Re: [PATCH v5 2/9] drm/mediatek: Add secure buffer control flow to mtk_drm_gem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Maxime,

[snip]

I'm sorry for losing your previous comment mail.
I finally found a way to import this mail back so I can reply to you.

> > -	mtk_gem = mtk_gem_create(dev, args->size, false);
> > +	if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
> > +		mtk_gem = mtk_gem_create_from_heap(dev, "mtk_svp_cma",
> > args->size);
> 
> That heap doesn't exist upstream either. Also, I'm wondering if it's
> the
> right solution there.
> 

Yes, I found that its name changed to "restricted_mtk_cma" in the
latest patch: 
https://patchwork.kernel.org/project/linux-mediatek/patch/20240515112308.10171-10-yong.wu@xxxxxxxxxxxx/

> From what I can tell, you want to allow to create encrypted buffers
> from
> the TEE. Why do we need this as a DRM ioctl at all? A heap seems like
> the perfect solution to do so, and then you just have to import it
> into
> DRM.
> 

OK, I'll try to change the userspace's ioctl from
DRM_IOCTL_MTK_GEM_CREATE to DMA_HEAP_IOCTL_ALLOC to get the buffer fd,
then import to DRM.

> I'm also not entirely sure that not having a SG list is enough to
> consider the buffer secure. Wouldn't a buffer allocated without a
> kernel
> mapping also be in that situation?
> 

I have confirmed to Yong.Wu that secure buffer also have sg list, so
the secure checking method "!sg_page(sg->sgl)" will be deprecated.

Regards,
Jason-JH.Lin

> Maxime
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux