Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp708655img; Wed, 20 Mar 2019 09:12:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqyEi+VfbsFBgqgCAsNz81A5tTIBw0P8XqNXZ28+67uPAUQKLZZWs06EcN3pb65x+XYq90Zb X-Received: by 2002:a63:1f61:: with SMTP id q33mr8197115pgm.325.1553098370010; Wed, 20 Mar 2019 09:12:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553098370; cv=none; d=google.com; s=arc-20160816; b=SETbHSdhsUl0197s25YI5LaQBB7fsu0654JDx9Y+wIpRonIJvD0S5aBa8ZiIfc/vs8 MEK8Wl+W8rW67AFpOCi53ykTWRJVo02nnHk0XBX+UG1MEgB+qqmOmOOUsorSLhtNolUn ox37iLAq1VgNPp9gzyG8pRWWt9Qtv1QhLLUnLnI+dEndWxmaJUd/hEW8fIJ7zTYqrzBc TzszGTB5blCPFlvuM6iebxlbW/VOaK0zwRFQBncJJ7y1z0ocn8/g4W9vKCtCjiTeTOXK 5dZzFelQEDmIfprnzPhHdjZc3O80PFgTH4Is44ABG5xIqidBXK7lPBUpyjdRMpO1W0dY 83MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=PdN8bZNJMWdZ4Zi7pWsi2wFU/QM5+o2MrnWrqwYPdW4=; b=VlSop/T8DNoPhlpEVtZqjbskwa4PrlmWhGolpDLGcgvt/q4XMQuSLm/yq8JIV2ohJj UNKV7+zHc4Wn+jLaYlDEDrhHy2nRrOQYnvu7MC+MXUltMj5cBuclCk1Q4M07Bena+Rhi diGVnVfFUgkBN06xbASrUhslK9YkNN1Kc20SG1ZH/mcnhx0Er3ljcLCP8lZDGwDTcOo2 O4gfE7emK37L5X1QLJg3Y1rReISy7Ilxg4zlpE4tus1H2s8XnXPERhsO/O8wCXiUNaPt fw7m4CDRQs60MYFsvkOSy18c2ttAcwCRVCyWJTYH9U6uDSYhvBhjdkdqIOceM+xGk3b3 /hMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LmuJS4dQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b9si2133460plz.207.2019.03.20.09.12.33; Wed, 20 Mar 2019 09:12:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LmuJS4dQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726803AbfCTQLp (ORCPT + 99 others); Wed, 20 Mar 2019 12:11:45 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:37568 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726366AbfCTQLo (ORCPT ); Wed, 20 Mar 2019 12:11:44 -0400 Received: by mail-wm1-f68.google.com with SMTP id v14so12236618wmf.2 for ; Wed, 20 Mar 2019 09:11:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=PdN8bZNJMWdZ4Zi7pWsi2wFU/QM5+o2MrnWrqwYPdW4=; b=LmuJS4dQCG9Dt5f6sbosls3tYtFPHtCcWa8S4C7jctPZZYJFT5z6VMC5enCEyD5ap6 xsZ7aM39Z4cWXXk94Mm1+FgwC+IxecgE+8AbEmhyxake/iLPvR0qqiZdyk1OOkAxxTxM nc/k+4DRDvsrSgD76P/WrbEE3Q4OLz9FrWT2e7g1cy/gFiazYkMxhJPCC4/BoyTaMN1p mEiBcrUec5i0QY7LESQnW3+iWJhSrTUIXxk09H13c9TMSr/8U3IH6EvQIQWTZ92u0gFD hcKhXlCC9MNXQiUbIhOq1f5vjZg9oaoh4K875NwNNNufrOeXf302Q2e2KXcZW1F4OJce Kxdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=PdN8bZNJMWdZ4Zi7pWsi2wFU/QM5+o2MrnWrqwYPdW4=; b=AhNR5jtRerEzsPhbu3gh5dIlmbuB95S6JV189Nh5cfCe87/DBbXl2VbYzuRCpAOzk3 qV5vvj2bbJbR1w48Ydi6M/uZhlwzQoGxqsOLuO6CGJrZgrY+uEGXrYs1+HODx+/ntbwr Hb01a9sy/93u5wjyGg2T7BLqylUL0J3ej3S6nK/9gxZDvZIO9G6bkxKLHfqS+kTgwH2C lEWBCSxvEe+DsOIFKW3Qz6oXs/Hh5LmS33Yxa/khCH42BYipuzX+PKM9yZbpI+g5P3GX BxbetPgavb0zEVOAqzuBY8H6RuvxGzkz5Pvhu/4g6suXBEBnYaTTk4viwg5F0RDixH5v 9Y9w== X-Gm-Message-State: APjAAAW+OuWulFfN5fpXHcmPi5fUr6tS5JfM2a+MNRqcuBbEQQxyJBR6 xhurklaOPaWMlAwuI9Es/E6VEm2hG0qb0jd5/Beraw== X-Received: by 2002:a1c:4e19:: with SMTP id g25mr9328232wmh.9.1553098302879; Wed, 20 Mar 2019 09:11:42 -0700 (PDT) MIME-Version: 1.0 References: <1551819273-640-1-git-send-email-john.stultz@linaro.org> In-Reply-To: From: John Stultz Date: Wed, 20 Mar 2019 09:11:31 -0700 Message-ID: Subject: Re: [RFC][PATCH 0/5 v2] DMA-BUF Heaps (destaging ION) To: Benjamin Gaignard Cc: Rob Clark , "Andrew F. Davis" , Alistair Strachan , Vincent Donnefort , Greg KH , Chenbo Feng , lkml , Liam Mark , Marissa Wall , dri-devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 20, 2019 at 2:16 AM Benjamin Gaignard wrote: > Le mar. 19 mars 2019 =C3=A0 23:36, John Stultz a= =C3=A9crit : > > On Tue, Mar 19, 2019 at 2:58 PM Rob Clark wrote: > > > For at least some hw the importing driver needs to configure things > > > differently for secure buffers :-/ > > > > Does the import ioctl need/use a flag for that then? Userland already > > has to keep meta-data about dmabufs around. > > To secure a buffer you need to know who is allowed to write/read it and > hardware block involved in the dataflow may need to know that the buffer > is secure to configure themself. > As example for a video decoding you allow hw video decoder to read in > a buffer and display to read it. You can also allow cpu to write on the b= uffer > to add subtitles. For that we need to be able to mmap/kmap the buffer. > Using a carveout heap for secure buffer mean that you reserved a large > memory region only for this purpose, that isn't possible on embedded devi= ce > where we are always limited in memory so we use CMA. > In the past I have used dmabuf's attach function to know who write into > the buffer and then configure who will be able to read it. It was working= well > but the issue was how to in generic way this behavior. Given the complexity of the configuration needed when allocating the buffer, instead of trying to make a generic secure buffer allocator, would having per-usege heaps make sense? It just feels there are so many specifics to the secure buffer setup and configuration that maybe there can't be a generic configuration interface. So instead maybe we let the heap implementations provide set usage configs? This doesn't necessarily require that you have separate pools of memory (they can share the same backing store), but by having multiple per-config heap devices, maybe this could avoid trying to fit all the options into one interface? On the import side, I'm not sure how much the importing device needs to know about the specific rules here (out side of "secure buffer" or not), so maybe that's another catch. thanks -john