projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FROMLIST: android: binder: Move buffer out of area shared with user space
[GitHub/LineageOS/android_kernel_samsung_universal7580.git] / drivers / android / binder_alloc_selftest.c
1 /* binder_alloc_selftest.c
2 *
3 * Android IPC Subsystem
4 *
5 * Copyright (C) 2017 Google, Inc.
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19
20 #include <linux/mm_types.h>
21 #include <linux/err.h>
22 #include "binder_alloc.h"
23
24 #define BUFFER_NUM 5
25 #define BUFFER_MIN_SIZE (PAGE_SIZE / 8)
26
27 static bool binder_selftest_run = true;
28 static int binder_selftest_failures;
29 static DEFINE_MUTEX(binder_selftest_lock);
30
31 /**
32 * enum buf_end_align_type - Page alignment of a buffer
33 * end with regard to the end of the previous buffer.
34 *
35 * In the pictures below, buf2 refers to the buffer we
36 * are aligning. buf1 refers to previous buffer by addr.
37 * Symbol [ means the start of a buffer, ] means the end
38 * of a buffer, and | means page boundaries.
39 */
40 enum buf_end_align_type {
41 /**
42 * @SAME_PAGE_UNALIGNED: The end of this buffer is on
43 * the same page as the end of the previous buffer and
44 * is not page aligned. Examples:
45 * buf1 ][ buf2 ][ ...
46 * buf1 ]|[ buf2 ][ ...
47 */
48 SAME_PAGE_UNALIGNED = 0,
49 /**
50 * @SAME_PAGE_ALIGNED: When the end of the previous buffer
51 * is not page aligned, the end of this buffer is on the
52 * same page as the end of the previous buffer and is page
53 * aligned. When the previous buffer is page aligned, the
54 * end of this buffer is aligned to the next page boundary.
55 * Examples:
56 * buf1 ][ buf2 ]| ...
57 * buf1 ]|[ buf2 ]| ...
58 */
59 SAME_PAGE_ALIGNED,
60 /**
61 * @NEXT_PAGE_UNALIGNED: The end of this buffer is on
62 * the page next to the end of the previous buffer and
63 * is not page aligned. Examples:
64 * buf1 ][ buf2 | buf2 ][ ...
65 * buf1 ]|[ buf2 | buf2 ][ ...
66 */
67 NEXT_PAGE_UNALIGNED,
68 /**
69 * @NEXT_PAGE_ALIGNED: The end of this buffer is on
70 * the page next to the end of the previous buffer and
71 * is page aligned. Examples:
72 * buf1 ][ buf2 | buf2 ]| ...
73 * buf1 ]|[ buf2 | buf2 ]| ...
74 */
75 NEXT_PAGE_ALIGNED,
76 /**
77 * @NEXT_NEXT_UNALIGNED: The end of this buffer is on
78 * the page that follows the page after the end of the
79 * previous buffer and is not page aligned. Examples:
80 * buf1 ][ buf2 | buf2 | buf2 ][ ...
81 * buf1 ]|[ buf2 | buf2 | buf2 ][ ...
82 */
83 NEXT_NEXT_UNALIGNED,
84 LOOP_END,
85 };
86
87 static void pr_err_size_seq(size_t *sizes, int *seq)
88 {
89 int i;
90
91 pr_err("alloc sizes: ");
92 for (i = 0; i < BUFFER_NUM; i++)
93 pr_cont("[%zu]", sizes[i]);
94 pr_cont("\n");
95 pr_err("free seq: ");
96 for (i = 0; i < BUFFER_NUM; i++)
97 pr_cont("[%d]", seq[i]);
98 pr_cont("\n");
99 }
100
101 static bool check_buffer_pages_allocated(struct binder_alloc *alloc,
102 struct binder_buffer *buffer,
103 size_t size)
104 {
105 void *page_addr, *end;
106 int page_index;
107
108 end = (void *)PAGE_ALIGN((uintptr_t)buffer->data + size);
109 page_addr = buffer->data;
110 for (; page_addr < end; page_addr += PAGE_SIZE) {
111 page_index = (page_addr - alloc->buffer) / PAGE_SIZE;
112 if (!alloc->pages[page_index]) {
113 pr_err("incorrect alloc state at page index %d\n",
114 page_index);
115 return false;
116 }
117 }
118 return true;
119 }
120
121 static void binder_selftest_alloc_buf(struct binder_alloc *alloc,
122 struct binder_buffer *buffers[],
123 size_t *sizes, int *seq)
124 {
125 int i;
126
127 for (i = 0; i < BUFFER_NUM; i++) {
128 buffers[i] = binder_alloc_new_buf(alloc, sizes[i], 0, 0, 0);
129 if (IS_ERR(buffers[i]) ||
130 !check_buffer_pages_allocated(alloc, buffers[i],
131 sizes[i])) {
132 pr_err_size_seq(sizes, seq);
133 binder_selftest_failures++;
134 }
135 }
136 }
137
138 static void binder_selftest_free_buf(struct binder_alloc *alloc,
139 struct binder_buffer *buffers[],
140 size_t *sizes, int *seq)
141 {
142 int i;
143
144 for (i = 0; i < BUFFER_NUM; i++)
145 binder_alloc_free_buf(alloc, buffers[seq[i]]);
146
147 for (i = 0; i < (alloc->buffer_size / PAGE_SIZE); i++) {
148 if ((!alloc->pages[i]) == (i == 0)) {
149 pr_err("incorrect free state at page index %d\n", i);
150 binder_selftest_failures++;
151 }
152 }
153 }
154
155 static void binder_selftest_alloc_free(struct binder_alloc *alloc,
156 size_t *sizes, int *seq)
157 {
158 struct binder_buffer *buffers[BUFFER_NUM];
159
160 binder_selftest_alloc_buf(alloc, buffers, sizes, seq);
161 binder_selftest_free_buf(alloc, buffers, sizes, seq);
162 }
163
164 static bool is_dup(int *seq, int index, int val)
165 {
166 int i;
167
168 for (i = 0; i < index; i++) {
169 if (seq[i] == val)
170 return true;
171 }
172 return false;
173 }
174
175 /* Generate BUFFER_NUM factorial free orders. */
176 static void binder_selftest_free_seq(struct binder_alloc *alloc,
177 size_t *sizes, int *seq, int index)
178 {
179 int i;
180
181 if (index == BUFFER_NUM) {
182 binder_selftest_alloc_free(alloc, sizes, seq);
183 return;
184 }
185 for (i = 0; i < BUFFER_NUM; i++) {
186 if (is_dup(seq, index, i))
187 continue;
188 seq[index] = i;
189 binder_selftest_free_seq(alloc, sizes, seq, index + 1);
190 }
191 }
192
193 static void binder_selftest_alloc_size(struct binder_alloc *alloc,
194 size_t *end_offset)
195 {
196 int i;
197 int seq[BUFFER_NUM] = {0};
198 size_t front_sizes[BUFFER_NUM];
199 size_t back_sizes[BUFFER_NUM];
200 size_t last_offset, offset = 0;
201
202 for (i = 0; i < BUFFER_NUM; i++) {
203 last_offset = offset;
204 offset = end_offset[i];
205 front_sizes[i] = offset - last_offset;
206 back_sizes[BUFFER_NUM - i - 1] = front_sizes[i];
207 }
208 /*
209 * Buffers share the first or last few pages.
210 * Only BUFFER_NUM - 1 buffer sizes are adjustable since
211 * we need one giant buffer before getting to the last page.
212 */
213 back_sizes[0] += alloc->buffer_size - end_offset[BUFFER_NUM - 1];
214 binder_selftest_free_seq(alloc, front_sizes, seq, 0);
215 binder_selftest_free_seq(alloc, back_sizes, seq, 0);
216 }
217
218 static void binder_selftest_alloc_offset(struct binder_alloc *alloc,
219 size_t *end_offset, int index)
220 {
221 int align;
222 size_t end, prev;
223
224 if (index == BUFFER_NUM) {
225 binder_selftest_alloc_size(alloc, end_offset);
226 return;
227 }
228 prev = index == 0 ? 0 : end_offset[index - 1];
229 end = prev;
230
231 BUILD_BUG_ON(BUFFER_MIN_SIZE * BUFFER_NUM >= PAGE_SIZE);
232
233 for (align = SAME_PAGE_UNALIGNED; align < LOOP_END; align++) {
234 if (align % 2)
235 end = ALIGN(end, PAGE_SIZE);
236 else
237 end += BUFFER_MIN_SIZE;
238 end_offset[index] = end;
239 binder_selftest_alloc_offset(alloc, end_offset, index + 1);
240 }
241 }
242
243 /**
244 * binder_selftest_alloc() - Test alloc and free of buffer pages.
245 * @alloc: Pointer to alloc struct.
246 *
247 * Allocate BUFFER_NUM buffers to cover all page alignment cases,
248 * then free them in all orders possible. Check that pages are
249 * allocated after buffer alloc and freed after freeing buffer.
250 */
251 void binder_selftest_alloc(struct binder_alloc *alloc)
252 {
253 size_t end_offset[BUFFER_NUM];
254
255 if (!binder_selftest_run)
256 return;
257 mutex_lock(&binder_selftest_lock);
258 if (!binder_selftest_run || !alloc->vma)
259 goto done;
260 pr_info("STARTED\n");
261 binder_selftest_alloc_offset(alloc, end_offset, 0);
262 binder_selftest_run = false;
263 if (binder_selftest_failures > 0)
264 pr_info("%d tests FAILED\n", binder_selftest_failures);
265 else
266 pr_info("PASSED\n");
267
268 done:
269 mutex_unlock(&binder_selftest_lock);
270 }