From 9972a4f7df2f40cb752cd3b366d506ba0e515cf9 Mon Sep 17 00:00:00 2001 From: Chris Goldsworthy Date: Wed, 27 Jul 2022 16:58:09 -0700 Subject: [PATCH] ANDROID: dma-buf: Add vendorhook to allow mmaping more memory than a DMA-BUF holds Add vendorhook to allow mmaping more memory than a DMA-BUF holds. The implementor of the vmap callback for the DMA-BUF is responsible for ensuring that all pages are backed by memory. The hook takes as input a DMA-BUF to allow the VMA bounds check to be done on a case-by-case basis for DMA-BUFs. Note that if the override is allowed to go through for a given DMA-BUF, then it can be the case that the size of this mmaped DMA-BUF is reported incorrectly when looking at /proc/pid/maps for the owning process. Bug: 234753494 Change-Id: Iba8cc8adfd2290e4dc7ef04fce5d6a80ac92e0b3 Signed-off-by: Chris Goldsworthy Signed-off-by: Sukadev Bhattiprolu --- drivers/android/vendor_hooks.c | 3 +++ drivers/dma-buf/dma-buf.c | 8 ++++++-- include/trace/hooks/dmabuf.h | 21 +++++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 include/trace/hooks/dmabuf.h diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index f900944fe250..994e19d08480 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -7,6 +7,7 @@ */ #include +#include #define CREATE_TRACE_POINTS #include @@ -41,6 +42,7 @@ #include #include #include +#include /* * Export tracepoints that act as a bare tracehook (ie: have no trace event @@ -113,6 +115,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_is_initialized); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_mmap_file); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_file_open); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_bpf_syscall); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ignore_dmabuf_vmap_bounds); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rproc_recovery); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rproc_recovery_set); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_init); diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 639d254964a2..3ca807615488 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -130,6 +131,7 @@ static struct file_system_type dma_buf_fs_type = { static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) { struct dma_buf *dmabuf; + bool ignore_bounds = false; if (!is_dma_buf_file(file)) return -EINVAL; @@ -140,9 +142,11 @@ static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) if (!dmabuf->ops->mmap) return -EINVAL; + trace_android_vh_ignore_dmabuf_vmap_bounds(dmabuf, &ignore_bounds); + /* check for overflowing the buffer's size */ - if (vma->vm_pgoff + vma_pages(vma) > - dmabuf->size >> PAGE_SHIFT) + if ((vma->vm_pgoff + vma_pages(vma) > + dmabuf->size >> PAGE_SHIFT) && !ignore_bounds) return -EINVAL; return dmabuf->ops->mmap(dmabuf, vma); diff --git a/include/trace/hooks/dmabuf.h b/include/trace/hooks/dmabuf.h new file mode 100644 index 000000000000..85688ebd703f --- /dev/null +++ b/include/trace/hooks/dmabuf.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM dmabuf + +#define TRACE_INCLUDE_PATH trace/hooks + +#if !defined(_TRACE_HOOK_DMA_BUF_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_HOOK_DMA_BUF_H + +struct dma_buf; + +#include + +DECLARE_HOOK(android_vh_ignore_dmabuf_vmap_bounds, + TP_PROTO(struct dma_buf *dma_buf, bool *ignore_bounds), + TP_ARGS(dma_buf, ignore_bounds)); + +#endif /* _TRACE_HOOK_DMA_BUF_H */ + +/* This part must be outside protection */ +#include