| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <01cbc568-d476-5d19-9131-ed1ee24385c9@metafoo.de>
Date: Thu, 17 Dec 2020 11:44:27 +0100
From: Lars-Peter Clausen <lars@...afoo.de>
To: Takashi Iwai <tiwai@...e.de>
Cc: Robin Gong <yibin.gong@....com>, perex@...ex.cz, tiwai@...e.com,
akpm@...ux-foundation.org, xiang@...nel.org,
pierre-louis.bossart@...ux.intel.com, gustavoars@...nel.org,
shengjiu.wang@....com, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 ] ALSA: core: memalloc: add page alignment for iram
On 12/17/20 11:14 AM, Takashi Iwai wrote:
> On Thu, 17 Dec 2020 10:55:42 +0100,
> Takashi Iwai wrote:
>> On Thu, 17 Dec 2020 10:43:45 +0100,
>> Lars-Peter Clausen wrote:
>>> On 12/17/20 5:15 PM, Robin Gong wrote:
>>>> Since mmap for userspace is based on page alignment, add page alignment
>>>> for iram alloc from pool, otherwise, some good data located in the same
>>>> page of dmab->area maybe touched wrongly by userspace like pulseaudio.
>>>>
>>> I wonder, do we also have to align size to be a multiple of PAGE_SIZE
>>> to avoid leaking unrelated data?
>> Hm, a good question. Basically the PCM buffer size itself shouldn't
>> be influenced by that (i.e. no hw-constraint or such is needed), but
>> the padding should be cleared indeed. I somehow left those to the
>> allocator side, but maybe it's safer to clear the whole buffer in
>> sound/core/memalloc.c commonly.
> That said, something like below (totally untested).
> We might pass the pass-aligned size to dmab->bytes field instead of
> keeping the original value, too.
We'd need this for those APIs that also pass the size to the free()
function. Like dma_free_coherent() and free_pages_exact(), but maybe
those round up internally as well.
I had a quick look and I could not find any place were the code relies
on the requested buffer size being stored in dmab->bytes. In fact we
already reuse the buffer if there is an allocated buffer that is larger
than the requested buffer (See snd_pcm_lib_malloc_pages), so this should
be OK.
>
>
> Takashi
>
> ---
> --- a/sound/core/memalloc.c
> +++ b/sound/core/memalloc.c
> @@ -126,6 +126,7 @@ static inline gfp_t snd_mem_get_gfp_flags(const struct device *dev,
> int snd_dma_alloc_pages(int type, struct device *device, size_t size,
> struct snd_dma_buffer *dmab)
> {
> + size_t orig_size = size;
> gfp_t gfp;
>
> if (WARN_ON(!size))
> @@ -133,6 +134,7 @@ int snd_dma_alloc_pages(int type, struct device *device, size_t size,
> if (WARN_ON(!dmab))
> return -ENXIO;
>
> + size = PAGE_ALIGN(size);
> dmab->dev.type = type;
> dmab->dev.dev = device;
> dmab->bytes = 0;
> @@ -177,7 +179,8 @@ int snd_dma_alloc_pages(int type, struct device *device, size_t size,
> }
> if (! dmab->area)
> return -ENOMEM;
> - dmab->bytes = size;
> + memset(dmab->area, 0, size);
> + dmab->bytes = orig_size;
> return 0;
> }
> EXPORT_SYMBOL(snd_dma_alloc_pages);
Powered by blists - more mailing lists