Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1334485pxu; Thu, 17 Dec 2020 07:41:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxTvoNFdDsdkQxCo0MEgGmAyv6z0V1ulBq+FBdslBrdV6mFidH6uJ6drwJHDStIBn/DOjO+ X-Received: by 2002:a17:906:591a:: with SMTP id h26mr35150973ejq.174.1608219664778; Thu, 17 Dec 2020 07:41:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608219664; cv=none; d=google.com; s=arc-20160816; b=oRS6QiHpG13qPDlnEiMF9+L5JfjgZJHBUvuZpOngCarg0LsmpZ8rk5LKapelccLLC3 XIrysWmTZ2I2UnWvpDq7DCNdVvEg3GDDaw5XY+76/elhxFwzuy9a1ZeMru0zU+Ql8pQc 7w8lrDgIN/ZfGuBQt3XJuvJkm92YXIJCbWyw91idaIbdagJFOHFqLRw2pi8KAIVfkoTS Q6CavTFgPT7TsutT0mNl0fA2k4d8/JHblcUEDTrqDsvMAKe6LiYRc0bNdH06Z0cJxHwq HINvrFE0Nrn5JTxhul4sNYXrxDx+dR7kGeJp8mRvZUfl49NLuzYmFi9bMl9Sbye6I0DX gb+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=y7d7zmNBQjtcQn+6PwWL2fufKcxV2hcFWsNHT3w68OE=; b=SRL4CqWowHRPwa+9v5miaXM8kiiasifhwHHMEqKwMQG9mgnFzKuSbZ2dvLbm0oSFQ6 Ya4RauJDQytSGgX6+U0lniTLg807xeaUS3HAO6CSlrNRhL02cdF2bfr7c9CGb8pPI4Bz LS8ISjeE1869HAXLsZogDw5FBQBfpMuzju4IoFia0UtfEx4oz243ovmTp/jGf7jiH3Ty TVrsoa2eMR7nSmMjF12Ri1PIrwYaARVRq/Q3Lu/Y6Gw9HVNZe7lkpoaJ0Uin+lTBf3DW FNSVDw51G42X+wjAjj9ALoSVQqc++HfPdbdtg4YnoRziC/Pse59xL0x6mK5r5j/mD8hw 9miA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@metafoo.de header.s=default2002 header.b="XmTNJs+/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=metafoo.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d1si4445775edr.28.2020.12.17.07.40.40; Thu, 17 Dec 2020 07:41:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@metafoo.de header.s=default2002 header.b="XmTNJs+/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=metafoo.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727769AbgLQPjL (ORCPT + 99 others); Thu, 17 Dec 2020 10:39:11 -0500 Received: from www381.your-server.de ([78.46.137.84]:42322 "EHLO www381.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726291AbgLQPjL (ORCPT ); Thu, 17 Dec 2020 10:39:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=metafoo.de; s=default2002; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID; bh=y7d7zmNBQjtcQn+6PwWL2fufKcxV2hcFWsNHT3w68OE=; b=XmTNJs+/28EyPwFcRV/h+lu5sr ThGpyC647Cxbwv51m0rwAiMixd3aie9hUB0Gw/AkcvBEuf6PysybElZpvHKaxOBdJ9xf+9Us0k3IS seYLgIhfqou0FdY1XC7jqsUqvSzyZMWTo3eMDvS+VkerJtWBM9FB1gVj2EDJQTNU+y+2cO0Q9KUsB vcDHIuiia/49ztdigE6MsRjHuzt2qe9jD1pvxWJ+PvtIOlSsGlM8OnRGtTfO9PsuLVaJ/TfH5TF2s /fan+YQtTn7T0HwPA/VUdTtZHibHQBVhJNjQj791NUN9Fg+7lb0hJoTkiGnGlwGVbFwJfVLFvhNn3 y5mHd/3A==; Received: from sslproxy06.your-server.de ([78.46.172.3]) by www381.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1kpvMG-0006mU-8D; Thu, 17 Dec 2020 16:38:24 +0100 Received: from [62.216.202.54] (helo=[192.168.178.20]) by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kpvMG-000SiN-1k; Thu, 17 Dec 2020 16:38:24 +0100 Subject: Re: [PATCH v1 ] ALSA: core: memalloc: add page alignment for iram To: Takashi Iwai Cc: alsa-devel@alsa-project.org, gustavoars@kernel.org, linux-kernel@vger.kernel.org, shengjiu.wang@nxp.com, tiwai@suse.com, pierre-louis.bossart@linux.intel.com, xiang@kernel.org, Robin Gong , akpm@linux-foundation.org References: <1608221747-3474-1-git-send-email-yibin.gong@nxp.com> <05c824e5-0c33-4182-26fa-b116a42b10d6@metafoo.de> <70074f62-954a-9b40-ab4a-cb438925060c@metafoo.de> <8e103a2b-1097-6d54-7266-34743321efac@metafoo.de> <1fc18b56-effa-9dbc-8263-00c632e163e7@metafoo.de> From: Lars-Peter Clausen Message-ID: <98fd6adb-5bae-56ce-c52b-f778f92f6a2d@metafoo.de> Date: Thu, 17 Dec 2020 16:38:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Authenticated-Sender: lars@metafoo.de X-Virus-Scanned: Clear (ClamAV 0.102.4/26020/Thu Dec 17 15:34:34 2020) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/17/20 4:18 PM, Takashi Iwai wrote: > On Thu, 17 Dec 2020 15:57:02 +0100, > Lars-Peter Clausen wrote: >> On 12/17/20 3:24 PM, Takashi Iwai wrote: >>> On Thu, 17 Dec 2020 14:16:48 +0100, >>> Lars-Peter Clausen wrote: >>>> On 12/17/20 12:06 PM, Takashi Iwai wrote: >>>>> On Thu, 17 Dec 2020 11:59:23 +0100, >>>>> Lars-Peter Clausen wrote: >>>>>> On 12/17/20 10:55 AM, Takashi Iwai wrote: >>>>>>> On Thu, 17 Dec 2020 10:43:45 +0100, >>>>>>> Lars-Peter Clausen wrote: >>>>>>>> On 12/17/20 5:15 PM, Robin Gong wrote: >>>>>>>>> Since mmap for userspace is based on page alignment, add page alignment >>>>>>>>> for iram alloc from pool, otherwise, some good data located in the same >>>>>>>>> page of dmab->area maybe touched wrongly by userspace like pulseaudio. >>>>>>>>> >>>>>>>> I wonder, do we also have to align size to be a multiple of PAGE_SIZE >>>>>>>> to avoid leaking unrelated data? >>>>>>> Hm, a good question. Basically the PCM buffer size itself shouldn't >>>>>>> be influenced by that (i.e. no hw-constraint or such is needed), but >>>>>>> the padding should be cleared indeed. I somehow left those to the >>>>>>> allocator side, but maybe it's safer to clear the whole buffer in >>>>>>> sound/core/memalloc.c commonly. >>>>>> What I meant was that most of the APIs that we use to allocate memory >>>>>> work on a PAGE_SIZE granularity. I.e. if you request a buffer that >>>>>> where the size is not a multiple of PAGE_SIZE internally they will >>>>>> still allocate a buffer that is a multiple of PAGE_SIZE and mark the >>>>>> unused bytes as reserved. >>>>>> >>>>>> But I believe that is not the case gen_pool_dma_alloc(). It will >>>>>> happily allocate those extra bytes to some other allocation request. >>>>>> >>>>>> That we need to zero out the reserved bytes even for those other APIs >>>>>> is a very good additional point! >>>>>> >>>>>> I looked at this a few years ago and I'm pretty sure that we cleared >>>>>> out the allocated area, but I can't find that anymore in the current >>>>>> code. Which is not so great I guess. >>>>> IIRC, we used GFP_ZERO in the past for the normal page allocations, >>>>> but this was dropped as it's no longer supported or so. >>>>> >>>>> Also, we clear out the PCM buffer in hw_params call, but this is for >>>>> the requested size, not the actual allocated size, hence the padding >>>>> bytes will remain uncleared. >>>> Ah! That memset() in hw_params is new. >>>>> So I believe it's safer to add an extra memset() like my test patch. >>>> Yea, we definitely want that. >>>> >>>> Do we care about leaking audio samples from a previous >>>> application. I.e. application 'A' allocates a buffer plays back some >>>> data and then closes the device again. Application 'B' then opens the >>>> same audio devices allocates a slightly smaller buffer, so that it >>>> still uses the same number of pages. The buffer from the previous >>>> allocation get reused, but the remainder of the last page wont get >>>> cleared in hw_params(). >>> That's true. On the second though, it might be better to extend that >>> memset() in hw_params to assure clearing the whole allocated buffer. >>> We can check runtime->dma_buffer_p->bytes for the actual size. >>> >>> Also, in the PCM memory allocator, we make sure that the allocation is >>> performed for page size. >>> >>> >>> diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c >>> index 47b155a49226..6aabad070abf 100644 >>> --- a/sound/core/pcm_native.c >>> +++ b/sound/core/pcm_native.c >>> @@ -755,8 +755,15 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, >>> runtime->boundary *= 2; >>> /* clear the buffer for avoiding possible kernel info leaks */ >>> - if (runtime->dma_area && !substream->ops->copy_user) >>> - memset(runtime->dma_area, 0, runtime->dma_bytes); >>> + if (runtime->dma_area && !substream->ops->copy_user) { >>> + size_t size; >>> + >>> + if (runtime->dma_buffer_p) >>> + size = runtime->dma_buffer_p->bytes; >>> + else >>> + size = runtime->dma_bytes; >> I'm not sure. >> >> Not all drivers use snd_pcm_lib_malloc_pages() and >> runtime->dma_buffer_p->bytes might not be a multiple of PAGE_SIZE. > The runtime->dma_buffer_p->bytes is assured to be page-aligned by the > change in pcm_memory.c in this patch. But it's true that non-standard > allocations won't cover the whole pages... > >> On the other hand if it is mmap-able, the underlying buffer must be a >> multiple of PAGE_SIZE. So a simple memset(..., PAGE_ALIGN(size)) >> should work. >> >> But we'd risk breaking drivers that do not reserve the remainder of >> the page and use it for something else. >> >> Maybe what we need is a check that runtime->dma_area is page aligned >> and runtime->dma_bytes is a multiple of PAGE_SIZE. With a warning at >> first and then turn this into a error a year later or so. > OK, how about the following instead? > Just check SNDRV_PCM_INFO_MMAP in runtime->info; if this is set, the > buffer size must be aligned with the page size, and we are safe to > extend the size to clear. > > So the revised fix is much simpler, something like below. I think this will work for the leaking data issue. But it will not help with the original issue that gen_pool_dma_alloc_align() does not reserve the remainder of the page and could give it out to other allocations. We'd need a separate patch for that. > > > thanks, > > Takashi > > --- > --- a/sound/core/pcm_native.c > +++ b/sound/core/pcm_native.c > @@ -755,8 +755,13 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, > runtime->boundary *= 2; > > /* clear the buffer for avoiding possible kernel info leaks */ > - if (runtime->dma_area && !substream->ops->copy_user) > - memset(runtime->dma_area, 0, runtime->dma_bytes); > + if (runtime->dma_area && !substream->ops->copy_user) { > + size_t size = runtime->dma_bytes; > + > + if (runtime->info & SNDRV_PCM_INFO_MMAP) > + size = PAGE_ALIGN(size); > + memset(runtime->dma_area, 0, size); > + } > > snd_pcm_timer_resolution_change(substream); > snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);