[Intel-gfx] [PATCH 4/4] drm/i915: fix relocation of secure buffers
Dave Gordon
david.s.gordon at intel.com
Fri Apr 15 12:24:46 UTC 2016
On 15/04/2016 12:43, Chris Wilson wrote:
> On Fri, Apr 15, 2016 at 12:32:57PM +0100, Dave Gordon wrote:
>> There is a problem with the relocation of batches submitted with the
>> I915_EXEC_SECURE flag: although the batch itself will be mapped into the
>> GGTT, any relocations referring to it will use its address in the PPGTT,
>> which almost certainly won't be the same.
> This is incorrect. We can have and do use secure batches in the GGTT that
> use ppGTT self relocations.
> -Chris
No, what I wrote is correct. A batch containing an MI_START_BATCH_BUFFER
with a relocation description specifying the target as another part of
the same batch will have the address of the batch in the PPGTT filled in
there; Miguel has an example to demonstrate this. (And it's obvious from
the code, relocation is completed before the GGTT mapping is created so
can't put the GGTT address in the relocated entry).
Therefore, the secure batch cannot jump to another part of the buffer
and remain in privileged mode.
OTOH it may ALSO be useful for the privileged batch to jump to
UNPRIVILEGED subroutines, which would require the relocation to provide
the PPGTT address (although I wouldn't expect that to be the default).
Maybe we need to extend the relocation interface so the batch can choose?
.Dave.
More information about the Intel-gfx
mailing list