From patchwork Mon Nov 6 12:04:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yunfei Dong X-Patchwork-Id: 13446813 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6DFA8C4167B for ; Mon, 6 Nov 2023 12:06:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=1WXQz05PMzeXULoectlM3B7rZLHDtKgl8C59QT1Wc+w=; b=gNlhUMyGBLMqhX CPXeqgW1a1EBO0qzALnNM6NgBmHQE0lTNpbWBaJ0Bv8rVO+TLKliUTDEh7ruJo75Sj36ieFpWqkM0 GoNHHIuMDjTQ17SnQcr0xHtHSeElxIELLoyFAIaiiM4QtknlyloXLKQavIn4YdxG/h+hDk31vni71 O/SDRPE2au+gmg6p9egDBUOxfw9gjq4lhPS7KK0sZJsLJxVuYP/wUhg+DTvlky3ezD1erdLZM36XE wzrt0LK1mreG+N974C+4wEXzXyOgnq3GDC//ce40OY7YgipaWiefKqrwrXDaB01O2WR8ksstX9tY8 jiREW7pdvc6kOi5TMdLQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qzyMP-00Gaio-0y; Mon, 06 Nov 2023 12:05:41 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qzyLx-00GaB5-29; Mon, 06 Nov 2023 12:05:16 +0000 X-UUID: b8a00a347c9c11ee9b7791016c24628a-20231106 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=xbClLI66nLXR6+DrvXNRdDsoO2AywNyP9UvNF0j25Es=; b=SJGeA12WiLnNkJjDM4Bu4l4+AsmnaXmsLaJAMHHfmeP68M47E0O0b86Blf95P30SEe6upgdGYnOy9CSbI8KhSreSkj0W+cIW3RigA1RzpCOR55aa0PlkU6SvZfDhFupaVtIpLMKFa+BndO9Qs3Bmkm3EoHQXpBCCoj2ZsAJDeVk=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.33,REQID:bfd74299-1b49-4210-b87f-4baef6afcacf,IP:0,U RL:0,TC:0,Content:-5,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:-5 X-CID-META: VersionHash:364b77b,CLOUDID:ef2135fc-4a48-46e2-b946-12f04f20af8c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: b8a00a347c9c11ee9b7791016c24628a-20231106 Received: from mtkmbs14n1.mediatek.inc [(172.21.101.75)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 724161277; Mon, 06 Nov 2023 05:05:04 -0700 Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by mtkmbs11n1.mediatek.inc (172.21.101.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Mon, 6 Nov 2023 20:04:28 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Mon, 6 Nov 2023 20:04:27 +0800 From: Yunfei Dong To: Jeffrey Kardatzke , "T . J . Mercier" , John Stultz , Yong Wu , =?utf-8?q?N=C3=ADcolas_F_=2E_R_=2E_A_=2E_Pr?= =?utf-8?q?ado?= , Nicolas Dufresne , Hans Verkuil , AngeloGioacchino Del Regno , Benjamin Gaignard , Nathan Hebert CC: Chen-Yu Tsai , Hsin-Yi Wang , Fritz Koenig , Daniel Vetter , Steve Cho , Yunfei Dong , , , , , , Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue Date: Mon, 6 Nov 2023 20:04:05 +0800 Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com> References: <20231106120423.23364-1-yunfei.dong@mediatek.com> MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231106_040513_750020_D77D0981 X-CRM114-Status: GOOD ( 10.12 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Jeffrey Kardatzke Verfies in the dmabuf implementations that if the secure memory flag is set for a queue that the dmabuf submitted to the queue is unmappable. Signed-off-by: Jeffrey Kardatzke Signed-off-by: Yunfei Dong --- drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++ drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c index 3d4fd4ef5310..ad58ef8dc231 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c @@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + /* checking if dmabuf is big enough to store contiguous chunk */ contig_size = vb2_dc_get_contiguous_size(sgt); if (contig_size < buf->size) { diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index 28f3fdfe23a2..55428c73c380 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv) return -EINVAL; } + /* verify the dmabuf is secure if we are in secure mode */ + if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) { + pr_err("secure queue requires secure dma_buf"); + return -EINVAL; + } + buf->dma_sgt = sgt; buf->vaddr = NULL;