OSCL-LXR |
|
|
|
|||
0001 /* SPDX-License-Identifier: GPL-2.0 */ 0002 0003 #ifndef _LINUX_BINDER_INTERNAL_H 0004 #define _LINUX_BINDER_INTERNAL_H 0005 0006 #include <linux/export.h> 0007 #include <linux/fs.h> 0008 #include <linux/list.h> 0009 #include <linux/miscdevice.h> 0010 #include <linux/mutex.h> 0011 #include <linux/refcount.h> 0012 #include <linux/stddef.h> 0013 #include <linux/types.h> 0014 #include <linux/uidgid.h> 0015 #include <uapi/linux/android/binderfs.h> 0016 #include "binder_alloc.h" 0017 0018 struct binder_context { 0019 struct binder_node *binder_context_mgr_node; 0020 struct mutex context_mgr_node_lock; 0021 kuid_t binder_context_mgr_uid; 0022 const char *name; 0023 }; 0024 0025 /** 0026 * struct binder_device - information about a binder device node 0027 * @hlist: list of binder devices (only used for devices requested via 0028 * CONFIG_ANDROID_BINDER_DEVICES) 0029 * @miscdev: information about a binder character device node 0030 * @context: binder context information 0031 * @binderfs_inode: This is the inode of the root dentry of the super block 0032 * belonging to a binderfs mount. 0033 */ 0034 struct binder_device { 0035 struct hlist_node hlist; 0036 struct miscdevice miscdev; 0037 struct binder_context context; 0038 struct inode *binderfs_inode; 0039 refcount_t ref; 0040 }; 0041 0042 /** 0043 * binderfs_mount_opts - mount options for binderfs 0044 * @max: maximum number of allocatable binderfs binder devices 0045 * @stats_mode: enable binder stats in binderfs. 0046 */ 0047 struct binderfs_mount_opts { 0048 int max; 0049 int stats_mode; 0050 }; 0051 0052 /** 0053 * binderfs_info - information about a binderfs mount 0054 * @ipc_ns: The ipc namespace the binderfs mount belongs to. 0055 * @control_dentry: This records the dentry of this binderfs mount 0056 * binder-control device. 0057 * @root_uid: uid that needs to be used when a new binder device is 0058 * created. 0059 * @root_gid: gid that needs to be used when a new binder device is 0060 * created. 0061 * @mount_opts: The mount options in use. 0062 * @device_count: The current number of allocated binder devices. 0063 * @proc_log_dir: Pointer to the directory dentry containing process-specific 0064 * logs. 0065 */ 0066 struct binderfs_info { 0067 struct ipc_namespace *ipc_ns; 0068 struct dentry *control_dentry; 0069 kuid_t root_uid; 0070 kgid_t root_gid; 0071 struct binderfs_mount_opts mount_opts; 0072 int device_count; 0073 struct dentry *proc_log_dir; 0074 }; 0075 0076 extern const struct file_operations binder_fops; 0077 0078 extern char *binder_devices_param; 0079 0080 #ifdef CONFIG_ANDROID_BINDERFS 0081 extern bool is_binderfs_device(const struct inode *inode); 0082 extern struct dentry *binderfs_create_file(struct dentry *dir, const char *name, 0083 const struct file_operations *fops, 0084 void *data); 0085 extern void binderfs_remove_file(struct dentry *dentry); 0086 #else 0087 static inline bool is_binderfs_device(const struct inode *inode) 0088 { 0089 return false; 0090 } 0091 static inline struct dentry *binderfs_create_file(struct dentry *dir, 0092 const char *name, 0093 const struct file_operations *fops, 0094 void *data) 0095 { 0096 return NULL; 0097 } 0098 static inline void binderfs_remove_file(struct dentry *dentry) {} 0099 #endif 0100 0101 #ifdef CONFIG_ANDROID_BINDERFS 0102 extern int __init init_binderfs(void); 0103 #else 0104 static inline int __init init_binderfs(void) 0105 { 0106 return 0; 0107 } 0108 #endif 0109 0110 struct binder_debugfs_entry { 0111 const char *name; 0112 umode_t mode; 0113 const struct file_operations *fops; 0114 void *data; 0115 }; 0116 0117 extern const struct binder_debugfs_entry binder_debugfs_entries[]; 0118 0119 #define binder_for_each_debugfs_entry(entry) \ 0120 for ((entry) = binder_debugfs_entries; \ 0121 (entry)->name; \ 0122 (entry)++) 0123 0124 enum binder_stat_types { 0125 BINDER_STAT_PROC, 0126 BINDER_STAT_THREAD, 0127 BINDER_STAT_NODE, 0128 BINDER_STAT_REF, 0129 BINDER_STAT_DEATH, 0130 BINDER_STAT_TRANSACTION, 0131 BINDER_STAT_TRANSACTION_COMPLETE, 0132 BINDER_STAT_COUNT 0133 }; 0134 0135 struct binder_stats { 0136 atomic_t br[_IOC_NR(BR_ONEWAY_SPAM_SUSPECT) + 1]; 0137 atomic_t bc[_IOC_NR(BC_REPLY_SG) + 1]; 0138 atomic_t obj_created[BINDER_STAT_COUNT]; 0139 atomic_t obj_deleted[BINDER_STAT_COUNT]; 0140 }; 0141 0142 /** 0143 * struct binder_work - work enqueued on a worklist 0144 * @entry: node enqueued on list 0145 * @type: type of work to be performed 0146 * 0147 * There are separate work lists for proc, thread, and node (async). 0148 */ 0149 struct binder_work { 0150 struct list_head entry; 0151 0152 enum binder_work_type { 0153 BINDER_WORK_TRANSACTION = 1, 0154 BINDER_WORK_TRANSACTION_COMPLETE, 0155 BINDER_WORK_TRANSACTION_ONEWAY_SPAM_SUSPECT, 0156 BINDER_WORK_RETURN_ERROR, 0157 BINDER_WORK_NODE, 0158 BINDER_WORK_DEAD_BINDER, 0159 BINDER_WORK_DEAD_BINDER_AND_CLEAR, 0160 BINDER_WORK_CLEAR_DEATH_NOTIFICATION, 0161 } type; 0162 }; 0163 0164 struct binder_error { 0165 struct binder_work work; 0166 uint32_t cmd; 0167 }; 0168 0169 /** 0170 * struct binder_node - binder node bookkeeping 0171 * @debug_id: unique ID for debugging 0172 * (invariant after initialized) 0173 * @lock: lock for node fields 0174 * @work: worklist element for node work 0175 * (protected by @proc->inner_lock) 0176 * @rb_node: element for proc->nodes tree 0177 * (protected by @proc->inner_lock) 0178 * @dead_node: element for binder_dead_nodes list 0179 * (protected by binder_dead_nodes_lock) 0180 * @proc: binder_proc that owns this node 0181 * (invariant after initialized) 0182 * @refs: list of references on this node 0183 * (protected by @lock) 0184 * @internal_strong_refs: used to take strong references when 0185 * initiating a transaction 0186 * (protected by @proc->inner_lock if @proc 0187 * and by @lock) 0188 * @local_weak_refs: weak user refs from local process 0189 * (protected by @proc->inner_lock if @proc 0190 * and by @lock) 0191 * @local_strong_refs: strong user refs from local process 0192 * (protected by @proc->inner_lock if @proc 0193 * and by @lock) 0194 * @tmp_refs: temporary kernel refs 0195 * (protected by @proc->inner_lock while @proc 0196 * is valid, and by binder_dead_nodes_lock 0197 * if @proc is NULL. During inc/dec and node release 0198 * it is also protected by @lock to provide safety 0199 * as the node dies and @proc becomes NULL) 0200 * @ptr: userspace pointer for node 0201 * (invariant, no lock needed) 0202 * @cookie: userspace cookie for node 0203 * (invariant, no lock needed) 0204 * @has_strong_ref: userspace notified of strong ref 0205 * (protected by @proc->inner_lock if @proc 0206 * and by @lock) 0207 * @pending_strong_ref: userspace has acked notification of strong ref 0208 * (protected by @proc->inner_lock if @proc 0209 * and by @lock) 0210 * @has_weak_ref: userspace notified of weak ref 0211 * (protected by @proc->inner_lock if @proc 0212 * and by @lock) 0213 * @pending_weak_ref: userspace has acked notification of weak ref 0214 * (protected by @proc->inner_lock if @proc 0215 * and by @lock) 0216 * @has_async_transaction: async transaction to node in progress 0217 * (protected by @lock) 0218 * @accept_fds: file descriptor operations supported for node 0219 * (invariant after initialized) 0220 * @min_priority: minimum scheduling priority 0221 * (invariant after initialized) 0222 * @txn_security_ctx: require sender's security context 0223 * (invariant after initialized) 0224 * @async_todo: list of async work items 0225 * (protected by @proc->inner_lock) 0226 * 0227 * Bookkeeping structure for binder nodes. 0228 */ 0229 struct binder_node { 0230 int debug_id; 0231 spinlock_t lock; 0232 struct binder_work work; 0233 union { 0234 struct rb_node rb_node; 0235 struct hlist_node dead_node; 0236 }; 0237 struct binder_proc *proc; 0238 struct hlist_head refs; 0239 int internal_strong_refs; 0240 int local_weak_refs; 0241 int local_strong_refs; 0242 int tmp_refs; 0243 binder_uintptr_t ptr; 0244 binder_uintptr_t cookie; 0245 struct { 0246 /* 0247 * bitfield elements protected by 0248 * proc inner_lock 0249 */ 0250 u8 has_strong_ref:1; 0251 u8 pending_strong_ref:1; 0252 u8 has_weak_ref:1; 0253 u8 pending_weak_ref:1; 0254 }; 0255 struct { 0256 /* 0257 * invariant after initialization 0258 */ 0259 u8 accept_fds:1; 0260 u8 txn_security_ctx:1; 0261 u8 min_priority; 0262 }; 0263 bool has_async_transaction; 0264 struct list_head async_todo; 0265 }; 0266 0267 struct binder_ref_death { 0268 /** 0269 * @work: worklist element for death notifications 0270 * (protected by inner_lock of the proc that 0271 * this ref belongs to) 0272 */ 0273 struct binder_work work; 0274 binder_uintptr_t cookie; 0275 }; 0276 0277 /** 0278 * struct binder_ref_data - binder_ref counts and id 0279 * @debug_id: unique ID for the ref 0280 * @desc: unique userspace handle for ref 0281 * @strong: strong ref count (debugging only if not locked) 0282 * @weak: weak ref count (debugging only if not locked) 0283 * 0284 * Structure to hold ref count and ref id information. Since 0285 * the actual ref can only be accessed with a lock, this structure 0286 * is used to return information about the ref to callers of 0287 * ref inc/dec functions. 0288 */ 0289 struct binder_ref_data { 0290 int debug_id; 0291 uint32_t desc; 0292 int strong; 0293 int weak; 0294 }; 0295 0296 /** 0297 * struct binder_ref - struct to track references on nodes 0298 * @data: binder_ref_data containing id, handle, and current refcounts 0299 * @rb_node_desc: node for lookup by @data.desc in proc's rb_tree 0300 * @rb_node_node: node for lookup by @node in proc's rb_tree 0301 * @node_entry: list entry for node->refs list in target node 0302 * (protected by @node->lock) 0303 * @proc: binder_proc containing ref 0304 * @node: binder_node of target node. When cleaning up a 0305 * ref for deletion in binder_cleanup_ref, a non-NULL 0306 * @node indicates the node must be freed 0307 * @death: pointer to death notification (ref_death) if requested 0308 * (protected by @node->lock) 0309 * 0310 * Structure to track references from procA to target node (on procB). This 0311 * structure is unsafe to access without holding @proc->outer_lock. 0312 */ 0313 struct binder_ref { 0314 /* Lookups needed: */ 0315 /* node + proc => ref (transaction) */ 0316 /* desc + proc => ref (transaction, inc/dec ref) */ 0317 /* node => refs + procs (proc exit) */ 0318 struct binder_ref_data data; 0319 struct rb_node rb_node_desc; 0320 struct rb_node rb_node_node; 0321 struct hlist_node node_entry; 0322 struct binder_proc *proc; 0323 struct binder_node *node; 0324 struct binder_ref_death *death; 0325 }; 0326 0327 /** 0328 * struct binder_proc - binder process bookkeeping 0329 * @proc_node: element for binder_procs list 0330 * @threads: rbtree of binder_threads in this proc 0331 * (protected by @inner_lock) 0332 * @nodes: rbtree of binder nodes associated with 0333 * this proc ordered by node->ptr 0334 * (protected by @inner_lock) 0335 * @refs_by_desc: rbtree of refs ordered by ref->desc 0336 * (protected by @outer_lock) 0337 * @refs_by_node: rbtree of refs ordered by ref->node 0338 * (protected by @outer_lock) 0339 * @waiting_threads: threads currently waiting for proc work 0340 * (protected by @inner_lock) 0341 * @pid PID of group_leader of process 0342 * (invariant after initialized) 0343 * @tsk task_struct for group_leader of process 0344 * (invariant after initialized) 0345 * @cred struct cred associated with the `struct file` 0346 * in binder_open() 0347 * (invariant after initialized) 0348 * @deferred_work_node: element for binder_deferred_list 0349 * (protected by binder_deferred_lock) 0350 * @deferred_work: bitmap of deferred work to perform 0351 * (protected by binder_deferred_lock) 0352 * @outstanding_txns: number of transactions to be transmitted before 0353 * processes in freeze_wait are woken up 0354 * (protected by @inner_lock) 0355 * @is_dead: process is dead and awaiting free 0356 * when outstanding transactions are cleaned up 0357 * (protected by @inner_lock) 0358 * @is_frozen: process is frozen and unable to service 0359 * binder transactions 0360 * (protected by @inner_lock) 0361 * @sync_recv: process received sync transactions since last frozen 0362 * bit 0: received sync transaction after being frozen 0363 * bit 1: new pending sync transaction during freezing 0364 * (protected by @inner_lock) 0365 * @async_recv: process received async transactions since last frozen 0366 * (protected by @inner_lock) 0367 * @freeze_wait: waitqueue of processes waiting for all outstanding 0368 * transactions to be processed 0369 * (protected by @inner_lock) 0370 * @todo: list of work for this process 0371 * (protected by @inner_lock) 0372 * @stats: per-process binder statistics 0373 * (atomics, no lock needed) 0374 * @delivered_death: list of delivered death notification 0375 * (protected by @inner_lock) 0376 * @max_threads: cap on number of binder threads 0377 * (protected by @inner_lock) 0378 * @requested_threads: number of binder threads requested but not 0379 * yet started. In current implementation, can 0380 * only be 0 or 1. 0381 * (protected by @inner_lock) 0382 * @requested_threads_started: number binder threads started 0383 * (protected by @inner_lock) 0384 * @tmp_ref: temporary reference to indicate proc is in use 0385 * (protected by @inner_lock) 0386 * @default_priority: default scheduler priority 0387 * (invariant after initialized) 0388 * @debugfs_entry: debugfs node 0389 * @alloc: binder allocator bookkeeping 0390 * @context: binder_context for this proc 0391 * (invariant after initialized) 0392 * @inner_lock: can nest under outer_lock and/or node lock 0393 * @outer_lock: no nesting under innor or node lock 0394 * Lock order: 1) outer, 2) node, 3) inner 0395 * @binderfs_entry: process-specific binderfs log file 0396 * @oneway_spam_detection_enabled: process enabled oneway spam detection 0397 * or not 0398 * 0399 * Bookkeeping structure for binder processes 0400 */ 0401 struct binder_proc { 0402 struct hlist_node proc_node; 0403 struct rb_root threads; 0404 struct rb_root nodes; 0405 struct rb_root refs_by_desc; 0406 struct rb_root refs_by_node; 0407 struct list_head waiting_threads; 0408 int pid; 0409 struct task_struct *tsk; 0410 const struct cred *cred; 0411 struct hlist_node deferred_work_node; 0412 int deferred_work; 0413 int outstanding_txns; 0414 bool is_dead; 0415 bool is_frozen; 0416 bool sync_recv; 0417 bool async_recv; 0418 wait_queue_head_t freeze_wait; 0419 0420 struct list_head todo; 0421 struct binder_stats stats; 0422 struct list_head delivered_death; 0423 int max_threads; 0424 int requested_threads; 0425 int requested_threads_started; 0426 int tmp_ref; 0427 long default_priority; 0428 struct dentry *debugfs_entry; 0429 struct binder_alloc alloc; 0430 struct binder_context *context; 0431 spinlock_t inner_lock; 0432 spinlock_t outer_lock; 0433 struct dentry *binderfs_entry; 0434 bool oneway_spam_detection_enabled; 0435 }; 0436 0437 /** 0438 * struct binder_thread - binder thread bookkeeping 0439 * @proc: binder process for this thread 0440 * (invariant after initialization) 0441 * @rb_node: element for proc->threads rbtree 0442 * (protected by @proc->inner_lock) 0443 * @waiting_thread_node: element for @proc->waiting_threads list 0444 * (protected by @proc->inner_lock) 0445 * @pid: PID for this thread 0446 * (invariant after initialization) 0447 * @looper: bitmap of looping state 0448 * (only accessed by this thread) 0449 * @looper_needs_return: looping thread needs to exit driver 0450 * (no lock needed) 0451 * @transaction_stack: stack of in-progress transactions for this thread 0452 * (protected by @proc->inner_lock) 0453 * @todo: list of work to do for this thread 0454 * (protected by @proc->inner_lock) 0455 * @process_todo: whether work in @todo should be processed 0456 * (protected by @proc->inner_lock) 0457 * @return_error: transaction errors reported by this thread 0458 * (only accessed by this thread) 0459 * @reply_error: transaction errors reported by target thread 0460 * (protected by @proc->inner_lock) 0461 * @ee: extended error information from this thread 0462 * (protected by @proc->inner_lock) 0463 * @wait: wait queue for thread work 0464 * @stats: per-thread statistics 0465 * (atomics, no lock needed) 0466 * @tmp_ref: temporary reference to indicate thread is in use 0467 * (atomic since @proc->inner_lock cannot 0468 * always be acquired) 0469 * @is_dead: thread is dead and awaiting free 0470 * when outstanding transactions are cleaned up 0471 * (protected by @proc->inner_lock) 0472 * 0473 * Bookkeeping structure for binder threads. 0474 */ 0475 struct binder_thread { 0476 struct binder_proc *proc; 0477 struct rb_node rb_node; 0478 struct list_head waiting_thread_node; 0479 int pid; 0480 int looper; /* only modified by this thread */ 0481 bool looper_need_return; /* can be written by other thread */ 0482 struct binder_transaction *transaction_stack; 0483 struct list_head todo; 0484 bool process_todo; 0485 struct binder_error return_error; 0486 struct binder_error reply_error; 0487 struct binder_extended_error ee; 0488 wait_queue_head_t wait; 0489 struct binder_stats stats; 0490 atomic_t tmp_ref; 0491 bool is_dead; 0492 }; 0493 0494 /** 0495 * struct binder_txn_fd_fixup - transaction fd fixup list element 0496 * @fixup_entry: list entry 0497 * @file: struct file to be associated with new fd 0498 * @offset: offset in buffer data to this fixup 0499 * @target_fd: fd to use by the target to install @file 0500 * 0501 * List element for fd fixups in a transaction. Since file 0502 * descriptors need to be allocated in the context of the 0503 * target process, we pass each fd to be processed in this 0504 * struct. 0505 */ 0506 struct binder_txn_fd_fixup { 0507 struct list_head fixup_entry; 0508 struct file *file; 0509 size_t offset; 0510 int target_fd; 0511 }; 0512 0513 struct binder_transaction { 0514 int debug_id; 0515 struct binder_work work; 0516 struct binder_thread *from; 0517 struct binder_transaction *from_parent; 0518 struct binder_proc *to_proc; 0519 struct binder_thread *to_thread; 0520 struct binder_transaction *to_parent; 0521 unsigned need_reply:1; 0522 /* unsigned is_dead:1; */ /* not used at the moment */ 0523 0524 struct binder_buffer *buffer; 0525 unsigned int code; 0526 unsigned int flags; 0527 long priority; 0528 long saved_priority; 0529 kuid_t sender_euid; 0530 struct list_head fd_fixups; 0531 binder_uintptr_t security_ctx; 0532 /** 0533 * @lock: protects @from, @to_proc, and @to_thread 0534 * 0535 * @from, @to_proc, and @to_thread can be set to NULL 0536 * during thread teardown 0537 */ 0538 spinlock_t lock; 0539 }; 0540 0541 /** 0542 * struct binder_object - union of flat binder object types 0543 * @hdr: generic object header 0544 * @fbo: binder object (nodes and refs) 0545 * @fdo: file descriptor object 0546 * @bbo: binder buffer pointer 0547 * @fdao: file descriptor array 0548 * 0549 * Used for type-independent object copies 0550 */ 0551 struct binder_object { 0552 union { 0553 struct binder_object_header hdr; 0554 struct flat_binder_object fbo; 0555 struct binder_fd_object fdo; 0556 struct binder_buffer_object bbo; 0557 struct binder_fd_array_object fdao; 0558 }; 0559 }; 0560 0561 #endif /* _LINUX_BINDER_INTERNAL_H */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.1.0 LXR engine. The LXR team |
|