• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2017 Google, Inc.
4  */
5 
6 #ifndef _LINUX_BINDER_ALLOC_H
7 #define _LINUX_BINDER_ALLOC_H
8 
9 #include <linux/rbtree.h>
10 #include <linux/list.h>
11 #include <linux/mm.h>
12 #include <linux/spinlock.h>
13 #include <linux/rtmutex.h>
14 #include <linux/vmalloc.h>
15 #include <linux/slab.h>
16 #include <linux/list_lru.h>
17 #include <uapi/linux/android/binder.h>
18 
19 extern struct list_lru binder_freelist;
20 struct binder_transaction;
21 
22 /**
23  * struct binder_buffer - buffer used for binder transactions
24  * @entry:              entry alloc->buffers
25  * @rb_node:            node for allocated_buffers/free_buffers rb trees
26  * @free:               %true if buffer is free
27  * @clear_on_free:      %true if buffer must be zeroed after use
28  * @allow_user_free:    %true if user is allowed to free buffer
29  * @async_transaction:  %true if buffer is in use for an async txn
30  * @oneway_spam_suspect: %true if total async allocate size just exceed
31  * spamming detect threshold
32  * @debug_id:           unique ID for debugging
33  * @transaction:        pointer to associated struct binder_transaction
34  * @target_node:        struct binder_node associated with this buffer
35  * @data_size:          size of @transaction data
36  * @offsets_size:       size of array of offsets
37  * @extra_buffers_size: size of space for other objects (like sg lists)
38  * @user_data:          user pointer to base of buffer space
39  * @pid:                pid to attribute the buffer to (caller)
40  *
41  * Bookkeeping structure for binder transaction buffers
42  */
43 struct binder_buffer {
44 	struct list_head entry; /* free and allocated entries by address */
45 	struct rb_node rb_node; /* free entry by size or allocated entry */
46 				/* by address */
47 	unsigned free:1;
48 	unsigned clear_on_free:1;
49 	unsigned allow_user_free:1;
50 	unsigned async_transaction:1;
51 	unsigned oneway_spam_suspect:1;
52 	unsigned debug_id:27;
53 	struct binder_transaction *transaction;
54 	struct binder_node *target_node;
55 	size_t data_size;
56 	size_t offsets_size;
57 	size_t extra_buffers_size;
58 	unsigned long user_data;
59 	int pid;
60 };
61 
62 /**
63  * struct binder_shrinker_mdata - binder metadata used to reclaim pages
64  * @lru:         LRU entry in binder_freelist
65  * @alloc:       binder_alloc owning the page to reclaim
66  * @page_index:  offset in @alloc->pages[] into the page to reclaim
67  */
68 struct binder_shrinker_mdata {
69 	struct list_head lru;
70 	struct binder_alloc *alloc;
71 	unsigned long page_index;
72 };
73 
74 struct binder_lru_page {
75 	struct list_head lru;
76 	struct page *page_ptr;
77 	struct binder_alloc *alloc;
78 };
79 
page_to_lru(struct page * p)80 static inline struct list_head *page_to_lru(struct page *p)
81 {
82 	struct binder_shrinker_mdata *mdata;
83 
84 	mdata = (struct binder_shrinker_mdata *)page_private(p);
85 
86 	return &mdata->lru;
87 }
88 
89 /**
90  * struct binder_alloc - per-binder proc state for binder allocator
91  * @lock:               protects binder_alloc fields
92  * @vma:                vm_area_struct passed to mmap_handler
93  *                      (invariant after mmap)
94  * @mm:                 copy of task->mm (invariant after open)
95  * @buffer:             base of per-proc address space mapped via mmap
96  * @buffers:            list of all buffers for this proc
97  * @free_buffers:       rb tree of buffers available for allocation
98  *                      sorted by size
99  * @allocated_buffers:  rb tree of allocated buffers sorted by address
100  * @free_async_space:   VA space available for async buffers. This is
101  *                      initialized at mmap time to 1/2 the full VA space
102  * @pages:              array of binder_lru_page
103  * @buffer_size:        size of address space specified via mmap
104  * @pid:                pid for associated binder_proc (invariant after init)
105  * @pages_high:         high watermark of offset in @pages
106  * @oneway_spam_detected: %true if oneway spam detection fired, clear that
107  * flag once the async buffer has returned to a healthy state
108  *
109  * Bookkeeping structure for per-proc address space management for binder
110  * buffers. It is normally initialized during binder_init() and binder_mmap()
111  * calls. The address space is used for both user-visible buffers and for
112  * struct binder_buffer objects used to track the user buffers
113  */
114 struct binder_alloc {
115 	spinlock_t lock;
116 	struct vm_area_struct *vma;
117 	struct mm_struct *mm;
118 	unsigned long buffer;
119 	struct list_head buffers;
120 	struct rb_root free_buffers;
121 	struct rb_root allocated_buffers;
122 	size_t free_async_space;
123 	struct binder_lru_page *pages;
124 	size_t buffer_size;
125 	int pid;
126 	size_t pages_high;
127 	bool oneway_spam_detected;
128 	ANDROID_OEM_DATA(1);
129 };
130 
131 #ifdef CONFIG_ANDROID_BINDER_IPC_SELFTEST
132 void binder_selftest_alloc(struct binder_alloc *alloc);
133 #else
binder_selftest_alloc(struct binder_alloc * alloc)134 static inline void binder_selftest_alloc(struct binder_alloc *alloc) {}
135 #endif
136 enum lru_status binder_alloc_free_page(struct list_head *item,
137 				       struct list_lru_one *lru,
138 				       spinlock_t *lock, void *cb_arg);
139 struct binder_buffer *binder_alloc_new_buf(struct binder_alloc *alloc,
140 					   size_t data_size,
141 					   size_t offsets_size,
142 					   size_t extra_buffers_size,
143 					   int is_async);
144 void binder_alloc_init(struct binder_alloc *alloc);
145 int binder_alloc_shrinker_init(void);
146 void binder_alloc_shrinker_exit(void);
147 void binder_alloc_vma_close(struct binder_alloc *alloc);
148 struct binder_buffer *
149 binder_alloc_prepare_to_free(struct binder_alloc *alloc,
150 			     unsigned long user_ptr);
151 void binder_alloc_free_buf(struct binder_alloc *alloc,
152 			   struct binder_buffer *buffer);
153 int binder_alloc_mmap_handler(struct binder_alloc *alloc,
154 			      struct vm_area_struct *vma);
155 void binder_alloc_deferred_release(struct binder_alloc *alloc);
156 int binder_alloc_get_allocated_count(struct binder_alloc *alloc);
157 void binder_alloc_print_allocated(struct seq_file *m,
158 				  struct binder_alloc *alloc);
159 void binder_alloc_print_pages(struct seq_file *m,
160 			      struct binder_alloc *alloc);
161 
162 unsigned long
163 binder_alloc_copy_user_to_buffer(struct binder_alloc *alloc,
164 				 struct binder_buffer *buffer,
165 				 binder_size_t buffer_offset,
166 				 const void __user *from,
167 				 size_t bytes);
168 
169 int binder_alloc_copy_to_buffer(struct binder_alloc *alloc,
170 				struct binder_buffer *buffer,
171 				binder_size_t buffer_offset,
172 				void *src,
173 				size_t bytes);
174 
175 int binder_alloc_copy_from_buffer(struct binder_alloc *alloc,
176 				  void *dest,
177 				  struct binder_buffer *buffer,
178 				  binder_size_t buffer_offset,
179 				  size_t bytes);
180 
181 #endif /* _LINUX_BINDER_ALLOC_H */
182 
183