Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp2604105rdd; Fri, 12 Jan 2024 15:27:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IHPmTOrb4vQ0shAh9Qp6mqNWZpCpuFyfd+mATvHXbStxotc+BrYQEZJcWOrdisiCn17PXis X-Received: by 2002:a17:907:990a:b0:a2c:9631:fa30 with SMTP id ka10-20020a170907990a00b00a2c9631fa30mr1088352ejc.75.1705102075526; Fri, 12 Jan 2024 15:27:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705102075; cv=none; d=google.com; s=arc-20160816; b=YHKfF3GaShANQtPAB/BvdNvFKppKoIpbpzKxJ0gTrtmYk9qdbcKSWl3Wb6x83Gq+ik vQcY4ZZ3beTzYAXIpJrNZUdVxyedgkZZn3Ac4n++I6ZoAqHQ6PYBj08j8e6qBEENdfta 4N1xz1FnKKzvCm2hri0bzVUsbvURRxVH7VGzBJFmZB6mIL+J8C9bK0op4s5sJF/WJbrU 4jJmLMoLBf9cZ3WuU2N6jc97eAwIKanTeZhR4pZb/UGG+nNQA2OvwOuWFYkWpeR0o8EZ +FDl9umnjMRqCF0OS/MgWAta9MHbkTfjUcINuekZ2VU2v2RDY2VWM1CCtCpzuS0CRxi9 ljjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=OhEbbmE1Z6uLNZgCKtRC6woP3H/Wl1Wl1gQfP+v/DTY=; fh=GtGNKjq7tAMw0RADBI3SuuYRvb1TZFq1ERDfheXz71A=; b=LRTsUTb/LwbhVMPnKg+SPkIjunvlg9B4bWd1zhLw8NGgbeZtqtwdrtw+GDyMYUDFek 0S6SvvIkOuPfTje9m+ZvIwD+4kt0bJF+ZtIyA2D01nMPcNE6KN73d0Ea1nyYvGO+6ZcX wsV8OpZlzR6O4X7nK30yPhTKano3wPUMw0EFZ1h0HjCKO7MPA8vNQT2PB7zdm9rPskZO uoAoGq+BJPHI6u1lZma3uEebeWuskdGAHLfKKyKaFxXs8Rss0liBMwXhkbup2yaphH85 10UMXRUf7fFwwCvd8Nn1bjhnV+IMUJmou7wEpgvo+Dn46Md/BH9Rd2R+W5B0eD2ND4rW qCOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=GpKeeSJk; spf=pass (google.com: domain of linux-kernel+bounces-25102-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25102-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id q19-20020a1709066ad300b00a28e92eafc9si1793560ejs.768.2024.01.12.15.27.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jan 2024 15:27:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-25102-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=GpKeeSJk; spf=pass (google.com: domain of linux-kernel+bounces-25102-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25102-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 1B1561F219F0 for ; Fri, 12 Jan 2024 23:27:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CD37B1A5B5; Fri, 12 Jan 2024 23:27:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GpKeeSJk" Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 741AA19BAF for ; Fri, 12 Jan 2024 23:27:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d47fae33e0so50995ad.0 for ; Fri, 12 Jan 2024 15:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705102060; x=1705706860; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OhEbbmE1Z6uLNZgCKtRC6woP3H/Wl1Wl1gQfP+v/DTY=; b=GpKeeSJkCZabPz//ZzQG3Q9Fj6647KdFkn3BeMu/PqsKY8E3c3OMe4DQEYEmzeCC1T 5e8isa8rvrCAlKh79DGu/xQYsp8zKQ9vcH0H4NniBDKArVKaisIh+Evi4SQpuQukCf1Q PiILjwXv7z36PuKY3q3TnZuOimTq/QKxxuWdjJgiCegnusj2j3PXtkuEGBJkVTp0nWLR r5SMo3C99asJkRJ5Zji0xWUgAWWOd2R6Ca89PUa35krrzu+1/IwP7HwDWV5vni9/YckD J96NI6+J8eTrhid388NlI0WiRNBZ3RpED4lF0VBTMrWrCbLwP1y1FzmLNLfGSBYehjAw /9Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705102060; x=1705706860; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OhEbbmE1Z6uLNZgCKtRC6woP3H/Wl1Wl1gQfP+v/DTY=; b=mH3dU9CicxLDoAjnFD+WUvo8KJKNoGDd2xBvjiXqukJwGp9EFiE1BzOzWXJxX/hAbo 8TEJth9Ncx2isWP+gU3mpd3BuqphdCQWO7LRWy3q+c7Nn20v+W5VuaBUjy3DrgknP3uZ a6GwXCItD+/G76e2qY4WTnE+aL5RA2fFNnM+7VtUAffHMVtwj3IFNOlqBsFhtWUT2/PK ve8HuVSiugbEo+V0uTtCzSgpNIvR/m8NsbDWtOGJV/6xTbr/JoDuWpwv5eD0wmQkhANg /larI1ITJ6y3fgyhKQpPEpU060Q0RD1uDKjB0uNVSUUZoquuuxL5PKmvUod8eROrRrd0 VObw== X-Gm-Message-State: AOJu0YwWqZpSXutCZK4Uvm/FHSscCzaxGP8gg3zE0+lMgAnUl0laoP83 ANMh6ucOhUPYajULA5eJ81AlFb9+nTNpDA9ld+ahOR/59Rw= X-Received: by 2002:a17:903:210d:b0:1d5:a791:ef1b with SMTP id o13-20020a170903210d00b001d5a791ef1bmr203692ple.1.1705102059466; Fri, 12 Jan 2024 15:27:39 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240112092014.23999-1-yong.wu@mediatek.com> <20240112092014.23999-4-yong.wu@mediatek.com> In-Reply-To: From: Jeffrey Kardatzke Date: Fri, 12 Jan 2024 15:27:27 -0800 Message-ID: Subject: Re: [PATCH v4 3/7] dma-buf: heaps: restricted_heap: Add private heap ops To: John Stultz Cc: Yong Wu , Rob Herring , Matthias Brugger , christian.koenig@amd.com, Sumit Semwal , Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , tjmercier@google.com, AngeloGioacchino Del Regno , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Robin Murphy , Vijayanand Jitta , Joakim Bech , Pavel Machek , Simon Ser , Pekka Paalanen , jianjiao.zeng@mediatek.com, kuohong.wang@mediatek.com, youlin.pei@mediatek.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 12, 2024 at 2:52=E2=80=AFPM John Stultz wr= ote: > > On Fri, Jan 12, 2024 at 1:21=E2=80=AFAM Yong Wu wr= ote: > > > > Add "struct restricted_heap_ops". For the restricted memory, totally th= ere > > are two steps: > > a) memory_alloc: Allocate the buffer in kernel; > > b) memory_restrict: Restrict/Protect/Secure that buffer. > > The memory_alloc is mandatory while memory_restrict is optinal since it= may > > be part of memory_alloc. > > > > Signed-off-by: Yong Wu > > --- > > drivers/dma-buf/heaps/restricted_heap.c | 41 ++++++++++++++++++++++++- > > drivers/dma-buf/heaps/restricted_heap.h | 12 ++++++++ > > 2 files changed, 52 insertions(+), 1 deletion(-) > > > > Thanks for sending this out! A thought below. > > > diff --git a/drivers/dma-buf/heaps/restricted_heap.h b/drivers/dma-buf/= heaps/restricted_heap.h > > index 443028f6ba3b..ddeaf9805708 100644 > > --- a/drivers/dma-buf/heaps/restricted_heap.h > > +++ b/drivers/dma-buf/heaps/restricted_heap.h > > @@ -15,6 +15,18 @@ struct restricted_buffer { > > > > struct restricted_heap { > > const char *name; > > + > > + const struct restricted_heap_ops *ops; > > +}; > > + > > +struct restricted_heap_ops { > > + int (*heap_init)(struct restricted_heap *heap); > > + > > + int (*memory_alloc)(struct restricted_heap *heap, struct re= stricted_buffer *buf); > > + void (*memory_free)(struct restricted_heap *heap, struct res= tricted_buffer *buf); > > + > > + int (*memory_restrict)(struct restricted_heap *heap, struct= restricted_buffer *buf); > > + void (*memory_unrestrict)(struct restricted_heap *heap, stru= ct restricted_buffer *buf); > > }; > > > > int restricted_heap_add(struct restricted_heap *rstrd_heap); > > So, I'm a little worried here, because you're basically turning the > restricted_heap dma-buf heap driver into a framework itself. > Where this patch is creating a subdriver framework. > > Part of my hesitancy, is you're introducing this under the dma-buf > heaps. For things like CMA, that's more of a core subsystem that has > multiple users, and exporting cma buffers via dmabuf heaps is just an > additional interface. What I like about that is the core kernel has > to define the semantics for the memory type and then the dmabuf heap > is just exporting that well understood type of buffer. > > But with these restricted buffers, I'm not sure there's yet a well > understood set of semantics nor a central abstraction for that which > other drivers use directly. > > I know part of this effort here is to start to centralize all these > vendor specific restricted buffer implementations, which I think is > great, but I just worry that in doing it in the dmabuf heap interface, > it is a bit too user-facing. The likelihood of encoding a particular > semantic to the singular "restricted_heap" name seems high. In patch #5 it has the actual driver implementation for the MTK heap that includes the heap name of "restricted_mtk_cm", so there shouldn't be a heap named "restricted_heap" that's actually getting exposed. The restricted_heap code is a framework, and not a driver itself. Unless I'm missing something in this patchset...but that's the way it's *supposed* to be. > > Similarly we might run into systems with multiple types of restricted > buffers (imagine a discrete gpu having one type along with TEE > protected buffers also being used on the same system). > > So the one question I have: Why not just have a mediatek specific > restricted_heap dmabuf heap driver? Since there's already been some > talk of slight semantic differences in various restricted buffer > implementations, should we just start with separately named dmabuf > heaps for each? Maybe consolidating to a common name as more drivers > arrive and we gain a better understanding of the variations of > semantics folks are using? > > thanks > -john