ANDROID: dma-buf: Add vendorhook to allow mmaping more memory than a …

…DMA-BUF holds Add vendorhook to allow mmaping more memory than a DMA-BUF holds. The implementor of the vmap callback for the DMA-BUF is responsible for ensuring that all pages are backed by memory. The hook takes as input a DMA-BUF to allow the VMA bounds check to be done on a case-by-case basis for DMA-BUFs. Note that if the override is allowed to go through for a given DMA-BUF, then it can be the case that the size of this mmaped DMA-BUF is reported incorrectly when looking at /proc/pid/maps for the owning process. Bug: 234753494 Change-Id: Iba8cc8adfd2290e4dc7ef04fce5d6a80ac92e0b3 Signed-off-by: Chris Goldsworthy <quic_cgoldswo@quicinc.com> Signed-off-by: Sukadev Bhattiprolu <quic_sukadev@quicinc.com>
ammarfaizi2 · Jan 11, 2023 · 9972a4f · 9972a4f
1 parent 41d708a
commit 9972a4f
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c
@@ -7,6 +7,7 @@
  */
 
 #include <linux/iova.h>
+#include <linux/dma-buf.h>
 
 #define CREATE_TRACE_POINTS
 #include <trace/hooks/vendor_hooks.h>
@@ -41,6 +42,7 @@
 #include <trace/hooks/rwsem.h>
 #include <trace/hooks/futex.h>
 #include <trace/hooks/fips140.h>
+#include <trace/hooks/dmabuf.h>
 
 /*
  * Export tracepoints that act as a bare tracehook (ie: have no trace event
@@ -113,6 +115,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_is_initialized);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_mmap_file);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_file_open);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_bpf_syscall);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ignore_dmabuf_vmap_bounds);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rproc_recovery);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rproc_recovery_set);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_init);

diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
@@ -27,6 +27,7 @@
 #include <linux/mm.h>
 #include <linux/mount.h>
 #include <linux/pseudo_fs.h>
+#include <trace/hooks/dmabuf.h>
 
 #include <uapi/linux/dma-buf.h>
 #include <uapi/linux/magic.h>
@@ -130,6 +131,7 @@ static struct file_system_type dma_buf_fs_type = {
 static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma)
 {
 	struct dma_buf *dmabuf;
+	bool ignore_bounds = false;
 
 	if (!is_dma_buf_file(file))
 		return -EINVAL;
@@ -140,9 +142,11 @@ static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma)
 	if (!dmabuf->ops->mmap)
 		return -EINVAL;
 
+	trace_android_vh_ignore_dmabuf_vmap_bounds(dmabuf, &ignore_bounds);
+
 	/* check for overflowing the buffer's size */
-	if (vma->vm_pgoff + vma_pages(vma) >
-	    dmabuf->size >> PAGE_SHIFT)
+	if ((vma->vm_pgoff + vma_pages(vma) >
+	    dmabuf->size >> PAGE_SHIFT) && !ignore_bounds)
 		return -EINVAL;
 
 	return dmabuf->ops->mmap(dmabuf, vma);

diff --git a/include/trace/hooks/dmabuf.h b/include/trace/hooks/dmabuf.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM dmabuf
+
+#define TRACE_INCLUDE_PATH trace/hooks
+
+#if !defined(_TRACE_HOOK_DMA_BUF_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_HOOK_DMA_BUF_H
+
+struct dma_buf;
+
+#include <trace/hooks/vendor_hooks.h>
+
+DECLARE_HOOK(android_vh_ignore_dmabuf_vmap_bounds,
+	     TP_PROTO(struct dma_buf *dma_buf, bool *ignore_bounds),
+	     TP_ARGS(dma_buf, ignore_bounds));
+
+#endif /* _TRACE_HOOK_DMA_BUF_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>