Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp57571img; Tue, 19 Mar 2019 15:37:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqyrjPr1+1RoLnkQ2friQzTdACJjrXTUzNcD0v2Wk2ko8l3omBTomjHnDh+H/fu2BADdspWs X-Received: by 2002:a62:ab13:: with SMTP id p19mr4238328pff.131.1553035037629; Tue, 19 Mar 2019 15:37:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553035037; cv=none; d=google.com; s=arc-20160816; b=XaH8Soo6Y/PcC9lKuHvKWHMJVL3RDbe4E1dzPktqqJ9CtYZAYDWvdHyGFl94JGwg5r oAz/sXIwfeqB16qEGVWFQ30u6RPd7wxVuzk8gmpIJRJcfvfjzvv2AN3fwu+qyi9hojsC Fz8EgIPK59dY1b1ZzmOiWjUg0H5QQFvThiiYiM2Yg2Tprtd4VB7eDXmfGjzkz4c5Upbq ZHeUGh4cxvuPbSiCPny/myI8QrO35OK7CWugY1yWz9OgEq1NEWJFqZYeCPlvK0YXOrCN eUsaAXxxmxw7kx8gd/KPJVWh7IJyiVqmhp2sxz8+skJAj2Ehac38cGrMeyvtmur0sMSU eKTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=71cG6l5GTA/71CCX4+CFrV/JbL1WCVvp+ptkx8iiESY=; b=qVhhU/yNu1PSLYumKL6cjOmhXcNbim66pfBHB+Hg34q2CamtQgqq5kCQu6wOY2zoST x+1xacLPVZU6fR88M/5Ls+5T0amdWE0p1WnySbUOqtcc9a/EHssYjIDvL0H13V7piQB9 pZXDYHClFBWDRQowq5O9h4cgvNczC79rYlbEyWS/+v0UVdVZRpMxrt3vzE4NOoI1w/uM TmH1DCZvN+PIvDgd0tCgVv0zuJ55gblscce/6DGZhVXENTHJSGCmN0+Df+XXKmwAE4Dv AsZKUeYEIcuuH6MuaAV8ntX2xbDv+4T32YABOAcsVQcR5p8bjj3SwW7yE9FnBtkqHEHD 20Cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uAIGJe8s; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b8si51174pgq.424.2019.03.19.15.37.02; Tue, 19 Mar 2019 15:37:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uAIGJe8s; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727050AbfCSWgV (ORCPT + 99 others); Tue, 19 Mar 2019 18:36:21 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:37468 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725958AbfCSWgV (ORCPT ); Tue, 19 Mar 2019 18:36:21 -0400 Received: by mail-wr1-f66.google.com with SMTP id y15so616525wro.4 for ; Tue, 19 Mar 2019 15:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=71cG6l5GTA/71CCX4+CFrV/JbL1WCVvp+ptkx8iiESY=; b=uAIGJe8sLoeqcv9sisFtcBr49/lpRTY6Xk+STGp5rwQZkWPOC0yYmHq53YIgOxiP4O n/e6QrgxstHYTEmn5+xO3Lo38p8WzlMmVjPThiFhB/EQvCZRwbipxyms9S45iBsdxmpA F7Ad2o5uuk54M9OpjzafQMysr3K9hpAlhsk871TgR/XBwx1OrMZ02tEzsJexIjYyPOhh VoqGrXB/xKhv+gBG8xP6lqxgYJ9rR8oDNKSWrs6QUN3uWR2prebl5fJF+rRPcSH7wSG0 F0eD5kz7w6KUQNF8gsAfFanTHi8e6YiclIJ11SavigAg6J4Ok3IcNnwFjjoVSPrRHkVT SWdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=71cG6l5GTA/71CCX4+CFrV/JbL1WCVvp+ptkx8iiESY=; b=iOYPjyZC6cWTBkwsoFXEV8PsLhYcIFcK+23QtdGf/yVWRVc4cU2O3Q9GIQTX/Hp8aw 9mR6UT0BmM+SQy3jV3zfx882NV/8A75IyYoFDWvmw68doiKc7zvezL1+v+VgTkp5ZhKs UGV/OQl0fh8Fm1zV5hmn+O4gm4Ge0WV7KdUNZhbKrSI95gP3n8qOpuXG5htf+mcGDwoK JF+AzgbVcbTJSPNmFCa+QY+6A4UgpbmBCGR/E84p0mts41EYeftZTfEOWgvMZSAse5iW CrbehpreYBkJsxuGLtW/NE+5DRQUUZ5fuBrkzNufxyQ94bHZO/YAD07IArPHm606zocC gO4w== X-Gm-Message-State: APjAAAUzu/s7TXeosbBe9kjjhMz9ClVGc1Q8xTfj2ZLlgArHIDbd6baM GvKZzpfyOD2VC1ImyRXeGM143zqNE5qt5PecMRSyRg== X-Received: by 2002:adf:c543:: with SMTP id s3mr18154285wrf.192.1553034979529; Tue, 19 Mar 2019 15:36:19 -0700 (PDT) MIME-Version: 1.0 References: <1551819273-640-1-git-send-email-john.stultz@linaro.org> In-Reply-To: From: John Stultz Date: Tue, 19 Mar 2019 15:36:06 -0700 Message-ID: Subject: Re: [RFC][PATCH 0/5 v2] DMA-BUF Heaps (destaging ION) To: Rob Clark Cc: "Andrew F. Davis" , Benjamin Gaignard , Alistair Strachan , Vincent Donnefort , Greg KH , Chenbo Feng , lkml , Liam Mark , Marissa Wall , dri-devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 19, 2019 at 2:58 PM Rob Clark wrote: > > On Tue, Mar 19, 2019 at 1:00 PM Andrew F. Davis wrote: > > > > On 3/19/19 11:54 AM, Benjamin Gaignard wrote: > > > Le mer. 13 mars 2019 =C3=A0 23:31, John Stultz a =C3=A9crit : > > >> > > >> On Wed, Mar 13, 2019 at 1:11 PM Liam Mark wro= te: > > >>> On Tue, 5 Mar 2019, John Stultz wrote: > > >>>> > > >>>> Eventual TODOS: > > >>>> * Reimplement page-pool for system heap (working on this) > > >>>> * Add stats accounting to system/cma heaps > > >>>> * Make the kselftest actually useful > > >>>> * Add other heaps folks see as useful (would love to get > > >>>> some help from actual carveout/chunk users)! > > >>> > > >>> We use a modified carveout heap for certain secure use cases. > > >> > > >> Cool! It would be great to see if you have any concerns about adding > > >> such a secure-carveout heap to this framework. I suspect it would be > > >> fairly similar to how its integrated into ION, but particularly I'd = be > > >> interested in issues around the lack of private flags and other > > >> allocation arguments like alignment. > > >> > > >>> Although there would probably be some benefit in discssing how the = dma-buf > > >>> heap framework may want to support > > >>> secure heaps in the future it is a large topic which I assume you d= on't > > >>> want to tackle now. > > >> > > >> So I suspect others (Benjamin?) would have a more informed opinion o= n > > >> the details, but the intent is to allow secure heap implementations. > > >> I'm not sure what areas of concern you have for this allocation > > >> framework in particular? > > > > > > yes I would be great to understand how you provide the information to > > > tell that a dmabuf > > > is secure (or not) since we can't add flag in dmabuf structure itself= . > > > An option is manage > > > the access rights when a device attach itself to the dmabuf but in > > > this case you need define > > > a list of allowed devices per heap... > > > If you have a good solution for secure heaps you are welcome :-) > > > > > > > Do we really need any of that? A secure buffer is secured by the > > hardware firewalls that keep out certain IP (including often the > > processor running Linux). So the only thing we need to track internally > > is that we should not allow mmap/kmap on the buffer. That can be done i= n > > the per-heap layer, everything else stays the same as a standard > > carveout heap. > > For at least some hw the importing driver needs to configure things > differently for secure buffers :-/ Does the import ioctl need/use a flag for that then? Userland already has to keep meta-data about dmabufs around. thanks -john