From: Yunfei Dong <yunfei.dong@mediatek.com> To: "Jeffrey Kardatzke" <jkardatzke@google.com>, "T . J . Mercier" <tjmercier@google.com>, "John Stultz" <jstultz@google.com>, "Yong Wu" <yong.wu@mediatek.com>, "Nícolas F . R . A . Prado" <nfraprado@collabora.com>, "Nicolas Dufresne" <nicolas.dufresne@collabora.com>, "Hans Verkuil" <hverkuil-cisco@xs4all.nl>, "AngeloGioacchino Del Regno" <angelogioacchino.delregno@collabora.com>, "Benjamin Gaignard" <benjamin.gaignard@collabora.com>, "Nathan Hebert" <nhebert@chromium.org> Cc: Chen-Yu Tsai <wenst@chromium.org>, Hsin-Yi Wang <hsinyi@chromium.org>, Fritz Koenig <frkoenig@chromium.org>, Daniel Vetter <daniel@ffwll.ch>, Steve Cho <stevecho@chromium.org>, Yunfei Dong <yunfei.dong@mediatek.com>, <linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org>, <Project_Global_Chrome_Upstream_Group@mediatek.com> Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue Date: Mon, 6 Nov 2023 20:04:05 +0800 [thread overview] Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> (raw) In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com> From: Jeffrey Kardatzke <jkardatzke@google.com> Verfies in the dmabuf implementations that if the secure memory flag is set for a queue that the dmabuf submitted to the queue is unmappable. Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com> Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com> --- drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++ drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c index 3d4fd4ef5310..ad58ef8dc231 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c @@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + /* checking if dmabuf is big enough to store contiguous chunk */ contig_size = vb2_dc_get_contiguous_size(sgt); if (contig_size < buf->size) { diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index 28f3fdfe23a2..55428c73c380 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + buf->dma_sgt = sgt; buf->vaddr = NULL; -- 2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Yunfei Dong <yunfei.dong@mediatek.com> To: "Jeffrey Kardatzke" <jkardatzke@google.com>, "T . J . Mercier" <tjmercier@google.com>, "John Stultz" <jstultz@google.com>, "Yong Wu" <yong.wu@mediatek.com>, "Nícolas F . R . A . Prado" <nfraprado@collabora.com>, "Nicolas Dufresne" <nicolas.dufresne@collabora.com>, "Hans Verkuil" <hverkuil-cisco@xs4all.nl>, "AngeloGioacchino Del Regno" <angelogioacchino.delregno@collabora.com>, "Benjamin Gaignard" <benjamin.gaignard@collabora.com>, "Nathan Hebert" <nhebert@chromium.org> Cc: Chen-Yu Tsai <wenst@chromium.org>, Hsin-Yi Wang <hsinyi@chromium.org>, Fritz Koenig <frkoenig@chromium.org>, Daniel Vetter <daniel@ffwll.ch>, Steve Cho <stevecho@chromium.org>, Yunfei Dong <yunfei.dong@mediatek.com>, <linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org>, <Project_Global_Chrome_Upstream_Group@mediatek.com> Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue Date: Mon, 6 Nov 2023 20:04:05 +0800 [thread overview] Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> (raw) In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com> From: Jeffrey Kardatzke <jkardatzke@google.com> Verfies in the dmabuf implementations that if the secure memory flag is set for a queue that the dmabuf submitted to the queue is unmappable. Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com> Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com> --- drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++ drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c index 3d4fd4ef5310..ad58ef8dc231 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c @@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + /* checking if dmabuf is big enough to store contiguous chunk */ contig_size = vb2_dc_get_contiguous_size(sgt); if (contig_size < buf->size) { diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index 28f3fdfe23a2..55428c73c380 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + buf->dma_sgt = sgt; buf->vaddr = NULL; -- 2.18.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-11-06 12:04 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-11-06 12:04 [PATCH v2,00/21] add driver to support secure video decoder Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,01/21] v4l2: add secure memory flags Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,02/21] v4l2: handle secure memory flags in queue setup Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong [this message] 2023-11-06 12:04 ` [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,04/21] v4l: add documentation for secure memory flag Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-11 19:06 ` Pavel Machek 2023-11-11 19:06 ` Pavel Machek 2023-11-13 18:04 ` Jeffrey Kardatzke 2023-11-13 18:04 ` Jeffrey Kardatzke 2023-11-06 12:04 ` [PATCH v2,05/21] dma-buf: heaps: Deduplicate docs and adopt common format Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,06/21] dma-heap: Add proper kref handling on dma-buf heaps Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,07/21] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific heaps Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,08/21] media: mediatek: vcodec: add tee client interface to communiate with optee-os Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,09/21] media: mediatek: vcodec: allocate tee share memory Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,10/21] media: mediatek: vcodec: send share memory data to optee Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,11/21] media: mediatek: vcodec: initialize msg and vsi information Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,12/21] media: mediatek: vcodec: add interface to allocate/free secure memory Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,13/21] media: mediatek: vcodec: using shared memory as vsi address Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,14/21] media: mediatek: vcodec: Add capture format to support one plane memory Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,15/21] media: mediatek: vcodec: Add one plane format Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,16/21] media: medkatek: vcodec: support one plane capture buffer Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,17/21] media: medkatek: vcodec: re-construct h264 driver to support svp mode Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,18/21] media: medkatek: vcodec: remove parse nal_info in kernel Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,19/21] media: medkatek: vcodec: disable wait interrupt for svp mode Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,20/21] media: medkatek: vcodec: support tee decoder Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong 2023-11-06 12:04 ` [PATCH v2,21/21] media: mediatek: vcodec: move vdec init interface to setup callback Yunfei Dong 2023-11-06 12:04 ` Yunfei Dong
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20231106120423.23364-4-yunfei.dong@mediatek.com \ --to=yunfei.dong@mediatek.com \ --cc=Project_Global_Chrome_Upstream_Group@mediatek.com \ --cc=angelogioacchino.delregno@collabora.com \ --cc=benjamin.gaignard@collabora.com \ --cc=daniel@ffwll.ch \ --cc=devicetree@vger.kernel.org \ --cc=frkoenig@chromium.org \ --cc=hsinyi@chromium.org \ --cc=hverkuil-cisco@xs4all.nl \ --cc=jkardatzke@google.com \ --cc=jstultz@google.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-media@vger.kernel.org \ --cc=linux-mediatek@lists.infradead.org \ --cc=nfraprado@collabora.com \ --cc=nhebert@chromium.org \ --cc=nicolas.dufresne@collabora.com \ --cc=stevecho@chromium.org \ --cc=tjmercier@google.com \ --cc=wenst@chromium.org \ --cc=yong.wu@mediatek.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.