18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* binder_alloc_selftest.c 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Android IPC Subsystem 58c2ecf20Sopenharmony_ci * 68c2ecf20Sopenharmony_ci * Copyright (C) 2017 Google, Inc. 78c2ecf20Sopenharmony_ci */ 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ci#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ci#include <linux/mm_types.h> 128c2ecf20Sopenharmony_ci#include <linux/err.h> 138c2ecf20Sopenharmony_ci#include "binder_alloc.h" 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_ci#define BUFFER_NUM 5 168c2ecf20Sopenharmony_ci#define BUFFER_MIN_SIZE (PAGE_SIZE / 8) 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_cistatic bool binder_selftest_run = true; 198c2ecf20Sopenharmony_cistatic int binder_selftest_failures; 208c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(binder_selftest_lock); 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci/** 238c2ecf20Sopenharmony_ci * enum buf_end_align_type - Page alignment of a buffer 248c2ecf20Sopenharmony_ci * end with regard to the end of the previous buffer. 258c2ecf20Sopenharmony_ci * 268c2ecf20Sopenharmony_ci * In the pictures below, buf2 refers to the buffer we 278c2ecf20Sopenharmony_ci * are aligning. buf1 refers to previous buffer by addr. 288c2ecf20Sopenharmony_ci * Symbol [ means the start of a buffer, ] means the end 298c2ecf20Sopenharmony_ci * of a buffer, and | means page boundaries. 308c2ecf20Sopenharmony_ci */ 318c2ecf20Sopenharmony_cienum buf_end_align_type { 328c2ecf20Sopenharmony_ci /** 338c2ecf20Sopenharmony_ci * @SAME_PAGE_UNALIGNED: The end of this buffer is on 348c2ecf20Sopenharmony_ci * the same page as the end of the previous buffer and 358c2ecf20Sopenharmony_ci * is not page aligned. Examples: 368c2ecf20Sopenharmony_ci * buf1 ][ buf2 ][ ... 378c2ecf20Sopenharmony_ci * buf1 ]|[ buf2 ][ ... 388c2ecf20Sopenharmony_ci */ 398c2ecf20Sopenharmony_ci SAME_PAGE_UNALIGNED = 0, 408c2ecf20Sopenharmony_ci /** 418c2ecf20Sopenharmony_ci * @SAME_PAGE_ALIGNED: When the end of the previous buffer 428c2ecf20Sopenharmony_ci * is not page aligned, the end of this buffer is on the 438c2ecf20Sopenharmony_ci * same page as the end of the previous buffer and is page 448c2ecf20Sopenharmony_ci * aligned. When the previous buffer is page aligned, the 458c2ecf20Sopenharmony_ci * end of this buffer is aligned to the next page boundary. 468c2ecf20Sopenharmony_ci * Examples: 478c2ecf20Sopenharmony_ci * buf1 ][ buf2 ]| ... 488c2ecf20Sopenharmony_ci * buf1 ]|[ buf2 ]| ... 498c2ecf20Sopenharmony_ci */ 508c2ecf20Sopenharmony_ci SAME_PAGE_ALIGNED, 518c2ecf20Sopenharmony_ci /** 528c2ecf20Sopenharmony_ci * @NEXT_PAGE_UNALIGNED: The end of this buffer is on 538c2ecf20Sopenharmony_ci * the page next to the end of the previous buffer and 548c2ecf20Sopenharmony_ci * is not page aligned. Examples: 558c2ecf20Sopenharmony_ci * buf1 ][ buf2 | buf2 ][ ... 568c2ecf20Sopenharmony_ci * buf1 ]|[ buf2 | buf2 ][ ... 578c2ecf20Sopenharmony_ci */ 588c2ecf20Sopenharmony_ci NEXT_PAGE_UNALIGNED, 598c2ecf20Sopenharmony_ci /** 608c2ecf20Sopenharmony_ci * @NEXT_PAGE_ALIGNED: The end of this buffer is on 618c2ecf20Sopenharmony_ci * the page next to the end of the previous buffer and 628c2ecf20Sopenharmony_ci * is page aligned. Examples: 638c2ecf20Sopenharmony_ci * buf1 ][ buf2 | buf2 ]| ... 648c2ecf20Sopenharmony_ci * buf1 ]|[ buf2 | buf2 ]| ... 658c2ecf20Sopenharmony_ci */ 668c2ecf20Sopenharmony_ci NEXT_PAGE_ALIGNED, 678c2ecf20Sopenharmony_ci /** 688c2ecf20Sopenharmony_ci * @NEXT_NEXT_UNALIGNED: The end of this buffer is on 698c2ecf20Sopenharmony_ci * the page that follows the page after the end of the 708c2ecf20Sopenharmony_ci * previous buffer and is not page aligned. Examples: 718c2ecf20Sopenharmony_ci * buf1 ][ buf2 | buf2 | buf2 ][ ... 728c2ecf20Sopenharmony_ci * buf1 ]|[ buf2 | buf2 | buf2 ][ ... 738c2ecf20Sopenharmony_ci */ 748c2ecf20Sopenharmony_ci NEXT_NEXT_UNALIGNED, 758c2ecf20Sopenharmony_ci LOOP_END, 768c2ecf20Sopenharmony_ci}; 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_cistatic void pr_err_size_seq(size_t *sizes, int *seq) 798c2ecf20Sopenharmony_ci{ 808c2ecf20Sopenharmony_ci int i; 818c2ecf20Sopenharmony_ci 828c2ecf20Sopenharmony_ci pr_err("alloc sizes: "); 838c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) 848c2ecf20Sopenharmony_ci pr_cont("[%zu]", sizes[i]); 858c2ecf20Sopenharmony_ci pr_cont("\n"); 868c2ecf20Sopenharmony_ci pr_err("free seq: "); 878c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) 888c2ecf20Sopenharmony_ci pr_cont("[%d]", seq[i]); 898c2ecf20Sopenharmony_ci pr_cont("\n"); 908c2ecf20Sopenharmony_ci} 918c2ecf20Sopenharmony_ci 928c2ecf20Sopenharmony_cistatic bool check_buffer_pages_allocated(struct binder_alloc *alloc, 938c2ecf20Sopenharmony_ci struct binder_buffer *buffer, 948c2ecf20Sopenharmony_ci size_t size) 958c2ecf20Sopenharmony_ci{ 968c2ecf20Sopenharmony_ci void __user *page_addr; 978c2ecf20Sopenharmony_ci void __user *end; 988c2ecf20Sopenharmony_ci int page_index; 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_ci end = (void __user *)PAGE_ALIGN((uintptr_t)buffer->user_data + size); 1018c2ecf20Sopenharmony_ci page_addr = buffer->user_data; 1028c2ecf20Sopenharmony_ci for (; page_addr < end; page_addr += PAGE_SIZE) { 1038c2ecf20Sopenharmony_ci page_index = (page_addr - alloc->buffer) / PAGE_SIZE; 1048c2ecf20Sopenharmony_ci if (!alloc->pages[page_index].page_ptr || 1058c2ecf20Sopenharmony_ci !list_empty(&alloc->pages[page_index].lru)) { 1068c2ecf20Sopenharmony_ci pr_err("expect alloc but is %s at page index %d\n", 1078c2ecf20Sopenharmony_ci alloc->pages[page_index].page_ptr ? 1088c2ecf20Sopenharmony_ci "lru" : "free", page_index); 1098c2ecf20Sopenharmony_ci return false; 1108c2ecf20Sopenharmony_ci } 1118c2ecf20Sopenharmony_ci } 1128c2ecf20Sopenharmony_ci return true; 1138c2ecf20Sopenharmony_ci} 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_cistatic void binder_selftest_alloc_buf(struct binder_alloc *alloc, 1168c2ecf20Sopenharmony_ci struct binder_buffer *buffers[], 1178c2ecf20Sopenharmony_ci size_t *sizes, int *seq) 1188c2ecf20Sopenharmony_ci{ 1198c2ecf20Sopenharmony_ci int i; 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) { 1228c2ecf20Sopenharmony_ci buffers[i] = binder_alloc_new_buf(alloc, sizes[i], 0, 0, 0, 0); 1238c2ecf20Sopenharmony_ci if (IS_ERR(buffers[i]) || 1248c2ecf20Sopenharmony_ci !check_buffer_pages_allocated(alloc, buffers[i], 1258c2ecf20Sopenharmony_ci sizes[i])) { 1268c2ecf20Sopenharmony_ci pr_err_size_seq(sizes, seq); 1278c2ecf20Sopenharmony_ci binder_selftest_failures++; 1288c2ecf20Sopenharmony_ci } 1298c2ecf20Sopenharmony_ci } 1308c2ecf20Sopenharmony_ci} 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_cistatic void binder_selftest_free_buf(struct binder_alloc *alloc, 1338c2ecf20Sopenharmony_ci struct binder_buffer *buffers[], 1348c2ecf20Sopenharmony_ci size_t *sizes, int *seq, size_t end) 1358c2ecf20Sopenharmony_ci{ 1368c2ecf20Sopenharmony_ci int i; 1378c2ecf20Sopenharmony_ci 1388c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) 1398c2ecf20Sopenharmony_ci binder_alloc_free_buf(alloc, buffers[seq[i]]); 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_ci for (i = 0; i < end / PAGE_SIZE; i++) { 1428c2ecf20Sopenharmony_ci /** 1438c2ecf20Sopenharmony_ci * Error message on a free page can be false positive 1448c2ecf20Sopenharmony_ci * if binder shrinker ran during binder_alloc_free_buf 1458c2ecf20Sopenharmony_ci * calls above. 1468c2ecf20Sopenharmony_ci */ 1478c2ecf20Sopenharmony_ci if (list_empty(&alloc->pages[i].lru)) { 1488c2ecf20Sopenharmony_ci pr_err_size_seq(sizes, seq); 1498c2ecf20Sopenharmony_ci pr_err("expect lru but is %s at page index %d\n", 1508c2ecf20Sopenharmony_ci alloc->pages[i].page_ptr ? "alloc" : "free", i); 1518c2ecf20Sopenharmony_ci binder_selftest_failures++; 1528c2ecf20Sopenharmony_ci } 1538c2ecf20Sopenharmony_ci } 1548c2ecf20Sopenharmony_ci} 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_cistatic void binder_selftest_free_page(struct binder_alloc *alloc) 1578c2ecf20Sopenharmony_ci{ 1588c2ecf20Sopenharmony_ci int i; 1598c2ecf20Sopenharmony_ci unsigned long count; 1608c2ecf20Sopenharmony_ci 1618c2ecf20Sopenharmony_ci while ((count = list_lru_count(&binder_alloc_lru))) { 1628c2ecf20Sopenharmony_ci list_lru_walk(&binder_alloc_lru, binder_alloc_free_page, 1638c2ecf20Sopenharmony_ci NULL, count); 1648c2ecf20Sopenharmony_ci } 1658c2ecf20Sopenharmony_ci 1668c2ecf20Sopenharmony_ci for (i = 0; i < (alloc->buffer_size / PAGE_SIZE); i++) { 1678c2ecf20Sopenharmony_ci if (alloc->pages[i].page_ptr) { 1688c2ecf20Sopenharmony_ci pr_err("expect free but is %s at page index %d\n", 1698c2ecf20Sopenharmony_ci list_empty(&alloc->pages[i].lru) ? 1708c2ecf20Sopenharmony_ci "alloc" : "lru", i); 1718c2ecf20Sopenharmony_ci binder_selftest_failures++; 1728c2ecf20Sopenharmony_ci } 1738c2ecf20Sopenharmony_ci } 1748c2ecf20Sopenharmony_ci} 1758c2ecf20Sopenharmony_ci 1768c2ecf20Sopenharmony_cistatic void binder_selftest_alloc_free(struct binder_alloc *alloc, 1778c2ecf20Sopenharmony_ci size_t *sizes, int *seq, size_t end) 1788c2ecf20Sopenharmony_ci{ 1798c2ecf20Sopenharmony_ci struct binder_buffer *buffers[BUFFER_NUM]; 1808c2ecf20Sopenharmony_ci 1818c2ecf20Sopenharmony_ci binder_selftest_alloc_buf(alloc, buffers, sizes, seq); 1828c2ecf20Sopenharmony_ci binder_selftest_free_buf(alloc, buffers, sizes, seq, end); 1838c2ecf20Sopenharmony_ci 1848c2ecf20Sopenharmony_ci /* Allocate from lru. */ 1858c2ecf20Sopenharmony_ci binder_selftest_alloc_buf(alloc, buffers, sizes, seq); 1868c2ecf20Sopenharmony_ci if (list_lru_count(&binder_alloc_lru)) 1878c2ecf20Sopenharmony_ci pr_err("lru list should be empty but is not\n"); 1888c2ecf20Sopenharmony_ci 1898c2ecf20Sopenharmony_ci binder_selftest_free_buf(alloc, buffers, sizes, seq, end); 1908c2ecf20Sopenharmony_ci binder_selftest_free_page(alloc); 1918c2ecf20Sopenharmony_ci} 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_cistatic bool is_dup(int *seq, int index, int val) 1948c2ecf20Sopenharmony_ci{ 1958c2ecf20Sopenharmony_ci int i; 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ci for (i = 0; i < index; i++) { 1988c2ecf20Sopenharmony_ci if (seq[i] == val) 1998c2ecf20Sopenharmony_ci return true; 2008c2ecf20Sopenharmony_ci } 2018c2ecf20Sopenharmony_ci return false; 2028c2ecf20Sopenharmony_ci} 2038c2ecf20Sopenharmony_ci 2048c2ecf20Sopenharmony_ci/* Generate BUFFER_NUM factorial free orders. */ 2058c2ecf20Sopenharmony_cistatic void binder_selftest_free_seq(struct binder_alloc *alloc, 2068c2ecf20Sopenharmony_ci size_t *sizes, int *seq, 2078c2ecf20Sopenharmony_ci int index, size_t end) 2088c2ecf20Sopenharmony_ci{ 2098c2ecf20Sopenharmony_ci int i; 2108c2ecf20Sopenharmony_ci 2118c2ecf20Sopenharmony_ci if (index == BUFFER_NUM) { 2128c2ecf20Sopenharmony_ci binder_selftest_alloc_free(alloc, sizes, seq, end); 2138c2ecf20Sopenharmony_ci return; 2148c2ecf20Sopenharmony_ci } 2158c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) { 2168c2ecf20Sopenharmony_ci if (is_dup(seq, index, i)) 2178c2ecf20Sopenharmony_ci continue; 2188c2ecf20Sopenharmony_ci seq[index] = i; 2198c2ecf20Sopenharmony_ci binder_selftest_free_seq(alloc, sizes, seq, index + 1, end); 2208c2ecf20Sopenharmony_ci } 2218c2ecf20Sopenharmony_ci} 2228c2ecf20Sopenharmony_ci 2238c2ecf20Sopenharmony_cistatic void binder_selftest_alloc_size(struct binder_alloc *alloc, 2248c2ecf20Sopenharmony_ci size_t *end_offset) 2258c2ecf20Sopenharmony_ci{ 2268c2ecf20Sopenharmony_ci int i; 2278c2ecf20Sopenharmony_ci int seq[BUFFER_NUM] = {0}; 2288c2ecf20Sopenharmony_ci size_t front_sizes[BUFFER_NUM]; 2298c2ecf20Sopenharmony_ci size_t back_sizes[BUFFER_NUM]; 2308c2ecf20Sopenharmony_ci size_t last_offset, offset = 0; 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_ci for (i = 0; i < BUFFER_NUM; i++) { 2338c2ecf20Sopenharmony_ci last_offset = offset; 2348c2ecf20Sopenharmony_ci offset = end_offset[i]; 2358c2ecf20Sopenharmony_ci front_sizes[i] = offset - last_offset; 2368c2ecf20Sopenharmony_ci back_sizes[BUFFER_NUM - i - 1] = front_sizes[i]; 2378c2ecf20Sopenharmony_ci } 2388c2ecf20Sopenharmony_ci /* 2398c2ecf20Sopenharmony_ci * Buffers share the first or last few pages. 2408c2ecf20Sopenharmony_ci * Only BUFFER_NUM - 1 buffer sizes are adjustable since 2418c2ecf20Sopenharmony_ci * we need one giant buffer before getting to the last page. 2428c2ecf20Sopenharmony_ci */ 2438c2ecf20Sopenharmony_ci back_sizes[0] += alloc->buffer_size - end_offset[BUFFER_NUM - 1]; 2448c2ecf20Sopenharmony_ci binder_selftest_free_seq(alloc, front_sizes, seq, 0, 2458c2ecf20Sopenharmony_ci end_offset[BUFFER_NUM - 1]); 2468c2ecf20Sopenharmony_ci binder_selftest_free_seq(alloc, back_sizes, seq, 0, alloc->buffer_size); 2478c2ecf20Sopenharmony_ci} 2488c2ecf20Sopenharmony_ci 2498c2ecf20Sopenharmony_cistatic void binder_selftest_alloc_offset(struct binder_alloc *alloc, 2508c2ecf20Sopenharmony_ci size_t *end_offset, int index) 2518c2ecf20Sopenharmony_ci{ 2528c2ecf20Sopenharmony_ci int align; 2538c2ecf20Sopenharmony_ci size_t end, prev; 2548c2ecf20Sopenharmony_ci 2558c2ecf20Sopenharmony_ci if (index == BUFFER_NUM) { 2568c2ecf20Sopenharmony_ci binder_selftest_alloc_size(alloc, end_offset); 2578c2ecf20Sopenharmony_ci return; 2588c2ecf20Sopenharmony_ci } 2598c2ecf20Sopenharmony_ci prev = index == 0 ? 0 : end_offset[index - 1]; 2608c2ecf20Sopenharmony_ci end = prev; 2618c2ecf20Sopenharmony_ci 2628c2ecf20Sopenharmony_ci BUILD_BUG_ON(BUFFER_MIN_SIZE * BUFFER_NUM >= PAGE_SIZE); 2638c2ecf20Sopenharmony_ci 2648c2ecf20Sopenharmony_ci for (align = SAME_PAGE_UNALIGNED; align < LOOP_END; align++) { 2658c2ecf20Sopenharmony_ci if (align % 2) 2668c2ecf20Sopenharmony_ci end = ALIGN(end, PAGE_SIZE); 2678c2ecf20Sopenharmony_ci else 2688c2ecf20Sopenharmony_ci end += BUFFER_MIN_SIZE; 2698c2ecf20Sopenharmony_ci end_offset[index] = end; 2708c2ecf20Sopenharmony_ci binder_selftest_alloc_offset(alloc, end_offset, index + 1); 2718c2ecf20Sopenharmony_ci } 2728c2ecf20Sopenharmony_ci} 2738c2ecf20Sopenharmony_ci 2748c2ecf20Sopenharmony_ci/** 2758c2ecf20Sopenharmony_ci * binder_selftest_alloc() - Test alloc and free of buffer pages. 2768c2ecf20Sopenharmony_ci * @alloc: Pointer to alloc struct. 2778c2ecf20Sopenharmony_ci * 2788c2ecf20Sopenharmony_ci * Allocate BUFFER_NUM buffers to cover all page alignment cases, 2798c2ecf20Sopenharmony_ci * then free them in all orders possible. Check that pages are 2808c2ecf20Sopenharmony_ci * correctly allocated, put onto lru when buffers are freed, and 2818c2ecf20Sopenharmony_ci * are freed when binder_alloc_free_page is called. 2828c2ecf20Sopenharmony_ci */ 2838c2ecf20Sopenharmony_civoid binder_selftest_alloc(struct binder_alloc *alloc) 2848c2ecf20Sopenharmony_ci{ 2858c2ecf20Sopenharmony_ci size_t end_offset[BUFFER_NUM]; 2868c2ecf20Sopenharmony_ci 2878c2ecf20Sopenharmony_ci if (!binder_selftest_run) 2888c2ecf20Sopenharmony_ci return; 2898c2ecf20Sopenharmony_ci mutex_lock(&binder_selftest_lock); 2908c2ecf20Sopenharmony_ci if (!binder_selftest_run || !alloc->vma) 2918c2ecf20Sopenharmony_ci goto done; 2928c2ecf20Sopenharmony_ci pr_info("STARTED\n"); 2938c2ecf20Sopenharmony_ci binder_selftest_alloc_offset(alloc, end_offset, 0); 2948c2ecf20Sopenharmony_ci binder_selftest_run = false; 2958c2ecf20Sopenharmony_ci if (binder_selftest_failures > 0) 2968c2ecf20Sopenharmony_ci pr_info("%d tests FAILED\n", binder_selftest_failures); 2978c2ecf20Sopenharmony_ci else 2988c2ecf20Sopenharmony_ci pr_info("PASSED\n"); 2998c2ecf20Sopenharmony_ci 3008c2ecf20Sopenharmony_cidone: 3018c2ecf20Sopenharmony_ci mutex_unlock(&binder_selftest_lock); 3028c2ecf20Sopenharmony_ci} 303