[PATCH v3 1/9] drm/xe/rtp: Add RING_FORCE_TO_NONPRIV_DENY to OA whitelists

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ashutosh Dixit <ashutosh.dixit@intel.com>
To: intel-xe@lists.freedesktop.org
Subject: [PATCH v3 1/9] drm/xe/rtp: Add RING_FORCE_TO_NONPRIV_DENY to OA whitelists
Date: Mon, 15 Jun 2026 15:42:19 -0700	[thread overview]
Message-ID: <20260615224227.34880-2-ashutosh.dixit@intel.com> (raw)
In-Reply-To: <20260615224227.34880-1-ashutosh.dixit@intel.com>

Unconditionally whitelisting OA registers is a security violation. Set
RING_FORCE_TO_NONPRIV_DENY bit in OA nonpriv slots, so that OA registers
don't get whitelisted by default after probe, gt reset, resume and engine
reset.

v2: Add WHITELIST_DENY macro
    Reword commit message (Umesh)

Suggested-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Reviewed-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
---
 drivers/gpu/drm/xe/xe_reg_whitelist.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/xe/xe_reg_whitelist.c b/drivers/gpu/drm/xe/xe_reg_whitelist.c
index 2e84b1c49f374..2d8ddb57412c2 100644
--- a/drivers/gpu/drm/xe/xe_reg_whitelist.c
+++ b/drivers/gpu/drm/xe/xe_reg_whitelist.c
@@ -104,10 +104,12 @@ static const struct xe_rtp_table_sr register_whitelist = XE_RTP_TABLE_SR(
 				   RING_FORCE_TO_NONPRIV_ACCESS_RW))
 	},
 
+#define WHITELIST_DENY(r, f) WHITELIST(r, (f) | RING_FORCE_TO_NONPRIV_DENY)
+
 #define WHITELIST_OA_MMIO_TRG(trg, status, head) \
-	WHITELIST(trg, RING_FORCE_TO_NONPRIV_ACCESS_RW), \
-	WHITELIST(status, RING_FORCE_TO_NONPRIV_ACCESS_RD), \
-	WHITELIST(head, RING_FORCE_TO_NONPRIV_ACCESS_RD | RING_FORCE_TO_NONPRIV_RANGE_4)
+	WHITELIST_DENY(trg, RING_FORCE_TO_NONPRIV_ACCESS_RW), \
+	WHITELIST_DENY(status, RING_FORCE_TO_NONPRIV_ACCESS_RD), \
+	WHITELIST_DENY(head, RING_FORCE_TO_NONPRIV_ACCESS_RD | RING_FORCE_TO_NONPRIV_RANGE_4)
 
 #define WHITELIST_OAG_MMIO_TRG \
 	WHITELIST_OA_MMIO_TRG(OAG_MMIOTRIGGER, OAG_OASTATUS, OAG_OAHEADPTR)
-- 
2.54.0

next prev parent reply	other threads:[~2026-06-15 22:42 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-15 22:42 [PATCH v3 0/9] Don't whitelist OA registers unconditionally Ashutosh Dixit
2026-06-15 22:42 ` Ashutosh Dixit [this message]
2026-06-15 22:42 ` [PATCH v3 2/9] drm/xe/rtp: Maintain OA whitelists separately Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 3/9] drm/xe/rtp: Keep track of non-OA nonpriv slots Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 4/9] drm/xe/rtp: Generalize whitelist_apply_to_hwe Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 5/9] drm/xe/rtp: Save OA nonpriv registers to register save/restore lists Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 6/9] drm/xe/rtp: Toggle 'deny' bit to (de-)whitelist OA regs Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 7/9] drm/xe/rtp: (De-)whitelist OA registers for all hwe's for a gt Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 8/9] drm/xe/oa: (De-)whitelist OA registers on OA stream open/release Ashutosh Dixit
2026-06-15 22:42 ` [PATCH v3 9/9] drm/xe/rtp: Ensure locking/ref counting for OA whitelists Ashutosh Dixit
2026-06-15 23:41 ` ✗ CI.checkpatch: warning for Don't whitelist OA registers unconditionally (rev4) Patchwork
2026-06-15 23:43 ` ✓ CI.KUnit: success " Patchwork
2026-06-16  0:26 ` ✓ Xe.CI.BAT: " Patchwork
2026-06-16  3:33 ` ✓ Xe.CI.FULL: " Patchwork

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2e84b1c49f37 dfblob:2d8ddb57412c )
 OR (
bs:"[PATCH v3 1/9] drm/xe/rtp: Add RING_FORCE_TO_NONPRIV_DENY to OA whitelists" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260615224227.34880-2-ashutosh.dixit@intel.com \
    --to=ashutosh.dixit@intel.com \
    --cc=intel-xe@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.