From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <intel-xe-bounces@lists.freedesktop.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 95045CD4F54
	for <intel-xe@archiver.kernel.org>; Fri, 29 May 2026 19:12:38 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 55481112439;
	Fri, 29 May 2026 19:12:38 +0000 (UTC)
Authentication-Results: gabe.freedesktop.org;
	dkim=pass (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.b="gxaL1DMf";
	dkim-atps=neutral
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14])
 by gabe.freedesktop.org (Postfix) with ESMTPS id D6196112438
 for <intel-xe@lists.freedesktop.org>; Fri, 29 May 2026 19:12:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1780081956; x=1811617956;
 h=date:message-id:from:to:cc:subject:in-reply-to:
 references:mime-version;
 bh=iwi7NX2eMAm6SGT7L/eWuOMKc+cxe4mJDNySbrVSoYs=;
 b=gxaL1DMf0bIcNB7YzMtRlOG3FDOk3FHB/Ota8D/RVuuT0dYgMgUIg6A/
 cT8sAXbFDCYo+wNyt7Kl10/I9Vk9q2eN8dX+SYUgubswF02GNk7mSvUv3
 panG4S0Sq4y8AkKMgUAtr82lZ56UOYUsiPsQySVjLTNny3YkvYU3YrvDm
 MYScmad/VQv4gKs74/JKiKkwXTEWhp1MDvSdlR97rYbaTb9lNXm1F17FD
 SALXAp4vsO+8Uc+j8A/peW++37++mjnrQPPKxvyZRYw3qzCDSGd6cUhIt
 l8uk7zkkul7LiyFv7+kot1sVnVhcQTzHm5Xbv+JyPDPfVP5KyPIMXHu78 A==;
X-CSE-ConnectionGUID: okjBhSoMRWWUaTXC1tyvdg==
X-CSE-MsgGUID: 4k3KSJDoS1KpmZt8AOCJOQ==
X-IronPort-AV: E=McAfee;i="6800,10657,11801"; a="80968047"
X-IronPort-AV: E=Sophos;i="6.24,175,1774335600"; d="scan'208";a="80968047"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
 by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 29 May 2026 12:12:36 -0700
X-CSE-ConnectionGUID: o9AkuHw8Q+OonRxa0I+yrA==
X-CSE-MsgGUID: rlCJwxBnQxKzLwKTWSLBdQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.24,175,1774335600"; d="scan'208";a="246938480"
Received: from blai1-mobl2.amr.corp.intel.com (HELO adixit-MOBL3.intel.com)
 ([10.125.68.160])
 by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 29 May 2026 12:12:36 -0700
Date: Fri, 29 May 2026 12:12:35 -0700
Message-ID: <878q92m3mk.wl-ashutosh.dixit@intel.com>
From: "Dixit, Ashutosh" <ashutosh.dixit@intel.com>
To: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
Cc: <intel-xe@lists.freedesktop.org>
Subject: Re: [PATCH 1/9] drm/xe/rtp: Add RING_FORCE_TO_NONPRIV_DENY to OA
 whitelists
In-Reply-To: <ahdOKYJHW/U4t2l5@soc-5CG1426VCC.clients.intel.com>
References: <20260518234716.1540123-1-ashutosh.dixit@intel.com>
 <20260518234716.1540123-2-ashutosh.dixit@intel.com>
 <ag+R6ndpufdiwMej@soc-5CG1426VCC.clients.intel.com>
 <878q9cwd36.wl-ashutosh.dixit@intel.com>
 <ahXwod5FQOxZNj20@soc-5CG1426VCC.clients.intel.com>
 <ahdOKYJHW/U4t2l5@soc-5CG1426VCC.clients.intel.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
 FLIM-LB/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL-LB/10.8 EasyPG/1.0.0
 Emacs/30.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: intel-xe@lists.freedesktop.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Intel Xe graphics driver <intel-xe.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/intel-xe>,
 <mailto:intel-xe-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/intel-xe>
List-Post: <mailto:intel-xe@lists.freedesktop.org>
List-Help: <mailto:intel-xe-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/intel-xe>,
 <mailto:intel-xe-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-xe-bounces@lists.freedesktop.org
Sender: "Intel-xe" <intel-xe-bounces@lists.freedesktop.org>

On Wed, 27 May 2026 13:03:53 -0700, Umesh Nerlige Ramappa wrote:
>

Hi Umesh,

> On Tue, May 26, 2026 at 12:12:33PM -0700, Umesh Nerlige Ramappa wrote:
> > On Thu, May 21, 2026 at 04:35:25PM -0700, Dixit, Ashutosh wrote:
> >> On Thu, 21 May 2026 16:14:50 -0700, Umesh Nerlige Ramappa wrote:
> >>>
> >>> On Mon, May 18, 2026 at 04:47:08PM -0700, Ashutosh Dixit wrote:
> >>>> Unconditionally whitelisting OA registers is a security violation. Set
> >>>> RING_FORCE_TO_NONPRIV_DENY bit in OA nonpriv slots, so that OA registers
> >>>> don't get whitelisted by default after probe/reset/restart.
>
> probe/gt-reset/resume to be precise.

Yes, good idea, I'll change these and maybe add a comment too near
WHITELIST_OA_MMIO_TRG().

> During resume and gt-reset flows KMD will apply the reg_sr to mmio, so
> you are ensuring DENY is enforced in these paths as well. As for
> engine-reset, the hwe->reg_sr is registered with GuC and GuC will save
> and restore these values.
>

This will likely need to go to Patch 5 ("drm/xe/rtp: Save OA nonpriv
registers to register save/restore lists"), let me see. I already added a
hint there, but will see if the commit message can be improved in the next
rev. We can take a look again at v2.

> Some of this info would be helpful in the commit messages OR comments to
> understand the bigger picture (for reviewers at least)

Thanks.
--
Ashutosh



>
> >>>>
> >>>> Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
> >>>> ---
> >>>> drivers/gpu/drm/xe/xe_reg_whitelist.c | 7 ++++---
> >>>> 1 file changed, 4 insertions(+), 3 deletions(-)
> >>>>
> >>>> diff --git a/drivers/gpu/drm/xe/xe_reg_whitelist.c b/drivers/gpu/drm/xe/xe_reg_whitelist.c
> >>>> index fb65940848d7a..d6a5d499373bc 100644
> >>>> --- a/drivers/gpu/drm/xe/xe_reg_whitelist.c
> >>>> +++ b/drivers/gpu/drm/xe/xe_reg_whitelist.c
> >>>> @@ -105,9 +105,10 @@ static const struct xe_rtp_entry_sr register_whitelist[] = {
> >>>>	},
> >>>>
> >>>> #define WHITELIST_OA_MMIO_TRG(trg, status, head) \
> >>>> -	WHITELIST(trg, RING_FORCE_TO_NONPRIV_ACCESS_RW), \
> >>>> -	WHITELIST(status, RING_FORCE_TO_NONPRIV_ACCESS_RD), \
> >>>> -	WHITELIST(head, RING_FORCE_TO_NONPRIV_ACCESS_RD | RING_FORCE_TO_NONPRIV_RANGE_4)
> >>>> +	WHITELIST(trg, RING_FORCE_TO_NONPRIV_ACCESS_RW | RING_FORCE_TO_NONPRIV_DENY), \
> >>>> +	WHITELIST(status, RING_FORCE_TO_NONPRIV_ACCESS_RD | RING_FORCE_TO_NONPRIV_DENY), \
> >>>> +	WHITELIST(head, RING_FORCE_TO_NONPRIV_ACCESS_RD | RING_FORCE_TO_NONPRIV_RANGE_4 | \
> >>>> +		  RING_FORCE_TO_NONPRIV_DENY)
> >>>
> >>> status and head should be clubbed into one slot, starting with status and
> >>> RANGE_4. Maybe that can be a patch before this one.
> >>
> >> No, e.g. for OAG, status is 0xdafc which is not a multiple of 16, which is
> >> a requirement for RANGE_4.
> >
> > I missed that. I thought HW compared ranges differently. In that case,
> > this is correct and the individual registers can be whitelisted
> > separately if needed. Otherwise some registers can be dropped whenever
> > you plan to do it.
> >
> > Reviewed-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
> >
> >
> > Umesh.
> >>
> >> Also, about RANGE_4 above, there were different suggestions, e.g. tail and
> >> oabuffer should be different slots, rather than grouping in a single
> >> RANGE_4 above. To avoid any such controversy, I decided to focus this
> >> series only on removing unconditional whitelisting for OA registers. Any
> >> other changes, such as removing or retaining RANGE_4, we can do after this
> >> series is reviewed/merged.
> >>
> >> Thanks.
> >> --
> >> Ashutosh
> >>
> >>>> #define WHITELIST_OAG_MMIO_TRG \
> >>>>	WHITELIST_OA_MMIO_TRG(OAG_MMIOTRIGGER, OAG_OASTATUS, OAG_OAHEADPTR)
> >>>> --
> >>>> 2.54.0
> >>>>