Mesa (master): radv: Compute hashes in secure process for secure compilation.

[GitLab Mirror]

Module: Mesa
Branch: master
Commit: d78809632f58da1a34c23ccfd4456cb889276f39
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=d78809632f58da1a34c23ccfd4456cb889276f39

Author: Bas Nieuwenhuizen <bas at basnieuwenhuizen.nl>
Date:   Wed Oct 30 02:54:37 2019 +0100

radv: Compute hashes in secure process for secure compilation.

To prevent poisoning arbitrary cache entries.

Reviewed-by: Timothy Arceri <tarceri at itsqueeze.com>

---

 src/amd/vulkan/radv_pipeline.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/amd/vulkan/radv_pipeline.c b/src/amd/vulkan/radv_pipeline.c
index 9c7d5dc32ee..422b0771a79 100644
--- a/src/amd/vulkan/radv_pipeline.c
+++ b/src/amd/vulkan/radv_pipeline.c
@@ -4629,6 +4629,21 @@ radv_secure_compile(struct radv_pipeline *pipeline,
 		    const VkPipelineCreateFlags flags,
 		    unsigned num_stages)
 {
+	uint8_t allowed_pipeline_hashes[2][20];
+	radv_hash_shaders(allowed_pipeline_hashes[0], pStages,
+	                  pipeline->layout, key, get_hash_flags(device));
+
+	/* Generate the GC copy hash */
+	memcpy(allowed_pipeline_hashes[1], allowed_pipeline_hashes[0], 20);
+	allowed_pipeline_hashes[1][0] ^= 1;
+
+	uint8_t allowed_hashes[2][20];
+	for (unsigned i = 0; i < 2; ++i) {
+		disk_cache_compute_key(device->physical_device->disk_cache,
+		                       allowed_pipeline_hashes[i], 20,
+		                       allowed_hashes[i]);
+	}
+
 	unsigned process = 0;
 	uint8_t sc_threads = device->instance->num_sc_threads;
 	while (true) {
@@ -4718,6 +4733,10 @@ radv_secure_compile(struct radv_pipeline *pipeline,
 			if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
 				return VK_ERROR_DEVICE_LOST;
 
+			if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
+			    memcmp(disk_sha1, allowed_hashes[1], 20))
+				return VK_ERROR_DEVICE_LOST;
+
 			uint32_t entry_size;
 			if (!radv_sc_read(fd_secure_output, &entry_size, sizeof(uint32_t), true))
 				return VK_ERROR_DEVICE_LOST;
@@ -4736,6 +4755,10 @@ radv_secure_compile(struct radv_pipeline *pipeline,
 			if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
 				return VK_ERROR_DEVICE_LOST;
 
+			if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
+			    memcmp(disk_sha1, allowed_hashes[1], 20))
+				return VK_ERROR_DEVICE_LOST;
+
 			size_t size;
 			struct cache_entry *entry = (struct cache_entry *)
 				disk_cache_get(device->physical_device->disk_cache,