2 * drivers/gpu/ion/ion.c
4 * Copyright (C) 2011 Google, Inc.
6 * This software is licensed under the terms of the GNU General Public
7 * License version 2, as published by the Free Software Foundation, and
8 * may be copied, distributed, and modified under those terms.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
17 #include <linux/device.h>
18 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/ion.h>
22 #include <linux/list.h>
23 #include <linux/memblock.h>
24 #include <linux/miscdevice.h>
25 #include <linux/export.h>
27 #include <linux/mm_types.h>
28 #include <linux/rbtree.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/seq_file.h>
32 #include <linux/uaccess.h>
33 #include <linux/debugfs.h>
39 * struct ion_device - the metadata of the ion device node
40 * @dev: the actual misc device
41 * @buffers: an rb tree of all the existing buffers
42 * @lock: lock protecting the buffers & heaps trees
43 * @heaps: list of all the heaps in the system
44 * @user_clients: list of all the clients created from userspace
47 struct miscdevice dev;
48 struct rb_root buffers;
51 long (*custom_ioctl) (struct ion_client *client, unsigned int cmd,
53 struct rb_root user_clients;
54 struct rb_root kernel_clients;
55 struct dentry *debug_root;
59 * struct ion_client - a process/hw block local address space
60 * @ref: for reference counting the client
61 * @node: node in the tree of all clients
62 * @dev: backpointer to ion device
63 * @handles: an rb tree of all the handles in this client
64 * @lock: lock protecting the tree of handles
65 * @heap_mask: mask of all supported heaps
66 * @name: used for debugging
67 * @task: used for debugging
69 * A client represents a list of buffers this client may access.
70 * The mutex stored here is used to protect both handles tree
71 * as well as the handles themselves, and should be held while modifying either.
76 struct ion_device *dev;
77 struct rb_root handles;
79 unsigned int heap_mask;
81 struct task_struct *task;
83 struct dentry *debug_root;
87 * ion_handle - a client local reference to a buffer
88 * @ref: reference count
89 * @client: back pointer to the client the buffer resides in
90 * @buffer: pointer to the buffer
91 * @node: node in the client's handle rbtree
92 * @kmap_cnt: count of times this client has mapped to kernel
93 * @dmap_cnt: count of times this client has mapped for dma
94 * @usermap_cnt: count of times this client has mapped for userspace
96 * Modifications to node, map_cnt or mapping should be protected by the
97 * lock in the client. Other fields are never changed after initialization.
101 struct ion_client *client;
102 struct ion_buffer *buffer;
104 unsigned int kmap_cnt;
105 unsigned int dmap_cnt;
106 unsigned int usermap_cnt;
109 /* this function should only be called while dev->lock is held */
110 static void ion_buffer_add(struct ion_device *dev,
111 struct ion_buffer *buffer)
113 struct rb_node **p = &dev->buffers.rb_node;
114 struct rb_node *parent = NULL;
115 struct ion_buffer *entry;
119 entry = rb_entry(parent, struct ion_buffer, node);
121 if (buffer < entry) {
123 } else if (buffer > entry) {
126 pr_err("%s: buffer already found.", __func__);
131 rb_link_node(&buffer->node, parent, p);
132 rb_insert_color(&buffer->node, &dev->buffers);
135 /* this function should only be called while dev->lock is held */
136 static struct ion_buffer *ion_buffer_create(struct ion_heap *heap,
137 struct ion_device *dev,
142 struct ion_buffer *buffer;
145 buffer = kzalloc(sizeof(struct ion_buffer), GFP_KERNEL);
147 return ERR_PTR(-ENOMEM);
150 kref_init(&buffer->ref);
152 ret = heap->ops->allocate(heap, buffer, len, align, flags);
159 mutex_init(&buffer->lock);
160 ion_buffer_add(dev, buffer);
164 static void ion_buffer_destroy(struct kref *kref)
166 struct ion_buffer *buffer = container_of(kref, struct ion_buffer, ref);
167 struct ion_device *dev = buffer->dev;
169 if (WARN_ON(buffer->kmap_cnt > 0))
170 buffer->heap->ops->unmap_kernel(buffer->heap, buffer);
172 if (WARN_ON(buffer->dmap_cnt > 0))
173 buffer->heap->ops->unmap_dma(buffer->heap, buffer);
175 buffer->heap->ops->free(buffer);
176 mutex_lock(&dev->lock);
177 rb_erase(&buffer->node, &dev->buffers);
178 mutex_unlock(&dev->lock);
182 static void ion_buffer_get(struct ion_buffer *buffer)
184 kref_get(&buffer->ref);
187 static int ion_buffer_put(struct ion_buffer *buffer)
189 return kref_put(&buffer->ref, ion_buffer_destroy);
192 static struct ion_handle *ion_handle_create(struct ion_client *client,
193 struct ion_buffer *buffer)
195 struct ion_handle *handle;
197 handle = kzalloc(sizeof(struct ion_handle), GFP_KERNEL);
199 return ERR_PTR(-ENOMEM);
200 kref_init(&handle->ref);
201 RB_CLEAR_NODE(&handle->node);
202 handle->client = client;
203 ion_buffer_get(buffer);
204 handle->buffer = buffer;
209 static void ion_handle_destroy(struct kref *kref)
211 struct ion_handle *handle = container_of(kref, struct ion_handle, ref);
212 /* XXX Can a handle be destroyed while it's map count is non-zero?:
213 if (handle->map_cnt) unmap
215 ion_buffer_put(handle->buffer);
216 mutex_lock(&handle->client->lock);
217 if (!RB_EMPTY_NODE(&handle->node))
218 rb_erase(&handle->node, &handle->client->handles);
219 mutex_unlock(&handle->client->lock);
223 struct ion_buffer *ion_handle_buffer(struct ion_handle *handle)
225 return handle->buffer;
228 static void ion_handle_get(struct ion_handle *handle)
230 kref_get(&handle->ref);
233 static int ion_handle_put(struct ion_handle *handle)
235 return kref_put(&handle->ref, ion_handle_destroy);
238 static struct ion_handle *ion_handle_lookup(struct ion_client *client,
239 struct ion_buffer *buffer)
243 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
244 struct ion_handle *handle = rb_entry(n, struct ion_handle,
246 if (handle->buffer == buffer)
252 static bool ion_handle_validate(struct ion_client *client, struct ion_handle *handle)
254 struct rb_node *n = client->handles.rb_node;
257 struct ion_handle *handle_node = rb_entry(n, struct ion_handle,
259 if (handle < handle_node)
261 else if (handle > handle_node)
269 static void ion_handle_add(struct ion_client *client, struct ion_handle *handle)
271 struct rb_node **p = &client->handles.rb_node;
272 struct rb_node *parent = NULL;
273 struct ion_handle *entry;
277 entry = rb_entry(parent, struct ion_handle, node);
281 else if (handle > entry)
284 WARN(1, "%s: buffer already found.", __func__);
287 rb_link_node(&handle->node, parent, p);
288 rb_insert_color(&handle->node, &client->handles);
291 struct ion_handle *ion_alloc(struct ion_client *client, size_t len,
292 size_t align, unsigned int flags)
295 struct ion_handle *handle;
296 struct ion_device *dev = client->dev;
297 struct ion_buffer *buffer = NULL;
300 * traverse the list of heaps available in this system in priority
301 * order. If the heap type is supported by the client, and matches the
302 * request of the caller allocate from it. Repeat until allocate has
303 * succeeded or all heaps have been tried
306 return ERR_PTR(-EINVAL);
308 len = PAGE_ALIGN(len);
310 mutex_lock(&dev->lock);
311 for (n = rb_first(&dev->heaps); n != NULL; n = rb_next(n)) {
312 struct ion_heap *heap = rb_entry(n, struct ion_heap, node);
313 /* if the client doesn't support this heap type */
314 if (!((1 << heap->type) & client->heap_mask))
316 /* if the caller didn't specify this heap type */
317 if (!((1 << heap->id) & flags))
319 buffer = ion_buffer_create(heap, dev, len, align, flags);
320 if (!IS_ERR_OR_NULL(buffer))
323 mutex_unlock(&dev->lock);
326 return ERR_PTR(-ENODEV);
329 return ERR_PTR(PTR_ERR(buffer));
331 handle = ion_handle_create(client, buffer);
334 * ion_buffer_create will create a buffer with a ref_cnt of 1,
335 * and ion_handle_create will take a second reference, drop one here
337 ion_buffer_put(buffer);
339 if (!IS_ERR(handle)) {
340 mutex_lock(&client->lock);
341 ion_handle_add(client, handle);
342 mutex_unlock(&client->lock);
348 void ion_free(struct ion_client *client, struct ion_handle *handle)
352 BUG_ON(client != handle->client);
354 mutex_lock(&client->lock);
355 valid_handle = ion_handle_validate(client, handle);
356 mutex_unlock(&client->lock);
359 WARN("%s: invalid handle passed to free.\n", __func__);
362 ion_handle_put(handle);
365 static void ion_client_get(struct ion_client *client);
366 static int ion_client_put(struct ion_client *client);
368 static bool _ion_map(int *buffer_cnt, int *handle_cnt)
372 BUG_ON(*handle_cnt != 0 && *buffer_cnt == 0);
378 if (*handle_cnt == 0)
384 static bool _ion_unmap(int *buffer_cnt, int *handle_cnt)
386 BUG_ON(*handle_cnt == 0);
388 if (*handle_cnt != 0)
390 BUG_ON(*buffer_cnt == 0);
392 if (*buffer_cnt == 0)
397 int ion_phys(struct ion_client *client, struct ion_handle *handle,
398 ion_phys_addr_t *addr, size_t *len)
400 struct ion_buffer *buffer;
403 mutex_lock(&client->lock);
404 if (!ion_handle_validate(client, handle)) {
405 mutex_unlock(&client->lock);
409 buffer = handle->buffer;
411 if (!buffer->heap->ops->phys) {
412 pr_err("%s: ion_phys is not implemented by this heap.\n",
414 mutex_unlock(&client->lock);
417 mutex_unlock(&client->lock);
418 ret = buffer->heap->ops->phys(buffer->heap, buffer, addr, len);
422 void *ion_map_kernel(struct ion_client *client, struct ion_handle *handle)
424 struct ion_buffer *buffer;
427 mutex_lock(&client->lock);
428 if (!ion_handle_validate(client, handle)) {
429 pr_err("%s: invalid handle passed to map_kernel.\n",
431 mutex_unlock(&client->lock);
432 return ERR_PTR(-EINVAL);
435 buffer = handle->buffer;
436 mutex_lock(&buffer->lock);
438 if (!handle->buffer->heap->ops->map_kernel) {
439 pr_err("%s: map_kernel is not implemented by this heap.\n",
441 mutex_unlock(&buffer->lock);
442 mutex_unlock(&client->lock);
443 return ERR_PTR(-ENODEV);
446 if (_ion_map(&buffer->kmap_cnt, &handle->kmap_cnt)) {
447 vaddr = buffer->heap->ops->map_kernel(buffer->heap, buffer);
448 if (IS_ERR_OR_NULL(vaddr))
449 _ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt);
450 buffer->vaddr = vaddr;
452 vaddr = buffer->vaddr;
454 mutex_unlock(&buffer->lock);
455 mutex_unlock(&client->lock);
459 struct sg_table *ion_map_dma(struct ion_client *client,
460 struct ion_handle *handle)
462 struct ion_buffer *buffer;
463 struct sg_table *table;
465 mutex_lock(&client->lock);
466 if (!ion_handle_validate(client, handle)) {
467 pr_err("%s: invalid handle passed to map_dma.\n",
469 mutex_unlock(&client->lock);
470 return ERR_PTR(-EINVAL);
472 buffer = handle->buffer;
473 mutex_lock(&buffer->lock);
475 if (!handle->buffer->heap->ops->map_dma) {
476 pr_err("%s: map_kernel is not implemented by this heap.\n",
478 mutex_unlock(&buffer->lock);
479 mutex_unlock(&client->lock);
480 return ERR_PTR(-ENODEV);
482 if (_ion_map(&buffer->dmap_cnt, &handle->dmap_cnt)) {
483 table = buffer->heap->ops->map_dma(buffer->heap, buffer);
484 if (IS_ERR_OR_NULL(table))
485 _ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt);
486 buffer->sg_table = table;
488 table = buffer->sg_table;
490 mutex_unlock(&buffer->lock);
491 mutex_unlock(&client->lock);
495 void ion_unmap_kernel(struct ion_client *client, struct ion_handle *handle)
497 struct ion_buffer *buffer;
499 mutex_lock(&client->lock);
500 buffer = handle->buffer;
501 mutex_lock(&buffer->lock);
502 if (_ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt)) {
503 buffer->heap->ops->unmap_kernel(buffer->heap, buffer);
504 buffer->vaddr = NULL;
506 mutex_unlock(&buffer->lock);
507 mutex_unlock(&client->lock);
510 void ion_unmap_dma(struct ion_client *client, struct ion_handle *handle)
512 struct ion_buffer *buffer;
514 mutex_lock(&client->lock);
515 buffer = handle->buffer;
516 mutex_lock(&buffer->lock);
517 if (_ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt)) {
518 buffer->heap->ops->unmap_dma(buffer->heap, buffer);
519 buffer->sg_table = NULL;
521 mutex_unlock(&buffer->lock);
522 mutex_unlock(&client->lock);
526 struct ion_buffer *ion_share(struct ion_client *client,
527 struct ion_handle *handle)
531 mutex_lock(&client->lock);
532 valid_handle = ion_handle_validate(client, handle);
533 mutex_unlock(&client->lock);
535 WARN("%s: invalid handle passed to share.\n", __func__);
536 return ERR_PTR(-EINVAL);
539 /* do not take an extra reference here, the burden is on the caller
540 * to make sure the buffer doesn't go away while it's passing it
541 * to another client -- ion_free should not be called on this handle
542 * until the buffer has been imported into the other client
544 return handle->buffer;
547 struct ion_handle *ion_import(struct ion_client *client,
548 struct ion_buffer *buffer)
550 struct ion_handle *handle = NULL;
552 mutex_lock(&client->lock);
553 /* if a handle exists for this buffer just take a reference to it */
554 handle = ion_handle_lookup(client, buffer);
555 if (!IS_ERR_OR_NULL(handle)) {
556 ion_handle_get(handle);
559 handle = ion_handle_create(client, buffer);
560 if (IS_ERR_OR_NULL(handle))
562 ion_handle_add(client, handle);
564 mutex_unlock(&client->lock);
568 static const struct file_operations ion_share_fops;
570 struct ion_handle *ion_import_fd(struct ion_client *client, int fd)
572 struct file *file = fget(fd);
573 struct ion_handle *handle;
576 pr_err("%s: imported fd not found in file table.\n", __func__);
577 return ERR_PTR(-EINVAL);
579 if (file->f_op != &ion_share_fops) {
580 pr_err("%s: imported file is not a shared ion file.\n",
582 handle = ERR_PTR(-EINVAL);
585 handle = ion_import(client, file->private_data);
591 static int ion_debug_client_show(struct seq_file *s, void *unused)
593 struct ion_client *client = s->private;
595 size_t sizes[ION_NUM_HEAPS] = {0};
596 const char *names[ION_NUM_HEAPS] = {0};
599 mutex_lock(&client->lock);
600 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
601 struct ion_handle *handle = rb_entry(n, struct ion_handle,
603 enum ion_heap_type type = handle->buffer->heap->type;
606 names[type] = handle->buffer->heap->name;
607 sizes[type] += handle->buffer->size;
609 mutex_unlock(&client->lock);
611 seq_printf(s, "%16.16s: %16.16s\n", "heap_name", "size_in_bytes");
612 for (i = 0; i < ION_NUM_HEAPS; i++) {
615 seq_printf(s, "%16.16s: %16u %d\n", names[i], sizes[i],
616 atomic_read(&client->ref.refcount));
621 static int ion_debug_client_open(struct inode *inode, struct file *file)
623 return single_open(file, ion_debug_client_show, inode->i_private);
626 static const struct file_operations debug_client_fops = {
627 .open = ion_debug_client_open,
630 .release = single_release,
633 static struct ion_client *ion_client_lookup(struct ion_device *dev,
634 struct task_struct *task)
636 struct rb_node *n = dev->user_clients.rb_node;
637 struct ion_client *client;
639 mutex_lock(&dev->lock);
641 client = rb_entry(n, struct ion_client, node);
642 if (task == client->task) {
643 ion_client_get(client);
644 mutex_unlock(&dev->lock);
646 } else if (task < client->task) {
648 } else if (task > client->task) {
652 mutex_unlock(&dev->lock);
656 struct ion_client *ion_client_create(struct ion_device *dev,
657 unsigned int heap_mask,
660 struct ion_client *client;
661 struct task_struct *task;
663 struct rb_node *parent = NULL;
664 struct ion_client *entry;
668 get_task_struct(current->group_leader);
669 task_lock(current->group_leader);
670 pid = task_pid_nr(current->group_leader);
671 /* don't bother to store task struct for kernel threads,
672 they can't be killed anyway */
673 if (current->group_leader->flags & PF_KTHREAD) {
674 put_task_struct(current->group_leader);
677 task = current->group_leader;
679 task_unlock(current->group_leader);
681 /* if this isn't a kernel thread, see if a client already
684 client = ion_client_lookup(dev, task);
685 if (!IS_ERR_OR_NULL(client)) {
686 put_task_struct(current->group_leader);
691 client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
694 put_task_struct(current->group_leader);
695 return ERR_PTR(-ENOMEM);
699 client->handles = RB_ROOT;
700 mutex_init(&client->lock);
702 client->heap_mask = heap_mask;
705 kref_init(&client->ref);
707 mutex_lock(&dev->lock);
709 p = &dev->user_clients.rb_node;
712 entry = rb_entry(parent, struct ion_client, node);
714 if (task < entry->task)
716 else if (task > entry->task)
719 rb_link_node(&client->node, parent, p);
720 rb_insert_color(&client->node, &dev->user_clients);
722 p = &dev->kernel_clients.rb_node;
725 entry = rb_entry(parent, struct ion_client, node);
729 else if (client > entry)
732 rb_link_node(&client->node, parent, p);
733 rb_insert_color(&client->node, &dev->kernel_clients);
736 snprintf(debug_name, 64, "%u", client->pid);
737 client->debug_root = debugfs_create_file(debug_name, 0664,
738 dev->debug_root, client,
740 mutex_unlock(&dev->lock);
745 static void _ion_client_destroy(struct kref *kref)
747 struct ion_client *client = container_of(kref, struct ion_client, ref);
748 struct ion_device *dev = client->dev;
751 pr_debug("%s: %d\n", __func__, __LINE__);
752 while ((n = rb_first(&client->handles))) {
753 struct ion_handle *handle = rb_entry(n, struct ion_handle,
755 ion_handle_destroy(&handle->ref);
757 mutex_lock(&dev->lock);
759 rb_erase(&client->node, &dev->user_clients);
760 put_task_struct(client->task);
762 rb_erase(&client->node, &dev->kernel_clients);
764 debugfs_remove_recursive(client->debug_root);
765 mutex_unlock(&dev->lock);
770 static void ion_client_get(struct ion_client *client)
772 kref_get(&client->ref);
775 static int ion_client_put(struct ion_client *client)
777 return kref_put(&client->ref, _ion_client_destroy);
780 void ion_client_destroy(struct ion_client *client)
782 ion_client_put(client);
785 static int ion_share_release(struct inode *inode, struct file* file)
787 struct ion_buffer *buffer = file->private_data;
789 pr_debug("%s: %d\n", __func__, __LINE__);
790 /* drop the reference to the buffer -- this prevents the
791 buffer from going away because the client holding it exited
792 while it was being passed */
793 ion_buffer_put(buffer);
797 static void ion_vma_open(struct vm_area_struct *vma)
800 struct ion_buffer *buffer = vma->vm_file->private_data;
801 struct ion_handle *handle = vma->vm_private_data;
802 struct ion_client *client;
804 pr_debug("%s: %d\n", __func__, __LINE__);
805 /* check that the client still exists and take a reference so
806 it can't go away until this vma is closed */
807 client = ion_client_lookup(buffer->dev, current->group_leader);
808 if (IS_ERR_OR_NULL(client)) {
809 vma->vm_private_data = NULL;
813 if (!ion_handle_validate(client, handle)) {
814 ion_client_put(client);
815 vma->vm_private_data = NULL;
819 ion_handle_get(handle);
821 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
823 atomic_read(&client->ref.refcount),
824 atomic_read(&handle->ref.refcount),
825 atomic_read(&buffer->ref.refcount));
828 static void ion_vma_close(struct vm_area_struct *vma)
830 struct ion_handle *handle = vma->vm_private_data;
831 struct ion_buffer *buffer = vma->vm_file->private_data;
832 struct ion_client *client;
834 pr_debug("%s: %d\n", __func__, __LINE__);
835 /* this indicates the client is gone, nothing to do here */
838 client = handle->client;
839 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
841 atomic_read(&client->ref.refcount),
842 atomic_read(&handle->ref.refcount),
843 atomic_read(&buffer->ref.refcount));
844 ion_handle_put(handle);
845 ion_client_put(client);
846 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
848 atomic_read(&client->ref.refcount),
849 atomic_read(&handle->ref.refcount),
850 atomic_read(&buffer->ref.refcount));
853 static struct vm_operations_struct ion_vm_ops = {
854 .open = ion_vma_open,
855 .close = ion_vma_close,
858 static int ion_share_mmap(struct file *file, struct vm_area_struct *vma)
860 struct ion_buffer *buffer = file->private_data;
861 unsigned long size = vma->vm_end - vma->vm_start;
862 struct ion_client *client;
863 struct ion_handle *handle;
866 pr_debug("%s: %d\n", __func__, __LINE__);
867 /* make sure the client still exists, it's possible for the client to
868 have gone away but the map/share fd still to be around, take
869 a reference to it so it can't go away while this mapping exists */
870 client = ion_client_lookup(buffer->dev, current->group_leader);
871 if (IS_ERR_OR_NULL(client)) {
872 pr_err("%s: trying to mmap an ion handle in a process with no "
873 "ion client\n", __func__);
877 if ((size > buffer->size) || (size + (vma->vm_pgoff << PAGE_SHIFT) >
879 pr_err("%s: trying to map larger area than handle has available"
885 /* find the handle and take a reference to it */
886 handle = ion_import(client, buffer);
887 if (IS_ERR_OR_NULL(handle)) {
892 if (!handle->buffer->heap->ops->map_user) {
893 pr_err("%s: this heap does not define a method for mapping "
894 "to userspace\n", __func__);
899 mutex_lock(&buffer->lock);
900 /* now map it to userspace */
901 ret = buffer->heap->ops->map_user(buffer->heap, buffer, vma);
902 mutex_unlock(&buffer->lock);
904 pr_err("%s: failure mapping buffer to userspace\n",
909 vma->vm_ops = &ion_vm_ops;
910 /* move the handle into the vm_private_data so we can access it from
912 vma->vm_private_data = handle;
913 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
915 atomic_read(&client->ref.refcount),
916 atomic_read(&handle->ref.refcount),
917 atomic_read(&buffer->ref.refcount));
921 /* drop the reference to the handle */
922 ion_handle_put(handle);
924 /* drop the reference to the client */
925 ion_client_put(client);
929 static const struct file_operations ion_share_fops = {
930 .owner = THIS_MODULE,
931 .release = ion_share_release,
932 .mmap = ion_share_mmap,
935 static int ion_ioctl_share(struct file *parent, struct ion_client *client,
936 struct ion_handle *handle)
938 int fd = get_unused_fd();
944 file = anon_inode_getfile("ion_share_fd", &ion_share_fops,
945 handle->buffer, O_RDWR);
946 if (IS_ERR_OR_NULL(file))
948 ion_buffer_get(handle->buffer);
949 fd_install(fd, file);
958 static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
960 struct ion_client *client = filp->private_data;
965 struct ion_allocation_data data;
967 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
969 data.handle = ion_alloc(client, data.len, data.align,
972 if (IS_ERR(data.handle))
973 return PTR_ERR(data.handle);
975 if (copy_to_user((void __user *)arg, &data, sizeof(data))) {
976 ion_free(client, data.handle);
983 struct ion_handle_data data;
986 if (copy_from_user(&data, (void __user *)arg,
987 sizeof(struct ion_handle_data)))
989 mutex_lock(&client->lock);
990 valid = ion_handle_validate(client, data.handle);
991 mutex_unlock(&client->lock);
994 ion_free(client, data.handle);
1000 struct ion_fd_data data;
1002 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
1004 mutex_lock(&client->lock);
1005 if (!ion_handle_validate(client, data.handle)) {
1006 pr_err("%s: invalid handle passed to share ioctl.\n",
1008 mutex_unlock(&client->lock);
1011 data.fd = ion_ioctl_share(filp, client, data.handle);
1012 mutex_unlock(&client->lock);
1013 if (copy_to_user((void __user *)arg, &data, sizeof(data)))
1017 case ION_IOC_IMPORT:
1019 struct ion_fd_data data;
1020 if (copy_from_user(&data, (void __user *)arg,
1021 sizeof(struct ion_fd_data)))
1024 data.handle = ion_import_fd(client, data.fd);
1025 if (IS_ERR(data.handle))
1027 if (copy_to_user((void __user *)arg, &data,
1028 sizeof(struct ion_fd_data)))
1032 case ION_IOC_CUSTOM:
1034 struct ion_device *dev = client->dev;
1035 struct ion_custom_data data;
1037 if (!dev->custom_ioctl)
1039 if (copy_from_user(&data, (void __user *)arg,
1040 sizeof(struct ion_custom_data)))
1042 return dev->custom_ioctl(client, data.cmd, data.arg);
1050 static int ion_release(struct inode *inode, struct file *file)
1052 struct ion_client *client = file->private_data;
1054 pr_debug("%s: %d\n", __func__, __LINE__);
1055 ion_client_put(client);
1059 static int ion_open(struct inode *inode, struct file *file)
1061 struct miscdevice *miscdev = file->private_data;
1062 struct ion_device *dev = container_of(miscdev, struct ion_device, dev);
1063 struct ion_client *client;
1065 pr_debug("%s: %d\n", __func__, __LINE__);
1066 client = ion_client_create(dev, -1, "user");
1067 if (IS_ERR_OR_NULL(client))
1068 return PTR_ERR(client);
1069 file->private_data = client;
1074 static const struct file_operations ion_fops = {
1075 .owner = THIS_MODULE,
1077 .release = ion_release,
1078 .unlocked_ioctl = ion_ioctl,
1081 static size_t ion_debug_heap_total(struct ion_client *client,
1082 enum ion_heap_type type)
1087 mutex_lock(&client->lock);
1088 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
1089 struct ion_handle *handle = rb_entry(n,
1092 if (handle->buffer->heap->type == type)
1093 size += handle->buffer->size;
1095 mutex_unlock(&client->lock);
1099 static int ion_debug_heap_show(struct seq_file *s, void *unused)
1101 struct ion_heap *heap = s->private;
1102 struct ion_device *dev = heap->dev;
1105 seq_printf(s, "%16.s %16.s %16.s\n", "client", "pid", "size");
1106 for (n = rb_first(&dev->user_clients); n; n = rb_next(n)) {
1107 struct ion_client *client = rb_entry(n, struct ion_client,
1109 char task_comm[TASK_COMM_LEN];
1110 size_t size = ion_debug_heap_total(client, heap->type);
1114 get_task_comm(task_comm, client->task);
1115 seq_printf(s, "%16.s %16u %16u\n", task_comm, client->pid,
1119 for (n = rb_first(&dev->kernel_clients); n; n = rb_next(n)) {
1120 struct ion_client *client = rb_entry(n, struct ion_client,
1122 size_t size = ion_debug_heap_total(client, heap->type);
1125 seq_printf(s, "%16.s %16u %16u\n", client->name, client->pid,
1131 static int ion_debug_heap_open(struct inode *inode, struct file *file)
1133 return single_open(file, ion_debug_heap_show, inode->i_private);
1136 static const struct file_operations debug_heap_fops = {
1137 .open = ion_debug_heap_open,
1139 .llseek = seq_lseek,
1140 .release = single_release,
1143 void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap)
1145 struct rb_node **p = &dev->heaps.rb_node;
1146 struct rb_node *parent = NULL;
1147 struct ion_heap *entry;
1150 mutex_lock(&dev->lock);
1153 entry = rb_entry(parent, struct ion_heap, node);
1155 if (heap->id < entry->id) {
1157 } else if (heap->id > entry->id ) {
1158 p = &(*p)->rb_right;
1160 pr_err("%s: can not insert multiple heaps with "
1161 "id %d\n", __func__, heap->id);
1166 rb_link_node(&heap->node, parent, p);
1167 rb_insert_color(&heap->node, &dev->heaps);
1168 debugfs_create_file(heap->name, 0664, dev->debug_root, heap,
1171 mutex_unlock(&dev->lock);
1174 struct ion_device *ion_device_create(long (*custom_ioctl)
1175 (struct ion_client *client,
1179 struct ion_device *idev;
1182 idev = kzalloc(sizeof(struct ion_device), GFP_KERNEL);
1184 return ERR_PTR(-ENOMEM);
1186 idev->dev.minor = MISC_DYNAMIC_MINOR;
1187 idev->dev.name = "ion";
1188 idev->dev.fops = &ion_fops;
1189 idev->dev.parent = NULL;
1190 ret = misc_register(&idev->dev);
1192 pr_err("ion: failed to register misc device.\n");
1193 return ERR_PTR(ret);
1196 idev->debug_root = debugfs_create_dir("ion", NULL);
1197 if (IS_ERR_OR_NULL(idev->debug_root))
1198 pr_err("ion: failed to create debug files.\n");
1200 idev->custom_ioctl = custom_ioctl;
1201 idev->buffers = RB_ROOT;
1202 mutex_init(&idev->lock);
1203 idev->heaps = RB_ROOT;
1204 idev->user_clients = RB_ROOT;
1205 idev->kernel_clients = RB_ROOT;
1209 void ion_device_destroy(struct ion_device *dev)
1211 misc_deregister(&dev->dev);
1212 /* XXX need to free the heaps and clients ? */
1216 void __init ion_reserve(struct ion_platform_data *data)
1220 for (i = 0; i < data->nr; i++) {
1221 if (data->heaps[i].size == 0)
1223 ret = memblock_reserve(data->heaps[i].base,
1224 data->heaps[i].size);
1226 pr_err("memblock reserve of %x@%lx failed\n",
1227 data->heaps[i].size,
1228 data->heaps[i].base);
projects / firefly-linux-kernel-4.4.55.git / blob