Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7919680rdb; Thu, 4 Jan 2024 11:51:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrW2WJvikW1nRVncmszc703gOZTtsPhMpwx2dtl0rHN/8NCArbqJtUgztE9Aaj8E6eqhv/ X-Received: by 2002:a05:6e02:1a8b:b0:35f:79ca:4e34 with SMTP id k11-20020a056e021a8b00b0035f79ca4e34mr1055189ilv.15.1704397878726; Thu, 04 Jan 2024 11:51:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704397878; cv=none; d=google.com; s=arc-20160816; b=dae0Ptg9c6MX0LdIU3dMih4+btANaGgJdMotru1Q7nYi43xHHttP8I3lanbiiT3jHU p0/YF4k7mgdIdy062lOBWTNizmMPXhu5CewZRZFIywkWYA5nvQVET0XgTiEeBYY5BKMg x9U4bNA/TuvukSeMrx93yG104V/JB4LNyQRmS0PvqJ9wt3TW+mIyGATSZTaPeb/ZMkNw QSFrTf40KPw0JT+8jAZSupLwyCrZxLLVyzv2wCClrK5AhR8yxhMQ70sKQJSzxIfEz4N9 C6iKRQw8+7iST5ZK3oLrN9ok8DVPAHI/qffO8ST19x9Qe7FeBT1f4XYE48CfKzjKdWyZ pzQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=R0fBUOM0R/wxHfJNIbk+Hsj3pvgiZjJxtJP8ZKkEMHY=; fh=AUfZU7KiQ5KXgc3bF/SHkorjQyeYZF4YVzxrM/lq+Wc=; b=ZQQzInnaKL2fwgwb8KVQMPGmSB6b8eQH3W9WyeDYh0AWFDsoYZe32sri9RxxC//7Tj WUc4krNE/t75KDJEEW9sLo0lTnJhGGM8qu3K/AMh3PKKcm+6GmThlGGCmTgbysoo9Gl7 +sAHB2d6eTbUT03OR6vnlNLy8qHN+weepHRTE5F+q8MdZBw0X/Oh+E28U4im4e6IbMv+ Wh5Zl6yqhnwV0lQMzrf/nuFJb//OWnDPBuI6v5IEnN6dvruoce1fUSx8LPukHd46ze52 0Fgux54oSNpH/ouEKRu1XBY0oyFb050ZVLJ0hYMItQTquafVKoMMVpgqvaf+DSHQcU0k 6/PA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="MGYS/1x4"; spf=pass (google.com: domain of linux-kernel+bounces-17183-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17183-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id g13-20020a656ccd000000b005ce89d2b942si73030pgw.868.2024.01.04.11.51.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jan 2024 11:51:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-17183-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="MGYS/1x4"; spf=pass (google.com: domain of linux-kernel+bounces-17183-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17183-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 4AF6F285E6D for ; Thu, 4 Jan 2024 19:51:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4AA542C691; Thu, 4 Jan 2024 19:51:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MGYS/1x4" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A88A2C18C for ; Thu, 4 Jan 2024 19:51:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1d42ed4cdc7so30465ad.0 for ; Thu, 04 Jan 2024 11:51:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704397866; x=1705002666; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=R0fBUOM0R/wxHfJNIbk+Hsj3pvgiZjJxtJP8ZKkEMHY=; b=MGYS/1x4JJPq7yd+cbE7eR9v21D80WmjlD7CiAi5TY2En73kG7envC+h42FjiQbzt4 gQG4d/bwJRGHS31yj7keMX252+g+y2fNNYIODN9XftBDxdks5ee3LzYQeSnFpZjlJCvL /+q+BFiq8W8T5Uu0Y5WnuE9wAfepM7VQbZlrbFjt6JUfwT42AtFioUCyi6xwraUrOkQM 1e6e8TLyepfz9aw1+lKcNJzvGd9CrHkSSWRyEHvmN11yNQ/TrW3buIsp/0iXGfoyJcuq gY+gi74YV0evWzq+gC6091kHADzaOVpQAvmqyH1TtV5+tcXknhNjsJKyS0FGlrXGlvfP VJMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704397866; x=1705002666; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R0fBUOM0R/wxHfJNIbk+Hsj3pvgiZjJxtJP8ZKkEMHY=; b=V2PnIxuxGDZA96eQJvS7ciuJj/oloE3ldffvtE4xEKFs6nsxMDbemlPsnUaH6ha+jy tawPJD9bdlS99yEkpQZwUTAdtu98zsVSPAiA9VGU+LfWd2NgZ9j8vl8d8TrLRVpTMUlx 2njMbf/6ZF2DYycu0M/jXcRdgNaFOWtQemF2ODl7jcNGQB1/TvU3H90ceUpWdVDn4umt mcWavmR4fQ6qV67LaNx4RD9QvsJQPRuDjAdCgXyNGyCSZcSGM9sn5ge9+fIWUeDWzMCm an2tDLO2cDccxUYFXSJoIc6WZq9bcYfLbv84+JfVgj8VgK49SLXgOMvRw84drE6nxZ9V pTzw== X-Gm-Message-State: AOJu0YxYUZEe8U3H4bjpXrMFj3OHWR63PP0iKDaQ+Lx2OQWMs/0QIt91 6LGwqTB/9axaNXiPMjuKFQP/piFaYSXCZutvUY9V6SZGbw4= X-Received: by 2002:a17:902:6e01:b0:1d4:4482:83c3 with SMTP id u1-20020a1709026e0100b001d4448283c3mr39053plk.16.1704397866221; Thu, 04 Jan 2024 11:51:06 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231212024607.3681-1-yong.wu@mediatek.com> <20231213110517.6ce36aca@eldfell> <20231213101549.lioqfzjxcvmqxqu3@pop-os.localdomain> <20231213133825.0a329864@eldfell> <20231213132229.q3uxdhtdsxuzw3w6@pop-os.localdomain> <20231213161614.43e5bca8@eldfell> <9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr> In-Reply-To: <9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr> From: Jeffrey Kardatzke Date: Thu, 4 Jan 2024 11:50:54 -0800 Message-ID: Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap To: Simon Ser Cc: Pekka Paalanen , Joakim Bech , Yong Wu , Rob Herring , Sumit Semwal , christian.koenig@amd.com, Matthias Brugger , dri-devel@lists.freedesktop.org, John Stultz , Krzysztof Kozlowski , Benjamin Gaignard , Vijayanand Jitta , Nicolas Dufresne , jianjiao.zeng@mediatek.com, linux-media@vger.kernel.org, devicetree@vger.kernel.org, Conor Dooley , ckoenig.leichtzumerken@gmail.com, linaro-mm-sig@lists.linaro.org, linux-mediatek@lists.infradead.org, tjmercier@google.com, linux-arm-kernel@lists.infradead.org, AngeloGioacchino Del Regno , kuohong.wang@mediatek.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Any feedback from maintainers on what their preference is? I'm fine with 'restricted' as well, but the main reason we chose secure was because of its use in ARM nomenclature and this is more for ARM usage than x86. The main difference with similar buffers on AMD/Intel is that with AMD/Intel the buffers are mappable and readable by the CPU in the kernel. The problem is their contents are encrypted so you get junk back if you do that. On ARM, the buffers are completely inaccessible by the kernel and the memory controller prevents access to them completely from the kernel. There are also other use cases for this where the hypervisor is what is controlling access (second stage in the MMU is providing isolation)....and in that case I do agree that 'secure' would not be the right terminology for those types of buffers. So I do agree something other than 'secure' is probably a better option overall. On Fri, Dec 22, 2023 at 1:40=E2=80=AFAM Simon Ser wro= te: > > On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen wrote: > > > > > It is protected/shielded/fortified from all the kernel and userspac= e, > > > > but a more familiar word to describe that is inaccessible. > > > > "Inaccessible buffer" per se OTOH sounds like a useless concept. > > > > > > > > It is not secure, because it does not involve security in any way. = In > > > > fact, given it's so fragile, I'd classify it as mildly opposite of > > > > secure, as e.g. clients of a Wayland compositor can potentially DoS= the > > > > compositor with it by simply sending such a dmabuf. Or DoS the whol= e > > > > system. > > > > > > I hear what you are saying and DoS is a known problem and attack vect= or, > > > but regardless, we have use cases where we don't want to expose > > > information in the clear and where we also would like to have some > > > guarantees about correctness. That is where various secure elements a= nd > > > more generally security is needed. > > > > > > So, it sounds like we have two things here, the first is the naming a= nd > > > the meaning behind it. I'm pretty sure the people following and > > > contributing to this thread can agree on a name that makes sense. Wou= ld > > > you personally be OK with "restricted" as the name? It sounds like th= at. > > > > I would. I'm also just a by-stander, not a maintainer of kernel > > anything. I have no power to accept nor reject anything here. > > I'd also personally be OK with "restricted", I think it's a lot better > than "secure". > > In general I agree with everything Pekka said.