From: Yong Wu <yong.wu@mediatek.com>
To: Rob Herring <robh+dt@kernel.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
<christian.koenig@amd.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Conor Dooley <conor+dt@kernel.org>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Brian Starkey <Brian.Starkey@arm.com>,
John Stultz <jstultz@google.com>, <tjmercier@google.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
Yong Wu <yong.wu@mediatek.com>, <devicetree@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-media@vger.kernel.org>,
<dri-devel@lists.freedesktop.org>,
<linaro-mm-sig@lists.linaro.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
Robin Murphy <robin.murphy@arm.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Joakim Bech <joakim.bech@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Pavel Machek <pavel@ucw.cz>, Simon Ser <contact@emersion.fr>,
Pekka Paalanen <ppaalanen@gmail.com>, <willy@infradead.org>,
Logan Gunthorpe <logang@deltatee.com>,
Daniel Vetter <daniel@ffwll.ch>, <jianjiao.zeng@mediatek.com>,
<kuohong.wang@mediatek.com>, <youlin.pei@mediatek.com>
Subject: [PATCH v5 0/9] dma-buf: heaps: Add restricted heap
Date: Wed, 15 May 2024 19:22:59 +0800 [thread overview]
Message-ID: <20240515112308.10171-1-yong.wu@mediatek.com> (raw)
The purpose of this patchset is for MediaTek secure video playback, and
also to enable other potential uses of this in the future. The 'restricted
dma-heap' will be used to allocate dma_buf objects that reference memory
in the secure world that is inaccessible/unmappable by the non-secure
(i.e. kernel/userspace) world. That memory will be used by the secure/
trusted world to store secure information (i.e. decrypted media content).
The dma_bufs allocated from the kernel will be passed to V4L2 for video
decoding (as input and output). They will also be used by the drm
system for rendering of the content.
This patchset adds two MediaTek restricted heaps and they will be used in
v4l2[1] and drm[2].
1) restricted_mtk_cm: secure chunk memory for MediaTek SVP (Secure Video
Path). The buffer is reserved for the secure world after bootup and it
is used for vcodec's ES/working buffer;
2) restricted_mtk_cma: secure CMA memory for MediaTek SVP. This buffer is
dynamically reserved for the secure world and will be got when we start
playing secure videos. Once the security video playing is complete, the
CMA will be released. This heap is used for the vcodec's frame buffer.
[1] https://lore.kernel.org/linux-mediatek/20240412090851.24999-1-yunfei.dong@mediatek.com/
[2] https://lore.kernel.org/linux-mediatek/20240403102701.369-1-shawn.sung@mediatek.com/
Change note:
v5: 1) Reconstruct TEE commands to allow the kernel to obtain the PA of the
TEE buffer to initialize a valid sg table.
2) Previously, PA was hidden from the kernel. Then the kernel checks if
this is restricted buffer by "if (sg_page(sg) == NULL)".
In this version, we will add a new explicit interface
(sg_dma_is_restricted) for users to determine whether this is a
restricted buffer.
3) some words improve, like using "rheap".
Rebase on v6.9-rc7.
v4: https://lore.kernel.org/linux-mediatek/20240112092014.23999-1-yong.wu@mediatek.com/
1) Rename the heap name from "secure" to "restricted". suggested from
Simon/Pekka. There are still several "secure" string in MTK file
since we use ARM platform in which we call this "secure world"/
"secure command".
v3: https://lore.kernel.org/linux-mediatek/20231212024607.3681-1-yong.wu@mediatek.com/
1) Separate the secure heap to a common file(secure_heap.c) and mtk
special file (secure_heap_mtk.c), and put all the tee related code
into our special file.
2) About dt-binding, Add "mediatek," prefix since this is Mediatek TEE
firmware definition.
3) Remove the normal CMA heap which is a draft for qcom.
Rebase on v6.7-rc1.
v2: https://lore.kernel.org/linux-mediatek/20231111111559.8218-1-yong.wu@mediatek.com/
1) Move John's patches into the vcodec patchset since they use the new
dma heap interface directly.
https://lore.kernel.org/linux-mediatek/20231106120423.23364-1-yunfei.dong@mediatek.com/
2) Reword the dt-binding description.
3) Rename the heap name from mtk_svp to secure_mtk_cm.
This means the current vcodec/DRM upstream code doesn't match this.
4) Add a normal CMA heap. currently it should be a draft version.
5) Regarding the UUID, I still use hard code, but put it in a private
data which allow the others could set their own UUID. What's more, UUID
is necessary for the session with TEE. If we don't have it, we can't
communicate with the TEE, including the get_uuid interface, which tries
to make uuid more generic, not working. If there is other way to make
UUID more general, please free to tell me.
v1: https://lore.kernel.org/linux-mediatek/20230911023038.30649-1-yong.wu@mediatek.com/
Base on v6.6-rc1.
Yong Wu (9):
dt-bindings: reserved-memory: Add mediatek,dynamic-restricted-region
scatterlist: Add a flag for the restricted memory
lib/scatterlist: Add sg_dup_table
dma-buf: heaps: Initialize a restricted heap
dma-buf: heaps: restricted_heap: Add private heap ops
dma-buf: heaps: restricted_heap: Add dma_ops
dma-buf: heaps: restricted_heap: Add MediaTek restricted heap and
heap_init
dma-buf: heaps: restricted_heap_mtk: Add TEE memory service call
dma_buf: heaps: restricted_heap_mtk: Add a new CMA heap
.../mediatek,dynamic-restricted-region.yaml | 43 ++
drivers/dma-buf/heaps/Kconfig | 16 +
drivers/dma-buf/heaps/Makefile | 4 +-
drivers/dma-buf/heaps/restricted_heap.c | 219 +++++++++
drivers/dma-buf/heaps/restricted_heap.h | 45 ++
drivers/dma-buf/heaps/restricted_heap_mtk.c | 423 ++++++++++++++++++
drivers/dma-buf/heaps/system_heap.c | 27 +-
include/linux/scatterlist.h | 36 ++
lib/scatterlist.c | 26 ++
9 files changed, 812 insertions(+), 27 deletions(-)
create mode 100644 Documentation/devicetree/bindings/reserved-memory/mediatek,dynamic-restricted-region.yaml
create mode 100644 drivers/dma-buf/heaps/restricted_heap.c
create mode 100644 drivers/dma-buf/heaps/restricted_heap.h
create mode 100644 drivers/dma-buf/heaps/restricted_heap_mtk.c
--
2.18.0
next reply other threads:[~2024-05-15 11:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-15 11:22 Yong Wu [this message]
2024-05-15 11:23 ` [PATCH v5 1/9] dt-bindings: reserved-memory: Add mediatek,dynamic-restricted-region Yong Wu
2024-05-15 11:23 ` [PATCH v5 2/9] scatterlist: Add a flag for the restricted memory Yong Wu
2024-05-16 8:17 ` Christian König
2024-05-20 7:58 ` Yong Wu (吴勇)
2024-05-21 18:36 ` Christian König
2024-05-16 9:59 ` AngeloGioacchino Del Regno
2024-05-20 9:53 ` Yong Wu (吴勇)
2024-05-15 11:23 ` [PATCH v5 3/9] lib/scatterlist: Add sg_dup_table Yong Wu
2024-05-15 11:23 ` [PATCH v5 4/9] dma-buf: heaps: Initialize a restricted heap Yong Wu
2024-05-15 11:23 ` [PATCH v5 5/9] dma-buf: heaps: restricted_heap: Add private heap ops Yong Wu
2024-05-15 11:23 ` [PATCH v5 6/9] dma-buf: heaps: restricted_heap: Add dma_ops Yong Wu
2024-05-15 11:23 ` [PATCH v5 7/9] dma-buf: heaps: restricted_heap: Add MediaTek restricted heap and heap_init Yong Wu
2024-05-15 11:23 ` [PATCH v5 8/9] dma-buf: heaps: restricted_heap_mtk: Add TEE memory service call Yong Wu
2024-05-15 11:23 ` [PATCH v5 9/9] dma_buf: heaps: restricted_heap_mtk: Add a new CMA heap Yong Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240515112308.10171-1-yong.wu@mediatek.com \
--to=yong.wu@mediatek.com \
--cc=Brian.Starkey@arm.com \
--cc=akpm@linux-foundation.org \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=conor+dt@kernel.org \
--cc=contact@emersion.fr \
--cc=daniel@ffwll.ch \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jianjiao.zeng@mediatek.com \
--cc=jkardatzke@google.com \
--cc=joakim.bech@linaro.org \
--cc=jstultz@google.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuohong.wang@mediatek.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=logang@deltatee.com \
--cc=matthias.bgg@gmail.com \
--cc=pavel@ucw.cz \
--cc=ppaalanen@gmail.com \
--cc=quic_vjitta@quicinc.com \
--cc=robh+dt@kernel.org \
--cc=robin.murphy@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=tjmercier@google.com \
--cc=willy@infradead.org \
--cc=youlin.pei@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).