Google Git
Sign in
fuchsia / fuchsia / refs/heads/releases/f3 / . / zircon / kernel / object / bus_transaction_initiator_dispatcher.cc
blob: c9635903704e65d8de2627909db264f4457842d9 [file] [log] [blame]
// Copyright 2017 The Fuchsia Authors
//
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file or at
// https://opensource.org/licenses/MIT
#include "object/bus_transaction_initiator_dispatcher.h"
#include <align.h>
#include <lib/counters.h>
#include <lib/debuglog.h>
#include <zircon/errors.h>
#include <zircon/rights.h>
#include <zircon/types.h>
#include <new>
#include <dev/iommu.h>
#include <object/process_dispatcher.h>
#include <object/thread_dispatcher.h>
#include <vm/pinned_vm_object.h>
#include <vm/vm_object.h>
KCOUNTER(dispatcher_bti_create_count, "dispatcher.bti.create")
KCOUNTER(dispatcher_bti_destroy_count, "dispatcher.bti.destroy")
zx_status_t BusTransactionInitiatorDispatcher::Create(
fbl::RefPtr<Iommu> iommu, uint64_t bti_id,
KernelHandle<BusTransactionInitiatorDispatcher>* handle, zx_rights_t* rights) {
if (!iommu->IsValidBusTxnId(bti_id)) {
return ZX_ERR_INVALID_ARGS;
}
fbl::AllocChecker ac;
KernelHandle new_handle(
fbl::AdoptRef(new (&ac) BusTransactionInitiatorDispatcher(ktl::move(iommu), bti_id)));
if (!ac.check()) {
return ZX_ERR_NO_MEMORY;
}
*rights = default_rights();
*handle = ktl::move(new_handle);
return ZX_OK;
}
BusTransactionInitiatorDispatcher::BusTransactionInitiatorDispatcher(fbl::RefPtr<Iommu> iommu,
uint64_t bti_id)
: iommu_(ktl::move(iommu)), bti_id_(bti_id), zero_handles_(false) {
kcounter_add(dispatcher_bti_create_count, 1);
}
BusTransactionInitiatorDispatcher::~BusTransactionInitiatorDispatcher() {
DEBUG_ASSERT(pinned_memory_.is_empty());
kcounter_add(dispatcher_bti_destroy_count, 1);
}
zx_status_t BusTransactionInitiatorDispatcher::Pin(
fbl::RefPtr<VmObject> vmo, uint64_t offset, uint64_t size, uint32_t perms,
KernelHandle<PinnedMemoryTokenDispatcher>* pmt_handle, zx_rights_t* pmt_rights) {
DEBUG_ASSERT(IS_PAGE_ALIGNED(offset));
DEBUG_ASSERT(IS_PAGE_ALIGNED(size));
if (size == 0) {
return ZX_ERR_INVALID_ARGS;
}
PinnedVmObject pinned_vmo;
zx_status_t status = PinnedVmObject::Create(vmo, offset, size, &pinned_vmo);
if (status != ZX_OK) {
return status;
}
Guard<Mutex> guard{get_lock()};
// TODO(fxbug.dev/56205): When the time has come to switch this over from a warning
// to enforcement, come back here and delete the #else half of this #ifdef.
#if 0
// User may not pin new memory if either our BTI has hit zero handles, or if
// we currently have quarantined pages. In the case that there are active
// quarantined pages, driver code is expected to take the steps to stop their
// DMA, and then release the quarantine before proceeding to pin new memory.
if (zero_handles_ || !quarantine_.is_empty()) {
return ZX_ERR_BAD_STATE;
}
#else
if (zero_handles_) {
return ZX_ERR_BAD_STATE;
}
if (!quarantine_.is_empty()) {
char proc_name[ZX_MAX_NAME_LEN] = {0};
char thread_name[ZX_MAX_NAME_LEN] = {0};
char bti_name[ZX_MAX_NAME_LEN] = {0};
// If we have no current thread dispatcher, then this is a kernel thread. We
// have no process to report, just report that the action was taken by a
// kernel thread and leave it at that.
ThreadDispatcher* thread_disp = ThreadDispatcher::GetCurrent();
if (thread_disp == nullptr) {
snprintf(proc_name, sizeof(proc_name), "<kernel>");
snprintf(thread_name, sizeof(thread_name), "<kernel>");
} else {
// Get the name of the user mode process and thread which closed the handle
// to the object which eventually resulted in the leak.
ProcessDispatcher::GetCurrent()->get_name(proc_name);
thread_disp->get_name(thread_name);
}
// Fetch the BTI name (if any).
this->get_name(bti_name);
// If any of these strings are empty, replace them with just "<unknown>".
if (!proc_name[0]) {
snprintf(proc_name, sizeof(proc_name), "<unknown>");
}
if (!thread_name[0]) {
snprintf(thread_name, sizeof(thread_name), "<unknown>");
}
if (!bti_name[0]) {
snprintf(bti_name, sizeof(bti_name), "<unknown>");
}
printf(
"KERN: Bus Transaction Initiator (ID 0x%lx, name \"%s\") was asked to pin a VMO while "
"there were still pages in the quarantine list. Requesting process/thread was \"%s\", "
"thread \"%s\". User mode code needs to be updated to follow the quarantine protocol.\n",
bti_id_, bti_name, proc_name, thread_name);
}
#endif
return PinnedMemoryTokenDispatcher::Create(fbl::RefPtr(this), ktl::move(pinned_vmo), perms,
pmt_handle, pmt_rights);
}
void BusTransactionInitiatorDispatcher::ReleaseQuarantine() {
QuarantineList tmp;
// The PMT dtor will call RemovePmo, which will reacquire this BTI's lock.
// To avoid deadlock, drop the lock before letting the quarantined PMTs go.
{
Guard<Mutex> guard{get_lock()};
quarantine_.swap(tmp);
}
}
void BusTransactionInitiatorDispatcher::on_zero_handles() {
Guard<Mutex> guard{get_lock()};
// Prevent new pinning from happening. The Dispatcher will stick around
// until all of the PMTs are closed.
zero_handles_ = true;
// Do not clear out the quarantine list. PMTs hold a reference to the BTI
// and the BTI holds a reference to each quarantined PMT. We intentionally
// leak the BTI, all quarantined PMTs, and their underlying VMOs. We could
// get away with freeing the BTI and the PMTs, but for safety we must leak
// at least the pinned parts of the VMOs, since we have no assurance that
// hardware is not still reading/writing to it.
if (!quarantine_.is_empty()) {
PrintQuarantineWarningLocked(BtiPageLeakReason::BtiClose);
}
}
zx_status_t BusTransactionInitiatorDispatcher::set_name(const char* name, size_t len) {
// The kernel implementation of fbl::Name is protected using an internal
// spinlock. No need for any special locks here.
return name_.set(name, len);
}
void BusTransactionInitiatorDispatcher::get_name(char out_name[ZX_MAX_NAME_LEN]) const {
// The kernel implementation of fbl::Name is protected using an internal
// spinlock. No need for any special locks here.
name_.get(ZX_MAX_NAME_LEN, out_name);
}
void BusTransactionInitiatorDispatcher::AddPmoLocked(PinnedMemoryTokenDispatcher* pmt) {
DEBUG_ASSERT(!fbl::InContainer<PmtListTag>(*pmt));
pinned_memory_.push_back(pmt);
}
void BusTransactionInitiatorDispatcher::RemovePmo(PinnedMemoryTokenDispatcher* pmt) {
Guard<Mutex> guard{get_lock()};
DEBUG_ASSERT(fbl::InContainer<PmtListTag>(*pmt));
pinned_memory_.erase(*pmt);
}
void BusTransactionInitiatorDispatcher::Quarantine(fbl::RefPtr<PinnedMemoryTokenDispatcher> pmt) {
Guard<Mutex> guard{get_lock()};
DEBUG_ASSERT(fbl::InContainer<PmtListTag>(*pmt));
quarantine_.push_back(ktl::move(pmt));
if (zero_handles_) {
// If we quarantine when at zero handles, this PMT will be leaked. See
// the comment in on_zero_handles().
PrintQuarantineWarningLocked(BtiPageLeakReason::PmtClose);
}
}
// The count of the pinned memory object tokens.
uint64_t BusTransactionInitiatorDispatcher::pmo_count() const {
Guard<Mutex> guard{get_lock()};
return pinned_memory_.size_slow();
}
// The count of the quarantined pinned memory object tokens.
uint64_t BusTransactionInitiatorDispatcher::quarantine_count() const {
Guard<Mutex> guard{get_lock()};
return quarantine_.size_slow();
}
void BusTransactionInitiatorDispatcher::PrintQuarantineWarningLocked(BtiPageLeakReason reason) {
uint64_t leaked_pages = 0;
size_t num_entries = 0;
for (const auto& pmt : quarantine_) {
leaked_pages += pmt.size() / PAGE_SIZE;
num_entries++;
}
char proc_name[ZX_MAX_NAME_LEN] = {0};
char thread_name[ZX_MAX_NAME_LEN] = {0};
char bti_name[ZX_MAX_NAME_LEN] = {0};
// If we have no current thread dispatcher, then this is a kernel thread. We
// have no process to report, just report that the action was taken by a
// kernel thread and leave it at that.
ThreadDispatcher* thread_disp = ThreadDispatcher::GetCurrent();
if (thread_disp == nullptr) {
snprintf(proc_name, sizeof(proc_name), "<kernel>");
snprintf(thread_name, sizeof(thread_name), "<kernel>");
} else {
// Get the name of the user mode process and thread which closed the handle
// to the object which eventually resulted in the leak.
ProcessDispatcher::GetCurrent()->get_name(proc_name);
thread_disp->get_name(thread_name);
}
// Fetch the BTI name (if any).
this->get_name(bti_name);
// If any of these strings are empty, replace them with just "<unknown>".
if (!proc_name[0]) {
snprintf(proc_name, sizeof(proc_name), "<unknown>");
}
if (!thread_name[0]) {
snprintf(thread_name, sizeof(thread_name), "<unknown>");
}
if (!bti_name[0]) {
snprintf(bti_name, sizeof(bti_name), "<unknown>");
}
// Finally, print the message describing the leak, as best we can.
const char* leak_cause;
switch (reason) {
case BtiPageLeakReason::BtiClose:
leak_cause = "a BTI being closed with a non-empty quarantine list";
break;
case BtiPageLeakReason::PmtClose:
leak_cause = "a pinned PMT being closed, when the BTI used to pin it was already closed";
break;
default:
leak_cause = "<unknown>";
break;
}
// TODO(fxbug.dev/56157): Make this an OOPS once the driver bugs are fixed.
printf("KERN: Bus Transaction Initiator (ID 0x%lx, name \"%s\") has leaked %" PRIu64
" pages in %zu VMOs. Leak was caused by %s. The last handle was closed by process "
"\"%s\", and thread \"%s\"\n",
bti_id_, bti_name, leaked_pages, num_entries, leak_cause, proc_name, thread_name);
}