Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3513643imu; Mon, 28 Jan 2019 06:15:27 -0800 (PST) X-Google-Smtp-Source: ALg8bN7Bv5bzUbNK98znU0iBIKsi1eJvEJg4QOpV/0ycaDiXJjoqxnMwPSnBZUGeyax8n3EnzQFi X-Received: by 2002:a17:902:365:: with SMTP id 92mr20998251pld.327.1548684927898; Mon, 28 Jan 2019 06:15:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548684927; cv=none; d=google.com; s=arc-20160816; b=tQeNFf9vxlKMUaOH+ecBAYvaV9a4YBqCIfNDDWoqbu2gkwXQ9xulKz4GlJAgyiuIyr grk8KYG8gXKbqtXSFojgXF3LEs5HRE76v0jtrHoX1aauOOMLY+uB6KhUBitOOWhDmVE3 3BqlsbDL3mhJ8aqziGU74veX0hYM24RmvPW8HYUvcUdsdYipvKUQVdxfR25VPNm/0N7P x0ZD24uL4Anvn1pIlDZAx2z54TzBJr3NUuFj0bYvil83gnQOW4M8g2rKbOrEewdhGHtH QJUfcNag4gsh3SxJatARv0Vym+1Qbs2RKcCfA9VLC7fG/ssKD7TAUfCeBTjpToiv7Ts2 hoNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:subject:cc:to:from:message-id:date; bh=enwpHNSqGEeoYaIWhJOcb9SM5xiBL05LK/PvbZTy/T4=; b=b62eHiGAV+i3iEZBRTk7eoNjAfmc0eHZ8tIpt1D01tTx8bxhmauVpr5OiuypsTnrVr 6nNuNqvA1mVmJiiTrDmAUmqdXI5m9t0v2X3Zcj8xQxpq30vKOIMq6DMbqc0b4S8uLS1S h7rFsrgMI/ZPShXO0tlZ8GkBGAH05aCZZRw8qSrT/+0GYNAMTnaioZ06Q3MCTITKg93m v4meAUJtcuOVewG9PRUN3Iqawtn8kXV9X7mGe5RtwRr7viNBFxQWWSNo7k3HHHM0jeVN VsPBLYff4IIIN1gRVk9UPUfND1VQL/mNXgQ9FUUofzqdjHIbLU9DB1aykpYtbzrjTrPm m7gw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c17si7086674pgl.385.2019.01.28.06.15.11; Mon, 28 Jan 2019 06:15:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726853AbfA1OOq (ORCPT + 99 others); Mon, 28 Jan 2019 09:14:46 -0500 Received: from mx2.suse.de ([195.135.220.15]:51458 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726682AbfA1OOq (ORCPT ); Mon, 28 Jan 2019 09:14:46 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id D67E9ACB5; Mon, 28 Jan 2019 14:14:43 +0000 (UTC) Date: Mon, 28 Jan 2019 15:14:42 +0100 Message-ID: From: Takashi Iwai To: Jaroslav Kysela Cc: Mark Brown , alsa-devel@alsa-project.org, bgoswami@codeaurora.org, gustavo@embeddedor.com, srinivas.kandagatla@linaro.org, mchehab+samsung@kernel.org, sr@denx.de, daniel.thompson@linaro.org, corbet@lwn.net, philburk@google.com, willy@infradead.org, jmiller@neverware.com, keescook@chromium.org, arnd@arndb.de, colyli@suse.de, ckeepax@opensource.wolfsonmicro.com, anna-maria@linutronix.de, mathieu.poirier@linaro.org, Baolin Wang , sboyd@kernel.org, linux-kernel@vger.kernel.org, vkoul@kernel.org, Leo Yan , joe@perches.com Subject: Re: [alsa-devel] [RFC PATCH] ALSA: core: Add DMA share buffer support In-Reply-To: References: <290f6d3a5fe288b87480cc5fa12c5139728daeca.1547787189.git.baolin.wang@linaro.org> <81e894ba-acad-2fd4-996d-8d35edd8825a@perex.cz> <20190118190805.GF6260@sirena.org.uk> <20190121124053.GA12679@sirena.org.uk> <20190122202535.GK7579@sirena.org.uk> <20190123124658.GE15906@leoy-ThinkPad-X240s> <20190125182515.GD6939@sirena.org.uk> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 28 Jan 2019 14:31:23 +0100, Jaroslav Kysela wrote: > > Dne 25.1.2019 v 19:25 Mark Brown napsal(a): > > On Fri, Jan 25, 2019 at 02:19:22PM +0100, Takashi Iwai wrote: > >> Leo Yan wrote: > > > >>> If we directly use the device node /dev/snd/ as file descriptor, even > >>> though we specify flag O_EXCL when open it, but it still is not an > >>> anon inode file descriptor. Thus this is not safe enough and will be > >>> blocked by SELinux. On the other hand, this patch wants to use > >>> dma-buf framework to provide file descriptor for the audio buffer, and > >>> this audio buffer can be one of mutiple audio buffers in the system > >>> and it can be shared to any audio client program. > > > >> Hrm, it sounds like a workaround just to bypass SELinux check... > > > >> The sound server can open another PCM stream with O_APPEND, and pass > >> that fd to the client, too? > > > > So long as we can teach SELinux that they're safe to export, yeah. > > It seems that SELinux works with the file, so the SELinux will block the > fd pass, because the file descriptor (through standard dup()) continues > to use the /dev/snd inode. > > I would propose to implement a dup ioctl to return a new > anon_inode:snd-pcm file descriptor (see bellow). I like the idea. This would work around the messy issues gracefully, and more importantly, it's easier to maintain for us. And the restriction of ioctls for anon dup should be fairly easy to implement on top of this. Thanks! Takashi > If we agree on this, I can propose the full solution. > > -- > Subject: [PATCH] ALSA: pcm: implement the anonymous dup (inode file > descriptor) > > This patch implements new SNDRV_PCM_IOCTL_ANONYMOUS_DUP ioctl which > returns the new duplicated anonymous inode file descriptor > (anon_inode:snd-pcm) which can be passed to the restricted clients. > > This implementation is just a concept for comments - it does not contain > the additional restriction control. > > TODO: The clients might be restricted to disallow a set of > controls (ioctls) for the audio stream. > > This patch is meant to be the alternative for the dma-buf interface. Both > implementation have some pros and cons: > > anon_inode:dmabuf > > - a bit standard export API for the DMA buffers > - fencing for the concurrent access [1] > - driver/kernel interface for the DMA buffer [1] > - multiple attach/detach scheme [1] > > [1] the real usage for the sound PCM is unknown at the moment for this feature > > anon_inode:snd-pcm > > - simple (no problem with ref-counting, non-standard mmap implementation etc.) > - allow to use more sound interfaces for the file descriptor like status ioctls > - more fine grained security policies (another anon_inode name unshared with > other drivers) > --- > include/uapi/sound/asound.h | 1 + > sound/core/pcm_compat.c | 1 + > sound/core/pcm_native.c | 40 ++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 42 insertions(+) > > diff --git a/include/uapi/sound/asound.h b/include/uapi/sound/asound.h > index 404d4b9ffe76..ad821a52f970 100644 > --- a/include/uapi/sound/asound.h > +++ b/include/uapi/sound/asound.h > @@ -576,6 +576,7 @@ enum { > #define SNDRV_PCM_IOCTL_TSTAMP _IOW('A', 0x02, int) > #define SNDRV_PCM_IOCTL_TTSTAMP _IOW('A', 0x03, int) > #define SNDRV_PCM_IOCTL_USER_PVERSION _IOW('A', 0x04, int) > +#define SNDRV_PCM_IOCTL_ANONYMOUS_DUP _IOW('A', 0x05, int) > #define SNDRV_PCM_IOCTL_HW_REFINE _IOWR('A', 0x10, struct snd_pcm_hw_params) > #define SNDRV_PCM_IOCTL_HW_PARAMS _IOWR('A', 0x11, struct snd_pcm_hw_params) > #define SNDRV_PCM_IOCTL_HW_FREE _IO('A', 0x12) > diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c > index 946ab080ac00..22446cd574ee 100644 > --- a/sound/core/pcm_compat.c > +++ b/sound/core/pcm_compat.c > @@ -675,6 +675,7 @@ static long snd_pcm_ioctl_compat(struct file *file, unsigned int cmd, unsigned l > case SNDRV_PCM_IOCTL_TSTAMP: > case SNDRV_PCM_IOCTL_TTSTAMP: > case SNDRV_PCM_IOCTL_USER_PVERSION: > + case SNDRV_PCM_IOCTL_ANONYMOUS_DUP: > case SNDRV_PCM_IOCTL_HWSYNC: > case SNDRV_PCM_IOCTL_PREPARE: > case SNDRV_PCM_IOCTL_RESET: > diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c > index 26afb6b0889a..a21bb482b4b0 100644 > --- a/sound/core/pcm_native.c > +++ b/sound/core/pcm_native.c > @@ -37,6 +37,8 @@ > #include > #include > #include > +#include > +#include > > #include "pcm_local.h" > > @@ -2836,6 +2838,42 @@ static int snd_pcm_forward_ioctl(struct snd_pcm_substream *substream, > return result < 0 ? result : 0; > } > > +static int snd_pcm_anonymous_dup(struct file *file, > + struct snd_pcm_substream *substream, > + int __user *arg) > +{ > + int fd; > + int res; > + int dup_mode; > + int flags; > + struct file *nfile; > + struct snd_pcm_substream *rsubstream; > + > + if (get_user(dup_mode, (int __user *)arg)) > + return -EFAULT; > + if (dup_mode != 0) > + return -ENOSYS; > + flags = file->f_flags & (O_RDWR|O_NONBLOCK); > + flags |= O_APPEND | O_CLOEXEC; > + fd = get_unused_fd_flags(flags); > + if (fd < 0) > + return fd; > + nfile = anon_inode_getfile("snd-pcm", file->f_op, NULL, flags); > + if (IS_ERR(nfile)) { > + put_unused_fd(fd); > + return PTR_ERR(nfile); > + } > + fd_install(fd, nfile); > + res = snd_pcm_open_substream(substream->pcm, substream->number, > + nfile, &rsubstream); > + if (res < 0) { > + ksys_close(fd); > + return res; > + } > + put_user(fd, (int __user *)arg); > + return 0; > +} > + > static int snd_pcm_common_ioctl(struct file *file, > struct snd_pcm_substream *substream, > unsigned int cmd, void __user *arg) > @@ -2864,6 +2902,8 @@ static int snd_pcm_common_ioctl(struct file *file, > (unsigned int __user *)arg)) > return -EFAULT; > return 0; > + case SNDRV_PCM_IOCTL_ANONYMOUS_DUP: > + return snd_pcm_anonymous_dup(file, substream, (int __user *)arg); > case SNDRV_PCM_IOCTL_HW_REFINE: > return snd_pcm_hw_refine_user(substream, arg); > case SNDRV_PCM_IOCTL_HW_PARAMS: > -- > > Jaroslav > > -- > Jaroslav Kysela > Linux Sound Maintainer; ALSA Project; Red Hat, Inc. >