[linux-2.6-block.git] / drivers / android / binder_internal.h

/* SPDX-License-Identifier: GPL-2.0 */

#ifndef _LINUX_BINDER_INTERNAL_H
#define _LINUX_BINDER_INTERNAL_H

#include <linux/export.h>
#include <linux/fs.h>
#include <linux/list.h>
#include <linux/miscdevice.h>
#include <linux/mutex.h>
#include <linux/refcount.h>
#include <linux/stddef.h>
#include <linux/types.h>
#include <linux/uidgid.h>
#include <uapi/linux/android/binderfs.h>
#include "binder_alloc.h"

struct binder_context {
	struct binder_node *binder_context_mgr_node;
	struct mutex context_mgr_node_lock;
	kuid_t binder_context_mgr_uid;
	const char *name;
};

/**
 * struct binder_device - information about a binder device node
 * @hlist:          list of binder devices (only used for devices requested via
 *                  CONFIG_ANDROID_BINDER_DEVICES)
 * @miscdev:        information about a binder character device node
 * @context:        binder context information
 * @binderfs_inode: This is the inode of the root dentry of the super block
 *                  belonging to a binderfs mount.
 */
struct binder_device {
	struct hlist_node hlist;
	struct miscdevice miscdev;
	struct binder_context context;
	struct inode *binderfs_inode;
	refcount_t ref;
};

/**
 * binderfs_mount_opts - mount options for binderfs
 * @max: maximum number of allocatable binderfs binder devices
 * @stats_mode: enable binder stats in binderfs.
 */
struct binderfs_mount_opts {
	int max;
	int stats_mode;
};

/**
 * binderfs_info - information about a binderfs mount
 * @ipc_ns:         The ipc namespace the binderfs mount belongs to.
 * @control_dentry: This records the dentry of this binderfs mount
 *                  binder-control device.
 * @root_uid:       uid that needs to be used when a new binder device is
 *                  created.
 * @root_gid:       gid that needs to be used when a new binder device is
 *                  created.
 * @mount_opts:     The mount options in use.
 * @device_count:   The current number of allocated binder devices.
 * @proc_log_dir:   Pointer to the directory dentry containing process-specific
 *                  logs.
 */
struct binderfs_info {
	struct ipc_namespace *ipc_ns;
	struct dentry *control_dentry;
	kuid_t root_uid;
	kgid_t root_gid;
	struct binderfs_mount_opts mount_opts;
	int device_count;
	struct dentry *proc_log_dir;
};

extern const struct file_operations binder_fops;

extern char *binder_devices_param;

#ifdef CONFIG_ANDROID_BINDERFS
extern bool is_binderfs_device(const struct inode *inode);
extern struct dentry *binderfs_create_file(struct dentry *dir, const char *name,
					   const struct file_operations *fops,
					   void *data);
extern void binderfs_remove_file(struct dentry *dentry);
#else
static inline bool is_binderfs_device(const struct inode *inode)
{
	return false;
}
static inline struct dentry *binderfs_create_file(struct dentry *dir,
					   const char *name,
					   const struct file_operations *fops,
					   void *data)
{
	return NULL;
}
static inline void binderfs_remove_file(struct dentry *dentry) {}
#endif

#ifdef CONFIG_ANDROID_BINDERFS
extern int __init init_binderfs(void);
#else
static inline int __init init_binderfs(void)
{
	return 0;
}
#endif

int binder_stats_show(struct seq_file *m, void *unused);
DEFINE_SHOW_ATTRIBUTE(binder_stats);

int binder_state_show(struct seq_file *m, void *unused);
DEFINE_SHOW_ATTRIBUTE(binder_state);

int binder_transactions_show(struct seq_file *m, void *unused);
DEFINE_SHOW_ATTRIBUTE(binder_transactions);

int binder_transaction_log_show(struct seq_file *m, void *unused);
DEFINE_SHOW_ATTRIBUTE(binder_transaction_log);

struct binder_transaction_log_entry {
	int debug_id;
	int debug_id_done;
	int call_type;
	int from_proc;
	int from_thread;
	int target_handle;
	int to_proc;
	int to_thread;
	int to_node;
	int data_size;
	int offsets_size;
	int return_error_line;
	uint32_t return_error;
	uint32_t return_error_param;
	char context_name[BINDERFS_MAX_NAME + 1];
};

struct binder_transaction_log {
	atomic_t cur;
	bool full;
	struct binder_transaction_log_entry entry[32];
};

enum binder_stat_types {
	BINDER_STAT_PROC,
	BINDER_STAT_THREAD,
	BINDER_STAT_NODE,
	BINDER_STAT_REF,
	BINDER_STAT_DEATH,
	BINDER_STAT_TRANSACTION,
	BINDER_STAT_TRANSACTION_COMPLETE,
	BINDER_STAT_COUNT
};

struct binder_stats {
	atomic_t br[_IOC_NR(BR_FAILED_REPLY) + 1];
	atomic_t bc[_IOC_NR(BC_REPLY_SG) + 1];
	atomic_t obj_created[BINDER_STAT_COUNT];
	atomic_t obj_deleted[BINDER_STAT_COUNT];
};

/**
 * struct binder_work - work enqueued on a worklist
 * @entry:             node enqueued on list
 * @type:              type of work to be performed
 *
 * There are separate work lists for proc, thread, and node (async).
 */
struct binder_work {
	struct list_head entry;

	enum binder_work_type {
		BINDER_WORK_TRANSACTION = 1,
		BINDER_WORK_TRANSACTION_COMPLETE,
		BINDER_WORK_RETURN_ERROR,
		BINDER_WORK_NODE,
		BINDER_WORK_DEAD_BINDER,
		BINDER_WORK_DEAD_BINDER_AND_CLEAR,
		BINDER_WORK_CLEAR_DEATH_NOTIFICATION,
	} type;
};

struct binder_error {
	struct binder_work work;
	uint32_t cmd;
};

/**
 * struct binder_node - binder node bookkeeping
 * @debug_id:             unique ID for debugging
 *                        (invariant after initialized)
 * @lock:                 lock for node fields
 * @work:                 worklist element for node work
 *                        (protected by @proc->inner_lock)
 * @rb_node:              element for proc->nodes tree
 *                        (protected by @proc->inner_lock)
 * @dead_node:            element for binder_dead_nodes list
 *                        (protected by binder_dead_nodes_lock)
 * @proc:                 binder_proc that owns this node
 *                        (invariant after initialized)
 * @refs:                 list of references on this node
 *                        (protected by @lock)
 * @internal_strong_refs: used to take strong references when
 *                        initiating a transaction
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @local_weak_refs:      weak user refs from local process
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @local_strong_refs:    strong user refs from local process
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @tmp_refs:             temporary kernel refs
 *                        (protected by @proc->inner_lock while @proc
 *                        is valid, and by binder_dead_nodes_lock
 *                        if @proc is NULL. During inc/dec and node release
 *                        it is also protected by @lock to provide safety
 *                        as the node dies and @proc becomes NULL)
 * @ptr:                  userspace pointer for node
 *                        (invariant, no lock needed)
 * @cookie:               userspace cookie for node
 *                        (invariant, no lock needed)
 * @has_strong_ref:       userspace notified of strong ref
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @pending_strong_ref:   userspace has acked notification of strong ref
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @has_weak_ref:         userspace notified of weak ref
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @pending_weak_ref:     userspace has acked notification of weak ref
 *                        (protected by @proc->inner_lock if @proc
 *                        and by @lock)
 * @has_async_transaction: async transaction to node in progress
 *                        (protected by @lock)
 * @accept_fds:           file descriptor operations supported for node
 *                        (invariant after initialized)
 * @min_priority:         minimum scheduling priority
 *                        (invariant after initialized)
 * @txn_security_ctx:     require sender's security context
 *                        (invariant after initialized)
 * @async_todo:           list of async work items
 *                        (protected by @proc->inner_lock)
 *
 * Bookkeeping structure for binder nodes.
 */
struct binder_node {
	int debug_id;
	spinlock_t lock;
	struct binder_work work;
	union {
		struct rb_node rb_node;
		struct hlist_node dead_node;
	};
	struct binder_proc *proc;
	struct hlist_head refs;
	int internal_strong_refs;
	int local_weak_refs;
	int local_strong_refs;
	int tmp_refs;
	binder_uintptr_t ptr;
	binder_uintptr_t cookie;
	struct {
		/*
		 * bitfield elements protected by
		 * proc inner_lock
		 */
		u8 has_strong_ref:1;
		u8 pending_strong_ref:1;
		u8 has_weak_ref:1;
		u8 pending_weak_ref:1;
	};
	struct {
		/*
		 * invariant after initialization
		 */
		u8 accept_fds:1;
		u8 txn_security_ctx:1;
		u8 min_priority;
	};
	bool has_async_transaction;
	struct list_head async_todo;
};

struct binder_ref_death {
	/**
	 * @work: worklist element for death notifications
	 *        (protected by inner_lock of the proc that
	 *        this ref belongs to)
	 */
	struct binder_work work;
	binder_uintptr_t cookie;
};

/**
 * struct binder_ref_data - binder_ref counts and id
 * @debug_id:        unique ID for the ref
 * @desc:            unique userspace handle for ref
 * @strong:          strong ref count (debugging only if not locked)
 * @weak:            weak ref count (debugging only if not locked)
 *
 * Structure to hold ref count and ref id information. Since
 * the actual ref can only be accessed with a lock, this structure
 * is used to return information about the ref to callers of
 * ref inc/dec functions.
 */
struct binder_ref_data {
	int debug_id;
	uint32_t desc;
	int strong;
	int weak;
};

/**
 * struct binder_ref - struct to track references on nodes
 * @data:        binder_ref_data containing id, handle, and current refcounts
 * @rb_node_desc: node for lookup by @data.desc in proc's rb_tree
 * @rb_node_node: node for lookup by @node in proc's rb_tree
 * @node_entry:  list entry for node->refs list in target node
 *               (protected by @node->lock)
 * @proc:        binder_proc containing ref
 * @node:        binder_node of target node. When cleaning up a
 *               ref for deletion in binder_cleanup_ref, a non-NULL
 *               @node indicates the node must be freed
 * @death:       pointer to death notification (ref_death) if requested
 *               (protected by @node->lock)
 *
 * Structure to track references from procA to target node (on procB). This
 * structure is unsafe to access without holding @proc->outer_lock.
 */
struct binder_ref {
	/* Lookups needed: */
	/*   node + proc => ref (transaction) */
	/*   desc + proc => ref (transaction, inc/dec ref) */
	/*   node => refs + procs (proc exit) */
	struct binder_ref_data data;
	struct rb_node rb_node_desc;
	struct rb_node rb_node_node;
	struct hlist_node node_entry;
	struct binder_proc *proc;
	struct binder_node *node;
	struct binder_ref_death *death;
};

/**
 * struct binder_proc - binder process bookkeeping
 * @proc_node:            element for binder_procs list
 * @threads:              rbtree of binder_threads in this proc
 *                        (protected by @inner_lock)
 * @nodes:                rbtree of binder nodes associated with
 *                        this proc ordered by node->ptr
 *                        (protected by @inner_lock)
 * @refs_by_desc:         rbtree of refs ordered by ref->desc
 *                        (protected by @outer_lock)
 * @refs_by_node:         rbtree of refs ordered by ref->node
 *                        (protected by @outer_lock)
 * @waiting_threads:      threads currently waiting for proc work
 *                        (protected by @inner_lock)
 * @pid                   PID of group_leader of process
 *                        (invariant after initialized)
 * @tsk                   task_struct for group_leader of process
 *                        (invariant after initialized)
 * @deferred_work_node:   element for binder_deferred_list
 *                        (protected by binder_deferred_lock)
 * @deferred_work:        bitmap of deferred work to perform
 *                        (protected by binder_deferred_lock)
 * @is_dead:              process is dead and awaiting free
 *                        when outstanding transactions are cleaned up
 *                        (protected by @inner_lock)
 * @todo:                 list of work for this process
 *                        (protected by @inner_lock)
 * @stats:                per-process binder statistics
 *                        (atomics, no lock needed)
 * @delivered_death:      list of delivered death notification
 *                        (protected by @inner_lock)
 * @max_threads:          cap on number of binder threads
 *                        (protected by @inner_lock)
 * @requested_threads:    number of binder threads requested but not
 *                        yet started. In current implementation, can
 *                        only be 0 or 1.
 *                        (protected by @inner_lock)
 * @requested_threads_started: number binder threads started
 *                        (protected by @inner_lock)
 * @tmp_ref:              temporary reference to indicate proc is in use
 *                        (protected by @inner_lock)
 * @default_priority:     default scheduler priority
 *                        (invariant after initialized)
 * @debugfs_entry:        debugfs node
 * @alloc:                binder allocator bookkeeping
 * @context:              binder_context for this proc
 *                        (invariant after initialized)
 * @inner_lock:           can nest under outer_lock and/or node lock
 * @outer_lock:           no nesting under innor or node lock
 *                        Lock order: 1) outer, 2) node, 3) inner
 * @binderfs_entry:       process-specific binderfs log file
 *
 * Bookkeeping structure for binder processes
 */
struct binder_proc {
	struct hlist_node proc_node;
	struct rb_root threads;
	struct rb_root nodes;
	struct rb_root refs_by_desc;
	struct rb_root refs_by_node;
	struct list_head waiting_threads;
	int pid;
	struct task_struct *tsk;
	struct hlist_node deferred_work_node;
	int deferred_work;
	bool is_dead;

	struct list_head todo;
	struct binder_stats stats;
	struct list_head delivered_death;
	int max_threads;
	int requested_threads;
	int requested_threads_started;
	int tmp_ref;
	long default_priority;
	struct dentry *debugfs_entry;
	struct binder_alloc alloc;
	struct binder_context *context;
	spinlock_t inner_lock;
	spinlock_t outer_lock;
	struct dentry *binderfs_entry;
};

/**
 * struct binder_thread - binder thread bookkeeping
 * @proc:                 binder process for this thread
 *                        (invariant after initialization)
 * @rb_node:              element for proc->threads rbtree
 *                        (protected by @proc->inner_lock)
 * @waiting_thread_node:  element for @proc->waiting_threads list
 *                        (protected by @proc->inner_lock)
 * @pid:                  PID for this thread
 *                        (invariant after initialization)
 * @looper:               bitmap of looping state
 *                        (only accessed by this thread)
 * @looper_needs_return:  looping thread needs to exit driver
 *                        (no lock needed)
 * @transaction_stack:    stack of in-progress transactions for this thread
 *                        (protected by @proc->inner_lock)
 * @todo:                 list of work to do for this thread
 *                        (protected by @proc->inner_lock)
 * @process_todo:         whether work in @todo should be processed
 *                        (protected by @proc->inner_lock)
 * @return_error:         transaction errors reported by this thread
 *                        (only accessed by this thread)
 * @reply_error:          transaction errors reported by target thread
 *                        (protected by @proc->inner_lock)
 * @wait:                 wait queue for thread work
 * @stats:                per-thread statistics
 *                        (atomics, no lock needed)
 * @tmp_ref:              temporary reference to indicate thread is in use
 *                        (atomic since @proc->inner_lock cannot
 *                        always be acquired)
 * @is_dead:              thread is dead and awaiting free
 *                        when outstanding transactions are cleaned up
 *                        (protected by @proc->inner_lock)
 *
 * Bookkeeping structure for binder threads.
 */
struct binder_thread {
	struct binder_proc *proc;
	struct rb_node rb_node;
	struct list_head waiting_thread_node;
	int pid;
	int looper;              /* only modified by this thread */
	bool looper_need_return; /* can be written by other thread */
	struct binder_transaction *transaction_stack;
	struct list_head todo;
	bool process_todo;
	struct binder_error return_error;
	struct binder_error reply_error;
	wait_queue_head_t wait;
	struct binder_stats stats;
	atomic_t tmp_ref;
	bool is_dead;
};

/**
 * struct binder_txn_fd_fixup - transaction fd fixup list element
 * @fixup_entry:          list entry
 * @file:                 struct file to be associated with new fd
 * @offset:               offset in buffer data to this fixup
 *
 * List element for fd fixups in a transaction. Since file
 * descriptors need to be allocated in the context of the
 * target process, we pass each fd to be processed in this
 * struct.
 */
struct binder_txn_fd_fixup {
	struct list_head fixup_entry;
	struct file *file;
	size_t offset;
};

struct binder_transaction {
	int debug_id;
	struct binder_work work;
	struct binder_thread *from;
	struct binder_transaction *from_parent;
	struct binder_proc *to_proc;
	struct binder_thread *to_thread;
	struct binder_transaction *to_parent;
	unsigned need_reply:1;
	/* unsigned is_dead:1; */       /* not used at the moment */

	struct binder_buffer *buffer;
	unsigned int    code;
	unsigned int    flags;
	long    priority;
	long    saved_priority;
	kuid_t  sender_euid;
	struct list_head fd_fixups;
	binder_uintptr_t security_ctx;
	/**
	 * @lock:  protects @from, @to_proc, and @to_thread
	 *
	 * @from, @to_proc, and @to_thread can be set to NULL
	 * during thread teardown
	 */
	spinlock_t lock;
};

/**
 * struct binder_object - union of flat binder object types
 * @hdr:   generic object header
 * @fbo:   binder object (nodes and refs)
 * @fdo:   file descriptor object
 * @bbo:   binder buffer pointer
 * @fdao:  file descriptor array
 *
 * Used for type-independent object copies
 */
struct binder_object {
	union {
		struct binder_object_header hdr;
		struct flat_binder_object fbo;
		struct binder_fd_object fdo;
		struct binder_buffer_object bbo;
		struct binder_fd_array_object fdao;
	};
};

extern struct binder_transaction_log binder_transaction_log;
extern struct binder_transaction_log binder_transaction_log_failed;
#endif /* _LINUX_BINDER_INTERNAL_H */
Commit	Line	Data
3ad20fe3 CB	1	/* SPDX-License-Identifier: GPL-2.0 */
	2
	3	#ifndef _LINUX_BINDER_INTERNAL_H
	4	#define _LINUX_BINDER_INTERNAL_H
	5
	6	#include <linux/export.h>
	7	#include <linux/fs.h>
	8	#include <linux/list.h>
	9	#include <linux/miscdevice.h>
	10	#include <linux/mutex.h>
f0fe2c0f	11	#include <linux/refcount.h>
3ad20fe3 CB	12	#include <linux/stddef.h>
	13	#include <linux/types.h>
	14	#include <linux/uidgid.h>
421518a2 FC	15	#include <uapi/linux/android/binderfs.h>
421518a2 FC	16	#include "binder_alloc.h"
3ad20fe3 CB	17
	18	struct binder_context {
	19	struct binder_node *binder_context_mgr_node;
	20	struct mutex context_mgr_node_lock;
	21	kuid_t binder_context_mgr_uid;
	22	const char *name;
	23	};
	24
	25	/**
	26	* struct binder_device - information about a binder device node
	27	* @hlist: list of binder devices (only used for devices requested via
	28	* CONFIG_ANDROID_BINDER_DEVICES)
	29	* @miscdev: information about a binder character device node
	30	* @context: binder context information
	31	* @binderfs_inode: This is the inode of the root dentry of the super block
	32	* belonging to a binderfs mount.
	33	*/
	34	struct binder_device {
	35	struct hlist_node hlist;
	36	struct miscdevice miscdev;
	37	struct binder_context context;
	38	struct inode *binderfs_inode;
f0fe2c0f	39	refcount_t ref;
3ad20fe3 CB	40	};
3ad20fe3 CB	41
4feb80fa HV	42	/**
	43	* binderfs_mount_opts - mount options for binderfs
	44	* @max: maximum number of allocatable binderfs binder devices
	45	* @stats_mode: enable binder stats in binderfs.
	46	*/
	47	struct binderfs_mount_opts {
	48	int max;
	49	int stats_mode;
	50	};
	51
	52	/**
	53	* binderfs_info - information about a binderfs mount
	54	* @ipc_ns: The ipc namespace the binderfs mount belongs to.
	55	* @control_dentry: This records the dentry of this binderfs mount
	56	* binder-control device.
	57	* @root_uid: uid that needs to be used when a new binder device is
	58	* created.
	59	* @root_gid: gid that needs to be used when a new binder device is
	60	* created.
	61	* @mount_opts: The mount options in use.
	62	* @device_count: The current number of allocated binder devices.
	63	* @proc_log_dir: Pointer to the directory dentry containing process-specific
	64	* logs.
	65	*/
	66	struct binderfs_info {
	67	struct ipc_namespace *ipc_ns;
	68	struct dentry *control_dentry;
	69	kuid_t root_uid;
	70	kgid_t root_gid;
	71	struct binderfs_mount_opts mount_opts;
	72	int device_count;
	73	struct dentry *proc_log_dir;
	74	};
	75
3ad20fe3 CB	76	extern const struct file_operations binder_fops;
3ad20fe3 CB	77
ca2864c6 HV	78	extern char *binder_devices_param;
ca2864c6 HV	79
3ad20fe3 CB	80	#ifdef CONFIG_ANDROID_BINDERFS
3ad20fe3 CB	81	extern bool is_binderfs_device(const struct inode *inode);
4feb80fa HV	82	extern struct dentry binderfs_create_file(struct dentry dir, const char *name,
	83	const struct file_operations *fops,
	84	void *data);
	85	extern void binderfs_remove_file(struct dentry *dentry);
3ad20fe3 CB	86	#else
	87	static inline bool is_binderfs_device(const struct inode *inode)
	88	{
	89	return false;
	90	}
4feb80fa HV	91	static inline struct dentry binderfs_create_file(struct dentry dir,
	92	const char *name,
	93	const struct file_operations *fops,
	94	void *data)
	95	{
	96	return NULL;
	97	}
	98	static inline void binderfs_remove_file(struct dentry *dentry) {}
3ad20fe3 CB	99	#endif
3ad20fe3 CB	100
5b9633af CB	101	#ifdef CONFIG_ANDROID_BINDERFS
	102	extern int __init init_binderfs(void);
	103	#else
	104	static inline int __init init_binderfs(void)
	105	{
	106	return 0;
	107	}
	108	#endif
	109
0e13e452 HV	110	int binder_stats_show(struct seq_file m, void unused);
	111	DEFINE_SHOW_ATTRIBUTE(binder_stats);
	112
	113	int binder_state_show(struct seq_file m, void unused);
	114	DEFINE_SHOW_ATTRIBUTE(binder_state);
	115
	116	int binder_transactions_show(struct seq_file m, void unused);
	117	DEFINE_SHOW_ATTRIBUTE(binder_transactions);
03e2e07e HV	118
	119	int binder_transaction_log_show(struct seq_file m, void unused);
	120	DEFINE_SHOW_ATTRIBUTE(binder_transaction_log);
	121
	122	struct binder_transaction_log_entry {
	123	int debug_id;
	124	int debug_id_done;
	125	int call_type;
	126	int from_proc;
	127	int from_thread;
	128	int target_handle;
	129	int to_proc;
	130	int to_thread;
	131	int to_node;
	132	int data_size;
	133	int offsets_size;
	134	int return_error_line;
	135	uint32_t return_error;
	136	uint32_t return_error_param;
51d8a7ec	137	char context_name[BINDERFS_MAX_NAME + 1];
03e2e07e HV	138	};
	139
	140	struct binder_transaction_log {
	141	atomic_t cur;
	142	bool full;
	143	struct binder_transaction_log_entry entry[32];
	144	};
	145
421518a2 FC	146	enum binder_stat_types {
	147	BINDER_STAT_PROC,
	148	BINDER_STAT_THREAD,
	149	BINDER_STAT_NODE,
	150	BINDER_STAT_REF,
	151	BINDER_STAT_DEATH,
	152	BINDER_STAT_TRANSACTION,
	153	BINDER_STAT_TRANSACTION_COMPLETE,
	154	BINDER_STAT_COUNT
	155	};
	156
	157	struct binder_stats {
	158	atomic_t br[_IOC_NR(BR_FAILED_REPLY) + 1];
	159	atomic_t bc[_IOC_NR(BC_REPLY_SG) + 1];
	160	atomic_t obj_created[BINDER_STAT_COUNT];
	161	atomic_t obj_deleted[BINDER_STAT_COUNT];
	162	};
	163
	164	/**
	165	* struct binder_work - work enqueued on a worklist
	166	* @entry: node enqueued on list
	167	* @type: type of work to be performed
	168	*
	169	* There are separate work lists for proc, thread, and node (async).
	170	*/
	171	struct binder_work {
	172	struct list_head entry;
	173
	174	enum binder_work_type {
	175	BINDER_WORK_TRANSACTION = 1,
	176	BINDER_WORK_TRANSACTION_COMPLETE,
	177	BINDER_WORK_RETURN_ERROR,
	178	BINDER_WORK_NODE,
	179	BINDER_WORK_DEAD_BINDER,
	180	BINDER_WORK_DEAD_BINDER_AND_CLEAR,
	181	BINDER_WORK_CLEAR_DEATH_NOTIFICATION,
	182	} type;
	183	};
	184
	185	struct binder_error {
	186	struct binder_work work;
	187	uint32_t cmd;
	188	};
	189
	190	/**
	191	* struct binder_node - binder node bookkeeping
	192	* @debug_id: unique ID for debugging
	193	* (invariant after initialized)
	194	* @lock: lock for node fields
	195	* @work: worklist element for node work
	196	* (protected by @proc->inner_lock)
	197	* @rb_node: element for proc->nodes tree
	198	* (protected by @proc->inner_lock)
	199	* @dead_node: element for binder_dead_nodes list
	200	* (protected by binder_dead_nodes_lock)
	201	* @proc: binder_proc that owns this node
	202	* (invariant after initialized)
	203	* @refs: list of references on this node
	204	* (protected by @lock)
	205	* @internal_strong_refs: used to take strong references when
	206	* initiating a transaction
	207	* (protected by @proc->inner_lock if @proc
	208	* and by @lock)
	209	* @local_weak_refs: weak user refs from local process
210	* (protected by @proc->inner_lock if @proc
211	* and by @lock)
212	* @local_strong_refs: strong user refs from local process
213	* (protected by @proc->inner_lock if @proc
214	* and by @lock)
215	* @tmp_refs: temporary kernel refs
216	* (protected by @proc->inner_lock while @proc
217	* is valid, and by binder_dead_nodes_lock
218	* if @proc is NULL. During inc/dec and node release
219	* it is also protected by @lock to provide safety
220	* as the node dies and @proc becomes NULL)
221	* @ptr: userspace pointer for node
222	* (invariant, no lock needed)
223	* @cookie: userspace cookie for node
224	* (invariant, no lock needed)
225	* @has_strong_ref: userspace notified of strong ref
226	* (protected by @proc->inner_lock if @proc
227	* and by @lock)
228	* @pending_strong_ref: userspace has acked notification of strong ref
229	* (protected by @proc->inner_lock if @proc
230	* and by @lock)
231	* @has_weak_ref: userspace notified of weak ref
232	* (protected by @proc->inner_lock if @proc
233	* and by @lock)
234	* @pending_weak_ref: userspace has acked notification of weak ref
235	* (protected by @proc->inner_lock if @proc
236	* and by @lock)
237	* @has_async_transaction: async transaction to node in progress
238	* (protected by @lock)
239	* @accept_fds: file descriptor operations supported for node
240	* (invariant after initialized)
241	* @min_priority: minimum scheduling priority
242	* (invariant after initialized)
243	* @txn_security_ctx: require sender's security context
244	* (invariant after initialized)
245	* @async_todo: list of async work items
246	* (protected by @proc->inner_lock)
247	*
248	* Bookkeeping structure for binder nodes.
249	*/
250	struct binder_node {
251	int debug_id;
252	spinlock_t lock;
253	struct binder_work work;
254	union {
255	struct rb_node rb_node;
256	struct hlist_node dead_node;
257	};
258	struct binder_proc *proc;
259	struct hlist_head refs;
260	int internal_strong_refs;
261	int local_weak_refs;
262	int local_strong_refs;
263	int tmp_refs;
264	binder_uintptr_t ptr;
265	binder_uintptr_t cookie;
266	struct {
267	/*
268	* bitfield elements protected by
269	* proc inner_lock
270	*/
271	u8 has_strong_ref:1;
272	u8 pending_strong_ref:1;
273	u8 has_weak_ref:1;
274	u8 pending_weak_ref:1;
275	};
276	struct {
277	/*
278	* invariant after initialization
279	*/
280	u8 accept_fds:1;
281	u8 txn_security_ctx:1;
282	u8 min_priority;
283	};
284	bool has_async_transaction;
285	struct list_head async_todo;
286	};
287
288	struct binder_ref_death {
289	/**
290	* @work: worklist element for death notifications
291	* (protected by inner_lock of the proc that
292	* this ref belongs to)
293	*/
294	struct binder_work work;
295	binder_uintptr_t cookie;
296	};
297
298	/**
299	* struct binder_ref_data - binder_ref counts and id
300	* @debug_id: unique ID for the ref
301	* @desc: unique userspace handle for ref
302	* @strong: strong ref count (debugging only if not locked)
303	* @weak: weak ref count (debugging only if not locked)
304	*
305	* Structure to hold ref count and ref id information. Since
306	* the actual ref can only be accessed with a lock, this structure
307	* is used to return information about the ref to callers of
308	* ref inc/dec functions.
309	*/
310	struct binder_ref_data {
311	int debug_id;
312	uint32_t desc;
313	int strong;
314	int weak;
315	};
316
317	/**
318	* struct binder_ref - struct to track references on nodes
319	* @data: binder_ref_data containing id, handle, and current refcounts
320	* @rb_node_desc: node for lookup by @data.desc in proc's rb_tree
321	* @rb_node_node: node for lookup by @node in proc's rb_tree
322	* @node_entry: list entry for node->refs list in target node
323	* (protected by @node->lock)
324	* @proc: binder_proc containing ref
325	* @node: binder_node of target node. When cleaning up a
326	* ref for deletion in binder_cleanup_ref, a non-NULL
327	* @node indicates the node must be freed
328	* @death: pointer to death notification (ref_death) if requested
329	* (protected by @node->lock)
330	*
331	* Structure to track references from procA to target node (on procB). This
332	* structure is unsafe to access without holding @proc->outer_lock.
333	*/
334	struct binder_ref {
335	/* Lookups needed: */
336	/* node + proc => ref (transaction) */
337	/* desc + proc => ref (transaction, inc/dec ref) */
338	/* node => refs + procs (proc exit) */
339	struct binder_ref_data data;
340	struct rb_node rb_node_desc;
341	struct rb_node rb_node_node;
342	struct hlist_node node_entry;
343	struct binder_proc *proc;
344	struct binder_node *node;
345	struct binder_ref_death *death;
346	};
347
348	/**
349	* struct binder_proc - binder process bookkeeping
350	* @proc_node: element for binder_procs list
351	* @threads: rbtree of binder_threads in this proc
352	* (protected by @inner_lock)
353	* @nodes: rbtree of binder nodes associated with
354	* this proc ordered by node->ptr
355	* (protected by @inner_lock)
356	* @refs_by_desc: rbtree of refs ordered by ref->desc
357	* (protected by @outer_lock)
358	* @refs_by_node: rbtree of refs ordered by ref->node
359	* (protected by @outer_lock)
360	* @waiting_threads: threads currently waiting for proc work
361	* (protected by @inner_lock)
362	* @pid PID of group_leader of process
363	* (invariant after initialized)
364	* @tsk task_struct for group_leader of process
365	* (invariant after initialized)
366	* @deferred_work_node: element for binder_deferred_list
367	* (protected by binder_deferred_lock)
368	* @deferred_work: bitmap of deferred work to perform
369	* (protected by binder_deferred_lock)
370	* @is_dead: process is dead and awaiting free
371	* when outstanding transactions are cleaned up
372	* (protected by @inner_lock)
373	* @todo: list of work for this process
374	* (protected by @inner_lock)
375	* @stats: per-process binder statistics
376	* (atomics, no lock needed)
377	* @delivered_death: list of delivered death notification
378	* (protected by @inner_lock)
379	* @max_threads: cap on number of binder threads
380	* (protected by @inner_lock)
381	* @requested_threads: number of binder threads requested but not
382	* yet started. In current implementation, can
383	* only be 0 or 1.
384	* (protected by @inner_lock)
385	* @requested_threads_started: number binder threads started
386	* (protected by @inner_lock)
387	* @tmp_ref: temporary reference to indicate proc is in use
388	* (protected by @inner_lock)
389	* @default_priority: default scheduler priority
390	* (invariant after initialized)
391	* @debugfs_entry: debugfs node
392	* @alloc: binder allocator bookkeeping
393	* @context: binder_context for this proc
394	* (invariant after initialized)
395	* @inner_lock: can nest under outer_lock and/or node lock
396	* @outer_lock: no nesting under innor or node lock
397	* Lock order: 1) outer, 2) node, 3) inner
398	* @binderfs_entry: process-specific binderfs log file
399	*
400	* Bookkeeping structure for binder processes
401	*/
402	struct binder_proc {
403	struct hlist_node proc_node;
404	struct rb_root threads;
405	struct rb_root nodes;
406	struct rb_root refs_by_desc;
407	struct rb_root refs_by_node;
408	struct list_head waiting_threads;
409	int pid;
410	struct task_struct *tsk;
411	struct hlist_node deferred_work_node;
412	int deferred_work;
413	bool is_dead;
414
415	struct list_head todo;
416	struct binder_stats stats;
417	struct list_head delivered_death;
418	int max_threads;
419	int requested_threads;
420	int requested_threads_started;
421	int tmp_ref;
422	long default_priority;
423	struct dentry *debugfs_entry;
424	struct binder_alloc alloc;
425	struct binder_context *context;
426	spinlock_t inner_lock;
427	spinlock_t outer_lock;
428	struct dentry *binderfs_entry;
429	};
430
431	/**
432	* struct binder_thread - binder thread bookkeeping
433	* @proc: binder process for this thread
434	* (invariant after initialization)
435	* @rb_node: element for proc->threads rbtree
436	* (protected by @proc->inner_lock)
437	* @waiting_thread_node: element for @proc->waiting_threads list
438	* (protected by @proc->inner_lock)
439	* @pid: PID for this thread
440	* (invariant after initialization)
441	* @looper: bitmap of looping state
442	* (only accessed by this thread)
443	* @looper_needs_return: looping thread needs to exit driver
444	* (no lock needed)
445	* @transaction_stack: stack of in-progress transactions for this thread
446	* (protected by @proc->inner_lock)
447	* @todo: list of work to do for this thread
448	* (protected by @proc->inner_lock)
449	* @process_todo: whether work in @todo should be processed
450	* (protected by @proc->inner_lock)
451	* @return_error: transaction errors reported by this thread
452	* (only accessed by this thread)
453	* @reply_error: transaction errors reported by target thread
454	* (protected by @proc->inner_lock)
455	* @wait: wait queue for thread work
456	* @stats: per-thread statistics
457	* (atomics, no lock needed)
458	* @tmp_ref: temporary reference to indicate thread is in use
459	* (atomic since @proc->inner_lock cannot
460	* always be acquired)
461	* @is_dead: thread is dead and awaiting free
462	* when outstanding transactions are cleaned up
463	* (protected by @proc->inner_lock)
464	*
465	* Bookkeeping structure for binder threads.
466	*/
467	struct binder_thread {
468	struct binder_proc *proc;
469	struct rb_node rb_node;
470	struct list_head waiting_thread_node;
471	int pid;
472	int looper; /* only modified by this thread */
473	bool looper_need_return; /* can be written by other thread */
474	struct binder_transaction *transaction_stack;
475	struct list_head todo;
476	bool process_todo;
477	struct binder_error return_error;
478	struct binder_error reply_error;
479	wait_queue_head_t wait;
480	struct binder_stats stats;
481	atomic_t tmp_ref;
482	bool is_dead;
483	};
484
485	/**
486	* struct binder_txn_fd_fixup - transaction fd fixup list element
487	* @fixup_entry: list entry
488	* @file: struct file to be associated with new fd
489	* @offset: offset in buffer data to this fixup
490	*
491	* List element for fd fixups in a transaction. Since file
492	* descriptors need to be allocated in the context of the
493	* target process, we pass each fd to be processed in this
494	* struct.
495	*/
496	struct binder_txn_fd_fixup {
497	struct list_head fixup_entry;
498	struct file *file;
499	size_t offset;
500	};
501
502	struct binder_transaction {
503	int debug_id;
504	struct binder_work work;
505	struct binder_thread *from;
506	struct binder_transaction *from_parent;
507	struct binder_proc *to_proc;
508	struct binder_thread *to_thread;
509	struct binder_transaction *to_parent;
510	unsigned need_reply:1;
511	/* unsigned is_dead:1; / / not used at the moment */
512
513	struct binder_buffer *buffer;
514	unsigned int code;
515	unsigned int flags;
516	long priority;
517	long saved_priority;
518	kuid_t sender_euid;
519	struct list_head fd_fixups;
520	binder_uintptr_t security_ctx;
521	/**
522	* @lock: protects @from, @to_proc, and @to_thread
523	*
524	* @from, @to_proc, and @to_thread can be set to NULL
525	* during thread teardown
526	*/
527	spinlock_t lock;
528	};
529
530	/**
531	* struct binder_object - union of flat binder object types
532	* @hdr: generic object header
533	* @fbo: binder object (nodes and refs)
534	* @fdo: file descriptor object
535	* @bbo: binder buffer pointer
536	* @fdao: file descriptor array
537	*
538	* Used for type-independent object copies
539	*/
540	struct binder_object {
541	union {
542	struct binder_object_header hdr;
543	struct flat_binder_object fbo;
544	struct binder_fd_object fdo;
545	struct binder_buffer_object bbo;
546	struct binder_fd_array_object fdao;
547	};
548	};
549
03e2e07e HV	550	extern struct binder_transaction_log binder_transaction_log;
03e2e07e HV	551	extern struct binder_transaction_log binder_transaction_log_failed;
3ad20fe3	552	#endif /* _LINUX_BINDER_INTERNAL_H */