREATE_ENCRYPTED flag and size
> > to create a mtk_drm_gem object, mtk_drm_gem will find a matched
> > size
> > dma buffer from secure dma-heap and bind it to mtk_drm_gem object.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >   drivers/gpu/drm/mediatek/mtk_drm_gem.c | 84
> > +++++++++++++++++++++++++-
> >   drivers/gpu/drm/mediatek/mtk_drm_gem.h |  4 ++
> >   2 files changed, 87 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > index bcce723f257d..2064ccd7dde0 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
> > @@ -4,6 +4,8 @@
> >    */
> >   
> >   #include <linux/dma-buf.h>
> > +#include <linux/dma-heap.h>
> > +#include <uapi/linux/dma-heap.h>
> >   #include <drm/mediatek_drm.h>
> >   
> >   #include <drm/drm.h>
> > @@ -55,6 +57,80 @@ static struct mtk_drm_gem_obj
> > *mtk_drm_gem_init(struct drm_device *dev,
> >   	return mtk_gem_obj;
> >   }
> >   
> > +struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct
> > drm_device *dev,
> > +						     const char *heap,
> > size_t size)
> > +{
> > +	struct mtk_drm_private *priv = dev->dev_private;
> > +	struct mtk_drm_gem_obj *mtk_gem;
> > +	struct drm_gem_object *obj;
> > +	struct dma_heap *dma_heap;
> > +	struct dma_buf *dma_buf;
> > +	struct dma_buf_attachment *attach;
> > +	struct sg_table *sgt;
> > +	struct iosys_map map = {};
> > +	int ret;
> > +
> > +	mtk_gem = mtk_drm_gem_init(dev, size);
> > +	if (IS_ERR(mtk_gem))
> > +		return ERR_CAST(mtk_gem);
> > +
> > +	obj = &mtk_gem->base;
> > +
> > +	dma_heap = dma_heap_find(heap);
> > +	if (!dma_heap) {
> > +		DRM_ERROR("heap find fail\n");
> > +		goto err_gem_free;
> > +	}
> > +	dma_buf = dma_heap_buffer_alloc(dma_heap, size,
> > +					O_RDWR | O_CLOEXEC,
> > DMA_HEAP_VALID_HEAP_FLAGS);
> > +	if (IS_ERR(dma_buf)) {
> > +		DRM_ERROR("buffer alloc fail\n");
> > +		dma_heap_put(dma_heap);
> > +		goto err_gem_free;
> > +	}
> > +	dma_heap_put(dma_heap);
> > +
> > +	attach = dma_buf_attach(dma_buf, priv->dma_dev);
> > +	if (IS_ERR(attach)) {
> > +		DRM_ERROR("attach fail, return\n");
> > +		dma_buf_put(dma_buf);
> > +		goto err_gem_free;
> > +	}
> 
> blank line here please

OK, I'll add one blank.

> 
> > +	sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL);
> > +	if (IS_ERR(sgt)) {
> > +		DRM_ERROR("map failed, detach and return\n");
> > +		dma_buf_detach(dma_buf, attach);
> > +		dma_buf_put(dma_buf);
> > +		goto err_gem_free;
> > +	}
> > +	obj->import_attach = attach;
> > +	mtk_gem->dma_addr = sg_dma_address(sgt->sgl);
> > +	mtk_gem->sg = sgt;
> > +	mtk_gem->size = dma_buf->size;
> > +
> > +	if (!strcmp(heap, "mtk_svp") || !strcmp(heap, "mtk_svp_cma")) {
> > +		/* secure buffer can not be mapped */
> > +		mtk_gem->sec = true;
> > +	} else {
> > +		ret = dma_buf_vmap(dma_buf, &map);
> > +		mtk_gem->kvaddr = map.vaddr;
> > +		if (ret) {
> > +			DRM_ERROR("map failed, ret=%d\n", ret);
> > +			dma_buf_unmap_attachment(attach, sgt,
> > DMA_BIDIRECTIONAL);
> > +			dma_buf_detach(dma_buf, attach);
> > +			dma_buf_put(dma_buf);
> > +			mtk_gem->kvaddr = NULL;
> > +		}
> > +	}
> > +
> > +	return mtk_gem;
> > +
> > +err_gem_free:
> > +	drm_gem_object_release(obj);
> > +	kfree(mtk_gem);
> > +	return ERR_PTR(-ENOMEM);
> > +}
> > +
> >   struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device
> > *dev,
> >   					   size_t size, bool
> > alloc_kmap)
> >   {
> > @@ -218,7 +294,9 @@ struct drm_gem_object
> > *mtk_gem_prime_import_sg_table(struct drm_device *dev,
> >   	if (IS_ERR(mtk_gem))
> >   		return ERR_CAST(mtk_gem);
> >   
> > +	mtk_gem->sec = !sg_page(sg->sgl);
> >   	mtk_gem->dma_addr = sg_dma_address(sg->sgl);
> > +	mtk_gem->size = attach->dmabuf->size;
> >   	mtk_gem->sg = sg;
> >   
> >   	return &mtk_gem->base;
> > @@ -290,7 +368,11 @@ int mtk_gem_create_ioctl(struct drm_device
> > *dev, void *data,
> >   	struct drm_mtk_gem_create *args = data;
> >   	int ret;
> >   
> > -	mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> > +	if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
> > +		mtk_gem = mtk_drm_gem_create_from_heap(dev,
> > "mtk_svp_cma", args->size);
> > +	else
> > +		mtk_gem = mtk_drm_gem_create(dev, args->size, false);
> > +
> >   	if (IS_ERR(mtk_gem))
> >   		return PTR_ERR(mtk_gem);
> >   
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > index 90f3d2916ec5..ed4d23e252e9 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.h
> > @@ -27,9 +27,11 @@ struct mtk_drm_gem_obj {
> >   	void			*cookie;
> >   	void			*kvaddr;
> >   	dma_addr_t		dma_addr;
> > +	size_t			size;
> >   	unsigned long		dma_attrs;
> >   	struct sg_table		*sg;
> >   	struct page		**pages;
> > +	bool			sec;
> 
> `sec` may be ambiguous. You can call that `secure` or
> `is_secure_buf`.
> 
OK, I'll change it to `secure`.

Regards,
Jason-JH.Lin

> >   };
> >   
> >   #define to_mtk_gem_obj(x)	container_of(x, struct mtk_drm_gem_obj,
> > base)
> > @@ -37,6 +39,8 @@ struct mtk_drm_gem_obj {
> >   void mtk_drm_gem_free_object(struct drm_gem_object *gem);
> >   struct mtk_drm_gem_obj *mtk_drm_gem_create(struct drm_device
> > *dev, size_t size,
> >   					   bool alloc_kmap);
> > +struct mtk_drm_gem_obj *mtk_drm_gem_create_from_heap(struct
> > drm_device *dev,
> > +						     const char *heap,
> > size_t size);
> >   int mtk_drm_gem_dumb_create(struct drm_file *file_priv, struct
> > drm_device *dev,
> >   			    struct drm_mode_create_dumb *args);
> >   struct sg_table *mtk_gem_prime_get_sg_table(struct drm_gem_object
> > *obj);
> 
> 
> 
> 

Re: [PATCH v2 02/11] drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 2757 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1129 bytes --]

Hi Angelo,

Thanks for the reviews.

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag to allocate a secure buffer
> > to support secure video path feature.
> > 
> 
> You have a typo in both the commit description and the title. Please
> fix.
> 

OK, I'll fix it.

Regards,
Jason-JH.Lin

> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >   include/uapi/drm/mediatek_drm.h | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/include/uapi/drm/mediatek_drm.h
> > b/include/uapi/drm/mediatek_drm.h
> > index c050de320a84..93f25e0c21d7 100644
> > --- a/include/uapi/drm/mediatek_drm.h
> > +++ b/include/uapi/drm/mediatek_drm.h
> > @@ -48,6 +48,7 @@ struct drm_mtk_gem_map_off {
> >   
> >   #define DRM_MTK_GEM_CREATE		0x00
> >   #define DRM_MTK_GEM_MAP_OFFSET		0x01
> > +#define DRM_MTK_GEM_CREATE_ENCRYPTED	0x02
> >   
> >   #define DRM_IOCTL_MTK_GEM_CREATE	DRM_IOWR(DRM_COMMAND_BASE + \
> >   		DRM_MTK_GEM_CREATE, struct drm_mtk_gem_create)
> 
> 

Re: [PATCH v2 05/11] drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 3460 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1528 bytes --]

Hi Angelo,

Thanks for the reviews.

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > Add mtk_ddp_sec_write to configure secure buffer information to
> > cmdq secure packet data.
> > Then secure cmdq driver will use these information to configure
> > curresponding secure DRAM address to HW overlay in secure world.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 12 ++++++++++++
> >   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h |  4 ++++
> >   2 files changed, 16 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > index 771f4e173353..3dca936b9143 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > @@ -111,6 +111,18 @@ void mtk_ddp_write_mask(struct cmdq_pkt
> > *cmdq_pkt, unsigned int value,
> >   #endif
> >   }
> >   
> > +void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64
> > base,
> > +		       const enum cmdq_iwc_addr_metadata_type type,
> > +		       const u32 offset, const u32 size, const u32
> > port)
> > +{
> > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > +	/* secure buffer will be 4K alignment */
> > +	if (cmdq_pkt)
> 
> 	if (!cmdq_pkt)
> 		return;
> 	cmdq_sec_pkt_write....
> 
OK, I'll change it.

Regards,
Jason-JH.Lin

> Regards,
> Angelo
> 
> 
> 

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 11111 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6020 bytes --]

Hi Angelo,

Thanks for the reviews.

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > Add secure layer config support for ovl.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >   drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
> >   drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> > +++++++++++++++++--
> >   .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
> >   drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
> >   4 files changed, 46 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > index 2254038519e1..dec937b183a8 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > @@ -9,6 +9,7 @@
> >   #include <linux/soc/mediatek/mtk-cmdq.h>
> >   #include <linux/soc/mediatek/mtk-mmsys.h>
> >   #include <linux/soc/mediatek/mtk-mutex.h>
> > +#include "mtk_drm_ddp_comp.h"
> >   #include "mtk_drm_plane.h"
> >   #include "mtk_mdp_rdma.h"
> >   
> > @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
> >   void mtk_ovl_config(struct device *dev, unsigned int w,
> >   		    unsigned int h, unsigned int vrefresh,
> >   		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx);
> >   int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
> >   			struct mtk_plane_state *mtk_state);
> >   void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> > @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device
> > *dev);
> >   void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
> >   			    unsigned int h, unsigned int vrefresh,
> >   			    unsigned int bpc, struct cmdq_pkt
> > *cmdq_pkt);
> > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > unsigned int idx);
> >   void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned
> > int idx,
> >   				  struct mtk_plane_state *state,
> >   				  struct cmdq_pkt *cmdq_pkt);
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > index 2bffe4245466..76e832e4875a 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > @@ -46,6 +46,7 @@
> >   #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr +
> > 0x20 * (n))
> >   #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> > >addr + 0x20 * (n) + 0x04)
> >   #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> > >addr + 0x20 * (n) + 0x08)
> > +#define DISP_REG_OVL_SECURE			0x0fc0
> >   
> >   #define GMC_THRESHOLD_BITS	16
> >   #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> > @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
> >   	const struct mtk_disp_ovl_data	*data;
> >   	void				(*vblank_cb)(void *data);
> >   	void				*vblank_cb_data;
> > +	resource_size_t			regs_pa;
> >   };
> >   
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx)
> > +{
> > +	if (comp->id == DDP_COMPONENT_OVL0)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> 
> This is BIT_ULL():
> 
> return BIT_ULL(CMDQ_SEC_DISP_OVL0);

OK, I'll change it. Thanks for the advice.

> 
> > +	else if (comp->id == DDP_COMPONENT_OVL1)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> > +
> > +	return 0;
> > +}
> > +
> >   static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void
> > *dev_id)
> >   {
> >   	struct mtk_disp_ovl *priv = dev_id;
> > @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev,
> > unsigned int idx,
> >   			      DISP_REG_OVL_SRC_SIZE(idx));
> >   	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> > >regs,
> >   			      DISP_REG_OVL_OFFSET(idx));
> > -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> > >regs,
> > -			      DISP_REG_OVL_ADDR(ovl, idx));
> > +
> > +	if (state->pending.is_sec) {
> > +		const struct drm_format_info *fmt_info =
> > drm_format_info(fmt);
> > +		unsigned int buf_size = (pending->height - 1) *
> > pending->pitch +
> > +					pending->width * fmt_info-
> > >cpp[0];
> > +
> > +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> > ovl->regs,
> > +				   DISP_REG_OVL_SECURE, BIT(idx));
> > +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> > DISP_REG_OVL_ADDR(ovl, idx),
> > +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> > buf_size, 0);
> > +	} else {
> > +		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl-
> > >regs,
> > +				   DISP_REG_OVL_SECURE, BIT(idx));
> > +		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg,
> > ovl->regs,
> > +				      DISP_REG_OVL_ADDR(ovl, idx));
> > +	}
> >   
> >   	if (is_afbc) {
> >   		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl-
> > >cmdq_reg, ovl->regs,
> > @@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct
> > platform_device *pdev)
> >   	}
> >   
> >   	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > +	priv->regs_pa = res->start;
> >   	priv->regs = devm_ioremap_resource(dev, res);
> >   	if (IS_ERR(priv->regs)) {
> >   		dev_err(dev, "failed to ioremap ovl\n");
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > index 6bf6367853fb..28a0bccfb0b9 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > @@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match
> > comp_matches[OVL_ADAPTOR_ID_MAX] = {
> >   	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
> >   };
> >   
> > +static const u64 ovl_adaptor_sec_port[] = {
> > +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,
> 
> BIT_ULL(CMDQ_SEC_VDO1_DISP_RDMA_L0),
> BIT_ULL(......),

OK' Ill change it.

Regards,
Jason-JH.Lin
> 
> 
> Regards,
> Angelo
> 
> 

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 13731 bytes --]

[-- Attachment #2: Type: text/plain, Size: 7623 bytes --]

Hi CK,

Thanks for the reviews.

On Wed, 2023-10-25 at 03:08 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > Add secure layer config support for ovl.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
> >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> > +++++++++++++++++--
> >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
> >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
> >  4 files changed, 46 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > index 2254038519e1..dec937b183a8 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > @@ -9,6 +9,7 @@
> >  #include <linux/soc/mediatek/mtk-cmdq.h>
> >  #include <linux/soc/mediatek/mtk-mmsys.h>
> >  #include <linux/soc/mediatek/mtk-mutex.h>
> > +#include "mtk_drm_ddp_comp.h"
> >  #include "mtk_drm_plane.h"
> >  #include "mtk_mdp_rdma.h"
> >  
> > @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
> >  void mtk_ovl_config(struct device *dev, unsigned int w,
> >  		    unsigned int h, unsigned int vrefresh,
> >  		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx);
> >  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
> >  			struct mtk_plane_state *mtk_state);
> >  void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> > @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device
> > *dev);
> >  void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
> >  			    unsigned int h, unsigned int vrefresh,
> >  			    unsigned int bpc, struct cmdq_pkt
> > *cmdq_pkt);
> > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > unsigned
> > int idx);
> >  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> > idx,
> >  				  struct mtk_plane_state *state,
> >  				  struct cmdq_pkt *cmdq_pkt);
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > index 2bffe4245466..76e832e4875a 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > @@ -46,6 +46,7 @@
> >  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr +
> > 0x20 * (n))
> >  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> > > addr + 0x20 * (n) + 0x04)
> > 
> >  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> > > addr + 0x20 * (n) + 0x08)
> > 
> > +#define DISP_REG_OVL_SECURE			0x0fc0
> >  
> >  #define GMC_THRESHOLD_BITS	16
> >  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> > @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
> >  	const struct mtk_disp_ovl_data	*data;
> >  	void				(*vblank_cb)(void *data);
> >  	void				*vblank_cb_data;
> > +	resource_size_t			regs_pa;
> >  };
> >  
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx)
> > +{
> > +	if (comp->id == DDP_COMPONENT_OVL0)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> > +	else if (comp->id == DDP_COMPONENT_OVL1)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> > +
> > +	return 0;
> > +}
> > +
> >  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
> >  {
> >  	struct mtk_disp_ovl *priv = dev_id;
> > @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev,
> > unsigned int idx,
> >  			      DISP_REG_OVL_SRC_SIZE(idx));
> >  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> > > regs,
> > 
> >  			      DISP_REG_OVL_OFFSET(idx));
> > -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> > > regs,
> > 
> > -			      DISP_REG_OVL_ADDR(ovl, idx));
> > +
> > +	if (state->pending.is_sec) {
> > +		const struct drm_format_info *fmt_info =
> > drm_format_info(fmt);
> > +		unsigned int buf_size = (pending->height - 1) *
> > pending->pitch +
> > +					pending->width * fmt_info-
> > > cpp[0];
> > 
> > +
> > +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> > ovl->regs,
> > +				   DISP_REG_OVL_SECURE, BIT(idx));
> > +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> > DISP_REG_OVL_ADDR(ovl, idx),
> > +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> > buf_size, 0);
> > +	} else {
> > +		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl-
> > > regs,
> > 
> > +				   DISP_REG_OVL_SECURE, BIT(idx));
> 
> What's the function of this register? Does it means that layer is
> ABLE
> to read secure buffer? And this register could be controlled in
> normal
> world?
> 
Hum... Yes, but it also need some configuration in TEE world, then it
can read secure buffer normally.

I'll remove this and move it to the TEE side.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> > +		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg,
> > ovl->regs,
> > +				      DISP_REG_OVL_ADDR(ovl, idx));
> > +	}
> >  
> >  	if (is_afbc) {
> >  		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl-
> > > cmdq_reg, ovl->regs,
> > 
> > @@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct
> > platform_device *pdev)
> >  	}
> >  
> >  	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > +	priv->regs_pa = res->start;
> >  	priv->regs = devm_ioremap_resource(dev, res);
> >  	if (IS_ERR(priv->regs)) {
> >  		dev_err(dev, "failed to ioremap ovl\n");
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > index 6bf6367853fb..28a0bccfb0b9 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > @@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match
> > comp_matches[OVL_ADAPTOR_ID_MAX] = {
> >  	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
> >  };
> >  
> > +static const u64 ovl_adaptor_sec_port[] = {
> > +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,
> > +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L1,
> > +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L2,
> > +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L3,
> > +};
> > +
> > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > unsigned
> > int idx)
> > +{
> > +	return ovl_adaptor_sec_port[idx];
> > +}
> > +
> >  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> > idx,
> >  				  struct mtk_plane_state *state,
> >  				  struct cmdq_pkt *cmdq_pkt)
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > index 3dca936b9143..eec3a1cc2ed4 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> > @@ -373,6 +373,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl
> > =
> > {
> >  	.bgclr_in_off = mtk_ovl_bgclr_in_off,
> >  	.get_formats = mtk_ovl_get_formats,
> >  	.get_num_formats = mtk_ovl_get_num_formats,
> > +	.get_sec_port = mtk_ovl_get_sec_port,
> >  };
> >  
> >  static const struct mtk_ddp_comp_funcs ddp_postmask = {
> > @@ -424,6 +425,7 @@ static const struct mtk_ddp_comp_funcs
> > ddp_ovl_adaptor = {
> >  	.remove = mtk_ovl_adaptor_remove_comp,
> >  	.get_formats = mtk_ovl_adaptor_get_formats,
> >  	.get_num_formats = mtk_ovl_adaptor_get_num_formats,
> > +	.get_sec_port = mtk_ovl_adaptor_get_sec_port,
> >  };
> >  
> >  static const char * const mtk_ddp_comp_stem[MTK_DDP_COMP_TYPE_MAX]
> > =
> > {

Re: [PATCH v2 08/11] drm/mediatek: Add secure layer config support for ovl_adaptor

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 7105 bytes --]

[-- Attachment #2: Type: text/plain, Size: 3736 bytes --]

Hi Angelo,

Thanks for the reviews.

On Tue, 2023-10-24 at 10:37 +0200, AngeloGioacchino Del Regno wrote:
> Il 23/10/23 06:45, Jason-JH.Lin ha scritto:
> > Add secure layer config support for ovl_adaptor and sub driver
> > mdp_rdma.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >   drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c |  3 +++
> >   drivers/gpu/drm/mediatek/mtk_mdp_rdma.c         | 11 ++++++++---
> >   drivers/gpu/drm/mediatek/mtk_mdp_rdma.h         |  2 ++
> >   3 files changed, 13 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > index 28a0bccfb0b9..274961222672 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> > @@ -153,6 +153,9 @@ void mtk_ovl_adaptor_layer_config(struct device
> > *dev, unsigned int idx,
> >   	rdma_config.pitch = pending->pitch;
> >   	rdma_config.fmt = pending->format;
> >   	rdma_config.color_encoding = pending->color_encoding;
> > +	rdma_config.source_size = (pending->height - 1) * pending-
> > >pitch +
> > +				  pending->width * fmt_info->cpp[0];
> > +	rdma_config.is_sec = state->pending.is_sec;
> >   	mtk_mdp_rdma_config(rdma_l, &rdma_config, cmdq_pkt);
> >   
> >   	if (use_dual_pipe) {
> > diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> > b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> > index c3adaeefd551..1c4798e3bbc3 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.c
> > @@ -94,6 +94,7 @@ struct mtk_mdp_rdma {
> >   	void __iomem		*regs;
> >   	struct clk		*clk;
> >   	struct cmdq_client_reg	cmdq_reg;
> > +	resource_size_t		regs_pa;
> >   };
> >   
> >   static unsigned int rdma_fmt_convert(unsigned int fmt)
> > @@ -198,9 +199,12 @@ void mtk_mdp_rdma_config(struct device *dev,
> > struct mtk_mdp_rdma_cfg *cfg,
> >   	else
> >   		mtk_ddp_write_mask(cmdq_pkt, 0, &priv->cmdq_reg, priv-
> > >regs,
> >   				   MDP_RDMA_SRC_CON, FLD_OUTPUT_ARGB);
> > -
> > -	mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv->cmdq_reg, priv-
> > >regs,
> > -			   MDP_RDMA_SRC_BASE_0, FLD_SRC_BASE_0);
> > +	if (cfg->is_sec)
> > +		mtk_ddp_sec_write(cmdq_pkt, priv->regs_pa +
> > MDP_RDMA_SRC_BASE_0,
> > +				  cfg->addr0, CMDQ_IWC_H_2_MVA, 0, cfg-
> > >source_size, 0);
> > +	else
> > +		mtk_ddp_write_mask(cmdq_pkt, cfg->addr0, &priv-
> > >cmdq_reg, priv->regs,
> > +				   MDP_RDMA_SRC_BASE_0,
> > FLD_SRC_BASE_0);
> >   
> >   	mtk_ddp_write_mask(cmdq_pkt, src_pitch_y, &priv->cmdq_reg,
> > priv->regs,
> >   			   MDP_RDMA_MF_BKGD_SIZE_IN_BYTE,
> > FLD_MF_BKGD_WB);
> > @@ -285,6 +289,7 @@ static int mtk_mdp_rdma_probe(struct
> > platform_device *pdev)
> >   		return -ENOMEM;
> >   
> >   	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > +	priv->regs_pa = res->start;
> >   	priv->regs = devm_ioremap_resource(dev, res);
> >   	if (IS_ERR(priv->regs)) {
> >   		dev_err(dev, "failed to ioremap rdma\n");
> > diff --git a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> > b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> > index 9943ee3aac31..9add18e96319 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_mdp_rdma.h
> > @@ -15,6 +15,8 @@ struct mtk_mdp_rdma_cfg {
> >   	unsigned int	y_top;
> >   	int		fmt;
> >   	int		color_encoding;
> > +	unsigned int	source_size;
> > +	unsigned int	is_sec;
> 
> is_secure looks better.
> 

OK, I'll change it.

Regards,
Jason-JH.Lin

> Regards,
> Angelo
> 
> >   };
> >   
> >   #endif // __MTK_MDP_RDMA_H__
> 
> 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 9191 bytes --]

[-- Attachment #2: Type: text/plain, Size: 4916 bytes --]

Hi CK,

Thanks for the reviews.

On Tue, 2023-10-24 at 07:42 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > To add secure flow support for mediatek-drm, each crtc have to
> > create a secure cmdq mailbox channel. Then cmdq packets with
> > display HW configuration will be sent to secure cmdq mailbox
> > channel
> > and configured in the secure world.
> > 
> > Each crtc have to use secure cmdq interface to configure some
> > secure
> > settings for display HW before sending cmdq packets to secure cmdq
> > mailbox channel.
> > 
> > If any of fb get from current drm_atomic_state is secure, then crtc
> > will switch to the secure flow to configure display HW.
> > If all fbs are not secure in current drm_atomic_state, then crtc
> > will
> > switch to the normal flow.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > ++++++++++++++++++++++-
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> >  3 files changed, 269 insertions(+), 11 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > index b6fa4ad2f94d..6c2cf339b923 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > @@ -56,6 +56,11 @@ struct mtk_drm_crtc {
> >  	u32				cmdq_event;
> >  	u32				cmdq_vblank_cnt;
> >  	wait_queue_head_t		cb_blocking_queue;
> > +
> > +	struct cmdq_client		sec_cmdq_client;
> > +	struct cmdq_pkt			sec_cmdq_handle;
> > +	bool				sec_cmdq_working;
> > +	wait_queue_head_t		sec_cb_blocking_queue;
> >  #endif
> >  
> >  	struct device			*mmsys_dev;
> > @@ -67,6 +72,7 @@ struct mtk_drm_crtc {
> >  	/* lock for display hardware access */
> >  	struct mutex			hw_lock;
> >  	bool				config_updating;
> > +	bool				sec_on;
> >  };
> >  
> >  struct mtk_crtc_state {
> > @@ -109,6 +115,154 @@ static void mtk_drm_finish_page_flip(struct
> > mtk_drm_crtc *mtk_crtc)
> >  	}
> >  }
> >  
> > +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
> > +{
> > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > +	int i;
> > +	struct mtk_ddp_comp *ddp_first_comp;
> > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> > +	u64 sec_port = 0; /* for larb port read input secure fb */
> > +
> > +	mutex_lock(&mtk_crtc->hw_lock);
> > +
> > +	if (!mtk_crtc->sec_cmdq_client.chan) {
> > +		pr_err("crtc-%d secure mbox channel is NULL\n",
> > drm_crtc_index(crtc));
> > +		goto err;
> > +	}
> > +
> > +	if (!mtk_crtc->sec_on) {
> > +		pr_debug("crtc-%d is already disabled!\n",
> > drm_crtc_index(crtc));
> > +		goto err;
> > +	}
> > +
> > +	mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> > +	mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> > +
> > +	if (mtk_crtc->sec_cmdq_handle.sec_data) {
> > +		struct cmdq_sec_data *sec_data;
> > +
> > +		sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> > +		sec_data->addrMetadataCount = 0;
> > +		sec_data->addrMetadatas = (uintptr_t)NULL;
> > +	}
> > +
> > +	/*
> > +	 * Secure path only support DL mode, so we just wait
> > +	 * the first path frame done here
> > +	 */
> > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> > false);
> > +
> > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > +	for (i = 0; i < mtk_crtc->layer_nr; i++) {
> > +		struct drm_plane *plane = &mtk_crtc->planes[i];
> > +
> > +		sec_port |=
> > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > +
> > +		/* make sure secure layer off before switching secure
> > state */
> > +		if (!mtk_plane_fb_is_secure(plane->state->fb)) {
> > +			struct mtk_plane_state *plane_state =
> > to_mtk_plane_state(plane->state);
> > +
> > +			plane_state->pending.enable = false;
> > +			mtk_ddp_comp_layer_config(ddp_first_comp, i,
> > plane_state,
> > +						  &mtk_crtc-
> > > sec_cmdq_handle);
> 
> You disable layer here and disable secure path in
> cmdq_sec_pkt_set_data() later. But this is real world and could be
> hacked by hacker. If hacker do not disable layer here but disable
> secure path in cmdq_sec_pkt_set_data() later, the hardware would keep
> reading secure buffer and path is not secure? That means video could
> output to HDMI without HDCP?

Disabling secure path by cmdq_sec_pkt_set_data() will also switch the
larb used by OVL to non-secure identity. So even if the secure layer is
enabled, OVL can not access secure DRAM with non-secure larb.

And it will cause a IOMMU translation fault when non-secure larb access
the address of secure DRAM.

Regards,
Jason-JH.Lin

> 
> Regards,
> CK 
> 

Re: [PATCH v2 10/11] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 4485 bytes --]

[-- Attachment #2: Type: text/plain, Size: 2378 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> Add cmdq_insert_backup_cookie to append some commands before EOC:
> 1. Get GCE HW thread execute count from the GCE HW register.
> 2. Add 1 to the execute count and then store into a shared memory.

I think when cmdq driver handler interrupt, it could simply call into
TEE with an API to query status. The status not only the execute count,
but also other message including error information. So it's not
necessary to use such non-tricky way to get execute count.

One more question. The command buffer is not secure. Does the GCE
hardware execute this non-secure command buffer?

Regards,
CK

> 3. Set a software event siganl as secure irq to GCE HW.
> 
> Since the value of execute count + 1 is stored in a shared memory,
> CMDQ driver in the normal world can use it to handle task done in irq
> handler and CMDQ driver in the secure world will use it to schedule
> the task slot for each secure thread.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> index 6c2cf339b923..399aa6bb2f8d 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> @@ -177,7 +177,7 @@ void mtk_crtc_disable_secure_state(struct
> drm_crtc *crtc)
>  		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
>  
>  	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> sec_engine, sec_scn);
> -
> +	cmdq_sec_insert_backup_cookie(&mtk_crtc->sec_cmdq_handle);
>  	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
>  	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan-
> >mbox->dev,
>  				   mtk_crtc->sec_cmdq_handle.pa_base,
> @@ -786,6 +786,8 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  		cmdq_pkt_clear_event(cmdq_handle, mtk_crtc-
> >cmdq_event);
>  		cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
>  		mtk_crtc_ddp_config(crtc, cmdq_handle);
> +		if (cmdq_handle->sec_data)
> +			cmdq_sec_insert_backup_cookie(cmdq_handle);
>  		cmdq_pkt_finalize(cmdq_handle);
>  		dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
>  					   cmdq_handle->pa_base,

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 11243 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6845 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> Add secure layer config support for ovl.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
>  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> +++++++++++++++++--
>  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
>  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
>  4 files changed, 46 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> index 2254038519e1..dec937b183a8 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> @@ -9,6 +9,7 @@
>  #include <linux/soc/mediatek/mtk-cmdq.h>
>  #include <linux/soc/mediatek/mtk-mmsys.h>
>  #include <linux/soc/mediatek/mtk-mutex.h>
> +#include "mtk_drm_ddp_comp.h"
>  #include "mtk_drm_plane.h"
>  #include "mtk_mdp_rdma.h"
>  
> @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
>  void mtk_ovl_config(struct device *dev, unsigned int w,
>  		    unsigned int h, unsigned int vrefresh,
>  		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> idx);
>  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
>  			struct mtk_plane_state *mtk_state);
>  void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device
> *dev);
>  void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
>  			    unsigned int h, unsigned int vrefresh,
>  			    unsigned int bpc, struct cmdq_pkt
> *cmdq_pkt);
> +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> int idx);
>  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> idx,
>  				  struct mtk_plane_state *state,
>  				  struct cmdq_pkt *cmdq_pkt);
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> index 2bffe4245466..76e832e4875a 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> @@ -46,6 +46,7 @@
>  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr +
> 0x20 * (n))
>  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> >addr + 0x20 * (n) + 0x04)
>  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> >addr + 0x20 * (n) + 0x08)
> +#define DISP_REG_OVL_SECURE			0x0fc0
>  
>  #define GMC_THRESHOLD_BITS	16
>  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
>  	const struct mtk_disp_ovl_data	*data;
>  	void				(*vblank_cb)(void *data);
>  	void				*vblank_cb_data;
> +	resource_size_t			regs_pa;
>  };
>  
> +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> idx)
> +{
> +	if (comp->id == DDP_COMPONENT_OVL0)
> +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> +	else if (comp->id == DDP_COMPONENT_OVL1)
> +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> +
> +	return 0;
> +}
> +
>  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
>  {
>  	struct mtk_disp_ovl *priv = dev_id;
> @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev,
> unsigned int idx,
>  			      DISP_REG_OVL_SRC_SIZE(idx));
>  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> >regs,
>  			      DISP_REG_OVL_OFFSET(idx));
> -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> >regs,
> -			      DISP_REG_OVL_ADDR(ovl, idx));
> +
> +	if (state->pending.is_sec) {
> +		const struct drm_format_info *fmt_info =
> drm_format_info(fmt);
> +		unsigned int buf_size = (pending->height - 1) *
> pending->pitch +
> +					pending->width * fmt_info-
> >cpp[0];
> +
> +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> ovl->regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));
> +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> DISP_REG_OVL_ADDR(ovl, idx),
> +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> buf_size, 0);

Why pass ovl->regs_pa into cmdq driver? cmdq just need subsys and
offset.
In addition, why pass buf_size?

Regards,
CK

> +	} else {
> +		mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl-
> >regs,
> +				   DISP_REG_OVL_SECURE, BIT(idx));
> +		mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg,
> ovl->regs,
> +				      DISP_REG_OVL_ADDR(ovl, idx));
> +	}
>  
>  	if (is_afbc) {
>  		mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl-
> >cmdq_reg, ovl->regs,
> @@ -529,6 +555,7 @@ static int mtk_disp_ovl_probe(struct
> platform_device *pdev)
>  	}
>  
>  	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	priv->regs_pa = res->start;
>  	priv->regs = devm_ioremap_resource(dev, res);
>  	if (IS_ERR(priv->regs)) {
>  		dev_err(dev, "failed to ioremap ovl\n");
> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> index 6bf6367853fb..28a0bccfb0b9 100644
> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c
> @@ -83,6 +83,18 @@ static const struct ovl_adaptor_comp_match
> comp_matches[OVL_ADAPTOR_ID_MAX] = {
>  	[OVL_ADAPTOR_ETHDR0]	= { OVL_ADAPTOR_TYPE_ETHDR, 0 },
>  };
>  
> +static const u64 ovl_adaptor_sec_port[] = {
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L0,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L1,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L2,
> +	1ULL << CMDQ_SEC_VDO1_DISP_RDMA_L3,
> +};
> +
> +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> int idx)
> +{
> +	return ovl_adaptor_sec_port[idx];
> +}
> +
>  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> idx,
>  				  struct mtk_plane_state *state,
>  				  struct cmdq_pkt *cmdq_pkt)
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> index 3dca936b9143..eec3a1cc2ed4 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c
> @@ -373,6 +373,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl =
> {
>  	.bgclr_in_off = mtk_ovl_bgclr_in_off,
>  	.get_formats = mtk_ovl_get_formats,
>  	.get_num_formats = mtk_ovl_get_num_formats,
> +	.get_sec_port = mtk_ovl_get_sec_port,
>  };
>  
>  static const struct mtk_ddp_comp_funcs ddp_postmask = {
> @@ -424,6 +425,7 @@ static const struct mtk_ddp_comp_funcs
> ddp_ovl_adaptor = {
>  	.remove = mtk_ovl_adaptor_remove_comp,
>  	.get_formats = mtk_ovl_adaptor_get_formats,
>  	.get_num_formats = mtk_ovl_adaptor_get_num_formats,
> +	.get_sec_port = mtk_ovl_adaptor_get_sec_port,
>  };
>  
>  static const char * const mtk_ddp_comp_stem[MTK_DDP_COMP_TYPE_MAX] =
> {

Re: [PATCH v2 00/11] Add mediate-drm secure flow for SVP

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 10041 bytes --]

[-- Attachment #2: Type: text/plain, Size: 5571 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> The patch series provides drm driver support for enabling secure
> video
> path (SVP) playback on MediaiTek hardware in the Linux kernel.
> 
> Memory Definitions:
> secure memory - Memory allocated in the TEE (Trusted Execution
> Environment) which is inaccessible in the REE (Rich Execution
> Environment, i.e. linux kernel/userspace).
> secure handle - Integer value which acts as reference to 'secure
> memory'. Used in communication between TEE and REE to reference
> 'secure memory'.
> secure buffer - 'secure memory' that is used to store decrypted,
> compressed video or for other general purposes in the TEE.
> secure surface - 'secure memory' that is used to store graphic
> buffers.
> 
> Memory Usage in SVP:
> The overall flow of SVP starts with encrypted video coming in from an
> outside source into the REE. The REE will then allocate a 'secure
> buffer' and send the corresponding 'secure handle' along with the
> encrypted, compressed video data to the TEE. The TEE will then
> decrypt
> the video and store the result in the 'secure buffer'. The REE will
> then allocate a 'secure surface'. The REE will pass the 'secure
> handles' for both the 'secure buffer' and 'secure surface' into the
> TEE for video decoding. The video decoder HW will then decode the
> contents of the 'secure buffer' and place the result in the 'secure
> surface'. The REE will then attach the 'secure surface' to the
> overlay
> plane for rendering of the video.
> 
> Everything relating to ensuring security of the actual contents of
> the
> 'secure buffer' and 'secure surface' is out of scope for the REE and
> is the responsibility of the TEE.
> 
> DRM driver handles allocation of gem objects that are backed by a
> 'secure
> surface' and for displaying a 'secure surface' on the overlay plane.
> This introduces a new flag for object creation called
> DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a 'secure
> surface'. All changes here are in MediaTek specific code.
> 
> ---
> Based on 3 series and 1 patch:
> [1] dma-buf: heaps: Add MediaTek secure heap
> - 
> https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782776__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSQXcbgPU$
>  
> 
> [2] add driver to support secure video decoder
> - 
> https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782922__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSIPyCQxI$
>  
> 
> [3] soc: mediatek: Add register definitions for GCE
> - 
> https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSrO8gmbI$
>  
> 
> [4] Add CMDQ secure driver for SVP
> - 
> https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=795502__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSposD2Rk$
>  

Secure display depend on secure mmsys. Routing control should be secure
so mmsys driver should have some modification that call into secure
world to change routing. Add mmsys series in this dependency list.

Regards,
CK

> ---
> Change in v2:
> 
> 1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
> 2. move cmdq_insert_backup_cookie into client driver
> 3. move secure gce node define from mt8195-cherry.dtsi to mt8195.dtsi
> ---
> 
> CK Hu (1):
>   drm/mediatek: Add interface to allocate MediaTek GEM buffer.
> 
> Jason-JH.Lin (10):
>   drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag
>   drm/mediatek: Add secure buffer control flow to mtk_drm_gem
>   drm/mediatek: Add secure identify flag and funcution to
> mtk_drm_plane
>   drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info
>   drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
>   drm/mediatek: Add secure layer config support for ovl
>   drm/mediatek: Add secure layer config support for ovl_adaptor
>   drm/mediatek: Add secure flow support to mediatek-drm
>   drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt
> finalize
>   arm64: dts: mt8195: Add secure mbox settings for vdosys
> 
>  arch/arm64/boot/dts/mediatek/mt8195.dtsi      |   6 +-
>  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |   3 +
>  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       |  31 +-
>  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   |  15 +
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.c       | 274
> +++++++++++++++++-
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.h       |   1 +
>  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  14 +
>  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h   |  13 +
>  drivers/gpu/drm/mediatek/mtk_drm_drv.c        |  13 +
>  drivers/gpu/drm/mediatek/mtk_drm_gem.c        | 121 ++++++++
>  drivers/gpu/drm/mediatek/mtk_drm_gem.h        |  16 +
>  drivers/gpu/drm/mediatek/mtk_drm_plane.c      |   7 +
>  drivers/gpu/drm/mediatek/mtk_drm_plane.h      |   2 +
>  drivers/gpu/drm/mediatek/mtk_mdp_rdma.c       |  11 +-
>  drivers/gpu/drm/mediatek/mtk_mdp_rdma.h       |   2 +
>  include/uapi/drm/mediatek_drm.h               |  59 ++++
>  16 files changed, 570 insertions(+), 18 deletions(-)
>  create mode 100644 include/uapi/drm/mediatek_drm.h
> 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 26924 bytes --]

[-- Attachment #2: Type: text/plain, Size: 17491 bytes --]

Hi, Jason:

On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> To add secure flow support for mediatek-drm, each crtc have to
> create a secure cmdq mailbox channel. Then cmdq packets with
> display HW configuration will be sent to secure cmdq mailbox channel
> and configured in the secure world.
> 
> Each crtc have to use secure cmdq interface to configure some secure
> settings for display HW before sending cmdq packets to secure cmdq
> mailbox channel.
> 
> If any of fb get from current drm_atomic_state is secure, then crtc
> will switch to the secure flow to configure display HW.
> If all fbs are not secure in current drm_atomic_state, then crtc will
> switch to the normal flow.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> ++++++++++++++++++++++-
>  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
>  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
>  3 files changed, 269 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> index b6fa4ad2f94d..6c2cf339b923 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> @@ -56,6 +56,11 @@ struct mtk_drm_crtc {
>  	u32				cmdq_event;
>  	u32				cmdq_vblank_cnt;
>  	wait_queue_head_t		cb_blocking_queue;
> +
> +	struct cmdq_client		sec_cmdq_client;
> +	struct cmdq_pkt			sec_cmdq_handle;
> +	bool				sec_cmdq_working;
> +	wait_queue_head_t		sec_cb_blocking_queue;
>  #endif
>  
>  	struct device			*mmsys_dev;
> @@ -67,6 +72,7 @@ struct mtk_drm_crtc {
>  	/* lock for display hardware access */
>  	struct mutex			hw_lock;
>  	bool				config_updating;
> +	bool				sec_on;
>  };
>  
>  struct mtk_crtc_state {
> @@ -109,6 +115,154 @@ static void mtk_drm_finish_page_flip(struct
> mtk_drm_crtc *mtk_crtc)
>  	}
>  }
>  
> +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
> +{
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> +	int i;
> +	struct mtk_ddp_comp *ddp_first_comp;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> +	u64 sec_port = 0; /* for larb port read input secure fb */
> +
> +	mutex_lock(&mtk_crtc->hw_lock);
> +
> +	if (!mtk_crtc->sec_cmdq_client.chan) {
> +		pr_err("crtc-%d secure mbox channel is NULL\n",
> drm_crtc_index(crtc));
> +		goto err;
> +	}
> +
> +	if (!mtk_crtc->sec_on) {
> +		pr_debug("crtc-%d is already disabled!\n",
> drm_crtc_index(crtc));
> +		goto err;
> +	}
> +
> +	mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> +	mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> +
> +	if (mtk_crtc->sec_cmdq_handle.sec_data) {
> +		struct cmdq_sec_data *sec_data;
> +
> +		sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> +		sec_data->addrMetadataCount = 0;
> +		sec_data->addrMetadatas = (uintptr_t)NULL;
> +	}
> +
> +	/*
> +	 * Secure path only support DL mode, so we just wait
> +	 * the first path frame done here
> +	 */
> +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> false);
> +
> +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> +	for (i = 0; i < mtk_crtc->layer_nr; i++) {
> +		struct drm_plane *plane = &mtk_crtc->planes[i];
> +
> +		sec_port |=
> mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);

sec_port is useless, so remove it.

> +
> +		/* make sure secure layer off before switching secure
> state */
> +		if (!mtk_plane_fb_is_secure(plane->state->fb)) {
> +			struct mtk_plane_state *plane_state =
> to_mtk_plane_state(plane->state);
> +
> +			plane_state->pending.enable = false;
> +			mtk_ddp_comp_layer_config(ddp_first_comp, i,
> plane_state,
> +						  &mtk_crtc-
> >sec_cmdq_handle);
> +		}
> +	}
> +
> +	/* Disable secure path */
> +	if (drm_crtc_index(crtc) == 0)
> +		sec_scn = CMDQ_SEC_PRIMARY_DISP_DISABLE;
> +	else if (drm_crtc_index(crtc) == 1)
> +		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
> +
> +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> sec_engine, sec_scn);
> +
> +	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
> +	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan-
> >mbox->dev,
> +				   mtk_crtc->sec_cmdq_handle.pa_base,
> +				   mtk_crtc-
> >sec_cmdq_handle.cmd_buf_size,
> +				   DMA_TO_DEVICE);
> +
> +	mtk_crtc->sec_cmdq_working = true;
> +	mbox_send_message(mtk_crtc->sec_cmdq_client.chan, &mtk_crtc-
> >sec_cmdq_handle);
> +	mbox_client_txdone(mtk_crtc->sec_cmdq_client.chan, 0);
> +
> +	// Wait for sec state to be disabled by cmdq
> +	wait_event_timeout(mtk_crtc->sec_cb_blocking_queue,
> +			   !mtk_crtc->sec_cmdq_working,
> +			   msecs_to_jiffies(500));
> +
> +	mtk_crtc->sec_on = false;
> +	pr_debug("crtc-%d disable secure plane!\n",
> drm_crtc_index(crtc));
> +
> +err:
> +	mutex_unlock(&mtk_crtc->hw_lock);
> +#endif
> +}
> +
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
> +{
> +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> +	int i;
> +	struct mtk_ddp_comp *ddp_first_comp;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> +	u64 sec_port = 0; /* for larb port read input secure fb */
> +
> +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> false);
> +
> +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> +		if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
> +			sec_port |=
> mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> +
> +	if (drm_crtc_index(crtc) == 0)
> +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> +	else if (drm_crtc_index(crtc) == 1)
> +		sec_scn = CMDQ_SEC_SUB_DISP;
> +
> +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> sec_port, sec_scn);

In cmdq driver, sec_engine means engine which need dapc. You set 0 to
sec_engine, does it mean that no engine is protected by dapc? If OVL is
not protected by dapc, I think we could use cmdq normal thread to write
OVL register instead of cmdq secure thread.

It's weird that normal world could decide which engine is protected by
dapc. If hacker set 0 for output engine, then outout engine would not
be protected?

Regards,
CK

> +
> +	pr_debug("crtc-%d enable secure plane!\n",
> drm_crtc_index(crtc));
> +}
> +#endif
> +
> +static void mtk_drm_crtc_plane_switch_sec_state(struct drm_crtc
> *crtc,
> +						struct drm_atomic_state
> *state)
> +{
> +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> +	bool sec_on[MAX_CRTC] = {0};
> +	int i;
> +	struct drm_crtc_state *crtc_state;
> +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	struct drm_plane *plane;
> +	struct drm_plane_state *old_plane_state;
> +
> +	for_each_old_plane_in_state(state, plane, old_plane_state, i) {
> +		if (!plane->state->crtc)
> +			continue;
> +
> +		if (plane->state->fb &&
> +		    mtk_plane_fb_is_secure(plane->state->fb) &&
> +		    mtk_crtc->sec_cmdq_client.chan)
> +			sec_on[drm_crtc_index(plane->state->crtc)] =
> true;
> +	}
> +
> +	for_each_old_crtc_in_state(state, crtc, crtc_state, i) {
> +		mtk_crtc = to_mtk_crtc(crtc);
> +
> +		if (!sec_on[i])
> +			mtk_crtc_disable_secure_state(crtc);
> +
> +		mutex_lock(&mtk_crtc->hw_lock);
> +		mtk_crtc->sec_on = true;
> +		mutex_unlock(&mtk_crtc->hw_lock);
> +	}
> +#endif
> +}
> +
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
>  static int mtk_drm_cmdq_pkt_create(struct cmdq_client *client,
> struct cmdq_pkt *pkt,
>  				   size_t size)
> @@ -144,22 +298,33 @@ static void mtk_drm_cmdq_pkt_destroy(struct
> cmdq_pkt *pkt)
>  	dma_unmap_single(client->chan->mbox->dev, pkt->pa_base, pkt-
> >buf_size,
>  			 DMA_TO_DEVICE);
>  	kfree(pkt->va_base);
> +	kfree(pkt->sec_data);
>  }
>  #endif
>  
>  static void mtk_drm_crtc_destroy(struct drm_crtc *crtc)
>  {
>  	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> +	struct mtk_drm_private *priv = crtc->dev->dev_private;
>  	int i;
>  
> +	priv = priv->all_drm_private[drm_crtc_index(crtc)];
> +
>  	mtk_mutex_put(mtk_crtc->mutex);
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
>  	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->cmdq_handle);
> +	mtk_drm_cmdq_pkt_destroy(&mtk_crtc->sec_cmdq_handle);
>  
>  	if (mtk_crtc->cmdq_client.chan) {
>  		mbox_free_channel(mtk_crtc->cmdq_client.chan);
>  		mtk_crtc->cmdq_client.chan = NULL;
>  	}
> +
> +	if (mtk_crtc->sec_cmdq_client.chan) {
> +		device_link_remove(priv->dev, mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev);
> +		mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
> +		mtk_crtc->sec_cmdq_client.chan = NULL;
> +	}
>  #endif
>  
>  	for (i = 0; i < mtk_crtc->ddp_comp_nr; i++) {
> @@ -286,13 +451,18 @@ static void ddp_cmdq_cb(struct mbox_client *cl,
> void *mssg)
>  {
>  	struct cmdq_cb_data *data = mssg;
>  	struct cmdq_client *cmdq_cl = container_of(cl, struct
> cmdq_client, client);
> -	struct mtk_drm_crtc *mtk_crtc = container_of(cmdq_cl, struct
> mtk_drm_crtc, cmdq_client);
> +	struct mtk_drm_crtc *mtk_crtc;
>  	struct mtk_crtc_state *state;
>  	unsigned int i;
>  
>  	if (data->sta < 0)
>  		return;
>  
> +	if (!data->pkt || !data->pkt->sec_data)
> +		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc,
> cmdq_client);
> +	else
> +		mtk_crtc = container_of(cmdq_cl, struct mtk_drm_crtc,
> sec_cmdq_client);
> +
>  	state = to_mtk_crtc_state(mtk_crtc->base.state);
>  
>  	state->pending_config = false;
> @@ -321,6 +491,11 @@ static void ddp_cmdq_cb(struct mbox_client *cl,
> void *mssg)
>  		mtk_crtc->pending_async_planes = false;
>  	}
>  
> +	if (mtk_crtc->sec_cmdq_working) {
> +		mtk_crtc->sec_cmdq_working = false;
> +		wake_up(&mtk_crtc->sec_cb_blocking_queue);
> +	}
> +
>  	mtk_crtc->cmdq_vblank_cnt = 0;
>  	wake_up(&mtk_crtc->cb_blocking_queue);
>  }
> @@ -544,7 +719,8 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  				       bool needs_vblank)
>  {
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
> -	struct cmdq_pkt *cmdq_handle = &mtk_crtc->cmdq_handle;
> +	struct cmdq_client cmdq_client;
> +	struct cmdq_pkt *cmdq_handle;
>  #endif
>  	struct drm_crtc *crtc = &mtk_crtc->base;
>  	struct mtk_drm_private *priv = crtc->dev->dev_private;
> @@ -582,14 +758,36 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  		mtk_mutex_release(mtk_crtc->mutex);
>  	}
>  #if IS_REACHABLE(CONFIG_MTK_CMDQ)
> -	if (mtk_crtc->cmdq_client.chan) {
> +	if (mtk_crtc->sec_on) {
> +		mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> +		mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> +
> +		if (mtk_crtc->sec_cmdq_handle.sec_data) {
> +			struct cmdq_sec_data *sec_data;
> +
> +			sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> +			sec_data->addrMetadataCount = 0;
> +			sec_data->addrMetadatas = (uintptr_t)NULL;
> +		}
> +
> +		mtk_crtc_enable_secure_state(crtc);
> +
> +		cmdq_client = mtk_crtc->sec_cmdq_client;
> +		cmdq_handle = &mtk_crtc->sec_cmdq_handle;
> +	} else if (mtk_crtc->cmdq_client.chan) {
>  		mbox_flush(mtk_crtc->cmdq_client.chan, 2000);
> -		cmdq_handle->cmd_buf_size = 0;
> +		mtk_crtc->cmdq_handle.cmd_buf_size = 0;
> +
> +		cmdq_client =  mtk_crtc->cmdq_client;
> +		cmdq_handle = &mtk_crtc->cmdq_handle;
> +	}
> +
> +	if (cmdq_client.chan) {
>  		cmdq_pkt_clear_event(cmdq_handle, mtk_crtc-
> >cmdq_event);
>  		cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
>  		mtk_crtc_ddp_config(crtc, cmdq_handle);
>  		cmdq_pkt_finalize(cmdq_handle);
> -		dma_sync_single_for_device(mtk_crtc->cmdq_client.chan-
> >mbox->dev,
> +		dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
>  					   cmdq_handle->pa_base,
>  					   cmdq_handle->cmd_buf_size,
>  					   DMA_TO_DEVICE);
> @@ -602,8 +800,8 @@ static void mtk_drm_crtc_update_config(struct
> mtk_drm_crtc *mtk_crtc,
>  		 */
>  		mtk_crtc->cmdq_vblank_cnt = 3;
>  
> -		mbox_send_message(mtk_crtc->cmdq_client.chan,
> cmdq_handle);
> -		mbox_client_txdone(mtk_crtc->cmdq_client.chan, 0);
> +		mbox_send_message(cmdq_client.chan, cmdq_handle);
> +		mbox_client_txdone(cmdq_client.chan, 0);
>  	}
>  #endif
>  	mtk_crtc->config_updating = false;
> @@ -706,6 +904,8 @@ static void mtk_drm_crtc_atomic_disable(struct
> drm_crtc *crtc,
>  	if (!mtk_crtc->enabled)
>  		return;
>  
> +	mtk_crtc_disable_secure_state(crtc);
> +
>  	/* Set all pending plane state to disabled */
>  	for (i = 0; i < mtk_crtc->layer_nr; i++) {
>  		struct drm_plane *plane = &mtk_crtc->planes[i];
> @@ -745,6 +945,8 @@ static void mtk_drm_crtc_atomic_begin(struct
> drm_crtc *crtc,
>  	struct mtk_crtc_state *mtk_crtc_state =
> to_mtk_crtc_state(crtc_state);
>  	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
>  
> +	mtk_drm_crtc_plane_switch_sec_state(crtc, state);
> +
>  	if (mtk_crtc->event && mtk_crtc_state->base.event)
>  		DRM_ERROR("new event while there is still a pending
> event\n");
>  
> @@ -1020,8 +1222,7 @@ int mtk_drm_crtc_create(struct drm_device
> *drm_dev,
>  		if (ret) {
>  			dev_dbg(dev, "mtk_crtc %d failed to get
> mediatek,gce-events property\n",
>  				drm_crtc_index(&mtk_crtc->base));
> -			mbox_free_channel(mtk_crtc->cmdq_client.chan);
> -			mtk_crtc->cmdq_client.chan = NULL;
> +			goto cmdq_err;
>  		} else {
>  			ret = mtk_drm_cmdq_pkt_create(&mtk_crtc-
> >cmdq_client,
>  						      &mtk_crtc-
> >cmdq_handle,
> @@ -1029,14 +1230,63 @@ int mtk_drm_crtc_create(struct drm_device
> *drm_dev,
>  			if (ret) {
>  				dev_dbg(dev, "mtk_crtc %d failed to
> create cmdq packet\n",
>  					drm_crtc_index(&mtk_crtc-
> >base));
> -				mbox_free_channel(mtk_crtc-
> >cmdq_client.chan);
> -				mtk_crtc->cmdq_client.chan = NULL;
> +				goto cmdq_err;
>  			}
>  		}
>  
>  		/* for sending blocking cmd in crtc disable */
>  		init_waitqueue_head(&mtk_crtc->cb_blocking_queue);
>  	}
> +
> +	mtk_crtc->sec_cmdq_client.client.dev = mtk_crtc->mmsys_dev;
> +	mtk_crtc->sec_cmdq_client.client.tx_block = false;
> +	mtk_crtc->sec_cmdq_client.client.knows_txdone = true;
> +	mtk_crtc->sec_cmdq_client.client.rx_callback = ddp_cmdq_cb;
> +	mtk_crtc->sec_cmdq_client.chan =
> +			mbox_request_channel(&mtk_crtc-
> >sec_cmdq_client.client, i + 1);
> +	if (IS_ERR(mtk_crtc->sec_cmdq_client.chan)) {
> +		dev_err(dev, "mtk_crtc %d failed to create sec mailbox
> client\n",
> +			drm_crtc_index(&mtk_crtc->base));
> +		mtk_crtc->sec_cmdq_client.chan = NULL;
> +	}
> +
> +	if (mtk_crtc->sec_cmdq_client.chan) {
> +		struct device_link *link;
> +
> +		/* add devlink to cmdq dev to make sure suspend/resume
> order is correct */
> +		link = device_link_add(priv->dev, mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev,
> +				       DL_FLAG_PM_RUNTIME |
> DL_FLAG_STATELESS);
> +		if (!link) {
> +			dev_err(priv->dev, "Unable to link dev=%s\n",
> +				dev_name(mtk_crtc-
> >sec_cmdq_client.chan->mbox->dev));
> +			ret = -ENODEV;
> +			goto cmdq_err;
> +		}
> +
> +		ret = mtk_drm_cmdq_pkt_create(&mtk_crtc-
> >sec_cmdq_client,
> +					      &mtk_crtc-
> >sec_cmdq_handle,
> +					      PAGE_SIZE);
> +		if (ret) {
> +			dev_dbg(dev, "mtk_crtc %d failed to create cmdq
> secure packet\n",
> +				drm_crtc_index(&mtk_crtc->base));
> +			goto cmdq_err;
> +		}
> +
> +		/* for sending blocking cmd in crtc disable */
> +		init_waitqueue_head(&mtk_crtc->sec_cb_blocking_queue);
> +	}
> +
> +cmdq_err:
> +	if (ret) {
> +		if (mtk_crtc->cmdq_client.chan) {
> +			mbox_free_channel(mtk_crtc->cmdq_client.chan);
> +			mtk_crtc->cmdq_client.chan = NULL;
> +		}
> +		if (mtk_crtc->sec_cmdq_client.chan) {
> +			mbox_free_channel(mtk_crtc-
> >sec_cmdq_client.chan);
> +			mtk_crtc->sec_cmdq_client.chan = NULL;
> +		}
> +	}
>  #endif
>  	return 0;
>  }
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> index 3e9046993d09..ff7f81fa6184 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.h
> @@ -19,6 +19,7 @@ int mtk_drm_crtc_create(struct drm_device *drm_dev,
>  			const unsigned int *path,
>  			unsigned int path_len,
>  			int priv_data_index);
> +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc);
>  int mtk_drm_crtc_plane_check(struct drm_crtc *crtc, struct drm_plane
> *plane,
>  			     struct mtk_plane_state *state);
>  void mtk_drm_crtc_async_update(struct drm_crtc *crtc, struct
> drm_plane *plane,
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> index db2f70ae060d..89b5a4e87548 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> @@ -265,6 +265,13 @@ static void mtk_plane_atomic_disable(struct
> drm_plane *plane,
>  	mtk_plane_state->pending.enable = false;
>  	wmb(); /* Make sure the above parameter is set before update */
>  	mtk_plane_state->pending.dirty = true;
> +
> +	if (mtk_plane_state->pending.is_sec) {
> +		struct drm_plane_state *old_state =
> drm_atomic_get_old_plane_state(state, plane);
> +
> +		if (old_state->crtc)
> +			mtk_crtc_disable_secure_state(old_state->crtc);
> +	}
>  }
>  
>  static void mtk_plane_atomic_update(struct drm_plane *plane,

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 14925 bytes --]

[-- Attachment #2: Type: text/plain, Size: 8315 bytes --]

On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > To add secure flow support for mediatek-drm, each crtc have to
> > create a secure cmdq mailbox channel. Then cmdq packets with
> > display HW configuration will be sent to secure cmdq mailbox
> > channel
> > and configured in the secure world.
> > 
> > Each crtc have to use secure cmdq interface to configure some
> > secure
> > settings for display HW before sending cmdq packets to secure cmdq
> > mailbox channel.
> > 
> > If any of fb get from current drm_atomic_state is secure, then crtc
> > will switch to the secure flow to configure display HW.
> > If all fbs are not secure in current drm_atomic_state, then crtc
> > will
> > switch to the normal flow.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > ++++++++++++++++++++++-
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> >  3 files changed, 269 insertions(+), 11 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > index b6fa4ad2f94d..6c2cf339b923 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> > @@ -56,6 +56,11 @@ struct mtk_drm_crtc {
> >  	u32				cmdq_event;
> >  	u32				cmdq_vblank_cnt;
> >  	wait_queue_head_t		cb_blocking_queue;
> > +
> > +	struct cmdq_client		sec_cmdq_client;
> > +	struct cmdq_pkt			sec_cmdq_handle;
> > +	bool				sec_cmdq_working;
> > +	wait_queue_head_t		sec_cb_blocking_queue;
> >  #endif
> >  
> >  	struct device			*mmsys_dev;
> > @@ -67,6 +72,7 @@ struct mtk_drm_crtc {
> >  	/* lock for display hardware access */
> >  	struct mutex			hw_lock;
> >  	bool				config_updating;
> > +	bool				sec_on;
> >  };
> >  
> >  struct mtk_crtc_state {
> > @@ -109,6 +115,154 @@ static void mtk_drm_finish_page_flip(struct
> > mtk_drm_crtc *mtk_crtc)
> >  	}
> >  }
> >  
> > +void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
> > +{
> > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > +	int i;
> > +	struct mtk_ddp_comp *ddp_first_comp;
> > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> > +	u64 sec_port = 0; /* for larb port read input secure fb */
> > +
> > +	mutex_lock(&mtk_crtc->hw_lock);
> > +
> > +	if (!mtk_crtc->sec_cmdq_client.chan) {
> > +		pr_err("crtc-%d secure mbox channel is NULL\n",
> > drm_crtc_index(crtc));
> > +		goto err;
> > +	}
> > +
> > +	if (!mtk_crtc->sec_on) {
> > +		pr_debug("crtc-%d is already disabled!\n",
> > drm_crtc_index(crtc));
> > +		goto err;
> > +	}
> > +
> > +	mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
> > +	mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
> > +
> > +	if (mtk_crtc->sec_cmdq_handle.sec_data) {
> > +		struct cmdq_sec_data *sec_data;
> > +
> > +		sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
> > +		sec_data->addrMetadataCount = 0;
> > +		sec_data->addrMetadatas = (uintptr_t)NULL;
> > +	}
> > +
> > +	/*
> > +	 * Secure path only support DL mode, so we just wait
> > +	 * the first path frame done here
> > +	 */
> > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> > false);
> > +
> > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > +	for (i = 0; i < mtk_crtc->layer_nr; i++) {
> > +		struct drm_plane *plane = &mtk_crtc->planes[i];
> > +
> > +		sec_port |=
> > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> 
> sec_port is useless, so remove it.
> 
> > +
> > +		/* make sure secure layer off before switching secure
> > state */
> > +		if (!mtk_plane_fb_is_secure(plane->state->fb)) {
> > +			struct mtk_plane_state *plane_state =
> > to_mtk_plane_state(plane->state);
> > +
> > +			plane_state->pending.enable = false;
> > +			mtk_ddp_comp_layer_config(ddp_first_comp, i,
> > plane_state,
> > +						  &mtk_crtc-
> > > sec_cmdq_handle);
> > 
> > +		}
> > +	}
> > +
> > +	/* Disable secure path */
> > +	if (drm_crtc_index(crtc) == 0)
> > +		sec_scn = CMDQ_SEC_PRIMARY_DISP_DISABLE;
> > +	else if (drm_crtc_index(crtc) == 1)
> > +		sec_scn = CMDQ_SEC_SUB_DISP_DISABLE;
> > +
> > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> > sec_engine, sec_scn);
> > +
> > +	cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
> > +	dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan-
> > > mbox->dev,
> > 
> > +				   mtk_crtc->sec_cmdq_handle.pa_base,
> > +				   mtk_crtc-
> > > sec_cmdq_handle.cmd_buf_size,
> > 
> > +				   DMA_TO_DEVICE);
> > +
> > +	mtk_crtc->sec_cmdq_working = true;
> > +	mbox_send_message(mtk_crtc->sec_cmdq_client.chan, &mtk_crtc-
> > > sec_cmdq_handle);
> > 
> > +	mbox_client_txdone(mtk_crtc->sec_cmdq_client.chan, 0);
> > +
> > +	// Wait for sec state to be disabled by cmdq
> > +	wait_event_timeout(mtk_crtc->sec_cb_blocking_queue,
> > +			   !mtk_crtc->sec_cmdq_working,
> > +			   msecs_to_jiffies(500));
> > +
> > +	mtk_crtc->sec_on = false;
> > +	pr_debug("crtc-%d disable secure plane!\n",
> > drm_crtc_index(crtc));
> > +
> > +err:
> > +	mutex_unlock(&mtk_crtc->hw_lock);
> > +#endif
> > +}
> > +
> > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > +static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
> > +{
> > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > +	int i;
> > +	struct mtk_ddp_comp *ddp_first_comp;
> > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> > +	u64 sec_port = 0; /* for larb port read input secure fb */
> > +
> > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> > false);
> > +
> > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> > +		if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
> > +			sec_port |=
> > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > +
> > +	if (drm_crtc_index(crtc) == 0)
> > +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> > +	else if (drm_crtc_index(crtc) == 1)
> > +		sec_scn = CMDQ_SEC_SUB_DISP;
> > +
> > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> > sec_port, sec_scn);
> 
> In cmdq driver, sec_engine means engine which need dapc. You set 0 to
> sec_engine, does it mean that no engine is protected by dapc? If OVL
> is
> not protected by dapc, I think we could use cmdq normal thread to
> write
> OVL register instead of cmdq secure thread.
> 

We enable DPAC protection for the engine that is able to write data to
the DRAM address set on their register, such as WDMA and WROT, to avoid
their register being set to the normal DRAM address.

We enable larb port protection for the engine that is able to read data
from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid secure
DRAM being read by the non-secure larb port. So we don't need toenable
DAPC for these engines.

No mater DAPC protection or larb port protection, they both need to use
sec_engine to tell TEE which engines need to be protected.

But OVL is a special HW engine, it can only set its DISP_REG_OVL_SECURE
register in [PATCH v2 07/11] to enable its larb port protection, so OVL
no need to set the sec_engine. But we'll move that part to the TEE
secure world, so that means OVL sec_engine will be set here in the next
version.

> It's weird that normal world could decide which engine is protected
> by
> dapc. If hacker set 0 for output engine, then outout engine would not
> be protected?
> 
If hacker set 0 for output engine, TEE world will check that output
engine didn't set sec_engine from normal world by verifying instruction
where the output engine instruction set the secure handle.

We still need to set sec_engine to check that all the sec_engine fags
are matched to the scenario and instruction verification in the secure
world.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> > +
> > +	pr_debug("crtc-%d enable secure plane!\n",
> > drm_crtc_index(crtc));
> > +}
> > +#endif
> > 

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 9328 bytes --]

[-- Attachment #2: Type: text/plain, Size: 4954 bytes --]

Hi CK,

On Thu, 2023-10-26 at 10:07 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > Add secure layer config support for ovl.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > ---
> >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
> >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> > +++++++++++++++++--
> >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
> >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
> >  4 files changed, 46 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > index 2254038519e1..dec937b183a8 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > @@ -9,6 +9,7 @@
> >  #include <linux/soc/mediatek/mtk-cmdq.h>
> >  #include <linux/soc/mediatek/mtk-mmsys.h>
> >  #include <linux/soc/mediatek/mtk-mutex.h>
> > +#include "mtk_drm_ddp_comp.h"
> >  #include "mtk_drm_plane.h"
> >  #include "mtk_mdp_rdma.h"
> >  
> > @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
> >  void mtk_ovl_config(struct device *dev, unsigned int w,
> >  		    unsigned int h, unsigned int vrefresh,
> >  		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx);
> >  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
> >  			struct mtk_plane_state *mtk_state);
> >  void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> > @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct device
> > *dev);
> >  void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
> >  			    unsigned int h, unsigned int vrefresh,
> >  			    unsigned int bpc, struct cmdq_pkt
> > *cmdq_pkt);
> > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > unsigned
> > int idx);
> >  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned int
> > idx,
> >  				  struct mtk_plane_state *state,
> >  				  struct cmdq_pkt *cmdq_pkt);
> > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > index 2bffe4245466..76e832e4875a 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > @@ -46,6 +46,7 @@
> >  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data->addr +
> > 0x20 * (n))
> >  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> > > addr + 0x20 * (n) + 0x04)
> > 
> >  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> > > addr + 0x20 * (n) + 0x08)
> > 
> > +#define DISP_REG_OVL_SECURE			0x0fc0
> >  
> >  #define GMC_THRESHOLD_BITS	16
> >  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> > @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
> >  	const struct mtk_disp_ovl_data	*data;
> >  	void				(*vblank_cb)(void *data);
> >  	void				*vblank_cb_data;
> > +	resource_size_t			regs_pa;
> >  };
> >  
> > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > idx)
> > +{
> > +	if (comp->id == DDP_COMPONENT_OVL0)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> > +	else if (comp->id == DDP_COMPONENT_OVL1)
> > +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> > +
> > +	return 0;
> > +}
> > +
> >  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
> >  {
> >  	struct mtk_disp_ovl *priv = dev_id;
> > @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device *dev,
> > unsigned int idx,
> >  			      DISP_REG_OVL_SRC_SIZE(idx));
> >  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> > > regs,
> > 
> >  			      DISP_REG_OVL_OFFSET(idx));
> > -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> > > regs,
> > 
> > -			      DISP_REG_OVL_ADDR(ovl, idx));
> > +
> > +	if (state->pending.is_sec) {
> > +		const struct drm_format_info *fmt_info =
> > drm_format_info(fmt);
> > +		unsigned int buf_size = (pending->height - 1) *
> > pending->pitch +
> > +					pending->width * fmt_info-
> > > cpp[0];
> > 
> > +
> > +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> > ovl->regs,
> > +				   DISP_REG_OVL_SECURE, BIT(idx));
> > +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> > DISP_REG_OVL_ADDR(ovl, idx),
> > +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> > buf_size, 0);
> 
> Why pass ovl->regs_pa into cmdq driver? cmdq just need subsys and
> offset.

Yes, that's not necessary and I can refine that in the future. Because
this change will also need to modify the code in CMDQ PTA, so I'll fix
other issues in normal world first. Then I'll refine this place after a
few version.

> In addition, why pass buf_size?
> 
This buf_size is the parameter for M4U PTA to verify the range of
secure address in the secure world.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 

Re: [PATCH v2 10/11] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 3590 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1569 bytes --]

Hi CK,

On Thu, 2023-10-26 at 02:26 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > Add cmdq_insert_backup_cookie to append some commands before EOC:
> > 1. Get GCE HW thread execute count from the GCE HW register.
> > 2. Add 1 to the execute count and then store into a shared memory.
> 
> I think when cmdq driver handler interrupt, it could simply call into
> TEE with an API to query status. The status not only the execute
> count,
> but also other message including error information. So it's not
> necessary to use such non-tricky way to get execute count.

The reason why we use shared memory to record execute count here is:
1. normal world can not access the register of secure GCE thread in
normal world.
2. calling TEE invoke cmd in the irq handler would be expensive and not
stable. I've tested that a single TEE invloke cmd to CMDQ PTA costs
19~53 us. Maybe it would cost more during the scenario that needs more
CPU loading.

> 
> One more question. The command buffer is not secure. Does the GCE
> hardware execute this non-secure command buffer?
> 
GCE command buffer is generate in the normal world first. Then it will
be copied to the shared memory and pass to the secure world. All the
instruction in command buffer will be verified in secure world then
they will be copied to the secure command buffer and executed by GCE
secure thread. I'll add this information to the cover letter at the
next version.

Regards
Jason-JH.Lin

> Regards,
> CK
> 

Re: [PATCH v2 00/11] Add mediate-drm secure flow for SVP

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 11671 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6139 bytes --]

Hi CK,

Thanks for the reviews.

On Tue, 2023-10-31 at 02:12 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > The patch series provides drm driver support for enabling secure
> > video
> > path (SVP) playback on MediaiTek hardware in the Linux kernel.
> > 
> > Memory Definitions:
> > secure memory - Memory allocated in the TEE (Trusted Execution
> > Environment) which is inaccessible in the REE (Rich Execution
> > Environment, i.e. linux kernel/userspace).
> > secure handle - Integer value which acts as reference to 'secure
> > memory'. Used in communication between TEE and REE to reference
> > 'secure memory'.
> > secure buffer - 'secure memory' that is used to store decrypted,
> > compressed video or for other general purposes in the TEE.
> > secure surface - 'secure memory' that is used to store graphic
> > buffers.
> > 
> > Memory Usage in SVP:
> > The overall flow of SVP starts with encrypted video coming in from
> > an
> > outside source into the REE. The REE will then allocate a 'secure
> > buffer' and send the corresponding 'secure handle' along with the
> > encrypted, compressed video data to the TEE. The TEE will then
> > decrypt
> > the video and store the result in the 'secure buffer'. The REE will
> > then allocate a 'secure surface'. The REE will pass the 'secure
> > handles' for both the 'secure buffer' and 'secure surface' into the
> > TEE for video decoding. The video decoder HW will then decode the
> > contents of the 'secure buffer' and place the result in the 'secure
> > surface'. The REE will then attach the 'secure surface' to the
> > overlay
> > plane for rendering of the video.
> > 
> > Everything relating to ensuring security of the actual contents of
> > the
> > 'secure buffer' and 'secure surface' is out of scope for the REE
> > and
> > is the responsibility of the TEE.
> > 
> > DRM driver handles allocation of gem objects that are backed by a
> > 'secure
> > surface' and for displaying a 'secure surface' on the overlay
> > plane.
> > This introduces a new flag for object creation called
> > DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a 'secure
> > surface'. All changes here are in MediaTek specific code.
> > 
> > ---
> > Based on 3 series and 1 patch:
> > [1] dma-buf: heaps: Add MediaTek secure heap
> > - 
> > 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782776__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSQXcbgPU$
> >  
> > 
> > [2] add driver to support secure video decoder
> > - 
> > 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782922__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSIPyCQxI$
> >  
> > 
> > [3] soc: mediatek: Add register definitions for GCE
> > - 
> > 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSrO8gmbI$
> >  
> > 
> > [4] Add CMDQ secure driver for SVP
> > - 
> > 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=795502__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSposD2Rk$
> >  
> 
> Secure display depend on secure mmsys. Routing control should be
> secure
> so mmsys driver should have some modification that call into secure
> world to change routing. Add mmsys series in this dependency list.

Yes, I'll move the route settings to the secure world for those SVP
supported SoC. The mmsys modifications are still in progress. It will
be send after a few version.

Regards
Jason-JH.Lin

> 
> Regards,
> CK
> 
> > ---
> > Change in v2:
> > 
> > 1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
> > 2. move cmdq_insert_backup_cookie into client driver
> > 3. move secure gce node define from mt8195-cherry.dtsi to
> > mt8195.dtsi
> > ---
> > 
> > CK Hu (1):
> >   drm/mediatek: Add interface to allocate MediaTek GEM buffer.
> > 
> > Jason-JH.Lin (10):
> >   drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag
> >   drm/mediatek: Add secure buffer control flow to mtk_drm_gem
> >   drm/mediatek: Add secure identify flag and funcution to
> > mtk_drm_plane
> >   drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info
> >   drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
> >   drm/mediatek: Add secure layer config support for ovl
> >   drm/mediatek: Add secure layer config support for ovl_adaptor
> >   drm/mediatek: Add secure flow support to mediatek-drm
> >   drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt
> > finalize
> >   arm64: dts: mt8195: Add secure mbox settings for vdosys
> > 
> >  arch/arm64/boot/dts/mediatek/mt8195.dtsi      |   6 +-
> >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |   3 +
> >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       |  31 +-
> >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   |  15 +
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c       | 274
> > +++++++++++++++++-
> >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h       |   1 +
> >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  14 +
> >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h   |  13 +
> >  drivers/gpu/drm/mediatek/mtk_drm_drv.c        |  13 +
> >  drivers/gpu/drm/mediatek/mtk_drm_gem.c        | 121 ++++++++
> >  drivers/gpu/drm/mediatek/mtk_drm_gem.h        |  16 +
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.c      |   7 +
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.h      |   2 +
> >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.c       |  11 +-
> >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.h       |   2 +
> >  include/uapi/drm/mediatek_drm.h               |  59 ++++
> >  16 files changed, 570 insertions(+), 18 deletions(-)
> >  create mode 100644 include/uapi/drm/mediatek_drm.h
> > 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 9965 bytes --]

[-- Attachment #2: Type: text/plain, Size: 4956 bytes --]

On Sun, 2023-11-05 at 13:04 +0000, Jason-JH Lin (林睿祥) wrote:
> On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote:
> > Hi, Jason:
> > 
> > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > To add secure flow support for mediatek-drm, each crtc have to
> > > create a secure cmdq mailbox channel. Then cmdq packets with
> > > display HW configuration will be sent to secure cmdq mailbox
> > > channel
> > > and configured in the secure world.
> > > 
> > > Each crtc have to use secure cmdq interface to configure some
> > > secure
> > > settings for display HW before sending cmdq packets to secure
> > > cmdq
> > > mailbox channel.
> > > 
> > > If any of fb get from current drm_atomic_state is secure, then
> > > crtc
> > > will switch to the secure flow to configure display HW.
> > > If all fbs are not secure in current drm_atomic_state, then crtc
> > > will
> > > switch to the normal flow.
> > > 
> > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > ---
> > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > > ++++++++++++++++++++++-
> > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> > >  3 files changed, 269 insertions(+), 11 deletions(-)
> > > 

[snip]

> > > +
> > > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > > +static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
> > > +{
> > > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > > +	int i;
> > > +	struct mtk_ddp_comp *ddp_first_comp;
> > > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > > +	u64 sec_engine = 0; /* for hw engine write output secure fb */
> > > +	u64 sec_port = 0; /* for larb port read input secure fb */
> > > +
> > > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event,
> > > false);
> > > +
> > > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > > +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> > > +		if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
> > > +			sec_port |=
> > > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > > +
> > > +	if (drm_crtc_index(crtc) == 0)
> > > +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> > > +	else if (drm_crtc_index(crtc) == 1)
> > > +		sec_scn = CMDQ_SEC_SUB_DISP;
> > > +
> > > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine,
> > > sec_port, sec_scn);
> > 
> > In cmdq driver, sec_engine means engine which need dapc. You set 0
> > to
> > sec_engine, does it mean that no engine is protected by dapc? If
> > OVL
> > is
> > not protected by dapc, I think we could use cmdq normal thread to
> > write
> > OVL register instead of cmdq secure thread.
> > 
> 
> We enable DPAC protection for the engine that is able to write data
> to
> the DRAM address set on their register, such as WDMA and WROT, to
> avoid
> their register being set to the normal DRAM address.
> 
> We enable larb port protection for the engine that is able to read
> data
> from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid
> secure
> DRAM being read by the non-secure larb port. So we don't need
> toenable
> DAPC for these engines.
> 
> No mater DAPC protection or larb port protection, they both need to
> use
> sec_engine to tell TEE which engines need to be protected.
> 
> But OVL is a special HW engine, it can only set its
> DISP_REG_OVL_SECURE
> register in [PATCH v2 07/11] to enable its larb port protection, so
> OVL
> no need to set the sec_engine. But we'll move that part to the TEE
> secure world, so that means OVL sec_engine will be set here in the
> next
> version.
> 
> > It's weird that normal world could decide which engine is protected
> > by
> > dapc. If hacker set 0 for output engine, then outout engine would
> > not
> > be protected?
> > 
> 
> If hacker set 0 for output engine, TEE world will check that output
> engine didn't set sec_engine from normal world by verifying
> instruction
> where the output engine instruction set the secure handle.
> 
> We still need to set sec_engine to check that all the sec_engine fags
> are matched to the scenario and instruction verification in the
> secure
> world.

So after secure scenario is set, TEE already have a sec_engine list.
Let's call it TEE sec_engine list. And normal world has another
sec_engine list, let's call it normal sec_engine list. Normal world
pass normal sec_engine list to TEE by cmdq_sec_pkt_set_data() and TEE
would check normal sec_engine list is identical to TEE sec_engine list
or not. If TEE already have a TEE sec_engine list, I think it's not
necessary that normal world have another normal sec_engine list. So
drop this normal sec_engine list parameter.

Regards,
CK

> 
> Regards,
> Jason-JH.Lin
> 
> > Regards,
> > CK
> > 
> > > +
> > > +	pr_debug("crtc-%d enable secure plane!\n",
> > > drm_crtc_index(crtc));
> > > +}
> > > +#endif
> > > 

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 11424 bytes --]

[-- Attachment #2: Type: text/plain, Size: 5713 bytes --]

On Sun, 2023-11-05 at 13:18 +0000, Jason-JH Lin (林睿祥) wrote:
> Hi CK,
> 
> On Thu, 2023-10-26 at 10:07 +0000, CK Hu (胡俊光) wrote:
> > Hi, Jason:
> > 
> > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > Add secure layer config support for ovl.
> > > 
> > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > ---
> > >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
> > >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> > > +++++++++++++++++--
> > >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
> > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
> > >  4 files changed, 46 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > index 2254038519e1..dec937b183a8 100644
> > > --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > @@ -9,6 +9,7 @@
> > >  #include <linux/soc/mediatek/mtk-cmdq.h>
> > >  #include <linux/soc/mediatek/mtk-mmsys.h>
> > >  #include <linux/soc/mediatek/mtk-mutex.h>
> > > +#include "mtk_drm_ddp_comp.h"
> > >  #include "mtk_drm_plane.h"
> > >  #include "mtk_mdp_rdma.h"
> > >  
> > > @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
> > >  void mtk_ovl_config(struct device *dev, unsigned int w,
> > >  		    unsigned int h, unsigned int vrefresh,
> > >  		    unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
> > > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > > idx);
> > >  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
> > >  			struct mtk_plane_state *mtk_state);
> > >  void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
> > > @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct
> > > device
> > > *dev);
> > >  void mtk_ovl_adaptor_config(struct device *dev, unsigned int w,
> > >  			    unsigned int h, unsigned int vrefresh,
> > >  			    unsigned int bpc, struct cmdq_pkt
> > > *cmdq_pkt);
> > > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > > unsigned
> > > int idx);
> > >  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned
> > > int
> > > idx,
> > >  				  struct mtk_plane_state *state,
> > >  				  struct cmdq_pkt *cmdq_pkt);
> > > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > index 2bffe4245466..76e832e4875a 100644
> > > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > @@ -46,6 +46,7 @@
> > >  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data-
> > > >addr +
> > > 0x20 * (n))
> > >  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> > > > addr + 0x20 * (n) + 0x04)
> > > 
> > >  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> > > > addr + 0x20 * (n) + 0x08)
> > > 
> > > +#define DISP_REG_OVL_SECURE			0x0fc0
> > >  
> > >  #define GMC_THRESHOLD_BITS	16
> > >  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> > > @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
> > >  	const struct mtk_disp_ovl_data	*data;
> > >  	void				(*vblank_cb)(void *data);
> > >  	void				*vblank_cb_data;
> > > +	resource_size_t			regs_pa;
> > >  };
> > >  
> > > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int
> > > idx)
> > > +{
> > > +	if (comp->id == DDP_COMPONENT_OVL0)
> > > +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> > > +	else if (comp->id == DDP_COMPONENT_OVL1)
> > > +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> > > +
> > > +	return 0;
> > > +}
> > > +
> > >  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void
> > > *dev_id)
> > >  {
> > >  	struct mtk_disp_ovl *priv = dev_id;
> > > @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device
> > > *dev,
> > > unsigned int idx,
> > >  			      DISP_REG_OVL_SRC_SIZE(idx));
> > >  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl-
> > > > regs,
> > > 
> > >  			      DISP_REG_OVL_OFFSET(idx));
> > > -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl-
> > > > regs,
> > > 
> > > -			      DISP_REG_OVL_ADDR(ovl, idx));
> > > +
> > > +	if (state->pending.is_sec) {
> > > +		const struct drm_format_info *fmt_info =
> > > drm_format_info(fmt);
> > > +		unsigned int buf_size = (pending->height - 1) *
> > > pending->pitch +
> > > +					pending->width * fmt_info-
> > > > cpp[0];
> > > 
> > > +
> > > +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg,
> > > ovl->regs,
> > > +				   DISP_REG_OVL_SECURE, BIT(idx));
> > > +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> > > DISP_REG_OVL_ADDR(ovl, idx),
> > > +				  pending->addr, CMDQ_IWC_H_2_MVA, 0,
> > > buf_size, 0);
> > 
> > Why pass ovl->regs_pa into cmdq driver? cmdq just need subsys and
> > offset.
> 
> Yes, that's not necessary and I can refine that in the future.
> Because
> this change will also need to modify the code in CMDQ PTA, so I'll
> fix
> other issues in normal world first. Then I'll refine this place after
> a
> few version.

Add TODO information so that we would not forget this.

> 
> > In addition, why pass buf_size?
> > 
> 
> This buf_size is the parameter for M4U PTA to verify the range of
> secure address in the secure world.

Why need this verification? In normal video playback, M4U does not
verify the size. If hardware access out range of allocated buffer, it
would cause M4U to have translation fault. I think secure video could
also have translation fault so the size verification is not necessary.

Regards,
CK


> 
> Regards,
> Jason-JH.Lin
> 
> > Regards,
> > CK
> > 

Re: [PATCH v2 10/11] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 4184 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1770 bytes --]

On Sun, 2023-11-05 at 13:35 +0000, Jason-JH Lin (林睿祥) wrote:
> Hi CK,
> 
> On Thu, 2023-10-26 at 02:26 +0000, CK Hu (胡俊光) wrote:
> > Hi, Jason:
> > 
> > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > Add cmdq_insert_backup_cookie to append some commands before EOC:
> > > 1. Get GCE HW thread execute count from the GCE HW register.
> > > 2. Add 1 to the execute count and then store into a shared
> > > memory.
> > 
> > I think when cmdq driver handler interrupt, it could simply call
> > into
> > TEE with an API to query status. The status not only the execute
> > count,
> > but also other message including error information. So it's not
> > necessary to use such non-tricky way to get execute count.
> 
> The reason why we use shared memory to record execute count here is:
> 1. normal world can not access the register of secure GCE thread in
> normal world.
> 2. calling TEE invoke cmd in the irq handler would be expensive and
> not
> stable. I've tested that a single TEE invloke cmd to CMDQ PTA costs
> 19~53 us. Maybe it would cost more during the scenario that needs
> more
> CPU loading.

Add this to comment.

> 
> > 
> > One more question. The command buffer is not secure. Does the GCE
> > hardware execute this non-secure command buffer?
> > 
> 
> GCE command buffer is generate in the normal world first. Then it
> will
> be copied to the shared memory and pass to the secure world. All the
> instruction in command buffer will be verified in secure world then
> they will be copied to the secure command buffer and executed by GCE
> secure thread. I'll add this information to the cover letter at the
> next version.
> 
> Regards
> Jason-JH.Lin
> 
> > Regards,
> > CK
> > 

Re: [PATCH v2 00/11] Add mediate-drm secure flow for SVP

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 13384 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6624 bytes --]

On Sun, 2023-11-05 at 13:44 +0000, Jason-JH Lin (林睿祥) wrote:
> Hi CK,
> 
> Thanks for the reviews.
> 
> On Tue, 2023-10-31 at 02:12 +0000, CK Hu (胡俊光) wrote:
> > Hi, Jason:
> > 
> > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > The patch series provides drm driver support for enabling secure
> > > video
> > > path (SVP) playback on MediaiTek hardware in the Linux kernel.
> > > 
> > > Memory Definitions:
> > > secure memory - Memory allocated in the TEE (Trusted Execution
> > > Environment) which is inaccessible in the REE (Rich Execution
> > > Environment, i.e. linux kernel/userspace).
> > > secure handle - Integer value which acts as reference to 'secure
> > > memory'. Used in communication between TEE and REE to reference
> > > 'secure memory'.
> > > secure buffer - 'secure memory' that is used to store decrypted,
> > > compressed video or for other general purposes in the TEE.
> > > secure surface - 'secure memory' that is used to store graphic
> > > buffers.
> > > 
> > > Memory Usage in SVP:
> > > The overall flow of SVP starts with encrypted video coming in
> > > from
> > > an
> > > outside source into the REE. The REE will then allocate a 'secure
> > > buffer' and send the corresponding 'secure handle' along with the
> > > encrypted, compressed video data to the TEE. The TEE will then
> > > decrypt
> > > the video and store the result in the 'secure buffer'. The REE
> > > will
> > > then allocate a 'secure surface'. The REE will pass the 'secure
> > > handles' for both the 'secure buffer' and 'secure surface' into
> > > the
> > > TEE for video decoding. The video decoder HW will then decode the
> > > contents of the 'secure buffer' and place the result in the
> > > 'secure
> > > surface'. The REE will then attach the 'secure surface' to the
> > > overlay
> > > plane for rendering of the video.
> > > 
> > > Everything relating to ensuring security of the actual contents
> > > of
> > > the
> > > 'secure buffer' and 'secure surface' is out of scope for the REE
> > > and
> > > is the responsibility of the TEE.
> > > 
> > > DRM driver handles allocation of gem objects that are backed by a
> > > 'secure
> > > surface' and for displaying a 'secure surface' on the overlay
> > > plane.
> > > This introduces a new flag for object creation called
> > > DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a
> > > 'secure
> > > surface'. All changes here are in MediaTek specific code.
> > > 
> > > ---
> > > Based on 3 series and 1 patch:
> > > [1] dma-buf: heaps: Add MediaTek secure heap
> > > - 
> > > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782776__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSQXcbgPU$
> > >  
> > > 
> > > [2] add driver to support secure video decoder
> > > - 
> > > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782922__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSIPyCQxI$
> > >  
> > > 
> > > [3] soc: mediatek: Add register definitions for GCE
> > > - 
> > > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSrO8gmbI$
> > >  
> > > 
> > > [4] Add CMDQ secure driver for SVP
> > > - 
> > > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=795502__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSposD2Rk$
> > >  
> > 
> > Secure display depend on secure mmsys. Routing control should be
> > secure
> > so mmsys driver should have some modification that call into secure
> > world to change routing. Add mmsys series in this dependency list.
> 
> Yes, I'll move the route settings to the secure world for those SVP
> supported SoC. The mmsys modifications are still in progress. It will
> be send after a few version.

Add TODO information so that we would not forget this.

> 
> Regards
> Jason-JH.Lin
> 
> > 
> > Regards,
> > CK
> > 
> > > ---
> > > Change in v2:
> > > 
> > > 1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
> > > 2. move cmdq_insert_backup_cookie into client driver
> > > 3. move secure gce node define from mt8195-cherry.dtsi to
> > > mt8195.dtsi
> > > ---
> > > 
> > > CK Hu (1):
> > >   drm/mediatek: Add interface to allocate MediaTek GEM buffer.
> > > 
> > > Jason-JH.Lin (10):
> > >   drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag
> > >   drm/mediatek: Add secure buffer control flow to mtk_drm_gem
> > >   drm/mediatek: Add secure identify flag and funcution to
> > > mtk_drm_plane
> > >   drm/mediatek: Add mtk_ddp_sec_write to config secure buffer
> > > info
> > >   drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
> > >   drm/mediatek: Add secure layer config support for ovl
> > >   drm/mediatek: Add secure layer config support for ovl_adaptor
> > >   drm/mediatek: Add secure flow support to mediatek-drm
> > >   drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt
> > > finalize
> > >   arm64: dts: mt8195: Add secure mbox settings for vdosys
> > > 
> > >  arch/arm64/boot/dts/mediatek/mt8195.dtsi      |   6 +-
> > >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |   3 +
> > >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       |  31 +-
> > >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   |  15 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c       | 274
> > > +++++++++++++++++-
> > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h       |   1 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  14 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h   |  13 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_drv.c        |  13 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_gem.c        | 121 ++++++++
> > >  drivers/gpu/drm/mediatek/mtk_drm_gem.h        |  16 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c      |   7 +
> > >  drivers/gpu/drm/mediatek/mtk_drm_plane.h      |   2 +
> > >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.c       |  11 +-
> > >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.h       |   2 +
> > >  include/uapi/drm/mediatek_drm.h               |  59 ++++
> > >  16 files changed, 570 insertions(+), 18 deletions(-)
> > >  create mode 100644 include/uapi/drm/mediatek_drm.h
> > > 

Re: [PATCH v2 10/11] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 4916 bytes --]

[-- Attachment #2: Type: text/plain, Size: 2016 bytes --]

On Mon, 2023-11-06 at 01:36 +0000, CK Hu (胡俊光) wrote:
> On Sun, 2023-11-05 at 13:35 +0000, Jason-JH Lin (林睿祥) wrote:
> > Hi CK,
> > 
> > On Thu, 2023-10-26 at 02:26 +0000, CK Hu (胡俊光) wrote:
> > > Hi, Jason:
> > > 
> > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > Add cmdq_insert_backup_cookie to append some commands before
> > > > EOC:
> > > > 1. Get GCE HW thread execute count from the GCE HW register.
> > > > 2. Add 1 to the execute count and then store into a shared
> > > > memory.
> > > 
> > > I think when cmdq driver handler interrupt, it could simply call
> > > into
> > > TEE with an API to query status. The status not only the execute
> > > count,
> > > but also other message including error information. So it's not
> > > necessary to use such non-tricky way to get execute count.
> > 
> > The reason why we use shared memory to record execute count here
> > is:
> > 1. normal world can not access the register of secure GCE thread in
> > normal world.
> > 2. calling TEE invoke cmd in the irq handler would be expensive and
> > not
> > stable. I've tested that a single TEE invloke cmd to CMDQ PTA costs
> > 19~53 us. Maybe it would cost more during the scenario that needs
> > more
> > CPU loading.
> 
> Add this to comment.
> 
OK, I'll add this to comment.

Regards,
Jason-JH.Lin

> > 
> > > 
> > > One more question. The command buffer is not secure. Does the GCE
> > > hardware execute this non-secure command buffer?
> > > 
> > 
> > GCE command buffer is generate in the normal world first. Then it
> > will
> > be copied to the shared memory and pass to the secure world. All
> > the
> > instruction in command buffer will be verified in secure world then
> > they will be copied to the secure command buffer and executed by
> > GCE
> > secure thread. I'll add this information to the cover letter at the
> > next version.
> > 
> > Regards
> > Jason-JH.Lin
> > 
> > > Regards,
> > > CK
> > > 

Re: [PATCH v2 00/11] Add mediate-drm secure flow for SVP

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 15426 bytes --]

[-- Attachment #2: Type: text/plain, Size: 7192 bytes --]

On Mon, 2023-11-06 at 01:37 +0000, CK Hu (胡俊光) wrote:
> On Sun, 2023-11-05 at 13:44 +0000, Jason-JH Lin (林睿祥) wrote:
> > Hi CK,
> > 
> > Thanks for the reviews.
> > 
> > On Tue, 2023-10-31 at 02:12 +0000, CK Hu (胡俊光) wrote:
> > > Hi, Jason:
> > > 
> > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > The patch series provides drm driver support for enabling
> > > > secure
> > > > video
> > > > path (SVP) playback on MediaiTek hardware in the Linux kernel.
> > > > 
> > > > Memory Definitions:
> > > > secure memory - Memory allocated in the TEE (Trusted Execution
> > > > Environment) which is inaccessible in the REE (Rich Execution
> > > > Environment, i.e. linux kernel/userspace).
> > > > secure handle - Integer value which acts as reference to
> > > > 'secure
> > > > memory'. Used in communication between TEE and REE to reference
> > > > 'secure memory'.
> > > > secure buffer - 'secure memory' that is used to store
> > > > decrypted,
> > > > compressed video or for other general purposes in the TEE.
> > > > secure surface - 'secure memory' that is used to store graphic
> > > > buffers.
> > > > 
> > > > Memory Usage in SVP:
> > > > The overall flow of SVP starts with encrypted video coming in
> > > > from
> > > > an
> > > > outside source into the REE. The REE will then allocate a
> > > > 'secure
> > > > buffer' and send the corresponding 'secure handle' along with
> > > > the
> > > > encrypted, compressed video data to the TEE. The TEE will then
> > > > decrypt
> > > > the video and store the result in the 'secure buffer'. The REE
> > > > will
> > > > then allocate a 'secure surface'. The REE will pass the 'secure
> > > > handles' for both the 'secure buffer' and 'secure surface' into
> > > > the
> > > > TEE for video decoding. The video decoder HW will then decode
> > > > the
> > > > contents of the 'secure buffer' and place the result in the
> > > > 'secure
> > > > surface'. The REE will then attach the 'secure surface' to the
> > > > overlay
> > > > plane for rendering of the video.
> > > > 
> > > > Everything relating to ensuring security of the actual contents
> > > > of
> > > > the
> > > > 'secure buffer' and 'secure surface' is out of scope for the
> > > > REE
> > > > and
> > > > is the responsibility of the TEE.
> > > > 
> > > > DRM driver handles allocation of gem objects that are backed by
> > > > a
> > > > 'secure
> > > > surface' and for displaying a 'secure surface' on the overlay
> > > > plane.
> > > > This introduces a new flag for object creation called
> > > > DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a
> > > > 'secure
> > > > surface'. All changes here are in MediaTek specific code.
> > > > 
> > > > ---
> > > > Based on 3 series and 1 patch:
> > > > [1] dma-buf: heaps: Add MediaTek secure heap
> > > > - 
> > > > 
> > 
> > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782776__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSQXcbgPU$
> > > >  
> > > > 
> > > > [2] add driver to support secure video decoder
> > > > - 
> > > > 
> > 
> > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=782922__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSIPyCQxI$
> > > >  
> > > > 
> > > > [3] soc: mediatek: Add register definitions for GCE
> > > > - 
> > > > 
> > 
> > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSrO8gmbI$
> > > >  
> > > > 
> > > > [4] Add CMDQ secure driver for SVP
> > > > - 
> > > > 
> > 
> > 
> 
> 
https://urldefense.com/v3/__https://patchwork.kernel.org/project/linux-mediatek/list/?series=795502__;!!CTRNKA9wMg0ARbw!mFKxGfpXLEF8-AzhljGG_N12bk-h7W0-JZeTZZkqxJgB5WFbMTxeEjalrslLrAJ3iwYF6-k273jgzXKSposD2Rk$
> > > >  
> > > 
> > > Secure display depend on secure mmsys. Routing control should be
> > > secure
> > > so mmsys driver should have some modification that call into
> > > secure
> > > world to change routing. Add mmsys series in this dependency
> > > list.
> > 
> > Yes, I'll move the route settings to the secure world for those SVP
> > supported SoC. The mmsys modifications are still in progress. It
> > will
> > be send after a few version.
> 
> Add TODO information so that we would not forget this.
> 
OK, I'll add TODO to the commit message.

Regards,
Jason-JH.Lin

> > 
> > Regards
> > Jason-JH.Lin
> > 
> > > 
> > > Regards,
> > > CK
> > > 
> > > > ---
> > > > Change in v2:
> > > > 
> > > > 1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
> > > > 2. move cmdq_insert_backup_cookie into client driver
> > > > 3. move secure gce node define from mt8195-cherry.dtsi to
> > > > mt8195.dtsi
> > > > ---
> > > > 
> > > > CK Hu (1):
> > > >   drm/mediatek: Add interface to allocate MediaTek GEM buffer.
> > > > 
> > > > Jason-JH.Lin (10):
> > > >   drm/mediatek/uapi: Add DRM_MTK_GEM_CREATED_ENCRYPTTED flag
> > > >   drm/mediatek: Add secure buffer control flow to mtk_drm_gem
> > > >   drm/mediatek: Add secure identify flag and funcution to
> > > > mtk_drm_plane
> > > >   drm/mediatek: Add mtk_ddp_sec_write to config secure buffer
> > > > info
> > > >   drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
> > > >   drm/mediatek: Add secure layer config support for ovl
> > > >   drm/mediatek: Add secure layer config support for ovl_adaptor
> > > >   drm/mediatek: Add secure flow support to mediatek-drm
> > > >   drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt
> > > > finalize
> > > >   arm64: dts: mt8195: Add secure mbox settings for vdosys
> > > > 
> > > >  arch/arm64/boot/dts/mediatek/mt8195.dtsi      |   6 +-
> > > >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |   3 +
> > > >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       |  31 +-
> > > >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   |  15 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c       | 274
> > > > +++++++++++++++++-
> > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h       |   1 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  14 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h   |  13 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_drv.c        |  13 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_gem.c        | 121 ++++++++
> > > >  drivers/gpu/drm/mediatek/mtk_drm_gem.h        |  16 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c      |   7 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_plane.h      |   2 +
> > > >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.c       |  11 +-
> > > >  drivers/gpu/drm/mediatek/mtk_mdp_rdma.h       |   2 +
> > > >  include/uapi/drm/mediatek_drm.h               |  59 ++++
> > > >  16 files changed, 570 insertions(+), 18 deletions(-)
> > > >  create mode 100644 include/uapi/drm/mediatek_drm.h
> > > > 

Re: [PATCH v2 07/11] drm/mediatek: Add secure layer config support for ovl

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 13979 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6514 bytes --]

On Mon, 2023-11-06 at 01:33 +0000, CK Hu (胡俊光) wrote:
> On Sun, 2023-11-05 at 13:18 +0000, Jason-JH Lin (林睿祥) wrote:
> > Hi CK,
> > 
> > On Thu, 2023-10-26 at 10:07 +0000, CK Hu (胡俊光) wrote:
> > > Hi, Jason:
> > > 
> > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > Add secure layer config support for ovl.
> > > > 
> > > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > > ---
> > > >  drivers/gpu/drm/mediatek/mtk_disp_drv.h       |  3 ++
> > > >  drivers/gpu/drm/mediatek/mtk_disp_ovl.c       | 31
> > > > +++++++++++++++++--
> > > >  .../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c   | 12 +++++++
> > > >  drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c   |  2 ++
> > > >  4 files changed, 46 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > > b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > > index 2254038519e1..dec937b183a8 100644
> > > > --- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > > +++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
> > > > @@ -9,6 +9,7 @@
> > > >  #include <linux/soc/mediatek/mtk-cmdq.h>
> > > >  #include <linux/soc/mediatek/mtk-mmsys.h>
> > > >  #include <linux/soc/mediatek/mtk-mutex.h>
> > > > +#include "mtk_drm_ddp_comp.h"
> > > >  #include "mtk_drm_plane.h"
> > > >  #include "mtk_mdp_rdma.h"
> > > >  
> > > > @@ -79,6 +80,7 @@ void mtk_ovl_clk_disable(struct device *dev);
> > > >  void mtk_ovl_config(struct device *dev, unsigned int w,
> > > >  		    unsigned int h, unsigned int vrefresh,
> > > >  		    unsigned int bpc, struct cmdq_pkt
> > > > *cmdq_pkt);
> > > > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> > > > int
> > > > idx);
> > > >  int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
> > > >  			struct mtk_plane_state *mtk_state);
> > > >  void mtk_ovl_layer_config(struct device *dev, unsigned int
> > > > idx,
> > > > @@ -112,6 +114,7 @@ void mtk_ovl_adaptor_clk_disable(struct
> > > > device
> > > > *dev);
> > > >  void mtk_ovl_adaptor_config(struct device *dev, unsigned int
> > > > w,
> > > >  			    unsigned int h, unsigned int
> > > > vrefresh,
> > > >  			    unsigned int bpc, struct cmdq_pkt
> > > > *cmdq_pkt);
> > > > +u64 mtk_ovl_adaptor_get_sec_port(struct mtk_ddp_comp *comp,
> > > > unsigned
> > > > int idx);
> > > >  void mtk_ovl_adaptor_layer_config(struct device *dev, unsigned
> > > > int
> > > > idx,
> > > >  				  struct mtk_plane_state
> > > > *state,
> > > >  				  struct cmdq_pkt *cmdq_pkt);
> > > > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > > b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > > index 2bffe4245466..76e832e4875a 100644
> > > > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
> > > > @@ -46,6 +46,7 @@
> > > >  #define DISP_REG_OVL_ADDR(ovl, n)		((ovl)->data-
> > > > > addr +
> > > > 
> > > > 0x20 * (n))
> > > >  #define DISP_REG_OVL_HDR_ADDR(ovl, n)		((ovl)->data-
> > > > > addr + 0x20 * (n) + 0x04)
> > > > 
> > > >  #define DISP_REG_OVL_HDR_PITCH(ovl, n)		((ovl)->data-
> > > > > addr + 0x20 * (n) + 0x08)
> > > > 
> > > > +#define DISP_REG_OVL_SECURE			0x0fc0
> > > >  
> > > >  #define GMC_THRESHOLD_BITS	16
> > > >  #define GMC_THRESHOLD_HIGH	((1 << GMC_THRESHOLD_BITS) / 4)
> > > > @@ -126,8 +127,19 @@ struct mtk_disp_ovl {
> > > >  	const struct mtk_disp_ovl_data	*data;
> > > >  	void				(*vblank_cb)(void
> > > > *data);
> > > >  	void				*vblank_cb_data;
> > > > +	resource_size_t			regs_pa;
> > > >  };
> > > >  
> > > > +u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned
> > > > int
> > > > idx)
> > > > +{
> > > > +	if (comp->id == DDP_COMPONENT_OVL0)
> > > > +		return 1ULL << CMDQ_SEC_DISP_OVL0;
> > > > +	else if (comp->id == DDP_COMPONENT_OVL1)
> > > > +		return 1ULL << CMDQ_SEC_DISP_OVL1;
> > > > +
> > > > +	return 0;
> > > > +}
> > > > +
> > > >  static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void
> > > > *dev_id)
> > > >  {
> > > >  	struct mtk_disp_ovl *priv = dev_id;
> > > > @@ -449,8 +461,22 @@ void mtk_ovl_layer_config(struct device
> > > > *dev,
> > > > unsigned int idx,
> > > >  			      DISP_REG_OVL_SRC_SIZE(idx));
> > > >  	mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, 
> > > > ovl-
> > > > > regs,
> > > > 
> > > >  			      DISP_REG_OVL_OFFSET(idx));
> > > > -	mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg,
> > > > ovl-
> > > > > regs,
> > > > 
> > > > -			      DISP_REG_OVL_ADDR(ovl, idx));
> > > > +
> > > > +	if (state->pending.is_sec) {
> > > > +		const struct drm_format_info *fmt_info =
> > > > drm_format_info(fmt);
> > > > +		unsigned int buf_size = (pending->height - 1) *
> > > > pending->pitch +
> > > > +					pending->width *
> > > > fmt_info-
> > > > > cpp[0];
> > > > 
> > > > +
> > > > +		mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl-
> > > > >cmdq_reg,
> > > > ovl->regs,
> > > > +				   DISP_REG_OVL_SECURE,
> > > > BIT(idx));
> > > > +		mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa +
> > > > DISP_REG_OVL_ADDR(ovl, idx),
> > > > +				  pending->addr,
> > > > CMDQ_IWC_H_2_MVA, 0,
> > > > buf_size, 0);
> > > 
> > > Why pass ovl->regs_pa into cmdq driver? cmdq just need subsys and
> > > offset.
> > 
> > Yes, that's not necessary and I can refine that in the future.
> > Because
> > this change will also need to modify the code in CMDQ PTA, so I'll
> > fix
> > other issues in normal world first. Then I'll refine this place
> > after
> > a
> > few version.
> 
> Add TODO information so that we would not forget this.
> 
OK, I'll add TODO to the commit message.

> > 
> > > In addition, why pass buf_size?
> > > 
> > 
> > This buf_size is the parameter for M4U PTA to verify the range of
> > secure address in the secure world.
> 
> Why need this verification? In normal video playback, M4U does not
> verify the size. If hardware access out range of allocated buffer, it
> would cause M4U to have translation fault. I think secure video could
> also have translation fault so the size verification is not
> necessary.
> 
I've checked this with M4U owner. It's not only used to verification,
but also used to tell m4U TA how much buffer size it needs to map to
iova in secure world. So it's a necessary information.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> 
> > 
> > Regards,
> > Jason-JH.Lin
> > 
> > > Regards,
> > > CK
> > > 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 12355 bytes --]

[-- Attachment #2: Type: text/plain, Size: 5818 bytes --]

On Mon, 2023-11-06 at 01:27 +0000, CK Hu (胡俊光) wrote:
> On Sun, 2023-11-05 at 13:04 +0000, Jason-JH Lin (林睿祥) wrote:
> > On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote:
> > > Hi, Jason:
> > > 
> > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > To add secure flow support for mediatek-drm, each crtc have to
> > > > create a secure cmdq mailbox channel. Then cmdq packets with
> > > > display HW configuration will be sent to secure cmdq mailbox
> > > > channel
> > > > and configured in the secure world.
> > > > 
> > > > Each crtc have to use secure cmdq interface to configure some
> > > > secure
> > > > settings for display HW before sending cmdq packets to secure
> > > > cmdq
> > > > mailbox channel.
> > > > 
> > > > If any of fb get from current drm_atomic_state is secure, then
> > > > crtc
> > > > will switch to the secure flow to configure display HW.
> > > > If all fbs are not secure in current drm_atomic_state, then
> > > > crtc
> > > > will
> > > > switch to the normal flow.
> > > > 
> > > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > > ---
> > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > > > ++++++++++++++++++++++-
> > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> > > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> > > >  3 files changed, 269 insertions(+), 11 deletions(-)
> > > > 
> 
> [snip]
> 
> > > > +
> > > > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > > > +static void mtk_crtc_enable_secure_state(struct drm_crtc
> > > > *crtc)
> > > > +{
> > > > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > > > +	int i;
> > > > +	struct mtk_ddp_comp *ddp_first_comp;
> > > > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > > > +	u64 sec_engine = 0; /* for hw engine write output
> > > > secure fb */
> > > > +	u64 sec_port = 0; /* for larb port read input secure fb
> > > > */
> > > > +
> > > > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc-
> > > > >cmdq_event,
> > > > false);
> > > > +
> > > > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > > > +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> > > > +		if (mtk_crtc->planes[i].type ==
> > > > DRM_PLANE_TYPE_CURSOR)
> > > > +			sec_port |=
> > > > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > > > +
> > > > +	if (drm_crtc_index(crtc) == 0)
> > > > +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> > > > +	else if (drm_crtc_index(crtc) == 1)
> > > > +		sec_scn = CMDQ_SEC_SUB_DISP;
> > > > +
> > > > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle,
> > > > sec_engine,
> > > > sec_port, sec_scn);
> > > 
> > > In cmdq driver, sec_engine means engine which need dapc. You set
> > > 0
> > > to
> > > sec_engine, does it mean that no engine is protected by dapc? If
> > > OVL
> > > is
> > > not protected by dapc, I think we could use cmdq normal thread to
> > > write
> > > OVL register instead of cmdq secure thread.
> > > 
> > 
> > We enable DPAC protection for the engine that is able to write data
> > to
> > the DRAM address set on their register, such as WDMA and WROT, to
> > avoid
> > their register being set to the normal DRAM address.
> > 
> > We enable larb port protection for the engine that is able to read
> > data
> > from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid
> > secure
> > DRAM being read by the non-secure larb port. So we don't need
> > toenable
> > DAPC for these engines.
> > 
> > No mater DAPC protection or larb port protection, they both need to
> > use
> > sec_engine to tell TEE which engines need to be protected.
> > 
> > But OVL is a special HW engine, it can only set its
> > DISP_REG_OVL_SECURE
> > register in [PATCH v2 07/11] to enable its larb port protection, so
> > OVL
> > no need to set the sec_engine. But we'll move that part to the TEE
> > secure world, so that means OVL sec_engine will be set here in the
> > next
> > version.
> > 
> > > It's weird that normal world could decide which engine is
> > > protected
> > > by
> > > dapc. If hacker set 0 for output engine, then outout engine would
> > > not
> > > be protected?
> > > 
> > 
> > If hacker set 0 for output engine, TEE world will check that output
> > engine didn't set sec_engine from normal world by verifying
> > instruction
> > where the output engine instruction set the secure handle.
> > 
> > We still need to set sec_engine to check that all the sec_engine
> > fags
> > are matched to the scenario and instruction verification in the
> > secure
> > world.
> 
> So after secure scenario is set, TEE already have a sec_engine list.
> Let's call it TEE sec_engine list. And normal world has another
> sec_engine list, let's call it normal sec_engine list. Normal world
> pass normal sec_engine list to TEE by cmdq_sec_pkt_set_data() and TEE
> would check normal sec_engine list is identical to TEE sec_engine
> list
> or not. If TEE already have a TEE sec_engine list, I think it's not
> necessary that normal world have another normal sec_engine list. So
> drop this normal sec_engine list parameter.
> 

The TEE sec_engine list is align to the sec_engine list in normal
world. I think the sec_engine for DAPC can be dropped and it can be
enabled/disabled by the TEE sec_engine, but the sec_engine for larb
port won't do that verification in the secure world. If sec_engine for
larb port is not set in normal world, it'll cause iova translation
fault. So we still need this sec_engine for larb port.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> > 
> > Regards,
> > Jason-JH.Lin
> > 
> > > Regards,
> > > CK
> > > 
> > > > +
> > > > +	pr_debug("crtc-%d enable secure plane!\n",
> > > > drm_crtc_index(crtc));
> > > > +}
> > > > +#endif
> > > > 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[CK Hu (胡俊光)]

[-- Attachment #1: Type: text/html, Size: 14942 bytes --]

[-- Attachment #2: Type: text/plain, Size: 6668 bytes --]

On Mon, 2023-11-06 at 02:59 +0000, Jason-JH Lin (林睿祥) wrote:
> On Mon, 2023-11-06 at 01:27 +0000, CK Hu (胡俊光) wrote:
> > On Sun, 2023-11-05 at 13:04 +0000, Jason-JH Lin (林睿祥) wrote:
> > > On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote:
> > > > Hi, Jason:
> > > > 
> > > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > > To add secure flow support for mediatek-drm, each crtc have
> > > > > to
> > > > > create a secure cmdq mailbox channel. Then cmdq packets with
> > > > > display HW configuration will be sent to secure cmdq mailbox
> > > > > channel
> > > > > and configured in the secure world.
> > > > > 
> > > > > Each crtc have to use secure cmdq interface to configure some
> > > > > secure
> > > > > settings for display HW before sending cmdq packets to secure
> > > > > cmdq
> > > > > mailbox channel.
> > > > > 
> > > > > If any of fb get from current drm_atomic_state is secure,
> > > > > then
> > > > > crtc
> > > > > will switch to the secure flow to configure display HW.
> > > > > If all fbs are not secure in current drm_atomic_state, then
> > > > > crtc
> > > > > will
> > > > > switch to the normal flow.
> > > > > 
> > > > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > > > ---
> > > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > > > > ++++++++++++++++++++++-
> > > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> > > > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> > > > >  3 files changed, 269 insertions(+), 11 deletions(-)
> > > > > 
> > 
> > [snip]
> > 
> > > > > +
> > > > > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > > > > +static void mtk_crtc_enable_secure_state(struct drm_crtc
> > > > > *crtc)
> > > > > +{
> > > > > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > > > > +	int i;
> > > > > +	struct mtk_ddp_comp *ddp_first_comp;
> > > > > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > > > > +	u64 sec_engine = 0; /* for hw engine write output
> > > > > secure fb */
> > > > > +	u64 sec_port = 0; /* for larb port read input secure fb
> > > > > */
> > > > > +
> > > > > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc-
> > > > > > cmdq_event,
> > > > > 
> > > > > false);
> > > > > +
> > > > > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > > > > +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> > > > > +		if (mtk_crtc->planes[i].type ==
> > > > > DRM_PLANE_TYPE_CURSOR)
> > > > > +			sec_port |=
> > > > > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > > > > +
> > > > > +	if (drm_crtc_index(crtc) == 0)
> > > > > +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> > > > > +	else if (drm_crtc_index(crtc) == 1)
> > > > > +		sec_scn = CMDQ_SEC_SUB_DISP;
> > > > > +
> > > > > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle,
> > > > > sec_engine,
> > > > > sec_port, sec_scn);
> > > > 
> > > > In cmdq driver, sec_engine means engine which need dapc. You
> > > > set
> > > > 0
> > > > to
> > > > sec_engine, does it mean that no engine is protected by dapc?
> > > > If
> > > > OVL
> > > > is
> > > > not protected by dapc, I think we could use cmdq normal thread
> > > > to
> > > > write
> > > > OVL register instead of cmdq secure thread.
> > > > 
> > > 
> > > We enable DPAC protection for the engine that is able to write
> > > data
> > > to
> > > the DRAM address set on their register, such as WDMA and WROT, to
> > > avoid
> > > their register being set to the normal DRAM address.
> > > 
> > > We enable larb port protection for the engine that is able to
> > > read
> > > data
> > > from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid
> > > secure
> > > DRAM being read by the non-secure larb port. So we don't need
> > > toenable
> > > DAPC for these engines.
> > > 
> > > No mater DAPC protection or larb port protection, they both need
> > > to
> > > use
> > > sec_engine to tell TEE which engines need to be protected.
> > > 
> > > But OVL is a special HW engine, it can only set its
> > > DISP_REG_OVL_SECURE
> > > register in [PATCH v2 07/11] to enable its larb port protection,
> > > so
> > > OVL
> > > no need to set the sec_engine. But we'll move that part to the
> > > TEE
> > > secure world, so that means OVL sec_engine will be set here in
> > > the
> > > next
> > > version.
> > > 
> > > > It's weird that normal world could decide which engine is
> > > > protected
> > > > by
> > > > dapc. If hacker set 0 for output engine, then outout engine
> > > > would
> > > > not
> > > > be protected?
> > > > 
> > > 
> > > If hacker set 0 for output engine, TEE world will check that
> > > output
> > > engine didn't set sec_engine from normal world by verifying
> > > instruction
> > > where the output engine instruction set the secure handle.
> > > 
> > > We still need to set sec_engine to check that all the sec_engine
> > > fags
> > > are matched to the scenario and instruction verification in the
> > > secure
> > > world.
> > 
> > So after secure scenario is set, TEE already have a sec_engine
> > list.
> > Let's call it TEE sec_engine list. And normal world has another
> > sec_engine list, let's call it normal sec_engine list. Normal world
> > pass normal sec_engine list to TEE by cmdq_sec_pkt_set_data() and
> > TEE
> > would check normal sec_engine list is identical to TEE sec_engine
> > list
> > or not. If TEE already have a TEE sec_engine list, I think it's not
> > necessary that normal world have another normal sec_engine list. So
> > drop this normal sec_engine list parameter.
> > 
> 
> The TEE sec_engine list is align to the sec_engine list in normal
> world. I think the sec_engine for DAPC can be dropped and it can be
> enabled/disabled by the TEE sec_engine, but the sec_engine for larb
> port won't do that verification in the secure world. If sec_engine
> for
> larb port is not set in normal world, it'll cause iova translation
> fault. So we still need this sec_engine for larb port.

In TEE, there is already a TEE sec_engine list, so checking larb port
could use TEE sec_engine list because TEE sec_engine list would be
identical to normal sec_engine list. Why not use TEE sec_engine list to
check larb port? What is the detail of checking larb port? Describe it
if necessary.

Regards,
CK

> 
> Regards,
> Jason-JH.Lin
> 
> > Regards,
> > CK
> > 
> > > 
> > > Regards,
> > > Jason-JH.Lin
> > > 
> > > > Regards,
> > > > CK
> > > > 
> > > > > +
> > > > > +	pr_debug("crtc-%d enable secure plane!\n",
> > > > > drm_crtc_index(crtc));
> > > > > +}
> > > > > +#endif
> > > > > 

Re: [PATCH v2 09/11] drm/mediatek: Add secure flow support to mediatek-drm

[Jason-JH Lin (林睿祥)]

[-- Attachment #1: Type: text/html, Size: 17966 bytes --]

[-- Attachment #2: Type: text/plain, Size: 7698 bytes --]

On Mon, 2023-11-06 at 03:11 +0000, CK Hu (胡俊光) wrote:
> On Mon, 2023-11-06 at 02:59 +0000, Jason-JH Lin (林睿祥) wrote:
> > On Mon, 2023-11-06 at 01:27 +0000, CK Hu (胡俊光) wrote:
> > > On Sun, 2023-11-05 at 13:04 +0000, Jason-JH Lin (林睿祥) wrote:
> > > > On Tue, 2023-10-31 at 06:01 +0000, CK Hu (胡俊光) wrote:
> > > > > Hi, Jason:
> > > > > 
> > > > > On Mon, 2023-10-23 at 12:45 +0800, Jason-JH.Lin wrote:
> > > > > > To add secure flow support for mediatek-drm, each crtc have
> > > > > > to
> > > > > > create a secure cmdq mailbox channel. Then cmdq packets
> > > > > > with
> > > > > > display HW configuration will be sent to secure cmdq
> > > > > > mailbox
> > > > > > channel
> > > > > > and configured in the secure world.
> > > > > > 
> > > > > > Each crtc have to use secure cmdq interface to configure
> > > > > > some
> > > > > > secure
> > > > > > settings for display HW before sending cmdq packets to
> > > > > > secure
> > > > > > cmdq
> > > > > > mailbox channel.
> > > > > > 
> > > > > > If any of fb get from current drm_atomic_state is secure,
> > > > > > then
> > > > > > crtc
> > > > > > will switch to the secure flow to configure display HW.
> > > > > > If all fbs are not secure in current drm_atomic_state, then
> > > > > > crtc
> > > > > > will
> > > > > > switch to the normal flow.
> > > > > > 
> > > > > > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > > > > > ---
> > > > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.c  | 272
> > > > > > ++++++++++++++++++++++-
> > > > > >  drivers/gpu/drm/mediatek/mtk_drm_crtc.h  |   1 +
> > > > > >  drivers/gpu/drm/mediatek/mtk_drm_plane.c |   7 +
> > > > > >  3 files changed, 269 insertions(+), 11 deletions(-)
> > > > > > 
> > > 
> > > [snip]
> > > 
> > > > > > +
> > > > > > +#if IS_REACHABLE(CONFIG_MTK_CMDQ)
> > > > > > +static void mtk_crtc_enable_secure_state(struct drm_crtc
> > > > > > *crtc)
> > > > > > +{
> > > > > > +	enum cmdq_sec_scenario sec_scn = CMDQ_MAX_SEC_COUNT;
> > > > > > +	int i;
> > > > > > +	struct mtk_ddp_comp *ddp_first_comp;
> > > > > > +	struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> > > > > > +	u64 sec_engine = 0; /* for hw engine write output
> > > > > > secure fb */
> > > > > > +	u64 sec_port = 0; /* for larb port read input secure fb
> > > > > > */
> > > > > > +
> > > > > > +	cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc-
> > > > > > > cmdq_event,
> > > > > > 
> > > > > > false);
> > > > > > +
> > > > > > +	ddp_first_comp = mtk_crtc->ddp_comp[0];
> > > > > > +	for (i = 0; i < mtk_crtc->layer_nr; i++)
> > > > > > +		if (mtk_crtc->planes[i].type ==
> > > > > > DRM_PLANE_TYPE_CURSOR)
> > > > > > +			sec_port |=
> > > > > > mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
> > > > > > +
> > > > > > +	if (drm_crtc_index(crtc) == 0)
> > > > > > +		sec_scn = CMDQ_SEC_PRIMARY_DISP;
> > > > > > +	else if (drm_crtc_index(crtc) == 1)
> > > > > > +		sec_scn = CMDQ_SEC_SUB_DISP;
> > > > > > +
> > > > > > +	cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle,
> > > > > > sec_engine,
> > > > > > sec_port, sec_scn);
> > > > > 
> > > > > In cmdq driver, sec_engine means engine which need dapc. You
> > > > > set
> > > > > 0
> > > > > to
> > > > > sec_engine, does it mean that no engine is protected by dapc?
> > > > > If
> > > > > OVL
> > > > > is
> > > > > not protected by dapc, I think we could use cmdq normal
> > > > > thread
> > > > > to
> > > > > write
> > > > > OVL register instead of cmdq secure thread.
> > > > > 
> > > > 
> > > > We enable DPAC protection for the engine that is able to write
> > > > data
> > > > to
> > > > the DRAM address set on their register, such as WDMA and WROT,
> > > > to
> > > > avoid
> > > > their register being set to the normal DRAM address.
> > > > 
> > > > We enable larb port protection for the engine that is able to
> > > > read
> > > > data
> > > > from the DRAM address, such as OVL, RDMA and MDP_RDMA, to avoid
> > > > secure
> > > > DRAM being read by the non-secure larb port. So we don't need
> > > > toenable
> > > > DAPC for these engines.
> > > > 
> > > > No mater DAPC protection or larb port protection, they both
> > > > need
> > > > to
> > > > use
> > > > sec_engine to tell TEE which engines need to be protected.
> > > > 
> > > > But OVL is a special HW engine, it can only set its
> > > > DISP_REG_OVL_SECURE
> > > > register in [PATCH v2 07/11] to enable its larb port
> > > > protection,
> > > > so
> > > > OVL
> > > > no need to set the sec_engine. But we'll move that part to the
> > > > TEE
> > > > secure world, so that means OVL sec_engine will be set here in
> > > > the
> > > > next
> > > > version.
> > > > 
> > > > > It's weird that normal world could decide which engine is
> > > > > protected
> > > > > by
> > > > > dapc. If hacker set 0 for output engine, then outout engine
> > > > > would
> > > > > not
> > > > > be protected?
> > > > > 
> > > > 
> > > > If hacker set 0 for output engine, TEE world will check that
> > > > output
> > > > engine didn't set sec_engine from normal world by verifying
> > > > instruction
> > > > where the output engine instruction set the secure handle.
> > > > 
> > > > We still need to set sec_engine to check that all the
> > > > sec_engine
> > > > fags
> > > > are matched to the scenario and instruction verification in the
> > > > secure
> > > > world.
> > > 
> > > So after secure scenario is set, TEE already have a sec_engine
> > > list.
> > > Let's call it TEE sec_engine list. And normal world has another
> > > sec_engine list, let's call it normal sec_engine list. Normal
> > > world
> > > pass normal sec_engine list to TEE by cmdq_sec_pkt_set_data() and
> > > TEE
> > > would check normal sec_engine list is identical to TEE sec_engine
> > > list
> > > or not. If TEE already have a TEE sec_engine list, I think it's
> > > not
> > > necessary that normal world have another normal sec_engine list.
> > > So
> > > drop this normal sec_engine list parameter.
> > > 
> > 
> > The TEE sec_engine list is align to the sec_engine list in normal
> > world. I think the sec_engine for DAPC can be dropped and it can be
> > enabled/disabled by the TEE sec_engine, but the sec_engine for larb
> > port won't do that verification in the secure world. If sec_engine
> > for
> > larb port is not set in normal world, it'll cause iova translation
> > fault. So we still need this sec_engine for larb port.
> 
> In TEE, there is already a TEE sec_engine list, so checking larb port
> could use TEE sec_engine list because TEE sec_engine list would be
> identical to normal sec_engine list. Why not use TEE sec_engine list
> to
> check larb port? What is the detail of checking larb port? Describe
> it
> if necessary.
> 
After checking the CMDQ PTA larb port enable/disable flow, I think it's
possible to implement the same verification like DAPC for larb port.
So I'll drop the sec_engine flags in normal world to simplify and de-
risk for the secure configuration parameters.

This also need to add a TODO on commit message:
verify instruction for enabling/disabling larb port in secure world and
drop the sec_engine flags in normal world.

Regards,
Jason-JH.Lin

> Regards,
> CK
> 
> > 
> > Regards,
> > Jason-JH.Lin
> > 
> > > Regards,
> > > CK
> > > 
> > > > 
> > > > Regards,
> > > > Jason-JH.Lin
> > > > 
> > > > > Regards,
> > > > > CK
> > > > > 
> > > > > > +
> > > > > > +	pr_debug("crtc-%d enable secure plane!\n",
> > > > > > drm_crtc_index(crtc));
> > > > > > +}
> > > > > > +#endif
> > > > > >