public inbox for intel-gfx@lists.freedesktop.org
 help / color / mirror / Atom feed
From: Daniel Vetter <daniel@ffwll.ch>
To: Ramalingam C <ramalingam.c@intel.com>
Cc: intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
	gwan-gyeong.mun@intel.com
Subject: Re: [PATCH v5 06/12] drm/i915: SRM revocation check for HDCP1.4 and 2.2
Date: Mon, 29 Apr 2019 09:28:34 +0200	[thread overview]
Message-ID: <20190429072834.GC3271@phenom.ffwll.local> (raw)
In-Reply-To: <20190418085805.5648-7-ramalingam.c@intel.com>

On Thu, Apr 18, 2019 at 02:27:59PM +0530, Ramalingam C wrote:
> DRM HDCP SRM revocation check services are used from I915 for HDCP1.4
> and 2.2 revocation check during the respective authentication flow.
> 
> v2:
>   Rebased.
> 
> Signed-off-by: Ramalingam C <ramalingam.c@intel.com>
> ---
>  drivers/gpu/drm/i915/intel_hdcp.c | 57 ++++++++++++++++++++++++-------
>  1 file changed, 44 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/intel_hdcp.c b/drivers/gpu/drm/i915/intel_hdcp.c
> index 772974697b5a..de634f3fbd1b 100644
> --- a/drivers/gpu/drm/i915/intel_hdcp.c
> +++ b/drivers/gpu/drm/i915/intel_hdcp.c
> @@ -492,9 +492,11 @@ int intel_hdcp_validate_v_prime(struct intel_digital_port *intel_dig_port,
>  
>  /* Implements Part 2 of the HDCP authorization procedure */
>  static
> -int intel_hdcp_auth_downstream(struct intel_digital_port *intel_dig_port,
> -			       const struct intel_hdcp_shim *shim)
> +int intel_hdcp_auth_downstream(struct intel_connector *connector)
>  {
> +	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
> +	const struct intel_hdcp_shim *shim = connector->hdcp.shim;
> +	struct drm_device *dev = connector->base.dev;
>  	u8 bstatus[2], num_downstream, *ksv_fifo;
>  	int ret, i, tries = 3;
>  
> @@ -533,6 +535,11 @@ int intel_hdcp_auth_downstream(struct intel_digital_port *intel_dig_port,
>  	if (ret)
>  		goto err;
>  
> +	if (drm_hdcp_ksvs_revocated(dev, ksv_fifo, num_downstream)) {
> +		DRM_ERROR("Revocated Ksv(s) in ksv_fifo\n");
> +		return -EPERM;
> +	}
> +
>  	/*
>  	 * When V prime mismatches, DP Spec mandates re-read of
>  	 * V prime atleast twice.
> @@ -559,9 +566,12 @@ int intel_hdcp_auth_downstream(struct intel_digital_port *intel_dig_port,
>  }
>  
>  /* Implements Part 1 of the HDCP authorization procedure */
> -static int intel_hdcp_auth(struct intel_digital_port *intel_dig_port,
> -			   const struct intel_hdcp_shim *shim)
> +static int intel_hdcp_auth(struct intel_connector *connector)
>  {
> +	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
> +	struct intel_hdcp *hdcp = &connector->hdcp;
> +	struct drm_device *dev = connector->base.dev;
> +	const struct intel_hdcp_shim *shim = hdcp->shim;
>  	struct drm_i915_private *dev_priv;
>  	enum port port;
>  	unsigned long r0_prime_gen_start;
> @@ -627,6 +637,11 @@ static int intel_hdcp_auth(struct intel_digital_port *intel_dig_port,
>  	if (ret < 0)
>  		return ret;
>  
> +	if (drm_hdcp_ksvs_revocated(dev, bksv.shim, 1)) {
> +		DRM_ERROR("BKSV is revocated\n");
> +		return -EPERM;
> +	}
> +
>  	I915_WRITE(PORT_HDCP_BKSVLO(port), bksv.reg[0]);
>  	I915_WRITE(PORT_HDCP_BKSVHI(port), bksv.reg[1]);
>  
> @@ -700,7 +715,7 @@ static int intel_hdcp_auth(struct intel_digital_port *intel_dig_port,
>  	 */
>  
>  	if (repeater_present)
> -		return intel_hdcp_auth_downstream(intel_dig_port, shim);
> +		return intel_hdcp_auth_downstream(connector);
>  
>  	DRM_DEBUG_KMS("HDCP is enabled (no repeater present)\n");
>  	return 0;
> @@ -763,7 +778,7 @@ static int _intel_hdcp_enable(struct intel_connector *connector)
>  
>  	/* Incase of authentication failures, HDCP spec expects reauth. */
>  	for (i = 0; i < tries; i++) {
> -		ret = intel_hdcp_auth(conn_to_dig_port(connector), hdcp->shim);
> +		ret = intel_hdcp_auth(connector);
>  		if (!ret) {
>  			hdcp->hdcp_encrypted = true;
>  			return 0;
> @@ -779,12 +794,6 @@ static int _intel_hdcp_enable(struct intel_connector *connector)
>  	return ret;
>  }
>  
> -static inline
> -struct intel_connector *intel_hdcp_to_connector(struct intel_hdcp *hdcp)
> -{
> -	return container_of(hdcp, struct intel_connector, hdcp);
> -}
> -
>  /* Implements Part 3 of the HDCP authorization procedure */
>  static int intel_hdcp_check_link(struct intel_connector *connector)
>  {
> @@ -845,6 +854,12 @@ static int intel_hdcp_check_link(struct intel_connector *connector)
>  	return ret;
>  }
>  
> +static inline
> +struct intel_connector *intel_hdcp_to_connector(struct intel_hdcp *hdcp)
> +{
> +	return container_of(hdcp, struct intel_connector, hdcp);
> +}

Moving intel_hdcp_to_connector around doesn't seem to be necessary?

> +
>  static void intel_hdcp_prop_work(struct work_struct *work)
>  {
>  	struct intel_hdcp *hdcp = container_of(work, struct intel_hdcp,
> @@ -1162,6 +1177,7 @@ static int hdcp2_authentication_key_exchange(struct intel_connector *connector)
>  {
>  	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>  	struct intel_hdcp *hdcp = &connector->hdcp;
> +	struct drm_device *dev = connector->base.dev;
>  	union {
>  		struct hdcp2_ake_init ake_init;
>  		struct hdcp2_ake_send_cert send_cert;
> @@ -1196,6 +1212,12 @@ static int hdcp2_authentication_key_exchange(struct intel_connector *connector)
>  
>  	hdcp->is_repeater = HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]);
>  
> +	if (drm_hdcp_ksvs_revocated(dev,
> +				    msgs.send_cert.cert_rx.receiver_id, 1)) {
> +		DRM_ERROR("Receiver ID is revocated\n");
> +		return -EPERM;
> +	}
> +
>  	/*
>  	 * Here msgs.no_stored_km will hold msgs corresponding to the km
>  	 * stored also.
> @@ -1348,13 +1370,14 @@ int hdcp2_authenticate_repeater_topology(struct intel_connector *connector)
>  {
>  	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>  	struct intel_hdcp *hdcp = &connector->hdcp;
> +	struct drm_device *dev = connector->base.dev;
>  	union {
>  		struct hdcp2_rep_send_receiverid_list recvid_list;
>  		struct hdcp2_rep_send_ack rep_ack;
>  	} msgs;
>  	const struct intel_hdcp_shim *shim = hdcp->shim;
> +	u32 seq_num_v, device_cnt;
>  	u8 *rx_info;
> -	u32 seq_num_v;
>  	int ret;
>  
>  	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_REP_SEND_RECVID_LIST,
> @@ -1379,6 +1402,14 @@ int hdcp2_authenticate_repeater_topology(struct intel_connector *connector)
>  		return -EINVAL;
>  	}
>  
> +	device_cnt = HDCP_2_2_DEV_COUNT_HI(rx_info[0]) << 4 ||
> +			HDCP_2_2_DEV_COUNT_LO(rx_info[1]);
> +	if (drm_hdcp_ksvs_revocated(dev, msgs.recvid_list.receiver_ids,
> +				    device_cnt)) {
> +		DRM_ERROR("Revoked receiver ID(s) is in list\n");
> +		return -EPERM;
> +	}
> +
>  	ret = hdcp2_verify_rep_topology_prepare_ack(connector,
>  						    &msgs.recvid_list,
>  						    &msgs.rep_ack);
> -- 
> 2.19.1

Aside from the nit lgtm, with that hunk removed:

Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

Plus might need to adjust to drm_hdcp_check_ksvs_revoked.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

  reply	other threads:[~2019-04-29  7:28 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-18  8:57 [PATCH v5 00/12] HDCP2.2 Phase II Ramalingam C
2019-04-18  8:57 ` [PATCH v5 01/12] drm: move content protection property to mode_config Ramalingam C
2019-04-23  7:38   ` Daniel Vetter
2019-04-18  8:57 ` [PATCH v5 02/12] drm/i915: debugfs: HDCP2.2 capability read Ramalingam C
2019-04-18  8:57 ` [PATCH v5 03/12] drm: Add Content protection type property Ramalingam C
2019-04-23  7:44   ` Daniel Vetter
2019-04-18  8:57 ` [PATCH v5 04/12] drm/i915: Attach content " Ramalingam C
2019-04-23  8:11   ` Daniel Vetter
2019-04-23 11:17     ` Ramalingam C
2019-04-23 12:10       ` Daniel Vetter
2019-04-18  8:57 ` [PATCH v5 05/12] drm: revocation check at drm subsystem Ramalingam C
2019-04-29  7:26   ` Daniel Vetter
2019-04-29  7:30     ` Daniel Vetter
2019-04-18  8:57 ` [PATCH v5 06/12] drm/i915: SRM revocation check for HDCP1.4 and 2.2 Ramalingam C
2019-04-29  7:28   ` Daniel Vetter [this message]
2019-04-18  8:58 ` [PATCH v5 07/12] drm/hdcp: gathering hdcp related code into drm_hdcp.c Ramalingam C
2019-04-29  7:31   ` Daniel Vetter
2019-04-18  8:58 ` [PATCH v5 08/12] drm: uevent for connector status change Ramalingam C
2019-04-29  7:33   ` Daniel Vetter
2019-04-18  8:58 ` [PATCH v5 09/12] drm/hdcp: update content protection property with uevent Ramalingam C
2019-04-29  7:35   ` Daniel Vetter
2019-04-18  8:58 ` [PATCH v5 10/12] drm/i915: update the hdcp state " Ramalingam C
2019-04-29  7:35   ` Daniel Vetter
2019-04-18  8:58 ` [PATCH v5 11/12] drm: Add CP downstream_info property Ramalingam C
2019-04-29  7:38   ` Daniel Vetter
2019-04-29 14:46     ` Ramalingam C
2019-04-18  8:58 ` [PATCH v5 12/12] drm/i915: Populate downstream info for HDCP Ramalingam C
2019-04-18 10:35 ` ✗ Fi.CI.CHECKPATCH: warning for HDCP2.2 Phase II (rev6) Patchwork
2019-04-18 10:43 ` ✗ Fi.CI.SPARSE: " Patchwork
2019-04-18 11:17 ` ✗ Fi.CI.CHECKPATCH: warning for HDCP2.2 Phase II (rev7) Patchwork
2019-04-18 11:25 ` ✗ Fi.CI.SPARSE: " Patchwork
2019-04-18 11:45 ` ✓ Fi.CI.BAT: success " Patchwork
2019-04-18 13:51 ` ✓ Fi.CI.IGT: " Patchwork

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190429072834.GC3271@phenom.ffwll.local \
    --to=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=gwan-gyeong.mun@intel.com \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=ramalingam.c@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox