Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp2624749rdd; Fri, 12 Jan 2024 16:20:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IHMq74x3BnjhQdRL/3DHBKaJ8B6OkOq0DkE0+HAsaI8GWk5eDMm1D7kMIuePNFjJWup7xs/ X-Received: by 2002:a05:6a00:ac1:b0:6da:cbee:9d9c with SMTP id c1-20020a056a000ac100b006dacbee9d9cmr1680657pfl.29.1705105239580; Fri, 12 Jan 2024 16:20:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705105239; cv=none; d=google.com; s=arc-20160816; b=fDbS9Ob22cRLPPdUULSroE3FD2B1LGtAlnUdFNPXMbannjaVawXZJQQYs5mlb0m9+5 HuUBnfVz8dhTGaz7XQ4MfptJW2LsB/uybO9SqrKBvO0gZDj2UExufYMibV/tpv6stAxZ QSsfbvL/aWmhWWv1oyWr0yNYZ5p/fivWY8AZZtex4xx7CriSlMDreeV3BtpPkf2T1aRB fWN06R+Z9qKJbHW+QLSxhTzLXeTMu8Y1fzYm4PrbT5JuGSzE3TnizlDPPKZDjX4F160T Lz3nK0Di1OQWiSZ3seSNvFzVyTstUZSr8/QfuS1kQXKPJua3J6wOTKy7PkRfIgaSDcuC Z8ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=ZN1rPiXKN7u9zdqvXb7Qif49uja1bfBANswKzoofhOQ=; fh=GtGNKjq7tAMw0RADBI3SuuYRvb1TZFq1ERDfheXz71A=; b=hI5X6hhH647jyQtOYUhEGuZdz3O/0Kl9HwRsTJuuZlt9Y1EyFnTithMQN2scMaZWga SSwLbmBO7VmpDUUcsIkIyIiWEeNI+jEl95eU5HHM10fpUD7U/gyXrvoRXXpDjKy8WZFs frQuzdCTOvQed3qOFRXPP1FZs8KUe3TbIP51gMCAwh6hWA03fkCm2jIgWIUwISPHCFjz vCEIuINSBD1eKkETC/RjJPCHGevRbgefVTkuKi2cv75TJ2nWparI6sxd0KU+c3O/998A hWMx2qSD+N9ySkUiLeh+4B+gDt+4THQMk24dh6S84XTiMuRQ80VjJbba0/hH2TUETlZ4 3Dig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ju3Fmhhm; spf=pass (google.com: domain of linux-kernel+bounces-25124-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25124-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id cp26-20020a056a00349a00b006db09adea84si4367530pfb.334.2024.01.12.16.20.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jan 2024 16:20:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-25124-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ju3Fmhhm; spf=pass (google.com: domain of linux-kernel+bounces-25124-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25124-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8B0562884E7 for ; Sat, 13 Jan 2024 00:13:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DF37E641; Sat, 13 Jan 2024 00:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ju3Fmhhm" Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89702365 for ; Sat, 13 Jan 2024 00:13:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d3fde109f2so22705ad.1 for ; Fri, 12 Jan 2024 16:13:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705104815; x=1705709615; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ZN1rPiXKN7u9zdqvXb7Qif49uja1bfBANswKzoofhOQ=; b=ju3FmhhmsvqjbyQRvI/315OZFWMO4V7jEZr/sGVu0zmgawwT7gQYWZNwEren5w7fm4 l5c42wQXB0pUFs3SZOl36WvcYKisGFqX4RAc0qSDY3ISoh7BmtMlgL4lAEB0xGNszvsW 33WkRHE348XtxHyTwtBRTGhLbLqXTW8gMO7gqrf6HhgBdfN51npExzIBtrqA05eiVGVM dn3dHfzH0zW6HFbtGSMm/n5+SodDwT2k/TYLYZl148+D/9SfFzNvmbgDybLxMuW5e4kS 3zqUr9OZ+rLYfKGaSd9NMwhveATTU0MlgsP4IsLHb2Q4MyTd9279xTnCXojanvapqNDl 0Ryw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705104815; x=1705709615; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZN1rPiXKN7u9zdqvXb7Qif49uja1bfBANswKzoofhOQ=; b=CY49z/rmQ3h/f3zj10+pee84NpwUpCvLOEkquADytEihpkzySnmb73ceAXHCHXWt7y X269pEfcyuqH+LkO1jDFpQuwb63EbyhOWwis1MYE6VolvWMvnF88R3Whu25sd7C2CUoo J2PBtNvdNzuD9YwXpmAXq1CX8lTKvTIWcx16f//vcm6SodRRbZW2FjFx0Zq9PPS7DayW CFtmOnPyAjOdFGiTZKhTxycTMsvGsndA8IJy4h3Oe/ivhjsb7c8e+FwlAlnusSXEIoQs 5S9e6tFIIG4v7BmI/ZxG1O39z/qfU7LGrwZSuffkcfqDVWpfqMyta7p//qMqM6PEWJtX 7kPw== X-Gm-Message-State: AOJu0YzkV36ZsPJDhHWR5lvZU85YxopnEqkeWYHiJBJN1lP62WxI8z0V 5DWBKVHPtZXZq0hUgshCJ9D4+2ZciOPjjCQNj8HxQAv3dd0= X-Received: by 2002:a17:902:ec8a:b0:1d4:c2bd:eff5 with SMTP id x10-20020a170902ec8a00b001d4c2bdeff5mr44003plg.3.1705104814522; Fri, 12 Jan 2024 16:13:34 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240112092014.23999-1-yong.wu@mediatek.com> <20240112092014.23999-4-yong.wu@mediatek.com> In-Reply-To: From: Jeffrey Kardatzke Date: Fri, 12 Jan 2024 16:13:22 -0800 Message-ID: Subject: Re: [PATCH v4 3/7] dma-buf: heaps: restricted_heap: Add private heap ops To: John Stultz Cc: Yong Wu , Rob Herring , Matthias Brugger , christian.koenig@amd.com, Sumit Semwal , Krzysztof Kozlowski , Conor Dooley , Benjamin Gaignard , Brian Starkey , tjmercier@google.com, AngeloGioacchino Del Regno , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Robin Murphy , Vijayanand Jitta , Joakim Bech , Pavel Machek , Simon Ser , Pekka Paalanen , jianjiao.zeng@mediatek.com, kuohong.wang@mediatek.com, youlin.pei@mediatek.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 12, 2024 at 3:51=E2=80=AFPM John Stultz wr= ote: > > On Fri, Jan 12, 2024 at 3:27=E2=80=AFPM Jeffrey Kardatzke wrote: > > On Fri, Jan 12, 2024 at 2:52=E2=80=AFPM John Stultz wrote: > > > On Fri, Jan 12, 2024 at 1:21=E2=80=AFAM Yong Wu wrote: > > > > diff --git a/drivers/dma-buf/heaps/restricted_heap.h b/drivers/dma-= buf/heaps/restricted_heap.h > > > > index 443028f6ba3b..ddeaf9805708 100644 > > > > --- a/drivers/dma-buf/heaps/restricted_heap.h > > > > +++ b/drivers/dma-buf/heaps/restricted_heap.h > > > > @@ -15,6 +15,18 @@ struct restricted_buffer { > > > > > > > > struct restricted_heap { > > > > const char *name; > > > > + > > > > + const struct restricted_heap_ops *ops; > > > > +}; > > > > + > > > > +struct restricted_heap_ops { > > > > + int (*heap_init)(struct restricted_heap *heap); > > > > + > > > > + int (*memory_alloc)(struct restricted_heap *heap, struc= t restricted_buffer *buf); > > > > + void (*memory_free)(struct restricted_heap *heap, struct= restricted_buffer *buf); > > > > + > > > > + int (*memory_restrict)(struct restricted_heap *heap, st= ruct restricted_buffer *buf); > > > > + void (*memory_unrestrict)(struct restricted_heap *heap, = struct restricted_buffer *buf); > > > > }; > > > > > > > > int restricted_heap_add(struct restricted_heap *rstrd_heap); > > > > > > So, I'm a little worried here, because you're basically turning the > > > restricted_heap dma-buf heap driver into a framework itself. > > > Where this patch is creating a subdriver framework. > > > > > > Part of my hesitancy, is you're introducing this under the dma-buf > > > heaps. For things like CMA, that's more of a core subsystem that has > > > multiple users, and exporting cma buffers via dmabuf heaps is just an > > > additional interface. What I like about that is the core kernel has > > > to define the semantics for the memory type and then the dmabuf heap > > > is just exporting that well understood type of buffer. > > > > > > But with these restricted buffers, I'm not sure there's yet a well > > > understood set of semantics nor a central abstraction for that which > > > other drivers use directly. > > > > > > I know part of this effort here is to start to centralize all these > > > vendor specific restricted buffer implementations, which I think is > > > great, but I just worry that in doing it in the dmabuf heap interface= , > > > it is a bit too user-facing. The likelihood of encoding a particular > > > semantic to the singular "restricted_heap" name seems high. > > > > In patch #5 it has the actual driver implementation for the MTK heap > > that includes the heap name of "restricted_mtk_cm", so there shouldn't > > be a heap named "restricted_heap" that's actually getting exposed. The > > Ah, I appreciate that clarification! Indeed, you're right the name is > passed through. Apologies for missing that detail. > > > restricted_heap code is a framework, and not a driver itself. Unless > > I'm missing something in this patchset...but that's the way it's > > *supposed* to be. > > So I guess I'm not sure I understand the benefit of the extra > indirection. What then does the restricted_heap.c logic itself > provide? > The dmabuf heaps framework already provides a way to add heap implementat= ions. So in the v1 patchset, it was done with just a Mediatek specific heap with no framework or abstractions for another vendor to build on top of. The feedback was to make this more generic since Mediatek won't be the only vendor who wants a restricted heap..which is how it ended up here. There was more code in the framework before relating to TEE calls, but then that was moved to the vendor specific code since not all restricted heaps are allocated through a TEE. This was also desirable for the V4L2 pieces since there's going to be a V4L2 flag set when using restricted dma_bufs (and it wants to validate that)....so in order to keep that more generic, there should be a higher level concept of restricted dma_bufs that isn't specific to a single vendor. One other thing that would ideally come out of this is a cleaner way to check that a dma_buf is restricted or not. The current V4L2 patchset just attaches the dma_buf and then checks if the page table is empty....and if so, it's restricted. But now I see there's other feedback indicating attaching a restricted dma_buf shouldn't even be allowed, so we'll need another strategy for detecting them. Ideally there is some function/macro like is_dma_buf_restricted(struct dma_buf*) that can indicate that...but we haven't come up with a good way to do that yet which doesn't involve adding another field to dma_buf or to dma_buf_ops (and if such a thing would be fine, then OK...but I had assumed we would get pushback on modifying either of those structs). > > thanks > -john