From: Simona Vetter <simona.vetter@ffwll.ch>
To: Lukas Wunner <lukas@wunner.de>
Cc: "Sumit Garg" <sumit.garg@linaro.org>,
simona.vetter@ffwll.ch,
"Jens Wiklander" <jens.wiklander@linaro.org>,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
op-tee@lists.trustedfirmware.org,
linux-arm-kernel@lists.infradead.org,
"Olivier Masse" <olivier.masse@nxp.com>,
"Thierry Reding" <thierry.reding@gmail.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Brian Starkey" <Brian.Starkey@arm.com>,
"John Stultz" <jstultz@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Matthias Brugger" <matthias.bgg@gmail.com>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
azarrabi@qti.qualcomm.com
Subject: Re: [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations
Date: Wed, 8 Jan 2025 18:00:16 +0100 [thread overview]
Message-ID: <Z36vIB-JrF5Ddhuf@phenom.ffwll.local> (raw)
In-Reply-To: <Z209ZegsmgN1xlNG@wunner.de>
On Thu, Dec 26, 2024 at 12:26:29PM +0100, Lukas Wunner wrote:
> On Thu, Dec 26, 2024 at 11:29:23AM +0530, Sumit Garg wrote:
> > On Tue, 24 Dec 2024 at 14:58, Lukas Wunner <lukas@wunner.de> wrote:
> > > However in the case of restricted memory, the situation is exactly
> > > the opposite: The kernel may *not* be able to access the data,
> > > but the crypto accelerator can access it just fine.
> > >
> > > I did raise a concern about this to the maintainer, but to no avail:
> > > https://lore.kernel.org/r/Z1Kym1-9ka8kGHrM@wunner.de/
> >
> > Herbert's point is valid that there isn't any point for mapping
> > restricted memory in the kernel virtual address space as any kernel
> > access to that space can lead to platform specific hardware error
> > scenarios. And for that reason we simply disallow dma_buf_mmap() and
> > don't support dma_buf_vmap() for DMA-bufs holding TEE restricted
> > memory.
>
> The API for signature generation/verification (e.g. crypto_sig_sign(),
> crypto_sig_verify()) no longer accepts scatterlists, only buffers in
> virtual address space:
>
> https://lore.kernel.org/all/ZIrnPcPj9Zbq51jK@gondor.apana.org.au/
>
> Hence in order to use buffers in restricted memory for signature
> generation/verification, you'd need to map them into virtual address
> space first.
Nope, you need to get that old api back. Kernel virtual address space
mappings for dma-buf are very intentionally optional.
-Sima
--
Simona Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
WARNING: multiple messages have this Message-ID (diff)
From: Simona Vetter <simona.vetter@ffwll.ch>
To: op-tee@lists.trustedfirmware.org
Subject: Re: [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations
Date: Wed, 08 Jan 2025 18:00:16 +0100 [thread overview]
Message-ID: <Z36vIB-JrF5Ddhuf@phenom.ffwll.local> (raw)
In-Reply-To: <Z209ZegsmgN1xlNG@wunner.de>
[-- Attachment #1: Type: text/plain, Size: 1517 bytes --]
On Thu, Dec 26, 2024 at 12:26:29PM +0100, Lukas Wunner wrote:
> On Thu, Dec 26, 2024 at 11:29:23AM +0530, Sumit Garg wrote:
> > On Tue, 24 Dec 2024 at 14:58, Lukas Wunner <lukas@wunner.de> wrote:
> > > However in the case of restricted memory, the situation is exactly
> > > the opposite: The kernel may *not* be able to access the data,
> > > but the crypto accelerator can access it just fine.
> > >
> > > I did raise a concern about this to the maintainer, but to no avail:
> > > https://lore.kernel.org/r/Z1Kym1-9ka8kGHrM(a)wunner.de/
> >
> > Herbert's point is valid that there isn't any point for mapping
> > restricted memory in the kernel virtual address space as any kernel
> > access to that space can lead to platform specific hardware error
> > scenarios. And for that reason we simply disallow dma_buf_mmap() and
> > don't support dma_buf_vmap() for DMA-bufs holding TEE restricted
> > memory.
>
> The API for signature generation/verification (e.g. crypto_sig_sign(),
> crypto_sig_verify()) no longer accepts scatterlists, only buffers in
> virtual address space:
>
> https://lore.kernel.org/all/ZIrnPcPj9Zbq51jK(a)gondor.apana.org.au/
>
> Hence in order to use buffers in restricted memory for signature
> generation/verification, you'd need to map them into virtual address
> space first.
Nope, you need to get that old api back. Kernel virtual address space
mappings for dma-buf are very intentionally optional.
-Sima
--
Simona Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
next prev parent reply other threads:[~2025-01-08 17:34 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-17 10:07 [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 1/6] tee: add restricted memory allocation Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2025-01-08 16:54 ` Simona Vetter
2025-01-08 16:54 ` Simona Vetter
2025-01-09 7:17 ` Jens Wiklander
2025-01-09 7:17 ` Jens Wiklander
2025-02-13 8:44 ` Boris Brezillon
2025-02-13 8:44 ` Boris Brezillon
2024-12-17 10:07 ` [PATCH v4 2/6] optee: account for direction while converting parameters Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 3/6] optee: sync secure world ABI headers Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 4/6] optee: support restricted memory allocation Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-17 10:07 ` [PATCH v4 5/6] optee: FF-A: dynamic " Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-20 14:38 ` kernel test robot
2024-12-20 14:38 ` kernel test robot
2024-12-21 9:40 ` kernel test robot
2024-12-21 9:40 ` kernel test robot
2024-12-17 10:07 ` [PATCH v4 6/6] optee: smc abi: " Jens Wiklander
2024-12-17 10:07 ` Jens Wiklander
2024-12-18 11:06 ` [PATCH v4 0/6] TEE subsystem for restricted dma-buf allocations Simona Vetter
2024-12-18 11:06 ` Simona Vetter
2024-12-24 6:35 ` Sumit Garg
2024-12-24 6:35 ` Sumit Garg
2024-12-24 9:28 ` Lukas Wunner
2024-12-24 9:28 ` Lukas Wunner
2024-12-24 9:32 ` Lukas Wunner
2024-12-24 9:32 ` Lukas Wunner
2024-12-24 10:00 ` Dmitry Baryshkov
2024-12-24 10:00 ` Dmitry Baryshkov
2024-12-26 5:59 ` Sumit Garg
2024-12-26 5:59 ` Sumit Garg
2024-12-26 11:26 ` Lukas Wunner
2024-12-26 11:26 ` Lukas Wunner
2025-01-08 17:00 ` Simona Vetter [this message]
2025-01-08 17:00 ` Simona Vetter
2025-01-08 16:57 ` Simona Vetter
2025-01-08 16:57 ` Simona Vetter
2025-01-09 6:08 ` Sumit Garg
2025-01-09 6:08 ` Sumit Garg
2025-02-12 19:56 ` Boris Brezillon
2025-02-12 19:56 ` Boris Brezillon
2025-02-13 6:41 ` Sumit Garg
2025-02-13 6:41 ` Sumit Garg
2025-02-13 8:19 ` Jens Wiklander
2025-02-13 8:19 ` Jens Wiklander
2025-02-13 8:35 ` Boris Brezillon
2025-02-13 8:35 ` Boris Brezillon
2025-02-13 9:16 ` Sumit Garg
2025-02-13 9:16 ` Sumit Garg
2025-02-13 12:40 ` Boris Brezillon
2025-02-13 12:40 ` Boris Brezillon
2025-02-13 14:05 ` Daniel Stone
2025-02-13 14:05 ` Daniel Stone
2025-02-13 15:57 ` Jens Wiklander
2025-02-13 15:57 ` Jens Wiklander
2025-02-13 17:39 ` Daniel Stone
2025-02-13 17:39 ` Daniel Stone
2025-02-14 10:07 ` Jens Wiklander
2025-02-14 10:07 ` Jens Wiklander
2025-02-14 13:07 ` Sumit Garg
2025-02-14 13:07 ` Sumit Garg
2025-02-14 15:48 ` Boris Brezillon
2025-02-14 15:48 ` Boris Brezillon
2025-02-17 6:12 ` Sumit Garg
2025-02-17 6:12 ` Sumit Garg
2025-02-18 16:22 ` Daniel Stone
2025-02-18 16:22 ` Daniel Stone
2025-02-19 13:22 ` Simona Vetter
2025-02-19 13:22 ` Simona Vetter
2025-02-21 11:24 ` Sumit Garg
2025-02-21 11:24 ` Sumit Garg
2025-02-21 14:12 ` Daniel Stone
2025-02-21 14:12 ` Daniel Stone
2025-03-04 7:17 ` Jens Wiklander
2025-03-04 7:17 ` Jens Wiklander
2025-03-04 7:45 ` Sumit Garg
2025-03-04 7:45 ` Sumit Garg
2025-03-18 18:38 ` Nicolas Dufresne
2025-03-18 18:38 ` Nicolas Dufresne
2025-03-19 7:37 ` Jens Wiklander
2025-03-19 7:37 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z36vIB-JrF5Ddhuf@phenom.ffwll.local \
--to=simona.vetter@ffwll.ch \
--cc=Brian.Starkey@arm.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=azarrabi@qti.qualcomm.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jens.wiklander@linaro.org \
--cc=jstultz@google.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=matthias.bgg@gmail.com \
--cc=olivier.masse@nxp.com \
--cc=op-tee@lists.trustedfirmware.org \
--cc=sumit.garg@linaro.org \
--cc=sumit.semwal@linaro.org \
--cc=thierry.reding@gmail.com \
--cc=tjmercier@google.com \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.