goldfish_pipe: Pass physical addresses to the device if supported

For reading and writing guest user space buffers, currently the kernel
sends the guest virtual address of the buffer to the pipe device. This
virtual address has to be first converted to a guest physical address.
Doing this translation on the QEMU side is inefficient and requires
additional handling when KVM is enabled, whose implementation would
either incur intrusive changes to QEMU's KVM support code or suffer
from poor performance, see commit 08c7228c50f8 ("x86-kvm: only sync
SREGS when doing address translation") of $AOSP/external/qemu for
details, and thus should be avoided if possible.

There is a TODO comment in hw/misc/android_pipe.c in the new Android
emulator source tree ($AOSP/external/qemu-android) which requests that
the translation be done on the kernel side and that physical addresses
be passed to the device instead of virtual ones. Once the QEMU-side
implementation is done, the kernel will need to support both the new
paddr-based pipe device and the old vaddr-based one (which will
continue to be used by the classic emulator). This patch achieves that
by leveraging the device version register available in the new device.

See https://android-review.googlesource.com/128280 for the QEMU-side
patch.

In addition, use the mmap semaphore (in read mode) to safeguard the
call to get_user_pages().

Signed-off-by: Yu Ning <yu.ning@intel.com>
Signed-off-by: Jin Qian <jinqian@android.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/platform/goldfish/goldfish_pipe.c b/drivers/platform/goldfish/goldfish_pipe.c
index 7a56be9c9432f27985012bc7591fd766ded29ae6..c214434e881121fa05899458598b88ab5c3f8bab 100644 (file)
--- a/drivers/platform/goldfish/goldfish_pipe.c
+++ b/drivers/platform/goldfish/goldfish_pipe.c
@@ -77,6 +77,7 @@
 #define PIPE_REG_PARAMS_ADDR_LOW       0x18  /* read/write: batch data address */
 #define PIPE_REG_PARAMS_ADDR_HIGH      0x1c  /* read/write: batch data address */
 #define PIPE_REG_ACCESS_PARAMS         0x20  /* write: batch access */
+#define PIPE_REG_VERSION               0x24  /* read: device version */
 
 /* list of commands for PIPE_REG_COMMAND */
 #define CMD_OPEN                       1  /* open new channel */
@@ -126,6 +127,7 @@ struct goldfish_pipe_dev {
        unsigned char __iomem *base;
        struct access_params *aps;
        int irq;
+       u32 version;
 };
 
 static struct goldfish_pipe_dev   pipe_dev[1];
@@ -296,26 +298,43 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer,
                int status, wakeBit;
                struct page *page;
 
+               /* Either vaddr or paddr depending on the device version */
+               unsigned long xaddr;
+
                /*
                 * We grab the pages on a page-by-page basis in case user
                 * space gives us a potentially huge buffer but the read only
                 * returns a small amount, then there's no need to pin that
                 * much memory to the process.
                 */
+               down_read(&current->mm->mmap_sem);
                ret = get_user_pages(current, current->mm, address, 1,
                                     !is_write, 0, &page, NULL);
+               up_read(&current->mm->mmap_sem);
                if (ret < 0)
                        return ret;
 
+               if (dev->version) {
+                       /* Device version 1 or newer (qemu-android) expects the
+                        * physical address.
+                        */
+                       xaddr = page_to_phys(page) | (address & ~PAGE_MASK);
+               } else {
+                       /* Device version 0 (classic emulator) expects the
+                        * virtual address.
+                        */
+                       xaddr = address;
+               }
+
                /* Now, try to transfer the bytes in the current page */
                spin_lock_irqsave(&dev->lock, irq_flags);
                if (access_with_param(dev,
                                is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER,
-                               address, avail, pipe, &status)) {
+                               xaddr, avail, pipe, &status)) {
                        gf_write_ptr(pipe, dev->base + PIPE_REG_CHANNEL,
                                     dev->base + PIPE_REG_CHANNEL_HIGH);
                        writel(avail, dev->base + PIPE_REG_SIZE);
-                       gf_write_ptr((void *)address,
+                       gf_write_ptr((void *)xaddr,
                                     dev->base + PIPE_REG_ADDRESS,
                                     dev->base + PIPE_REG_ADDRESS_HIGH);
                        writel(is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER,
@@ -610,6 +629,12 @@ static int goldfish_pipe_probe(struct platform_device *pdev)
                goto error;
        }
        setup_access_params_addr(pdev, dev);
+
+       /* Although the pipe device in the classic Android emulator does not
+        * recognize the 'version' register, it won't treat this as an error
+        * either and will simply return 0, which is fine.
+        */
+       dev->version = readl(dev->base + PIPE_REG_VERSION);
        return 0;
 
 error: