bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-24 01:25:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba767b9d01a2c552d76cf6f46b125d50ec4147a6
linux/drivers/gpu/drm/xe/compat-i915-headers/pxp/intel_pxp.h
Daniele Ceraolo Spurio 41a97c4a12 drm/xe/pxp/uapi: Add API to mark a BO as using PXP 
The driver needs to know if a BO is encrypted with PXP to enable the
display decryption at flip time.
Furthermore, we want to keep track of the status of the encryption and
reject any operation that involves a BO that is encrypted using an old
key. There are two points in time where such checks can kick in:

1 - at VM bind time, all operations except for unmapping will be
    rejected if the key used to encrypt the BO is no longer valid. This
    check is opt-in via a new VM_BIND flag, to avoid a scenario where a
    malicious app purposely shares an invalid BO with a non-PXP aware
    app (such as a compositor). If the VM_BIND was failed, the
    compositor would be unable to display anything at all. Allowing the
    bind to go through means that output still works, it just displays
    garbage data within the bounds of the illegal BO.

2 - at job submission time, if the queue is marked as using PXP, all
    objects bound to the VM will be checked and the submission will be
    rejected if any of them was encrypted with a key that is no longer
    valid.

Note that there is no risk of leaking the encrypted data if a user does
not opt-in to those checks; the only consequence is that the user will
not realize that the encryption key is changed and that the data is no
longer valid.

v2: Better commnnts and descriptions (John), rebase

v3: Properly return the result of key_assign up the stack, do not use
xe_bo in display headers (Jani)

v4: improve key_instance variable documentation (John)

Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: John Harrison <John.C.Harrison@Intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: John Harrison <John.C.Harrison@Intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250129174140.948829-11-daniele.ceraolospurio@intel.com
2025-02-03 11:51:23 -08:00

33 lines
656 B
C
Raw Blame History

/* SPDX-License-Identifier: MIT */
/*
* Copyright © 2023 Intel Corporation
*/
#ifndef __INTEL_PXP_H__
#define __INTEL_PXP_H__
#include <linux/errno.h>
#include <linux/types.h>
#include "xe_pxp.h"
struct drm_gem_object;
struct xe_pxp;
static inline int intel_pxp_key_check(struct xe_pxp *pxp,
struct drm_gem_object *obj,
bool assign)
{
/*
* The assign variable is used in i915 to assign the key to the BO at
* first submission time. In Xe the key is instead assigned at BO
* creation time, so the assign variable must always be false.
*/
if (assign)
return -EINVAL;
return xe_pxp_obj_key_check(pxp, obj);
}
#endif
Reference in New Issue View Git Blame Copy Permalink