From: "Huang, Sean Z" <sean.z.huang@intel.com>
To: Intel-gfx@lists.freedesktop.org
Cc: kumar.gaurav@intel.com, Huang Sean Z <sean.z.huang@intel.com>,
Bommu Krishnaiah <krishnaiah.bommu@intel.com>,
Kondapally Kalyan <kalyan.kondapally@intel.com>
Subject: [Intel-gfx] [RFC-v21 12/13] drm/i915/pxp: User interface for Protected buffer
Date: Sun, 17 Jan 2021 22:07:29 -0800 [thread overview]
Message-ID: <20210118060730.15425-13-sean.z.huang@intel.com> (raw)
In-Reply-To: <20210118060730.15425-1-sean.z.huang@intel.com>
From: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
This api allow user mode to create Protected buffer and context creation.
rev21:
- Only allow set I915_CONTEXT_PARAM_PROTECTED_CONTENT during context
creation (i915_gem_context_create_ioctl), but not allow during
context set param (i915_gem_context_setparam_ioctl)
Signed-off-by: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
Cc: Telukuntla Sreedhar <sreedhar.telukuntla@intel.com>
Cc: Kondapally Kalyan <kalyan.kondapally@intel.com>
Cc: Gupta Anshuman <Anshuman.Gupta@intel.com>
Cc: Huang Sean Z <sean.z.huang@intel.com>
---
drivers/gpu/drm/i915/gem/i915_gem_context.c | 15 +++++++++--
drivers/gpu/drm/i915/gem/i915_gem_context.h | 5 ++++
drivers/gpu/drm/i915/gem/i915_gem_create.c | 27 ++++++++++++++++---
.../gpu/drm/i915/gem/i915_gem_object_types.h | 5 ++++
include/uapi/drm/i915_drm.h | 10 +++++++
5 files changed, 57 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_context.c b/drivers/gpu/drm/i915/gem/i915_gem_context.c
index 4d2f40cf237b..0b8e1b3887f4 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c
@@ -81,6 +81,8 @@
#include "i915_trace.h"
#include "i915_user_extensions.h"
+#include "pxp/intel_pxp.h"
+
#define ALL_L3_SLICES(dev) (1 << NUM_L3_SLICES(dev)) - 1
static struct i915_global_gem_context {
@@ -2004,8 +2006,12 @@ static int ctx_setparam(struct drm_i915_file_private *fpriv,
case I915_CONTEXT_PARAM_RECOVERABLE:
if (args->size)
ret = -EINVAL;
- else if (args->value)
- i915_gem_context_set_recoverable(ctx);
+ else if (args->value) {
+ if (!i915_gem_context_is_protected(ctx))
+ i915_gem_context_set_recoverable(ctx);
+ else
+ ret = -EPERM;
+ }
else
i915_gem_context_clear_recoverable(ctx);
break;
@@ -2052,6 +2058,7 @@ static int create_setparam(struct i915_user_extension __user *ext, void *data)
{
struct drm_i915_gem_context_create_ext_setparam local;
const struct create_ext *arg = data;
+ int ret;
if (copy_from_user(&local, ext, sizeof(local)))
return -EFAULT;
@@ -2059,6 +2066,10 @@ static int create_setparam(struct i915_user_extension __user *ext, void *data)
if (local.param.ctx_id)
return -EINVAL;
+ ret = intel_pxp_gem_context_create_param(arg->ctx, &local.param);
+ if (ret)
+ return ret;
+
return ctx_setparam(arg->fpriv, arg->ctx, &local.param);
}
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_context.h b/drivers/gpu/drm/i915/gem/i915_gem_context.h
index b5c908f3f4f2..173154fdc311 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_context.h
+++ b/drivers/gpu/drm/i915/gem/i915_gem_context.h
@@ -70,6 +70,11 @@ static inline void i915_gem_context_set_recoverable(struct i915_gem_context *ctx
set_bit(UCONTEXT_RECOVERABLE, &ctx->user_flags);
}
+static inline bool i915_gem_context_is_protected(struct i915_gem_context *ctx)
+{
+ return test_bit(UCONTEXT_PROTECTED, &ctx->user_flags);
+}
+
static inline void i915_gem_context_clear_recoverable(struct i915_gem_context *ctx)
{
clear_bit(UCONTEXT_RECOVERABLE, &ctx->user_flags);
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_create.c b/drivers/gpu/drm/i915/gem/i915_gem_create.c
index 3ad3413c459f..c9b83217a6da 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_create.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_create.c
@@ -5,6 +5,7 @@
#include "gem/i915_gem_ioctls.h"
#include "gem/i915_gem_region.h"
+#include "pxp/intel_pxp.h"
#include "i915_drv.h"
#include "i915_user_extensions.h"
@@ -13,7 +14,8 @@ static int
i915_gem_create(struct drm_file *file,
struct intel_memory_region *mr,
u64 *size_p,
- u32 *handle_p)
+ u32 *handle_p,
+ u64 user_flags)
{
struct drm_i915_gem_object *obj;
u32 handle;
@@ -35,6 +37,8 @@ i915_gem_create(struct drm_file *file,
GEM_BUG_ON(size != obj->base.size);
+ obj->user_flags = user_flags;
+
ret = drm_gem_handle_create(file, &obj->base, &handle);
/* drop reference from allocate - handle holds it now */
i915_gem_object_put(obj);
@@ -89,11 +93,12 @@ i915_gem_dumb_create(struct drm_file *file,
return i915_gem_create(file,
intel_memory_region_by_type(to_i915(dev),
mem_type),
- &args->size, &args->handle);
+ &args->size, &args->handle, 0);
}
struct create_ext {
struct drm_i915_private *i915;
+ unsigned long user_flags;
};
static int __create_setparam(struct drm_i915_gem_object_param *args,
@@ -104,6 +109,17 @@ static int __create_setparam(struct drm_i915_gem_object_param *args,
return -EINVAL;
}
+ switch (lower_32_bits(args->param)) {
+ case I915_PARAM_PROTECTED_CONTENT:
+ if (args->size) {
+ return -EINVAL;
+ } else if (args->data) {
+ ext_data->user_flags = args->data;
+ return 0;
+ }
+ break;
+ }
+
return -EINVAL;
}
@@ -145,8 +161,13 @@ i915_gem_create_ioctl(struct drm_device *dev, void *data,
if (ret)
return ret;
+ if (ext_data.user_flags & I915_BO_PROTECTED) {
+ if (!intel_pxp_gem_object_status(i915))
+ return -EINVAL;
+ }
+
return i915_gem_create(file,
intel_memory_region_by_type(i915,
INTEL_MEMORY_SYSTEM),
- &args->size, &args->handle);
+ &args->size, &args->handle, ext_data.user_flags);
}
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object_types.h b/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
index e2d9b7e1e152..90ac955463f4 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
+++ b/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
@@ -161,6 +161,11 @@ struct drm_i915_gem_object {
} mmo;
I915_SELFTEST_DECLARE(struct list_head st_link);
+ /**
+ * @user_flags: small set of booleans set by the user
+ */
+ unsigned long user_flags;
+#define I915_BO_PROTECTED BIT(0)
unsigned long flags;
#define I915_BO_ALLOC_CONTIGUOUS BIT(0)
diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h
index aa232ded9951..17a6e3545570 100644
--- a/include/uapi/drm/i915_drm.h
+++ b/include/uapi/drm/i915_drm.h
@@ -1744,6 +1744,16 @@ struct drm_i915_gem_object_param {
*/
#define I915_OBJECT_PARAM (1ull << 32)
+/*
+ * I915_PARAM_PROTECTED_CONTENT:
+ *
+ * If set to true (1) buffer contents is expected to be protected by
+ * PAVP encryption and requires decryption for scan out and processing.
+ * Protected buffers can only be used in PAVP protected contexts.
+ * A protected buffer may become invalid as a result of PAVP teardown.
+ */
+#define I915_PARAM_PROTECTED_CONTENT 0x1
+
__u64 param;
/* Data value or pointer */
--
2.17.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2021-01-18 6:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-18 6:07 [Intel-gfx] [RFC-v21 00/13] Introduce Intel PXP component - Mesa single session Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 01/13] drm/i915/pxp: Introduce Intel PXP component Huang, Sean Z
2021-01-18 6:47 ` [Intel-gfx] [RFC-v21 13/13] drm/i915/pxp: Add plane decryption support Anshuman Gupta
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 02/13] drm/i915/pxp: set KCR reg init during the boot time Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 03/13] drm/i915/pxp: Implement funcs to create the TEE channel Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 04/13] drm/i915/pxp: Create the arbitrary session after boot Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 05/13] drm/i915/pxp: Func to send hardware session termination Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 06/13] drm/i915/pxp: Enable PXP irq worker and callback stub Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 07/13] drm/i915/pxp: Destroy arb session upon teardown Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 08/13] drm/i915/pxp: Enable PXP power management Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 09/13] drm/i915/pxp: Expose session state for display protection flip Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 10/13] mei: pxp: export pavp client to me client bus Huang, Sean Z
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 11/13] drm/i915/uapi: introduce drm_i915_gem_create_ext Huang, Sean Z
2021-01-18 6:07 ` Huang, Sean Z [this message]
2021-01-18 6:07 ` [Intel-gfx] [RFC-v21 13/13] drm/i915/pxp: Add plane decryption support Huang, Sean Z
2021-01-18 6:18 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for Introduce Intel PXP component - Mesa single session (rev21) Patchwork
2021-01-18 6:47 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-01-18 7:33 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Introduce Intel PXP component - Mesa single session (rev22) Patchwork
2021-01-18 10:09 ` [Intel-gfx] ✗ Fi.CI.IGT: failure for Introduce Intel PXP component - Mesa single session (rev21) Patchwork
2021-01-18 13:17 ` [Intel-gfx] [RFC-v21 00/13] Introduce Intel PXP component - Mesa single session Lionel Landwerlin
2021-01-19 2:34 ` Huang, Sean Z
-- strict thread matches above, loose matches on Subject: below --
2021-01-06 23:12 [Intel-gfx] [RFC-v19 " Huang, Sean Z
2021-01-17 6:45 ` [Intel-gfx] [RFC-v21 " Huang, Sean Z
2021-01-17 6:45 ` [Intel-gfx] [RFC-v21 12/13] drm/i915/pxp: User interface for Protected buffer Huang, Sean Z
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210118060730.15425-13-sean.z.huang@intel.com \
--to=sean.z.huang@intel.com \
--cc=Intel-gfx@lists.freedesktop.org \
--cc=kalyan.kondapally@intel.com \
--cc=krishnaiah.bommu@intel.com \
--cc=kumar.gaurav@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.