| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2024 02:19:38 +0000
From: CK Hu (胡俊光) <ck.hu@...iatek.com>
To: "jassisinghbrar@...il.com" <jassisinghbrar@...il.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>,
Jason-JH Lin (林睿祥) <Jason-JH.Lin@...iatek.com>,
"chunkuang.hu@...nel.org" <chunkuang.hu@...nel.org>, "robh+dt@...nel.org"
<robh+dt@...nel.org>, "krzysztof.kozlowski+dt@...aro.org"
<krzysztof.kozlowski+dt@...aro.org>,
"angelogioacchino.delregno@...labora.com"
<angelogioacchino.delregno@...labora.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Singo Chang (張興國) <Singo.Chang@...iatek.com>,
"linux-mediatek@...ts.infradead.org" <linux-mediatek@...ts.infradead.org>,
Jason-ch Chen (陳建豪)
<Jason-ch.Chen@...iatek.com>, "devicetree@...r.kernel.org"
<devicetree@...r.kernel.org>, Shawn Sung (宋孝謙)
<Shawn.Sung@...iatek.com>, Nancy Lin (林欣螢)
<Nancy.Lin@...iatek.com>, "conor+dt@...nel.org" <conor+dt@...nel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
Project_Global_Chrome_Upstream_Group
<Project_Global_Chrome_Upstream_Group@...iatek.com>,
"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH RESEND, v6 6/8] mailbox: mediatek: Add CMDQ secure mailbox
driver
On Sun, 2024-05-26 at 22:44 +0800, Jason-JH.Lin wrote:
> To support secure video path feature, GCE have to read/write registgers
> in the secure world. GCE will enable the secure access permission to the
> HW who wants to access the secure content buffer.
>
> Add CMDQ secure mailbox driver to make CMDQ client user is able to
> sending their HW settings to the secure world. So that GCE can execute
> all instructions to configure HW in the secure world.
>
> TODO:
> 1. Squash cmdq_sec_task_exec_work() into cmdq_sec_mbox_send_data().
> 2. Call into TEE to query cookie instead of using shared memory in
> cmdq_sec_get_cookie().
> 3. Register shared memory as command buffer instead of copying normal
> command buffer to IWC shared memory.
> 4. Use SOFTDEP to make cmdq_sec_probe later than OPTEE loaded and then
> move cmdq_sec_session_init into cmdq_sec_probe().
> 5. Remove timeout detection in cmdq_sec_session_send().
>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@...iatek.com>
> Signed-off-by: Hsiao Chien Sung <shawn.sung@...iatek.com>
> ---
[snip]
> +static void cmdq_sec_irq_notify_work(struct work_struct *work_item)
> +{
> + struct cmdq_sec *cmdq = container_of(work_item, struct cmdq_sec, irq_notify_work);
> + int i;
> +
> + mutex_lock(&cmdq->exec_lock);
> +
> + for (i = 0; i <= cmdq->pdata->secure_thread_nr; i++) {
> + struct cmdq_sec_thread *sec_thread = &cmdq->sec_thread[i];
> + u32 cookie = cmdq_sec_get_cookie(cmdq, sec_thread->idx);
I prefer to get current pa instead of cookie, but the current pa is mapped from secure packet pa to normal packet pa.
If something wrong, normal world could know where GCE is stalled. And this is how normal thread irq handler does.
We could use one method for both normal thread and secure thread. This is easier to maintain code.
Regards,
CK
> +
> + if (cookie < sec_thread->wait_cookie || !sec_thread->task_cnt)
> + continue;
> +
> + cmdq_sec_irq_handler(sec_thread, cookie, 0);
> + }
> +
> + mutex_unlock(&cmdq->exec_lock);
> +}
> +
Powered by blists - more mailing lists