From: "Christian König" <christian.koenig@amd.com>
To: Daniel Stone <daniel@fooishbar.org>, Rob Herring <robh@kernel.org>
Cc: Tomeu Vizoso <tomeu@tomeuvizoso.net>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Oded Gabbay <ogabbay@kernel.org>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
Sumit Semwal <sumit.semwal@linaro.org>,
Robin Murphy <robin.murphy@arm.com>,
Steven Price <steven.price@arm.com>,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org
Subject: Re: [PATCH v2 2/2] accel: Add Arm Ethos-U NPU driver
Date: Fri, 15 Aug 2025 13:46:54 +0200 [thread overview]
Message-ID: <b057fb0a-5fe0-4cee-bbba-c4c88521bb86@amd.com> (raw)
In-Reply-To: <CAPj87rN=Hod6GyA72x07yTvxL5X2q4UyUmPg-hyjjFA5KJvYGQ@mail.gmail.com>
On 15.08.25 13:15, Daniel Stone wrote:
> Hi Rob,
>
> On Thu, 14 Aug 2025 at 17:17, Rob Herring <robh@kernel.org> wrote:
>> On Thu, Aug 14, 2025 at 11:51:44AM +0100, Daniel Stone wrote:
>>> This is the main security issue, since it would allow writes a
>>> cmdstream BO which has been created but is not _the_ cmdstream BO for
>>> this job. Fixing that is pretty straightforward, but given that
>>> someone will almost certainly try to add dmabuf support to this
>>> driver, it's also probably worth a comment in the driver flags telling
>>> anyone who tries to add DRIVER_PRIME that they need to disallow export
>>> of cmdbuf BOs.
>>
>> What would be the usecase for exporting BOs here?
>>
>> I suppose if one wants to feed in camera data and we need to do the
>> allocation in the ethos driver since it likely has more constraints
>> (i.e. must be contiguous). (Whatever happened on the universal allocator
>> or constraint solver? I haven't been paying attention for a while...)
>
> Yeah, I guess it's just reasonably natural to allow export if you're
> allowing import as well.
I only partially agree, allowing export only makes sense if you have device memory which is not already covered by DMA-buf heaps.
So if you have special on chip memory which is accessible by for example a PCIe BAR then go ahead and provide an exporter for that.
But if your HW only needs CMA system memory then it is most likely better to use DMA-buf heaps instead and only provide an import functionality.
You can of course directly use the CMA code from your driver as well if you still want to support standard DRM, V4L or accel interfaces.
Regards,
Christian.
>
>> Here's the reworked (but not yet tested) code which I think should solve
>> all of the above issues. There was also an issue with the cleanup path
>> that we wouldn't do a put on the last BO if there was a size error. We
>> just need to set ejob->region_bo[ejob->region_cnt] and increment
>> region_cnt before any checks.
>
> Nice, thanks! That all looks good to me.
>
> Using unchecked add/mul when calculating the sizes also made me raise
> an eyebrow - it might be provably safe but perhaps it's better to use
> all the helpers just to make sure undetected overflow can't occur.
>
> Cheers,
> Daniel
prev parent reply other threads:[~2025-08-15 11:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-11 21:05 [PATCH v2 0/2] accel: Add Arm Ethos-U NPU Rob Herring (Arm)
2025-08-11 21:05 ` [PATCH v2 1/2] dt-bindings: npu: Add Arm Ethos-U65/U85 Rob Herring (Arm)
2025-08-12 7:03 ` Krzysztof Kozlowski
2025-08-11 21:05 ` [PATCH v2 2/2] accel: Add Arm Ethos-U NPU driver Rob Herring (Arm)
2025-08-12 11:01 ` Thomas Zimmermann
2025-08-12 12:56 ` Rob Herring
2025-08-12 13:18 ` Thomas Zimmermann
2025-08-12 12:53 ` Daniel Stone
2025-08-14 10:51 ` Daniel Stone
2025-08-14 16:17 ` Rob Herring
2025-08-15 11:15 ` Daniel Stone
2025-08-15 11:46 ` Christian König [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b057fb0a-5fe0-4cee-bbba-c4c88521bb86@amd.com \
--to=christian.koenig@amd.com \
--cc=airlied@gmail.com \
--cc=conor+dt@kernel.org \
--cc=daniel@fooishbar.org \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=krzk+dt@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=ogabbay@kernel.org \
--cc=robh@kernel.org \
--cc=robin.murphy@arm.com \
--cc=simona@ffwll.ch \
--cc=steven.price@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=tomeu@tomeuvizoso.net \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).