Google Git
Sign in
fuchsia / fuchsia / refs/heads/main / . / zircon / kernel / object / vm_object_dispatcher.cc
blob: e6201d3dc28be5a9f2d72147ffde7a896c6fd0e4 [file] [log] [blame]
// Copyright 2016 The Fuchsia Authors
//
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file or at
// https://opensource.org/licenses/MIT
#include "object/vm_object_dispatcher.h"
#include <assert.h>
#include <inttypes.h>
#include <lib/boot-options/boot-options.h>
#include <lib/counters.h>
#include <trace.h>
#include <zircon/errors.h>
#include <zircon/rights.h>
#include <fbl/alloc_checker.h>
#include <ktl/algorithm.h>
#include <ktl/atomic.h>
#include <ktl/optional.h>
#include <vm/page_source.h>
#include <vm/vm_aspace.h>
#include <vm/vm_object.h>
#include <vm/vm_object_paged.h>
#include <ktl/enforce.h>
#define LOCAL_TRACE 0
KCOUNTER(dispatcher_vmo_create_count, "dispatcher.vmo.create")
KCOUNTER(dispatcher_vmo_destroy_count, "dispatcher.vmo.destroy")
zx::result<VmObjectDispatcher::CreateStats> VmObjectDispatcher::parse_create_syscall_flags(
uint32_t flags, size_t size) {
CreateStats res = {0, size};
if (flags & ZX_VMO_RESIZABLE) {
if (flags & ZX_VMO_UNBOUNDED) {
return zx::error(ZX_ERR_INVALID_ARGS);
}
res.flags |= VmObjectPaged::kResizable;
flags &= ~ZX_VMO_RESIZABLE;
}
if (flags & ZX_VMO_DISCARDABLE) {
res.flags |= VmObjectPaged::kDiscardable;
flags &= ~ZX_VMO_DISCARDABLE;
}
if (flags & ZX_VMO_UNBOUNDED) {
flags &= ~ZX_VMO_UNBOUNDED;
res.size = VmObjectPaged::max_size();
} else {
if (zx_status_t status = VmObject::RoundSize(size, &res.size); status != ZX_OK) {
return zx::error(status);
}
}
if (flags) {
return zx::error(ZX_ERR_INVALID_ARGS);
}
return zx::ok(res);
}
zx_status_t VmObjectDispatcher::CreateWithCsm(fbl::RefPtr<VmObject> vmo,
fbl::RefPtr<ContentSizeManager> content_size_manager,
zx_koid_t pager_koid,
InitialMutability initial_mutability,
KernelHandle<VmObjectDispatcher>* handle,
zx_rights_t* rights) {
fbl::AllocChecker ac;
KernelHandle new_handle(fbl::AdoptRef(new (&ac) VmObjectDispatcher(
ktl::move(vmo), ktl::move(content_size_manager), pager_koid, initial_mutability)));
if (!ac.check()) {
return ZX_ERR_NO_MEMORY;
}
new_handle.dispatcher()->vmo()->set_user_id(new_handle.dispatcher()->get_koid());
*rights =
default_rights() | (new_handle.dispatcher()->vmo()->is_resizable() ? ZX_RIGHT_RESIZE : 0);
*handle = ktl::move(new_handle);
return ZX_OK;
}
zx_status_t VmObjectDispatcher::Create(fbl::RefPtr<VmObject> vmo, uint64_t content_size,
zx_koid_t pager_koid, InitialMutability initial_mutability,
KernelHandle<VmObjectDispatcher>* handle,
zx_rights_t* rights) {
fbl::RefPtr<ContentSizeManager> content_size_manager;
zx_status_t status = ContentSizeManager::Create(content_size, &content_size_manager);
if (status != ZX_OK) {
return status;
}
return CreateWithCsm(ktl::move(vmo), ktl::move(content_size_manager), pager_koid,
initial_mutability, handle, rights);
}
VmObjectDispatcher::VmObjectDispatcher(fbl::RefPtr<VmObject> vmo,
fbl::RefPtr<ContentSizeManager> content_size_manager,
zx_koid_t pager_koid, InitialMutability initial_mutability)
: SoloDispatcher(ZX_VMO_ZERO_CHILDREN),
vmo_(ktl::move(vmo)),
content_size_mgr_(ktl::move(content_size_manager)),
pager_koid_(pager_koid),
initial_mutability_(initial_mutability) {
kcounter_add(dispatcher_vmo_create_count, 1);
vmo_->SetChildObserver(this);
}
VmObjectDispatcher::~VmObjectDispatcher() {
kcounter_add(dispatcher_vmo_destroy_count, 1);
// Intentionally leave vmo_->user_id() set to our koid even though we're
// dying and the koid will no longer map to a Dispatcher. koids are never
// recycled, and it could be a useful breadcrumb.
}
void VmObjectDispatcher::OnZeroChild() {
Guard<CriticalMutex> guard{get_lock()};
// Double check the number of children now that we are holding the dispatcher lock and so are
// serialized with our calls to CreateChild. This allows us to atomically observer that there are
// indeed zero children, and then set the signal. The double check is needed since OnZeroChild is
// called without the VMO lock held, and so there is a race where before we could acquire the
// dispatcher lock a new child got created.
if (vmo_->num_children() == 0) {
UpdateStateLocked(0, ZX_VMO_ZERO_CHILDREN);
}
}
zx_status_t VmObjectDispatcher::get_name(char (&out_name)[ZX_MAX_NAME_LEN]) const {
canary_.Assert();
vmo_->get_name(out_name, ZX_MAX_NAME_LEN);
return ZX_OK;
}
zx_status_t VmObjectDispatcher::set_name(const char* name, size_t len) {
canary_.Assert();
return vmo_->set_name(name, len);
}
void VmObjectDispatcher::on_zero_handles() {
// Clear when handle count reaches zero rather in the destructor because we're retaining a
// VmObject that might call back into |this| via VmObjectChildObserver when it's destroyed.
vmo_->SetChildObserver(nullptr);
}
zx_status_t VmObjectDispatcher::Read(user_out_ptr<char> user_data, size_t length, uint64_t offset,
size_t* out_actual) {
canary_.Assert();
return vmo_->ReadUser(user_data, offset, length, VmObjectReadWriteOptions::None, out_actual);
}
zx_status_t VmObjectDispatcher::ReadVector(user_out_iovec_t user_data, size_t length,
uint64_t offset, size_t* out_actual) {
canary_.Assert();
return vmo_->ReadUserVector(user_data, offset, length, out_actual);
}
zx_status_t VmObjectDispatcher::WriteVector(
user_in_iovec_t user_data, size_t length, uint64_t offset, size_t* out_actual,
VmObject::OnWriteBytesTransferredCallback on_bytes_transferred) {
canary_.Assert();
return vmo_->WriteUserVector(user_data, offset, length, out_actual, on_bytes_transferred);
}
zx_status_t VmObjectDispatcher::Write(
user_in_ptr<const char> user_data, size_t length, uint64_t offset, size_t* out_actual,
VmObject::OnWriteBytesTransferredCallback on_bytes_transferred) {
canary_.Assert();
return vmo_->WriteUser(user_data, offset, length, VmObjectReadWriteOptions::None, out_actual,
on_bytes_transferred);
}
zx_status_t VmObjectDispatcher::SetSize(uint64_t size) {
canary_.Assert();
ContentSizeManager::Operation op;
Guard<Mutex> guard{content_size_mgr_->lock()};
content_size_mgr_->BeginSetContentSizeLocked(size, &op, &guard);
uint64_t size_aligned = ROUNDUP(size, PAGE_SIZE);
// Check for overflow when rounding up.
if (size_aligned < size) {
op.AssertParentLockHeld();
op.CancelLocked();
return ZX_ERR_OUT_OF_RANGE;
}
zx_status_t status = vmo_->Resize(size_aligned);
if (status != ZX_OK) {
op.AssertParentLockHeld();
op.CancelLocked();
return status;
}
uint64_t remaining = size_aligned - size;
if (remaining > 0) {
// TODO(https://fxbug.dev/42053728): Determine whether failure to ZeroRange here should undo
// this operation.
//
// Dropping the lock here is fine, as an `Operation` only needs to be locked when initializing,
// committing, or cancelling.
guard.CallUnlocked([&] { vmo_->ZeroRange(size, remaining); });
}
op.AssertParentLockHeld();
op.CommitLocked();
return status;
}
zx_status_t VmObjectDispatcher::GetSize(uint64_t* size) {
canary_.Assert();
*size = vmo_->size();
return ZX_OK;
}
zx_info_vmo_t VmoToInfoEntry(const VmObject* vmo, VmoOwnership ownership,
zx_rights_t handle_rights) {
zx_info_vmo_t entry = {};
entry.koid = vmo->user_id();
vmo->get_name(entry.name, sizeof(entry.name));
entry.size_bytes = vmo->size();
entry.parent_koid = vmo->parent_user_id();
entry.num_children = vmo->num_children();
entry.num_mappings = vmo->num_mappings();
entry.share_count = vmo->share_count();
entry.flags = (vmo->is_paged() ? ZX_INFO_VMO_TYPE_PAGED : ZX_INFO_VMO_TYPE_PHYSICAL) |
(vmo->is_resizable() ? ZX_INFO_VMO_RESIZABLE : 0) |
(vmo->is_discardable() ? ZX_INFO_VMO_DISCARDABLE : 0) |
(vmo->is_user_pager_backed() ? ZX_INFO_VMO_PAGER_BACKED : 0) |
(vmo->is_contiguous() ? ZX_INFO_VMO_CONTIGUOUS : 0);
// As an implementation detail, both ends of an IOBuffer keep a child reference to a shared parent
// which is dropped. Since references aren't normally attributed memory otherwise, we specifically
// request their attribution counts.
VmObject::AttributionCounts counts = ownership == VmoOwnership::kIoBuffer
? vmo->GetAttributedMemoryInReferenceOwner()
: vmo->GetAttributedMemory();
entry.committed_bytes = counts.uncompressed_bytes;
entry.populated_bytes = counts.compressed_bytes + counts.uncompressed_bytes;
entry.cache_policy = vmo->GetMappingCachePolicy();
switch (ownership) {
case VmoOwnership::kHandle:
entry.flags |= ZX_INFO_VMO_VIA_HANDLE;
entry.handle_rights = handle_rights;
break;
case VmoOwnership::kMapping:
entry.flags |= ZX_INFO_VMO_VIA_MAPPING;
break;
case VmoOwnership::kIoBuffer:
entry.flags |= ZX_INFO_VMO_VIA_IOB_HANDLE;
entry.handle_rights = handle_rights;
break;
}
if (vmo->child_type() == VmObject::ChildType::kCowClone) {
entry.flags |= ZX_INFO_VMO_IS_COW_CLONE;
}
entry.metadata_bytes = vmo->HeapAllocationBytes();
// Only events that change committed pages are different kinds of reclamation.
entry.committed_change_events = vmo->ReclamationEventCount();
return entry;
}
zx_info_vmo_t VmObjectDispatcher::GetVmoInfo(zx_rights_t rights) {
zx_info_vmo_t info = VmoToInfoEntry(vmo().get(), VmoOwnership::kHandle, rights);
if (initial_mutability_ == InitialMutability::kImmutable) {
info.flags |= ZX_INFO_VMO_IMMUTABLE;
}
return info;
}
zx_status_t VmObjectDispatcher::SetContentSize(uint64_t content_size) {
canary_.Assert();
ContentSizeManager::Operation op;
Guard<Mutex> guard{content_size_mgr_->lock()};
content_size_mgr_->BeginSetContentSizeLocked(content_size, &op, &guard);
uint64_t vmo_size = vmo_->size();
if (content_size < vmo_size) {
// TODO(https://fxbug.dev/42053728): Determine whether failure to ZeroRange here should undo
// this operation.
//
// Dropping the lock here is fine, as an `Operation` only needs to be locked when initializing,
// committing, or cancelling.
guard.CallUnlocked([&] { vmo_->ZeroRange(content_size, vmo_size - content_size); });
}
op.AssertParentLockHeld();
op.CommitLocked();
return ZX_OK;
}
uint64_t VmObjectDispatcher::GetContentSize() const {
canary_.Assert();
return content_size_mgr_->GetContentSize();
}
zx_status_t VmObjectDispatcher::ExpandIfNecessary(uint64_t requested_vmo_size, bool can_resize_vmo,
uint64_t* out_actual) {
canary_.Assert();
uint64_t current_vmo_size = vmo_->size();
*out_actual = current_vmo_size;
uint64_t required_vmo_size = ROUNDUP(requested_vmo_size, PAGE_SIZE);
// Overflow when rounding up.
if (required_vmo_size < requested_vmo_size) {
return ZX_ERR_OUT_OF_RANGE;
}
if (required_vmo_size > current_vmo_size) {
if (!can_resize_vmo) {
return ZX_ERR_NOT_SUPPORTED;
}
zx_status_t status = vmo_->Resize(required_vmo_size);
if (status != ZX_OK) {
// Resizing failed but the rest of the current VMO size can be used.
return status;
}
*out_actual = required_vmo_size;
}
return ZX_OK;
}
zx_status_t VmObjectDispatcher::RangeOp(uint32_t op, uint64_t offset, uint64_t size,
user_inout_ptr<void> buffer, size_t buffer_size,
zx_rights_t rights) {
canary_.Assert();
LTRACEF("op %u offset %#" PRIx64 " size %#" PRIx64 " buffer %p buffer_size %zu rights %#x\n", op,
offset, size, buffer.get(), buffer_size, rights);
switch (op) {
case ZX_VMO_OP_COMMIT: {
if ((rights & ZX_RIGHT_WRITE) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
// TODO: handle partial commits
auto status = vmo_->CommitRange(offset, size);
return status;
}
case ZX_VMO_OP_DECOMMIT: {
if ((rights & ZX_RIGHT_WRITE) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
// TODO: handle partial decommits
auto status = vmo_->DecommitRange(offset, size);
return status;
}
case ZX_VMO_OP_LOCK: {
if ((rights & (ZX_RIGHT_READ | ZX_RIGHT_WRITE)) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
zx_vmo_lock_state_t lock_state = {};
zx_status_t status = vmo_->LockRange(offset, size, &lock_state);
if (status != ZX_OK) {
return status;
}
// If an error is encountered from this point on, the lock operation MUST be reverted
// before returning.
if (buffer_size < sizeof(zx_vmo_lock_state_t)) {
// Undo the lock before returning an error.
vmo_->UnlockRange(offset, size);
return ZX_ERR_INVALID_ARGS;
}
auto lock_state_out = buffer.reinterpret<zx_vmo_lock_state_t>();
if ((status = lock_state_out.copy_to_user(lock_state)) != ZX_OK) {
// Undo the lock before returning an error.
vmo_->UnlockRange(offset, size);
return status;
}
return status;
}
case ZX_VMO_OP_TRY_LOCK:
if ((rights & (ZX_RIGHT_READ | ZX_RIGHT_WRITE)) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->TryLockRange(offset, size);
case ZX_VMO_OP_UNLOCK:
if ((rights & (ZX_RIGHT_READ | ZX_RIGHT_WRITE)) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->UnlockRange(offset, size);
case ZX_VMO_OP_CACHE_SYNC:
if ((rights & ZX_RIGHT_READ) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->CacheOp(offset, size, VmObject::CacheOpType::Sync);
case ZX_VMO_OP_CACHE_INVALIDATE:
if (!gBootOptions->enable_debugging_syscalls) {
return ZX_ERR_NOT_SUPPORTED;
}
// A straight invalidate op requires the write right since
// it may drop dirty cache lines, thus modifying the contents
// of the VMO.
if ((rights & ZX_RIGHT_WRITE) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->CacheOp(offset, size, VmObject::CacheOpType::Invalidate);
case ZX_VMO_OP_CACHE_CLEAN:
if ((rights & ZX_RIGHT_READ) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->CacheOp(offset, size, VmObject::CacheOpType::Clean);
case ZX_VMO_OP_CACHE_CLEAN_INVALIDATE:
if ((rights & ZX_RIGHT_READ) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->CacheOp(offset, size, VmObject::CacheOpType::CleanInvalidate);
case ZX_VMO_OP_ZERO:
if ((rights & ZX_RIGHT_WRITE) == 0) {
return ZX_ERR_ACCESS_DENIED;
}
return vmo_->ZeroRange(offset, size);
case ZX_VMO_OP_ALWAYS_NEED:
return vmo_->HintRange(offset, size, VmObject::EvictionHint::AlwaysNeed);
case ZX_VMO_OP_DONT_NEED:
return vmo_->HintRange(offset, size, VmObject::EvictionHint::DontNeed);
default:
return ZX_ERR_INVALID_ARGS;
}
}
zx_status_t VmObjectDispatcher::SetMappingCachePolicy(uint32_t cache_policy) {
return vmo_->SetMappingCachePolicy(cache_policy);
}
zx_status_t VmObjectDispatcher::CreateChildInternal(uint32_t options, uint64_t offset,
uint64_t size, bool copy_name,
fbl::RefPtr<VmObject>* child_vmo) {
// Clones are not supported for discardable VMOs.
if (vmo_->is_discardable()) {
return ZX_ERR_NOT_SUPPORTED;
}
if (options & ZX_VMO_CHILD_SLICE) {
// No other flags are valid for slices.
options &= ~ZX_VMO_CHILD_SLICE;
if (options) {
return ZX_ERR_INVALID_ARGS;
}
return vmo_->CreateChildSlice(offset, size, copy_name, child_vmo);
}
Resizability resizable = Resizability::NonResizable;
if (options & ZX_VMO_CHILD_REFERENCE) {
options &= ~ZX_VMO_CHILD_REFERENCE;
if (options & ZX_VMO_CHILD_RESIZABLE) {
resizable = Resizability::Resizable;
options &= ~ZX_VMO_CHILD_RESIZABLE;
}
if (options) {
return ZX_ERR_INVALID_ARGS;
}
return vmo_->CreateChildReference(resizable, offset, size, copy_name, nullptr, child_vmo);
}
// Check for mutually-exclusive child type flags.
CloneType type;
if (options & ZX_VMO_CHILD_SNAPSHOT) {
options &= ~ZX_VMO_CHILD_SNAPSHOT;
type = CloneType::Snapshot;
} else if (options & ZX_VMO_CHILD_SNAPSHOT_AT_LEAST_ON_WRITE) {
options &= ~ZX_VMO_CHILD_SNAPSHOT_AT_LEAST_ON_WRITE;
type = CloneType::SnapshotAtLeastOnWrite;
} else if (options & ZX_VMO_CHILD_SNAPSHOT_MODIFIED) {
options &= ~ZX_VMO_CHILD_SNAPSHOT_MODIFIED;
type = CloneType::SnapshotModified;
} else {
return ZX_ERR_INVALID_ARGS;
}
if (options & ZX_VMO_CHILD_RESIZABLE) {
resizable = Resizability::Resizable;
options &= ~ZX_VMO_CHILD_RESIZABLE;
}
if (options)
return ZX_ERR_INVALID_ARGS;
return vmo_->CreateClone(resizable, type, offset, size, copy_name, child_vmo);
}
zx_status_t VmObjectDispatcher::CreateChild(uint32_t options, uint64_t offset, uint64_t size,
bool copy_name, fbl::RefPtr<VmObject>* child_vmo) {
canary_.Assert();
LTRACEF("options 0x%x offset %#" PRIx64 " size %#" PRIx64 "\n", options, offset, size);
// To synchronize the zero child signal the dispatcher lock is used over the create child path to
// ensure we can atomically know that a child exists, and clear the zero child signal.
Guard<CriticalMutex> guard{get_lock()};
zx_status_t status = CreateChildInternal(options, offset, size, copy_name, child_vmo);
DEBUG_ASSERT((status == ZX_OK) == (*child_vmo != nullptr));
if (status == ZX_OK) {
// We know definitively that a child exists, as we have a refptr to it, and so we can clear the
// zero children signal.
UpdateStateLocked(ZX_VMO_ZERO_CHILDREN, 0);
}
return status;
}