2 * drivers/staging/android/ion/ion.c
4 * Copyright (C) 2011 Google, Inc.
6 * This software is licensed under the terms of the GNU General Public
7 * License version 2, as published by the Free Software Foundation, and
8 * may be copied, distributed, and modified under those terms.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
17 #include <linux/device.h>
18 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/list.h>
22 #include <linux/miscdevice.h>
23 #include <linux/export.h>
25 #include <linux/mm_types.h>
26 #include <linux/rbtree.h>
27 #include <linux/sched.h>
28 #include <linux/slab.h>
29 #include <linux/seq_file.h>
30 #include <linux/uaccess.h>
31 #include <linux/debugfs.h>
38 * struct ion_device - the metadata of the ion device node
39 * @dev: the actual misc device
40 * @buffers: an rb tree of all the existing buffers
41 * @lock: lock protecting the buffers & heaps trees
42 * @heaps: list of all the heaps in the system
43 * @user_clients: list of all the clients created from userspace
46 struct miscdevice dev;
47 struct rb_root buffers;
50 long (*custom_ioctl) (struct ion_client *client, unsigned int cmd,
52 struct rb_root user_clients;
53 struct rb_root kernel_clients;
54 struct dentry *debug_root;
58 * struct ion_client - a process/hw block local address space
59 * @ref: for reference counting the client
60 * @node: node in the tree of all clients
61 * @dev: backpointer to ion device
62 * @handles: an rb tree of all the handles in this client
63 * @lock: lock protecting the tree of handles
64 * @heap_mask: mask of all supported heaps
65 * @name: used for debugging
66 * @task: used for debugging
68 * A client represents a list of buffers this client may access.
69 * The mutex stored here is used to protect both handles tree
70 * as well as the handles themselves, and should be held while modifying either.
75 struct ion_device *dev;
76 struct rb_root handles;
78 unsigned int heap_mask;
80 struct task_struct *task;
82 struct dentry *debug_root;
86 * ion_handle - a client local reference to a buffer
87 * @ref: reference count
88 * @client: back pointer to the client the buffer resides in
89 * @buffer: pointer to the buffer
90 * @node: node in the client's handle rbtree
91 * @kmap_cnt: count of times this client has mapped to kernel
92 * @dmap_cnt: count of times this client has mapped for dma
93 * @usermap_cnt: count of times this client has mapped for userspace
95 * Modifications to node, map_cnt or mapping should be protected by the
96 * lock in the client. Other fields are never changed after initialization.
100 struct ion_client *client;
101 struct ion_buffer *buffer;
103 unsigned int kmap_cnt;
104 unsigned int dmap_cnt;
105 unsigned int usermap_cnt;
108 /* this function should only be called while dev->lock is held */
109 static void ion_buffer_add(struct ion_device *dev,
110 struct ion_buffer *buffer)
112 struct rb_node **p = &dev->buffers.rb_node;
113 struct rb_node *parent = NULL;
114 struct ion_buffer *entry;
118 entry = rb_entry(parent, struct ion_buffer, node);
120 if (buffer < entry) {
122 } else if (buffer > entry) {
125 pr_err("%s: buffer already found.", __func__);
130 rb_link_node(&buffer->node, parent, p);
131 rb_insert_color(&buffer->node, &dev->buffers);
134 /* this function should only be called while dev->lock is held */
135 static struct ion_buffer *ion_buffer_create(struct ion_heap *heap,
136 struct ion_device *dev,
141 struct ion_buffer *buffer;
144 buffer = kzalloc(sizeof(struct ion_buffer), GFP_KERNEL);
146 return ERR_PTR(-ENOMEM);
149 kref_init(&buffer->ref);
151 ret = heap->ops->allocate(heap, buffer, len, align, flags);
158 mutex_init(&buffer->lock);
159 ion_buffer_add(dev, buffer);
163 static void ion_buffer_destroy(struct kref *kref)
165 struct ion_buffer *buffer = container_of(kref, struct ion_buffer, ref);
166 struct ion_device *dev = buffer->dev;
168 buffer->heap->ops->free(buffer);
169 mutex_lock(&dev->lock);
170 rb_erase(&buffer->node, &dev->buffers);
171 mutex_unlock(&dev->lock);
175 static void ion_buffer_get(struct ion_buffer *buffer)
177 kref_get(&buffer->ref);
180 static int ion_buffer_put(struct ion_buffer *buffer)
182 return kref_put(&buffer->ref, ion_buffer_destroy);
185 static struct ion_handle *ion_handle_create(struct ion_client *client,
186 struct ion_buffer *buffer)
188 struct ion_handle *handle;
190 handle = kzalloc(sizeof(struct ion_handle), GFP_KERNEL);
192 return ERR_PTR(-ENOMEM);
193 kref_init(&handle->ref);
194 RB_CLEAR_NODE(&handle->node);
195 handle->client = client;
196 ion_buffer_get(buffer);
197 handle->buffer = buffer;
202 static void ion_handle_destroy(struct kref *kref)
204 struct ion_handle *handle = container_of(kref, struct ion_handle, ref);
205 /* XXX Can a handle be destroyed while it's map count is non-zero?:
206 if (handle->map_cnt) unmap
208 ion_buffer_put(handle->buffer);
209 mutex_lock(&handle->client->lock);
210 if (!RB_EMPTY_NODE(&handle->node))
211 rb_erase(&handle->node, &handle->client->handles);
212 mutex_unlock(&handle->client->lock);
216 struct ion_buffer *ion_handle_buffer(struct ion_handle *handle)
218 return handle->buffer;
221 static void ion_handle_get(struct ion_handle *handle)
223 kref_get(&handle->ref);
226 static int ion_handle_put(struct ion_handle *handle)
228 return kref_put(&handle->ref, ion_handle_destroy);
231 static struct ion_handle *ion_handle_lookup(struct ion_client *client,
232 struct ion_buffer *buffer)
236 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
237 struct ion_handle *handle = rb_entry(n, struct ion_handle,
239 if (handle->buffer == buffer)
245 static bool ion_handle_validate(struct ion_client *client, struct ion_handle *handle)
247 struct rb_node *n = client->handles.rb_node;
250 struct ion_handle *handle_node = rb_entry(n, struct ion_handle,
252 if (handle < handle_node)
254 else if (handle > handle_node)
262 static void ion_handle_add(struct ion_client *client, struct ion_handle *handle)
264 struct rb_node **p = &client->handles.rb_node;
265 struct rb_node *parent = NULL;
266 struct ion_handle *entry;
270 entry = rb_entry(parent, struct ion_handle, node);
274 else if (handle > entry)
277 WARN(1, "%s: buffer already found.", __func__);
280 rb_link_node(&handle->node, parent, p);
281 rb_insert_color(&handle->node, &client->handles);
284 struct ion_handle *ion_alloc(struct ion_client *client, size_t len,
285 size_t align, unsigned int flags)
288 struct ion_handle *handle;
289 struct ion_device *dev = client->dev;
290 struct ion_buffer *buffer = NULL;
293 * traverse the list of heaps available in this system in priority
294 * order. If the heap type is supported by the client, and matches the
295 * request of the caller allocate from it. Repeat until allocate has
296 * succeeded or all heaps have been tried
298 mutex_lock(&dev->lock);
299 for (n = rb_first(&dev->heaps); n != NULL; n = rb_next(n)) {
300 struct ion_heap *heap = rb_entry(n, struct ion_heap, node);
301 /* if the client doesn't support this heap type */
302 if (!((1 << heap->type) & client->heap_mask))
304 /* if the caller didn't specify this heap type */
305 if (!((1 << heap->id) & flags))
307 buffer = ion_buffer_create(heap, dev, len, align, flags);
308 if (!IS_ERR_OR_NULL(buffer))
311 mutex_unlock(&dev->lock);
313 if (IS_ERR_OR_NULL(buffer))
314 return ERR_PTR(PTR_ERR(buffer));
316 handle = ion_handle_create(client, buffer);
318 if (IS_ERR_OR_NULL(handle))
322 * ion_buffer_create will create a buffer with a ref_cnt of 1,
323 * and ion_handle_create will take a second reference, drop one here
325 ion_buffer_put(buffer);
327 mutex_lock(&client->lock);
328 ion_handle_add(client, handle);
329 mutex_unlock(&client->lock);
333 ion_buffer_put(buffer);
337 void ion_free(struct ion_client *client, struct ion_handle *handle)
341 BUG_ON(client != handle->client);
343 mutex_lock(&client->lock);
344 valid_handle = ion_handle_validate(client, handle);
345 mutex_unlock(&client->lock);
348 WARN("%s: invalid handle passed to free.\n", __func__);
351 ion_handle_put(handle);
354 static void ion_client_get(struct ion_client *client);
355 static int ion_client_put(struct ion_client *client);
357 static bool _ion_map(int *buffer_cnt, int *handle_cnt)
361 BUG_ON(*handle_cnt != 0 && *buffer_cnt == 0);
367 if (*handle_cnt == 0)
373 static bool _ion_unmap(int *buffer_cnt, int *handle_cnt)
375 BUG_ON(*handle_cnt == 0);
377 if (*handle_cnt != 0)
379 BUG_ON(*buffer_cnt == 0);
381 if (*buffer_cnt == 0)
386 int ion_phys(struct ion_client *client, struct ion_handle *handle,
387 ion_phys_addr_t *addr, size_t *len)
389 struct ion_buffer *buffer;
392 mutex_lock(&client->lock);
393 if (!ion_handle_validate(client, handle)) {
394 mutex_unlock(&client->lock);
398 buffer = handle->buffer;
400 if (!buffer->heap->ops->phys) {
401 pr_err("%s: ion_phys is not implemented by this heap.\n",
403 mutex_unlock(&client->lock);
406 mutex_unlock(&client->lock);
407 ret = buffer->heap->ops->phys(buffer->heap, buffer, addr, len);
411 void *ion_map_kernel(struct ion_client *client, struct ion_handle *handle)
413 struct ion_buffer *buffer;
416 mutex_lock(&client->lock);
417 if (!ion_handle_validate(client, handle)) {
418 pr_err("%s: invalid handle passed to map_kernel.\n",
420 mutex_unlock(&client->lock);
421 return ERR_PTR(-EINVAL);
424 buffer = handle->buffer;
425 mutex_lock(&buffer->lock);
427 if (!handle->buffer->heap->ops->map_kernel) {
428 pr_err("%s: map_kernel is not implemented by this heap.\n",
430 mutex_unlock(&buffer->lock);
431 mutex_unlock(&client->lock);
432 return ERR_PTR(-ENODEV);
435 if (_ion_map(&buffer->kmap_cnt, &handle->kmap_cnt)) {
436 vaddr = buffer->heap->ops->map_kernel(buffer->heap, buffer);
437 if (IS_ERR_OR_NULL(vaddr))
438 _ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt);
439 buffer->vaddr = vaddr;
441 vaddr = buffer->vaddr;
443 mutex_unlock(&buffer->lock);
444 mutex_unlock(&client->lock);
448 struct sg_table *ion_map_dma(struct ion_client *client,
449 struct ion_handle *handle)
451 struct ion_buffer *buffer;
452 struct sg_table *table;
454 mutex_lock(&client->lock);
455 if (!ion_handle_validate(client, handle)) {
456 pr_err("%s: invalid handle passed to map_dma.\n",
458 mutex_unlock(&client->lock);
459 return ERR_PTR(-EINVAL);
461 buffer = handle->buffer;
462 mutex_lock(&buffer->lock);
464 if (!handle->buffer->heap->ops->map_dma) {
465 pr_err("%s: map_kernel is not implemented by this heap.\n",
467 mutex_unlock(&buffer->lock);
468 mutex_unlock(&client->lock);
469 return ERR_PTR(-ENODEV);
471 if (_ion_map(&buffer->dmap_cnt, &handle->dmap_cnt)) {
472 table = buffer->heap->ops->map_dma(buffer->heap, buffer);
473 if (IS_ERR_OR_NULL(table))
474 _ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt);
475 buffer->sg_table = table;
477 table = buffer->sg_table;
479 mutex_unlock(&buffer->lock);
480 mutex_unlock(&client->lock);
484 void ion_unmap_kernel(struct ion_client *client, struct ion_handle *handle)
486 struct ion_buffer *buffer;
488 mutex_lock(&client->lock);
489 buffer = handle->buffer;
490 mutex_lock(&buffer->lock);
491 if (_ion_unmap(&buffer->kmap_cnt, &handle->kmap_cnt)) {
492 buffer->heap->ops->unmap_kernel(buffer->heap, buffer);
493 buffer->vaddr = NULL;
495 mutex_unlock(&buffer->lock);
496 mutex_unlock(&client->lock);
499 void ion_unmap_dma(struct ion_client *client, struct ion_handle *handle)
501 struct ion_buffer *buffer;
503 mutex_lock(&client->lock);
504 buffer = handle->buffer;
505 mutex_lock(&buffer->lock);
506 if (_ion_unmap(&buffer->dmap_cnt, &handle->dmap_cnt)) {
507 buffer->heap->ops->unmap_dma(buffer->heap, buffer);
508 buffer->sg_table = NULL;
510 mutex_unlock(&buffer->lock);
511 mutex_unlock(&client->lock);
515 struct ion_buffer *ion_share(struct ion_client *client,
516 struct ion_handle *handle)
520 mutex_lock(&client->lock);
521 valid_handle = ion_handle_validate(client, handle);
522 mutex_unlock(&client->lock);
524 WARN("%s: invalid handle passed to share.\n", __func__);
525 return ERR_PTR(-EINVAL);
528 /* do not take an extra reference here, the burden is on the caller
529 * to make sure the buffer doesn't go away while it's passing it
530 * to another client -- ion_free should not be called on this handle
531 * until the buffer has been imported into the other client
533 return handle->buffer;
536 struct ion_handle *ion_import(struct ion_client *client,
537 struct ion_buffer *buffer)
539 struct ion_handle *handle = NULL;
541 mutex_lock(&client->lock);
542 /* if a handle exists for this buffer just take a reference to it */
543 handle = ion_handle_lookup(client, buffer);
544 if (!IS_ERR_OR_NULL(handle)) {
545 ion_handle_get(handle);
548 handle = ion_handle_create(client, buffer);
549 if (IS_ERR_OR_NULL(handle))
551 ion_handle_add(client, handle);
553 mutex_unlock(&client->lock);
557 static const struct file_operations ion_share_fops;
559 struct ion_handle *ion_import_fd(struct ion_client *client, int fd)
561 struct file *file = fget(fd);
562 struct ion_handle *handle;
565 pr_err("%s: imported fd not found in file table.\n", __func__);
566 return ERR_PTR(-EINVAL);
568 if (file->f_op != &ion_share_fops) {
569 pr_err("%s: imported file is not a shared ion file.\n",
571 handle = ERR_PTR(-EINVAL);
574 handle = ion_import(client, file->private_data);
580 static int ion_debug_client_show(struct seq_file *s, void *unused)
582 struct ion_client *client = s->private;
584 size_t sizes[ION_NUM_HEAPS] = {0};
585 const char *names[ION_NUM_HEAPS] = {0};
588 mutex_lock(&client->lock);
589 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
590 struct ion_handle *handle = rb_entry(n, struct ion_handle,
592 enum ion_heap_type type = handle->buffer->heap->type;
595 names[type] = handle->buffer->heap->name;
596 sizes[type] += handle->buffer->size;
598 mutex_unlock(&client->lock);
600 seq_printf(s, "%16.16s: %16.16s\n", "heap_name", "size_in_bytes");
601 for (i = 0; i < ION_NUM_HEAPS; i++) {
604 seq_printf(s, "%16.16s: %16u %d\n", names[i], sizes[i],
605 atomic_read(&client->ref.refcount));
610 static int ion_debug_client_open(struct inode *inode, struct file *file)
612 return single_open(file, ion_debug_client_show, inode->i_private);
615 static const struct file_operations debug_client_fops = {
616 .open = ion_debug_client_open,
619 .release = single_release,
622 static struct ion_client *ion_client_lookup(struct ion_device *dev,
623 struct task_struct *task)
625 struct rb_node *n = dev->user_clients.rb_node;
626 struct ion_client *client;
628 mutex_lock(&dev->lock);
630 client = rb_entry(n, struct ion_client, node);
631 if (task == client->task) {
632 ion_client_get(client);
633 mutex_unlock(&dev->lock);
635 } else if (task < client->task) {
637 } else if (task > client->task) {
641 mutex_unlock(&dev->lock);
645 struct ion_client *ion_client_create(struct ion_device *dev,
646 unsigned int heap_mask,
649 struct ion_client *client;
650 struct task_struct *task;
652 struct rb_node *parent = NULL;
653 struct ion_client *entry;
657 get_task_struct(current->group_leader);
658 task_lock(current->group_leader);
659 pid = task_pid_nr(current->group_leader);
660 /* don't bother to store task struct for kernel threads,
661 they can't be killed anyway */
662 if (current->group_leader->flags & PF_KTHREAD) {
663 put_task_struct(current->group_leader);
666 task = current->group_leader;
668 task_unlock(current->group_leader);
670 /* if this isn't a kernel thread, see if a client already
673 client = ion_client_lookup(dev, task);
674 if (!IS_ERR_OR_NULL(client)) {
675 put_task_struct(current->group_leader);
680 client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
682 put_task_struct(current->group_leader);
683 return ERR_PTR(-ENOMEM);
687 client->handles = RB_ROOT;
688 mutex_init(&client->lock);
690 client->heap_mask = heap_mask;
693 kref_init(&client->ref);
695 mutex_lock(&dev->lock);
697 p = &dev->user_clients.rb_node;
700 entry = rb_entry(parent, struct ion_client, node);
702 if (task < entry->task)
704 else if (task > entry->task)
707 rb_link_node(&client->node, parent, p);
708 rb_insert_color(&client->node, &dev->user_clients);
710 p = &dev->kernel_clients.rb_node;
713 entry = rb_entry(parent, struct ion_client, node);
717 else if (client > entry)
720 rb_link_node(&client->node, parent, p);
721 rb_insert_color(&client->node, &dev->kernel_clients);
724 snprintf(debug_name, 64, "%u", client->pid);
725 client->debug_root = debugfs_create_file(debug_name, 0664,
726 dev->debug_root, client,
728 mutex_unlock(&dev->lock);
733 static void _ion_client_destroy(struct kref *kref)
735 struct ion_client *client = container_of(kref, struct ion_client, ref);
736 struct ion_device *dev = client->dev;
739 pr_debug("%s: %d\n", __func__, __LINE__);
740 while ((n = rb_first(&client->handles))) {
741 struct ion_handle *handle = rb_entry(n, struct ion_handle,
743 ion_handle_destroy(&handle->ref);
745 mutex_lock(&dev->lock);
747 rb_erase(&client->node, &dev->user_clients);
748 put_task_struct(client->task);
750 rb_erase(&client->node, &dev->kernel_clients);
752 debugfs_remove_recursive(client->debug_root);
753 mutex_unlock(&dev->lock);
758 static void ion_client_get(struct ion_client *client)
760 kref_get(&client->ref);
763 static int ion_client_put(struct ion_client *client)
765 return kref_put(&client->ref, _ion_client_destroy);
768 void ion_client_destroy(struct ion_client *client)
770 ion_client_put(client);
773 static int ion_share_release(struct inode *inode, struct file* file)
775 struct ion_buffer *buffer = file->private_data;
777 pr_debug("%s: %d\n", __func__, __LINE__);
778 /* drop the reference to the buffer -- this prevents the
779 buffer from going away because the client holding it exited
780 while it was being passed */
781 ion_buffer_put(buffer);
785 static void ion_vma_open(struct vm_area_struct *vma)
788 struct ion_buffer *buffer = vma->vm_file->private_data;
789 struct ion_handle *handle = vma->vm_private_data;
790 struct ion_client *client;
792 pr_debug("%s: %d\n", __func__, __LINE__);
793 /* check that the client still exists and take a reference so
794 it can't go away until this vma is closed */
795 client = ion_client_lookup(buffer->dev, current->group_leader);
796 if (IS_ERR_OR_NULL(client)) {
797 vma->vm_private_data = NULL;
800 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
802 atomic_read(&client->ref.refcount),
803 atomic_read(&handle->ref.refcount),
804 atomic_read(&buffer->ref.refcount));
807 static void ion_vma_close(struct vm_area_struct *vma)
809 struct ion_handle *handle = vma->vm_private_data;
810 struct ion_buffer *buffer = vma->vm_file->private_data;
811 struct ion_client *client;
813 pr_debug("%s: %d\n", __func__, __LINE__);
814 /* this indicates the client is gone, nothing to do here */
817 client = handle->client;
818 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
820 atomic_read(&client->ref.refcount),
821 atomic_read(&handle->ref.refcount),
822 atomic_read(&buffer->ref.refcount));
823 ion_handle_put(handle);
824 ion_client_put(client);
825 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
827 atomic_read(&client->ref.refcount),
828 atomic_read(&handle->ref.refcount),
829 atomic_read(&buffer->ref.refcount));
832 static struct vm_operations_struct ion_vm_ops = {
833 .open = ion_vma_open,
834 .close = ion_vma_close,
837 static int ion_share_mmap(struct file *file, struct vm_area_struct *vma)
839 struct ion_buffer *buffer = file->private_data;
840 unsigned long size = vma->vm_end - vma->vm_start;
841 struct ion_client *client;
842 struct ion_handle *handle;
845 pr_debug("%s: %d\n", __func__, __LINE__);
846 /* make sure the client still exists, it's possible for the client to
847 have gone away but the map/share fd still to be around, take
848 a reference to it so it can't go away while this mapping exists */
849 client = ion_client_lookup(buffer->dev, current->group_leader);
850 if (IS_ERR_OR_NULL(client)) {
851 pr_err("%s: trying to mmap an ion handle in a process with no "
852 "ion client\n", __func__);
856 if ((size > buffer->size) || (size + (vma->vm_pgoff << PAGE_SHIFT) >
858 pr_err("%s: trying to map larger area than handle has available"
864 /* find the handle and take a reference to it */
865 handle = ion_import(client, buffer);
866 if (IS_ERR_OR_NULL(handle)) {
871 if (!handle->buffer->heap->ops->map_user) {
872 pr_err("%s: this heap does not define a method for mapping "
873 "to userspace\n", __func__);
878 mutex_lock(&buffer->lock);
879 /* now map it to userspace */
880 ret = buffer->heap->ops->map_user(buffer->heap, buffer, vma);
881 mutex_unlock(&buffer->lock);
883 pr_err("%s: failure mapping buffer to userspace\n",
888 vma->vm_ops = &ion_vm_ops;
889 /* move the handle into the vm_private_data so we can access it from
891 vma->vm_private_data = handle;
892 pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
894 atomic_read(&client->ref.refcount),
895 atomic_read(&handle->ref.refcount),
896 atomic_read(&buffer->ref.refcount));
900 /* drop the reference to the handle */
901 ion_handle_put(handle);
903 /* drop the reference to the client */
904 ion_client_put(client);
908 static const struct file_operations ion_share_fops = {
909 .owner = THIS_MODULE,
910 .release = ion_share_release,
911 .mmap = ion_share_mmap,
914 static int ion_ioctl_share(struct file *parent, struct ion_client *client,
915 struct ion_handle *handle)
917 int fd = get_unused_fd();
923 file = anon_inode_getfile("ion_share_fd", &ion_share_fops,
924 handle->buffer, O_RDWR);
925 if (IS_ERR_OR_NULL(file))
927 ion_buffer_get(handle->buffer);
928 fd_install(fd, file);
937 static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
939 struct ion_client *client = filp->private_data;
944 struct ion_allocation_data data;
946 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
948 data.handle = ion_alloc(client, data.len, data.align,
950 if (copy_to_user((void __user *)arg, &data, sizeof(data)))
956 struct ion_handle_data data;
959 if (copy_from_user(&data, (void __user *)arg,
960 sizeof(struct ion_handle_data)))
962 mutex_lock(&client->lock);
963 valid = ion_handle_validate(client, data.handle);
964 mutex_unlock(&client->lock);
967 ion_free(client, data.handle);
973 struct ion_fd_data data;
975 if (copy_from_user(&data, (void __user *)arg, sizeof(data)))
977 mutex_lock(&client->lock);
978 if (!ion_handle_validate(client, data.handle)) {
979 pr_err("%s: invalid handle passed to share ioctl.\n",
981 mutex_unlock(&client->lock);
984 data.fd = ion_ioctl_share(filp, client, data.handle);
985 mutex_unlock(&client->lock);
986 if (copy_to_user((void __user *)arg, &data, sizeof(data)))
992 struct ion_fd_data data;
993 if (copy_from_user(&data, (void __user *)arg,
994 sizeof(struct ion_fd_data)))
997 data.handle = ion_import_fd(client, data.fd);
998 if (IS_ERR(data.handle))
1000 if (copy_to_user((void __user *)arg, &data,
1001 sizeof(struct ion_fd_data)))
1005 case ION_IOC_CUSTOM:
1007 struct ion_device *dev = client->dev;
1008 struct ion_custom_data data;
1010 if (!dev->custom_ioctl)
1012 if (copy_from_user(&data, (void __user *)arg,
1013 sizeof(struct ion_custom_data)))
1015 return dev->custom_ioctl(client, data.cmd, data.arg);
1023 static int ion_release(struct inode *inode, struct file *file)
1025 struct ion_client *client = file->private_data;
1027 pr_debug("%s: %d\n", __func__, __LINE__);
1028 ion_client_put(client);
1032 static int ion_open(struct inode *inode, struct file *file)
1034 struct miscdevice *miscdev = file->private_data;
1035 struct ion_device *dev = container_of(miscdev, struct ion_device, dev);
1036 struct ion_client *client;
1038 pr_debug("%s: %d\n", __func__, __LINE__);
1039 client = ion_client_create(dev, -1, "user");
1040 if (IS_ERR_OR_NULL(client))
1041 return PTR_ERR(client);
1042 file->private_data = client;
1047 static const struct file_operations ion_fops = {
1048 .owner = THIS_MODULE,
1050 .release = ion_release,
1051 .unlocked_ioctl = ion_ioctl,
1054 static size_t ion_debug_heap_total(struct ion_client *client,
1055 enum ion_heap_type type)
1060 mutex_lock(&client->lock);
1061 for (n = rb_first(&client->handles); n; n = rb_next(n)) {
1062 struct ion_handle *handle = rb_entry(n,
1065 if (handle->buffer->heap->type == type)
1066 size += handle->buffer->size;
1068 mutex_unlock(&client->lock);
1072 static int ion_debug_heap_show(struct seq_file *s, void *unused)
1074 struct ion_heap *heap = s->private;
1075 struct ion_device *dev = heap->dev;
1078 seq_printf(s, "%16.s %16.s %16.s\n", "client", "pid", "size");
1079 for (n = rb_first(&dev->user_clients); n; n = rb_next(n)) {
1080 struct ion_client *client = rb_entry(n, struct ion_client,
1082 char task_comm[TASK_COMM_LEN];
1083 size_t size = ion_debug_heap_total(client, heap->type);
1087 get_task_comm(task_comm, client->task);
1088 seq_printf(s, "%16.s %16u %16u\n", task_comm, client->pid,
1092 for (n = rb_first(&dev->kernel_clients); n; n = rb_next(n)) {
1093 struct ion_client *client = rb_entry(n, struct ion_client,
1095 size_t size = ion_debug_heap_total(client, heap->type);
1098 seq_printf(s, "%16.s %16u %16u\n", client->name, client->pid,
1104 static int ion_debug_heap_open(struct inode *inode, struct file *file)
1106 return single_open(file, ion_debug_heap_show, inode->i_private);
1109 static const struct file_operations debug_heap_fops = {
1110 .open = ion_debug_heap_open,
1112 .llseek = seq_lseek,
1113 .release = single_release,
1116 void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap)
1118 struct rb_node **p = &dev->heaps.rb_node;
1119 struct rb_node *parent = NULL;
1120 struct ion_heap *entry;
1123 mutex_lock(&dev->lock);
1126 entry = rb_entry(parent, struct ion_heap, node);
1128 if (heap->id < entry->id) {
1130 } else if (heap->id > entry->id ) {
1131 p = &(*p)->rb_right;
1133 pr_err("%s: can not insert multiple heaps with "
1134 "id %d\n", __func__, heap->id);
1139 rb_link_node(&heap->node, parent, p);
1140 rb_insert_color(&heap->node, &dev->heaps);
1141 debugfs_create_file(heap->name, 0664, dev->debug_root, heap,
1144 mutex_unlock(&dev->lock);
1147 struct ion_device *ion_device_create(long (*custom_ioctl)
1148 (struct ion_client *client,
1152 struct ion_device *idev;
1155 idev = kzalloc(sizeof(struct ion_device), GFP_KERNEL);
1157 return ERR_PTR(-ENOMEM);
1159 idev->dev.minor = MISC_DYNAMIC_MINOR;
1160 idev->dev.name = "ion";
1161 idev->dev.fops = &ion_fops;
1162 idev->dev.parent = NULL;
1163 ret = misc_register(&idev->dev);
1165 pr_err("ion: failed to register misc device.\n");
1166 return ERR_PTR(ret);
1169 idev->debug_root = debugfs_create_dir("ion", NULL);
1170 if (IS_ERR_OR_NULL(idev->debug_root))
1171 pr_err("ion: failed to create debug files.\n");
1173 idev->custom_ioctl = custom_ioctl;
1174 idev->buffers = RB_ROOT;
1175 mutex_init(&idev->lock);
1176 idev->heaps = RB_ROOT;
1177 idev->user_clients = RB_ROOT;
1178 idev->kernel_clients = RB_ROOT;
1182 void ion_device_destroy(struct ion_device *dev)
1184 misc_deregister(&dev->dev);
1185 /* XXX need to free the heaps and clients ? */
projects / linux-2.6-block.git / blob