[PATCH v3 10/11] drm/amdgpu: job is secure iff CS is secure (v4)

Koenig, Christian Christian.Koenig at amd.com
Wed Sep 25 14:46:49 UTC 2019


Am 25.09.19 um 16:38 schrieb Huang, Ray:
> Mark a job as secure, if and only if the command
> submission flag has the secure flag set.
>
> v2: fix the null job pointer while in vmid 0
> submission.
> v3: Context --> Command submission.
> v4: filling cs parser with cs->in.flags
>
> Signed-off-by: Huang Rui <ray.huang at amd.com>
> Co-developed-by: Luben Tuikov <luben.tuikov at amd.com>
> Signed-off-by: Luben Tuikov <luben.tuikov at amd.com>
> Reviewed-by: Alex Deucher <alexander.deucher at amd.com>
> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu.h     |  3 +++
>   drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c  | 11 ++++++++++-
>   drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c  |  4 ++--
>   drivers/gpu/drm/amd/amdgpu/amdgpu_job.h |  2 ++
>   4 files changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
> index 697e8e5..fd60695 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
> @@ -485,6 +485,9 @@ struct amdgpu_cs_parser {
>   	uint64_t			bytes_moved;
>   	uint64_t			bytes_moved_vis;
>   
> +	/* secure cs */
> +	bool				is_secure;
> +
>   	/* user fence */
>   	struct amdgpu_bo_list_entry	uf_entry;
>   
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index 51f3db0..9038dc1 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -133,6 +133,14 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, union drm_amdgpu_cs
>   		goto free_chunk;
>   	}
>   
> +	/**
> +	 * The command submission (cs) is a union, so an assignment to
> +	 * 'out' is destructive to the cs (at least the first 8
> +	 * bytes). For this reason, inquire about the flags before the
> +	 * assignment to 'out'.
> +	 */
> +	p->is_secure = cs->in.flags & AMDGPU_CS_FLAGS_SECURE;
> +
>   	/* get chunks */
>   	chunk_array_user = u64_to_user_ptr(cs->in.chunks);
>   	if (copy_from_user(chunk_array, chunk_array_user,
> @@ -1252,8 +1260,9 @@ static int amdgpu_cs_submit(struct amdgpu_cs_parser *p,
>   		p->ctx->preamble_presented = true;
>   	}
>   
> -	cs->out.handle = seq;
> +	job->secure = p->is_secure;
>   	job->uf_sequence = seq;
> +	cs->out.handle = seq;

At least it is no longer accessing cs->in, but that still looks like the 
wrong place to initialize the job.

Why can't we fill that in directly after amdgpu_job_alloc() ?

Regards,
Christian.

>   
>   	amdgpu_job_free_resources(job);
>   
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
> index e1dc229..cb9b650 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
> @@ -210,7 +210,7 @@ int amdgpu_ib_schedule(struct amdgpu_ring *ring, unsigned num_ibs,
>   	if (job && ring->funcs->emit_cntxcntl) {
>   		status |= job->preamble_status;
>   		status |= job->preemption_status;
> -		amdgpu_ring_emit_cntxcntl(ring, status, false);
> +		amdgpu_ring_emit_cntxcntl(ring, status, job->secure);
>   	}
>   
>   	for (i = 0; i < num_ibs; ++i) {
> @@ -229,7 +229,7 @@ int amdgpu_ib_schedule(struct amdgpu_ring *ring, unsigned num_ibs,
>   	}
>   
>   	if (ring->funcs->emit_tmz)
> -		amdgpu_ring_emit_tmz(ring, false, false);
> +		amdgpu_ring_emit_tmz(ring, false, job ? job->secure : false);
>   
>   #ifdef CONFIG_X86_64
>   	if (!(adev->flags & AMD_IS_APU))
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.h
> index dc7ee93..aa0e375 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.h
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.h
> @@ -63,6 +63,8 @@ struct amdgpu_job {
>   	uint64_t		uf_addr;
>   	uint64_t		uf_sequence;
>   
> +	/* the job is due to a secure command submission */
> +	bool			secure;
>   };
>   
>   int amdgpu_job_alloc(struct amdgpu_device *adev, unsigned num_ibs,



More information about the amd-gfx mailing list