Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / libhwbinder / eb09885ad05ae2102ae80eff470bc6a232e316cc / . / IPCThreadState.cpp
blob: 13ae0cd76411dabe228b73959c66862ea90fd58a [file] [log] [blame]
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1/*
2 * Copyright (C) 2005 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Steven Morelandc4dd2102017-02-23 13:57:21 -0800[diff] [blame]17#define LOG_TAG "hw-IPCThreadState"
Jason Parks2b17f142009-11-03 12:14:38 -0800[diff] [blame]18
Martijn Coenen4080edc2016-05-04 14:17:02 +0200[diff] [blame]19#include <hwbinder/IPCThreadState.h>
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]20#include <binderthreadstate/IPCThreadStateBase.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]21
Martijn Coenen4080edc2016-05-04 14:17:02 +0200[diff] [blame]22#include <hwbinder/Binder.h>
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]23#include <hwbinder/BpHwBinder.h>
Martijn Coenen4080edc2016-05-04 14:17:02 +0200[diff] [blame]24#include <hwbinder/TextOutput.h>
Chia-I Wu0e72fd52016-10-06 14:20:41 +0800[diff] [blame]25#include <hwbinder/binder_kernel.h>
Mathias Agopian4ea13dc2013-05-06 20:20:50 -0700[diff] [blame]26
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]27#include <android-base/macros.h>
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]28#include <utils/CallStack.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]29#include <utils/Log.h>
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]30#include <utils/SystemClock.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]31#include <utils/threads.h>
32
33#include <private/binder/binder_module.h>
Martijn Coenene01f4f22016-05-12 12:33:28 +0200[diff] [blame]34#include <hwbinder/Static.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]35
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]36#include <errno.h>
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]37#include <inttypes.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]38#include <pthread.h>
39#include <sched.h>
Yabin Cuibbef2ba2015-01-26 19:45:47 -0800[diff] [blame]40#include <signal.h>
41#include <stdio.h>
42#include <sys/ioctl.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]43#include <sys/resource.h>
Yabin Cuibbef2ba2015-01-26 19:45:47 -0800[diff] [blame]44#include <unistd.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]45
46#if LOG_NDEBUG
47
48#define IF_LOG_TRANSACTIONS() if (false)
49#define IF_LOG_COMMANDS() if (false)
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]50#define LOG_REMOTEREFS(...)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]51#define IF_LOG_REMOTEREFS() if (false)
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]52#define LOG_THREADPOOL(...)
53#define LOG_ONEWAY(...)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]54
55#else
56
Steve Block5854b912011-10-12 17:27:03 +0100[diff] [blame]57#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact")
58#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc")
59#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__)
60#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs")
61#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__)
62#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]63
64#endif
65
66// ---------------------------------------------------------------------------
67
68namespace android {
Martijn Coenenf75a23d2016-08-01 11:55:17 +0200[diff] [blame]69namespace hardware {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]70
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]71// Static const and functions will be optimized out if not used,
72// when LOG_NDEBUG and references in IF_LOG_COMMANDS() are optimized out.
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]73static const char *kReturnStrings[] = {
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]74 "BR_ERROR",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]75 "BR_OK",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]76 "BR_TRANSACTION",
77 "BR_REPLY",
78 "BR_ACQUIRE_RESULT",
79 "BR_DEAD_REPLY",
80 "BR_TRANSACTION_COMPLETE",
81 "BR_INCREFS",
82 "BR_ACQUIRE",
83 "BR_RELEASE",
84 "BR_DECREFS",
85 "BR_ATTEMPT_ACQUIRE",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]86 "BR_NOOP",
87 "BR_SPAWN_LOOPER",
88 "BR_FINISHED",
89 "BR_DEAD_BINDER",
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]90 "BR_CLEAR_DEATH_NOTIFICATION_DONE",
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]91 "BR_FAILED_REPLY",
92 "BR_TRANSACTION_SEC_CTX",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]93};
94
95static const char *kCommandStrings[] = {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]96 "BC_TRANSACTION",
97 "BC_REPLY",
98 "BC_ACQUIRE_RESULT",
99 "BC_FREE_BUFFER",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]100 "BC_INCREFS",
101 "BC_ACQUIRE",
102 "BC_RELEASE",
103 "BC_DECREFS",
104 "BC_INCREFS_DONE",
105 "BC_ACQUIRE_DONE",
106 "BC_ATTEMPT_ACQUIRE",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]107 "BC_REGISTER_LOOPER",
108 "BC_ENTER_LOOPER",
109 "BC_EXIT_LOOPER",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]110 "BC_REQUEST_DEATH_NOTIFICATION",
111 "BC_CLEAR_DEATH_NOTIFICATION",
112 "BC_DEAD_BINDER_DONE"
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]113};
114
115static const char* getReturnString(size_t idx)
116{
117 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0]))
118 return kReturnStrings[idx];
119 else
120 return "unknown";
121}
122
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]123static const void* printBinderTransactionData(TextOutput& out, const void* data)
124{
125 const binder_transaction_data* btd =
126 (const binder_transaction_data*)data;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]127 if (btd->target.handle < 1024) {
128 /* want to print descriptors in decimal; guess based on value */
129 out << "target.desc=" << btd->target.handle;
130 } else {
131 out << "target.ptr=" << btd->target.ptr;
132 }
133 out << " (cookie " << btd->cookie << ")" << endl
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]134 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)(long)btd->flags << endl
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]135 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size
136 << " bytes)" << endl
137 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]138 << " bytes)";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]139 return btd+1;
140}
141
142static const void* printReturnCommand(TextOutput& out, const void* _cmd)
143{
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]144 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]145 const int32_t* cmd = (const int32_t*)_cmd;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]146 uint32_t code = (uint32_t)*cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]147 size_t cmdIndex = code & 0xff;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]148 if (code == BR_ERROR) {
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]149 out << "BR_ERROR: " << (void*)(long)(*cmd++) << endl;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]150 return cmd;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]151 } else if (cmdIndex >= N) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]152 out << "Unknown reply: " << code << endl;
153 return cmd;
154 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]155 out << kReturnStrings[cmdIndex];
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]156
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]157 switch (code) {
158 case BR_TRANSACTION:
159 case BR_REPLY: {
160 out << ": " << indent;
161 cmd = (const int32_t *)printBinderTransactionData(out, cmd);
162 out << dedent;
163 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]164
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]165 case BR_ACQUIRE_RESULT: {
166 const int32_t res = *cmd++;
167 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)");
168 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]169
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]170 case BR_INCREFS:
171 case BR_ACQUIRE:
172 case BR_RELEASE:
173 case BR_DECREFS: {
174 const int32_t b = *cmd++;
175 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]176 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]177 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]178
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]179 case BR_ATTEMPT_ACQUIRE: {
180 const int32_t p = *cmd++;
181 const int32_t b = *cmd++;
182 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]183 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]184 << "), pri=" << p;
185 } break;
186
187 case BR_DEAD_BINDER:
188 case BR_CLEAR_DEATH_NOTIFICATION_DONE: {
189 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]190 out << ": death cookie " << (void*)(long)c;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]191 } break;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]192
193 default:
194 // no details to show for: BR_OK, BR_DEAD_REPLY,
195 // BR_TRANSACTION_COMPLETE, BR_FINISHED
196 break;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]197 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]198
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]199 out << endl;
200 return cmd;
201}
202
203static const void* printCommand(TextOutput& out, const void* _cmd)
204{
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]205 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]206 const int32_t* cmd = (const int32_t*)_cmd;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]207 uint32_t code = (uint32_t)*cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]208 size_t cmdIndex = code & 0xff;
209
210 if (cmdIndex >= N) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]211 out << "Unknown command: " << code << endl;
212 return cmd;
213 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]214 out << kCommandStrings[cmdIndex];
215
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]216 switch (code) {
217 case BC_TRANSACTION:
218 case BC_REPLY: {
219 out << ": " << indent;
220 cmd = (const int32_t *)printBinderTransactionData(out, cmd);
221 out << dedent;
222 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]223
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]224 case BC_ACQUIRE_RESULT: {
225 const int32_t res = *cmd++;
226 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)");
227 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]228
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]229 case BC_FREE_BUFFER: {
230 const int32_t buf = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]231 out << ": buffer=" << (void*)(long)buf;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]232 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]233
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]234 case BC_INCREFS:
235 case BC_ACQUIRE:
236 case BC_RELEASE:
237 case BC_DECREFS: {
238 const int32_t d = *cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]239 out << ": desc=" << d;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]240 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]241
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]242 case BC_INCREFS_DONE:
243 case BC_ACQUIRE_DONE: {
244 const int32_t b = *cmd++;
245 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]246 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]247 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]248
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]249 case BC_ATTEMPT_ACQUIRE: {
250 const int32_t p = *cmd++;
251 const int32_t d = *cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]252 out << ": desc=" << d << ", pri=" << p;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]253 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]254
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]255 case BC_REQUEST_DEATH_NOTIFICATION:
256 case BC_CLEAR_DEATH_NOTIFICATION: {
257 const int32_t h = *cmd++;
258 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]259 out << ": handle=" << h << " (death cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]260 } break;
261
262 case BC_DEAD_BINDER_DONE: {
263 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]264 out << ": death cookie " << (void*)(long)c;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]265 } break;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]266
267 default:
268 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER,
269 // BC_EXIT_LOOPER
270 break;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]271 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]272
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]273 out << endl;
274 return cmd;
275}
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]276
277static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER;
278static bool gHaveTLS = false;
279static pthread_key_t gTLS = 0;
280static bool gShutdown = false;
281
282IPCThreadState* IPCThreadState::self()
283{
284 if (gHaveTLS) {
285restart:
286 const pthread_key_t k = gTLS;
287 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k);
288 if (st) return st;
289 return new IPCThreadState;
290 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]291
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]292 if (gShutdown) {
293 ALOGW("Calling IPCThreadState::self() during shutdown is dangerous, expect a crash.\n");
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]294 return nullptr;
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]295 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]296
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]297 pthread_mutex_lock(&gTLSMutex);
298 if (!gHaveTLS) {
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]299 int key_create_value = pthread_key_create(&gTLS, threadDestructor);
300 if (key_create_value != 0) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]301 pthread_mutex_unlock(&gTLSMutex);
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]302 ALOGW("IPCThreadState::self() unable to create TLS key, expect a crash: %s\n",
303 strerror(key_create_value));
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]304 return nullptr;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]305 }
306 gHaveTLS = true;
307 }
308 pthread_mutex_unlock(&gTLSMutex);
309 goto restart;
310}
311
Brad Fitzpatrick77949942010-12-13 16:52:35 -0800[diff] [blame]312IPCThreadState* IPCThreadState::selfOrNull()
313{
314 if (gHaveTLS) {
315 const pthread_key_t k = gTLS;
316 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k);
317 return st;
318 }
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]319 return nullptr;
Brad Fitzpatrick77949942010-12-13 16:52:35 -0800[diff] [blame]320}
321
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]322void IPCThreadState::shutdown()
323{
324 gShutdown = true;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]325
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]326 if (gHaveTLS) {
327 // XXX Need to wait for all thread pool threads to exit!
328 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS);
329 if (st) {
330 delete st;
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]331 pthread_setspecific(gTLS, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]332 }
zhongjie8e8a0252016-03-09 15:05:04 +0800[diff] [blame]333 pthread_key_delete(gTLS);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]334 gHaveTLS = false;
335 }
336}
337
Steven Moreland8c3f4bd2018-05-07 15:45:23 -0700[diff] [blame]338// TODO(b/66905301): remove symbol
339void IPCThreadState::disableBackgroundScheduling(bool /* disable */) {}
Dianne Hackborn5f4d7e82009-12-07 17:59:37 -0800[diff] [blame]340
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]341sp<ProcessState> IPCThreadState::process()
342{
343 return mProcess;
344}
345
346status_t IPCThreadState::clearLastError()
347{
348 const status_t err = mLastError;
349 mLastError = NO_ERROR;
350 return err;
351}
352
Dan Stozae8da8a42014-11-26 12:23:23 -0800[diff] [blame]353pid_t IPCThreadState::getCallingPid() const
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]354{
355 return mCallingPid;
356}
357
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]358const char* IPCThreadState::getCallingSid() const
359{
360 return mCallingSid;
361}
362
Dan Stozae8da8a42014-11-26 12:23:23 -0800[diff] [blame]363uid_t IPCThreadState::getCallingUid() const
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]364{
365 return mCallingUid;
366}
367
368int64_t IPCThreadState::clearCallingIdentity()
369{
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]370 // ignore mCallingSid for legacy reasons
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]371 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid;
372 clearCaller();
373 return token;
374}
375
Brad Fitzpatrick94c36342010-06-18 13:07:53 -0700[diff] [blame]376void IPCThreadState::setStrictModePolicy(int32_t policy)
377{
378 mStrictModePolicy = policy;
379}
380
Brad Fitzpatrick3f4ef592010-07-07 16:06:39 -0700[diff] [blame]381int32_t IPCThreadState::getStrictModePolicy() const
382{
Brad Fitzpatrick94c36342010-06-18 13:07:53 -0700[diff] [blame]383 return mStrictModePolicy;
384}
385
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]386void IPCThreadState::setLastTransactionBinderFlags(int32_t flags)
387{
388 mLastTransactionBinderFlags = flags;
389}
390
391int32_t IPCThreadState::getLastTransactionBinderFlags() const
392{
393 return mLastTransactionBinderFlags;
394}
395
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]396void IPCThreadState::restoreCallingIdentity(int64_t token)
397{
398 mCallingUid = (int)(token>>32);
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]399 mCallingSid = nullptr; // not enough data to restore
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]400 mCallingPid = (int)token;
401}
402
403void IPCThreadState::clearCaller()
404{
Marco Nelissenb4f35d02009-07-17 07:59:17 -0700[diff] [blame]405 mCallingPid = getpid();
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]406 mCallingSid = nullptr; // expensive to lookup
Marco Nelissenb4f35d02009-07-17 07:59:17 -0700[diff] [blame]407 mCallingUid = getuid();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]408}
409
410void IPCThreadState::flushCommands()
411{
412 if (mProcess->mDriverFD <= 0)
413 return;
414 talkWithDriver(false);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]415 // The flush could have caused post-write refcount decrements to have
416 // been executed, which in turn could result in BC_RELEASE/BC_DECREFS
417 // being queued in mOut. So flush again, if we need to.
418 if (mOut.dataSize() > 0) {
419 talkWithDriver(false);
420 }
421 if (mOut.dataSize() > 0) {
422 ALOGW("mOut.dataSize() > 0 after flushCommands()");
423 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]424}
425
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]426void IPCThreadState::blockUntilThreadAvailable()
427{
428 pthread_mutex_lock(&mProcess->mThreadCountLock);
429 while (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads) {
Wale Ogunwale319900a2015-04-21 12:29:50 -0700[diff] [blame]430 ALOGW("Waiting for thread to be free. mExecutingThreadsCount=%lu mMaxThreads=%lu\n",
431 static_cast<unsigned long>(mProcess->mExecutingThreadsCount),
432 static_cast<unsigned long>(mProcess->mMaxThreads));
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]433 pthread_cond_wait(&mProcess->mThreadCountDecrement, &mProcess->mThreadCountLock);
434 }
435 pthread_mutex_unlock(&mProcess->mThreadCountLock);
436}
437
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]438status_t IPCThreadState::getAndExecuteCommand()
439{
440 status_t result;
441 int32_t cmd;
442
443 result = talkWithDriver();
444 if (result >= NO_ERROR) {
445 size_t IN = mIn.dataAvail();
446 if (IN < sizeof(int32_t)) return result;
447 cmd = mIn.readInt32();
448 IF_LOG_COMMANDS() {
449 alog << "Processing top-level Command: "
450 << getReturnString(cmd) << endl;
451 }
452
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]453 pthread_mutex_lock(&mProcess->mThreadCountLock);
454 mProcess->mExecutingThreadsCount++;
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]455 if (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads &&
Martijn Coenen0ce07ce2017-07-14 15:37:25 +0200[diff] [blame]456 mProcess->mMaxThreads > 1 && mProcess->mStarvationStartTimeMs == 0) {
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]457 mProcess->mStarvationStartTimeMs = uptimeMillis();
458 }
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]459 pthread_mutex_unlock(&mProcess->mThreadCountLock);
460
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]461 result = executeCommand(cmd);
462
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]463 pthread_mutex_lock(&mProcess->mThreadCountLock);
464 mProcess->mExecutingThreadsCount--;
Wei Wangdf7f40d2018-03-29 15:41:59 -0700[diff] [blame]465 if (mProcess->mExecutingThreadsCount < mProcess->mMaxThreads &&
Martijn Coenen0ce07ce2017-07-14 15:37:25 +0200[diff] [blame]466 mProcess->mStarvationStartTimeMs != 0) {
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]467 int64_t starvationTimeMs = uptimeMillis() - mProcess->mStarvationStartTimeMs;
468 if (starvationTimeMs > 100) {
Wei Wangdf7f40d2018-03-29 15:41:59 -0700[diff] [blame]469 // If there is only a single-threaded client, nobody would be blocked
470 // on this, and it's not really starvation. (see b/37647467)
471 ALOGW("All binder threads in pool (%zu threads) busy for %" PRId64 " ms%s",
472 mProcess->mMaxThreads, starvationTimeMs,
473 mProcess->mMaxThreads > 1 ? "" : " (may be a false alarm)");
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]474 }
475 mProcess->mStarvationStartTimeMs = 0;
476 }
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]477 pthread_cond_broadcast(&mProcess->mThreadCountDecrement);
478 pthread_mutex_unlock(&mProcess->mThreadCountLock);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]479 }
480
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]481 if (UNLIKELY(!mPostCommandTasks.empty())) {
482 // make a copy in case the post transaction task makes a binder
483 // call and that other process calls back into us
484 std::vector<std::function<void(void)>> tasks = mPostCommandTasks;
485 mPostCommandTasks.clear();
Chih-Hung Hsiehe8675522018-12-12 14:42:24 -0800[diff] [blame]486 for (const auto& func : tasks) {
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]487 func();
488 }
489 }
490
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]491 return result;
492}
493
494// When we've cleared the incoming command queue, process any pending derefs
495void IPCThreadState::processPendingDerefs()
496{
497 if (mIn.dataPosition() >= mIn.dataSize()) {
Martijn Coenenc9f105b2017-08-08 15:36:16 +0200[diff] [blame]498 /*
499 * The decWeak()/decStrong() calls may cause a destructor to run,
500 * which in turn could have initiated an outgoing transaction,
501 * which in turn could cause us to add to the pending refs
502 * vectors; so instead of simply iterating, loop until they're empty.
503 *
504 * We do this in an outer loop, because calling decStrong()
505 * may result in something being added to mPendingWeakDerefs,
506 * which could be delayed until the next incoming command
507 * from the driver if we don't process it now.
508 */
509 while (mPendingWeakDerefs.size() > 0 || mPendingStrongDerefs.size() > 0) {
510 while (mPendingWeakDerefs.size() > 0) {
511 RefBase::weakref_type* refs = mPendingWeakDerefs[0];
512 mPendingWeakDerefs.removeAt(0);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]513 refs->decWeak(mProcess.get());
514 }
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]515
Martijn Coenenc9f105b2017-08-08 15:36:16 +0200[diff] [blame]516 if (mPendingStrongDerefs.size() > 0) {
517 // We don't use while() here because we don't want to re-order
518 // strong and weak decs at all; if this decStrong() causes both a
519 // decWeak() and a decStrong() to be queued, we want to process
520 // the decWeak() first.
521 BHwBinder* obj = mPendingStrongDerefs[0];
522 mPendingStrongDerefs.removeAt(0);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]523 obj->decStrong(mProcess.get());
524 }
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]525 }
526 }
527}
528
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]529void IPCThreadState::processPostWriteDerefs()
530{
531 /*
532 * libhwbinder has a flushCommands() in the BpHwBinder destructor,
533 * which makes this function (potentially) reentrant.
534 * New entries shouldn't be added though, so just iterating until empty
535 * should be safe.
536 */
537 while (mPostWriteWeakDerefs.size() > 0) {
538 RefBase::weakref_type* refs = mPostWriteWeakDerefs[0];
539 mPostWriteWeakDerefs.removeAt(0);
540 refs->decWeak(mProcess.get());
541 }
542
543 while (mPostWriteStrongDerefs.size() > 0) {
544 RefBase* obj = mPostWriteStrongDerefs[0];
545 mPostWriteStrongDerefs.removeAt(0);
546 obj->decStrong(mProcess.get());
547 }
548}
549
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]550void IPCThreadState::joinThreadPool(bool isMain)
551{
552 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid());
553
554 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]555
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]556 status_t result;
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]557 mIsLooper = true;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]558 do {
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]559 processPendingDerefs();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]560 // now get the next command to be processed, waiting if necessary
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]561 result = getAndExecuteCommand();
Jason Parks2b17f142009-11-03 12:14:38 -0800[diff] [blame]562
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]563 if (result < NO_ERROR && result != TIMED_OUT && result != -ECONNREFUSED && result != -EBADF) {
564 ALOGE("getAndExecuteCommand(fd=%d) returned unexpected error %d, aborting",
Jeff Tinkeree711ec2013-06-11 11:30:21 -0700[diff] [blame]565 mProcess->mDriverFD, result);
566 abort();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]567 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]568
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]569 // Let this thread exit the thread pool if it is no longer
570 // needed and it is not the main process thread.
571 if(result == TIMED_OUT && !isMain) {
572 break;
573 }
574 } while (result != -ECONNREFUSED && result != -EBADF);
575
Wei Wang8a2e8ac2016-10-14 09:54:27 -0700[diff] [blame]576 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%d\n",
577 (void*)pthread_self(), getpid(), result);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]578
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]579 mOut.writeInt32(BC_EXIT_LOOPER);
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]580 mIsLooper = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]581 talkWithDriver(false);
582}
583
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]584int IPCThreadState::setupPolling(int* fd)
585{
586 if (mProcess->mDriverFD <= 0) {
587 return -EBADF;
588 }
589
Martijn Coenen80b88ab2017-09-25 14:50:05 +0200[diff] [blame]590 // Tells the kernel to not spawn any additional binder threads,
591 // as that won't work with polling. Also, the caller is responsible
592 // for subsequently calling handlePolledCommands()
593 mProcess->setThreadPoolConfiguration(1, true /* callerWillJoin */);
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]594 mIsPollingThread = true;
Martijn Coenen80b88ab2017-09-25 14:50:05 +0200[diff] [blame]595
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]596 mOut.writeInt32(BC_ENTER_LOOPER);
597 *fd = mProcess->mDriverFD;
598 return 0;
599}
600
601status_t IPCThreadState::handlePolledCommands()
602{
603 status_t result;
604
605 do {
606 result = getAndExecuteCommand();
607 } while (mIn.dataPosition() < mIn.dataSize());
608
609 processPendingDerefs();
610 flushCommands();
611 return result;
612}
613
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]614void IPCThreadState::stopProcess(bool /*immediate*/)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]615{
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]616 //ALOGI("**** STOPPING PROCESS");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]617 flushCommands();
618 int fd = mProcess->mDriverFD;
619 mProcess->mDriverFD = -1;
620 close(fd);
621 //kill(getpid(), SIGKILL);
622}
623
624status_t IPCThreadState::transact(int32_t handle,
625 uint32_t code, const Parcel& data,
626 Parcel* reply, uint32_t flags)
627{
Ganesh Mahendrance45b892017-10-11 18:05:13 +0800[diff] [blame]628 status_t err;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]629
630 flags |= TF_ACCEPT_FDS;
631
632 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]633 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand "
634 << handle << " / code " << TypeCode(code) << ": "
635 << indent << data << dedent << endl;
636 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]637
Ganesh Mahendrance45b892017-10-11 18:05:13 +0800[diff] [blame]638 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(),
639 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY");
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]640 err = writeTransactionData(BC_TRANSACTION_SG, flags, handle, code, data, nullptr);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]641
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]642 if (err != NO_ERROR) {
643 if (reply) reply->setError(err);
644 return (mLastError = err);
645 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]646
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]647 if ((flags & TF_ONE_WAY) == 0) {
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]648 if (UNLIKELY(mCallRestriction != ProcessState::CallRestriction::NONE)) {
649 if (mCallRestriction == ProcessState::CallRestriction::ERROR_IF_NOT_ONEWAY) {
650 ALOGE("Process making non-oneway call but is restricted.");
651 CallStack::logStack("non-oneway call", CallStack::getCurrent(10).get(),
652 ANDROID_LOG_ERROR);
653 } else /* FATAL_IF_NOT_ONEWAY */ {
654 LOG_ALWAYS_FATAL("Process may not make oneway calls.");
655 }
656 }
657
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]658 #if 0
659 if (code == 4) { // relayout
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]660 ALOGI(">>>>>> CALLING transaction 4");
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]661 } else {
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]662 ALOGI(">>>>>> CALLING transaction %d", code);
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]663 }
664 #endif
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]665 if (reply) {
666 err = waitForResponse(reply);
667 } else {
668 Parcel fakeReply;
669 err = waitForResponse(&fakeReply);
670 }
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]671 #if 0
672 if (code == 4) { // relayout
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]673 ALOGI("<<<<<< RETURNING transaction 4");
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]674 } else {
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]675 ALOGI("<<<<<< RETURNING transaction %d", code);
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]676 }
677 #endif
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]678
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]679 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]680 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand "
681 << handle << ": ";
682 if (reply) alog << indent << *reply << dedent << endl;
683 else alog << "(none requested)" << endl;
684 }
685 } else {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]686 err = waitForResponse(nullptr, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]687 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]688
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]689 return err;
690}
691
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]692void IPCThreadState::incStrongHandle(int32_t handle, BpHwBinder *proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]693{
694 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle);
695 mOut.writeInt32(BC_ACQUIRE);
696 mOut.writeInt32(handle);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]697 // Create a temp reference until the driver has handled this command.
698 proxy->incStrong(mProcess.get());
699 mPostWriteStrongDerefs.push(proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]700}
701
702void IPCThreadState::decStrongHandle(int32_t handle)
703{
704 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle);
705 mOut.writeInt32(BC_RELEASE);
706 mOut.writeInt32(handle);
707}
708
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]709void IPCThreadState::incWeakHandle(int32_t handle, BpHwBinder *proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]710{
711 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle);
712 mOut.writeInt32(BC_INCREFS);
713 mOut.writeInt32(handle);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]714 // Create a temp reference until the driver has handled this command.
715 proxy->getWeakRefs()->incWeak(mProcess.get());
716 mPostWriteWeakDerefs.push(proxy->getWeakRefs());
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]717}
718
719void IPCThreadState::decWeakHandle(int32_t handle)
720{
721 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle);
722 mOut.writeInt32(BC_DECREFS);
723 mOut.writeInt32(handle);
724}
725
726status_t IPCThreadState::attemptIncStrongHandle(int32_t handle)
727{
Arve Hjønnevåg304dcae2014-02-14 20:14:02 -0800[diff] [blame]728#if HAS_BC_ATTEMPT_ACQUIRE
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]729 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]730 mOut.writeInt32(BC_ATTEMPT_ACQUIRE);
731 mOut.writeInt32(0); // xxx was thread priority
732 mOut.writeInt32(handle);
733 status_t result = UNKNOWN_ERROR;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]734
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]735 waitForResponse(nullptr, &result);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]736
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]737#if LOG_REFCOUNTS
738 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n",
739 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE");
740#endif
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]741
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]742 return result;
Arve Hjønnevåg304dcae2014-02-14 20:14:02 -0800[diff] [blame]743#else
744 (void)handle;
745 ALOGE("%s(%d): Not supported\n", __func__, handle);
746 return INVALID_OPERATION;
747#endif
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]748}
749
750void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder)
751{
752#if LOG_REFCOUNTS
753 printf("IPCThreadState::expungeHandle(%ld)\n", handle);
754#endif
Yunlian Jiang6b65ac32017-09-19 15:51:07 -0700[diff] [blame]755 self()->mProcess->expungeHandle(handle, binder); // NOLINT
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]756}
757
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]758status_t IPCThreadState::requestDeathNotification(int32_t handle, BpHwBinder* proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]759{
760 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION);
761 mOut.writeInt32((int32_t)handle);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]762 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]763 return NO_ERROR;
764}
765
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]766status_t IPCThreadState::clearDeathNotification(int32_t handle, BpHwBinder* proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]767{
768 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION);
769 mOut.writeInt32((int32_t)handle);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]770 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]771 return NO_ERROR;
772}
773
774IPCThreadState::IPCThreadState()
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]775 : mProcess(ProcessState::self()),
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]776 mStrictModePolicy(0),
Martijn Coenen9bd3d3b2017-12-12 09:29:14 +0100[diff] [blame]777 mLastTransactionBinderFlags(0),
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]778 mIsLooper(false),
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]779 mIsPollingThread(false),
780 mCallRestriction(mProcess->mCallRestriction) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]781 pthread_setspecific(gTLS, this);
Dianne Hackborn5f4d7e82009-12-07 17:59:37 -0800[diff] [blame]782 clearCaller();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]783 mIn.setDataCapacity(256);
784 mOut.setDataCapacity(256);
Chih-Hung Hsieh29dbdcf2017-10-02 10:42:37 -0700[diff] [blame]785
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]786 mIPCThreadStateBase = IPCThreadStateBase::self();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]787}
788
789IPCThreadState::~IPCThreadState()
790{
791}
792
793status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags)
794{
795 status_t err;
796 status_t statusBuffer;
Martijn Coenend39a1682016-06-03 21:27:28 +0200[diff] [blame]797 err = writeTransactionData(BC_REPLY_SG, flags, -1, 0, reply, &statusBuffer);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]798 if (err < NO_ERROR) return err;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]799
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]800 return waitForResponse(nullptr, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]801}
802
803status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult)
804{
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]805 uint32_t cmd;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]806 int32_t err;
807
808 while (1) {
809 if ((err=talkWithDriver()) < NO_ERROR) break;
810 err = mIn.errorCheck();
811 if (err < NO_ERROR) break;
812 if (mIn.dataAvail() == 0) continue;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]813
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]814 cmd = (uint32_t)mIn.readInt32();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]815
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]816 IF_LOG_COMMANDS() {
817 alog << "Processing waitForResponse Command: "
818 << getReturnString(cmd) << endl;
819 }
820
821 switch (cmd) {
822 case BR_TRANSACTION_COMPLETE:
823 if (!reply && !acquireResult) goto finish;
824 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]825
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]826 case BR_DEAD_REPLY:
827 err = DEAD_OBJECT;
828 goto finish;
829
830 case BR_FAILED_REPLY:
831 err = FAILED_TRANSACTION;
832 goto finish;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]833
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]834 case BR_ACQUIRE_RESULT:
835 {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]836 ALOG_ASSERT(acquireResult != nullptr, "Unexpected brACQUIRE_RESULT");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]837 const int32_t result = mIn.readInt32();
838 if (!acquireResult) continue;
839 *acquireResult = result ? NO_ERROR : INVALID_OPERATION;
840 }
841 goto finish;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]842
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]843 case BR_REPLY:
844 {
845 binder_transaction_data tr;
846 err = mIn.read(&tr, sizeof(tr));
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]847 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]848 if (err != NO_ERROR) goto finish;
849
850 if (reply) {
851 if ((tr.flags & TF_STATUS_CODE) == 0) {
852 reply->ipcSetDataReference(
853 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
854 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]855 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
856 tr.offsets_size/sizeof(binder_size_t),
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]857 freeBuffer, this);
858 } else {
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]859 err = *reinterpret_cast<const status_t*>(tr.data.ptr.buffer);
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]860 freeBuffer(nullptr,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]861 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
862 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]863 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
864 tr.offsets_size/sizeof(binder_size_t), this);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]865 }
866 } else {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]867 freeBuffer(nullptr,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]868 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
869 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]870 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
871 tr.offsets_size/sizeof(binder_size_t), this);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]872 continue;
873 }
874 }
875 goto finish;
876
877 default:
878 err = executeCommand(cmd);
879 if (err != NO_ERROR) goto finish;
880 break;
881 }
882 }
883
884finish:
885 if (err != NO_ERROR) {
886 if (acquireResult) *acquireResult = err;
887 if (reply) reply->setError(err);
888 mLastError = err;
889 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]890
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]891 return err;
892}
893
894status_t IPCThreadState::talkWithDriver(bool doReceive)
895{
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]896 if (mProcess->mDriverFD <= 0) {
897 return -EBADF;
898 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]899
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]900 binder_write_read bwr;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]901
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]902 // Is the read buffer empty?
903 const bool needRead = mIn.dataPosition() >= mIn.dataSize();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]904
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]905 // We don't want to write anything if we are still reading
906 // from data left in the input buffer and the caller
907 // has requested to read the next data.
908 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]909
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]910 bwr.write_size = outAvail;
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]911 bwr.write_buffer = (uintptr_t)mOut.data();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]912
913 // This is what we'll read.
914 if (doReceive && needRead) {
915 bwr.read_size = mIn.dataCapacity();
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]916 bwr.read_buffer = (uintptr_t)mIn.data();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]917 } else {
918 bwr.read_size = 0;
Ben Cheng455a70a2011-12-01 17:11:32 -0800[diff] [blame]919 bwr.read_buffer = 0;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]920 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]921
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]922 IF_LOG_COMMANDS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]923 if (outAvail != 0) {
924 alog << "Sending commands to driver: " << indent;
925 const void* cmds = (const void*)bwr.write_buffer;
926 const void* end = ((const uint8_t*)cmds)+bwr.write_size;
927 alog << HexDump(cmds, bwr.write_size) << endl;
928 while (cmds < end) cmds = printCommand(alog, cmds);
929 alog << dedent;
930 }
931 alog << "Size of receive buffer: " << bwr.read_size
932 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl;
933 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]934
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]935 // Return immediately if there is nothing to do.
936 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]937
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]938 bwr.write_consumed = 0;
939 bwr.read_consumed = 0;
940 status_t err;
941 do {
942 IF_LOG_COMMANDS() {
943 alog << "About to read/write, write size = " << mOut.dataSize() << endl;
944 }
Elliott Hughese5e70552015-08-12 15:27:47 -0700[diff] [blame]945#if defined(__ANDROID__)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]946 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0)
947 err = NO_ERROR;
948 else
949 err = -errno;
950#else
951 err = INVALID_OPERATION;
952#endif
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]953 if (mProcess->mDriverFD <= 0) {
954 err = -EBADF;
955 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]956 IF_LOG_COMMANDS() {
957 alog << "Finished read/write, write size = " << mOut.dataSize() << endl;
958 }
959 } while (err == -EINTR);
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]960
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]961 IF_LOG_COMMANDS() {
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]962 alog << "Our err: " << (void*)(intptr_t)err << ", write consumed: "
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]963 << bwr.write_consumed << " (of " << mOut.dataSize()
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]964 << "), read consumed: " << bwr.read_consumed << endl;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]965 }
966
967 if (err >= NO_ERROR) {
968 if (bwr.write_consumed > 0) {
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]969 if (bwr.write_consumed < mOut.dataSize())
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]970 mOut.remove(0, bwr.write_consumed);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]971 else {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]972 mOut.setDataSize(0);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]973 processPostWriteDerefs();
974 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]975 }
976 if (bwr.read_consumed > 0) {
977 mIn.setDataSize(bwr.read_consumed);
978 mIn.setDataPosition(0);
979 }
980 IF_LOG_COMMANDS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]981 alog << "Remaining data size: " << mOut.dataSize() << endl;
982 alog << "Received commands from driver: " << indent;
983 const void* cmds = mIn.data();
984 const void* end = mIn.data() + mIn.dataSize();
985 alog << HexDump(cmds, mIn.dataSize()) << endl;
986 while (cmds < end) cmds = printReturnCommand(alog, cmds);
987 alog << dedent;
988 }
989 return NO_ERROR;
990 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]991
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]992 return err;
993}
994
995status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
996 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer)
997{
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]998 binder_transaction_data_sg tr_sg;
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]999 /* Don't pass uninitialized stack data to a remote process */
1000 tr_sg.transaction_data.target.ptr = 0;
1001 tr_sg.transaction_data.target.handle = handle;
1002 tr_sg.transaction_data.code = code;
1003 tr_sg.transaction_data.flags = binderFlags;
1004 tr_sg.transaction_data.cookie = 0;
1005 tr_sg.transaction_data.sender_pid = 0;
1006 tr_sg.transaction_data.sender_euid = 0;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1007
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1008 const status_t err = data.errorCheck();
1009 if (err == NO_ERROR) {
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1010 tr_sg.transaction_data.data_size = data.ipcDataSize();
1011 tr_sg.transaction_data.data.ptr.buffer = data.ipcData();
1012 tr_sg.transaction_data.offsets_size = data.ipcObjectsCount()*sizeof(binder_size_t);
1013 tr_sg.transaction_data.data.ptr.offsets = data.ipcObjects();
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1014 tr_sg.buffers_size = data.ipcBufferSize();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1015 } else if (statusBuffer) {
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1016 tr_sg.transaction_data.flags |= TF_STATUS_CODE;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1017 *statusBuffer = err;
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1018 tr_sg.transaction_data.data_size = sizeof(status_t);
1019 tr_sg.transaction_data.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
1020 tr_sg.transaction_data.offsets_size = 0;
1021 tr_sg.transaction_data.data.ptr.offsets = 0;
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1022 tr_sg.buffers_size = 0;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1023 } else {
1024 return (mLastError = err);
1025 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1026
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1027 mOut.writeInt32(cmd);
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1028 mOut.write(&tr_sg, sizeof(tr_sg));
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1029
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1030 return NO_ERROR;
1031}
1032
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1033void IPCThreadState::setTheContextObject(sp<BHwBinder> obj)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1034{
Martijn Coenena660cbc2016-05-12 11:29:23 +0200[diff] [blame]1035 mContextObject = obj;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1036}
1037
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]1038bool IPCThreadState::isLooperThread()
1039{
1040 return mIsLooper;
1041}
1042
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]1043bool IPCThreadState::isOnlyBinderThread() {
1044 return (mIsLooper && mProcess->mMaxThreads <= 1) || mIsPollingThread;
1045}
1046
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]1047void IPCThreadState::addPostCommandTask(const std::function<void(void)>& task) {
1048 mPostCommandTasks.push_back(task);
1049}
1050
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1051status_t IPCThreadState::executeCommand(int32_t cmd)
1052{
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1053 BHwBinder* obj;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1054 RefBase::weakref_type* refs;
1055 status_t result = NO_ERROR;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]1056 switch ((uint32_t)cmd) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1057 case BR_ERROR:
1058 result = mIn.readInt32();
1059 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1060
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1061 case BR_OK:
1062 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1063
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1064 case BR_ACQUIRE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1065 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1066 obj = (BHwBinder*)mIn.readPointer();
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1067 ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1068 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)",
1069 refs, obj, refs->refBase());
1070 obj->incStrong(mProcess.get());
1071 IF_LOG_REMOTEREFS() {
1072 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj);
1073 obj->printRefs();
1074 }
1075 mOut.writeInt32(BC_ACQUIRE_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1076 mOut.writePointer((uintptr_t)refs);
1077 mOut.writePointer((uintptr_t)obj);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1078 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1079
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1080 case BR_RELEASE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1081 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1082 obj = (BHwBinder*)mIn.readPointer();
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1083 ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1084 "BR_RELEASE: object %p does not match cookie %p (expected %p)",
1085 refs, obj, refs->refBase());
1086 IF_LOG_REMOTEREFS() {
1087 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj);
1088 obj->printRefs();
1089 }
1090 mPendingStrongDerefs.push(obj);
1091 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1092
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1093 case BR_INCREFS:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1094 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1095 obj = (BHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1096 refs->incWeak(mProcess.get());
1097 mOut.writeInt32(BC_INCREFS_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1098 mOut.writePointer((uintptr_t)refs);
1099 mOut.writePointer((uintptr_t)obj);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1100 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1101
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1102 case BR_DECREFS:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1103 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1104 obj = (BHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1105 // NOTE: This assertion is not valid, because the object may no
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1106 // longer exist (thus the (BHwBinder*)cast above resulting in a different
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1107 // memory address).
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1108 //ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1109 // "BR_DECREFS: object %p does not match cookie %p (expected %p)",
1110 // refs, obj, refs->refBase());
1111 mPendingWeakDerefs.push(refs);
1112 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1113
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1114 case BR_ATTEMPT_ACQUIRE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1115 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1116 obj = (BHwBinder*)mIn.readPointer();
1117
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1118 {
1119 const bool success = refs->attemptIncStrong(mProcess.get());
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1120 ALOG_ASSERT(success && refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1121 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)",
1122 refs, obj, refs->refBase());
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1123
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1124 mOut.writeInt32(BC_ACQUIRE_RESULT);
1125 mOut.writeInt32((int32_t)success);
1126 }
1127 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1128
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1129 case BR_TRANSACTION_SEC_CTX:
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1130 case BR_TRANSACTION:
1131 {
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1132 binder_transaction_data_secctx tr_secctx;
1133 binder_transaction_data& tr = tr_secctx.transaction_data;
1134
1135 if (cmd == BR_TRANSACTION_SEC_CTX) {
1136 result = mIn.read(&tr_secctx, sizeof(tr_secctx));
1137 } else {
1138 result = mIn.read(&tr, sizeof(tr));
1139 tr_secctx.secctx = 0;
1140 }
1141
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1142 ALOG_ASSERT(result == NO_ERROR,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1143 "Not enough command data for brTRANSACTION");
1144 if (result != NO_ERROR) break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1145
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]1146 // Record the fact that we're in a hwbinder call
1147 mIPCThreadStateBase->pushCurrentState(
1148 IPCThreadStateBase::CallState::HWBINDER);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1149 Parcel buffer;
1150 buffer.ipcSetDataReference(
1151 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
1152 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]1153 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
1154 tr.offsets_size/sizeof(binder_size_t), freeBuffer, this);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1155
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1156 const pid_t origPid = mCallingPid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1157 const char* origSid = mCallingSid;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1158 const uid_t origUid = mCallingUid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1159 const int32_t origStrictModePolicy = mStrictModePolicy;
1160 const int32_t origTransactionBinderFlags = mLastTransactionBinderFlags;
1161
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1162 mCallingPid = tr.sender_pid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1163 mCallingSid = reinterpret_cast<const char*>(tr_secctx.secctx);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1164 mCallingUid = tr.sender_euid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1165 mLastTransactionBinderFlags = tr.flags;
1166
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1167 // ALOGI(">>>> TRANSACT from pid %d sid %s uid %d\n", mCallingPid,
1168 // (mCallingSid ? mCallingSid : "<N/A>"), mCallingUid);
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1169
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1170 Parcel reply;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1171 status_t error;
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1172 bool reply_sent = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1173 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1174 alog << "BR_TRANSACTION thr " << (void*)pthread_self()
1175 << " / obj " << tr.target.ptr << " / code "
1176 << TypeCode(tr.code) << ": " << indent << buffer
1177 << dedent << endl
1178 << "Data addr = "
1179 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer)
1180 << ", offsets addr="
1181 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl;
1182 }
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1183
1184 auto reply_callback = [&] (auto &replyParcel) {
1185 if (reply_sent) {
1186 // Reply was sent earlier, ignore it.
1187 ALOGE("Dropping binder reply, it was sent already.");
1188 return;
1189 }
1190 reply_sent = true;
1191 if ((tr.flags & TF_ONE_WAY) == 0) {
1192 replyParcel.setError(NO_ERROR);
1193 sendReply(replyParcel, 0);
1194 } else {
1195 ALOGE("Not sending reply in one-way transaction");
1196 }
1197 };
1198
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1199 if (tr.target.ptr) {
Dianne Hackborn839f7072016-03-21 10:36:54 -0700[diff] [blame]1200 // We only have a weak reference on the target object, so we must first try to
1201 // safely acquire a strong reference before doing anything else with it.
1202 if (reinterpret_cast<RefBase::weakref_type*>(
1203 tr.target.ptr)->attemptIncStrong(this)) {
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1204 error = reinterpret_cast<BHwBinder*>(tr.cookie)->transact(tr.code, buffer,
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1205 &reply, tr.flags, reply_callback);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1206 reinterpret_cast<BHwBinder*>(tr.cookie)->decStrong(this);
Dianne Hackborn839f7072016-03-21 10:36:54 -0700[diff] [blame]1207 } else {
1208 error = UNKNOWN_TRANSACTION;
1209 }
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]1210
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1211 } else {
Martijn Coenena660cbc2016-05-12 11:29:23 +0200[diff] [blame]1212 error = mContextObject->transact(tr.code, buffer, &reply, tr.flags, reply_callback);
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1213 }
1214
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]1215 mIPCThreadStateBase->popCurrentState();
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1216 if ((tr.flags & TF_ONE_WAY) == 0) {
1217 if (!reply_sent) {
1218 // Should have been a reply but there wasn't, so there
1219 // must have been an error instead.
1220 reply.setError(error);
1221 sendReply(reply, 0);
1222 } else {
1223 if (error != NO_ERROR) {
1224 ALOGE("transact() returned error after sending reply.");
1225 } else {
1226 // Ok, reply sent and transact didn't return an error.
1227 }
1228 }
1229 } else {
1230 // One-way transaction, don't care about return value or reply.
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1231 }
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1232
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1233 //ALOGI("<<<< TRANSACT from pid %d restore pid %d sid %s uid %d\n",
1234 // mCallingPid, origPid, (origSid ? origSid : "<N/A>"), origUid);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1235
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1236 mCallingPid = origPid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1237 mCallingSid = origSid;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1238 mCallingUid = origUid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1239 mStrictModePolicy = origStrictModePolicy;
1240 mLastTransactionBinderFlags = origTransactionBinderFlags;
Christopher Tate7c4dfec2010-03-18 17:55:03 -0700[diff] [blame]1241
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1242 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1243 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj "
1244 << tr.target.ptr << ": " << indent << reply << dedent << endl;
1245 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1246
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1247 }
1248 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1249
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1250 case BR_DEAD_BINDER:
1251 {
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]1252 BpHwBinder *proxy = (BpHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1253 proxy->sendObituary();
1254 mOut.writeInt32(BC_DEAD_BINDER_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1255 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1256 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1257
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1258 case BR_CLEAR_DEATH_NOTIFICATION_DONE:
1259 {
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]1260 BpHwBinder *proxy = (BpHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1261 proxy->getWeakRefs()->decWeak(proxy);
1262 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1263
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1264 case BR_FINISHED:
1265 result = TIMED_OUT;
1266 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1267
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1268 case BR_NOOP:
1269 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1270
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1271 case BR_SPAWN_LOOPER:
1272 mProcess->spawnPooledThread(false);
1273 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1274
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1275 default:
1276 printf("*** BAD COMMAND %d received from Binder driver\n", cmd);
1277 result = UNKNOWN_ERROR;
1278 break;
1279 }
1280
1281 if (result != NO_ERROR) {
1282 mLastError = result;
1283 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1284
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1285 return result;
1286}
1287
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]1288bool IPCThreadState::isServingCall() const
1289{
1290 return mIPCThreadStateBase->getCurrentBinderCallState() == IPCThreadStateBase::CallState::HWBINDER;
1291}
1292
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1293void IPCThreadState::threadDestructor(void *st)
1294{
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]1295 IPCThreadState* const self = static_cast<IPCThreadState*>(st);
1296 if (self) {
1297 self->flushCommands();
Elliott Hughese5e70552015-08-12 15:27:47 -0700[diff] [blame]1298#if defined(__ANDROID__)
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]1299 if (self->mProcess->mDriverFD > 0) {
1300 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0);
1301 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1302#endif
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]1303 delete self;
1304 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1305}
1306
1307
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]1308void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data,
1309 size_t /*dataSize*/,
1310 const binder_size_t* /*objects*/,
1311 size_t /*objectsSize*/, void* /*cookie*/)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1312{
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]1313 //ALOGI("Freeing parcel %p", &parcel);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1314 IF_LOG_COMMANDS() {
1315 alog << "Writing BC_FREE_BUFFER for " << data << endl;
1316 }
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]1317 ALOG_ASSERT(data != nullptr, "Called with NULL data");
1318 if (parcel != nullptr) parcel->closeFileDescriptors();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1319 IPCThreadState* state = self();
1320 state->mOut.writeInt32(BC_FREE_BUFFER);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1321 state->mOut.writePointer((uintptr_t)data);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1322}
1323
Martijn Coenenf75a23d2016-08-01 11:55:17 +0200[diff] [blame]1324}; // namespace hardware
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1325}; // namespace android