Re: [PATCH v6 0/5] DMA-BUF Heaps (destaging ION)

From: John Stultz
Date: Mon Jul 01 2019 - 17:55:43 EST


On Mon, Jul 1, 2019 at 2:45 PM Laura Abbott <labbott@xxxxxxxxxx> wrote:
>
> On 6/24/19 3:49 PM, John Stultz wrote:
> > Here is another pass at the dma-buf heaps patchset Andrew and I
> > have been working on which tries to destage a fair chunk of ION
> > functionality.
> >
>
> I've gotten bogged down with both work and personal tasks
> so I haven't had a chance to look too closely but, once again,
> I'm happy to see this continue to move forward.
>
> > The patchset implements per-heap devices which can be opened
> > directly and then an ioctl is used to allocate a dmabuf from the
> > heap.
> >
> > The interface is similar, but much simpler then IONs, only
> > providing an ALLOC ioctl.
> >
> > Also, I've provided relatively simple system and cma heaps.
> >
> > I've booted and tested these patches with AOSP on the HiKey960
> > using the kernel tree here:
> > https://git.linaro.org/people/john.stultz/android-dev.git/log/?h=dev/dma-buf-heap
> >
> > And the userspace changes here:
> > https://android-review.googlesource.com/c/device/linaro/hikey/+/909436
> >
> > Compared to ION, this patchset is missing the system-contig,
> > carveout and chunk heaps, as I don't have a device that uses
> > those, so I'm unable to do much useful validation there.
> > Additionally we have no upstream users of chunk or carveout,
> > and the system-contig has been deprecated in the common/andoid-*
> > kernels, so this should be ok.
> >
> > I've also removed the stats accounting for now, since any such
> > accounting should be implemented by dma-buf core or the heaps
> > themselves.
> >
> >
> > New in v6:
> > * Number of cleanups and error path fixes suggested by Brian Starkey,
> > many thanks for his close review and suggestions!
> >
> >
> > Outstanding concerns:
> > * Need to better understand various secure heap implementations.
> > Some concern that heap private flags will be needed, but its
> > also possible that dma-buf heaps can't solve everyone's needs,
> > in which case, a vendor's secure buffer driver can implement
> > their own dma-buf exporter. So I'm not too worried here.
> >
>
> syzbot found a DoS with Ion which I ACKed a fix for.
> https://lore.kernel.org/lkml/03763360-a7de-de87-eb90-ba7838143930@xxxxxxxxxxxxxxxxxxx/
> This series doesn't have the page pooling so that particular bug may
> not be applicable but given this is not the first time I've
> seen Ion used as a DoS mechanism, it would be good to think about
> putting in some basic checks.

Yea, there's no shrinker right now (and my WIP page pool
implementation steals the network core's pagepool, which is statically
sized).

But the check in the alloc code seems reasonable so I can add it to
what I have. Appreciate the suggestion!

thanks
-john