radeonsi/tmz: allow secure job if the app made a tmz allocation
This commit makes TMZ always allowed instead of being either off or forced-on
with AMD_DEBUG=tmz.
With this change:
- secure job can be used as soon as the application made a tmz allocation. Driver
internal allocations are not enough to enable secure jobs (if tmz is supported
and enabled by the kernel)
- AMD_DEBUG=tmz forces all scanout/depth/stencil buffers to be allocated as TMZ.
This is useful to test app thats don't explicitely support protected content.
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6049>
diff --git a/src/gallium/drivers/radeon/radeon_winsys.h b/src/gallium/drivers/radeon/radeon_winsys.h
index 938e36c..33fc9c5 100644
--- a/src/gallium/drivers/radeon/radeon_winsys.h
+++ b/src/gallium/drivers/radeon/radeon_winsys.h
@@ -690,7 +690,7 @@
/**
* Secure context
*/
- bool (*ws_is_secure)(struct radeon_winsys *ws);
+ bool (*ws_uses_secure_bo)(struct radeon_winsys *ws);
bool (*cs_is_secure)(struct radeon_cmdbuf *cs);
void (*cs_set_secure)(struct radeon_cmdbuf *cs, bool secure);
};
diff --git a/src/gallium/drivers/radeonsi/si_buffer.c b/src/gallium/drivers/radeonsi/si_buffer.c
index 2318ecf..1237074 100644
--- a/src/gallium/drivers/radeonsi/si_buffer.c
+++ b/src/gallium/drivers/radeonsi/si_buffer.c
@@ -166,12 +166,13 @@
else
res->flags |= RADEON_FLAG_NO_INTERPROCESS_SHARING;
- if (sscreen->ws->ws_is_secure(sscreen->ws)) {
- if (res->b.b.bind & (PIPE_BIND_SCANOUT | PIPE_BIND_DEPTH_STENCIL))
- res->flags |= RADEON_FLAG_ENCRYPTED;
- if (res->b.b.flags & PIPE_RESOURCE_FLAG_ENCRYPTED)
- res->flags |= RADEON_FLAG_ENCRYPTED;
- }
+ /* Force scanout/depth/stencil buffer allocation to be encrypted */
+ if (sscreen->debug_flags & DBG(TMZ) &&
+ res->b.b.bind & (PIPE_BIND_SCANOUT | PIPE_BIND_DEPTH_STENCIL))
+ res->flags |= RADEON_FLAG_ENCRYPTED;
+
+ if (res->b.b.flags & PIPE_RESOURCE_FLAG_ENCRYPTED)
+ res->flags |= RADEON_FLAG_ENCRYPTED;
if (sscreen->debug_flags & DBG(NO_WC))
res->flags &= ~RADEON_FLAG_GTT_WC;
diff --git a/src/gallium/drivers/radeonsi/si_compute.c b/src/gallium/drivers/radeonsi/si_compute.c
index 2830fb3..9fce8fd 100644
--- a/src/gallium/drivers/radeonsi/si_compute.c
+++ b/src/gallium/drivers/radeonsi/si_compute.c
@@ -848,7 +848,7 @@
si_need_gfx_cs_space(sctx);
/* If we're using a secure context, determine if cs must be secure or not */
- if (unlikely(sctx->ws->ws_is_secure(sctx->ws))) {
+ if (unlikely(sctx->ws->ws_uses_secure_bo(sctx->ws))) {
bool secure = si_compute_resources_check_encrypted(sctx);
if (secure != sctx->ws->cs_is_secure(sctx->gfx_cs)) {
si_flush_gfx_cs(sctx, RADEON_FLUSH_ASYNC_START_NEXT_GFX_IB_NOW, NULL);
diff --git a/src/gallium/drivers/radeonsi/si_cp_dma.c b/src/gallium/drivers/radeonsi/si_cp_dma.c
index 133b451..926feaf 100644
--- a/src/gallium/drivers/radeonsi/si_cp_dma.c
+++ b/src/gallium/drivers/radeonsi/si_cp_dma.c
@@ -338,7 +338,7 @@
}
/* TMZ handling */
- if (unlikely(sctx->ws->ws_is_secure(sctx->ws) &&
+ if (unlikely(sctx->ws->ws_uses_secure_bo(sctx->ws) &&
!(user_flags & SI_CPDMA_SKIP_TMZ))) {
bool secure = src && (si_resource(src)->flags & RADEON_FLAG_ENCRYPTED);
assert(!secure || (!dst || (si_resource(dst)->flags & RADEON_FLAG_ENCRYPTED)));
diff --git a/src/gallium/drivers/radeonsi/si_dma_cs.c b/src/gallium/drivers/radeonsi/si_dma_cs.c
index 593bc0b..309be4a 100644
--- a/src/gallium/drivers/radeonsi/si_dma_cs.c
+++ b/src/gallium/drivers/radeonsi/si_dma_cs.c
@@ -74,7 +74,8 @@
assert(size % 4 == 0);
if (!cs || dst->flags & PIPE_RESOURCE_FLAG_SPARSE ||
- sctx->screen->debug_flags & DBG(NO_SDMA_CLEARS) || sctx->ws->ws_is_secure(sctx->ws)) {
+ sctx->screen->debug_flags & DBG(NO_SDMA_CLEARS) ||
+ sctx->ws->ws_uses_secure_bo(sctx->ws)) {
sctx->b.clear_buffer(&sctx->b, dst, offset, size, &clear_value, 4);
return;
}
@@ -232,8 +233,7 @@
si_flush_gfx_cs(ctx, RADEON_FLUSH_ASYNC_START_NEXT_GFX_IB_NOW, NULL);
bool use_secure_cmd = false;
- /* if TMZ is supported and enabled */
- if (ctx->ws->ws_is_secure(ctx->ws)) {
+ if (unlikely(ctx->ws->ws_uses_secure_bo(ctx->ws))) {
if (src && src->flags & RADEON_FLAG_ENCRYPTED) {
assert(!dst || (dst->flags & RADEON_FLAG_ENCRYPTED));
use_secure_cmd = true;
diff --git a/src/gallium/drivers/radeonsi/si_pipe.c b/src/gallium/drivers/radeonsi/si_pipe.c
index a7bef27..34fb638 100644
--- a/src/gallium/drivers/radeonsi/si_pipe.c
+++ b/src/gallium/drivers/radeonsi/si_pipe.c
@@ -117,6 +117,8 @@
{"nodccmsaa", DBG(NO_DCC_MSAA), "Disable DCC for MSAA"},
{"nofmask", DBG(NO_FMASK), "Disable MSAA compression"},
+ {"tmz", DBG(TMZ), "Force allocation of scanout/depth/stencil buffer as encrypted"},
+
DEBUG_NAMED_VALUE_END /* must be last */
};
@@ -973,6 +975,14 @@
if (sscreen->debug_flags & DBG(NO_GFX))
sscreen->info.has_graphics = false;
+ if ((sscreen->debug_flags & DBG(TMZ)) &&
+ !sscreen->info.has_tmz_support) {
+ fprintf(stderr, "radeonsi: requesting TMZ features but TMZ is not supported\n");
+ FREE(sscreen);
+ return NULL;
+ }
+
+
/* Set functions first. */
sscreen->b.context_create = si_pipe_create_context;
sscreen->b.destroy = si_destroy_screen;
diff --git a/src/gallium/drivers/radeonsi/si_pipe.h b/src/gallium/drivers/radeonsi/si_pipe.h
index de88869..900b371 100644
--- a/src/gallium/drivers/radeonsi/si_pipe.h
+++ b/src/gallium/drivers/radeonsi/si_pipe.h
@@ -211,6 +211,8 @@
DBG_NO_DCC_MSAA,
DBG_NO_FMASK,
+ DBG_TMZ,
+
DBG_COUNT
};
diff --git a/src/gallium/drivers/radeonsi/si_state_draw.c b/src/gallium/drivers/radeonsi/si_state_draw.c
index 0c964d3..77414a5 100644
--- a/src/gallium/drivers/radeonsi/si_state_draw.c
+++ b/src/gallium/drivers/radeonsi/si_state_draw.c
@@ -2034,7 +2034,7 @@
si_need_gfx_cs_space(sctx);
/* If we're using a secure context, determine if cs must be secure or not */
- if (unlikely(sctx->ws->ws_is_secure(sctx->ws))) {
+ if (unlikely(sctx->ws->ws_uses_secure_bo(sctx->ws))) {
bool secure = si_gfx_resources_check_encrypted(sctx);
if (secure != sctx->ws->cs_is_secure(sctx->gfx_cs)) {
si_flush_gfx_cs(sctx, RADEON_FLUSH_ASYNC_START_NEXT_GFX_IB_NOW, NULL);
diff --git a/src/gallium/winsys/amdgpu/drm/amdgpu_bo.c b/src/gallium/winsys/amdgpu/drm/amdgpu_bo.c
index a1f8180..4a8c0e4 100644
--- a/src/gallium/winsys/amdgpu/drm/amdgpu_bo.c
+++ b/src/gallium/winsys/amdgpu/drm/amdgpu_bo.c
@@ -238,8 +238,8 @@
{
for (unsigned i = 0; i < NUM_SLAB_ALLOCATORS; i++) {
pb_slabs_reclaim(&ws->bo_slabs[i]);
- if (ws->secure)
- pb_slabs_reclaim(&ws->bo_slabs_encrypted[i]);
+ if (ws->info.has_tmz_support)
+ pb_slabs_reclaim(&ws->bo_slabs_encrypted[i]);
}
pb_cache_release_all_buffers(&ws->bo_cache);
@@ -521,9 +521,14 @@
if (ws->zero_all_vram_allocs &&
(request.preferred_heap & AMDGPU_GEM_DOMAIN_VRAM))
request.flags |= AMDGPU_GEM_CREATE_VRAM_CLEARED;
- if ((flags & RADEON_FLAG_ENCRYPTED) && ws->secure)
+ if ((flags & RADEON_FLAG_ENCRYPTED) &&
+ ws->info.has_tmz_support) {
request.flags |= AMDGPU_GEM_CREATE_ENCRYPTED;
+ if (!(flags & RADEON_FLAG_DRIVER_INTERNAL))
+ ws->uses_secure_bos = true;
+ }
+
r = amdgpu_bo_alloc(ws->dev, &request, &buf_handle);
if (r) {
fprintf(stderr, "amdgpu: Failed to allocate a buffer:\n");
@@ -619,7 +624,7 @@
static struct pb_slabs *get_slabs(struct amdgpu_winsys *ws, uint64_t size,
enum radeon_bo_flag flags)
{
- struct pb_slabs *bo_slabs = ((flags & RADEON_FLAG_ENCRYPTED) && ws->secure) ?
+ struct pb_slabs *bo_slabs = ((flags & RADEON_FLAG_ENCRYPTED) && ws->info.has_tmz_support) ?
ws->bo_slabs_encrypted : ws->bo_slabs;
/* Find the correct slab allocator for the given size. */
for (unsigned i = 0; i < NUM_SLAB_ALLOCATORS; i++) {
@@ -672,7 +677,7 @@
if (encrypted)
flags |= RADEON_FLAG_ENCRYPTED;
- struct pb_slabs *slabs = (flags & RADEON_FLAG_ENCRYPTED && ws->secure) ?
+ struct pb_slabs *slabs = ((flags & RADEON_FLAG_ENCRYPTED) && ws->info.has_tmz_support) ?
ws->bo_slabs_encrypted : ws->bo_slabs;
/* Determine the slab buffer size. */
@@ -1291,7 +1296,7 @@
/* Sparse buffers must have NO_CPU_ACCESS set. */
assert(!(flags & RADEON_FLAG_SPARSE) || flags & RADEON_FLAG_NO_CPU_ACCESS);
- struct pb_slabs *slabs = (flags & RADEON_FLAG_ENCRYPTED && ws->secure) ?
+ struct pb_slabs *slabs = ((flags & RADEON_FLAG_ENCRYPTED) && ws->info.has_tmz_support) ?
ws->bo_slabs_encrypted : ws->bo_slabs;
struct pb_slabs *last_slab = &slabs[NUM_SLAB_ALLOCATORS - 1];
unsigned max_slab_entry_size = 1 << (last_slab->min_order + last_slab->num_orders - 1);
diff --git a/src/gallium/winsys/amdgpu/drm/amdgpu_cs.c b/src/gallium/winsys/amdgpu/drm/amdgpu_cs.c
index 895b4c5..319c58c 100644
--- a/src/gallium/winsys/amdgpu/drm/amdgpu_cs.c
+++ b/src/gallium/winsys/amdgpu/drm/amdgpu_cs.c
@@ -1656,7 +1656,8 @@
chunks[num_chunks].chunk_data = (uintptr_t)&cs->ib[IB_MAIN];
num_chunks++;
- if (ws->secure && cs->secure) {
+ if (cs->secure) {
+ assert(ws->uses_secure_bos);
cs->ib[IB_PREAMBLE].flags |= AMDGPU_IB_FLAGS_SECURE;
cs->ib[IB_MAIN].flags |= AMDGPU_IB_FLAGS_SECURE;
} else {
diff --git a/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c b/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c
index e915244..e5db23a 100644
--- a/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c
+++ b/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c
@@ -114,11 +114,6 @@
ws->zero_all_vram_allocs = strstr(debug_get_option("R600_DEBUG", ""), "zerovram") != NULL ||
strstr(debug_get_option("AMD_DEBUG", ""), "zerovram") != NULL ||
driQueryOptionb(config->options, "radeonsi_zerovram");
- ws->secure = strstr(debug_get_option("AMD_DEBUG", ""), "tmz");
-
- if (ws->secure) {
- fprintf(stderr, "=== TMZ usage enabled ===\n");
- }
return true;
@@ -332,10 +327,10 @@
return a == b;
}
-static bool amdgpu_ws_is_secure(struct radeon_winsys *rws)
+static bool amdgpu_ws_uses_secure_bo(struct radeon_winsys *rws)
{
struct amdgpu_winsys *ws = amdgpu_winsys(rws);
- return ws->secure;
+ return ws->uses_secure_bos;
}
static bool amdgpu_cs_is_secure(struct radeon_cmdbuf *rcs)
@@ -465,13 +460,14 @@
return NULL;
}
- if (aws->secure && !pb_slabs_init(&aws->bo_slabs_encrypted[i],
- min_order, max_order,
- RADEON_MAX_SLAB_HEAPS,
- aws,
- amdgpu_bo_can_reclaim_slab,
- amdgpu_bo_slab_alloc_encrypted,
- amdgpu_bo_slab_free)) {
+ if (aws->info.has_tmz_support &&
+ !pb_slabs_init(&aws->bo_slabs_encrypted[i],
+ min_order, max_order,
+ RADEON_MAX_SLAB_HEAPS,
+ aws,
+ amdgpu_bo_can_reclaim_slab,
+ amdgpu_bo_slab_alloc_encrypted,
+ amdgpu_bo_slab_free)) {
amdgpu_winsys_destroy(&ws->base);
simple_mtx_unlock(&dev_tab_mutex);
return NULL;
@@ -522,7 +518,7 @@
ws->base.query_value = amdgpu_query_value;
ws->base.read_registers = amdgpu_read_registers;
ws->base.pin_threads_to_L3_cache = amdgpu_pin_threads_to_L3_cache;
- ws->base.ws_is_secure = amdgpu_ws_is_secure;
+ ws->base.ws_uses_secure_bo = amdgpu_ws_uses_secure_bo;
ws->base.cs_is_secure = amdgpu_cs_is_secure;
ws->base.cs_set_secure = amdgpu_cs_set_secure;
diff --git a/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.h b/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.h
index 36fa43d..874e5c5 100644
--- a/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.h
+++ b/src/gallium/winsys/amdgpu/drm/amdgpu_winsys.h
@@ -85,7 +85,7 @@
bool debug_all_bos;
bool reserve_vmid;
bool zero_all_vram_allocs;
- bool secure;
+ bool uses_secure_bos;
/* List of all allocated buffers */
simple_mtx_t global_bo_list_lock;
diff --git a/src/gallium/winsys/radeon/drm/radeon_drm_winsys.c b/src/gallium/winsys/radeon/drm/radeon_drm_winsys.c
index 196dd73..225d396 100644
--- a/src/gallium/winsys/radeon/drm/radeon_drm_winsys.c
+++ b/src/gallium/winsys/radeon/drm/radeon_drm_winsys.c
@@ -803,7 +803,7 @@
}
}
-static bool radeon_ws_is_secure(struct radeon_winsys* ws)
+static bool radeon_ws_uses_secure_bo(struct radeon_winsys* ws)
{
return false;
}
@@ -888,9 +888,9 @@
ws->base.cs_request_feature = radeon_cs_request_feature;
ws->base.query_value = radeon_query_value;
ws->base.read_registers = radeon_read_registers;
- ws->base.ws_is_secure = radeon_ws_is_secure;
- ws->base.cs_is_secure = radeon_cs_is_secure;
- ws->base.cs_set_secure = radeon_cs_set_secure;
+ ws->base.ws_uses_secure_bo = radeon_ws_uses_secure_bo;
+ ws->base.cs_is_secure = radeon_cs_is_secure;
+ ws->base.cs_set_secure = radeon_cs_set_secure;
radeon_drm_bo_init_functions(ws);
radeon_drm_cs_init_functions(ws);