Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp3252334lqo;
        Wed, 15 May 2024 04:32:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCW5UIh194WNogU62a8aIoWx1oBt6q/e9HZ0fE80DgqlrNYA+KMO3gdtN9p1LlaeEq+5Cz4UD8476rTwKISWqdJR/1p7wZ25GxJYrZ3jaw==
X-Google-Smtp-Source: AGHT+IGAj+662CD/70GYWhmbuovcJmEpA5zgjX9L6Koi8saBOD9ZvLtzgl5/RyBLvoQQ4eA2Itdk
X-Received: by 2002:a17:906:370f:b0:a59:a83b:d438 with SMTP id a640c23a62f3a-a5a2d5c89a3mr949941066b.23.1715772774912;
        Wed, 15 May 2024 04:32:54 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715772774; cv=pass;
        d=google.com; s=arc-20160816;
        b=xpjJ9q6iyxmYPqViVNyNF54ygh4gtFxWGd+7r/7E55G4Ltwvfp3xJngXx0EXdlxpYQ
         FtYZT69X6iSwopTCdGo/C9Uexf62z4KoVyC3GfiVU7YJOzd5Mq4Ia5Eg1BOwCt5Q2qp4
         KoCiiZ1+cdINxYE1lJF5Y7/ovh5S4RIckP6LvFV1vEfg/ZPRRGpRP9zVgXzpOXnYtqmw
         RPOoUwGwBYL9Pi8OwICewp+ZLcCPHo7EUSjt4ZAsQWmO2lpaIl2YCrSfsOSVGbI89XIU
         ng9DfabpPBwSNZi4V1OAO+R5O5Qub70e6YZ1SxNhFCixn7R+lnXothX6QqgBxuDDIRcv
         X2uw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=IlFXmyf7lVuAjWzk0JCH44oxrlsC9DRFLFXea4JmH2Y=;
        fh=YgqeOZ7tRVNjewMoWo9dcarroxa8sxvYpeoMwBA4oU0=;
        b=BeyNJ6zFcmwqju9lGGeEHRNr7+P2SSQuDp+92oQ0LKJHAj1aZCyRgpLaKuVzhHl8i5
         XK/TUODz5IBT1O/BNz3JSs2k9zQGj0VSC5sN8a890TBeMbRFu/UKFVbJkdrTs8yIW3iD
         H2j0tiJrbosxiBEG7EctnLymVFdwT963Wa2TcOq6qUlBHMhkESUs89DlUhkCSHnyshE0
         Qix8AbtO7EWaH/qeo2+OnatC/DcdE6mz1s7Yg9fGVjc/qdDAok6H2XHmopmSo31BUDaJ
         99HEXOJiLU4rKkj8M8oT+k3Zlapqh6fWCLGfp3jP9SC+7t2BH9vq70UuFZa2U8dsVqNL
         Qgtg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@mediatek.com header.s=dk header.b=Usr0NgOc;
       arc=pass (i=1 spf=pass spfdomain=mediatek.com dkim=pass dkdomain=mediatek.com dmarc=pass fromdomain=mediatek.com);
       spf=pass (google.com: domain of linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com
Return-Path: <linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id a640c23a62f3a-a5a17bfc5b5si716941866b.864.2024.05.15.04.32.54
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 May 2024 04:32:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mediatek.com header.s=dk header.b=Usr0NgOc;
       arc=pass (i=1 spf=pass spfdomain=mediatek.com dkim=pass dkdomain=mediatek.com dmarc=pass fromdomain=mediatek.com);
       spf=pass (google.com: domain of linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179801-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 9E18A1F24E6A
	for <linux.lists.archive@gmail.com>; Wed, 15 May 2024 11:23:35 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id E67946F073;
	Wed, 15 May 2024 11:23:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="Usr0NgOc"
Received: from mailgw02.mediatek.com (unknown [210.61.82.184])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72CBC6E619;
	Wed, 15 May 2024 11:23:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=210.61.82.184
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715772206; cv=none; b=eFECFNZw9bmWAkJyzvm6F1YJHAYENtfwrha9fEEuuCvNtZDs5wqOExTLU+/CPvYmiKIxXvFaYczMSHLtwNkt5VglQjXGKTby6tDb5z+T32XTDBxz3KuVgn+d9dfXFJmyqjUZsrwLwHS41TH9s5ACCZSxnWLyvAPkvgZFbblEqps=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715772206; c=relaxed/simple;
	bh=7ORzQtAFr11r4ubkYiSaSMpDtoKGfzg0LgBNAuYdqP0=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=b63ZxJ2mzBPRxPC+i3IZsrr3jrWjOnll3kTQV/U64QMdYFMScDFmkzZoyY3XAJTPdWbFoFs4Yx3JD+SSlI/OHSAgzvgZnzD3XC6GPbFtNbK84EegFQLCn5bPOr5saNxt9QkxxE8NNM8L2PCKepw5CuX4yOnD/wJpihcm+ZTw+pM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mediatek.com; spf=pass smtp.mailfrom=mediatek.com; dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b=Usr0NgOc; arc=none smtp.client-ip=210.61.82.184
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mediatek.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mediatek.com
X-UUID: 8718d35e12ad11ef8065b7b53f7091ad-20240515
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk;
	h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=IlFXmyf7lVuAjWzk0JCH44oxrlsC9DRFLFXea4JmH2Y=;
	b=Usr0NgOczddiJK1x0K+10CYnoxvbzY424Ra4VX6J7gFId6STXdZYuMMn4ZrjRbRlqmFkJj7FqHqkp5g5Wt9Tgr2zqGvg6ASJxAwdrV8tOfbJHUN7IajBhpPNCMepv95O7weSioKHkcjk0KHtE1vGBRpJ7zlvoyEAHaSayWtLxQI=;
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.38,REQID:0eed5309-2624-4509-9591-a6f83ccca5f2,IP:0,U
	RL:0,TC:0,Content:-25,EDM:-25,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACT
	ION:release,TS:-50
X-CID-META: VersionHash:82c5f88,CLOUDID:50c71ffc-ed05-4274-9204-014369d201e8,B
	ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:1|19,IP:nil
	,URL:1,File:nil,RT:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:
	1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0
X-CID-BVR: 0
X-CID-BAS: 0,_,0,_
X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_ULS
X-UUID: 8718d35e12ad11ef8065b7b53f7091ad-20240515
Received: from mtkmbs14n1.mediatek.inc [(172.21.101.75)] by mailgw02.mediatek.com
	(envelope-from <yong.wu@mediatek.com>)
	(Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256)
	with ESMTP id 1604216258; Wed, 15 May 2024 19:23:17 +0800
Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by
 mtkmbs11n1.mediatek.inc (172.21.101.185) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.26; Wed, 15 May 2024 19:23:16 +0800
Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by
 mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
 15.2.1118.26 via Frontend Transport; Wed, 15 May 2024 19:23:14 +0800
From: Yong Wu <yong.wu@mediatek.com>
To: Rob Herring <robh+dt@kernel.org>, Matthias Brugger
	<matthias.bgg@gmail.com>, <christian.koenig@amd.com>, Sumit Semwal
	<sumit.semwal@linaro.org>, Andrew Morton <akpm@linux-foundation.org>
CC: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>, Conor Dooley
	<conor+dt@kernel.org>, Benjamin Gaignard <benjamin.gaignard@collabora.com>,
	Brian Starkey <Brian.Starkey@arm.com>, John Stultz <jstultz@google.com>,
	<tjmercier@google.com>, AngeloGioacchino Del Regno
	<angelogioacchino.delregno@collabora.com>, Yong Wu <yong.wu@mediatek.com>,
	<devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<linux-media@vger.kernel.org>, <dri-devel@lists.freedesktop.org>,
	<linaro-mm-sig@lists.linaro.org>, <linux-arm-kernel@lists.infradead.org>,
	<linux-mediatek@lists.infradead.org>, Robin Murphy <robin.murphy@arm.com>,
	Vijayanand Jitta <quic_vjitta@quicinc.com>, Joakim Bech
	<joakim.bech@linaro.org>, Jeffrey Kardatzke <jkardatzke@google.com>, Pavel
 Machek <pavel@ucw.cz>, Simon Ser <contact@emersion.fr>, Pekka Paalanen
	<ppaalanen@gmail.com>, <willy@infradead.org>, Logan Gunthorpe
	<logang@deltatee.com>, Daniel Vetter <daniel@ffwll.ch>,
	<jianjiao.zeng@mediatek.com>, <kuohong.wang@mediatek.com>,
	<youlin.pei@mediatek.com>
Subject: [PATCH v5 0/9] dma-buf: heaps: Add restricted heap
Date: Wed, 15 May 2024 19:22:59 +0800
Message-ID: <20240515112308.10171-1-yong.wu@mediatek.com>
X-Mailer: git-send-email 2.25.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MTK: N

The purpose of this patchset is for MediaTek secure video playback, and
also to enable other potential uses of this in the future. The 'restricted
dma-heap' will be used to allocate dma_buf objects that reference memory
in the secure world that is inaccessible/unmappable by the non-secure
(i.e. kernel/userspace) world.  That memory will be used by the secure/
trusted world to store secure information (i.e. decrypted media content).
The dma_bufs allocated from the kernel will be passed to V4L2 for video
decoding (as input and output). They will also be used by the drm
system for rendering of the content.

This patchset adds two MediaTek restricted heaps and they will be used in
v4l2[1] and drm[2].
1) restricted_mtk_cm: secure chunk memory for MediaTek SVP (Secure Video
   Path). The buffer is reserved for the secure world after bootup and it
   is used for vcodec's ES/working buffer;
2) restricted_mtk_cma: secure CMA memory for MediaTek SVP. This buffer is
   dynamically reserved for the secure world and will be got when we start
   playing secure videos. Once the security video playing is complete, the
   CMA will be released. This heap is used for the vcodec's frame buffer. 

[1] https://lore.kernel.org/linux-mediatek/20240412090851.24999-1-yunfei.dong@mediatek.com/
[2] https://lore.kernel.org/linux-mediatek/20240403102701.369-1-shawn.sung@mediatek.com/

Change note:
v5: 1) Reconstruct TEE commands to allow the kernel to obtain the PA of the
     TEE buffer to initialize a valid sg table.
    2) Previously, PA was hidden from the kernel. Then the kernel checks if
     this is restricted buffer by "if (sg_page(sg) == NULL)".
     In this version, we will add a new explicit interface
     (sg_dma_is_restricted) for users to determine whether this is a
     restricted buffer.
    3) some words improve, like using "rheap".
    Rebase on v6.9-rc7.

v4: https://lore.kernel.org/linux-mediatek/20240112092014.23999-1-yong.wu@mediatek.com/
    1) Rename the heap name from "secure" to "restricted". suggested from
     Simon/Pekka. There are still several "secure" string in MTK file
     since we use ARM platform in which we call this "secure world"/
     "secure command".

v3: https://lore.kernel.org/linux-mediatek/20231212024607.3681-1-yong.wu@mediatek.com/
    1) Separate the secure heap to a common file(secure_heap.c) and mtk
     special file (secure_heap_mtk.c),  and put all the tee related code
     into our special file.
    2) About dt-binding, Add "mediatek," prefix since this is Mediatek TEE
     firmware definition.
    3) Remove the normal CMA heap which is a draft for qcom.
    Rebase on v6.7-rc1.

v2: https://lore.kernel.org/linux-mediatek/20231111111559.8218-1-yong.wu@mediatek.com/
    1) Move John's patches into the vcodec patchset since they use the new
       dma heap interface directly.
       https://lore.kernel.org/linux-mediatek/20231106120423.23364-1-yunfei.dong@mediatek.com/
    2) Reword the dt-binding description.
    3) Rename the heap name from mtk_svp to secure_mtk_cm.
       This means the current vcodec/DRM upstream code doesn't match this.
    4) Add a normal CMA heap. currently it should be a draft version.
    5) Regarding the UUID, I still use hard code, but put it in a private
    data which allow the others could set their own UUID. What's more, UUID
    is necessary for the session with TEE. If we don't have it, we can't
    communicate with the TEE, including the get_uuid interface, which tries
    to make uuid more generic, not working. If there is other way to make
    UUID more general, please free to tell me.
    
v1: https://lore.kernel.org/linux-mediatek/20230911023038.30649-1-yong.wu@mediatek.com/
    Base on v6.6-rc1.

Yong Wu (9):
  dt-bindings: reserved-memory: Add mediatek,dynamic-restricted-region
  scatterlist: Add a flag for the restricted memory
  lib/scatterlist: Add sg_dup_table
  dma-buf: heaps: Initialize a restricted heap
  dma-buf: heaps: restricted_heap: Add private heap ops
  dma-buf: heaps: restricted_heap: Add dma_ops
  dma-buf: heaps: restricted_heap: Add MediaTek restricted heap and
    heap_init
  dma-buf: heaps: restricted_heap_mtk: Add TEE memory service call
  dma_buf: heaps: restricted_heap_mtk: Add a new CMA heap

 .../mediatek,dynamic-restricted-region.yaml   |  43 ++
 drivers/dma-buf/heaps/Kconfig                 |  16 +
 drivers/dma-buf/heaps/Makefile                |   4 +-
 drivers/dma-buf/heaps/restricted_heap.c       | 219 +++++++++
 drivers/dma-buf/heaps/restricted_heap.h       |  45 ++
 drivers/dma-buf/heaps/restricted_heap_mtk.c   | 423 ++++++++++++++++++
 drivers/dma-buf/heaps/system_heap.c           |  27 +-
 include/linux/scatterlist.h                   |  36 ++
 lib/scatterlist.c                             |  26 ++
 9 files changed, 812 insertions(+), 27 deletions(-)
 create mode 100644 Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-restricted-region.yaml
 create mode 100644 drivers/dma-buf/heaps/restricted_heap.c
 create mode 100644 drivers/dma-buf/heaps/restricted_heap.h
 create mode 100644 drivers/dma-buf/heaps/restricted_heap_mtk.c

-- 
2.18.0