2 * drivers/gpu/ion/ion.c
4 * Copyright (C) 2011 Google, Inc.
6 * This software is licensed under the terms of the GNU General Public
7 * License version 2, as published by the Free Software Foundation, and
8 * may be copied, distributed, and modified under those terms.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
17 #include <linux/device.h>
18 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/ion.h>
22 #include <linux/list.h>
23 #include <linux/miscdevice.h>
25 #include <linux/mm_types.h>
26 #include <linux/rbtree.h>
27 #include <linux/sched.h>
28 #include <linux/slab.h>
29 #include <linux/seq_file.h>
30 #include <linux/uaccess.h>
31 #include <linux/debugfs.h>
32 #include <linux/android_pmem.h>
33 #include <linux/dma-mapping.h>
34 #include <asm/cacheflush.h>
39 * struct ion_device - the metadata of the ion device node
40 * @dev: the actual misc device
41 * @buffers: an rb tree of all the existing buffers
42 * @lock: lock protecting the buffers & heaps trees
43 * @heaps: list of all the heaps in the system
44 * @user_clients: list of all the clients created from userspace
47 struct miscdevice dev;
48 struct rb_root buffers;
51 long (*custom_ioctl) (struct ion_client *client, unsigned int cmd,
53 struct rb_root user_clients;
54 struct rb_root kernel_clients;
55 struct dentry *debug_root;
59 * struct ion_client - a process/hw block local address space
60 * @ref: for reference counting the client
61 * @node: node in the tree of all clients
62 * @dev: backpointer to ion device
63 * @handles: an rb tree of all the handles in this client
64 * @lock: lock protecting the tree of handles
65 * @heap_mask: mask of all supported heaps
66 * @name: used for debugging
67 * @task: used for debugging
69 * A client represents a list of buffers this client may access.
70 * The mutex stored here is used to protect both handles tree
71 * as well as the handles themselves, and should be held while modifying either.
76 struct ion_device *dev;
77 struct rb_root handles;
79 unsigned int heap_mask;
81 struct task_struct *task;
83 struct dentry *debug_root;
87 * ion_handle - a client local reference to a buffer
88 * @ref: reference count
89 * @client: back pointer to the client the buffer resides in
90 * @buffer: pointer to the buffer
91 * @node: node in the client's handle rbtree
92 * @kmap_cnt: count of times this client has mapped to kernel
93 * @dmap_cnt: count of times this client has mapped for dma
94 * @usermap_cnt: count of times this client has mapped for userspace
96 * Modifications to node, map_cnt or mapping should be protected by the
97 * lock in the client. Other fields are never changed after initialization.
101 struct ion_client *client;
102 struct ion_buffer *buffer;
104 unsigned int kmap_cnt;
105 unsigned int dmap_cnt;
106 unsigned int usermap_cnt;
109 /* this function should only be called while dev->lock is held */
110 static void ion_buffer_add(struct ion_device *dev,
111 struct ion_buffer *buffer)
113 struct rb_node **p = &dev->buffers.rb_node;
114 struct rb_node *parent = NULL;
115 struct ion_buffer *entry;
119 entry = rb_entry(parent, struct ion_buffer, node);
121 if (buffer < entry) {
123 } else if (buffer > entry) {
126 pr_err("%s: buffer already found.", __func__);
131 rb_link_node(&buffer->node, parent, p);
132 rb_insert_color(&buffer->node, &dev->buffers);
135 /* this function should only be called while dev->lock is held */
136 static struct ion_buffer *ion_buffer_create(struct ion_heap *heap,
137 struct ion_device *dev,
142 struct ion_buffer *buffer;
145 buffer = kzalloc(sizeof(struct ion_buffer), GFP_KERNEL);
147 return ERR_PTR(-ENOMEM);
150 kref_init(&buffer->ref);
152 ret = heap->ops->allocate(heap, buffer, len, align, flags);
159 buffer->flags = flags;
160 mutex_init(&buffer->lock);
161 ion_buffer_add(dev, buffer);
165 static void ion_buffer_destroy(struct kref *kref)
167 struct ion_buffer *buffer = container_of(kref, struct ion_buffer, ref);
168 struct ion_device *dev = buffer->dev;
170 buffer->heap->ops->free(buffer);
171 mutex_lock(&dev->lock);
172 rb_erase(&buffer->node, &dev->buffers);
173 mutex_unlock(&dev->lock);
177 static void ion_buffer_get(struct ion_buffer *buffer)
179 kref_get(&buffer->ref);
182 static int ion_buffer_put(struct ion_buffer *buffer)
184 return kref_put(&buffer->ref, ion_buffer_destroy);
187 static struct ion_handle *ion_handle_create(struct ion_client *client,
188 struct ion_buffer *buffer)
190 struct ion_handle *handle;
192 handle = kzalloc(sizeof(struct ion_handle), GFP_KERNEL);
194 return ERR_PTR(-ENOMEM);
195 kref_init(&handle->ref);
196 rb_init_node(&handle->node);
197 handle->client = client;
198 ion_buffer_get(buffer);
199 handle->buffer = buffer;
204 static void ion_handle_destroy(struct kref *kref)
206 struct ion_handle *handle = container_of(kref, struct ion_handle, ref);
207 /* XXX Can a handle be destroyed while it's map count is non-zero?:
208 if (handle->map_cnt) unmap
210 ion_buffer_put(handle->buffer);
211 mutex_lock(&handle->client->lock);
212 if (!RB_EMPTY_NODE(&handle->node))
213 rb_erase(&handle->node, &handle->client->handles);
214 mutex_unlock(&handle->client->lock);
218 struct ion_buffer *ion_handle_buffer(struct ion_handle *handle)
220 return handle->buffer;
223 static void ion_handle_get(struct ion_handle *handle)
225 kref_get(&handle->ref);
228 static int ion_handle_put(struct ion_handle *handle)
230 return kref_put(&handle->ref, ion_handle_destroy);
233 static struct ion_handle *ion_handle_lookup(struct ion_client *client,
234 struct ion_buffer *buffer)
238 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
239 struct ion_handle *handle = rb_entry(n, struct ion_handle,
241 if (handle->buffer == buffer)
247 static bool ion_handle_validate(struct ion_client *client, struct ion_handle *handle)
249 struct rb_node *n = client->handles.rb_node;
252 struct ion_handle *handle_node = rb_entry(n, struct ion_handle,
254 if (handle < handle_node)
256 else if (handle > handle_node)
264 static void ion_handle_add(struct ion_client *client, struct ion_handle *handle)
266 struct rb_node **p = &client->handles.rb_node;
267 struct rb_node *parent = NULL;
268 struct ion_handle *entry;
272 entry = rb_entry(parent, struct ion_handle, node);
276 else if (handle > entry)
279 WARN(1, "%s: buffer already found.", __func__);
282 rb_link_node(&handle->node, parent, p);
283 rb_insert_color(&handle->node, &client->handles);
286 struct ion_handle *ion_alloc(struct ion_client *client, size_t len,
287 size_t align, unsigned int flags)
290 struct ion_handle *handle;
291 struct ion_device *dev = client->dev;
292 struct ion_buffer *buffer = NULL;
295 * traverse the list of heaps available in this system in priority
296 * order. If the heap type is supported by the client, and matches the
297 * request of the caller allocate from it. Repeat until allocate has
298 * succeeded or all heaps have been tried
300 mutex_lock(&dev->lock);
301 for (n = rb_first(&dev->heaps); n != NULL; n = rb_next(n)) {
302 struct ion_heap *heap = rb_entry(n, struct ion_heap, node);
303 /* if the client doesn't support this heap type */
304 if (!((1 << heap->type) & client->heap_mask))
307 /* if the caller didn't specify this heap type */
308 if (!((1 << heap->id) & flags))
310 buffer = ion_buffer_create(heap, dev, len, align, flags);
311 if (!IS_ERR_OR_NULL(buffer))
314 mutex_unlock(&dev->lock);
316 if (IS_ERR_OR_NULL(buffer))
317 return ERR_PTR(PTR_ERR(buffer));
319 handle = ion_handle_create(client, buffer);
321 if (IS_ERR_OR_NULL(handle))
325 * ion_buffer_create will create a buffer with a ref_cnt of 1,
326 * and ion_handle_create will take a second reference, drop one here
328 ion_buffer_put(buffer);
330 mutex_lock(&client->lock);
331 ion_handle_add(client, handle);
332 mutex_unlock(&client->lock);
336 ion_buffer_put(buffer);
340 void ion_free(struct ion_client *client, struct ion_handle *handle)
344 BUG_ON(client != handle->client);
346 mutex_lock(&client->lock);
347 valid_handle = ion_handle_validate(client, handle);
348 mutex_unlock(&client->lock);
351 WARN("%s: invalid handle passed to free.\n", __func__);
354 ion_handle_put(handle);
357 static void ion_client_get(struct ion_client *client);
358 static int ion_client_put(struct ion_client *client);
360 static bool _ion_map(int *buffer_cnt, int *handle_cnt)
364 BUG_ON(*handle_cnt != 0 && *buffer_cnt == 0);
370 if (*handle_cnt == 0)
376 static bool _ion_unmap(int *buffer_cnt, int *handle_cnt)
378 BUG_ON(*handle_cnt == 0);
380 if (*handle_cnt != 0)
382 BUG_ON(*buffer_cnt == 0);
384 if (*buffer_cnt == 0)
389 int ion_phys(struct ion_client *client, struct ion_handle *handle,
390 ion_phys_addr_t *addr, size_t *len)
392 struct ion_buffer *buffer;
395 mutex_lock(&client->lock);
396 if (!ion_handle_validate(client, handle)) {
397 mutex_unlock(&client->lock);
401 buffer = handle->buffer;
403 if (!buffer->heap->ops->phys) {
404 pr_err("%s: ion_phys is not implemented by this heap.\n",
406 mutex_unlock(&client->lock);
409 mutex_unlock(&client->lock);
410 ret = buffer->heap->ops->phys(buffer->heap, buffer, addr, len);
414 void *ion_map_kernel(struct ion_client *client, struct ion_handle *handle)
416 struct ion_buffer *buffer;
419 mutex_lock(&client->lock);
420 if (!ion_handle_validate(client, handle)) {
421 pr_err("%s: invalid handle passed to map_kernel.\n",
423 mutex_unlock(&client->lock);
424 return ERR_PTR(-EINVAL);
427 buffer = handle->buffer;
428 mutex_lock(&buffer->lock);
430 if (!handle->buffer->heap->ops->map_kernel) {
431 pr_err("%s: map_kernel is not implemented by this heap.\n",
433 mutex_unlock(&buffer->lock);
434 mutex_unlock(&client->lock);
435 return ERR_PTR(-ENODEV);
438 if (_ion_map(&buffer->kmap_cnt, &handle->kmap_cnt)) {
439 vaddr = buffer->heap->ops->map_kernel(buffer->heap, buffer);
440 if (IS_ERR_OR_NULL(vaddr))
441 _ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt);
442 buffer->vaddr = vaddr;
444 vaddr = buffer->vaddr;
446 mutex_unlock(&buffer->lock);
447 mutex_unlock(&client->lock);
451 struct scatterlist *ion_map_dma(struct ion_client *client,
452 struct ion_handle *handle)
454 struct ion_buffer *buffer;
455 struct scatterlist *sglist;
457 mutex_lock(&client->lock);
458 if (!ion_handle_validate(client, handle)) {
459 pr_err("%s: invalid handle passed to map_dma.\n",
461 mutex_unlock(&client->lock);
462 return ERR_PTR(-EINVAL);
464 buffer = handle->buffer;
465 mutex_lock(&buffer->lock);
467 if (!handle->buffer->heap->ops->map_dma) {
468 pr_err("%s: map_kernel is not implemented by this heap.\n",
470 mutex_unlock(&buffer->lock);
471 mutex_unlock(&client->lock);
472 return ERR_PTR(-ENODEV);
474 if (_ion_map(&buffer->dmap_cnt, &handle->dmap_cnt)) {
475 sglist = buffer->heap->ops->map_dma(buffer->heap, buffer);
476 if (IS_ERR_OR_NULL(sglist))
477 _ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt);
478 buffer->sglist = sglist;
480 sglist = buffer->sglist;
482 mutex_unlock(&buffer->lock);
483 mutex_unlock(&client->lock);
487 void ion_unmap_kernel(struct ion_client *client, struct ion_handle *handle)
489 struct ion_buffer *buffer;
491 mutex_lock(&client->lock);
492 buffer = handle->buffer;
493 mutex_lock(&buffer->lock);
494 if (_ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt)) {
495 buffer->heap->ops->unmap_kernel(buffer->heap, buffer);
496 buffer->vaddr = NULL;
498 mutex_unlock(&buffer->lock);
499 mutex_unlock(&client->lock);
502 void ion_unmap_dma(struct ion_client *client, struct ion_handle *handle)
504 struct ion_buffer *buffer;
506 mutex_lock(&client->lock);
507 buffer = handle->buffer;
508 mutex_lock(&buffer->lock);
509 if (_ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt)) {
510 buffer->heap->ops->unmap_dma(buffer->heap, buffer);
511 buffer->sglist = NULL;
513 mutex_unlock(&buffer->lock);
514 mutex_unlock(&client->lock);
518 struct ion_buffer *ion_share(struct ion_client *client,
519 struct ion_handle *handle)
523 mutex_lock(&client->lock);
524 valid_handle = ion_handle_validate(client, handle);
525 mutex_unlock(&client->lock);
527 WARN("%s: invalid handle passed to share.\n", __func__);
528 return ERR_PTR(-EINVAL);
531 /* do not take an extra reference here, the burden is on the caller
532 * to make sure the buffer doesn't go away while it's passing it
533 * to another client -- ion_free should not be called on this handle
534 * until the buffer has been imported into the other client
536 return handle->buffer;
539 struct ion_handle *ion_import(struct ion_client *client,
540 struct ion_buffer *buffer)
542 struct ion_handle *handle = NULL;
544 mutex_lock(&client->lock);
545 /* if a handle exists for this buffer just take a reference to it */
546 handle = ion_handle_lookup(client, buffer);
547 if (!IS_ERR_OR_NULL(handle)) {
548 ion_handle_get(handle);
551 handle = ion_handle_create(client, buffer);
552 if (IS_ERR_OR_NULL(handle))
554 ion_handle_add(client, handle);
556 mutex_unlock(&client->lock);
560 static const struct file_operations ion_share_fops;
562 struct ion_handle *ion_import_fd(struct ion_client *client, int fd)
564 struct file *file = fget(fd);
565 struct ion_handle *handle;
568 pr_err("%s: imported fd not found in file table.\n", __func__);
569 return ERR_PTR(-EINVAL);
571 if (file->f_op != &ion_share_fops) {
572 pr_err("%s: imported file is not a shared ion file.\n",
574 handle = ERR_PTR(-EINVAL);
577 handle = ion_import(client, file->private_data);
583 static int ion_debug_client_show(struct seq_file *s, void *unused)
585 struct ion_client *client = s->private;
588 seq_printf(s, "%16.16s: %16.16s %16.16s %16.16s\n", "heap_name",
589 "size(K)", "handle refcount", "buffer");
590 mutex_lock(&client->lock);
591 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
592 struct ion_handle *handle = rb_entry(n, struct ion_handle,
595 seq_printf(s, "%16.16s: %16u %16d %16p\n",
596 handle->buffer->heap->name,
597 handle->buffer->size/SZ_1K,
598 atomic_read(&handle->ref.refcount),
602 seq_printf(s, "%16.16s %d\n", "client refcount:",
603 atomic_read(&client->ref.refcount));
604 mutex_unlock(&client->lock);
609 static int ion_debug_client_open(struct inode *inode, struct file *file)
611 return single_open(file, ion_debug_client_show, inode->i_private);
614 static const struct file_operations debug_client_fops = {
615 .open = ion_debug_client_open,
618 .release = single_release,
621 static struct ion_client *ion_client_lookup(struct ion_device *dev,
622 struct task_struct *task)
624 struct rb_node *n = dev->user_clients.rb_node;
625 struct ion_client *client;
627 mutex_lock(&dev->lock);
629 client = rb_entry(n, struct ion_client, node);
630 if (task == client->task) {
631 ion_client_get(client);
632 mutex_unlock(&dev->lock);
634 } else if (task < client->task) {
636 } else if (task > client->task) {
640 mutex_unlock(&dev->lock);
644 struct ion_client *ion_client_create(struct ion_device *dev,
645 unsigned int heap_mask,
648 struct ion_client *client;
649 struct task_struct *task;
651 struct rb_node *parent = NULL;
652 struct ion_client *entry;
656 get_task_struct(current->group_leader);
657 task_lock(current->group_leader);
658 pid = task_pid_nr(current->group_leader);
659 /* don't bother to store task struct for kernel threads,
660 they can't be killed anyway */
661 if (current->group_leader->flags & PF_KTHREAD) {
662 put_task_struct(current->group_leader);
665 task = current->group_leader;
667 task_unlock(current->group_leader);
669 /* if this isn't a kernel thread, see if a client already
672 client = ion_client_lookup(dev, task);
673 if (!IS_ERR_OR_NULL(client)) {
674 put_task_struct(current->group_leader);
679 client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
681 put_task_struct(current->group_leader);
682 return ERR_PTR(-ENOMEM);
686 client->handles = RB_ROOT;
687 mutex_init(&client->lock);
689 client->heap_mask = heap_mask;
692 kref_init(&client->ref);
694 mutex_lock(&dev->lock);
696 p = &dev->user_clients.rb_node;
699 entry = rb_entry(parent, struct ion_client, node);
701 if (task < entry->task)
703 else if (task > entry->task)
706 rb_link_node(&client->node, parent, p);
707 rb_insert_color(&client->node, &dev->user_clients);
709 p = &dev->kernel_clients.rb_node;
712 entry = rb_entry(parent, struct ion_client, node);
716 else if (client > entry)
719 rb_link_node(&client->node, parent, p);
720 rb_insert_color(&client->node, &dev->kernel_clients);
723 snprintf(debug_name, 64, "%u", client->pid);
724 client->debug_root = debugfs_create_file(debug_name, 0664,
725 dev->debug_root, client,
727 mutex_unlock(&dev->lock);
732 static void _ion_client_destroy(struct kref *kref)
734 struct ion_client *client = container_of(kref, struct ion_client, ref);
735 struct ion_device *dev = client->dev;
738 pr_debug("%s: %d\n", __func__, __LINE__);
739 while ((n = rb_first(&client->handles))) {
740 struct ion_handle *handle = rb_entry(n, struct ion_handle,
742 ion_handle_destroy(&handle->ref);
744 mutex_lock(&dev->lock);
746 rb_erase(&client->node, &dev->user_clients);
747 put_task_struct(client->task);
749 rb_erase(&client->node, &dev->kernel_clients);
751 debugfs_remove_recursive(client->debug_root);
752 mutex_unlock(&dev->lock);
757 static void ion_client_get(struct ion_client *client)
759 kref_get(&client->ref);
762 static int ion_client_put(struct ion_client *client)
764 return kref_put(&client->ref, _ion_client_destroy);
767 void ion_client_destroy(struct ion_client *client)
769 ion_client_put(client);
772 static int ion_share_release(struct inode *inode, struct file* file)
774 struct ion_buffer *buffer = file->private_data;
776 pr_debug("%s: %d\n", __func__, __LINE__);
777 /* drop the reference to the buffer -- this prevents the
778 buffer from going away because the client holding it exited
779 while it was being passed */
780 ion_buffer_put(buffer);
784 static void ion_vma_open(struct vm_area_struct *vma)
787 struct ion_buffer *buffer = vma->vm_file->private_data;
788 struct ion_handle *handle = vma->vm_private_data;
789 struct ion_client *client;
791 pr_debug("%s: %d\n", __func__, __LINE__);
792 /* check that the client still exists and take a reference so
793 it can't go away until this vma is closed */
794 client = ion_client_lookup(buffer->dev, current->group_leader);
795 if (IS_ERR_OR_NULL(client)) {
796 vma->vm_private_data = NULL;
799 ion_handle_get(handle);
800 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
802 atomic_read(&client->ref.refcount),
803 atomic_read(&handle->ref.refcount),
804 atomic_read(&buffer->ref.refcount));
807 static void ion_vma_close(struct vm_area_struct *vma)
809 struct ion_handle *handle = vma->vm_private_data;
810 struct ion_buffer *buffer = vma->vm_file->private_data;
811 struct ion_client *client;
813 pr_debug("%s: %d\n", __func__, __LINE__);
814 /* this indicates the client is gone, nothing to do here */
817 client = handle->client;
818 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
820 atomic_read(&client->ref.refcount),
821 atomic_read(&handle->ref.refcount),
822 atomic_read(&buffer->ref.refcount));
823 ion_handle_put(handle);
824 ion_client_put(client);
825 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
827 atomic_read(&client->ref.refcount),
828 atomic_read(&handle->ref.refcount),
829 atomic_read(&buffer->ref.refcount));
832 static struct vm_operations_struct ion_vm_ops = {
833 .open = ion_vma_open,
834 .close = ion_vma_close,
837 static int ion_share_mmap(struct file *file, struct vm_area_struct *vma)
839 struct ion_buffer *buffer = file->private_data;
840 unsigned long size = vma->vm_end - vma->vm_start;
841 struct ion_client *client;
842 struct ion_handle *handle;
844 unsigned long flags = file->f_flags & O_DSYNC ?
845 ION_SET_CACHE(UNCACHED) :
846 ION_SET_CACHE(CACHED);
848 pr_debug("%s: %d\n", __func__, __LINE__);
849 /* make sure the client still exists, it's possible for the client to
850 have gone away but the map/share fd still to be around, take
851 a reference to it so it can't go away while this mapping exists */
852 client = ion_client_lookup(buffer->dev, current->group_leader);
853 if (IS_ERR_OR_NULL(client)) {
854 pr_err("%s: trying to mmap an ion handle in a process with no "
855 "ion client\n", __func__);
859 if ((size > buffer->size) || (size + (vma->vm_pgoff << PAGE_SHIFT) >
861 pr_err("%s: trying to map larger area than handle has available"
867 /* find the handle and take a reference to it */
868 handle = ion_import(client, buffer);
869 if (IS_ERR_OR_NULL(handle)) {
874 if (!handle->buffer->heap->ops->map_user) {
875 pr_err("%s: this heap does not define a method for mapping "
876 "to userspace\n", __func__);
881 mutex_lock(&buffer->lock);
882 /* now map it to userspace */
883 ret = buffer->heap->ops->map_user(buffer->heap, buffer, vma, flags);
884 mutex_unlock(&buffer->lock);
886 pr_err("%s: failure mapping buffer to userspace\n",
891 vma->vm_ops = &ion_vm_ops;
892 /* move the handle into the vm_private_data so we can access it from
894 vma->vm_private_data = handle;
895 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
897 atomic_read(&client->ref.refcount),
898 atomic_read(&handle->ref.refcount),
899 atomic_read(&buffer->ref.refcount));
903 /* drop the reference to the handle */
904 ion_handle_put(handle);
906 /* drop the reference to the client */
907 ion_client_put(client);
911 static long ion_share_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
913 struct ion_buffer *buffer = filp->private_data;
918 struct pmem_region region;
919 region.offset = buffer->priv_phys;
920 region.len = buffer->size;
922 if (copy_to_user((void __user *)arg, ®ion,
923 sizeof(struct pmem_region)))
927 case PMEM_CACHE_FLUSH:
929 struct pmem_region region;
930 if (copy_from_user(®ion, (void __user *)arg,
931 sizeof(struct pmem_region)))
933 if(!(region.offset & 0xf0000000))
934 region.offset = buffer->vm_start;
936 dmac_flush_range((void *)region.offset, (void *)(region.offset + region.len));
946 static const struct file_operations ion_share_fops = {
947 .owner = THIS_MODULE,
948 .release = ion_share_release,
949 .mmap = ion_share_mmap,
950 .unlocked_ioctl = ion_share_ioctl,
953 static int ion_ioctl_share(struct file *parent, struct ion_client *client,
954 struct ion_handle *handle)
956 int fd = get_unused_fd();
962 file = anon_inode_getfile("ion_share_fd", &ion_share_fops,
963 handle->buffer, O_RDWR);
964 if (IS_ERR_OR_NULL(file))
967 if (parent->f_flags & O_DSYNC)
968 file->f_flags |= O_DSYNC;
970 ion_buffer_get(handle->buffer);
971 fd_install(fd, file);
980 static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
982 struct ion_client *client = filp->private_data;
987 struct ion_allocation_data data;
988 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
991 data.handle = ion_alloc(client, data.len, data.align,
993 if (IS_ERR_OR_NULL(data.handle)) {
994 printk("%s: alloc 0x%x bytes failed\n", __func__, data.len);
997 if (copy_to_user((void __user *)arg, &data, sizeof(data)))
1003 struct ion_handle_data data;
1006 if (copy_from_user(&data, (void __user *)arg,
1007 sizeof(struct ion_handle_data)))
1009 mutex_lock(&client->lock);
1010 valid = ion_handle_validate(client, data.handle);
1011 mutex_unlock(&client->lock);
1014 ion_free(client, data.handle);
1020 struct ion_fd_data data;
1021 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
1023 mutex_lock(&client->lock);
1024 if (!ion_handle_validate(client, data.handle)) {
1025 pr_err("%s: invalid handle passed to share ioctl.\n",
1027 mutex_unlock(&client->lock);
1030 data.fd = ion_ioctl_share(filp, client, data.handle);
1031 mutex_unlock(&client->lock);
1032 if (copy_to_user((void __user *)arg, &data, sizeof(data)))
1036 case ION_IOC_IMPORT:
1038 struct ion_fd_data data;
1039 if (copy_from_user(&data, (void __user *)arg,
1040 sizeof(struct ion_fd_data)))
1043 data.handle = ion_import_fd(client, data.fd);
1044 if (IS_ERR(data.handle)){
1048 if (copy_to_user((void __user *)arg, &data,
1049 sizeof(struct ion_fd_data)))
1053 case ION_IOC_CUSTOM:
1055 struct ion_device *dev = client->dev;
1056 struct ion_custom_data data;
1058 if (!dev->custom_ioctl)
1060 if (copy_from_user(&data, (void __user *)arg,
1061 sizeof(struct ion_custom_data)))
1063 return dev->custom_ioctl(client, data.cmd, data.arg);
1068 struct ion_phys_data data;
1069 if (copy_from_user(&data, (void __user *)arg,
1070 sizeof(struct ion_phys_data)))
1072 err = ion_phys(client, data.handle, &data.phys, &data.size);
1076 if (copy_to_user((void __user *)arg, &data,
1077 sizeof(struct ion_phys_data)))
1081 case ION_CACHE_FLUSH:
1082 case ION_CACHE_CLEAN:
1083 case ION_CACHE_INVALID:
1087 struct ion_buffer *buffer;
1088 struct ion_flush_data data;
1089 if (copy_from_user(&data, (void __user *)arg,
1090 sizeof(struct ion_flush_data)))
1092 mutex_lock(&client->lock);
1093 valid = ion_handle_validate(client, data.handle);
1095 mutex_unlock(&client->lock);
1098 buffer = data.handle->buffer;
1099 if (!buffer->heap->ops->cache_op) {
1100 pr_err("%s: cache_op is not implemented by this heap.\n",
1103 mutex_unlock(&client->lock);
1107 err = data.handle->buffer->heap->ops->cache_op(buffer->heap, buffer,
1108 data.virt, data.size, cmd);
1109 mutex_unlock(&client->lock);
1114 case ION_GET_CLIENT:
1116 struct ion_handle *handle;
1117 struct ion_client_data data;
1120 if (copy_from_user(&data, (void __user *)arg,
1121 sizeof(struct ion_client_data)))
1124 mutex_lock(&client->lock);
1125 switch (data.type) {
1126 case ION_TYPE_GET_TOTAL_SIZE:
1127 data.total_size = 0;
1128 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
1129 handle = rb_entry(n, struct ion_handle, node);
1130 data.total_size += handle->buffer->size;
1133 case ION_TYPE_SIZE_GET_COUNT:
1135 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
1136 handle = rb_entry(n, struct ion_handle, node);
1137 if(handle->buffer->size == data.size)
1142 mutex_unlock(&client->lock);
1143 if (copy_to_user((void __user *)arg, &data,
1144 sizeof(struct ion_client_data)))
1154 static int ion_release(struct inode *inode, struct file *file)
1156 struct ion_client *client = file->private_data;
1158 pr_debug("%s: %d\n", __func__, __LINE__);
1159 ion_client_put(client);
1163 static int ion_open(struct inode *inode, struct file *file)
1165 struct miscdevice *miscdev = file->private_data;
1166 struct ion_device *dev = container_of(miscdev, struct ion_device, dev);
1167 struct ion_client *client;
1169 pr_debug("%s: %d\n", __func__, __LINE__);
1170 client = ion_client_create(dev, -1, "user");
1171 if (IS_ERR_OR_NULL(client))
1172 return PTR_ERR(client);
1173 file->private_data = client;
1178 static const struct file_operations ion_fops = {
1179 .owner = THIS_MODULE,
1181 .release = ion_release,
1182 .unlocked_ioctl = ion_ioctl,
1185 static size_t ion_debug_heap_total(struct ion_client *client,
1186 enum ion_heap_ids id)
1191 mutex_lock(&client->lock);
1192 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
1193 struct ion_handle *handle = rb_entry(n,
1196 if (handle->buffer->heap->id == id)
1197 size += handle->buffer->size;
1199 mutex_unlock(&client->lock);
1203 static int ion_debug_heap_show(struct seq_file *s, void *unused)
1205 struct ion_heap *heap = s->private;
1206 struct ion_device *dev = heap->dev;
1209 if (heap->ops->print_debug)
1210 heap->ops->print_debug(heap, s);
1211 seq_printf(s, "-------------------------------------------------\n");
1212 seq_printf(s, "%16.s %16.s %16.s\n", "client", "pid", "size(K)");
1213 for (n = rb_first(&dev->user_clients); n; n = rb_next(n)) {
1214 struct ion_client *client = rb_entry(n, struct ion_client,
1216 char task_comm[TASK_COMM_LEN];
1217 size_t size = ion_debug_heap_total(client, heap->id);
1221 get_task_comm(task_comm, client->task);
1222 seq_printf(s, "%16.s %16u %16u\n", task_comm, client->pid,
1226 for (n = rb_first(&dev->kernel_clients); n; n = rb_next(n)) {
1227 struct ion_client *client = rb_entry(n, struct ion_client,
1229 size_t size = ion_debug_heap_total(client, heap->id);
1232 seq_printf(s, "%16.s %16u %16u\n", client->name, client->pid,
1238 static int ion_debug_heap_open(struct inode *inode, struct file *file)
1240 return single_open(file, ion_debug_heap_show, inode->i_private);
1243 static const struct file_operations debug_heap_fops = {
1244 .open = ion_debug_heap_open,
1246 .llseek = seq_lseek,
1247 .release = single_release,
1250 void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap)
1252 struct rb_node **p = &dev->heaps.rb_node;
1253 struct rb_node *parent = NULL;
1254 struct ion_heap *entry;
1257 mutex_lock(&dev->lock);
1260 entry = rb_entry(parent, struct ion_heap, node);
1262 if (heap->id < entry->id) {
1264 } else if (heap->id > entry->id ) {
1265 p = &(*p)->rb_right;
1267 pr_err("%s: can not insert multiple heaps with "
1268 "id %d\n", __func__, heap->id);
1273 rb_link_node(&heap->node, parent, p);
1274 rb_insert_color(&heap->node, &dev->heaps);
1275 debugfs_create_file(heap->name, 0664, dev->debug_root, heap,
1278 mutex_unlock(&dev->lock);
1281 static int ion_debug_leak_show(struct seq_file *s, void *unused)
1283 struct ion_device *dev = s->private;
1287 /* mark all buffers as 1 */
1288 seq_printf(s, "%16.s %16.s %16.s %16.s\n", "buffer", "heap", "size(K)",
1290 mutex_lock(&dev->lock);
1291 for (n = rb_first(&dev->buffers); n; n = rb_next(n)) {
1292 struct ion_buffer *buf = rb_entry(n, struct ion_buffer,
1298 /* now see which buffers we can access */
1299 for (n = rb_first(&dev->kernel_clients); n; n = rb_next(n)) {
1300 struct ion_client *client = rb_entry(n, struct ion_client,
1303 mutex_lock(&client->lock);
1304 for (n2 = rb_first(&client->handles); n2; n2 = rb_next(n2)) {
1305 struct ion_handle *handle = rb_entry(n2,
1306 struct ion_handle, node);
1308 handle->buffer->marked = 0;
1311 mutex_unlock(&client->lock);
1315 for (n = rb_first(&dev->user_clients); n; n = rb_next(n)) {
1316 struct ion_client *client = rb_entry(n, struct ion_client,
1319 mutex_lock(&client->lock);
1320 for (n2 = rb_first(&client->handles); n2; n2 = rb_next(n2)) {
1321 struct ion_handle *handle = rb_entry(n2,
1322 struct ion_handle, node);
1324 handle->buffer->marked = 0;
1327 mutex_unlock(&client->lock);
1330 /* And anyone still marked as a 1 means a leaked handle somewhere */
1331 for (n = rb_first(&dev->buffers); n; n = rb_next(n)) {
1332 struct ion_buffer *buf = rb_entry(n, struct ion_buffer,
1335 if (buf->marked == 1)
1336 seq_printf(s, "%16.x %16.s %16.d %16.d\n",
1337 (int)buf, buf->heap->name, buf->size/SZ_1K,
1338 atomic_read(&buf->ref.refcount));
1340 mutex_unlock(&dev->lock);
1344 static int ion_debug_leak_open(struct inode *inode, struct file *file)
1346 return single_open(file, ion_debug_leak_show, inode->i_private);
1349 static const struct file_operations debug_leak_fops = {
1350 .open = ion_debug_leak_open,
1352 .llseek = seq_lseek,
1353 .release = single_release,
1355 struct ion_device *ion_device_create(long (*custom_ioctl)
1356 (struct ion_client *client,
1360 struct ion_device *idev;
1363 idev = kzalloc(sizeof(struct ion_device), GFP_KERNEL);
1365 return ERR_PTR(-ENOMEM);
1367 idev->dev.minor = MISC_DYNAMIC_MINOR;
1368 idev->dev.name = "ion";
1369 idev->dev.fops = &ion_fops;
1370 idev->dev.parent = NULL;
1371 ret = misc_register(&idev->dev);
1373 pr_err("ion: failed to register misc device.\n");
1374 return ERR_PTR(ret);
1377 idev->debug_root = debugfs_create_dir("ion", NULL);
1378 if (IS_ERR_OR_NULL(idev->debug_root))
1379 pr_err("ion: failed to create debug files.\n");
1381 idev->custom_ioctl = custom_ioctl;
1382 idev->buffers = RB_ROOT;
1383 mutex_init(&idev->lock);
1384 idev->heaps = RB_ROOT;
1385 idev->user_clients = RB_ROOT;
1386 idev->kernel_clients = RB_ROOT;
1387 debugfs_create_file("leak", 0664, idev->debug_root, idev,
1392 void ion_device_destroy(struct ion_device *dev)
1394 misc_deregister(&dev->dev);
1395 /* XXX need to free the heaps and clients ? */
projects / firefly-linux-kernel-4.4.55.git / blob