Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp7349725rwr; Tue, 2 May 2023 13:19:13 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5SYfWaqMYOZaSwtFs4KmkdI3s/tT/enVHq/BzrLHD2KyHDAUy0Cy+LeMKDjpTfsMTWtX5a X-Received: by 2002:a17:903:230d:b0:1ab:1b45:7972 with SMTP id d13-20020a170903230d00b001ab1b457972mr119895plh.0.1683058753424; Tue, 02 May 2023 13:19:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683058753; cv=none; d=google.com; s=arc-20160816; b=Aw3t8DtKcTVyqVuM+OhuIN8UPPgVQtOUzBbsY+GhkeGMwkd3wLoiQrgFNmGfNGlKI3 v1uLEvLLEoRyZUhLi9tIhLMeBfkD3NpzvjsvukZ1qf6xyfXl3JN+wdxVZids5w2SCr0g psSgdJAOQkXzFdxrqbEhHH2pXh8NCuuP3aaG4fPaQESunpS83/YGD7xq5CrfbOVjBAvh EdKsvg2pxhsTnSfdjs6Qgfh1Z61nAZpTvayGTkiSxtPnfRnRpJt/tpCnO2fYlYwwJE8j IFXIHBQ9TQ8FE8SH2jPSrHzUvHySdJyvMVnRcxjPOXqYm11EvEFw9i5lB0MYFjgcyUiX c91Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=kxjFQ3K/e3w2fi3vlktbb/W0MlBQT457KX1eDyfRC9Y=; b=euiTHFh5lA0rVi0GEhFemcSKrbgnOw1AvVWFiIVQlhMw8brEm9bVf46th8+j8Ixn2M qjtemu/F1jDv8aKMTMQuzHHdkF5hCo4bEG7FBdQOZBW8vqVq9zUvZ5e5AoZEN3IhMVur 9Y68uEZCxdh1N+zIDJOvHFOLS6WuKPCaPT441Vr/6BGmD8kGRfQve82MBNHU2UDcGjua RONhCkfgYVBBQeHWTfgD4iXVq7rD6yGA+GEcOLs8ygH6ulmtwhPMCzEml/m1XvQFLk2f 2KgFPnroBj1fyCy66UyasCgPfnVl8dKfk+V6c+MDrgwwLR+OFMaAhw+HaeJQdSomLiiV TMFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=xsqOvq8t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mi2-20020a17090b4b4200b002469436d3a8si13079474pjb.6.2023.05.02.13.18.58; Tue, 02 May 2023 13:19:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=xsqOvq8t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229900AbjEBUMj (ORCPT + 99 others); Tue, 2 May 2023 16:12:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229520AbjEBUMg (ORCPT ); Tue, 2 May 2023 16:12:36 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7B661FE2 for ; Tue, 2 May 2023 13:12:34 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-b9a7e76b32bso5335474276.1 for ; Tue, 02 May 2023 13:12:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683058354; x=1685650354; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=kxjFQ3K/e3w2fi3vlktbb/W0MlBQT457KX1eDyfRC9Y=; b=xsqOvq8tW2JJmE0CQGqFwsr5wkv/acIKYPM2xEurXXyvDMSNIxNYvkeIT+6p+En05m a5AieWxpum8iBxJXyi6yXrM6iB7jFzYwDoXpLa/1DnyH0FXrHwhlADKR37ViSYIn6YIS h1yZxyXZyQLtyjMbQy+f/PoOevJTYw8pgDo9ViSr5KS15mv1NvJjVmfw+xrmyzdADkwo +WbLDDl71vtD5dIYr8ZDUbnEUjrdRn6e18XTQizc2uwXZN/xEgGWYuNnw2SayBID5sv6 AzKSUKsvnyuQf2DO+ygnTzDw0zZWfNlzp+oakUhlTRRud/oLzJ2In8bWXVCSPmWYzlce TPUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683058354; x=1685650354; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kxjFQ3K/e3w2fi3vlktbb/W0MlBQT457KX1eDyfRC9Y=; b=YJNYL8mYkaFWx5NsKd+j6u7/2Ot0FBbS3Webew3KA3ftMNfrgkD4cjyg9cnmiEGzX6 RSqyvTOtB2rVjJ4ssnQwNDfx+kE9BB7TEs7Fcq2HdavzCKf43sMIqHNWvc/QtU/EZ50U A5TiVEciMukYARBMEF2temhuqx8JgTNGXRCXnvLSMYxmK5LEOk5Yuq570H67kZP9wl9E f2WhyS3121BxvcmukZawI0TFYc+YJTiJohUeX1LiXVeDOusbU8tWRfW45dhULrX+rY0p vZ5krPnLMD/DjDdbtH15vEauMY1ZXFvf3K0ey5hz9Vx5rF8Lzslj/E3z6Blg0yhybmJf kY8g== X-Gm-Message-State: AC+VfDzuyrqSTdba++gjFaG2OSJ0xhjVEx+w0+8uH1KBNorbtcMBgC6q N5Oq7DbcQl2f1n00IVPdsrd8+vEWbquc4Q== X-Received: from xllamas.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5070]) (user=cmllamas job=sendgmr) by 2002:a25:e710:0:b0:b8f:35c1:e63e with SMTP id e16-20020a25e710000000b00b8f35c1e63emr11506603ybh.6.1683058353588; Tue, 02 May 2023 13:12:33 -0700 (PDT) Date: Tue, 2 May 2023 20:12:18 +0000 In-Reply-To: <20230502201220.1756319-1-cmllamas@google.com> Mime-Version: 1.0 References: <20230502201220.1756319-1-cmllamas@google.com> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog Message-ID: <20230502201220.1756319-2-cmllamas@google.com> Subject: [PATCH 2/3] Revert "android: binder: stop saving a pointer to the VMA" From: Carlos Llamas To: Greg Kroah-Hartman , "=?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?=" , Todd Kjos , Martijn Coenen , Joel Fernandes , Christian Brauner , Carlos Llamas , Suren Baghdasaryan , Andrew Morton , "Liam R. Howlett" Cc: linux-kernel@vger.kernel.org, kernel-team@android.com, Liam Howlett , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This reverts commit a43cfc87caaf46710c8027a8c23b8a55f1078f19. This patch fixed an issue reported by syzkaller in [1]. However, this turned out to be only a band-aid in binder. The root cause, as bisected by syzkaller, was fixed by commit 5789151e48ac ("mm/mmap: undo ->mmap() when mas_preallocate() fails"). We no longer need the patch for binder. Reverting such patch allows us to have a lockless access to alloc->vma in specific cases where the mmap_lock is not required. This approach avoids the contention that caused a performance regression. [1] https://lore.kernel.org/all/0000000000004a0dbe05e1d749e0@google.com [cmllamas: resolved conflicts with rework of alloc->mm and removal of binder_alloc_set_vma() also fixed comment section] Fixes: a43cfc87caaf ("android: binder: stop saving a pointer to the VMA") Cc: Liam Howlett Cc: Suren Baghdasaryan Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas --- drivers/android/binder_alloc.c | 17 +++++++++-------- drivers/android/binder_alloc.h | 4 ++-- drivers/android/binder_alloc_selftest.c | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 92c814ec44fe..eb082b33115b 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -213,7 +213,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, if (mm) { mmap_read_lock(mm); - vma = vma_lookup(mm, alloc->vma_addr); + vma = alloc->vma; } if (!vma && need_mm) { @@ -314,9 +314,11 @@ static inline struct vm_area_struct *binder_alloc_get_vma( { struct vm_area_struct *vma = NULL; - if (alloc->vma_addr) - vma = vma_lookup(alloc->mm, alloc->vma_addr); - + if (alloc->vma) { + /* Look at description in binder_alloc_set_vma */ + smp_rmb(); + vma = alloc->vma; + } return vma; } @@ -775,7 +777,7 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, buffer->free = 1; binder_insert_free_buffer(alloc, buffer); alloc->free_async_space = alloc->buffer_size / 2; - alloc->vma_addr = vma->vm_start; + alloc->vma = vma; return 0; @@ -805,8 +807,7 @@ void binder_alloc_deferred_release(struct binder_alloc *alloc) buffers = 0; mutex_lock(&alloc->mutex); - BUG_ON(alloc->vma_addr && - vma_lookup(alloc->mm, alloc->vma_addr)); + BUG_ON(alloc->vma); while ((n = rb_first(&alloc->allocated_buffers))) { buffer = rb_entry(n, struct binder_buffer, rb_node); @@ -958,7 +959,7 @@ int binder_alloc_get_allocated_count(struct binder_alloc *alloc) */ void binder_alloc_vma_close(struct binder_alloc *alloc) { - alloc->vma_addr = 0; + alloc->vma = 0; } /** diff --git a/drivers/android/binder_alloc.h b/drivers/android/binder_alloc.h index 0f811ac4bcff..138d1d5af9ce 100644 --- a/drivers/android/binder_alloc.h +++ b/drivers/android/binder_alloc.h @@ -75,7 +75,7 @@ struct binder_lru_page { /** * struct binder_alloc - per-binder proc state for binder allocator * @mutex: protects binder_alloc fields - * @vma_addr: vm_area_struct->vm_start passed to mmap_handler + * @vma: vm_area_struct passed to mmap_handler * (invariant after mmap) * @mm: copy of task->mm (invariant after open) * @buffer: base of per-proc address space mapped via mmap @@ -99,7 +99,7 @@ struct binder_lru_page { */ struct binder_alloc { struct mutex mutex; - unsigned long vma_addr; + struct vm_area_struct *vma; struct mm_struct *mm; void __user *buffer; struct list_head buffers; diff --git a/drivers/android/binder_alloc_selftest.c b/drivers/android/binder_alloc_selftest.c index 43a881073a42..c2b323bc3b3a 100644 --- a/drivers/android/binder_alloc_selftest.c +++ b/drivers/android/binder_alloc_selftest.c @@ -287,7 +287,7 @@ void binder_selftest_alloc(struct binder_alloc *alloc) if (!binder_selftest_run) return; mutex_lock(&binder_selftest_lock); - if (!binder_selftest_run || !alloc->vma_addr) + if (!binder_selftest_run || !alloc->vma) goto done; pr_info("STARTED\n"); binder_selftest_alloc_offset(alloc, end_offset, 0); -- 2.40.1.495.gc816e09b53d-goog