projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c4ac2d)
radv: Compute hashes in secure process for secure compilation.
authorBas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Wed, 30 Oct 2019 01:54:37 +0000 (02:54 +0100)
committerBas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Wed, 30 Oct 2019 10:37:41 +0000 (11:37 +0100)
To prevent poisoning arbitrary cache entries.

Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
src/amd/vulkan/radv_pipeline.c patch | blob | history

diff --git a/src/amd/vulkan/radv_pipeline.c b/src/amd/vulkan/radv_pipeline.c
index 9c7d5dc32ee5d29313231356349f9a5c09f81a1c..422b0771a7926927e1370e31ab0adefad8ffe9bc 100644 (file)
--- a/src/amd/vulkan/radv_pipeline.c
+++ b/src/amd/vulkan/radv_pipeline.c
@@ -4629,6 +4629,21 @@ radv_secure_compile(struct radv_pipeline *pipeline,
                    const VkPipelineCreateFlags flags,
                    unsigned num_stages)
 {
+       uint8_t allowed_pipeline_hashes[2][20];
+       radv_hash_shaders(allowed_pipeline_hashes[0], pStages,
+                         pipeline->layout, key, get_hash_flags(device));
+
+       /* Generate the GC copy hash */
+       memcpy(allowed_pipeline_hashes[1], allowed_pipeline_hashes[0], 20);
+       allowed_pipeline_hashes[1][0] ^= 1;
+
+       uint8_t allowed_hashes[2][20];
+       for (unsigned i = 0; i < 2; ++i) {
+               disk_cache_compute_key(device->physical_device->disk_cache,
+                                      allowed_pipeline_hashes[i], 20,
+                                      allowed_hashes[i]);
+       }
+
        unsigned process = 0;
        uint8_t sc_threads = device->instance->num_sc_threads;
        while (true) {
@@ -4718,6 +4733,10 @@ radv_secure_compile(struct radv_pipeline *pipeline,
                        if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
                                return VK_ERROR_DEVICE_LOST;
 
+                       if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
+                           memcmp(disk_sha1, allowed_hashes[1], 20))
+                               return VK_ERROR_DEVICE_LOST;
+
                        uint32_t entry_size;
                        if (!radv_sc_read(fd_secure_output, &entry_size, sizeof(uint32_t), true))
                                return VK_ERROR_DEVICE_LOST;
@@ -4736,6 +4755,10 @@ radv_secure_compile(struct radv_pipeline *pipeline,
                        if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
                                return VK_ERROR_DEVICE_LOST;
 
+                       if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
+                           memcmp(disk_sha1, allowed_hashes[1], 20))
+                               return VK_ERROR_DEVICE_LOST;
+
                        size_t size;
                        struct cache_entry *entry = (struct cache_entry *)
                                disk_cache_get(device->physical_device->disk_cache,