Lines Matching defs:node
18 * 2) node->lock : protects most fields of binder_node.
21 * 3) proc->inner_lock : protects the thread and node lists
25 * node->async_todo), as well as thread->transaction_stack
35 * foo_olocked() : requires node->outer_lock
36 * foo_nlocked() : requires node->lock
39 * foo_nilocked(): requires node->lock and proc->inner_lock
355 * @node: struct binder_node to acquire
357 * Acquires node->lock. Used to protect binder_node fields
359 #define binder_node_lock(node) _binder_node_lock(node, __LINE__)
361 _binder_node_lock(struct binder_node *node, int line)
362 __acquires(&node->lock)
366 spin_lock(&node->lock);
371 * @node: struct binder_node to acquire
375 #define binder_node_unlock(node) _binder_node_unlock(node, __LINE__)
377 _binder_node_unlock(struct binder_node *node, int line)
378 __releases(&node->lock)
382 spin_unlock(&node->lock);
386 * binder_node_inner_lock() - Acquire node and inner locks
387 * @node: struct binder_node to acquire
389 * Acquires node->lock. If node->proc also acquires
392 #define binder_node_inner_lock(node) _binder_node_inner_lock(node, __LINE__)
394 _binder_node_inner_lock(struct binder_node *node, int line)
395 __acquires(&node->lock) __acquires(&node->proc->inner_lock)
399 spin_lock(&node->lock);
400 if (node->proc)
401 binder_inner_proc_lock(node->proc);
404 __acquire(&node->proc->inner_lock);
408 * binder_node_inner_unlock() - Release node and inner locks
409 * @node: struct binder_node to acquire
413 #define binder_node_inner_unlock(node) _binder_node_inner_unlock(node, __LINE__)
415 _binder_node_inner_unlock(struct binder_node *node, int line)
416 __releases(&node->lock) __releases(&node->proc->inner_lock)
418 struct binder_proc *proc = node->proc;
426 __release(&node->proc->inner_lock);
427 spin_unlock(&node->lock);
574 static void binder_inc_node_tmpref_ilocked(struct binder_node *node);
735 struct binder_node *node;
740 node = rb_entry(n, struct binder_node, rb_node);
742 if (ptr < node->ptr)
744 else if (ptr > node->ptr)
749 * to ensure node stays alive until
752 binder_inc_node_tmpref_ilocked(node);
753 return node;
762 struct binder_node *node;
765 node = binder_get_node_ilocked(proc, ptr);
767 return node;
777 struct binder_node *node;
787 node = rb_entry(parent, struct binder_node, rb_node);
789 if (ptr < node->ptr)
791 else if (ptr > node->ptr)
795 * A matching node is already in
799 binder_inc_node_tmpref_ilocked(node);
800 return node;
803 node = new_node;
805 node->tmp_refs++;
806 rb_link_node(&node->rb_node, parent, p);
807 rb_insert_color(&node->rb_node, &proc->nodes);
808 node->debug_id = atomic_inc_return(&binder_last_id);
809 node->proc = proc;
810 node->ptr = ptr;
811 node->cookie = cookie;
812 node->work.type = BINDER_WORK_NODE;
813 node->min_priority = flags & FLAT_BINDER_FLAG_PRIORITY_MASK;
814 node->accept_fds = !!(flags & FLAT_BINDER_FLAG_ACCEPTS_FDS);
815 node->txn_security_ctx = !!(flags & FLAT_BINDER_FLAG_TXN_SECURITY_CTX);
816 spin_lock_init(&node->lock);
817 INIT_LIST_HEAD(&node->work.entry);
818 INIT_LIST_HEAD(&node->async_todo);
820 "%d:%d node %d u%016llx c%016llx created\n",
821 proc->pid, current->pid, node->debug_id,
822 (u64)node->ptr, (u64)node->cookie);
824 return node;
830 struct binder_node *node;
831 struct binder_node *new_node = kzalloc(sizeof(*node), GFP_KERNEL);
836 node = binder_init_node_ilocked(proc, new_node, fp);
838 if (node != new_node)
840 * The node was already added by another thread
844 return node;
847 static void binder_free_node(struct binder_node *node)
849 kfree(node);
853 static int binder_inc_node_nilocked(struct binder_node *node, int strong,
857 struct binder_proc *proc = node->proc;
859 assert_spin_locked(&node->lock);
865 node->internal_strong_refs == 0 &&
866 !(node->proc &&
867 node == node->proc->context->binder_context_mgr_node &&
868 node->has_strong_ref)) {
869 pr_err("invalid inc strong node for %d\n",
870 node->debug_id);
873 node->internal_strong_refs++;
875 node->local_strong_refs++;
876 if (!node->has_strong_ref && target_list) {
879 binder_dequeue_work_ilocked(&node->work);
882 &node->work);
886 node->local_weak_refs++;
887 if (!node->has_weak_ref && list_empty(&node->work.entry)) {
889 pr_err("invalid inc weak node for %d\n",
890 node->debug_id);
896 binder_enqueue_work_ilocked(&node->work, target_list);
902 static int binder_inc_node(struct binder_node *node, int strong, int internal,
907 binder_node_inner_lock(node);
908 ret = binder_inc_node_nilocked(node, strong, internal, target_list);
909 binder_node_inner_unlock(node);
914 static bool binder_dec_node_nilocked(struct binder_node *node,
917 struct binder_proc *proc = node->proc;
919 assert_spin_locked(&node->lock);
924 node->internal_strong_refs--;
926 node->local_strong_refs--;
927 if (node->local_strong_refs || node->internal_strong_refs)
931 node->local_weak_refs--;
932 if (node->local_weak_refs || node->tmp_refs ||
933 !hlist_empty(&node->refs))
937 if (proc && (node->has_strong_ref || node->has_weak_ref)) {
938 if (list_empty(&node->work.entry)) {
939 binder_enqueue_work_ilocked(&node->work, &proc->todo);
943 if (hlist_empty(&node->refs) && !node->local_strong_refs &&
944 !node->local_weak_refs && !node->tmp_refs) {
946 binder_dequeue_work_ilocked(&node->work);
947 rb_erase(&node->rb_node, &proc->nodes);
949 "refless node %d deleted\n",
950 node->debug_id);
952 BUG_ON(!list_empty(&node->work.entry));
958 if (node->tmp_refs) {
962 hlist_del(&node->dead_node);
965 "dead node %d deleted\n",
966 node->debug_id);
974 static void binder_dec_node(struct binder_node *node, int strong, int internal)
978 binder_node_inner_lock(node);
979 free_node = binder_dec_node_nilocked(node, strong, internal);
980 binder_node_inner_unlock(node);
982 binder_free_node(node);
985 static void binder_inc_node_tmpref_ilocked(struct binder_node *node)
992 node->tmp_refs++;
996 * binder_inc_node_tmpref() - take a temporary reference on node
997 * @node: node to reference
999 * Take reference on node to prevent the node from being freed
1001 * needed to serialize with the node work on the queue (which
1002 * isn't needed after the node is dead). If the node is dead
1003 * (node->proc is NULL), use binder_dead_nodes_lock to protect
1004 * node->tmp_refs against dead-node-only cases where the node
1005 * lock cannot be acquired (eg traversing the dead node list to
1008 static void binder_inc_node_tmpref(struct binder_node *node)
1010 binder_node_lock(node);
1011 if (node->proc)
1012 binder_inner_proc_lock(node->proc);
1015 binder_inc_node_tmpref_ilocked(node);
1016 if (node->proc)
1017 binder_inner_proc_unlock(node->proc);
1020 binder_node_unlock(node);
1024 * binder_dec_node_tmpref() - remove a temporary reference on node
1025 * @node: node to reference
1027 * Release temporary reference on node taken via binder_inc_node_tmpref()
1029 static void binder_dec_node_tmpref(struct binder_node *node)
1033 binder_node_inner_lock(node);
1034 if (!node->proc)
1038 node->tmp_refs--;
1039 BUG_ON(node->tmp_refs < 0);
1040 if (!node->proc)
1050 free_node = binder_dec_node_nilocked(node, 0, 1);
1051 binder_node_inner_unlock(node);
1053 binder_free_node(node);
1056 static void binder_put_node(struct binder_node *node)
1058 binder_dec_node_tmpref(node);
1085 * binder_get_ref_for_node_olocked() - get the ref associated with given node
1087 * @node: binder_node of target
1090 * Look up the ref for the given node and return it if it exists
1094 * into the given proc rb_trees and node refs list.
1096 * Return: the ref for node. It is possible that another thread
1104 struct binder_node *node,
1117 if (node < ref->node)
1119 else if (node > ref->node)
1130 new_ref->node = node;
1134 new_ref->data.desc = (node == context->binder_context_mgr_node) ? 0 : 1;
1157 binder_node_lock(node);
1158 hlist_add_head(&new_ref->node_entry, &node->refs);
1161 "%d new ref %d desc %d for node %d\n",
1163 node->debug_id);
1164 binder_node_unlock(node);
1173 "%d delete ref %d desc %d for node %d\n",
1175 ref->node->debug_id);
1180 binder_node_inner_lock(ref->node);
1182 binder_dec_node_nilocked(ref->node, 1, 1);
1185 delete_node = binder_dec_node_nilocked(ref->node, 0, 1);
1186 binder_node_inner_unlock(ref->node);
1188 * Clear ref->node unless we want the caller to free the node
1192 * The caller uses ref->node to determine
1193 * whether the node needs to be freed. Clear
1194 * it since the node is still alive.
1196 ref->node = NULL;
1214 * @target_list: list to queue node work on
1227 ret = binder_inc_node(ref->node, 1, 1, target_list);
1234 ret = binder_inc_node(ref->node, 0, 1, target_list);
1264 binder_dec_node(ref->node, strong, 1);
1283 * binder_get_node_from_ref() - get the node from the given proc/desc
1286 * @need_strong_ref: if true, only return node if ref is strong
1298 struct binder_node *node;
1305 node = ref->node;
1307 * Take an implicit reference on the node to ensure
1310 binder_inc_node_tmpref(node);
1315 return node;
1326 * Free the binder_ref. Free the binder_node indicated by ref->node
1331 if (ref->node)
1332 binder_free_node(ref->node);
1401 * binder_inc_ref_for_node() - increment the ref for given proc/node
1403 * @node: target node
1405 * @target_list: worklist to use if node is incremented
1408 * Given a proc and node, increment the ref. Create the ref if it
1414 struct binder_node *node,
1424 ref = binder_get_ref_for_node_olocked(proc, node, NULL);
1431 ref = binder_get_ref_for_node_olocked(proc, node, new_ref);
1441 * the node. The new_ref gets kfree'd below.
2023 struct binder_node *node;
2026 node = binder_get_node(proc, fp->binder);
2027 if (node == NULL) {
2028 pr_err("transaction release %d bad node %016llx\n",
2033 " node %d u%016llx\n",
2034 node->debug_id, (u64)node->ptr);
2035 binder_dec_node(node, hdr->type == BINDER_TYPE_BINDER,
2037 binder_put_node(node);
2179 struct binder_node *node;
2185 node = binder_get_node(proc, fp->binder);
2186 if (!node) {
2187 node = binder_new_node(proc, fp);
2188 if (!node)
2191 if (fp->cookie != node->cookie) {
2192 binder_user_error("%d:%d sending u%016llx node %d, cookie mismatch %016llx != %016llx\n",
2194 node->debug_id, (u64)fp->cookie,
2195 (u64)node->cookie);
2204 ret = binder_inc_ref_for_node(target_proc, node,
2218 trace_binder_transaction_node_to_ref(t, node, &rdata);
2220 " node %d u%016llx -> ref %d desc %d\n",
2221 node->debug_id, (u64)node->ptr,
2224 binder_put_node(node);
2234 struct binder_node *node;
2238 node = binder_get_node_from_ref(proc, fp->handle,
2240 if (!node) {
2250 binder_node_lock(node);
2251 if (node->proc == target_proc) {
2256 fp->binder = node->ptr;
2257 fp->cookie = node->cookie;
2258 if (node->proc)
2259 binder_inner_proc_lock(node->proc);
2261 __acquire(&node->proc->inner_lock);
2262 binder_inc_node_nilocked(node,
2265 if (node->proc)
2266 binder_inner_proc_unlock(node->proc);
2268 __release(&node->proc->inner_lock);
2269 trace_binder_transaction_ref_to_node(t, node, &src_rdata);
2271 " ref %d desc %d -> node %d u%016llx\n",
2272 src_rdata.debug_id, src_rdata.desc, node->debug_id,
2273 (u64)node->ptr);
2274 binder_node_unlock(node);
2278 binder_node_unlock(node);
2279 ret = binder_inc_ref_for_node(target_proc, node,
2288 trace_binder_transaction_ref_to_ref(t, node, &src_rdata,
2291 " ref %d desc %d -> ref %d desc %d (node %d)\n",
2294 node->debug_id);
2297 binder_put_node(node);
2370 * @node list node
2382 struct list_head node;
2390 * @node list node
2402 struct list_head node;
2430 node);
2432 list_for_each_entry_safe(sgc, tmpsgc, sgc_head, node) {
2473 list_del(&pf->node);
2476 struct binder_ptr_fixup, node);
2479 list_del(&sgc->node);
2482 list_for_each_entry_safe(pf, tmppf, pf_head, node) {
2484 list_del(&pf->node);
2506 list_for_each_entry_safe(sgc, tmpsgc, sgc_head, node) {
2507 list_del(&sgc->node);
2510 list_for_each_entry_safe(pf, tmppf, pf_head, node) {
2511 list_del(&pf->node);
2545 INIT_LIST_HEAD(&bc->node);
2551 list_add_tail(&bc->node, sgc_head);
2589 INIT_LIST_HEAD(&pf->node);
2594 list_for_each_entry_reverse(tmppf, pf_head, node) {
2596 list_add(&pf->node, &tmppf->node);
2604 list_add(&pf->node, pf_head);
2801 struct binder_node *node = t->buffer->target_node;
2807 BUG_ON(!node);
2808 binder_node_lock(node);
2811 if (node->has_async_transaction)
2814 node->has_async_transaction = true;
2827 binder_node_unlock(node);
2841 &node->async_todo);
2850 binder_enqueue_work_ilocked(&t->work, &node->async_todo);
2858 binder_node_unlock(node);
2883 * binder_get_node_refs_for_txn() - Get required refs on node for txn
2884 * @node: struct binder_node for which to get refs
2885 * @procp: returns @node->proc if valid
2888 * User-space normally keeps the node alive when creating a transaction
2895 * a tmpref on the node to ensure it survives while we are constructing
2899 * Return: The target_node with refs taken or NULL if no @node->proc is NULL.
2900 * Also sets @procp if valid. If the @node->proc is NULL indicating that the
2904 struct binder_node *node,
2910 binder_node_inner_lock(node);
2911 if (node->proc) {
2912 target_node = node;
2913 binder_inc_node_nilocked(node, 1, 0, NULL);
2914 binder_inc_node_tmpref_ilocked(node);
2915 node->proc->tmp_ref++;
2916 *procp = node->proc;
2919 binder_node_inner_unlock(node);
3056 * on this node. If so, do a strong
3057 * increment on the node to ensure it
3066 ref->node, &target_proc,
3094 binder_txn_error("%d:%d cannot find target node\n",
3223 "%d:%d BC_TRANSACTION %d -> %d - node %d, data %016llx-%016llx size %lld-%lld-%lld\n",
3829 * transaction from the node.
3966 struct binder_node *node;
3975 node = binder_get_node(proc, node_ptr);
3976 if (node == NULL) {
3985 if (cookie != node->cookie) {
3986 binder_user_error("%d:%d %s u%016llx node %d cookie mismatch %016llx != %016llx\n",
3990 (u64)node_ptr, node->debug_id,
3991 (u64)cookie, (u64)node->cookie);
3992 binder_put_node(node);
3995 binder_node_inner_lock(node);
3997 if (node->pending_strong_ref == 0) {
3998 binder_user_error("%d:%d BC_ACQUIRE_DONE node %d has no pending acquire request\n",
4000 node->debug_id);
4001 binder_node_inner_unlock(node);
4002 binder_put_node(node);
4005 node->pending_strong_ref = 0;
4007 if (node->pending_weak_ref == 0) {
4008 binder_user_error("%d:%d BC_INCREFS_DONE node %d has no pending increfs request\n",
4010 node->debug_id);
4011 binder_node_inner_unlock(node);
4012 binder_put_node(node);
4015 node->pending_weak_ref = 0;
4017 free_node = binder_dec_node_nilocked(node,
4021 "%d:%d %s node %d ls %d lw %d tr %d\n",
4024 node->debug_id, node->local_strong_refs,
4025 node->local_weak_refs, node->tmp_refs);
4026 binder_node_inner_unlock(node);
4027 binder_put_node(node);
4179 "%d:%d %s %016llx ref %d desc %d s %d w %d for node %d\n",
4186 ref->data.weak, ref->node->debug_id);
4188 binder_node_lock(ref->node);
4193 binder_node_unlock(ref->node);
4202 if (ref->node->proc == NULL) {
4215 binder_node_unlock(ref->node);
4225 binder_node_unlock(ref->node);
4252 binder_node_unlock(ref->node);
4567 struct binder_node *node = container_of(w, struct binder_node, work);
4569 binder_uintptr_t node_ptr = node->ptr;
4570 binder_uintptr_t node_cookie = node->cookie;
4571 int node_debug_id = node->debug_id;
4576 BUG_ON(proc != node->proc);
4577 strong = node->internal_strong_refs ||
4578 node->local_strong_refs;
4579 weak = !hlist_empty(&node->refs) ||
4580 node->local_weak_refs ||
4581 node->tmp_refs || strong;
4582 has_strong_ref = node->has_strong_ref;
4583 has_weak_ref = node->has_weak_ref;
4586 node->has_weak_ref = 1;
4587 node->pending_weak_ref = 1;
4588 node->local_weak_refs++;
4591 node->has_strong_ref = 1;
4592 node->pending_strong_ref = 1;
4593 node->local_strong_refs++;
4596 node->has_strong_ref = 0;
4598 node->has_weak_ref = 0;
4601 "%d:%d node %d u%016llx c%016llx deleted\n",
4606 rb_erase(&node->rb_node, &proc->nodes);
4608 binder_node_lock(node);
4610 * Acquire the node lock before freeing the
4611 * node to serialize with other threads that
4612 * may have been holding the node lock while
4613 * decrementing this node (avoids race where
4615 * is unlocking the node after the final
4618 binder_node_unlock(node);
4619 binder_free_node(node);
4645 "%d:%d node %d u%016llx c%016llx state unchanged\n",
5254 struct binder_node *node;
5274 node = binder_get_node_from_ref(proc, handle, true, NULL);
5275 if (!node)
5278 info->strong_count = node->local_strong_refs +
5279 node->internal_strong_refs;
5280 info->weak_count = node->local_weak_refs;
5282 binder_put_node(node);
5297 struct binder_node *node = rb_entry(n, struct binder_node,
5299 if (node->ptr > ptr) {
5300 info->ptr = node->ptr;
5301 info->cookie = node->cookie;
5302 info->has_strong_ref = node->has_strong_ref;
5303 info->has_weak_ref = node->has_weak_ref;
5922 static int binder_node_release(struct binder_node *node, int refs)
5926 struct binder_proc *proc = node->proc;
5928 binder_release_work(proc, &node->async_todo);
5930 binder_node_lock(node);
5932 binder_dequeue_work_ilocked(&node->work);
5934 * The caller must have taken a temporary ref on the node,
5936 BUG_ON(!node->tmp_refs);
5937 if (hlist_empty(&node->refs) && node->tmp_refs == 1) {
5939 binder_node_unlock(node);
5940 binder_free_node(node);
5945 node->proc = NULL;
5946 node->local_strong_refs = 0;
5947 node->local_weak_refs = 0;
5951 hlist_add_head(&node->dead_node, &binder_dead_nodes);
5954 hlist_for_each_entry(ref, &node->refs, node_entry) {
5957 * Need the node lock to synchronize
5979 "node %d now dead, refs %d, death %d\n",
5980 node->debug_id, refs, death);
5981 binder_node_unlock(node);
5982 binder_put_node(node);
6032 struct binder_node *node;
6034 node = rb_entry(n, struct binder_node, rb_node);
6037 * take a temporary ref on the node before
6039 * kfree() the node or call binder_put_node()
6041 binder_inc_node_tmpref_ilocked(node);
6042 rb_erase(&node->rb_node, &proc->nodes);
6044 incoming_refs = binder_node_release(node, incoming_refs);
6141 * correct proc inner lock for this node
6152 seq_printf(m, " node %d", buffer->target_node->debug_id);
6164 struct binder_node *node;
6184 node = container_of(w, struct binder_node, work);
6186 prefix, node->debug_id,
6187 (u64)node->ptr, (u64)node->cookie);
6243 struct binder_node *node)
6250 hlist_for_each_entry(ref, &node->refs, node_entry)
6253 seq_printf(m, " node %d: u%016llx c%016llx hs %d hw %d ls %d lw %d is %d iw %d tr %d",
6254 node->debug_id, (u64)node->ptr, (u64)node->cookie,
6255 node->has_strong_ref, node->has_weak_ref,
6256 node->local_strong_refs, node->local_weak_refs,
6257 node->internal_strong_refs, count, node->tmp_refs);
6260 hlist_for_each_entry(ref, &node->refs, node_entry)
6264 if (node->proc) {
6265 list_for_each_entry(w, &node->async_todo, entry)
6266 print_binder_work_ilocked(m, node->proc, " ",
6274 binder_node_lock(ref->node);
6277 ref->node->proc ? "" : "dead ",
6278 ref->node->debug_id, ref->data.strong,
6280 binder_node_unlock(ref->node);
6302 struct binder_node *node = rb_entry(n, struct binder_node,
6304 if (!print_all && !node->has_async_transaction)
6308 * take a temporary reference on the node so it
6312 binder_inc_node_tmpref_ilocked(node);
6313 /* Need to drop inner lock to take node lock */
6317 binder_node_inner_lock(node);
6318 print_binder_node_nilocked(m, node);
6319 binder_node_inner_unlock(node);
6320 last_node = node;
6400 "node",
6516 struct binder_node *node;
6524 hlist_for_each_entry(node, &binder_dead_nodes, dead_node) {
6526 * take a temporary reference on the node so it
6530 node->tmp_refs++;
6534 binder_node_lock(node);
6535 print_binder_node_nilocked(m, node);
6536 binder_node_unlock(node);
6537 last_node = node;
6608 "%d: %s from %d:%d to %d:%d context %s node %d handle %d size %d:%d ret %d/%d l=%d",
6772 struct binder_node *node = rb_entry(n, struct binder_node, rb_node);
6774 * take a temporary reference on the node so it
6778 binder_inc_node_tmpref_ilocked(node);
6779 /* Need to drop inner lock to take node lock */
6783 binder_node_inner_lock(node);
6784 list_for_each_entry(w, &node->async_todo, entry)
6786 binder_node_inner_unlock(node);
6787 last_node = node;