[RFC PATCH 0/5] drm/panthor: Protected mode support for Mali CSF GPUs
Nicolas Dufresne
nicolas at ndufresne.ca
Thu Jan 30 07:59:56 PST 2025
Le jeudi 30 janvier 2025 à 14:46 +0100, Maxime Ripard a écrit :
> Hi,
>
> I started to review it, but it's probably best to discuss it here.
>
> On Thu, Jan 30, 2025 at 01:08:56PM +0000, Florent Tomasin wrote:
> > Hi,
> >
> > This is a patch series covering the support for protected mode execution in
> > Mali Panthor CSF kernel driver.
> >
> > The Mali CSF GPUs come with the support for protected mode execution at the
> > HW level. This feature requires two main changes in the kernel driver:
> >
> > 1) Configure the GPU with a protected buffer. The system must provide a DMA
> > heap from which the driver can allocate a protected buffer.
> > It can be a carved-out memory or dynamically allocated protected memory region.
> > Some system includes a trusted FW which is in charge of the protected memory.
> > Since this problem is integration specific, the Mali Panthor CSF kernel
> > driver must import the protected memory from a device specific exporter.
>
> Why do you need a heap for it in the first place? My understanding of
> your series is that you have a carved out memory region somewhere, and
> you want to allocate from that carved out memory region your buffers.
>
> How is that any different from using a reserved-memory region, adding
> the reserved-memory property to the GPU device and doing all your
> allocation through the usual dma_alloc_* API?
How do you then multiplex this region so it can be shared between
GPU/Camera/Display/Codec drivers and also userspace ? Also, how the secure
memory is allocted / obtained is a process that can vary a lot between SoC, so
implementation details assumption should not be coded in the driver.
Nicolas
>
> Or do you expect to have another dma-buf heap that would call into the
> firmware to perform the allocations?
>
> The semantics of the CMA heap allocations is a concern too.
>
> Another question is how would you expect something like a secure
> video-playback pipeline to operate with that kind of interface. Assuming
> you have a secure codec, you would likely get that protected buffer from
> the codec, right? So the most likely scenario would be to then import
> that dma-buf into the GPU driver, but not allocate the buffer from it.
>
> Overall, I think a better abstraction would be to have a heap indeed to
> allocate your protected buffers from, and then import them in the
> devices that need them. The responsibility would be on the userspace to
> do so, but it already kind of does with your design anyway.
>
> Maxime
More information about the Linux-mediatek
mailing list