Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1318178pxu; Thu, 17 Dec 2020 07:20:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJzpNCB2+mtMa5zJZrEA/w/rrRCvK1YbfCX6tfzCQhFkaGflFwf9dBV8IaHhRyocAMBH7d5w X-Received: by 2002:a17:906:1199:: with SMTP id n25mr34813185eja.293.1608218401816; Thu, 17 Dec 2020 07:20:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608218401; cv=none; d=google.com; s=arc-20160816; b=V0EWkTYUeflndEBUWLcWBFhqcbbce3m/BJsA1ioenVucCYDJvy8ENmJYUm13JIxzOk bMXlWnrPTWujoW7tIujDGrza24/32U7Ezs/TvUCidE7Z1BYbHTRjXRzxU3BgiIimtyCw aVFbvy+xlzJRzGE/tgRWP+onnRPQayA897qH7mPMLzz1L6JdC74BJeNwtDjFYAzizOox /VGBdbHQv/K10XJUEPx4P8l5pNjrto70zlyXzoRaK3c593KucRhNUTxa7NCcLi5vOHT8 Z4bsJ9bkhYDHx7zFj4oR1GIYRNME/SU9gjjKbwAsXW9m2dNkj6BkYEdLICCnBPB1dNqz 7Ldg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :subject:cc:to:from:message-id:date; bh=UPaOxzKV3uFIPipfU+/WOK5iQw5Y40mcSn/pZHuuA6M=; b=wfV8mKileZZmMQFS5ubnwaOPDZPGNPMt5u1FtdGcZjPjBiVcqZIzTLcMFYV5BC/CT2 fWcpiCz5DDjCYGROapJOiaYzEbKLD4obfssrgtG5oD71rMqN2u8GK9Yqk4gMhWhTzKkX 3Ig0WkmtSFquKNncKIE423RZnWFywcBahJsqoM+tU5TD9Wc/xJRfAzNM7mY4zfzL+BEP tqdrmpzBWz6hcGfaoIQZLYVbAW6Th3Lcx7CocVBdr8IvB8brabz0scLdtkkEuo5II+lK LsEEBHCE+In0pnpxZ+g+hVEbiEfyoed2OBU8mn8vqmxCJdN4T50AkMwdzmx4incM1yzy 0zbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i8si4519295edr.271.2020.12.17.07.19.37; Thu, 17 Dec 2020 07:20:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727388AbgLQPTI (ORCPT + 99 others); Thu, 17 Dec 2020 10:19:08 -0500 Received: from mx2.suse.de ([195.135.220.15]:37286 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726983AbgLQPTI (ORCPT ); Thu, 17 Dec 2020 10:19:08 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E20EEAC7B; Thu, 17 Dec 2020 15:18:25 +0000 (UTC) Date: Thu, 17 Dec 2020 16:18:25 +0100 Message-ID: From: Takashi Iwai To: Lars-Peter Clausen Cc: alsa-devel@alsa-project.org, gustavoars@kernel.org, linux-kernel@vger.kernel.org, shengjiu.wang@nxp.com, tiwai@suse.com, pierre-louis.bossart@linux.intel.com, xiang@kernel.org, Robin Gong , akpm@linux-foundation.org Subject: Re: [PATCH v1 ] ALSA: core: memalloc: add page alignment for iram In-Reply-To: <1fc18b56-effa-9dbc-8263-00c632e163e7@metafoo.de> References: <1608221747-3474-1-git-send-email-yibin.gong@nxp.com> <05c824e5-0c33-4182-26fa-b116a42b10d6@metafoo.de> <70074f62-954a-9b40-ab4a-cb438925060c@metafoo.de> <8e103a2b-1097-6d54-7266-34743321efac@metafoo.de> <1fc18b56-effa-9dbc-8263-00c632e163e7@metafoo.de> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 17 Dec 2020 15:57:02 +0100, Lars-Peter Clausen wrote: > > On 12/17/20 3:24 PM, Takashi Iwai wrote: > > On Thu, 17 Dec 2020 14:16:48 +0100, > > Lars-Peter Clausen wrote: > >> On 12/17/20 12:06 PM, Takashi Iwai wrote: > >>> On Thu, 17 Dec 2020 11:59:23 +0100, > >>> Lars-Peter Clausen wrote: > >>>> On 12/17/20 10:55 AM, Takashi Iwai wrote: > >>>>> On Thu, 17 Dec 2020 10:43:45 +0100, > >>>>> Lars-Peter Clausen wrote: > >>>>>> On 12/17/20 5:15 PM, Robin Gong wrote: > >>>>>>> Since mmap for userspace is based on page alignment, add page alignment > >>>>>>> for iram alloc from pool, otherwise, some good data located in the same > >>>>>>> page of dmab->area maybe touched wrongly by userspace like pulseaudio. > >>>>>>> > >>>>>> I wonder, do we also have to align size to be a multiple of PAGE_SIZE > >>>>>> to avoid leaking unrelated data? > >>>>> Hm, a good question. Basically the PCM buffer size itself shouldn't > >>>>> be influenced by that (i.e. no hw-constraint or such is needed), but > >>>>> the padding should be cleared indeed. I somehow left those to the > >>>>> allocator side, but maybe it's safer to clear the whole buffer in > >>>>> sound/core/memalloc.c commonly. > >>>> What I meant was that most of the APIs that we use to allocate memory > >>>> work on a PAGE_SIZE granularity. I.e. if you request a buffer that > >>>> where the size is not a multiple of PAGE_SIZE internally they will > >>>> still allocate a buffer that is a multiple of PAGE_SIZE and mark the > >>>> unused bytes as reserved. > >>>> > >>>> But I believe that is not the case gen_pool_dma_alloc(). It will > >>>> happily allocate those extra bytes to some other allocation request. > >>>> > >>>> That we need to zero out the reserved bytes even for those other APIs > >>>> is a very good additional point! > >>>> > >>>> I looked at this a few years ago and I'm pretty sure that we cleared > >>>> out the allocated area, but I can't find that anymore in the current > >>>> code. Which is not so great I guess. > >>> IIRC, we used GFP_ZERO in the past for the normal page allocations, > >>> but this was dropped as it's no longer supported or so. > >>> > >>> Also, we clear out the PCM buffer in hw_params call, but this is for > >>> the requested size, not the actual allocated size, hence the padding > >>> bytes will remain uncleared. > >> Ah! That memset() in hw_params is new. > >>> So I believe it's safer to add an extra memset() like my test patch. > >> Yea, we definitely want that. > >> > >> Do we care about leaking audio samples from a previous > >> application. I.e. application 'A' allocates a buffer plays back some > >> data and then closes the device again. Application 'B' then opens the > >> same audio devices allocates a slightly smaller buffer, so that it > >> still uses the same number of pages. The buffer from the previous > >> allocation get reused, but the remainder of the last page wont get > >> cleared in hw_params(). > > That's true. On the second though, it might be better to extend that > > memset() in hw_params to assure clearing the whole allocated buffer. > > We can check runtime->dma_buffer_p->bytes for the actual size. > > > > Also, in the PCM memory allocator, we make sure that the allocation is > > performed for page size. > > > > > > diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c > > index 47b155a49226..6aabad070abf 100644 > > --- a/sound/core/pcm_native.c > > +++ b/sound/core/pcm_native.c > > @@ -755,8 +755,15 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, > > runtime->boundary *= 2; > > /* clear the buffer for avoiding possible kernel info leaks */ > > - if (runtime->dma_area && !substream->ops->copy_user) > > - memset(runtime->dma_area, 0, runtime->dma_bytes); > > + if (runtime->dma_area && !substream->ops->copy_user) { > > + size_t size; > > + > > + if (runtime->dma_buffer_p) > > + size = runtime->dma_buffer_p->bytes; > > + else > > + size = runtime->dma_bytes; > > I'm not sure. > > Not all drivers use snd_pcm_lib_malloc_pages() and > runtime->dma_buffer_p->bytes might not be a multiple of PAGE_SIZE. The runtime->dma_buffer_p->bytes is assured to be page-aligned by the change in pcm_memory.c in this patch. But it's true that non-standard allocations won't cover the whole pages... > On the other hand if it is mmap-able, the underlying buffer must be a > multiple of PAGE_SIZE. So a simple memset(..., PAGE_ALIGN(size)) > should work. > > But we'd risk breaking drivers that do not reserve the remainder of > the page and use it for something else. > > Maybe what we need is a check that runtime->dma_area is page aligned > and runtime->dma_bytes is a multiple of PAGE_SIZE. With a warning at > first and then turn this into a error a year later or so. OK, how about the following instead? Just check SNDRV_PCM_INFO_MMAP in runtime->info; if this is set, the buffer size must be aligned with the page size, and we are safe to extend the size to clear. So the revised fix is much simpler, something like below. thanks, Takashi --- --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -755,8 +755,13 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, runtime->boundary *= 2; /* clear the buffer for avoiding possible kernel info leaks */ - if (runtime->dma_area && !substream->ops->copy_user) - memset(runtime->dma_area, 0, runtime->dma_bytes); + if (runtime->dma_area && !substream->ops->copy_user) { + size_t size = runtime->dma_bytes; + + if (runtime->info & SNDRV_PCM_INFO_MMAP) + size = PAGE_ALIGN(size); + memset(runtime->dma_area, 0, size); + } snd_pcm_timer_resolution_change(substream); snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);