Lines Matching refs:buffer
308 void *buffer; member
366 struct binder_buffer *buffer; member
458 struct binder_buffer *buffer) in binder_buffer_size() argument
460 if (list_is_last(&buffer->entry, &proc->buffers)) in binder_buffer_size()
461 return proc->buffer + proc->buffer_size - (void *)buffer->data; in binder_buffer_size()
462 return (size_t)list_entry(buffer->entry.next, in binder_buffer_size()
463 struct binder_buffer, entry) - (size_t)buffer->data; in binder_buffer_size()
471 struct binder_buffer *buffer; in binder_insert_free_buffer() local
485 buffer = rb_entry(parent, struct binder_buffer, rb_node); in binder_insert_free_buffer()
486 BUG_ON(!buffer->free); in binder_insert_free_buffer()
488 buffer_size = binder_buffer_size(proc, buffer); in binder_insert_free_buffer()
504 struct binder_buffer *buffer; in binder_insert_allocated_buffer() local
510 buffer = rb_entry(parent, struct binder_buffer, rb_node); in binder_insert_allocated_buffer()
511 BUG_ON(buffer->free); in binder_insert_allocated_buffer()
513 if (new_buffer < buffer) in binder_insert_allocated_buffer()
515 else if (new_buffer > buffer) in binder_insert_allocated_buffer()
528 struct binder_buffer *buffer; in binder_buffer_lookup() local
535 buffer = rb_entry(n, struct binder_buffer, rb_node); in binder_buffer_lookup()
536 BUG_ON(buffer->free); in binder_buffer_lookup()
538 if (kern_ptr < buffer) in binder_buffer_lookup()
540 else if (kern_ptr > buffer) in binder_buffer_lookup()
543 return buffer; in binder_buffer_lookup()
593 page = &proc->pages[(page_addr - proc->buffer) / PAGE_SIZE]; in binder_update_page_range()
630 page = &proc->pages[(page_addr - proc->buffer) / PAGE_SIZE]; in binder_update_page_range()
655 struct binder_buffer *buffer; in binder_alloc_buf() local
686 buffer = rb_entry(n, struct binder_buffer, rb_node); in binder_alloc_buf()
687 BUG_ON(!buffer->free); in binder_alloc_buf()
688 buffer_size = binder_buffer_size(proc, buffer); in binder_alloc_buf()
706 buffer = rb_entry(best_fit, struct binder_buffer, rb_node); in binder_alloc_buf()
707 buffer_size = binder_buffer_size(proc, buffer); in binder_alloc_buf()
712 proc->pid, size, buffer, buffer_size); in binder_alloc_buf()
715 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK); in binder_alloc_buf()
723 (void *)PAGE_ALIGN((uintptr_t)buffer->data + buffer_size); in binder_alloc_buf()
727 (void *)PAGE_ALIGN((uintptr_t)buffer->data), end_page_addr, NULL)) in binder_alloc_buf()
731 buffer->free = 0; in binder_alloc_buf()
732 binder_insert_allocated_buffer(proc, buffer); in binder_alloc_buf()
734 struct binder_buffer *new_buffer = (void *)buffer->data + size; in binder_alloc_buf()
736 list_add(&new_buffer->entry, &buffer->entry); in binder_alloc_buf()
742 proc->pid, size, buffer); in binder_alloc_buf()
743 buffer->data_size = data_size; in binder_alloc_buf()
744 buffer->offsets_size = offsets_size; in binder_alloc_buf()
745 buffer->async_transaction = is_async; in binder_alloc_buf()
753 return buffer; in binder_alloc_buf()
756 static void *buffer_start_page(struct binder_buffer *buffer) in buffer_start_page() argument
758 return (void *)((uintptr_t)buffer & PAGE_MASK); in buffer_start_page()
761 static void *buffer_end_page(struct binder_buffer *buffer) in buffer_end_page() argument
763 return (void *)(((uintptr_t)(buffer + 1) - 1) & PAGE_MASK); in buffer_end_page()
767 struct binder_buffer *buffer) in binder_delete_free_buffer() argument
773 BUG_ON(proc->buffers.next == &buffer->entry); in binder_delete_free_buffer()
774 prev = list_entry(buffer->entry.prev, struct binder_buffer, entry); in binder_delete_free_buffer()
776 if (buffer_end_page(prev) == buffer_start_page(buffer)) { in binder_delete_free_buffer()
778 if (buffer_end_page(prev) == buffer_end_page(buffer)) in binder_delete_free_buffer()
782 proc->pid, buffer, prev); in binder_delete_free_buffer()
785 if (!list_is_last(&buffer->entry, &proc->buffers)) { in binder_delete_free_buffer()
786 next = list_entry(buffer->entry.next, in binder_delete_free_buffer()
788 if (buffer_start_page(next) == buffer_end_page(buffer)) { in binder_delete_free_buffer()
791 buffer_start_page(buffer)) in binder_delete_free_buffer()
795 proc->pid, buffer, prev); in binder_delete_free_buffer()
798 list_del(&buffer->entry); in binder_delete_free_buffer()
802 proc->pid, buffer, free_page_start ? "" : " end", in binder_delete_free_buffer()
805 buffer_start_page(buffer) : buffer_end_page(buffer), in binder_delete_free_buffer()
806 (free_page_end ? buffer_end_page(buffer) : in binder_delete_free_buffer()
807 buffer_start_page(buffer)) + PAGE_SIZE, NULL); in binder_delete_free_buffer()
812 struct binder_buffer *buffer) in binder_free_buf() argument
816 buffer_size = binder_buffer_size(proc, buffer); in binder_free_buf()
818 size = ALIGN(buffer->data_size, sizeof(void *)) + in binder_free_buf()
819 ALIGN(buffer->offsets_size, sizeof(void *)); in binder_free_buf()
823 proc->pid, buffer, size, buffer_size); in binder_free_buf()
825 BUG_ON(buffer->free); in binder_free_buf()
827 BUG_ON(buffer->transaction != NULL); in binder_free_buf()
828 BUG_ON((void *)buffer < proc->buffer); in binder_free_buf()
829 BUG_ON((void *)buffer > proc->buffer + proc->buffer_size); in binder_free_buf()
831 if (buffer->async_transaction) { in binder_free_buf()
840 (void *)PAGE_ALIGN((uintptr_t)buffer->data), in binder_free_buf()
841 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK), in binder_free_buf()
843 rb_erase(&buffer->rb_node, &proc->allocated_buffers); in binder_free_buf()
844 buffer->free = 1; in binder_free_buf()
845 if (!list_is_last(&buffer->entry, &proc->buffers)) { in binder_free_buf()
846 struct binder_buffer *next = list_entry(buffer->entry.next, in binder_free_buf()
854 if (proc->buffers.next != &buffer->entry) { in binder_free_buf()
855 struct binder_buffer *prev = list_entry(buffer->entry.prev, in binder_free_buf()
859 binder_delete_free_buffer(proc, buffer); in binder_free_buf()
861 buffer = prev; in binder_free_buf()
864 binder_insert_free_buffer(proc, buffer); in binder_free_buf()
1181 if (t->buffer) in binder_pop_transaction()
1182 t->buffer->transaction = NULL; in binder_pop_transaction()
1241 struct binder_buffer *buffer, in binder_transaction_buffer_release() argument
1245 int debug_id = buffer->debug_id; in binder_transaction_buffer_release()
1249 proc->pid, buffer->debug_id, in binder_transaction_buffer_release()
1250 buffer->data_size, buffer->offsets_size, failed_at); in binder_transaction_buffer_release()
1252 if (buffer->target_node) in binder_transaction_buffer_release()
1253 binder_dec_node(buffer->target_node, 1, 0); in binder_transaction_buffer_release()
1255 offp = (binder_size_t *)(buffer->data + in binder_transaction_buffer_release()
1256 ALIGN(buffer->data_size, sizeof(void *))); in binder_transaction_buffer_release()
1260 off_end = (void *)offp + buffer->offsets_size; in binder_transaction_buffer_release()
1264 if (*offp > buffer->data_size - sizeof(*fp) || in binder_transaction_buffer_release()
1265 buffer->data_size < sizeof(*fp) || in binder_transaction_buffer_release()
1268 debug_id, (u64)*offp, buffer->data_size); in binder_transaction_buffer_release()
1271 fp = (struct flat_binder_object *)(buffer->data + *offp); in binder_transaction_buffer_release()
1462 (u64)tr->data.ptr.buffer, in binder_transaction()
1470 (u64)tr->data.ptr.buffer, in binder_transaction()
1487 t->buffer = binder_alloc_buf(target_proc, tr->data_size, in binder_transaction()
1489 if (t->buffer == NULL) { in binder_transaction()
1493 t->buffer->allow_user_free = 0; in binder_transaction()
1494 t->buffer->debug_id = t->debug_id; in binder_transaction()
1495 t->buffer->transaction = t; in binder_transaction()
1496 t->buffer->target_node = target_node; in binder_transaction()
1497 trace_binder_transaction_alloc_buf(t->buffer); in binder_transaction()
1501 offp = (binder_size_t *)(t->buffer->data + in binder_transaction()
1504 if (copy_from_user(t->buffer->data, (const void __user *)(uintptr_t) in binder_transaction()
1505 tr->data.ptr.buffer, tr->data_size)) { in binder_transaction()
1528 if (*offp > t->buffer->data_size - sizeof(*fp) || in binder_transaction()
1529 t->buffer->data_size < sizeof(*fp) || in binder_transaction()
1536 fp = (struct flat_binder_object *)(t->buffer->data + *offp); in binder_transaction()
1686 BUG_ON(t->buffer->async_transaction != 0); in binder_transaction()
1689 BUG_ON(t->buffer->async_transaction != 0); in binder_transaction()
1695 BUG_ON(t->buffer->async_transaction != 1); in binder_transaction()
1719 trace_binder_transaction_failed_buffer_release(t->buffer); in binder_transaction()
1720 binder_transaction_buffer_release(target_proc, t->buffer, offp); in binder_transaction()
1721 t->buffer->transaction = NULL; in binder_transaction()
1722 binder_free_buf(target_proc, t->buffer); in binder_transaction()
1761 void __user *buffer = (void __user *)(uintptr_t)binder_buffer; in binder_thread_write() local
1762 void __user *ptr = buffer + *consumed; in binder_thread_write()
1763 void __user *end = buffer + size; in binder_thread_write()
1893 struct binder_buffer *buffer; in binder_thread_write() local
1899 buffer = binder_buffer_lookup(proc, data_ptr); in binder_thread_write()
1900 if (buffer == NULL) { in binder_thread_write()
1905 if (!buffer->allow_user_free) { in binder_thread_write()
1913 buffer->debug_id, in binder_thread_write()
1914 buffer->transaction ? "active" : "finished"); in binder_thread_write()
1916 if (buffer->transaction) { in binder_thread_write()
1917 buffer->transaction->buffer = NULL; in binder_thread_write()
1918 buffer->transaction = NULL; in binder_thread_write()
1920 if (buffer->async_transaction && buffer->target_node) { in binder_thread_write()
1921 BUG_ON(!buffer->target_node->has_async_transaction); in binder_thread_write()
1922 if (list_empty(&buffer->target_node->async_todo)) in binder_thread_write()
1923 buffer->target_node->has_async_transaction = 0; in binder_thread_write()
1925 list_move_tail(buffer->target_node->async_todo.next, &thread->todo); in binder_thread_write()
1927 trace_binder_transaction_buffer_release(buffer); in binder_thread_write()
1928 binder_transaction_buffer_release(proc, buffer, NULL); in binder_thread_write()
1929 binder_free_buf(proc, buffer); in binder_thread_write()
2113 *consumed = ptr - buffer; in binder_thread_write()
2147 void __user *buffer = (void __user *)(uintptr_t)binder_buffer; in binder_thread_read() local
2148 void __user *ptr = buffer + *consumed; in binder_thread_read()
2149 void __user *end = buffer + size; in binder_thread_read()
2237 if (ptr - buffer == 4 && in binder_thread_read()
2375 BUG_ON(t->buffer == NULL); in binder_thread_read()
2376 if (t->buffer->target_node) { in binder_thread_read()
2377 struct binder_node *target_node = t->buffer->target_node; in binder_thread_read()
2407 tr.data_size = t->buffer->data_size; in binder_thread_read()
2408 tr.offsets_size = t->buffer->offsets_size; in binder_thread_read()
2409 tr.data.ptr.buffer = (binder_uintptr_t)( in binder_thread_read()
2410 (uintptr_t)t->buffer->data + in binder_thread_read()
2412 tr.data.ptr.offsets = tr.data.ptr.buffer + in binder_thread_read()
2413 ALIGN(t->buffer->data_size, in binder_thread_read()
2432 t->buffer->data_size, t->buffer->offsets_size, in binder_thread_read()
2433 (u64)tr.data.ptr.buffer, (u64)tr.data.ptr.offsets); in binder_thread_read()
2436 t->buffer->allow_user_free = 1; in binder_thread_read()
2442 t->buffer->transaction = NULL; in binder_thread_read()
2451 *consumed = ptr - buffer; in binder_thread_read()
2461 if (put_user(BR_SPAWN_LOOPER, (uint32_t __user *)buffer)) in binder_thread_read()
2480 if (t->buffer->target_node && in binder_release_work()
2487 t->buffer->transaction = NULL; in binder_release_work()
2575 if (t->buffer) { in binder_free_thread()
2576 t->buffer->transaction = NULL; in binder_free_thread()
2577 t->buffer = NULL; in binder_free_thread()
2849 struct binder_buffer *buffer; in binder_mmap() local
2871 if (proc->buffer) { in binder_mmap()
2883 proc->buffer = area->addr; in binder_mmap()
2884 proc->user_buffer_offset = vma->vm_start - (uintptr_t)proc->buffer; in binder_mmap()
2889 while (CACHE_COLOUR((vma->vm_start ^ (uint32_t)proc->buffer))) { in binder_mmap()
2890 …er_mmap: %d %lx-%lx maps %p bad alignment\n", proc->pid, vma->vm_start, vma->vm_end, proc->buffer); in binder_mmap()
2906 if (binder_update_page_range(proc, 1, proc->buffer, proc->buffer + PAGE_SIZE, vma)) { in binder_mmap()
2911 buffer = proc->buffer; in binder_mmap()
2913 list_add(&buffer->entry, &proc->buffers); in binder_mmap()
2914 buffer->free = 1; in binder_mmap()
2915 binder_insert_free_buffer(proc, buffer); in binder_mmap()
2931 vfree(proc->buffer); in binder_mmap()
2932 proc->buffer = NULL; in binder_mmap()
3117 struct binder_buffer *buffer; in binder_deferred_release() local
3119 buffer = rb_entry(n, struct binder_buffer, rb_node); in binder_deferred_release()
3121 t = buffer->transaction; in binder_deferred_release()
3123 t->buffer = NULL; in binder_deferred_release()
3124 buffer->transaction = NULL; in binder_deferred_release()
3130 binder_free_buf(proc, buffer); in binder_deferred_release()
3146 page_addr = proc->buffer + i * PAGE_SIZE; in binder_deferred_release()
3155 vfree(proc->buffer); in binder_deferred_release()
3234 if (t->buffer == NULL) { in print_binder_transaction()
3238 if (t->buffer->target_node) in print_binder_transaction()
3240 t->buffer->target_node->debug_id); in print_binder_transaction()
3242 t->buffer->data_size, t->buffer->offsets_size, in print_binder_transaction()
3243 t->buffer->data); in print_binder_transaction()
3247 struct binder_buffer *buffer) in print_binder_buffer() argument
3250 prefix, buffer->debug_id, buffer->data, in print_binder_buffer()
3251 buffer->data_size, buffer->offsets_size, in print_binder_buffer()
3252 buffer->transaction ? "active" : "delivered"); in print_binder_buffer()