binder_alloc.h 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * Copyright (C) 2017 Google, Inc.
  4. */
  5. #ifndef _LINUX_BINDER_ALLOC_H
  6. #define _LINUX_BINDER_ALLOC_H
  7. #include <linux/rbtree.h>
  8. #include <linux/list.h>
  9. #include <linux/mm.h>
  10. #include <linux/rtmutex.h>
  11. #include <linux/vmalloc.h>
  12. #include <linux/slab.h>
  13. #include <linux/list_lru.h>
  14. #include <uapi/linux/android/binder.h>
  15. struct binder_transaction;
  16. /**
  17. * struct binder_buffer - buffer used for binder transactions
  18. * @entry: entry alloc->buffers
  19. * @rb_node: node for allocated_buffers/free_buffers rb trees
  20. * @free: %true if buffer is free
  21. * @clear_on_free: %true if buffer must be zeroed after use
  22. * @allow_user_free: %true if user is allowed to free buffer
  23. * @async_transaction: %true if buffer is in use for an async txn
  24. * @oneway_spam_suspect: %true if total async allocate size just exceed
  25. * spamming detect threshold
  26. * @debug_id: unique ID for debugging
  27. * @transaction: pointer to associated struct binder_transaction
  28. * @target_node: struct binder_node associated with this buffer
  29. * @data_size: size of @transaction data
  30. * @offsets_size: size of array of offsets
  31. * @extra_buffers_size: size of space for other objects (like sg lists)
  32. * @user_data: user pointer to base of buffer space
  33. * @pid: pid to attribute the buffer to (caller)
  34. *
  35. * Bookkeeping structure for binder transaction buffers
  36. */
  37. struct binder_buffer {
  38. struct list_head entry; /* free and allocated entries by address */
  39. struct rb_node rb_node; /* free entry by size or allocated entry */
  40. /* by address */
  41. unsigned free:1;
  42. unsigned clear_on_free:1;
  43. unsigned allow_user_free:1;
  44. unsigned async_transaction:1;
  45. unsigned oneway_spam_suspect:1;
  46. unsigned debug_id:27;
  47. struct binder_transaction *transaction;
  48. struct binder_node *target_node;
  49. size_t data_size;
  50. size_t offsets_size;
  51. size_t extra_buffers_size;
  52. unsigned long user_data;
  53. int pid;
  54. };
  55. /**
  56. * struct binder_shrinker_mdata - binder metadata used to reclaim pages
  57. * @lru: LRU entry in binder_freelist
  58. * @alloc: binder_alloc owning the page to reclaim
  59. * @page_index: offset in @alloc->pages[] into the page to reclaim
  60. */
  61. struct binder_shrinker_mdata {
  62. struct list_head lru;
  63. struct binder_alloc *alloc;
  64. unsigned long page_index;
  65. };
  66. static inline struct list_head *page_to_lru(struct page *p)
  67. {
  68. struct binder_shrinker_mdata *mdata;
  69. mdata = (struct binder_shrinker_mdata *)page_private(p);
  70. return &mdata->lru;
  71. }
  72. /**
  73. * struct binder_alloc - per-binder proc state for binder allocator
  74. * @mutex: protects binder_alloc fields
  75. * @mm: copy of task->mm (invariant after open)
  76. * @vm_start: base of per-proc address space mapped via mmap
  77. * @buffers: list of all buffers for this proc
  78. * @free_buffers: rb tree of buffers available for allocation
  79. * sorted by size
  80. * @allocated_buffers: rb tree of allocated buffers sorted by address
  81. * @free_async_space: VA space available for async buffers. This is
  82. * initialized at mmap time to 1/2 the full VA space
  83. * @pages: array of struct page *
  84. * @freelist: lru list to use for free pages (invariant after init)
  85. * @buffer_size: size of address space specified via mmap
  86. * @pid: pid for associated binder_proc (invariant after init)
  87. * @pages_high: high watermark of offset in @pages
  88. * @mapped: whether the vm area is mapped, each binder instance is
  89. * allowed a single mapping throughout its lifetime
  90. * @oneway_spam_detected: %true if oneway spam detection fired, clear that
  91. * flag once the async buffer has returned to a healthy state
  92. *
  93. * Bookkeeping structure for per-proc address space management for binder
  94. * buffers. It is normally initialized during binder_init() and binder_mmap()
  95. * calls. The address space is used for both user-visible buffers and for
  96. * struct binder_buffer objects used to track the user buffers
  97. */
  98. struct binder_alloc {
  99. struct mutex mutex;
  100. struct mm_struct *mm;
  101. unsigned long vm_start;
  102. struct list_head buffers;
  103. struct rb_root free_buffers;
  104. struct rb_root allocated_buffers;
  105. size_t free_async_space;
  106. struct page **pages;
  107. struct list_lru *freelist;
  108. size_t buffer_size;
  109. int pid;
  110. size_t pages_high;
  111. bool mapped;
  112. bool oneway_spam_detected;
  113. };
  114. enum lru_status binder_alloc_free_page(struct list_head *item,
  115. struct list_lru_one *lru,
  116. void *cb_arg);
  117. struct binder_buffer *binder_alloc_new_buf(struct binder_alloc *alloc,
  118. size_t data_size,
  119. size_t offsets_size,
  120. size_t extra_buffers_size,
  121. int is_async);
  122. void binder_alloc_init(struct binder_alloc *alloc);
  123. int binder_alloc_shrinker_init(void);
  124. void binder_alloc_shrinker_exit(void);
  125. void binder_alloc_vma_close(struct binder_alloc *alloc);
  126. struct binder_buffer *
  127. binder_alloc_prepare_to_free(struct binder_alloc *alloc,
  128. unsigned long user_ptr);
  129. void binder_alloc_free_buf(struct binder_alloc *alloc,
  130. struct binder_buffer *buffer);
  131. int binder_alloc_mmap_handler(struct binder_alloc *alloc,
  132. struct vm_area_struct *vma);
  133. void binder_alloc_deferred_release(struct binder_alloc *alloc);
  134. int binder_alloc_get_allocated_count(struct binder_alloc *alloc);
  135. void binder_alloc_print_allocated(struct seq_file *m,
  136. struct binder_alloc *alloc);
  137. void binder_alloc_print_pages(struct seq_file *m,
  138. struct binder_alloc *alloc);
  139. /**
  140. * binder_alloc_get_free_async_space() - get free space available for async
  141. * @alloc: binder_alloc for this proc
  142. *
  143. * Return: the bytes remaining in the address-space for async transactions
  144. */
  145. static inline size_t
  146. binder_alloc_get_free_async_space(struct binder_alloc *alloc)
  147. {
  148. guard(mutex)(&alloc->mutex);
  149. return alloc->free_async_space;
  150. }
  151. unsigned long
  152. binder_alloc_copy_user_to_buffer(struct binder_alloc *alloc,
  153. struct binder_buffer *buffer,
  154. binder_size_t buffer_offset,
  155. const void __user *from,
  156. size_t bytes);
  157. int binder_alloc_copy_to_buffer(struct binder_alloc *alloc,
  158. struct binder_buffer *buffer,
  159. binder_size_t buffer_offset,
  160. void *src,
  161. size_t bytes);
  162. int binder_alloc_copy_from_buffer(struct binder_alloc *alloc,
  163. void *dest,
  164. struct binder_buffer *buffer,
  165. binder_size_t buffer_offset,
  166. size_t bytes);
  167. #if IS_ENABLED(CONFIG_KUNIT)
  168. void __binder_alloc_init(struct binder_alloc *alloc, struct list_lru *freelist);
  169. size_t binder_alloc_buffer_size(struct binder_alloc *alloc,
  170. struct binder_buffer *buffer);
  171. #endif
  172. #endif /* _LINUX_BINDER_ALLOC_H */