1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Copyright (C) 2017 Google, Inc. |
4 | */ |
5 | |
6 | #ifndef _LINUX_BINDER_ALLOC_H |
7 | #define _LINUX_BINDER_ALLOC_H |
8 | |
9 | #include <linux/rbtree.h> |
10 | #include <linux/list.h> |
11 | #include <linux/mm.h> |
12 | #include <linux/rtmutex.h> |
13 | #include <linux/vmalloc.h> |
14 | #include <linux/slab.h> |
15 | #include <linux/list_lru.h> |
16 | #include <uapi/linux/android/binder.h> |
17 | |
18 | extern struct list_lru binder_alloc_lru; |
19 | struct binder_transaction; |
20 | |
21 | /** |
22 | * struct binder_buffer - buffer used for binder transactions |
23 | * @entry: entry alloc->buffers |
24 | * @rb_node: node for allocated_buffers/free_buffers rb trees |
25 | * @free: %true if buffer is free |
26 | * @clear_on_free: %true if buffer must be zeroed after use |
27 | * @allow_user_free: %true if user is allowed to free buffer |
28 | * @async_transaction: %true if buffer is in use for an async txn |
29 | * @oneway_spam_suspect: %true if total async allocate size just exceed |
30 | * spamming detect threshold |
31 | * @debug_id: unique ID for debugging |
32 | * @transaction: pointer to associated struct binder_transaction |
33 | * @target_node: struct binder_node associated with this buffer |
34 | * @data_size: size of @transaction data |
35 | * @offsets_size: size of array of offsets |
36 | * @extra_buffers_size: size of space for other objects (like sg lists) |
37 | * @user_data: user pointer to base of buffer space |
38 | * @pid: pid to attribute the buffer to (caller) |
39 | * |
40 | * Bookkeeping structure for binder transaction buffers |
41 | */ |
42 | struct binder_buffer { |
43 | struct list_head entry; /* free and allocated entries by address */ |
44 | struct rb_node rb_node; /* free entry by size or allocated entry */ |
45 | /* by address */ |
46 | unsigned free:1; |
47 | unsigned clear_on_free:1; |
48 | unsigned allow_user_free:1; |
49 | unsigned async_transaction:1; |
50 | unsigned oneway_spam_suspect:1; |
51 | unsigned debug_id:27; |
52 | |
53 | struct binder_transaction *transaction; |
54 | |
55 | struct binder_node *target_node; |
56 | size_t data_size; |
57 | size_t offsets_size; |
58 | size_t ; |
59 | void __user *user_data; |
60 | int pid; |
61 | }; |
62 | |
63 | /** |
64 | * struct binder_lru_page - page object used for binder shrinker |
65 | * @page_ptr: pointer to physical page in mmap'd space |
66 | * @lru: entry in binder_alloc_lru |
67 | * @alloc: binder_alloc for a proc |
68 | */ |
69 | struct binder_lru_page { |
70 | struct list_head lru; |
71 | struct page *page_ptr; |
72 | struct binder_alloc *alloc; |
73 | }; |
74 | |
75 | /** |
76 | * struct binder_alloc - per-binder proc state for binder allocator |
77 | * @mutex: protects binder_alloc fields |
78 | * @vma: vm_area_struct passed to mmap_handler |
79 | * (invariant after mmap) |
80 | * @mm: copy of task->mm (invariant after open) |
81 | * @buffer: base of per-proc address space mapped via mmap |
82 | * @buffers: list of all buffers for this proc |
83 | * @free_buffers: rb tree of buffers available for allocation |
84 | * sorted by size |
85 | * @allocated_buffers: rb tree of allocated buffers sorted by address |
86 | * @free_async_space: VA space available for async buffers. This is |
87 | * initialized at mmap time to 1/2 the full VA space |
88 | * @pages: array of binder_lru_page |
89 | * @buffer_size: size of address space specified via mmap |
90 | * @pid: pid for associated binder_proc (invariant after init) |
91 | * @pages_high: high watermark of offset in @pages |
92 | * @oneway_spam_detected: %true if oneway spam detection fired, clear that |
93 | * flag once the async buffer has returned to a healthy state |
94 | * |
95 | * Bookkeeping structure for per-proc address space management for binder |
96 | * buffers. It is normally initialized during binder_init() and binder_mmap() |
97 | * calls. The address space is used for both user-visible buffers and for |
98 | * struct binder_buffer objects used to track the user buffers |
99 | */ |
100 | struct binder_alloc { |
101 | struct mutex mutex; |
102 | struct vm_area_struct *vma; |
103 | struct mm_struct *mm; |
104 | void __user *buffer; |
105 | struct list_head buffers; |
106 | struct rb_root free_buffers; |
107 | struct rb_root allocated_buffers; |
108 | size_t free_async_space; |
109 | struct binder_lru_page *pages; |
110 | size_t buffer_size; |
111 | int pid; |
112 | size_t pages_high; |
113 | bool oneway_spam_detected; |
114 | }; |
115 | |
116 | #ifdef CONFIG_ANDROID_BINDER_IPC_SELFTEST |
117 | void binder_selftest_alloc(struct binder_alloc *alloc); |
118 | #else |
119 | static inline void binder_selftest_alloc(struct binder_alloc *alloc) {} |
120 | #endif |
121 | enum lru_status binder_alloc_free_page(struct list_head *item, |
122 | struct list_lru_one *lru, |
123 | spinlock_t *lock, void *cb_arg); |
124 | extern struct binder_buffer *binder_alloc_new_buf(struct binder_alloc *alloc, |
125 | size_t data_size, |
126 | size_t offsets_size, |
127 | size_t , |
128 | int is_async, |
129 | int pid); |
130 | extern void binder_alloc_init(struct binder_alloc *alloc); |
131 | extern int binder_alloc_shrinker_init(void); |
132 | extern void binder_alloc_shrinker_exit(void); |
133 | extern void binder_alloc_vma_close(struct binder_alloc *alloc); |
134 | extern struct binder_buffer * |
135 | binder_alloc_prepare_to_free(struct binder_alloc *alloc, |
136 | uintptr_t user_ptr); |
137 | extern void binder_alloc_free_buf(struct binder_alloc *alloc, |
138 | struct binder_buffer *buffer); |
139 | extern int binder_alloc_mmap_handler(struct binder_alloc *alloc, |
140 | struct vm_area_struct *vma); |
141 | extern void binder_alloc_deferred_release(struct binder_alloc *alloc); |
142 | extern int binder_alloc_get_allocated_count(struct binder_alloc *alloc); |
143 | extern void binder_alloc_print_allocated(struct seq_file *m, |
144 | struct binder_alloc *alloc); |
145 | void binder_alloc_print_pages(struct seq_file *m, |
146 | struct binder_alloc *alloc); |
147 | |
148 | /** |
149 | * binder_alloc_get_free_async_space() - get free space available for async |
150 | * @alloc: binder_alloc for this proc |
151 | * |
152 | * Return: the bytes remaining in the address-space for async transactions |
153 | */ |
154 | static inline size_t |
155 | binder_alloc_get_free_async_space(struct binder_alloc *alloc) |
156 | { |
157 | size_t free_async_space; |
158 | |
159 | mutex_lock(&alloc->mutex); |
160 | free_async_space = alloc->free_async_space; |
161 | mutex_unlock(lock: &alloc->mutex); |
162 | return free_async_space; |
163 | } |
164 | |
165 | unsigned long |
166 | binder_alloc_copy_user_to_buffer(struct binder_alloc *alloc, |
167 | struct binder_buffer *buffer, |
168 | binder_size_t buffer_offset, |
169 | const void __user *from, |
170 | size_t bytes); |
171 | |
172 | int binder_alloc_copy_to_buffer(struct binder_alloc *alloc, |
173 | struct binder_buffer *buffer, |
174 | binder_size_t buffer_offset, |
175 | void *src, |
176 | size_t bytes); |
177 | |
178 | int binder_alloc_copy_from_buffer(struct binder_alloc *alloc, |
179 | void *dest, |
180 | struct binder_buffer *buffer, |
181 | binder_size_t buffer_offset, |
182 | size_t bytes); |
183 | |
184 | #endif /* _LINUX_BINDER_ALLOC_H */ |
185 | |
186 | |