Re: [PATCH v5 2/9] drm/mediatek: Add secure buffer control flow to mtk_drm_gem

From: Jason-JH Lin (林睿祥)
Date: Tue May 28 2024 - 03:07:14 EST


Hi Maxime,

[snip]

I'm sorry for losing your previous comment mail.
I finally found a way to import this mail back so I can reply to you.

> > - mtk_gem = mtk_gem_create(dev, args->size, false);
> > + if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
> > + mtk_gem = mtk_gem_create_from_heap(dev, "mtk_svp_cma",
> > args->size);
>
> That heap doesn't exist upstream either. Also, I'm wondering if it's
> the
> right solution there.
>

Yes, I found that its name changed to "restricted_mtk_cma" in the
latest patch:
https://patchwork.kernel.org/project/linux-mediatek/patch/20240515112308.10171-10-yong.wu@xxxxxxxxxxxx/

> From what I can tell, you want to allow to create encrypted buffers
> from
> the TEE. Why do we need this as a DRM ioctl at all? A heap seems like
> the perfect solution to do so, and then you just have to import it
> into
> DRM.
>

OK, I'll try to change the userspace's ioctl from
DRM_IOCTL_MTK_GEM_CREATE to DMA_HEAP_IOCTL_ALLOC to get the buffer fd,
then import to DRM.

> I'm also not entirely sure that not having a SG list is enough to
> consider the buffer secure. Wouldn't a buffer allocated without a
> kernel
> mapping also be in that situation?
>

I have confirmed to Yong.Wu that secure buffer also have sg list, so
the secure checking method "!sg_page(sg->sgl)" will be deprecated.

Regards,
Jason-JH.Lin

> Maxime
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>