Lines Matching refs:buffer
305 void *buffer;
346 /* buffer. Used when sending a reply to a dead process that */
363 struct binder_buffer *buffer;
455 struct binder_buffer *buffer)
457 if (list_is_last(&buffer->entry, &proc->buffers))
458 return proc->buffer + proc->buffer_size - (void *)buffer->data;
459 return (size_t)list_entry(buffer->entry.next,
460 struct binder_buffer, entry) - (size_t)buffer->data;
468 struct binder_buffer *buffer;
477 "%d: add free buffer, size %zd, at %p\n",
482 buffer = rb_entry(parent, struct binder_buffer, rb_node);
483 BUG_ON(!buffer->free);
485 buffer_size = binder_buffer_size(proc, buffer);
501 struct binder_buffer *buffer;
507 buffer = rb_entry(parent, struct binder_buffer, rb_node);
508 BUG_ON(buffer->free);
510 if (new_buffer < buffer)
512 else if (new_buffer > buffer)
525 struct binder_buffer *buffer;
532 buffer = rb_entry(n, struct binder_buffer, rb_node);
533 BUG_ON(buffer->free);
535 if (kern_ptr < buffer)
537 else if (kern_ptr > buffer)
540 return buffer;
591 page = &proc->pages[(page_addr - proc->buffer) / PAGE_SIZE];
627 page = &proc->pages[(page_addr - proc->buffer) / PAGE_SIZE];
652 struct binder_buffer *buffer;
683 buffer = rb_entry(n, struct binder_buffer, rb_node);
684 BUG_ON(!buffer->free);
685 buffer_size = binder_buffer_size(proc, buffer);
703 buffer = rb_entry(best_fit, struct binder_buffer, rb_node);
704 buffer_size = binder_buffer_size(proc, buffer);
708 "%d: binder_alloc_buf size %zd got buffer %p size %zd\n",
709 proc->pid, size, buffer, buffer_size);
712 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK);
720 (void *)PAGE_ALIGN((uintptr_t)buffer->data + buffer_size);
724 (void *)PAGE_ALIGN((uintptr_t)buffer->data), end_page_addr, NULL))
728 buffer->free = 0;
729 binder_insert_allocated_buffer(proc, buffer);
731 struct binder_buffer *new_buffer = (void *)buffer->data + size;
733 list_add(&new_buffer->entry, &buffer->entry);
739 proc->pid, size, buffer);
740 buffer->data_size = data_size;
741 buffer->offsets_size = offsets_size;
742 buffer->async_transaction = is_async;
750 return buffer;
753 static void *buffer_start_page(struct binder_buffer *buffer)
755 return (void *)((uintptr_t)buffer & PAGE_MASK);
758 static void *buffer_end_page(struct binder_buffer *buffer)
760 return (void *)(((uintptr_t)(buffer + 1) - 1) & PAGE_MASK);
764 struct binder_buffer *buffer)
770 BUG_ON(proc->buffers.next == &buffer->entry);
771 prev = list_entry(buffer->entry.prev, struct binder_buffer, entry);
773 if (buffer_end_page(prev) == buffer_start_page(buffer)) {
775 if (buffer_end_page(prev) == buffer_end_page(buffer))
778 "%d: merge free, buffer %p share page with %p\n",
779 proc->pid, buffer, prev);
782 if (!list_is_last(&buffer->entry, &proc->buffers)) {
783 next = list_entry(buffer->entry.next,
785 if (buffer_start_page(next) == buffer_end_page(buffer)) {
788 buffer_start_page(buffer))
791 "%d: merge free, buffer %p share page with %p\n",
792 proc->pid, buffer, prev);
795 list_del(&buffer->entry);
798 "%d: merge free, buffer %p do not share page%s%s with %p or %p\n",
799 proc->pid, buffer, free_page_start ? "" : " end",
802 buffer_start_page(buffer) : buffer_end_page(buffer),
803 (free_page_end ? buffer_end_page(buffer) :
804 buffer_start_page(buffer)) + PAGE_SIZE, NULL);
809 struct binder_buffer *buffer)
813 buffer_size = binder_buffer_size(proc, buffer);
815 size = ALIGN(buffer->data_size, sizeof(void *)) +
816 ALIGN(buffer->offsets_size, sizeof(void *));
820 proc->pid, buffer, size, buffer_size);
822 BUG_ON(buffer->free);
824 BUG_ON(buffer->transaction != NULL);
825 BUG_ON((void *)buffer < proc->buffer);
826 BUG_ON((void *)buffer > proc->buffer + proc->buffer_size);
828 if (buffer->async_transaction) {
837 (void *)PAGE_ALIGN((uintptr_t)buffer->data),
838 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK),
840 rb_erase(&buffer->rb_node, &proc->allocated_buffers);
841 buffer->free = 1;
842 if (!list_is_last(&buffer->entry, &proc->buffers)) {
843 struct binder_buffer *next = list_entry(buffer->entry.next,
851 if (proc->buffers.next != &buffer->entry) {
852 struct binder_buffer *prev = list_entry(buffer->entry.prev,
856 binder_delete_free_buffer(proc, buffer);
858 buffer = prev;
861 binder_insert_free_buffer(proc, buffer);
1178 if (t->buffer)
1179 t->buffer->transaction = NULL;
1238 struct binder_buffer *buffer,
1242 int debug_id = buffer->debug_id;
1245 "%d buffer release %d, size %zd-%zd, failed at %p\n",
1246 proc->pid, buffer->debug_id,
1247 buffer->data_size, buffer->offsets_size, failed_at);
1249 if (buffer->target_node)
1250 binder_dec_node(buffer->target_node, 1, 0);
1252 offp = (binder_size_t *)(buffer->data +
1253 ALIGN(buffer->data_size, sizeof(void *)));
1257 off_end = (void *)offp + buffer->offsets_size;
1261 if (*offp > buffer->data_size - sizeof(*fp) ||
1262 buffer->data_size < sizeof(*fp) ||
1265 debug_id, (u64)*offp, buffer->data_size);
1268 fp = (struct flat_binder_object *)(buffer->data + *offp);
1459 (u64)tr->data.ptr.buffer,
1467 (u64)tr->data.ptr.buffer,
1484 t->buffer = binder_alloc_buf(target_proc, tr->data_size,
1486 if (t->buffer == NULL) {
1490 t->buffer->allow_user_free = 0;
1491 t->buffer->debug_id = t->debug_id;
1492 t->buffer->transaction = t;
1493 t->buffer->target_node = target_node;
1494 trace_binder_transaction_alloc_buf(t->buffer);
1498 offp = (binder_size_t *)(t->buffer->data +
1501 if (copy_from_user(t->buffer->data, (const void __user *)(uintptr_t)
1502 tr->data.ptr.buffer, tr->data_size)) {
1526 if (*offp > t->buffer->data_size - sizeof(*fp) ||
1528 t->buffer->data_size < sizeof(*fp) ||
1533 (u64)(t->buffer->data_size -
1538 fp = (struct flat_binder_object *)(t->buffer->data + *offp);
1685 BUG_ON(t->buffer->async_transaction != 0);
1688 BUG_ON(t->buffer->async_transaction != 0);
1694 BUG_ON(t->buffer->async_transaction != 1);
1718 trace_binder_transaction_failed_buffer_release(t->buffer);
1719 binder_transaction_buffer_release(target_proc, t->buffer, offp);
1720 t->buffer->transaction = NULL;
1721 binder_free_buf(target_proc, t->buffer);
1760 void __user *buffer = (void __user *)(uintptr_t)binder_buffer;
1761 void __user *ptr = buffer + *consumed;
1762 void __user *end = buffer + size;
1892 struct binder_buffer *buffer;
1898 buffer = binder_buffer_lookup(proc, data_ptr);
1899 if (buffer == NULL) {
1904 if (!buffer->allow_user_free) {
1905 binder_user_error("%d:%d BC_FREE_BUFFER u%016llx matched unreturned buffer\n",
1910 "%d:%d BC_FREE_BUFFER u%016llx found buffer %d for %s transaction\n",
1912 buffer->debug_id,
1913 buffer->transaction ? "active" : "finished");
1915 if (buffer->transaction) {
1916 buffer->transaction->buffer = NULL;
1917 buffer->transaction = NULL;
1919 if (buffer->async_transaction && buffer->target_node) {
1920 BUG_ON(!buffer->target_node->has_async_transaction);
1921 if (list_empty(&buffer->target_node->async_todo))
1922 buffer->target_node->has_async_transaction = 0;
1924 list_move_tail(buffer->target_node->async_todo.next, &thread->todo);
1926 trace_binder_transaction_buffer_release(buffer);
1927 binder_transaction_buffer_release(proc, buffer, NULL);
1928 binder_free_buf(proc, buffer);
2112 *consumed = ptr - buffer;
2146 void __user *buffer = (void __user *)(uintptr_t)binder_buffer;
2147 void __user *ptr = buffer + *consumed;
2148 void __user *end = buffer + size;
2236 if (ptr - buffer == 4 &&
2374 BUG_ON(t->buffer == NULL);
2375 if (t->buffer->target_node) {
2376 struct binder_node *target_node = t->buffer->target_node;
2406 tr.data_size = t->buffer->data_size;
2407 tr.offsets_size = t->buffer->offsets_size;
2408 tr.data.ptr.buffer = (binder_uintptr_t)(
2409 (uintptr_t)t->buffer->data +
2411 tr.data.ptr.offsets = tr.data.ptr.buffer +
2412 ALIGN(t->buffer->data_size,
2431 t->buffer->data_size, t->buffer->offsets_size,
2432 (u64)tr.data.ptr.buffer, (u64)tr.data.ptr.offsets);
2435 t->buffer->allow_user_free = 1;
2441 t->buffer->transaction = NULL;
2450 *consumed = ptr - buffer;
2460 if (put_user(BR_SPAWN_LOOPER, (uint32_t __user *)buffer))
2479 if (t->buffer->target_node &&
2486 t->buffer->transaction = NULL;
2574 if (t->buffer) {
2575 t->buffer->transaction = NULL;
2576 t->buffer = NULL;
2848 struct binder_buffer *buffer;
2870 if (proc->buffer) {
2882 proc->buffer = area->addr;
2883 proc->user_buffer_offset = vma->vm_start - (uintptr_t)proc->buffer;
2888 while (CACHE_COLOUR((vma->vm_start ^ (uint32_t)proc->buffer))) {
2889 pr_info("binder_mmap: %d %lx-%lx maps %p bad alignment\n", proc->pid, vma->vm_start, vma->vm_end, proc->buffer);
2905 if (binder_update_page_range(proc, 1, proc->buffer, proc->buffer + PAGE_SIZE, vma)) {
2910 buffer = proc->buffer;
2912 list_add(&buffer->entry, &proc->buffers);
2913 buffer->free = 1;
2914 binder_insert_free_buffer(proc, buffer);
2922 proc->pid, vma->vm_start, vma->vm_end, proc->buffer);*/
2930 vfree(proc->buffer);
2931 proc->buffer = NULL;
3116 struct binder_buffer *buffer;
3118 buffer = rb_entry(n, struct binder_buffer, rb_node);
3120 t = buffer->transaction;
3122 t->buffer = NULL;
3123 buffer->transaction = NULL;
3129 binder_free_buf(proc, buffer);
3145 page_addr = proc->buffer + i * PAGE_SIZE;
3154 vfree(proc->buffer);
3233 if (t->buffer == NULL) {
3234 seq_puts(m, " buffer free\n");
3237 if (t->buffer->target_node)
3239 t->buffer->target_node->debug_id);
3241 t->buffer->data_size, t->buffer->offsets_size,
3242 t->buffer->data);
3246 struct binder_buffer *buffer)
3249 prefix, buffer->debug_id, buffer->data,
3250 buffer->data_size, buffer->offsets_size,
3251 buffer->transaction ? "active" : "delivered");
3384 print_binder_buffer(m, " buffer",