From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Carlos Llamas <cmllamas@google.com>
Cc: "Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Christian Brauner" <brauner@kernel.org>,
"Suren Baghdasaryan" <surenb@google.com>,
"Sherry Yang" <sherryy@android.com>,
linux-kernel@vger.kernel.org, kernel-team@android.com,
stable@vger.kernel.org
Subject: Re: [PATCH v2 05/28] binder: fix unused alloc->free_async_space
Date: Mon, 22 Jan 2024 10:35:01 -0800 [thread overview]
Message-ID: <2024012254-encore-pedometer-42e9@gregkh> (raw)
In-Reply-To: <Za6vJC1o83xSwab3@google.com>
On Mon, Jan 22, 2024 at 06:08:36PM +0000, Carlos Llamas wrote:
> On Mon, Jan 22, 2024 at 07:05:29AM -0800, Greg Kroah-Hartman wrote:
> > On Mon, Jan 22, 2024 at 07:04:20AM -0800, Greg Kroah-Hartman wrote:
> > > On Fri, Jan 19, 2024 at 05:27:18PM +0000, Carlos Llamas wrote:
> > > > On Fri, Jan 19, 2024 at 06:49:00AM +0100, Greg Kroah-Hartman wrote:
> > > > > On Thu, Jan 18, 2024 at 07:33:48PM +0000, Carlos Llamas wrote:
> > > > > > On Fri, Dec 01, 2023 at 05:21:34PM +0000, Carlos Llamas wrote:
> > > > > > > Each transaction is associated with a 'struct binder_buffer' that stores
> > > > > > > the metadata about its buffer area. Since commit 74310e06be4d ("android:
> > > > > > > binder: Move buffer out of area shared with user space") this struct is
> > > > > > > no longer embedded within the buffer itself but is instead allocated on
> > > > > > > the heap to prevent userspace access to this driver-exclusive info.
> > > > > > >
> > > > > > > Unfortunately, the space of this struct is still being accounted for in
> > > > > > > the total buffer size calculation, specifically for async transactions.
> > > > > > > This results in an additional 104 bytes added to every async buffer
> > > > > > > request, and this area is never used.
> > > > > > >
> > > > > > > This wasted space can be substantial. If we consider the maximum mmap
> > > > > > > buffer space of SZ_4M, the driver will reserve half of it for async
> > > > > > > transactions, or 0x200000. This area should, in theory, accommodate up
> > > > > > > to 262,144 buffers of the minimum 8-byte size. However, after adding
> > > > > > > the extra 'sizeof(struct binder_buffer)', the total number of buffers
> > > > > > > drops to only 18,724, which is a sad 7.14% of the actual capacity.
> > > > > > >
> > > > > > > This patch fixes the buffer size calculation to enable the utilization
> > > > > > > of the entire async buffer space. This is expected to reduce the number
> > > > > > > of -ENOSPC errors that are seen on the field.
> > > > > > >
> > > > > > > Fixes: 74310e06be4d ("android: binder: Move buffer out of area shared with user space")
> > > > > > > Signed-off-by: Carlos Llamas <cmllamas@google.com>
> > > > > > > ---
> > > > > >
> > > > > > Sorry, I forgot to Cc: stable@vger.kernel.org.
> > > > >
> > > > >
> > > > > <formletter>
> > > > >
> > > > > This is not the correct way to submit patches for inclusion in the
> > > > > stable kernel tree. Please read:
> > > > > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> > > > > for how to do this properly.
> > > > >
> > > > > </formletter>
> > > >
> > > > Oops, here is the complete info:
> > > >
> > > > Commit ID: c6d05e0762ab276102246d24affd1e116a46aa0c
> > > > Subject: "binder: fix unused alloc->free_async_space"
> > > > Reason: Fixes an incorrect calculation of available space.
> > > > Versions: v4.19+
> > > >
> > > > Note this patch will also have trivial conflicts in v4.19 and v5.4
> > > > kernels as commit 261e7818f06e is missing there. Please let me know and
> > > > I can send the corresponding patches separately.
> > >
> > > It doesn't even apply to 6.7.y either, so we need backports for all
> > > affected trees, thanks.
> >
> > Now I got it to apply, but we need backports for 5.4.y and 4.19.y,
> > thanks.
> >
> > greg k-h
>
> Backports sent.
>
> linux-4.19.y:
> https://lore.kernel.org/all/20240122174250.2123854-2-cmllamas@google.com/
>
> linux-5.4.y:
> https://lore.kernel.org/all/20240122175751.2214176-2-cmllamas@google.com/
All now queued up, thanks!
greg k-h
next prev parent reply other threads:[~2024-01-22 18:35 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-01 17:21 [PATCH v2 00/28] binder: convert alloc->mutex to spinlock Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 01/28] binder: use EPOLLERR from eventpoll.h Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 02/28] binder: fix use-after-free in shinker's callback Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 03/28] binder: fix race between mmput() and do_exit() Carlos Llamas
2024-01-18 19:29 ` Carlos Llamas
2024-01-19 5:48 ` Greg Kroah-Hartman
2024-01-19 17:06 ` Carlos Llamas
2024-01-19 17:37 ` Carlos Llamas
2024-01-20 6:37 ` Greg Kroah-Hartman
2024-01-22 18:05 ` Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 04/28] binder: fix async space check for 0-sized buffers Carlos Llamas
2024-01-18 19:32 ` Carlos Llamas
2024-01-19 5:48 ` Greg Kroah-Hartman
2024-01-19 17:11 ` Carlos Llamas
2024-01-22 15:05 ` Greg Kroah-Hartman
2023-12-01 17:21 ` [PATCH v2 05/28] binder: fix unused alloc->free_async_space Carlos Llamas
2023-12-04 11:56 ` Alice Ryhl
2024-01-18 19:33 ` Carlos Llamas
2024-01-19 5:49 ` Greg Kroah-Hartman
2024-01-19 17:27 ` Carlos Llamas
2024-01-22 15:04 ` Greg Kroah-Hartman
2024-01-22 15:05 ` Greg Kroah-Hartman
2024-01-22 18:08 ` Carlos Llamas
2024-01-22 18:35 ` Greg Kroah-Hartman [this message]
2023-12-01 17:21 ` [PATCH v2 06/28] binder: fix trivial typo of binder_free_buf_locked() Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 07/28] binder: fix comment on binder_alloc_new_buf() return value Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 08/28] binder: remove extern from function prototypes Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 09/28] binder: keep vma addresses type as unsigned long Carlos Llamas
2023-12-04 11:56 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 10/28] binder: split up binder_update_page_range() Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 11/28] binder: do unlocked work in binder_alloc_new_buf() Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-04 14:22 ` Carlos Llamas
2023-12-04 14:23 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 12/28] binder: remove pid param " Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 13/28] binder: separate the no-space debugging logic Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 14/28] binder: relocate low space calculation Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 15/28] binder: relocate binder_alloc_clear_buf() Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 16/28] binder: refactor page range allocation Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 17/28] binder: malloc new_buffer outside of locks Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 18/28] binder: initialize lru pages in mmap callback Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 19/28] binder: perform page installation outside of locks Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 20/28] binder: remove redundant debug log Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 21/28] binder: make oversized buffer code more readable Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 22/28] binder: rename lru shrinker utilities Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 23/28] binder: document the final page calculation Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-04 14:39 ` Carlos Llamas
2023-12-04 14:43 ` Alice Ryhl
2023-12-04 14:53 ` Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 24/28] binder: collapse print_binder_buffer() into caller Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 25/28] binder: refactor binder_delete_free_buffer() Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-01 17:21 ` [PATCH v2 26/28] binder: avoid user addresses in debug logs Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-06 0:40 ` kernel test robot
2023-12-01 17:21 ` [PATCH v2 27/28] binder: reverse locking order in shrinker callback Carlos Llamas
2023-12-04 11:57 ` Alice Ryhl
2023-12-04 14:45 ` Carlos Llamas
2023-12-04 14:47 ` Alice Ryhl
2023-12-04 15:01 ` Carlos Llamas
2023-12-01 17:21 ` [PATCH v2 28/28] binder: switch alloc->mutex to spinlock_t Carlos Llamas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024012254-encore-pedometer-42e9@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=arve@android.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=joel@joelfernandes.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=sherryy@android.com \
--cc=stable@vger.kernel.org \
--cc=surenb@google.com \
--cc=tkjos@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.