From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
To: "Yunfei Dong" <yunfei.dong@mediatek.com>,
"Jeffrey Kardatzke" <jkardatzke@google.com>,
"Nícolas F . R . A . Prado" <nfraprado@collabora.com>,
"Nathan Hebert" <nhebert@chromium.org>,
"Nicolas Dufresne" <nicolas.dufresne@collabora.com>,
"AngeloGioacchino Del Regno"
<angelogioacchino.delregno@collabora.com>,
"Benjamin Gaignard" <benjamin.gaignard@collabora.com>,
"Sebastian Fricke" <sebastian.fricke@collabora.com>,
"Tomasz Figa" <tfiga@chromium.org>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Marek Szyprowski" <m.szyprowski@samsung.com>
Cc: "Chen-Yu Tsai" <wenst@chromium.org>,
"Yong Wu" <yong.wu@mediatek.com>,
"Hsin-Yi Wang" <hsinyi@chromium.org>,
"Fritz Koenig" <frkoenig@chromium.org>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Steve Cho" <stevecho@chromium.org>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Brian Starkey" <Brian.Starkey@arm.com>,
"John Stultz" <jstultz@google.com>,
"T . J . Mercier" <tjmercier@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Matthias Brugger" <matthias.bgg@gmail.com>,
linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org,
Project_Global_Chrome_Upstream_Group@mediatek.com
Subject: Re: [PATCH v7 02/28] v4l2: handle restricted memory flags in queue setup
Date: Sat, 20 Jul 2024 11:53:38 +0200 [thread overview]
Message-ID: <a6a7a9c8-7406-4e69-a5cf-08cf06c7793d@xs4all.nl> (raw)
In-Reply-To: <20240720071606.27930-3-yunfei.dong@mediatek.com>
On 20/07/2024 09:15, Yunfei Dong wrote:
> From: Jeffrey Kardatzke <jkardatzke@google.com>
>
> Validates the restricted memory flags when setting up a queue and
> ensures the queue has the proper capability.
>
> Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
> Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
> [Yunfei: Change reviewer's comments]
> ---
> .../media/common/videobuf2/videobuf2-core.c | 29 +++++++++++++++++++
> .../media/common/videobuf2/videobuf2-v4l2.c | 4 ++-
> 2 files changed, 32 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c
> index 0217392fcc0d..44080121f37e 100644
> --- a/drivers/media/common/videobuf2/videobuf2-core.c
> +++ b/drivers/media/common/videobuf2/videobuf2-core.c
> @@ -830,6 +830,23 @@ static bool verify_coherency_flags(struct vb2_queue *q, bool non_coherent_mem)
> return true;
> }
>
> +static bool verify_restricted_mem_flags(struct vb2_queue *q, bool restricted_mem)
> +{
> + if (restricted_mem != q->restricted_mem) {
> + dprintk(q, 1, "restricted memory model mismatch\n");
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static inline int restricted_mem_mismatch(bool restricted_mem, struct vb2_queue *q,
> + enum vb2_memory memory)
> +{
> + return restricted_mem && (!q->allow_restricted_mem || memory != VB2_MEMORY_DMABUF) ?
> + -1 : 0;
> +}
> +
> static int vb2_core_allocated_buffers_storage(struct vb2_queue *q)
> {
> if (!q->bufs)
> @@ -863,6 +880,7 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
> unsigned int q_num_bufs = vb2_get_num_buffers(q);
> unsigned plane_sizes[VB2_MAX_PLANES] = { };
> bool non_coherent_mem = flags & V4L2_MEMORY_FLAG_NON_COHERENT;
> + bool restricted_mem = flags & V4L2_MEMORY_FLAG_RESTRICTED;
> unsigned int i, first_index;
> int ret = 0;
>
> @@ -906,6 +924,9 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
> return 0;
> }
>
> + if (restricted_mem_mismatch(restricted_mem, q, memory))
> + return -EINVAL;
> +
> /*
> * Make sure the requested values and current defaults are sane.
> */
> @@ -923,6 +944,7 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
> if (ret)
> return ret;
> set_queue_coherency(q, non_coherent_mem);
> + q->restricted_mem = restricted_mem;
>
> /*
> * Ask the driver how many buffers and planes per buffer it requires.
> @@ -1031,6 +1053,7 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
> unsigned plane_sizes[VB2_MAX_PLANES] = { };
> bool non_coherent_mem = flags & V4L2_MEMORY_FLAG_NON_COHERENT;
> unsigned int q_num_bufs = vb2_get_num_buffers(q);
> + bool restricted_mem = flags & V4L2_MEMORY_FLAG_RESTRICTED;
> bool no_previous_buffers = !q_num_bufs;
> int ret = 0;
>
> @@ -1039,6 +1062,9 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
> return -ENOBUFS;
> }
>
> + if (restricted_mem_mismatch(restricted_mem, q, memory))
> + return -EINVAL;
> +
> if (no_previous_buffers) {
> if (q->waiting_in_dqbuf && *count) {
> dprintk(q, 1, "another dup()ped fd is waiting for a buffer\n");
> @@ -1057,6 +1083,7 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
> return ret;
> q->waiting_for_buffers = !q->is_output;
> set_queue_coherency(q, non_coherent_mem);
> + q->restricted_mem = restricted_mem;
> } else {
> if (q->memory != memory) {
> dprintk(q, 1, "memory model mismatch\n");
> @@ -1064,6 +1091,8 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
> }
> if (!verify_coherency_flags(q, non_coherent_mem))
> return -EINVAL;
> + if (!verify_restricted_mem_flags(q, restricted_mem))
> + return -EINVAL;
> }
>
> num_buffers = min(*count, q->max_num_buffers - q_num_bufs);
> diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c
> index 293f3d5f1c4e..9ee24e537e0c 100644
> --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c
> +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c
> @@ -682,7 +682,7 @@ static void vb2_set_flags_and_caps(struct vb2_queue *q, u32 memory,
> *flags = 0;
Hmm, unless I am mistaken, this clears all flags. So if memory is DMABUF, then
the V4L2_MEMORY_FLAG_RESTRICTED is just overwritten with 0. And that's what will
be passed to vb2_core_reqbufs.
So how can this work? I'm not sure how you can have tested this.
In any case, this function should change and do this instead:
/* Clear all unknown flags. */
*flags &= V4L2_MEMORY_FLAG_NON_COHERENT | V4L2_MEMORY_FLAG_RESTRICTED;
if (!q->allow_cache_hints || memory != V4L2_MEMORY_MMAP)
*flags &= ~V4L2_MEMORY_FLAG_NON_COHERENT;
I considered whether V4L2_MEMORY_FLAG_RESTRICTED should be cleared if memory
wasn't DMABUF, but I don't think that is right: you want to see an error
returned if you try such a combination.
> } else {
> /* Clear all unknown flags. */
> - *flags &= V4L2_MEMORY_FLAG_NON_COHERENT;
> + *flags &= V4L2_MEMORY_FLAG_NON_COHERENT | V4L2_MEMORY_FLAG_RESTRICTED;
> }
>
> *caps |= V4L2_BUF_CAP_SUPPORTS_ORPHANED_BUFS;
> @@ -698,6 +698,8 @@ static void vb2_set_flags_and_caps(struct vb2_queue *q, u32 memory,
> *caps |= V4L2_BUF_CAP_SUPPORTS_MMAP_CACHE_HINTS;
> if (q->supports_requests)
> *caps |= V4L2_BUF_CAP_SUPPORTS_REQUESTS;
> + if (q->allow_restricted_mem && q->io_modes & VB2_DMABUF)
> + *caps |= V4L2_BUF_CAP_SUPPORTS_RESTRICTED_MEM;
> if (max_num_bufs) {
> *max_num_bufs = q->max_num_buffers;
> *caps |= V4L2_BUF_CAP_SUPPORTS_MAX_NUM_BUFFERS;
What appears to be missing in this patch is what happens if you pass unrestricted
memory to a queue that is configured for restricted memory: there does not appear
to be a check for that. Or is that allowed? If so, that should be documented.
And what happens if you pass a dmabuf for restricted memory to a queue that expects
unrestricted memory? You want to get a nice error code for that (EACCES/EPERM, I
never quite know which is the right one for that). That would apply to VIDIOC_QBUF
and VIDIOC_PREPARE_BUF. This assumes you can easily query a dmabuf fd to see whether
it is in restricted memory or not. I'm not sure if that is the case today.
I also think that it would be useful to add a V4L2_BUF_FLAG_RESTRICTED_MEM flag
that vb2 will return to userspace if the queue is configured for restricted memory.
That will indicate to the application that the buffer indeed represents a buffer
in restricted memory.
Regards,
Hans
next prev parent reply other threads:[~2024-07-20 9:54 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-20 7:15 [PATCH v7 00/28] media: mediatek: add driver to support secure video decoder Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 01/28] v4l2: add restricted memory flags Yunfei Dong
2024-07-20 9:13 ` Hans Verkuil
2024-07-20 7:15 ` [PATCH v7 02/28] v4l2: handle restricted memory flags in queue setup Yunfei Dong
2024-07-20 9:20 ` Hans Verkuil
2024-07-20 9:53 ` Hans Verkuil [this message]
2024-07-20 7:15 ` [PATCH v7 03/28] media: videobuf2: calculate restricted memory size Yunfei Dong
2024-07-20 9:29 ` Hans Verkuil
2024-07-20 7:15 ` [PATCH v7 04/28] dma-buf: heaps: Deduplicate docs and adopt common format Yunfei Dong
2024-07-25 11:52 ` Christian König
2024-07-25 18:28 ` T.J. Mercier
2024-07-20 7:15 ` [PATCH v7 05/28] dma-heap: Add proper kref handling on dma-buf heaps Yunfei Dong
2024-07-20 15:13 ` Markus Elfring
2024-07-22 18:06 ` John Stultz
2024-07-22 18:38 ` Markus Elfring
2024-07-20 7:15 ` [PATCH v7 06/28] dma-heap: Provide accessors so that in-kernel drivers can allocate dmabufs from specific heaps Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 07/28] media: mediatek: vcodec: add tee client interface to communiate with optee-os Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 08/28] media: mediatek: vcodec: build decoder OPTEE driver as module Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 09/28] media: mediatek: vcodec: allocate tee share memory Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 10/28] media: mediatek: vcodec: send share memory data to optee Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 11/28] media: mediatek: vcodec: initialize msg and vsi information Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 12/28] media: mediatek: vcodec: add interface to allocate/free secure memory Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 13/28] media: mediatek: vcodec: using shared memory as vsi address Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 14/28] media: mediatek: vcodec: add single allocation format Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 15/28] media: mediatek: vcodec: support " Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 16/28] media: mediatek: vcodec: support single allocation buffer Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 17/28] media: mediatek: vcodec: re-construct h264 driver to support svp mode Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 18/28] media: mediatek: vcodec: remove parse nal_info in kernel Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 19/28] media: mediatek: vcodec: disable wait interrupt for svp mode Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 20/28] media: mediatek: vcodec: support tee decoder Yunfei Dong
2024-07-20 7:15 ` [PATCH v7 21/28] media: mediatek: vcodec: move vdec init interface to setup callback Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 22/28] media: mediatek: vcodec: support hevc svp for mt8188 Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 23/28] media: mediatek: vcodec: support av1 svp decoder " Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 24/28] media: mediatek: vcodec: support vp9 " Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 25/28] media: mediatek: vcodec: remove vsi data from common interface Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 26/28] media: mediatek: vcodec: rename vsi to extend vsi Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 27/28] media: mediatek: vcodec: adding non extend struct Yunfei Dong
2024-07-20 7:16 ` [PATCH v7 28/28] media: mediatek: vcodec: support extend h264 driver Yunfei Dong
2024-11-13 12:20 ` [PATCH v7 00/28] media: mediatek: add driver to support secure video decoder Sebastian Fricke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a6a7a9c8-7406-4e69-a5cf-08cf06c7793d@xs4all.nl \
--to=hverkuil-cisco@xs4all.nl \
--cc=Brian.Starkey@arm.com \
--cc=Project_Global_Chrome_Upstream_Group@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=frkoenig@chromium.org \
--cc=hsinyi@chromium.org \
--cc=jkardatzke@google.com \
--cc=jstultz@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=m.szyprowski@samsung.com \
--cc=matthias.bgg@gmail.com \
--cc=mchehab@kernel.org \
--cc=nfraprado@collabora.com \
--cc=nhebert@chromium.org \
--cc=nicolas.dufresne@collabora.com \
--cc=sebastian.fricke@collabora.com \
--cc=stevecho@chromium.org \
--cc=sumit.semwal@linaro.org \
--cc=tfiga@chromium.org \
--cc=tjmercier@google.com \
--cc=wenst@chromium.org \
--cc=yong.wu@mediatek.com \
--cc=yunfei.dong@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox