[v2,04/21] v4l: add documentation for secure memory flag

Message ID	20231106120423.23364-5-yunfei.dong@mediatek.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org> From: Yunfei Dong <yunfei.dong@mediatek.com> To: Jeffrey Kardatzke <jkardatzke@google.com>, "T . J . Mercier" <tjmercier@google.com>, John Stultz <jstultz@google.com>, Yong Wu <yong.wu@mediatek.com>, =?utf-8?q?N=C3=ADcolas_F_=2E_R_=2E_A_=2E_Pr?= =?utf-8?q?ado?= <nfraprado@collabora.com>, Nicolas Dufresne <nicolas.dufresne@collabora.com>, Hans Verkuil <hverkuil-cisco@xs4all.nl>, AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>, Benjamin Gaignard <benjamin.gaignard@collabora.com>, Nathan Hebert <nhebert@chromium.org> CC: Chen-Yu Tsai <wenst@chromium.org>, Hsin-Yi Wang <hsinyi@chromium.org>, Fritz Koenig <frkoenig@chromium.org>, Daniel Vetter <daniel@ffwll.ch>, Steve Cho <stevecho@chromium.org>, Yunfei Dong <yunfei.dong@mediatek.com>, <linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org>, <Project_Global_Chrome_Upstream_Group@mediatek.com> Subject: [PATCH v2,04/21] v4l: add documentation for secure memory flag Date: Mon, 6 Nov 2023 20:04:06 +0800 Message-ID: <20231106120423.23364-5-yunfei.dong@mediatek.com> In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com> References: <20231106120423.23364-1-yunfei.dong@mediatek.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Sender: "Linux-mediatek" <linux-mediatek-bounces@lists.infradead.org> Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org
Series	add driver to support secure video decoder \| expand [v2,00/21] add driver to support secure video decoder [v2,01/21] v4l2: add secure memory flags [v2,02/21] v4l2: handle secure memory flags in queue setup [v2,03/21] v4l2: verify secure dmabufs are used in secure queue [v2,04/21] v4l: add documentation for secure memory flag [v2,05/21] dma-buf: heaps: Deduplicate docs and adopt common format [v2,06/21] dma-heap: Add proper kref handling on dma-buf heaps [v2,07/21] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific… [v2,08/21] media: mediatek: vcodec: add tee client interface to communiate with optee-os [v2,09/21] media: mediatek: vcodec: allocate tee share memory [v2,10/21] media: mediatek: vcodec: send share memory data to optee [v2,11/21] media: mediatek: vcodec: initialize msg and vsi information [v2,12/21] media: mediatek: vcodec: add interface to allocate/free secure memory [v2,13/21] media: mediatek: vcodec: using shared memory as vsi address [v2,14/21] media: mediatek: vcodec: Add capture format to support one plane memory [v2,15/21] media: mediatek: vcodec: Add one plane format [v2,16/21] media: medkatek: vcodec: support one plane capture buffer [v2,17/21] media: medkatek: vcodec: re-construct h264 driver to support svp mode [v2,18/21] media: medkatek: vcodec: remove parse nal_info in kernel [v2,19/21] media: medkatek: vcodec: disable wait interrupt for svp mode [v2,20/21] media: medkatek: vcodec: support tee decoder [v2,21/21] media: mediatek: vcodec: move vdec init interface to setup callback

Message ID

20231106120423.23364-5-yunfei.dong@mediatek.com (mailing list archive)

State

New, archived

Headers

From: Yunfei Dong <yunfei.dong@mediatek.com>
To: Jeffrey Kardatzke <jkardatzke@google.com>,
 "T . J . Mercier" <tjmercier@google.com>, John Stultz <jstultz@google.com>,
 Yong Wu <yong.wu@mediatek.com>, =?utf-8?q?N=C3=ADcolas_F_=2E_R_=2E_A_=2E_Pr?=
	=?utf-8?q?ado?= <nfraprado@collabora.com>,
 Nicolas Dufresne <nicolas.dufresne@collabora.com>,
 Hans Verkuil <hverkuil-cisco@xs4all.nl>,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
 Benjamin Gaignard <benjamin.gaignard@collabora.com>,
 Nathan Hebert <nhebert@chromium.org>
CC: Chen-Yu Tsai <wenst@chromium.org>, Hsin-Yi Wang <hsinyi@chromium.org>,
	Fritz Koenig <frkoenig@chromium.org>, Daniel Vetter <daniel@ffwll.ch>, Steve
 Cho <stevecho@chromium.org>, Yunfei Dong <yunfei.dong@mediatek.com>,
	<linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
	<linux-mediatek@lists.infradead.org>,
	<Project_Global_Chrome_Upstream_Group@mediatek.com>
Subject: [PATCH v2,04/21] v4l: add documentation for secure memory flag
Date: Mon, 6 Nov 2023 20:04:06 +0800
Message-ID: <20231106120423.23364-5-yunfei.dong@mediatek.com>
In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com>
References: <20231106120423.23364-1-yunfei.dong@mediatek.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: list
Sender: "Linux-mediatek" <linux-mediatek-bounces@lists.infradead.org>
Errors-To: 
 linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org

Series

add driver to support secure video decoder | expand

Commit Message

Yunfei Dong Nov. 6, 2023, 12:04 p.m. UTC

From: Jeffrey Kardatzke <jkardatzke@google.com>

Adds documentation for V4L2_MEMORY_FLAG_SECURE.

Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
---
 Documentation/userspace-api/media/v4l/buffer.rst | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

Pavel Machek Nov. 11, 2023, 7:06 p.m. UTC | #1

Hi!

> From: Jeffrey Kardatzke <jkardatzke@google.com>
> 
> Adds documentation for V4L2_MEMORY_FLAG_SECURE.

> --- a/Documentation/userspace-api/media/v4l/buffer.rst
> +++ b/Documentation/userspace-api/media/v4l/buffer.rst
> @@ -696,7 +696,7 @@ enum v4l2_memory
>  
>  .. _memory-flags:
>  
> -Memory Consistency Flags
> +Memory Flags
>  ------------------------
>  
>  .. raw:: latex
> @@ -728,6 +728,12 @@ Memory Consistency Flags
>  	only if the buffer is used for :ref:`memory mapping <mmap>` I/O and the
>  	queue reports the :ref:`V4L2_BUF_CAP_SUPPORTS_MMAP_CACHE_HINTS
>  	<V4L2-BUF-CAP-SUPPORTS-MMAP-CACHE-HINTS>` capability.
> +    * .. _`V4L2-MEMORY-FLAG-SECURE`:
> +
> +      - ``V4L2_MEMORY_FLAG_SECURE``
> +      - 0x00000002
> +      - DMA bufs passed into the queue will be validated to ensure they were
> +	allocated from a secure dma-heap.

Could we get some more information somewhere? Why would userspace want
to work with "secure" DMA heaps? How exactly are they different from
others? What attacks are these secure against? What is goal of all
this? DRM?

BR,
								Pavel

Jeffrey Kardatzke Nov. 13, 2023, 6:04 p.m. UTC | #2

Mediatek,

What happened to the RFC cover letter that explained more overall for
what this is for?  That should be included in the 0th patch for each
of the series.

Pavel,
This is for secure video playback where the memory is 'secure'
(TrustZone in this case) and is only accessible in the TEE and
specific HW blocks. Userspace has FDs that reference the memory, but
kernel/userspace can't actually map/access that memory.  And yes, this
is for supporting DRM (Digital Rights Management) playback.

Cheers,
Jeff


On Sat, Nov 11, 2023 at 11:06 AM Pavel Machek <pavel@ucw.cz> wrote:
>
> Hi!
>
> > From: Jeffrey Kardatzke <jkardatzke@google.com>
> >
> > Adds documentation for V4L2_MEMORY_FLAG_SECURE.
>
> > --- a/Documentation/userspace-api/media/v4l/buffer.rst
> > +++ b/Documentation/userspace-api/media/v4l/buffer.rst
> > @@ -696,7 +696,7 @@ enum v4l2_memory
> >
> >  .. _memory-flags:
> >
> > -Memory Consistency Flags
> > +Memory Flags
> >  ------------------------
> >
> >  .. raw:: latex
> > @@ -728,6 +728,12 @@ Memory Consistency Flags
> >       only if the buffer is used for :ref:`memory mapping <mmap>` I/O and the
> >       queue reports the :ref:`V4L2_BUF_CAP_SUPPORTS_MMAP_CACHE_HINTS
> >       <V4L2-BUF-CAP-SUPPORTS-MMAP-CACHE-HINTS>` capability.
> > +    * .. _`V4L2-MEMORY-FLAG-SECURE`:
> > +
> > +      - ``V4L2_MEMORY_FLAG_SECURE``
> > +      - 0x00000002
> > +      - DMA bufs passed into the queue will be validated to ensure they were
> > +     allocated from a secure dma-heap.
>
> Could we get some more information somewhere? Why would userspace want
> to work with "secure" DMA heaps? How exactly are they different from
> others? What attacks are these secure against? What is goal of all
> this? DRM?
>
> BR,
>                                                                 Pavel
> --
> People of Russia, stop Putin before his war on Ukraine escalates.

diff --git a/Documentation/userspace-api/media/v4l/buffer.rst b/Documentation/userspace-api/media/v4l/buffer.rst
index 52bbee81c080..a5a7d1c72d53 100644
--- a/Documentation/userspace-api/media/v4l/buffer.rst
+++ b/Documentation/userspace-api/media/v4l/buffer.rst
@@ -696,7 +696,7 @@  enum v4l2_memory
 
 .. _memory-flags:
 
-Memory Consistency Flags
+Memory Flags
 ------------------------
 
 .. raw:: latex
@@ -728,6 +728,12 @@  Memory Consistency Flags
 	only if the buffer is used for :ref:`memory mapping <mmap>` I/O and the
 	queue reports the :ref:`V4L2_BUF_CAP_SUPPORTS_MMAP_CACHE_HINTS
 	<V4L2-BUF-CAP-SUPPORTS-MMAP-CACHE-HINTS>` capability.
+    * .. _`V4L2-MEMORY-FLAG-SECURE`:
+
+      - ``V4L2_MEMORY_FLAG_SECURE``
+      - 0x00000002
+      - DMA bufs passed into the queue will be validated to ensure they were
+	allocated from a secure dma-heap.
 
 .. raw:: latex

[v2,04/21] v4l: add documentation for secure memory flag

Commit Message

Comments

Patch