From: Yunfei Dong <yunfei.dong@mediatek.com>
To: "Jeffrey Kardatzke" <jkardatzke@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"John Stultz" <jstultz@google.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Nícolas F . R . A . Prado" <nfraprado@collabora.com>,
"Nicolas Dufresne" <nicolas.dufresne@collabora.com>,
"Hans Verkuil" <hverkuil-cisco@xs4all.nl>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Nathan Hebert" <nhebert@chromium.org>
Cc: Chen-Yu Tsai <wenst@chromium.org>,
Hsin-Yi Wang <hsinyi@chromium.org>,
Fritz Koenig <frkoenig@chromium.org>,
Daniel Vetter <daniel@ffwll.ch>,
Steve Cho <stevecho@chromium.org>,
Yunfei Dong <yunfei.dong@mediatek.com>,
<linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<Project_Global_Chrome_Upstream_Group@mediatek.com>
Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue
Date: Mon, 6 Nov 2023 20:04:05 +0800 [thread overview]
Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> (raw)
In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com>
From: Jeffrey Kardatzke <jkardatzke@google.com>
Verfies in the dmabuf implementations that if the secure memory flag is
set for a queue that the dmabuf submitted to the queue is unmappable.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++
drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index 3d4fd4ef5310..ad58ef8dc231 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
/* checking if dmabuf is big enough to store contiguous chunk */
contig_size = vb2_dc_get_contiguous_size(sgt);
if (contig_size < buf->size) {
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
index 28f3fdfe23a2..55428c73c380 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
@@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
buf->dma_sgt = sgt;
buf->vaddr = NULL;
--
2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Yunfei Dong <yunfei.dong@mediatek.com>
To: "Jeffrey Kardatzke" <jkardatzke@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"John Stultz" <jstultz@google.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Nícolas F . R . A . Prado" <nfraprado@collabora.com>,
"Nicolas Dufresne" <nicolas.dufresne@collabora.com>,
"Hans Verkuil" <hverkuil-cisco@xs4all.nl>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Nathan Hebert" <nhebert@chromium.org>
Cc: Chen-Yu Tsai <wenst@chromium.org>,
Hsin-Yi Wang <hsinyi@chromium.org>,
Fritz Koenig <frkoenig@chromium.org>,
Daniel Vetter <daniel@ffwll.ch>,
Steve Cho <stevecho@chromium.org>,
Yunfei Dong <yunfei.dong@mediatek.com>,
<linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<Project_Global_Chrome_Upstream_Group@mediatek.com>
Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue
Date: Mon, 6 Nov 2023 20:04:05 +0800 [thread overview]
Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> (raw)
In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com>
From: Jeffrey Kardatzke <jkardatzke@google.com>
Verfies in the dmabuf implementations that if the secure memory flag is
set for a queue that the dmabuf submitted to the queue is unmappable.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++
drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index 3d4fd4ef5310..ad58ef8dc231 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
/* checking if dmabuf is big enough to store contiguous chunk */
contig_size = vb2_dc_get_contiguous_size(sgt);
if (contig_size < buf->size) {
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
index 28f3fdfe23a2..55428c73c380 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
@@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
buf->dma_sgt = sgt;
buf->vaddr = NULL;
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-11-06 12:04 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 12:04 [PATCH v2,00/21] add driver to support secure video decoder Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,01/21] v4l2: add secure memory flags Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,02/21] v4l2: handle secure memory flags in queue setup Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong [this message]
2023-11-06 12:04 ` [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,04/21] v4l: add documentation for secure memory flag Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-11 19:06 ` Pavel Machek
2023-11-11 19:06 ` Pavel Machek
2023-11-13 18:04 ` Jeffrey Kardatzke
2023-11-13 18:04 ` Jeffrey Kardatzke
2023-11-06 12:04 ` [PATCH v2,05/21] dma-buf: heaps: Deduplicate docs and adopt common format Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,06/21] dma-heap: Add proper kref handling on dma-buf heaps Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,07/21] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific heaps Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,08/21] media: mediatek: vcodec: add tee client interface to communiate with optee-os Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,09/21] media: mediatek: vcodec: allocate tee share memory Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,10/21] media: mediatek: vcodec: send share memory data to optee Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,11/21] media: mediatek: vcodec: initialize msg and vsi information Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,12/21] media: mediatek: vcodec: add interface to allocate/free secure memory Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,13/21] media: mediatek: vcodec: using shared memory as vsi address Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,14/21] media: mediatek: vcodec: Add capture format to support one plane memory Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,15/21] media: mediatek: vcodec: Add one plane format Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,16/21] media: medkatek: vcodec: support one plane capture buffer Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,17/21] media: medkatek: vcodec: re-construct h264 driver to support svp mode Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,18/21] media: medkatek: vcodec: remove parse nal_info in kernel Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,19/21] media: medkatek: vcodec: disable wait interrupt for svp mode Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,20/21] media: medkatek: vcodec: support tee decoder Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,21/21] media: mediatek: vcodec: move vdec init interface to setup callback Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231106120423.23364-4-yunfei.dong@mediatek.com \
--to=yunfei.dong@mediatek.com \
--cc=Project_Global_Chrome_Upstream_Group@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=daniel@ffwll.ch \
--cc=devicetree@vger.kernel.org \
--cc=frkoenig@chromium.org \
--cc=hsinyi@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=jkardatzke@google.com \
--cc=jstultz@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=nfraprado@collabora.com \
--cc=nhebert@chromium.org \
--cc=nicolas.dufresne@collabora.com \
--cc=stevecho@chromium.org \
--cc=tjmercier@google.com \
--cc=wenst@chromium.org \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.