From: Yunfei Dong <yunfei.dong@mediatek.com>
To: "Jeffrey Kardatzke" <jkardatzke@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"John Stultz" <jstultz@google.com>,
"Yong Wu" <yong.wu@mediatek.com>,
"Nícolas F . R . A . Prado" <nfraprado@collabora.com>,
"Nicolas Dufresne" <nicolas.dufresne@collabora.com>,
"Hans Verkuil" <hverkuil-cisco@xs4all.nl>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Nathan Hebert" <nhebert@chromium.org>
Cc: Chen-Yu Tsai <wenst@chromium.org>,
Hsin-Yi Wang <hsinyi@chromium.org>,
Fritz Koenig <frkoenig@chromium.org>,
Daniel Vetter <daniel@ffwll.ch>,
Steve Cho <stevecho@chromium.org>,
Yunfei Dong <yunfei.dong@mediatek.com>,
<linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<Project_Global_Chrome_Upstream_Group@mediatek.com>
Subject: [PATCH v2,03/21] v4l2: verify secure dmabufs are used in secure queue
Date: Mon, 6 Nov 2023 20:04:05 +0800 [thread overview]
Message-ID: <20231106120423.23364-4-yunfei.dong@mediatek.com> (raw)
In-Reply-To: <20231106120423.23364-1-yunfei.dong@mediatek.com>
From: Jeffrey Kardatzke <jkardatzke@google.com>
Verfies in the dmabuf implementations that if the secure memory flag is
set for a queue that the dmabuf submitted to the queue is unmappable.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++
drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index 3d4fd4ef5310..ad58ef8dc231 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
/* checking if dmabuf is big enough to store contiguous chunk */
contig_size = vb2_dc_get_contiguous_size(sgt);
if (contig_size < buf->size) {
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
index 28f3fdfe23a2..55428c73c380 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
@@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv)
return -EINVAL;
}
+ /* verify the dmabuf is secure if we are in secure mode */
+ if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) {
+ pr_err("secure queue requires secure dma_buf");
+ return -EINVAL;
+ }
+
buf->dma_sgt = sgt;
buf->vaddr = NULL;
--
2.18.0
next prev parent reply other threads:[~2023-11-06 12:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 12:04 [PATCH v2,00/21] add driver to support secure video decoder Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,01/21] v4l2: add secure memory flags Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,02/21] v4l2: handle secure memory flags in queue setup Yunfei Dong
2023-11-06 12:04 ` Yunfei Dong [this message]
2023-11-06 12:04 ` [PATCH v2,04/21] v4l: add documentation for secure memory flag Yunfei Dong
2023-11-11 19:06 ` Pavel Machek
2023-11-13 18:04 ` Jeffrey Kardatzke
2023-11-06 12:04 ` [PATCH v2,05/21] dma-buf: heaps: Deduplicate docs and adopt common format Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,06/21] dma-heap: Add proper kref handling on dma-buf heaps Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,07/21] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific heaps Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,08/21] media: mediatek: vcodec: add tee client interface to communiate with optee-os Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,09/21] media: mediatek: vcodec: allocate tee share memory Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,10/21] media: mediatek: vcodec: send share memory data to optee Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,11/21] media: mediatek: vcodec: initialize msg and vsi information Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,12/21] media: mediatek: vcodec: add interface to allocate/free secure memory Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,13/21] media: mediatek: vcodec: using shared memory as vsi address Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,14/21] media: mediatek: vcodec: Add capture format to support one plane memory Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,15/21] media: mediatek: vcodec: Add one plane format Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,16/21] media: medkatek: vcodec: support one plane capture buffer Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,17/21] media: medkatek: vcodec: re-construct h264 driver to support svp mode Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,18/21] media: medkatek: vcodec: remove parse nal_info in kernel Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,19/21] media: medkatek: vcodec: disable wait interrupt for svp mode Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,20/21] media: medkatek: vcodec: support tee decoder Yunfei Dong
2023-11-06 12:04 ` [PATCH v2,21/21] media: mediatek: vcodec: move vdec init interface to setup callback Yunfei Dong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231106120423.23364-4-yunfei.dong@mediatek.com \
--to=yunfei.dong@mediatek.com \
--cc=Project_Global_Chrome_Upstream_Group@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=daniel@ffwll.ch \
--cc=devicetree@vger.kernel.org \
--cc=frkoenig@chromium.org \
--cc=hsinyi@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=jkardatzke@google.com \
--cc=jstultz@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=nfraprado@collabora.com \
--cc=nhebert@chromium.org \
--cc=nicolas.dufresne@collabora.com \
--cc=stevecho@chromium.org \
--cc=tjmercier@google.com \
--cc=wenst@chromium.org \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).