Re: [PATCH v2] drm: omapdrm: Export correct scatterlist for TILER backed BOs

Linux on ARM based TI OMAP SoCs
 help / color / mirror / Atom feed

From: Matthijs van Duin <matthijsvanduin@gmail.com>
To: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Cc: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>,
	airlied@linux.ie, daniel@ffwll.ch, linux-kernel@vger.kernel.org,
	linux-omap@vger.kernel.org,
	Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Subject: Re: [PATCH v2] drm: omapdrm: Export correct scatterlist for TILER backed BOs
Date: Mon, 15 Nov 2021 10:23:08 +0100	[thread overview]
Message-ID: <YZIm/GiRWv0nPN5b@chinchilla> (raw)
In-Reply-To: <36598203-eced-131d-85ef-f4940872e751@ideasonboard.com>

On Mon, Nov 15, 2021 at 10:42:41AM +0200, Tomi Valkeinen wrote:
> A BO's memory via the TILER memory is
> contiguous, although with consistent gaps of
> memory that should not be accessed.

But pretending that these "gaps" are part of the buffer is a security
vulnerability, since that memory which "should not be accessed" may
belong to different security contexts, and exporting the entire
contiguous region covering the buffer allows untrusted contexts (e.g.
userspace) to access this memory.

> IPs that might use TILER
> backed BOs only support contiguous memory.
> 
> This means that the drivers for such IPs cannot
> use the BOs exported like you do in this patch.
> I believe the drivers could be improved by
> writing a helper function which studies the
> sg_table and concludes that it's actually
> contiguous.

That indeed sounds like the proper solution for such importers, rather
than making the exporter lie about the buffer bounds to work around
limitations of these importers.

> Did you look at the userspace mmap of TILER
> buffers? I wonder if that goes correctly or not.
> Isn't memory to userspace mapped per page, and
> lengths of the TILER lines are not page aligned?

Mapping to userspace uses an ugly hack whereby small slabs of the
buffer (4096x64 (8bpp), 2048x32 (16bpp), or 1024x32 (32bpp) pixels) are
dynamically mapped to dedicated page-aligned regions of the TILER
virtual space.  For each of the three bitdepths only two such slabs can
be mapped into userspace at any given time (on the entire system), so
using this mechanism to render graphics from userspace can easily cause
hundreds if not thousands of page faults per second.

The alternative (used e.g. in the pyra kernel) is to force all TILER
buffers to be page-aligned, at the cost of wasting some TILER space.
This will presumably also be necessary to allow SGX to import these
buffers since its MMU can obviously also not map data which is not
page-aligned, same for any other importer which uses an MMU to enforce
memory security (rather than being trusted to simply refrain from
accessing data outside the declared bounds).

Ideally such page-alignment should only be applied to buffers which are
intended to be consumed by importers which require this, though it's not
clear how that might be accomplished.

-- 
Matthijs van Duin

next prev parent reply	other threads:[~2021-11-15  9:24 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-13  9:40 [PATCH] drm: omapdrm: Export correct scatterlist for TILER backed BOs Ivaylo Dimitrov
2021-11-13  9:45 ` Ivaylo Dimitrov
2021-11-13  9:53 ` [PATCH v2] " Ivaylo Dimitrov
2021-11-15  8:42   ` Tomi Valkeinen
2021-11-15  9:23     ` Matthijs van Duin [this message]
2021-11-15 10:37       ` Tomi Valkeinen
2021-11-15 14:05         ` Ivaylo Dimitrov
2021-11-15 13:55     ` Ivaylo Dimitrov
2021-11-15 15:37       ` Tomi Valkeinen
2021-11-15 17:15         ` Ivaylo Dimitrov
2021-11-16  6:42           ` Tomi Valkeinen
2021-11-16  8:27             ` Ivaylo Dimitrov
2021-11-16 10:20               ` Tomi Valkeinen
2021-11-16 11:12                 ` Ivaylo Dimitrov
2021-11-16 16:10                   ` Ivaylo Dimitrov
2021-11-19  6:42                 ` Ivaylo Dimitrov
2021-11-19  8:06                   ` [PATCH v3] " Ivaylo Dimitrov
2021-11-25  8:17                     ` Ivaylo Dimitrov
2021-12-02  9:13                     ` Tomi Valkeinen
2021-11-15 18:45     ` Ivaylo Dimitrov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YZIm/GiRWv0nPN5b@chinchilla \
    --to=matthijsvanduin@gmail.com \
    --cc=airlied@linux.ie \
    --cc=daniel@ffwll.ch \
    --cc=ivo.g.dimitrov.75@gmail.com \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-omap@vger.kernel.org \
    --cc=tomi.valkeinen@ideasonboard.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox