| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jan 2019 15:56:10 -0800 (PST)
From: Liam Mark <lmark@...eaurora.org>
To: "Skidanov, Alexey" <alexey.skidanov@...el.com>
cc: Laura Abbott <labbott@...hat.com>,
Greg KH <gregkh@...uxfoundation.org>,
"devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>,
"tkjos@...roid.com" <tkjos@...roid.com>,
"rve@...roid.com" <rve@...roid.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"maco@...roid.com" <maco@...roid.com>,
"sumit.semwal@...aro.org" <sumit.semwal@...aro.org>
Subject: RE: [PATCH v3] staging: android: ion: Add implementation of dma_buf_vmap
and dma_buf_vunmap
On Fri, 4 Jan 2019, Skidanov, Alexey wrote:
>
>
> > -----Original Message-----
> > From: Liam Mark [mailto:lmark@...eaurora.org]
> > Sent: Friday, January 04, 2019 19:42
> > To: Skidanov, Alexey <alexey.skidanov@...el.com>
> > Cc: Laura Abbott <labbott@...hat.com>; Greg KH <gregkh@...uxfoundation.org>;
> > devel@...verdev.osuosl.org; tkjos@...roid.com; rve@...roid.com; linux-
> > kernel@...r.kernel.org; maco@...roid.com; sumit.semwal@...aro.org
> > Subject: Re: [PATCH v3] staging: android: ion: Add implementation of dma_buf_vmap and
> > dma_buf_vunmap
> >
> > On Tue, 18 Dec 2018, Alexey Skidanov wrote:
> >
> > > >>> I was wondering if we could re-open the discussion on adding support to
> > > >>> ION for dma_buf_vmap.
> > > >>> It seems like the patch was not taken as the reviewers wanted more
> > > >>> evidence of an upstream use case.
> > > >>>
> > > >>> Here would be my upstream usage argument for including dma_buf_vmap
> > > >>> support in ION.
> > > >>>
> > > >>> Currently all calls to ion_dma_buf_begin_cpu_access result in the creation
> > > >>> of a kernel mapping for the buffer, unfortunately the resulting call to
> > > >>> alloc_vmap_area can be quite expensive and this has caused a performance
> > > >>> regression for certain clients when they have moved to the new version of
> > > >>> ION.
> > > >>>
> > > >>> The kernel mapping is not actually needed in ion_dma_buf_begin_cpu_access,
> > > >>> and generally isn't needed by clients. So if we remove the creation of the
> > > >>> kernel mapping in ion_dma_buf_begin_cpu_access and only create it when
> > > >>> needed we can speed up the calls to ion_dma_buf_begin_cpu_access.
> > > >>>
> > > >>> An additional benefit of removing the creation of kernel mappings from
> > > >>> ion_dma_buf_begin_cpu_access is that it makes the ION code more secure.
> > > >>> Currently a malicious client could call the DMA_BUF_IOCTL_SYNC IOCTL with
> > > >>> flags DMA_BUF_SYNC_END multiple times to cause the ION buffer kmap_cnt to
> > > >>> go negative which could lead to undesired behavior.
> > > >>>
> > > >>> One disadvantage of the above change is that a kernel mapping is not
> > > >>> already created when a client calls dma_buf_kmap. So the following
> > > >>> dma_buf_kmap contract can't be satisfied.
> > > >>>
> > > >>> /**
> > > >>> * dma_buf_kmap - Map a page of the buffer object into kernel address
> > > >>> space. The
> > > >>> * same restrictions as for kmap and friends apply.
> > > >>> * @dmabuf: [in] buffer to map page from.
> > > >>> * @page_num: [in] page in PAGE_SIZE units to map.
> > > >>> *
> > > >>> * This call must always succeed, any necessary preparations that might
> > > >>> fail
> > > >>> * need to be done in begin_cpu_access.
> > > >>> */
> > > >>>
> > > >>> But hopefully we can work around this by moving clients to dma_buf_vmap.
> > > >> I think the problem is with the contract. We can't ensure that the call
> > > >> is always succeeds regardless the implementation - any mapping might
> > > >> fail. Probably this is why *all* clients of dma_buf_kmap() check the
> > > >> return value (so it's safe to return NULL in case of failure).
> > > >>
> > > >
> > > > I think currently the call to dma_buf_kmap will always succeed since the
> > > > DMA-Buf contract requires that the client first successfully call
> > > > dma_buf_begin_cpu_access(), and if dma_buf_begin_cpu_access() succeeds
> > > > then dma_buf_kmap will succeed.
> > > >
> > > >> I would suggest to fix the contract and to keep the dma_buf_kmap()
> > > >> support in ION.
> > > >
> > > > I will leave it to the DMA-Buf maintainers as to whether they want to
> > > > change their contract.
> > > >
> > > > Liam
> > > >
> > > > Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> > > > a Linux Foundation Collaborative Project
> > > >
> > >
> > > Ok. We need the list of the clients using the ION in the mainline tree.
> > >
> >
> > Looks to me like the only functions which might be calling
> > dma_buf_kmap/dma_buf_kunmap on ION buffers are
> > tegra_bo_kmap/tegra_bo_kunmap, I assume Tegra is used in some Android
> > automotive products.
> >
> > Looks like these functions could be moved over to using
> > dma_buf_vmap/dma_buf_vunmap but it wouldn't be very clean and would add a
> > performance hit.
> >
> > Liam
> >
> > Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> > a Linux Foundation Collaborative Project
>
> I'm a little bit confused. Why making the buffer accessible by CPU (mapping the buffer)
> and making the content of the buffer valid (coherent) are so tightly coupled in DMA-BUF?
>
Hi Sumit,
Hope you are feeling better.
I was wondering if you would be open to changes to to the DMA-BUF contract
so that we can remove the creation of kernel mappings in begin_cpu_access.
This would have the benefit of improving the performance of
begin_cpu_access and removing the ability for userspace to add and remove
kernel mappings.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
Powered by blists - more mailing lists