LXR linux/drivers/android/binder_alloc

   1// SPDX-License-Identifier: GPL-2.0-only
   2/* binder_alloc_selftest.c
   3 *
   4 * Android IPC Subsystem
   5 *
   6 * Copyright (C) 2017 Google, Inc.
   7 */
   8
   9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  10
  11#include <linux/mm_types.h>
  12#include <linux/err.h>
  13#include "binder_alloc.h"
  14
  15#define BUFFER_NUM 5
  16#define BUFFER_MIN_SIZE (PAGE_SIZE / 8)
  17
  18static bool binder_selftest_run = true;
  19static int binder_selftest_failures;
  20static DEFINE_MUTEX(binder_selftest_lock);
  21
  22/**
  23 * enum buf_end_align_type - Page alignment of a buffer
  24 * end with regard to the end of the previous buffer.
  25 *
  26 * In the pictures below, buf2 refers to the buffer we
  27 * are aligning. buf1 refers to previous buffer by addr.
  28 * Symbol [ means the start of a buffer, ] means the end
  29 * of a buffer, and | means page boundaries.
  30 */
  31enum buf_end_align_type {
  32        /**
  33         * @SAME_PAGE_UNALIGNED: The end of this buffer is on
  34         * the same page as the end of the previous buffer and
  35         * is not page aligned. Examples:
  36         * buf1 ][ buf2 ][ ...
  37         * buf1 ]|[ buf2 ][ ...
  38         */
  39        SAME_PAGE_UNALIGNED = 0,
  40        /**
  41         * @SAME_PAGE_ALIGNED: When the end of the previous buffer
  42         * is not page aligned, the end of this buffer is on the
  43         * same page as the end of the previous buffer and is page
  44         * aligned. When the previous buffer is page aligned, the
  45         * end of this buffer is aligned to the next page boundary.
  46         * Examples:
  47         * buf1 ][ buf2 ]| ...
  48         * buf1 ]|[ buf2 ]| ...
  49         */
  50        SAME_PAGE_ALIGNED,
  51        /**
  52         * @NEXT_PAGE_UNALIGNED: The end of this buffer is on
  53         * the page next to the end of the previous buffer and
  54         * is not page aligned. Examples:
  55         * buf1 ][ buf2 | buf2 ][ ...
  56         * buf1 ]|[ buf2 | buf2 ][ ...
  57         */
  58        NEXT_PAGE_UNALIGNED,
  59        /**
  60         * @NEXT_PAGE_ALIGNED: The end of this buffer is on
  61         * the page next to the end of the previous buffer and
  62         * is page aligned. Examples:
  63         * buf1 ][ buf2 | buf2 ]| ...
  64         * buf1 ]|[ buf2 | buf2 ]| ...
  65         */
  66        NEXT_PAGE_ALIGNED,
  67        /**
  68         * @NEXT_NEXT_UNALIGNED: The end of this buffer is on
  69         * the page that follows the page after the end of the
  70         * previous buffer and is not page aligned. Examples:
  71         * buf1 ][ buf2 | buf2 | buf2 ][ ...
  72         * buf1 ]|[ buf2 | buf2 | buf2 ][ ...
  73         */
  74        NEXT_NEXT_UNALIGNED,
  75        LOOP_END,
  76};
  77
  78static void pr_err_size_seq(size_t *sizes, int *seq)
  79{
  80        int i;
  81
  82        pr_err("alloc sizes: ");
  83        for (i = 0; i < BUFFER_NUM; i++)
  84                pr_cont("[%zu]", sizes[i]);
  85        pr_cont("\n");
  86        pr_err("free seq: ");
  87        for (i = 0; i < BUFFER_NUM; i++)
  88                pr_cont("[%d]", seq[i]);
  89        pr_cont("\n");
  90}
  91
  92static bool check_buffer_pages_allocated(struct binder_alloc *alloc,
  93                                         struct binder_buffer *buffer,
  94                                         size_t size)
  95{
  96        void __user *page_addr;
  97        void __user *end;
  98        int page_index;
  99
 100        end = (void __user *)PAGE_ALIGN((uintptr_t)buffer->user_data + size);
 101        page_addr = buffer->user_data;
 102        for (; page_addr < end; page_addr += PAGE_SIZE) {
 103                page_index = (page_addr - alloc->buffer) / PAGE_SIZE;
 104                if (!alloc->pages[page_index].page_ptr ||
 105                    !list_empty(&alloc->pages[page_index].lru)) {
 106                        pr_err("expect alloc but is %s at page index %d\n",
 107                               alloc->pages[page_index].page_ptr ?
 108                               "lru" : "free", page_index);
 109                        return false;
 110                }
 111        }
 112        return true;
 113}
 114
 115static void binder_selftest_alloc_buf(struct binder_alloc *alloc,
 116                                      struct binder_buffer *buffers[],
 117                                      size_t *sizes, int *seq)
 118{
 119        int i;
 120
 121        for (i = 0; i < BUFFER_NUM; i++) {
 122                buffers[i] = binder_alloc_new_buf(alloc, sizes[i], 0, 0, 0, 0);
 123                if (IS_ERR(buffers[i]) ||
 124                    !check_buffer_pages_allocated(alloc, buffers[i],
 125                                                  sizes[i])) {
 126                        pr_err_size_seq(sizes, seq);
 127                        binder_selftest_failures++;
 128                }
 129        }
 130}
 131
 132static void binder_selftest_free_buf(struct binder_alloc *alloc,
 133                                     struct binder_buffer *buffers[],
 134                                     size_t *sizes, int *seq, size_t end)
 135{
 136        int i;
 137
 138        for (i = 0; i < BUFFER_NUM; i++)
 139                binder_alloc_free_buf(alloc, buffers[seq[i]]);
 140
 141        for (i = 0; i < end / PAGE_SIZE; i++) {
 142                /**
 143                 * Error message on a free page can be false positive
 144                 * if binder shrinker ran during binder_alloc_free_buf
 145                 * calls above.
 146                 */
 147                if (list_empty(&alloc->pages[i].lru)) {
 148                        pr_err_size_seq(sizes, seq);
 149                        pr_err("expect lru but is %s at page index %d\n",
 150                               alloc->pages[i].page_ptr ? "alloc" : "free", i);
 151                        binder_selftest_failures++;
 152                }
 153        }
 154}
 155
 156static void binder_selftest_free_page(struct binder_alloc *alloc)
 157{
 158        int i;
 159        unsigned long count;
 160
 161        while ((count = list_lru_count(&binder_alloc_lru))) {
 162                list_lru_walk(&binder_alloc_lru, binder_alloc_free_page,
 163                              NULL, count);
 164        }
 165
 166        for (i = 0; i < (alloc->buffer_size / PAGE_SIZE); i++) {
 167                if (alloc->pages[i].page_ptr) {
 168                        pr_err("expect free but is %s at page index %d\n",
 169                               list_empty(&alloc->pages[i].lru) ?
 170                               "alloc" : "lru", i);
 171                        binder_selftest_failures++;
 172                }
 173        }
 174}
 175
 176static void binder_selftest_alloc_free(struct binder_alloc *alloc,
 177                                       size_t *sizes, int *seq, size_t end)
 178{
 179        struct binder_buffer *buffers[BUFFER_NUM];
 180
 181        binder_selftest_alloc_buf(alloc, buffers, sizes, seq);
 182        binder_selftest_free_buf(alloc, buffers, sizes, seq, end);
 183
 184        /* Allocate from lru. */
 185        binder_selftest_alloc_buf(alloc, buffers, sizes, seq);
 186        if (list_lru_count(&binder_alloc_lru))
 187                pr_err("lru list should be empty but is not\n");
 188
 189        binder_selftest_free_buf(alloc, buffers, sizes, seq, end);
 190        binder_selftest_free_page(alloc);
 191}
 192
 193static bool is_dup(int *seq, int index, int val)
 194{
 195        int i;
 196
 197        for (i = 0; i < index; i++) {
 198                if (seq[i] == val)
 199                        return true;
 200        }
 201        return false;
 202}
 203
 204/* Generate BUFFER_NUM factorial free orders. */
 205static void binder_selftest_free_seq(struct binder_alloc *alloc,
 206                                     size_t *sizes, int *seq,
 207                                     int index, size_t end)
 208{
 209        int i;
 210
 211        if (index == BUFFER_NUM) {
 212                binder_selftest_alloc_free(alloc, sizes, seq, end);
 213                return;
 214        }
 215        for (i = 0; i < BUFFER_NUM; i++) {
 216                if (is_dup(seq, index, i))
 217                        continue;
 218                seq[index] = i;
 219                binder_selftest_free_seq(alloc, sizes, seq, index + 1, end);
 220        }
 221}
 222
 223static void binder_selftest_alloc_size(struct binder_alloc *alloc,
 224                                       size_t *end_offset)
 225{
 226        int i;
 227        int seq[BUFFER_NUM] = {0};
 228        size_t front_sizes[BUFFER_NUM];
 229        size_t back_sizes[BUFFER_NUM];
 230        size_t last_offset, offset = 0;
 231
 232        for (i = 0; i < BUFFER_NUM; i++) {
 233                last_offset = offset;
 234                offset = end_offset[i];
 235                front_sizes[i] = offset - last_offset;
 236                back_sizes[BUFFER_NUM - i - 1] = front_sizes[i];
 237        }
 238        /*
 239         * Buffers share the first or last few pages.
 240         * Only BUFFER_NUM - 1 buffer sizes are adjustable since
 241         * we need one giant buffer before getting to the last page.
 242         */
 243        back_sizes[0] += alloc->buffer_size - end_offset[BUFFER_NUM - 1];
 244        binder_selftest_free_seq(alloc, front_sizes, seq, 0,
 245                                 end_offset[BUFFER_NUM - 1]);
 246        binder_selftest_free_seq(alloc, back_sizes, seq, 0, alloc->buffer_size);
 247}
 248
 249static void binder_selftest_alloc_offset(struct binder_alloc *alloc,
 250                                         size_t *end_offset, int index)
 251{
 252        int align;
 253        size_t end, prev;
 254
 255        if (index == BUFFER_NUM) {
 256                binder_selftest_alloc_size(alloc, end_offset);
 257                return;
 258        }
 259        prev = index == 0 ? 0 : end_offset[index - 1];
 260        end = prev;
 261
 262        BUILD_BUG_ON(BUFFER_MIN_SIZE * BUFFER_NUM >= PAGE_SIZE);
 263
 264        for (align = SAME_PAGE_UNALIGNED; align < LOOP_END; align++) {
 265                if (align % 2)
 266                        end = ALIGN(end, PAGE_SIZE);
 267                else
 268                        end += BUFFER_MIN_SIZE;
 269                end_offset[index] = end;
 270                binder_selftest_alloc_offset(alloc, end_offset, index + 1);
 271        }
 272}
 273
 274/**
 275 * binder_selftest_alloc() - Test alloc and free of buffer pages.
 276 * @alloc: Pointer to alloc struct.
 277 *
 278 * Allocate BUFFER_NUM buffers to cover all page alignment cases,
 279 * then free them in all orders possible. Check that pages are
 280 * correctly allocated, put onto lru when buffers are freed, and
 281 * are freed when binder_alloc_free_page is called.
 282 */
 283void binder_selftest_alloc(struct binder_alloc *alloc)
 284{
 285        size_t end_offset[BUFFER_NUM];
 286
 287        if (!binder_selftest_run)
 288                return;
 289        mutex_lock(&binder_selftest_lock);
 290        if (!binder_selftest_run || !alloc->vma)
 291                goto done;
 292        pr_info("STARTED\n");
 293        binder_selftest_alloc_offset(alloc, end_offset, 0);
 294        binder_selftest_run = false;
 295        if (binder_selftest_failures > 0)
 296                pr_info("%d tests FAILED\n", binder_selftest_failures);
 297        else
 298                pr_info("PASSED\n");
 299
 300done:
 301        mutex_unlock(&binder_selftest_lock);
 302}
 303