Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0024abc9 authored by Tarun Karra's avatar Tarun Karra
Browse files

msm: kgsl: Add content protection for A430 



Content protection protects secure context content (example: framebuffer)
from unsecured contexts. TSB (trusted steering block) hardware is
programmed to route the memory access from trusted and untrused contexts
accordingly. If an unsecured context tries to read/write data from a
secured context, the access will be denied by TSB.

When content protection is enabled:
a) Create a secure pagetable with 256MB virtual pool to map secure buffers.
   All the secure buffers created in user mode driver and mapped to kernel
   are mapped to this virtual pool.
b) Enable GPU secure mode when executing commands from secure context.
   This enables GPU to use secure pagetable and render to secure buffer.

Change-Id: Ic07d9461152159aa7db1bb527085b4bc02fdb0e7
Signed-off-by: default avatarTarun Karra <tkarra@codeaurora.org>
parent 649d3b58

drivers/gpu/msm/a4xx_reg.h

+4 −0
Original line number Diff line number Diff line
@@ -406,6 +406,10 @@ enum a4xx_rb_perfctr_rb_sel { 
#define A4XX_RBBM_CFG_DEBBUS_MISR0		0x1ae

#define A4XX_RBBM_CFG_DEBBUS_MISR1		0x1af

#define A4XX_RBBM_POWER_STATUS			0x1b0

#define A4XX_RBBM_SECVID_TRUST_CONTROL		0xf400

#define A4XX_RBBM_SECVID_TSB_TRUSTED_BASE	0xf800

#define A4XX_RBBM_SECVID_TSB_TRUSTED_SIZE	0xf801

#define A4XX_RBBM_SECVID_TSB_CONTROL		0xf802



/* CP registers */

#define A4XX_CP_RB_BASE			0x200

drivers/gpu/msm/adreno.c

+7 −0
Original line number Diff line number Diff line
@@ -1382,6 +1382,13 @@ static int adreno_of_get_iommu(struct device_node *parent, 
		} else if (!strcmp("gfx3d_spare",

					ctxs[ctx_index].iommu_ctx_name)) {

			ctxs[ctx_index].ctx_id = 2;

		/*

		 * Context bank 2 is secure context bank if content protection

		 * is supported

		 */

		} else if (!strcmp("gfx3d_secure",

					ctxs[ctx_index].iommu_ctx_name)) {

			ctxs[ctx_index].ctx_id = 2;

		} else {

			KGSL_CORE_ERR("dt: IOMMU context %s is invalid\n",

				ctxs[ctx_index].iommu_ctx_name);

drivers/gpu/msm/adreno_a4xx.c

+8 −0
Original line number Diff line number Diff line
@@ -475,6 +475,14 @@ static void a4xx_protect_init(struct kgsl_device *device) 
	adreno_set_protected_registers(device, &index, 0x40, 6);

	adreno_set_protected_registers(device, &index, 0x80, 4);



	/* Content protection registers */

	if (kgsl_mmu_is_secured(&device->mmu)) {

		adreno_set_protected_registers(device, &index,

			   A4XX_RBBM_SECVID_TSB_TRUSTED_BASE, 3);

		adreno_set_protected_registers(device, &index,

			   A4XX_RBBM_SECVID_TRUST_CONTROL, 1);

	}



	/* CP registers */

	adreno_set_protected_registers(device, &index, 0x200, 7);

	adreno_set_protected_registers(device, &index, 0x580, 4);

drivers/gpu/msm/adreno_drawctxt.c

+13 −1
Original line number Diff line number Diff line
@@ -347,7 +347,19 @@ adreno_drawctxt_create(struct kgsl_device_private *dev_priv, 
		KGSL_CONTEXT_PRIORITY_MASK |

		KGSL_CONTEXT_TYPE_MASK |

		KGSL_CONTEXT_PWR_CONSTRAINT |

		KGSL_CONTEXT_IFH_NOP);

		KGSL_CONTEXT_IFH_NOP |

		KGSL_CONTEXT_SECURE);



	/*

	 * If content protection is not enabled and secure context

	 * is requested return error.

	 */

	if (!kgsl_mmu_is_secured(&dev_priv->device->mmu) &&

			(drawctxt->base.flags & KGSL_CONTEXT_SECURE)) {

		dev_WARN_ONCE(device->dev, 1, "Secure context not supported");

		kfree(drawctxt);

		return ERR_PTR(-EINVAL);

	}



	/* Always enable per-context timestamps */

	drawctxt->base.flags |= KGSL_CONTEXT_PER_CONTEXT_TS;

drivers/gpu/msm/adreno_ringbuffer.c

+27 −1
Original line number Diff line number Diff line
@@ -1211,6 +1211,7 @@ int adreno_ringbuffer_submitcmd(struct adreno_device *adreno_dev, 
	struct kgsl_device *device = &adreno_dev->dev;

	struct kgsl_memobj_node *ib;

	unsigned int numibs = 0;

	unsigned int secured_ctxt = 0;

	unsigned int *link;

	unsigned int *cmds;

	struct kgsl_context *context;
@@ -1275,11 +1276,18 @@ int adreno_ringbuffer_submitcmd(struct adreno_device *adreno_dev, 
	/*

	 * Worst case size:

	 * 2 - start of IB identifier

	 * 6 - secure IB start

	 * 1 - skip preamble

	 * 3 * numibs - 3 per IB

	 * 6 - secure IB end

	 * 2 - end of IB identifier

	 */

	cmds = link = kzalloc(sizeof(unsigned int) * (numibs * 3 + 5),

	if (context->flags & KGSL_CONTEXT_SECURE)

		secured_ctxt = 1;





	cmds = link = kzalloc(sizeof(unsigned int) * (numibs * 3 + 5 +

					(secured_ctxt ? 12 : 0)),

				GFP_KERNEL);

	if (!link) {

		ret = -ENOMEM;
@@ -1289,6 +1297,15 @@ int adreno_ringbuffer_submitcmd(struct adreno_device *adreno_dev, 
	*cmds++ = cp_nop_packet(1);

	*cmds++ = KGSL_START_OF_IB_IDENTIFIER;



	if (secured_ctxt) {

		*cmds++ = cp_type3_packet(CP_SET_PROTECTED_MODE, 1);

		*cmds++ = 0;

		*cmds++ = cp_type0_packet(A4XX_RBBM_SECVID_TRUST_CONTROL, 1);

		*cmds++ = 1;

		*cmds++ = cp_type3_packet(CP_SET_PROTECTED_MODE, 1);

		*cmds++ = 1;

	}



	if (numibs) {

		list_for_each_entry(ib, &cmdbatch->cmdlist, node) {

			/* use the preamble? */
@@ -1310,6 +1327,15 @@ int adreno_ringbuffer_submitcmd(struct adreno_device *adreno_dev, 
		}

	}



	if (secured_ctxt) {

		*cmds++ = cp_type3_packet(CP_SET_PROTECTED_MODE, 1);

		*cmds++ = 0;

		*cmds++ = cp_type0_packet(A4XX_RBBM_SECVID_TRUST_CONTROL, 1);

		*cmds++ = 0;

		*cmds++ = cp_type3_packet(CP_SET_PROTECTED_MODE, 1);

		*cmds++ = 1;

	}



	*cmds++ = cp_nop_packet(1);

	*cmds++ = KGSL_END_OF_IB_IDENTIFIER;