[igt-dev] [PATCH] tests/amdgpu: add security tests
vitaly.prosyak at amd.com
vitaly.prosyak at amd.com
Thu Jul 27 20:30:03 UTC 2023
From: Vitaly Prosyak <vitaly.prosyak at amd.com>
Ported and refactored drmlib security tests and the following is done:
1. Remove everywhere global variables.
2. Reuse common functions from amd_command_submission.c
3. Reuse IGT igt_fixture functions.
4. Properly formatted code to meet IGT guidelines.
v2:
- Numerous improvements related to formatting, style,
spelling, includes (Luben).
- Use amdgpu_bo_export to retrieve the kms handle of
amdgpu_bo (Christian)
Cc: Aaron Liu <aaron.liu at amd.com>
Cc: Luben Tuikov <luben.tuikov at amd.com>
Cc: Alex Deucher <alexander.deucher at amd.com>
Cc: Christian Koenig <christian.koenig at amd.com>
Signed-off-by: Vitaly Prosyak <vitaly.prosyak at amd.com>
---
lib/amdgpu/amd_ip_blocks.c | 3 +-
tests/amdgpu/amd_security.c | 375 ++++++++++++++++++++++++++++++++++++
tests/amdgpu/meson.build | 1 +
3 files changed, 377 insertions(+), 2 deletions(-)
create mode 100644 tests/amdgpu/amd_security.c
diff --git a/lib/amdgpu/amd_ip_blocks.c b/lib/amdgpu/amd_ip_blocks.c
index 1249551cc..44768ba64 100644
--- a/lib/amdgpu/amd_ip_blocks.c
+++ b/lib/amdgpu/amd_ip_blocks.c
@@ -669,6 +669,7 @@ int setup_amdgpu_ip_blocks(uint32_t major, uint32_t minor, struct amdgpu_gpu_inf
case GFX8: /* tested */
case GFX9: /* tested */
case GFX10:/* tested */
+ case GFX10_3: /* tested */
amdgpu_device_ip_block_add(&gfx_v8_x_ip_block);
amdgpu_device_ip_block_add(&compute_v8_x_ip_block);
amdgpu_device_ip_block_add(&sdma_v3_x_ip_block);
@@ -680,8 +681,6 @@ int setup_amdgpu_ip_blocks(uint32_t major, uint32_t minor, struct amdgpu_gpu_inf
igt_assert_eq(gfx_v8_x_ip_block.funcs->family_id, FAMILY_VI);
igt_assert_eq(sdma_v3_x_ip_block.funcs->family_id, FAMILY_VI);
break;
- case GFX10_3:
- break;
default:
igt_info("amdgpu: GFX or old.\n");
return -1;
diff --git a/tests/amdgpu/amd_security.c b/tests/amdgpu/amd_security.c
new file mode 100644
index 000000000..46180df2e
--- /dev/null
+++ b/tests/amdgpu/amd_security.c
@@ -0,0 +1,375 @@
+// SPDX-License-Identifier: MIT
+/*
+ * Copyright 2019 Advanced Micro Devices, Inc.
+ * Copyright 2023 Advanced Micro Devices, Inc.
+ */
+
+#include <amdgpu.h>
+
+#include "igt.h"
+
+#include "lib/amdgpu/amd_memory.h"
+#include "lib/amdgpu/amd_command_submission.h"
+
+/* --------------------- Secure bounce test ------------------------ *
+ *
+ * The secure bounce test tests that we can evict a TMZ buffer,
+ * and page it back in, via a bounce buffer, as it encryption/decryption
+ * depends on its physical address, and have the same data, i.e. data
+ * integrity is preserved.
+ *
+ * The steps are as follows (from Christian K.):
+ *
+ * Buffer A which is TMZ protected and filled by the CPU with a
+ * certain pattern. That the GPU is reading only random nonsense from
+ * that pattern is irrelevant for the test.
+ *
+ * This buffer A is then secure copied into buffer B which is also
+ * TMZ protected.
+ *
+ * Buffer B is moved around, from VRAM to GTT, GTT to SYSTEM,
+ * etc.
+ *
+ * Then, we use another secure copy of buffer B back to buffer A.
+ *
+ * And lastly we check with the CPU the pattern.
+ *
+ * Assuming that we don't have memory contention and buffer A stayed
+ * at the same place, we should still see the same pattern when read
+ * by the CPU.
+ *
+ * If we don't see the same pattern then something in the buffer
+ * migration code is not working as expected.
+ */
+
+#define PACKET_LCOPY_SIZE 8
+#define PACKET_NOP_SIZE 16
+#define SECURE_BUFFER_SIZE (4 * 1024 * sizeof(secure_pattern))
+
+static uint32_t
+get_handle(struct amdgpu_bo *bo)
+{
+ uint32_t handle;
+ int r;
+
+ r = amdgpu_bo_export(bo, amdgpu_bo_handle_type_kms, &handle);
+ igt_assert_eq(r, 0);
+
+ return handle;
+}
+
+static void
+amdgpu_sdma_lcopy(uint32_t *packet, uint64_t dst, uint64_t src, uint32_t size,
+ uint32_t secure)
+{
+ /* Set the packet to Linear copy with TMZ set.
+ */
+ packet[0] = htole32(secure << 18 | 1);
+ packet[1] = htole32(size-1);
+ packet[2] = htole32(0);
+ packet[3] = htole32((uint32_t)(src & 0xFFFFFFFFU));
+ packet[4] = htole32((uint32_t)(src >> 32));
+ packet[5] = htole32((uint32_t)(dst & 0xFFFFFFFFU));
+ packet[6] = htole32((uint32_t)(dst >> 32));
+ packet[7] = htole32(0);
+}
+
+static void
+amdgpu_sdma_nop(uint32_t *packet, uint32_t nop_count)
+{
+ /* A packet of the desired number of NOPs.
+ */
+ packet[0] = htole32(nop_count << 16);
+ for ( ; nop_count > 0; nop_count--)
+ packet[nop_count-1] = 0;
+}
+
+/**
+ * amdgpu_bo_lcopy -- linear copy with TMZ set, using sDMA
+ * @dev: AMDGPU device to which both buffer objects belong to
+ * @ring_context: aux struct which has destination and source buffer objects
+ * @size: size of memory to move, in bytes.
+ * @secure: Set to 1 to perform secure copy, 0 for clear
+ *
+ * Issues and waits for completion of a Linear Copy with TMZ
+ * set, to the sDMA engine. @size should be a multiple of
+ * at least 16 bytes.
+ */
+static void
+amdgpu_bo_lcopy(amdgpu_device_handle device,
+ struct amdgpu_ring_context *ring_context,
+ const struct amdgpu_ip_block_version *ip_block, uint32_t size,
+ uint32_t secure)
+{
+ ring_context->pm4 = calloc(PACKET_LCOPY_SIZE, sizeof(*ring_context->pm4));
+ ring_context->secure = secure;
+ ring_context->pm4_size = PACKET_LCOPY_SIZE;
+ ring_context->pm4_dw = PACKET_LCOPY_SIZE;
+ ring_context->res_cnt = 2;
+ igt_assert(ring_context->pm4);
+
+ amdgpu_sdma_lcopy(ring_context->pm4, ring_context->bo_mc2,
+ ring_context->bo_mc, size, secure);
+ amdgpu_test_exec_cs_helper(device, ip_block->type, ring_context);
+ free(ring_context->pm4);
+}
+
+/**
+ * amdgpu_bo_move -- Evoke a move of the buffer object (BO)
+ * @dev: device to which this buffer object belongs to
+ * @ring_context: aux struct which has destination and source buffer objects
+ * @whereto: one of AMDGPU_GEM_DOMAIN_xyz
+ * @secure: set to 1 to submit secure IBs
+ *
+ * Evokes a move of the buffer object @bo to the GEM domain
+ * descibed by @whereto.
+ *
+ * Returns 0 on success; -errno on error.
+ */
+static void
+amdgpu_bo_move(amdgpu_device_handle device, int fd,
+ struct amdgpu_ring_context *ring_context,
+ const struct amdgpu_ip_block_version *ip_block, uint64_t whereto,
+ uint32_t secure)
+{
+ int r;
+ struct drm_amdgpu_gem_op gop = {
+ .handle = get_handle(ring_context->bo2),
+ .op = AMDGPU_GEM_OP_SET_PLACEMENT,
+ .value = whereto,
+ };
+
+ ring_context->pm4 = calloc(PACKET_NOP_SIZE, sizeof(*ring_context->pm4));
+ ring_context->secure = secure;
+ ring_context->pm4_size = PACKET_NOP_SIZE;
+ ring_context->pm4_dw = PACKET_NOP_SIZE;
+ ring_context->res_cnt = 1;
+ igt_assert(ring_context->pm4);
+
+ /* Change the buffer's placement.
+ */
+ r = drmIoctl(fd, DRM_IOCTL_AMDGPU_GEM_OP, &gop);
+ igt_assert_eq(r, 0);
+
+ /* Now issue a NOP to actually evoke the MM to move
+ * it to the desired location.
+ */
+ amdgpu_sdma_nop(ring_context->pm4, PACKET_NOP_SIZE);
+ amdgpu_test_exec_cs_helper(device, ip_block->type, ring_context);
+ free(ring_context->pm4);
+}
+
+/* Safe, O Sec!
+ */
+static const uint8_t secure_pattern[] = { 0x5A, 0xFE, 0x05, 0xEC };
+
+
+
+static void
+amdgpu_secure_bounce(amdgpu_device_handle device_handle, int fd,
+ struct drm_amdgpu_info_hw_ip *sdma_info,
+ const struct amdgpu_ip_block_version *ip_block, bool secure)
+{
+ struct amdgpu_ring_context *ring_context;
+
+ long page_size;
+ uint8_t *pp;
+ int r;
+
+ ring_context = calloc(1, sizeof(*ring_context));
+ igt_assert(ring_context);
+
+ page_size = sysconf(_SC_PAGESIZE);
+ r = amdgpu_cs_ctx_create(device_handle, &ring_context->context_handle);
+ igt_assert_eq(r, 0);
+
+ /* Use the first present ring.
+ */
+ ring_context->ring_id = ffs(sdma_info->available_rings) - 1;
+ if (ring_context->ring_id == -1)
+ igt_assert(false);
+
+
+ /* Allocate a buffer named Alice (bo, bo_cpu, bo_mc) in VRAM. */
+ r = amdgpu_bo_alloc_and_map_raw(device_handle, SECURE_BUFFER_SIZE,
+ page_size, AMDGPU_GEM_DOMAIN_VRAM,
+ secure == true ? AMDGPU_GEM_CREATE_ENCRYPTED : 0, 0,
+ &ring_context->bo,
+ (void **)&ring_context->bo_cpu,
+ &ring_context->bo_mc,
+ &ring_context->va_handle);
+ igt_assert_eq(r, 0);
+
+ /* Fill Alice with a pattern */
+ for (pp = (__typeof__(pp))ring_context->bo_cpu;
+ pp < (__typeof__(pp)) ring_context->bo_cpu + SECURE_BUFFER_SIZE;
+ pp += sizeof(secure_pattern))
+ memcpy(pp, secure_pattern, sizeof(secure_pattern));
+
+ /* Allocate a buffer named Bob(bo2, bo_cpu2, bo_mc2) in VRAM.
+ */
+ r = amdgpu_bo_alloc_and_map_raw(device_handle, SECURE_BUFFER_SIZE,
+ page_size, AMDGPU_GEM_DOMAIN_VRAM,
+ secure == true ? AMDGPU_GEM_CREATE_ENCRYPTED : 0, 0,
+ &ring_context->bo2,
+ (void **)&ring_context->bo2_cpu,
+ &ring_context->bo_mc2,
+ &ring_context->va_handle2);
+ igt_assert_eq(r, 0);
+
+ /* sDMA TMZ copy from Alice to Bob */
+ ring_context->resources[0] = ring_context->bo2; // Bob
+ ring_context->resources[1] = ring_context->bo; // Alice
+
+ amdgpu_bo_lcopy(device_handle, ring_context, ip_block, SECURE_BUFFER_SIZE,
+ secure == true ? 1 : 0);
+
+ /* Verify the contents of Bob. */
+ for (pp = (__typeof__(pp))ring_context->bo2_cpu;
+ pp < (__typeof__(pp)) ring_context->bo2_cpu + SECURE_BUFFER_SIZE;
+ pp += sizeof(secure_pattern)) {
+ r = memcmp(pp, secure_pattern, sizeof(secure_pattern));
+ if (r) {
+ // test failure
+ igt_assert(false);
+ break;
+ }
+ }
+
+ /* Move Bob to the GTT domain. */
+ amdgpu_bo_move(device_handle, fd, ring_context, ip_block,
+ AMDGPU_GEM_DOMAIN_GTT, 0);
+
+ /* sDMA TMZ copy from Bob to Alice.
+ * bo is a source ,bo2 is destination
+ */
+
+ ring_context->resources[0] = ring_context->bo; // Alice
+ ring_context->resources[1] = ring_context->bo2; // Bob
+
+ /* sDMA TMZ copy from Bob to Alice. */
+ amdgpu_bo_lcopy(device_handle, ring_context, ip_block, SECURE_BUFFER_SIZE,
+ secure == true ? 1 : 0);
+
+ /* Verify the contents of Alice */
+ for (pp = (__typeof__(pp))ring_context->bo_cpu;
+ pp < (__typeof__(pp)) ring_context->bo_cpu + SECURE_BUFFER_SIZE;
+ pp += sizeof(secure_pattern)) {
+ r = memcmp(pp, secure_pattern, sizeof(secure_pattern));
+ if (r) {
+ // test failure
+ igt_assert(false);
+ break;
+ }
+ }
+ amdgpu_bo_unmap_and_free(ring_context->bo, ring_context->va_handle,
+ ring_context->bo_mc, SECURE_BUFFER_SIZE);
+ amdgpu_bo_unmap_and_free(ring_context->bo2, ring_context->va_handle2,
+ ring_context->bo_mc2, SECURE_BUFFER_SIZE);
+ amdgpu_cs_ctx_free(ring_context->context_handle);
+ free(ring_context);
+}
+
+
+static void
+amdgpu_security_alloc_buf_test(amdgpu_device_handle device_handle)
+{
+ amdgpu_bo_handle bo;
+ amdgpu_va_handle va_handle;
+ uint64_t bo_mc;
+
+ /* Test secure buffer allocation in VRAM */
+ bo = gpu_mem_alloc(device_handle, 4096, 4096,
+ AMDGPU_GEM_DOMAIN_VRAM,
+ AMDGPU_GEM_CREATE_ENCRYPTED,
+ &bo_mc, &va_handle);
+
+ gpu_mem_free(bo, va_handle, bo_mc, 4096);
+
+ /* Test secure buffer allocation in system memory */
+ bo = gpu_mem_alloc(device_handle, 4096, 4096,
+ AMDGPU_GEM_DOMAIN_GTT,
+ AMDGPU_GEM_CREATE_ENCRYPTED,
+ &bo_mc, &va_handle);
+
+ gpu_mem_free(bo, va_handle, bo_mc, 4096);
+
+ /* Test secure buffer allocation in invisible VRAM */
+ bo = gpu_mem_alloc(device_handle, 4096, 4096,
+ AMDGPU_GEM_DOMAIN_GTT,
+ AMDGPU_GEM_CREATE_ENCRYPTED |
+ AMDGPU_GEM_CREATE_NO_CPU_ACCESS,
+ &bo_mc, &va_handle);
+
+ gpu_mem_free(bo, va_handle, bo_mc, 4096);
+}
+
+static bool
+is_security_tests_enable(amdgpu_device_handle device_handle,
+ const struct amdgpu_gpu_info *gpu_info, uint32_t major, uint32_t minor)
+{
+ bool enable = true;
+
+ if (!(gpu_info->ids_flags & AMDGPU_IDS_FLAGS_TMZ)) {
+ igt_info("Don't support TMZ (trust memory zone), security test is disabled\n");
+ enable = false;
+ }
+
+ if ((major < 3) ||
+ ((major == 3) && (minor < 37))) {
+ igt_info("Don't support TMZ (trust memory zone), kernel DRM version (%d.%d)\n",
+ major, minor);
+ enable = false;
+ }
+
+ return enable;
+}
+
+igt_main
+{
+ amdgpu_device_handle device;
+ struct amdgpu_gpu_info gpu_info = {};
+ struct drm_amdgpu_info_hw_ip sdma_info = {};
+ int r, fd = -1;
+ bool is_secure = true;
+
+ igt_fixture {
+ uint32_t major, minor;
+ int err;
+
+ fd = drm_open_driver(DRIVER_AMDGPU);
+ err = amdgpu_device_initialize(fd, &major, &minor, &device);
+ igt_require(err == 0);
+ igt_info("Initialized amdgpu, driver version %d.%d\n",
+ major, minor);
+ err = amdgpu_query_gpu_info(device, &gpu_info);
+ igt_assert_eq(err, 0);
+ r = setup_amdgpu_ip_blocks(major, minor, &gpu_info, device);
+ igt_assert_eq(r, 0);
+ r = amdgpu_query_hw_ip_info(device, AMDGPU_HW_IP_DMA, 0, &sdma_info);
+ igt_assert_eq(r, 0);
+ igt_skip_on(!is_security_tests_enable(device, &gpu_info, major, minor));
+ }
+
+ igt_describe("amdgpu_security_alloc_buf_test");
+ igt_subtest("amdgpu-security-alloc-buf-test")
+ amdgpu_security_alloc_buf_test(device);
+
+ igt_describe("amdgpu_command_submission_write_linear_helper");
+ igt_subtest("write-linear-helper-secure")
+ amdgpu_command_submission_write_linear_helper(device,
+ get_ip_block(device, AMDGPU_HW_IP_DMA), is_secure);
+
+ /* dynamic test based on sdma_info.available rings */
+ igt_describe("amdgpu_secure_bounce");
+ igt_subtest("amdgpu-secure-bounce")
+ amdgpu_secure_bounce(device, fd, &sdma_info, get_ip_block(device,
+ AMDGPU_HW_IP_DMA), is_secure);
+
+ igt_fixture {
+ amdgpu_device_deinitialize(device);
+ drm_close_driver(fd);
+ }
+}
+
+
diff --git a/tests/amdgpu/meson.build b/tests/amdgpu/meson.build
index ef1735fda..bdada90ca 100644
--- a/tests/amdgpu/meson.build
+++ b/tests/amdgpu/meson.build
@@ -26,6 +26,7 @@ if libdrm_amdgpu.found()
'amd_plane',
'amd_prime',
'amd_psr',
+ 'amd_security',
'amd_uvd_dec',
'amd_uvd_enc',
'amd_vce_dec',
--
2.25.1
More information about the igt-dev
mailing list