Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5668141ybe; Tue, 17 Sep 2019 11:34:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqxmwpToOxAOMEXaOL88+Tcj4nbSlThfl6zcVUPjCTlf9vzsUvYER+O4n78mgm4O13jlTmVM X-Received: by 2002:a50:d5c5:: with SMTP id g5mr6276966edj.57.1568745241067; Tue, 17 Sep 2019 11:34:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568745241; cv=none; d=google.com; s=arc-20160816; b=DAqjwC6DQTZ4eYEsSrOwEbSrvD9TaATjiTfuUja0rvKFK5rkZ6JS2P/sDwA7uWeErR ZtsAGs4oPK/Qd3qMoq0JScXRZxUYBtzhtc0Fc55RIUD0fbolTPm4+qWITcxpx9d8UijY pOKjnrZfjuJ8LrWAcccUZO2V0H0tUVn2vL0VdhB2Lk8yCQCp6BkYEIQdfe1b25m2b3b9 SaYvpWxAVPsveF2sdOdeDpD8mcEVYc6Qc0WxxIm3RPFp4eA8v4efYHiCQ3MvHSJSYawB rJE1P0wtNmwu8PHJXydJnsgkZaONUPnl1uw+U4S/ofLXV38H2cnanahh85GceSoxCw9w Rd2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:to:from:date; bh=8xzTAJ/Rf1FyYMGGS37SraFclcdhandNtsQwG0wQ+qQ=; b=ao1vSUuHRCIZBD3gS74MoT5YS0QRurW8nXcnOZPeaoI1MpwdDnvDMJUNpM2ahalo98 jCPcsZSUKeuYWzdUvpPnQkAvVUaMYuq3hsPyXAMcEsRuzgnNQkzDgN389oB1zxCrd4dk O2MveDfyvXdg4gl4IhlDpHCAySNFjm/r2JFWsIlbmOjPN7b1a8w7/kswlmyORZYKINf/ Nlz/aw9arfAt5q3cnehGfW3ctti4hV5O6sG8qIo/4f9aktFgrIaeuTwEVwSIZgXYH51T olRcfr8LRI3+sE05nVmVicOaFPdiYqvZLdpY65zqRws1gQbZ7T3c5rBsprkXmTKDrUp3 qqXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u23si1473977ejm.26.2019.09.17.11.33.37; Tue, 17 Sep 2019 11:34:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728739AbfIQQHd (ORCPT + 99 others); Tue, 17 Sep 2019 12:07:33 -0400 Received: from foss.arm.com ([217.140.110.172]:58174 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726953AbfIQQHd (ORCPT ); Tue, 17 Sep 2019 12:07:33 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6A08E28; Tue, 17 Sep 2019 09:07:32 -0700 (PDT) Received: from e110455-lin.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 305873F575; Tue, 17 Sep 2019 09:07:32 -0700 (PDT) Received: by e110455-lin.cambridge.arm.com (Postfix, from userid 1000) id DCFC3682855; Tue, 17 Sep 2019 17:07:30 +0100 (BST) Date: Tue, 17 Sep 2019 17:07:30 +0100 From: Liviu Dudau To: Ayan Halder , Brian Starkey , "maarten.lankhorst@linux.intel.com" , "maxime.ripard@bootlin.com" , "sean@poorly.run" , "airlied@linux.ie" , "dri-devel@lists.freedesktop.org" , "linux-kernel@vger.kernel.org" , nd Subject: Re: [RFC PATCH] drm:- Add a modifier to denote 'protected' framebuffer Message-ID: <20190917160730.hutzlbuqtpmmtdz3@e110455-lin.cambridge.arm.com> References: <20190909134241.23297-1-ayan.halder@arm.com> <20190917125301.GQ3958@phenom.ffwll.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190917125301.GQ3958@phenom.ffwll.local> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 17, 2019 at 02:53:01PM +0200, Daniel Vetter wrote: > On Mon, Sep 09, 2019 at 01:42:53PM +0000, Ayan Halder wrote: > > Add a modifier 'DRM_FORMAT_MOD_ARM_PROTECTED' which denotes that the framebuffer > > is allocated in a protected system memory. > > Essentially, we want to support EGL_EXT_protected_content in our komeda driver. > > > > Signed-off-by: Ayan Kumar Halder > > > > /-- Note to reviewer > > Komeda driver is capable of rendering DRM (Digital Rights Management) protected > > content. The DRM content is stored in a framebuffer allocated in system memory > > (which needs some special hardware signals for access). > > > > Let us ignore how the protected system memory is allocated and for the scope of > > this discussion, we want to figure out the best way possible for the userspace > > to communicate to the drm driver to turn the protected mode on (for accessing the > > framebuffer with the DRM content) or off. > > > > The possible ways by which the userspace could achieve this is via:- > > > > 1. Modifiers :- This looks to me the best way by which the userspace can > > communicate to the kernel to turn the protected mode on for the komeda driver > > as it is going to access one of the protected framebuffers. The only problem is > > that the current modifiers describe the tiling/compression format. However, it > > does not hurt to extend the meaning of modifiers to denote other attributes of > > the framebuffer as well. > > > > The other reason is that on Android, we get an info from Gralloc > > (GRALLOC_USAGE_PROTECTED) which tells us that the buffer is protected. This can > > be used to set up the modifier/s (AddFB2) during framebuffer creation. > > How does this mesh with other modifiers, like AFBC? That's where I see the > issue here. AFBC modifiers are currently under Arm's namespace, the thought behind the DRM modifiers would be to have it as a "generic" modifier. > > > > 2. Framebuffer flags :- As of today, this can be one of the two values > > ie (DRM_MODE_FB_INTERLACED/DRM_MODE_FB_MODIFIERS). Unlike modifiers, the drm > > framebuffer flags are generic to the drm subsystem and ideally we should not > > introduce any driver specific constraint/feature. > > > > 3. Connector property:- I could see the following properties used for DRM > > protected content:- > > DRM_MODE_CONTENT_PROTECTION_DESIRED / ENABLED :- "This property is used by > > userspace to request the kernel protect future content communicated over > > the link". Clearly, we are not concerned with the protection attributes of the > > transmitter. So, we cannot use this property for our case. > > > > 4. DRM plane property:- Again, we want to communicate that the framebuffer(which > > can be attached to any plane) is protected. So introducing a new plane property > > does not help. > > > > 5. DRM crtc property:- For the same reason as above, introducing a new crtc > > property does not help. > > 6. Just track this as part of buffer allocation, i.e. I think it does > matter how you allocate these protected buffers. We could add a "is > protected buffer" flag at the dma_buf level for this. > > So yeah for this stuff here I think we do want the full userspace side, > from allocator to rendering something into this protected buffers (no need > to also have the entire "decode a protected bitstream part" imo, since > that will freak people out). Unfortunately, in my experience, that kills > it for upstream :-/ But also in my experience of looking into this for > other gpu's, we really need to have the full picture here to make sure > we're not screwing this up. Maybe Ayan could've been a bit clearer in his message, but the ask here is for ideas on how userspace "communicates" (stores?) the fact that the buffers are protected to the kernel driver. In our display processor we need to the the hardware that the buffers are protected before it tries to fetch them so that it can 1) enable the additional hardware signaling that sets the protection around the stream; and 2) read the protected buffers in a special mode where there the magic happens. So yeah, we know we do want full userspace support, we're prodding the community on answers on how to best let the kernel side know what userspace has done. Best regards, Liviu > -Daniel > > > > > --/ > > > > --- > > include/uapi/drm/drm_fourcc.h | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/include/uapi/drm/drm_fourcc.h b/include/uapi/drm/drm_fourcc.h > > index 3feeaa3f987a..38e5e81d11fe 100644 > > --- a/include/uapi/drm/drm_fourcc.h > > +++ b/include/uapi/drm/drm_fourcc.h > > @@ -742,6 +742,15 @@ extern "C" { > > */ > > #define AFBC_FORMAT_MOD_BCH (1ULL << 11) > > > > +/* > > + * Protected framebuffer > > + * > > + * The framebuffer is allocated in a protected system memory which can be accessed > > + * via some special hardware signals from the dpu. This is used to support > > + * 'GRALLOC_USAGE_PROTECTED' in our framebuffer for EGL_EXT_protected_content. > > + */ > > +#define DRM_FORMAT_MOD_ARM_PROTECTED fourcc_mod_code(ARM, (1ULL << 55)) > > + > > /* > > * Allwinner tiled modifier > > * > > -- > > 2.23.0 > > > > -- > Daniel Vetter > Software Engineer, Intel Corporation > http://blog.ffwll.ch -- ==================== | I would like to | | fix the world, | | but they're not | | giving me the | \ source code! / --------------- ¯\_(ツ)_/¯