Re: [alsa-devel] [RFC PATCH] ALSA: core: Add DMA share buffer support

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Takashi Iwai <tiwai@suse.de>
To: Leo Yan <leo.yan@linaro.org>
Cc: alsa-devel@alsa-project.org, bgoswami@codeaurora.org,
	gustavo@embeddedor.com, srinivas.kandagatla@linaro.org,
	mchehab+samsung@kernel.org, sr@denx.de,
	daniel.thompson@linaro.org, corbet@lwn.net, philburk@google.com,
	willy@infradead.org, jmiller@neverware.com,
	keescook@chromium.org, arnd@arndb.de, colyli@suse.de,
	Mark Brown <broonie@kernel.org>,
	ckeepax@opensource.wolfsonmicro.com, anna-maria@linutronix.de,
	mathieu.poirier@linaro.org, Baolin Wang <baolin.wang@linaro.org>,
	sboyd@kernel.org, linux-kernel@vger.kernel.org, vkoul@kernel.org,
	joe@perches.com
Subject: Re: [alsa-devel] [RFC PATCH] ALSA: core: Add DMA share buffer  support
Date: Fri, 25 Jan 2019 14:19:22 +0100	[thread overview]
Message-ID: <s5himyczxgl.wl-tiwai@suse.de> (raw)
In-Reply-To: <20190123124658.GE15906@leoy-ThinkPad-X240s>

On Wed, 23 Jan 2019 13:46:58 +0100,
Leo Yan wrote:
> 
> Hi all,
> 
> On Wed, Jan 23, 2019 at 12:58:51PM +0100, Takashi Iwai wrote:
> > On Tue, 22 Jan 2019 21:25:35 +0100,
> > Mark Brown wrote:
> > > 
> > > On Mon, Jan 21, 2019 at 03:15:43PM +0100, Jaroslav Kysela wrote:
> > > > Dne 21.1.2019 v 13:40 Mark Brown napsal(a):
> > > 
> > > > > It was the bit about adding more extended permission control that I was
> > > > > worried about there, not the initial O_APPEND bit.  Indeed the O_APPEND
> > > > > bit sounds like it might also work from the base buffer sharing point of
> > > > > view, I have to confess I'd not heard of that feature before (it didn't
> > > > > come up in the discussion when Eric raised this in Prague).
> > > 
> > > > With permissions, I meant to make possible to restrict the file
> > > > descriptor operations (ioctls) for the depending task (like access to
> > > > the DMA buffer, synchronize it for the non-coherent platforms and maybe
> > > > read/write the actual position, delay etc.). It should be relatively
> > > > easy to implement using the snd_pcm_file structure.
> > > 
> > > Right, that's what I understood you to mean.  If you want to have a
> > > policy saying "it's OK to export a PCM file descriptor if it's only got
> > > permissions X and Y" the security module is going to need to know about
> > > the mechanism for setting those permissions.  With dma_buf that's all a
> > > bit easier as there's less new stuff, though I've no real idea how much
> > > of a big deal that actually is.
> > 
> > There are many ways to implement such a thing, yeah.  If we'd need an
> > implementation that is done solely in the sound driver layer, I can
> > imagine to introduce either a new ioctl or an open flag (like O_EXCL)
> > to specify the restricted sharing.  That is, a kind of master / slave
> > model where only the master is allowed to manipulate the stream while
> > the slave can mmap, read/write and get status.
> 
> I am lacking security related knowledge, especially for SELinux.
> So only can give background information but not sure if it's really
> helpful for discussion.
> 
> Android web page [1] give some information for this:
> 
> "The shared memory is referenced using a file descriptor that is
> generated by the ALSA driver. If the file descriptor is directly
> associated with a /dev/snd/ driver file, then it can be used by the
> AAudio service in SHARED mode. But the descriptor cannot be passed to
> the client code for EXCLUSIVE mode. The /dev/snd/ file descriptor
> would provide too broad of access to the client, so it is blocked by
> SELinux.
> 
> In order to support EXCLUSIVE mode, it is necessary to convert the
> /dev/snd/ descriptor to an anon_inode:dmabuffer file descriptor.
> SELinux allows that file descriptor to be passed to the client. It can
> also be used by the AAudioService.
> 
> An anon_inode:dmabuffer file descriptor can be generated using the
> Android Ion memory library."
> 
> So we work out dmabuf driver for audio buffer, the audio buffer will
> be exported and attached by using dma-buf framework; then we can
> return one file descriptor which is generated by dma-buf and this
> file descriptor is bound with anon inode based on dma-buf core code.
> 
> If we directly use the device node /dev/snd/ as file descriptor, even
> though we specify flag O_EXCL when open it, but it still is not an
> anon inode file descriptor.  Thus this is not safe enough and will be
> blocked by SELinux.  On the other hand, this patch wants to use
> dma-buf framework to provide file descriptor for the audio buffer, and
> this audio buffer can be one of mutiple audio buffers in the system
> and it can be shared to any audio client program.
> 
> Again, I have no less knowledge for SELinux so sorry if I introduce any
> noise at here.  And very appreciate any comments for this.

Hrm, it sounds like a workaround just to bypass SELinux check...

The sound server can open another PCM stream with O_APPEND, and pass
that fd to the client, too?


thanks,

Takashi

next prev parent reply	other threads:[~2019-01-25 13:19 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-18  4:55 [RFC PATCH] ALSA: core: Add DMA share buffer support Baolin Wang
2019-01-18  9:35 ` Jaroslav Kysela
2019-01-18 19:08   ` Mark Brown
2019-01-18 19:39     ` Takashi Iwai
2019-01-21 12:40       ` Mark Brown
2019-01-21 14:15         ` Jaroslav Kysela
2019-01-22 20:25           ` Mark Brown
2019-01-23 11:58             ` Takashi Iwai
2019-01-23 12:46               ` Leo Yan
2019-01-24 13:43                 ` Jaroslav Kysela
2019-01-24 17:33                   ` Mark Brown
2019-01-25  9:25                   ` Baolin Wang
2019-01-25 10:10                     ` Takashi Iwai
2019-01-25 10:20                       ` Takashi Iwai
2019-01-25 11:24                         ` Baolin Wang
2019-01-25 13:04                           ` Takashi Iwai
2019-01-28  5:48                             ` Baolin Wang
2019-01-25 11:11                       ` Baolin Wang
2019-01-25 13:03                         ` Takashi Iwai
2019-01-28  5:47                           ` Baolin Wang
2019-01-25 13:19                 ` Takashi Iwai [this message]
2019-01-25 18:25                   ` [alsa-devel] " Mark Brown
2019-01-28 13:31                     ` Jaroslav Kysela
2019-01-28 14:14                       ` Takashi Iwai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=s5himyczxgl.wl-tiwai@suse.de \
    --to=tiwai@suse.de \
    --cc=alsa-devel@alsa-project.org \
    --cc=anna-maria@linutronix.de \
    --cc=arnd@arndb.de \
    --cc=baolin.wang@linaro.org \
    --cc=bgoswami@codeaurora.org \
    --cc=broonie@kernel.org \
    --cc=ckeepax@opensource.wolfsonmicro.com \
    --cc=colyli@suse.de \
    --cc=corbet@lwn.net \
    --cc=daniel.thompson@linaro.org \
    --cc=gustavo@embeddedor.com \
    --cc=jmiller@neverware.com \
    --cc=joe@perches.com \
    --cc=keescook@chromium.org \
    --cc=leo.yan@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.poirier@linaro.org \
    --cc=mchehab+samsung@kernel.org \
    --cc=philburk@google.com \
    --cc=sboyd@kernel.org \
    --cc=sr@denx.de \
    --cc=srinivas.kandagatla@linaro.org \
    --cc=vkoul@kernel.org \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox