lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Tue, 24 Nov 2015 17:10:11 -0800
From:	Jin Qian <jinqian@...roid.com>
To:	Greg Hackmann <ghackmann@...gle.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Alex Bennée <alex.bennee@...aro.org>,
	Jason Hu <jia-cheng.hu@...el.com>,
	Christoffer Dall <christoffer.dall@...aro.org>,
	Joe Perches <joe@...ches.com>,
	Peter Senna Tschudin <peter.senna@...il.com>,
	Yu Ning <yu.ning@...el.com>, linux-kernel@...r.kernel.org
Cc:	Jin Qian <jinqian@...roid.com>
Subject: [PATCH 7/8] goldfish_pipe: Pass physical addresses to the device if supported

From: Yu Ning <yu.ning@...el.com>

For reading and writing guest user space buffers, currently the kernel
sends the guest virtual address of the buffer to the pipe device. This
virtual address has to be first converted to a guest physical address.
Doing this translation on the QEMU side is inefficient and requires
additional handling when KVM is enabled, whose implementation would
either incur intrusive changes to QEMU's KVM support code or suffer
from poor performance, see commit 08c7228c50f8 ("x86-kvm: only sync
SREGS when doing address translation") of $AOSP/external/qemu for
details, and thus should be avoided if possible.

There is a TODO comment in hw/misc/android_pipe.c in the new Android
emulator source tree ($AOSP/external/qemu-android) which requests that
the translation be done on the kernel side and that physical addresses
be passed to the device instead of virtual ones. Once the QEMU-side
implementation is done, the kernel will need to support both the new
paddr-based pipe device and the old vaddr-based one (which will
continue to be used by the classic emulator). This patch achieves that
by leveraging the device version register available in the new device.

See https://android-review.googlesource.com/128280 for the QEMU-side
patch.

In addition, use the mmap semaphore (in read mode) to safeguard the
call to get_user_pages().

Signed-off-by: Yu Ning <yu.ning@...el.com>
(cherry picked from commit acf92a5c274dfbdfff877ed86bebc4b2b92fe1d9)
Signed-off-by: Jin Qian <jinqian@...roid.com>
---
 drivers/platform/goldfish/goldfish_pipe.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/drivers/platform/goldfish/goldfish_pipe.c b/drivers/platform/goldfish/goldfish_pipe.c
index afc6f8d..a473aca 100644
--- a/drivers/platform/goldfish/goldfish_pipe.c
+++ b/drivers/platform/goldfish/goldfish_pipe.c
@@ -77,6 +77,7 @@
 #define PIPE_REG_PARAMS_ADDR_LOW	0x18  /* read/write: batch data address */
 #define PIPE_REG_PARAMS_ADDR_HIGH	0x1c  /* read/write: batch data address */
 #define PIPE_REG_ACCESS_PARAMS		0x20  /* write: batch access */
+#define PIPE_REG_VERSION		0x24  /* read: device version */
 
 /* list of commands for PIPE_REG_COMMAND */
 #define CMD_OPEN			1  /* open new channel */
@@ -126,6 +127,7 @@ struct goldfish_pipe_dev {
 	unsigned char __iomem *base;
 	struct access_params *aps;
 	int irq;
+	u32 version;
 };
 
 static struct goldfish_pipe_dev   pipe_dev[1];
@@ -296,26 +298,43 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer,
 		int status, wakeBit;
 		struct page *page;
 
+		/* Either vaddr or paddr depending on the device version */
+		unsigned long xaddr;
+
 		/*
 		 * We grab the pages on a page-by-page basis in case user
 		 * space gives us a potentially huge buffer but the read only
 		 * returns a small amount, then there's no need to pin that
 		 * much memory to the process.
 		 */
+		down_read(&current->mm->mmap_sem);
 		ret = get_user_pages(current, current->mm, address, 1,
 				     !is_write, 0, &page, NULL);
+		up_read(&current->mm->mmap_sem);
 		if (ret < 0)
 			return ret;
 
+		if (dev->version) {
+			/* Device version 1 or newer (qemu-android) expects the
+			 * physical address.
+			 */
+			xaddr = page_to_phys(page) | (address & ~PAGE_MASK);
+		} else {
+			/* Device version 0 (classic emulator) expects the
+			 * virtual address.
+			 */
+			xaddr = address;
+		}
+
 		/* Now, try to transfer the bytes in the current page */
 		spin_lock_irqsave(&dev->lock, irq_flags);
 		if (access_with_param(dev,
 				is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER,
-				address, avail, pipe, &status)) {
+				xaddr, avail, pipe, &status)) {
 			gf_write_ptr(pipe, dev->base + PIPE_REG_CHANNEL,
 				     dev->base + PIPE_REG_CHANNEL_HIGH);
 			writel(avail, dev->base + PIPE_REG_SIZE);
-			gf_write_ptr((void *)address,
+			gf_write_ptr((void *)xaddr,
 				     dev->base + PIPE_REG_ADDRESS,
 				     dev->base + PIPE_REG_ADDRESS_HIGH);
 			writel(is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER,
@@ -610,6 +629,12 @@ static int goldfish_pipe_probe(struct platform_device *pdev)
 		goto error;
 	}
 	setup_access_params_addr(pdev, dev);
+
+	/* Although the pipe device in the classic Android emulator does not
+	 * recognize the 'version' register, it won't treat this as an error
+	 * either and will simply return 0, which is fine.
+	 */
+	dev->version = readl(dev->base + PIPE_REG_VERSION);
 	return 0;
 
 error:
-- 
2.6.0.rc2.230.g3dd15c0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists