| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <705ce6b0-e945-404c-8014-38881a01fbca@xs4all.nl>
Date: Mon, 11 Dec 2023 11:58:36 +0100
From: Hans Verkuil <hverkuil-cisco@...all.nl>
To: Yunfei Dong <yunfei.dong@...iatek.com>,
Jeffrey Kardatzke <jkardatzke@...gle.com>,
Nícolas F . R . A . Prado
<nfraprado@...labora.com>,
Nicolas Dufresne <nicolas.dufresne@...labora.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>,
Benjamin Gaignard <benjamin.gaignard@...labora.com>,
Nathan Hebert <nhebert@...omium.org>
Cc: Chen-Yu Tsai <wenst@...omium.org>, Yong Wu <yong.wu@...iatek.com>,
Hsin-Yi Wang <hsinyi@...omium.org>,
Fritz Koenig <frkoenig@...omium.org>,
Daniel Vetter <daniel@...ll.ch>,
Steve Cho <stevecho@...omium.org>,
Sumit Semwal <sumit.semwal@...aro.org>,
Brian Starkey <Brian.Starkey@....com>,
John Stultz <jstultz@...gle.com>,
"T . J . Mercier" <tjmercier@...gle.com>,
Christian König <christian.koenig@....com>,
Matthias Brugger <matthias.bgg@...il.com>,
dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org,
Project_Global_Chrome_Upstream_Group@...iatek.com
Subject: Re: [PATCH v3,03/21] v4l2: verify secure dmabufs are used in secure
queue
On 06/12/2023 09:15, Yunfei Dong wrote:
> From: Jeffrey Kardatzke <jkardatzke@...gle.com>
>
> Verfies in the dmabuf implementations that if the secure memory flag is
Verfies -> Verifies
> set for a queue that the dmabuf submitted to the queue is unmappable.
>
> Signed-off-by: Jeffrey Kardatzke <jkardatzke@...gle.com>
> Signed-off-by: Yunfei Dong <yunfei.dong@...iatek.com>
> ---
> drivers/media/common/videobuf2/videobuf2-dma-contig.c | 6 ++++++
> drivers/media/common/videobuf2/videobuf2-dma-sg.c | 6 ++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
> index 3d4fd4ef5310..ad58ef8dc231 100644
> --- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
> +++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
> @@ -710,6 +710,12 @@ static int vb2_dc_map_dmabuf(void *mem_priv)
> return -EINVAL;
> }
>
> + /* verify the dmabuf is secure if we are in secure mode */
> + if (buf->vb->vb2_queue->secure_mem && sg_page(sgt->sgl)) {
This needs a bit more explanation. I guess that for secure memory
sg_page returns NULL?
> + pr_err("secure queue requires secure dma_buf");
> + return -EINVAL;
> + }
> +
> /* checking if dmabuf is big enough to store contiguous chunk */
> contig_size = vb2_dc_get_contiguous_size(sgt);
> if (contig_size < buf->size) {
> diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
> index 28f3fdfe23a2..55428c73c380 100644
> --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
> +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
> @@ -564,6 +564,12 @@ static int vb2_dma_sg_map_dmabuf(void *mem_priv)
> return -EINVAL;
> }
>
> + /* verify the dmabuf is secure if we are in secure mode */
> + if (buf->vb->vb2_queue->secure_mem && !sg_dma_secure(sgt->sgl)) {
I can't find the sg_dma_secure function. I suspect this patch series
depends on another series?
> + pr_err("secure queue requires secure dma_buf");
> + return -EINVAL;
> + }
> +
> buf->dma_sgt = sgt;
> buf->vaddr = NULL;
>
Regards,
Hans
Powered by blists - more mailing lists