Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / libhwbinder / refs/heads/int/12/fp4 / . / IPCThreadState.cpp
blob: aa050fcbaa3e13a494e1ec815e0508a3150f9af5 [file] [log] [blame]
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1/*
2 * Copyright (C) 2005 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Steven Morelandc4dd2102017-02-23 13:57:21 -0800[diff] [blame]17#define LOG_TAG "hw-IPCThreadState"
Jason Parks2b17f142009-11-03 12:14:38 -0800[diff] [blame]18
Martijn Coenen4080edc2016-05-04 14:17:02 +0200[diff] [blame]19#include <hwbinder/IPCThreadState.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]20
Martijn Coenen4080edc2016-05-04 14:17:02 +0200[diff] [blame]21#include <hwbinder/Binder.h>
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]22#include <hwbinder/BpHwBinder.h>
Mathias Agopian4ea13dc2013-05-06 20:20:50 -0700[diff] [blame]23
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]24#include <android-base/macros.h>
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]25#include <utils/CallStack.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]26#include <utils/Log.h>
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]27#include <utils/SystemClock.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]28#include <utils/threads.h>
29
Steven Moreland48adadd2019-09-05 17:04:38 -0700[diff] [blame]30#include "binder_kernel.h"
Martijn Coenene01f4f22016-05-12 12:33:28 +0200[diff] [blame]31#include <hwbinder/Static.h>
Steven Moreland507238e2020-07-14 22:12:20 +0000[diff] [blame]32#include "TextOutput.h"
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]33
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]34#include <atomic>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]35#include <errno.h>
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]36#include <inttypes.h>
Steven Morelandd9bdb652019-09-17 15:42:45 -0700[diff] [blame]37#include <linux/sched.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]38#include <pthread.h>
Yabin Cuibbef2ba2015-01-26 19:45:47 -0800[diff] [blame]39#include <signal.h>
40#include <stdio.h>
41#include <sys/ioctl.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]42#include <sys/resource.h>
Yabin Cuibbef2ba2015-01-26 19:45:47 -0800[diff] [blame]43#include <unistd.h>
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]44
45#if LOG_NDEBUG
46
47#define IF_LOG_TRANSACTIONS() if (false)
48#define IF_LOG_COMMANDS() if (false)
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]49#define LOG_REMOTEREFS(...)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]50#define IF_LOG_REMOTEREFS() if (false)
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]51#define LOG_THREADPOOL(...)
52#define LOG_ONEWAY(...)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]53
54#else
55
Steve Block5854b912011-10-12 17:27:03 +0100[diff] [blame]56#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact")
57#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc")
58#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__)
59#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs")
60#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__)
61#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]62
63#endif
64
65// ---------------------------------------------------------------------------
66
67namespace android {
Martijn Coenenf75a23d2016-08-01 11:55:17 +0200[diff] [blame]68namespace hardware {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]69
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]70// Static const and functions will be optimized out if not used,
71// when LOG_NDEBUG and references in IF_LOG_COMMANDS() are optimized out.
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]72static const char *kReturnStrings[] = {
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]73 "BR_ERROR",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]74 "BR_OK",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]75 "BR_TRANSACTION",
76 "BR_REPLY",
77 "BR_ACQUIRE_RESULT",
78 "BR_DEAD_REPLY",
79 "BR_TRANSACTION_COMPLETE",
80 "BR_INCREFS",
81 "BR_ACQUIRE",
82 "BR_RELEASE",
83 "BR_DECREFS",
84 "BR_ATTEMPT_ACQUIRE",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]85 "BR_NOOP",
86 "BR_SPAWN_LOOPER",
87 "BR_FINISHED",
88 "BR_DEAD_BINDER",
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]89 "BR_CLEAR_DEATH_NOTIFICATION_DONE",
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]90 "BR_FAILED_REPLY",
Hang Lud1388da2021-03-24 14:30:06 +0800[diff] [blame]91 "BR_FROZEN_REPLY",
92 "BR_ONEWAY_SPAM_SUSPECT",
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]93 "BR_TRANSACTION_SEC_CTX",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]94};
95
96static const char *kCommandStrings[] = {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]97 "BC_TRANSACTION",
98 "BC_REPLY",
99 "BC_ACQUIRE_RESULT",
100 "BC_FREE_BUFFER",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]101 "BC_INCREFS",
102 "BC_ACQUIRE",
103 "BC_RELEASE",
104 "BC_DECREFS",
105 "BC_INCREFS_DONE",
106 "BC_ACQUIRE_DONE",
107 "BC_ATTEMPT_ACQUIRE",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]108 "BC_REGISTER_LOOPER",
109 "BC_ENTER_LOOPER",
110 "BC_EXIT_LOOPER",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]111 "BC_REQUEST_DEATH_NOTIFICATION",
112 "BC_CLEAR_DEATH_NOTIFICATION",
113 "BC_DEAD_BINDER_DONE"
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]114};
115
songjinshi7219c162016-10-18 21:05:56 +0800[diff] [blame]116static const char* getReturnString(uint32_t cmd)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]117{
songjinshi0c28fdf2019-04-04 11:22:52 +0800[diff] [blame]118 size_t idx = cmd & _IOC_NRMASK;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]119 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0]))
120 return kReturnStrings[idx];
121 else
122 return "unknown";
123}
124
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]125static const void* printBinderTransactionData(TextOutput& out, const void* data)
126{
127 const binder_transaction_data* btd =
128 (const binder_transaction_data*)data;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]129 if (btd->target.handle < 1024) {
130 /* want to print descriptors in decimal; guess based on value */
131 out << "target.desc=" << btd->target.handle;
132 } else {
133 out << "target.ptr=" << btd->target.ptr;
134 }
135 out << " (cookie " << btd->cookie << ")" << endl
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]136 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)(long)btd->flags << endl
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]137 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size
138 << " bytes)" << endl
139 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]140 << " bytes)";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]141 return btd+1;
142}
143
144static const void* printReturnCommand(TextOutput& out, const void* _cmd)
145{
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]146 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]147 const int32_t* cmd = (const int32_t*)_cmd;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]148 uint32_t code = (uint32_t)*cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]149 size_t cmdIndex = code & 0xff;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]150 if (code == BR_ERROR) {
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]151 out << "BR_ERROR: " << (void*)(long)(*cmd++) << endl;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]152 return cmd;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]153 } else if (cmdIndex >= N) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]154 out << "Unknown reply: " << code << endl;
155 return cmd;
156 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]157 out << kReturnStrings[cmdIndex];
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]158
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]159 switch (code) {
160 case BR_TRANSACTION:
161 case BR_REPLY: {
162 out << ": " << indent;
163 cmd = (const int32_t *)printBinderTransactionData(out, cmd);
164 out << dedent;
165 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]166
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]167 case BR_ACQUIRE_RESULT: {
168 const int32_t res = *cmd++;
169 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)");
170 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]171
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]172 case BR_INCREFS:
173 case BR_ACQUIRE:
174 case BR_RELEASE:
175 case BR_DECREFS: {
176 const int32_t b = *cmd++;
177 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]178 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]179 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]180
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]181 case BR_ATTEMPT_ACQUIRE: {
182 const int32_t p = *cmd++;
183 const int32_t b = *cmd++;
184 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]185 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]186 << "), pri=" << p;
187 } break;
188
189 case BR_DEAD_BINDER:
190 case BR_CLEAR_DEATH_NOTIFICATION_DONE: {
191 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]192 out << ": death cookie " << (void*)(long)c;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]193 } break;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]194
195 default:
196 // no details to show for: BR_OK, BR_DEAD_REPLY,
197 // BR_TRANSACTION_COMPLETE, BR_FINISHED
198 break;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]199 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]200
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]201 out << endl;
202 return cmd;
203}
204
205static const void* printCommand(TextOutput& out, const void* _cmd)
206{
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]207 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]208 const int32_t* cmd = (const int32_t*)_cmd;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]209 uint32_t code = (uint32_t)*cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]210 size_t cmdIndex = code & 0xff;
211
212 if (cmdIndex >= N) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]213 out << "Unknown command: " << code << endl;
214 return cmd;
215 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]216 out << kCommandStrings[cmdIndex];
217
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]218 switch (code) {
219 case BC_TRANSACTION:
220 case BC_REPLY: {
221 out << ": " << indent;
222 cmd = (const int32_t *)printBinderTransactionData(out, cmd);
223 out << dedent;
224 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]225
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]226 case BC_ACQUIRE_RESULT: {
227 const int32_t res = *cmd++;
228 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)");
229 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]230
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]231 case BC_FREE_BUFFER: {
232 const int32_t buf = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]233 out << ": buffer=" << (void*)(long)buf;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]234 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]235
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]236 case BC_INCREFS:
237 case BC_ACQUIRE:
238 case BC_RELEASE:
239 case BC_DECREFS: {
240 const int32_t d = *cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]241 out << ": desc=" << d;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]242 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]243
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]244 case BC_INCREFS_DONE:
245 case BC_ACQUIRE_DONE: {
246 const int32_t b = *cmd++;
247 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]248 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]249 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]250
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]251 case BC_ATTEMPT_ACQUIRE: {
252 const int32_t p = *cmd++;
253 const int32_t d = *cmd++;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]254 out << ": desc=" << d << ", pri=" << p;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]255 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]256
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]257 case BC_REQUEST_DEATH_NOTIFICATION:
258 case BC_CLEAR_DEATH_NOTIFICATION: {
259 const int32_t h = *cmd++;
260 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]261 out << ": handle=" << h << " (death cookie " << (void*)(long)c << ")";
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]262 } break;
263
264 case BC_DEAD_BINDER_DONE: {
265 const int32_t c = *cmd++;
Chih-Hung Hsieh30dcad72014-10-24 14:10:09 -0700[diff] [blame]266 out << ": death cookie " << (void*)(long)c;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]267 } break;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]268
269 default:
270 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER,
271 // BC_EXIT_LOOPER
272 break;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]273 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]274
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]275 out << endl;
276 return cmd;
277}
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]278
279static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER;
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]280static std::atomic<bool> gHaveTLS = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]281static pthread_key_t gTLS = 0;
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]282static std::atomic<bool> gShutdown = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]283
284IPCThreadState* IPCThreadState::self()
285{
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]286 if (gHaveTLS.load(std::memory_order_acquire)) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]287restart:
288 const pthread_key_t k = gTLS;
289 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k);
290 if (st) return st;
291 return new IPCThreadState;
292 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]293
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]294 // Racey, heuristic test for simultaneous shutdown.
295 if (gShutdown.load(std::memory_order_relaxed)) {
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]296 ALOGW("Calling IPCThreadState::self() during shutdown is dangerous, expect a crash.\n");
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]297 return nullptr;
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]298 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]299
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]300 pthread_mutex_lock(&gTLSMutex);
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]301 if (!gHaveTLS.load(std::memory_order_relaxed)) {
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]302 int key_create_value = pthread_key_create(&gTLS, threadDestructor);
303 if (key_create_value != 0) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]304 pthread_mutex_unlock(&gTLSMutex);
Andreas Gampe1d5dc2b2016-02-01 13:21:56 -0800[diff] [blame]305 ALOGW("IPCThreadState::self() unable to create TLS key, expect a crash: %s\n",
306 strerror(key_create_value));
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]307 return nullptr;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]308 }
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]309 gHaveTLS.store(true, std::memory_order_release);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]310 }
311 pthread_mutex_unlock(&gTLSMutex);
312 goto restart;
313}
314
Brad Fitzpatrick77949942010-12-13 16:52:35 -0800[diff] [blame]315IPCThreadState* IPCThreadState::selfOrNull()
316{
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]317 if (gHaveTLS.load(std::memory_order_acquire)) {
Brad Fitzpatrick77949942010-12-13 16:52:35 -0800[diff] [blame]318 const pthread_key_t k = gTLS;
319 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k);
320 return st;
321 }
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]322 return nullptr;
Brad Fitzpatrick77949942010-12-13 16:52:35 -0800[diff] [blame]323}
324
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]325void IPCThreadState::shutdown()
326{
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]327 gShutdown.store(true, std::memory_order_relaxed);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]328
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]329 if (gHaveTLS.load(std::memory_order_acquire)) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]330 // XXX Need to wait for all thread pool threads to exit!
331 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS);
332 if (st) {
333 delete st;
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]334 pthread_setspecific(gTLS, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]335 }
zhongjie8e8a0252016-03-09 15:05:04 +0800[diff] [blame]336 pthread_key_delete(gTLS);
Hans Boehm33a4cc72019-04-12 17:08:36 -0700[diff] [blame]337 gHaveTLS.store(false, std::memory_order_release);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]338 }
339}
340
341sp<ProcessState> IPCThreadState::process()
342{
343 return mProcess;
344}
345
346status_t IPCThreadState::clearLastError()
347{
348 const status_t err = mLastError;
349 mLastError = NO_ERROR;
350 return err;
351}
352
Dan Stozae8da8a42014-11-26 12:23:23 -0800[diff] [blame]353pid_t IPCThreadState::getCallingPid() const
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]354{
355 return mCallingPid;
356}
357
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]358const char* IPCThreadState::getCallingSid() const
359{
360 return mCallingSid;
361}
362
Dan Stozae8da8a42014-11-26 12:23:23 -0800[diff] [blame]363uid_t IPCThreadState::getCallingUid() const
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]364{
365 return mCallingUid;
366}
367
368int64_t IPCThreadState::clearCallingIdentity()
369{
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]370 // ignore mCallingSid for legacy reasons
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]371 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid;
372 clearCaller();
373 return token;
374}
375
Brad Fitzpatrick94c36342010-06-18 13:07:53 -0700[diff] [blame]376void IPCThreadState::setStrictModePolicy(int32_t policy)
377{
378 mStrictModePolicy = policy;
379}
380
Brad Fitzpatrick3f4ef592010-07-07 16:06:39 -0700[diff] [blame]381int32_t IPCThreadState::getStrictModePolicy() const
382{
Brad Fitzpatrick94c36342010-06-18 13:07:53 -0700[diff] [blame]383 return mStrictModePolicy;
384}
385
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]386void IPCThreadState::setLastTransactionBinderFlags(int32_t flags)
387{
388 mLastTransactionBinderFlags = flags;
389}
390
391int32_t IPCThreadState::getLastTransactionBinderFlags() const
392{
393 return mLastTransactionBinderFlags;
394}
395
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]396void IPCThreadState::restoreCallingIdentity(int64_t token)
397{
398 mCallingUid = (int)(token>>32);
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]399 mCallingSid = nullptr; // not enough data to restore
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]400 mCallingPid = (int)token;
401}
402
403void IPCThreadState::clearCaller()
404{
Marco Nelissenb4f35d02009-07-17 07:59:17 -0700[diff] [blame]405 mCallingPid = getpid();
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]406 mCallingSid = nullptr; // expensive to lookup
Marco Nelissenb4f35d02009-07-17 07:59:17 -0700[diff] [blame]407 mCallingUid = getuid();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]408}
409
410void IPCThreadState::flushCommands()
411{
Steven Morelandd2c941f2021-01-21 22:37:21 +0000[diff] [blame]412 if (mProcess->mDriverFD < 0)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]413 return;
414 talkWithDriver(false);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]415 // The flush could have caused post-write refcount decrements to have
416 // been executed, which in turn could result in BC_RELEASE/BC_DECREFS
417 // being queued in mOut. So flush again, if we need to.
418 if (mOut.dataSize() > 0) {
419 talkWithDriver(false);
420 }
421 if (mOut.dataSize() > 0) {
422 ALOGW("mOut.dataSize() > 0 after flushCommands()");
423 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]424}
425
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]426status_t IPCThreadState::getAndExecuteCommand()
427{
428 status_t result;
429 int32_t cmd;
430
431 result = talkWithDriver();
432 if (result >= NO_ERROR) {
433 size_t IN = mIn.dataAvail();
434 if (IN < sizeof(int32_t)) return result;
435 cmd = mIn.readInt32();
436 IF_LOG_COMMANDS() {
437 alog << "Processing top-level Command: "
438 << getReturnString(cmd) << endl;
439 }
440
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]441 pthread_mutex_lock(&mProcess->mThreadCountLock);
442 mProcess->mExecutingThreadsCount++;
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]443 if (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads &&
Martijn Coenen0ce07ce2017-07-14 15:37:25 +0200[diff] [blame]444 mProcess->mMaxThreads > 1 && mProcess->mStarvationStartTimeMs == 0) {
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]445 mProcess->mStarvationStartTimeMs = uptimeMillis();
446 }
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]447 pthread_mutex_unlock(&mProcess->mThreadCountLock);
448
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]449 result = executeCommand(cmd);
450
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]451 pthread_mutex_lock(&mProcess->mThreadCountLock);
452 mProcess->mExecutingThreadsCount--;
Wei Wangdf7f40d2018-03-29 15:41:59 -0700[diff] [blame]453 if (mProcess->mExecutingThreadsCount < mProcess->mMaxThreads &&
Martijn Coenen0ce07ce2017-07-14 15:37:25 +0200[diff] [blame]454 mProcess->mStarvationStartTimeMs != 0) {
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]455 int64_t starvationTimeMs = uptimeMillis() - mProcess->mStarvationStartTimeMs;
456 if (starvationTimeMs > 100) {
Wei Wangdf7f40d2018-03-29 15:41:59 -0700[diff] [blame]457 // If there is only a single-threaded client, nobody would be blocked
458 // on this, and it's not really starvation. (see b/37647467)
459 ALOGW("All binder threads in pool (%zu threads) busy for %" PRId64 " ms%s",
460 mProcess->mMaxThreads, starvationTimeMs,
461 mProcess->mMaxThreads > 1 ? "" : " (may be a false alarm)");
Colin Crossb1dc6542016-04-15 14:29:55 -0700[diff] [blame]462 }
463 mProcess->mStarvationStartTimeMs = 0;
464 }
Wale Ogunwale2e604f02015-04-13 16:16:10 -0700[diff] [blame]465 pthread_mutex_unlock(&mProcess->mThreadCountLock);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]466 }
467
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]468 if (UNLIKELY(!mPostCommandTasks.empty())) {
469 // make a copy in case the post transaction task makes a binder
470 // call and that other process calls back into us
471 std::vector<std::function<void(void)>> tasks = mPostCommandTasks;
472 mPostCommandTasks.clear();
Chih-Hung Hsiehe8675522018-12-12 14:42:24 -0800[diff] [blame]473 for (const auto& func : tasks) {
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]474 func();
475 }
476 }
477
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]478 return result;
479}
480
481// When we've cleared the incoming command queue, process any pending derefs
482void IPCThreadState::processPendingDerefs()
483{
484 if (mIn.dataPosition() >= mIn.dataSize()) {
Martijn Coenenc9f105b2017-08-08 15:36:16 +0200[diff] [blame]485 /*
486 * The decWeak()/decStrong() calls may cause a destructor to run,
487 * which in turn could have initiated an outgoing transaction,
488 * which in turn could cause us to add to the pending refs
489 * vectors; so instead of simply iterating, loop until they're empty.
490 *
491 * We do this in an outer loop, because calling decStrong()
492 * may result in something being added to mPendingWeakDerefs,
493 * which could be delayed until the next incoming command
494 * from the driver if we don't process it now.
495 */
496 while (mPendingWeakDerefs.size() > 0 || mPendingStrongDerefs.size() > 0) {
497 while (mPendingWeakDerefs.size() > 0) {
498 RefBase::weakref_type* refs = mPendingWeakDerefs[0];
499 mPendingWeakDerefs.removeAt(0);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]500 refs->decWeak(mProcess.get());
501 }
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]502
Martijn Coenenc9f105b2017-08-08 15:36:16 +0200[diff] [blame]503 if (mPendingStrongDerefs.size() > 0) {
504 // We don't use while() here because we don't want to re-order
505 // strong and weak decs at all; if this decStrong() causes both a
506 // decWeak() and a decStrong() to be queued, we want to process
507 // the decWeak() first.
508 BHwBinder* obj = mPendingStrongDerefs[0];
509 mPendingStrongDerefs.removeAt(0);
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]510 obj->decStrong(mProcess.get());
511 }
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]512 }
513 }
514}
515
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]516void IPCThreadState::processPostWriteDerefs()
517{
518 /*
519 * libhwbinder has a flushCommands() in the BpHwBinder destructor,
520 * which makes this function (potentially) reentrant.
521 * New entries shouldn't be added though, so just iterating until empty
522 * should be safe.
523 */
524 while (mPostWriteWeakDerefs.size() > 0) {
525 RefBase::weakref_type* refs = mPostWriteWeakDerefs[0];
526 mPostWriteWeakDerefs.removeAt(0);
527 refs->decWeak(mProcess.get());
528 }
529
530 while (mPostWriteStrongDerefs.size() > 0) {
531 RefBase* obj = mPostWriteStrongDerefs[0];
532 mPostWriteStrongDerefs.removeAt(0);
533 obj->decStrong(mProcess.get());
534 }
535}
536
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]537void IPCThreadState::joinThreadPool(bool isMain)
538{
539 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid());
540
541 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]542
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]543 status_t result;
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]544 mIsLooper = true;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]545 do {
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]546 processPendingDerefs();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]547 // now get the next command to be processed, waiting if necessary
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]548 result = getAndExecuteCommand();
Jason Parks2b17f142009-11-03 12:14:38 -0800[diff] [blame]549
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]550 if (result < NO_ERROR && result != TIMED_OUT && result != -ECONNREFUSED && result != -EBADF) {
Steven Moreland03389522019-09-25 13:18:09 -0700[diff] [blame]551 LOG_ALWAYS_FATAL("getAndExecuteCommand(fd=%d) returned unexpected error %d, aborting",
Jeff Tinkeree711ec2013-06-11 11:30:21 -0700[diff] [blame]552 mProcess->mDriverFD, result);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]553 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]554
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]555 // Let this thread exit the thread pool if it is no longer
556 // needed and it is not the main process thread.
557 if(result == TIMED_OUT && !isMain) {
558 break;
559 }
560 } while (result != -ECONNREFUSED && result != -EBADF);
561
Wei Wang8a2e8ac2016-10-14 09:54:27 -0700[diff] [blame]562 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%d\n",
563 (void*)pthread_self(), getpid(), result);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]564
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]565 mOut.writeInt32(BC_EXIT_LOOPER);
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]566 mIsLooper = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]567 talkWithDriver(false);
568}
569
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]570int IPCThreadState::setupPolling(int* fd)
571{
Steven Morelandd2c941f2021-01-21 22:37:21 +0000[diff] [blame]572 if (mProcess->mDriverFD < 0) {
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]573 return -EBADF;
574 }
575
Martijn Coenen80b88ab2017-09-25 14:50:05 +0200[diff] [blame]576 // Tells the kernel to not spawn any additional binder threads,
577 // as that won't work with polling. Also, the caller is responsible
578 // for subsequently calling handlePolledCommands()
579 mProcess->setThreadPoolConfiguration(1, true /* callerWillJoin */);
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]580 mIsPollingThread = true;
Martijn Coenen80b88ab2017-09-25 14:50:05 +0200[diff] [blame]581
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]582 mOut.writeInt32(BC_ENTER_LOOPER);
583 *fd = mProcess->mDriverFD;
584 return 0;
585}
586
587status_t IPCThreadState::handlePolledCommands()
588{
589 status_t result;
590
591 do {
592 result = getAndExecuteCommand();
593 } while (mIn.dataPosition() < mIn.dataSize());
594
595 processPendingDerefs();
596 flushCommands();
597 return result;
598}
599
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]600void IPCThreadState::stopProcess(bool /*immediate*/)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]601{
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]602 //ALOGI("**** STOPPING PROCESS");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]603 flushCommands();
604 int fd = mProcess->mDriverFD;
605 mProcess->mDriverFD = -1;
606 close(fd);
607 //kill(getpid(), SIGKILL);
608}
609
610status_t IPCThreadState::transact(int32_t handle,
611 uint32_t code, const Parcel& data,
612 Parcel* reply, uint32_t flags)
613{
Ganesh Mahendrance45b892017-10-11 18:05:13 +0800[diff] [blame]614 status_t err;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]615
616 flags |= TF_ACCEPT_FDS;
617
618 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]619 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand "
620 << handle << " / code " << TypeCode(code) << ": "
621 << indent << data << dedent << endl;
622 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]623
Ganesh Mahendrance45b892017-10-11 18:05:13 +0800[diff] [blame]624 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(),
625 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY");
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]626 err = writeTransactionData(BC_TRANSACTION_SG, flags, handle, code, data, nullptr);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]627
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]628 if (err != NO_ERROR) {
629 if (reply) reply->setError(err);
630 return (mLastError = err);
631 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]632
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]633 if ((flags & TF_ONE_WAY) == 0) {
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]634 if (UNLIKELY(mCallRestriction != ProcessState::CallRestriction::NONE)) {
635 if (mCallRestriction == ProcessState::CallRestriction::ERROR_IF_NOT_ONEWAY) {
Steven Moreland2774cbd2019-05-13 11:46:01 -0700[diff] [blame]636 ALOGE("Process making non-oneway call (code: %u) but is restricted.", code);
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]637 CallStack::logStack("non-oneway call", CallStack::getCurrent(10).get(),
638 ANDROID_LOG_ERROR);
639 } else /* FATAL_IF_NOT_ONEWAY */ {
Steven Moreland2774cbd2019-05-13 11:46:01 -0700[diff] [blame]640 LOG_ALWAYS_FATAL("Process may not make oneway calls (code: %u).", code);
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]641 }
642 }
643
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]644 #if 0
645 if (code == 4) { // relayout
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]646 ALOGI(">>>>>> CALLING transaction 4");
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]647 } else {
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]648 ALOGI(">>>>>> CALLING transaction %d", code);
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]649 }
650 #endif
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]651 if (reply) {
652 err = waitForResponse(reply);
653 } else {
654 Parcel fakeReply;
655 err = waitForResponse(&fakeReply);
656 }
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]657 #if 0
658 if (code == 4) { // relayout
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]659 ALOGI("<<<<<< RETURNING transaction 4");
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]660 } else {
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]661 ALOGI("<<<<<< RETURNING transaction %d", code);
Dianne Hackborn98878262010-09-24 11:16:23 -0700[diff] [blame]662 }
663 #endif
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]664
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]665 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]666 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand "
667 << handle << ": ";
668 if (reply) alog << indent << *reply << dedent << endl;
669 else alog << "(none requested)" << endl;
670 }
671 } else {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]672 err = waitForResponse(nullptr, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]673 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]674
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]675 return err;
676}
677
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]678void IPCThreadState::incStrongHandle(int32_t handle, BpHwBinder *proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]679{
680 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle);
681 mOut.writeInt32(BC_ACQUIRE);
682 mOut.writeInt32(handle);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]683 // Create a temp reference until the driver has handled this command.
684 proxy->incStrong(mProcess.get());
685 mPostWriteStrongDerefs.push(proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]686}
687
688void IPCThreadState::decStrongHandle(int32_t handle)
689{
690 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle);
691 mOut.writeInt32(BC_RELEASE);
692 mOut.writeInt32(handle);
693}
694
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]695void IPCThreadState::incWeakHandle(int32_t handle, BpHwBinder *proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]696{
697 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle);
698 mOut.writeInt32(BC_INCREFS);
699 mOut.writeInt32(handle);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]700 // Create a temp reference until the driver has handled this command.
701 proxy->getWeakRefs()->incWeak(mProcess.get());
702 mPostWriteWeakDerefs.push(proxy->getWeakRefs());
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]703}
704
705void IPCThreadState::decWeakHandle(int32_t handle)
706{
707 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle);
708 mOut.writeInt32(BC_DECREFS);
709 mOut.writeInt32(handle);
710}
711
712status_t IPCThreadState::attemptIncStrongHandle(int32_t handle)
713{
Arve Hjønnevåg304dcae2014-02-14 20:14:02 -0800[diff] [blame]714#if HAS_BC_ATTEMPT_ACQUIRE
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]715 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]716 mOut.writeInt32(BC_ATTEMPT_ACQUIRE);
717 mOut.writeInt32(0); // xxx was thread priority
718 mOut.writeInt32(handle);
719 status_t result = UNKNOWN_ERROR;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]720
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]721 waitForResponse(nullptr, &result);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]722
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]723#if LOG_REFCOUNTS
liangweikang2fbdf842016-10-25 16:37:54 +0800[diff] [blame]724 ALOGV("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n",
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]725 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE");
726#endif
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]727
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]728 return result;
Arve Hjønnevåg304dcae2014-02-14 20:14:02 -0800[diff] [blame]729#else
730 (void)handle;
731 ALOGE("%s(%d): Not supported\n", __func__, handle);
732 return INVALID_OPERATION;
733#endif
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]734}
735
736void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder)
737{
738#if LOG_REFCOUNTS
liangweikang2fbdf842016-10-25 16:37:54 +0800[diff] [blame]739 ALOGV("IPCThreadState::expungeHandle(%ld)\n", handle);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]740#endif
Yunlian Jiang6b65ac32017-09-19 15:51:07 -0700[diff] [blame]741 self()->mProcess->expungeHandle(handle, binder); // NOLINT
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]742}
743
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]744status_t IPCThreadState::requestDeathNotification(int32_t handle, BpHwBinder* proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]745{
746 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION);
747 mOut.writeInt32((int32_t)handle);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]748 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]749 return NO_ERROR;
750}
751
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]752status_t IPCThreadState::clearDeathNotification(int32_t handle, BpHwBinder* proxy)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]753{
754 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION);
755 mOut.writeInt32((int32_t)handle);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]756 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]757 return NO_ERROR;
758}
759
760IPCThreadState::IPCThreadState()
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]761 : mProcess(ProcessState::self()),
Steven Morelande3785d02020-01-31 14:58:48 -0800[diff] [blame]762 mServingStackPointer(nullptr),
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]763 mStrictModePolicy(0),
Martijn Coenen9bd3d3b2017-12-12 09:29:14 +0100[diff] [blame]764 mLastTransactionBinderFlags(0),
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]765 mIsLooper(false),
Steven Moreland14603002019-01-02 17:54:16 -0800[diff] [blame]766 mIsPollingThread(false),
767 mCallRestriction(mProcess->mCallRestriction) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]768 pthread_setspecific(gTLS, this);
Dianne Hackborn5f4d7e82009-12-07 17:59:37 -0800[diff] [blame]769 clearCaller();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]770 mIn.setDataCapacity(256);
771 mOut.setDataCapacity(256);
772}
773
774IPCThreadState::~IPCThreadState()
775{
776}
777
778status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags)
779{
780 status_t err;
781 status_t statusBuffer;
Martijn Coenend39a1682016-06-03 21:27:28 +0200[diff] [blame]782 err = writeTransactionData(BC_REPLY_SG, flags, -1, 0, reply, &statusBuffer);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]783 if (err < NO_ERROR) return err;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]784
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]785 return waitForResponse(nullptr, nullptr);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]786}
787
788status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult)
789{
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]790 uint32_t cmd;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]791 int32_t err;
792
793 while (1) {
794 if ((err=talkWithDriver()) < NO_ERROR) break;
795 err = mIn.errorCheck();
796 if (err < NO_ERROR) break;
797 if (mIn.dataAvail() == 0) continue;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]798
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]799 cmd = (uint32_t)mIn.readInt32();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]800
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]801 IF_LOG_COMMANDS() {
802 alog << "Processing waitForResponse Command: "
803 << getReturnString(cmd) << endl;
804 }
805
806 switch (cmd) {
Hang Lud1388da2021-03-24 14:30:06 +0800[diff] [blame]807 case BR_ONEWAY_SPAM_SUSPECT:
808 ALOGE("Process seems to be sending too many oneway calls.");
809 CallStack::logStack("oneway spamming", CallStack::getCurrent().get(),
810 ANDROID_LOG_ERROR);
811 [[fallthrough]];
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]812 case BR_TRANSACTION_COMPLETE:
813 if (!reply && !acquireResult) goto finish;
814 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]815
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]816 case BR_DEAD_REPLY:
817 err = DEAD_OBJECT;
818 goto finish;
819
820 case BR_FAILED_REPLY:
821 err = FAILED_TRANSACTION;
822 goto finish;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]823
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]824 case BR_ACQUIRE_RESULT:
825 {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]826 ALOG_ASSERT(acquireResult != nullptr, "Unexpected brACQUIRE_RESULT");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]827 const int32_t result = mIn.readInt32();
828 if (!acquireResult) continue;
829 *acquireResult = result ? NO_ERROR : INVALID_OPERATION;
830 }
831 goto finish;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]832
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]833 case BR_REPLY:
834 {
835 binder_transaction_data tr;
836 err = mIn.read(&tr, sizeof(tr));
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]837 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY");
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]838 if (err != NO_ERROR) goto finish;
839
840 if (reply) {
841 if ((tr.flags & TF_STATUS_CODE) == 0) {
842 reply->ipcSetDataReference(
843 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
844 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]845 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
846 tr.offsets_size/sizeof(binder_size_t),
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]847 freeBuffer, this);
848 } else {
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]849 err = *reinterpret_cast<const status_t*>(tr.data.ptr.buffer);
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]850 freeBuffer(nullptr,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]851 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
852 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]853 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
854 tr.offsets_size/sizeof(binder_size_t), this);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]855 }
856 } else {
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]857 freeBuffer(nullptr,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]858 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
859 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]860 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
861 tr.offsets_size/sizeof(binder_size_t), this);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]862 continue;
863 }
864 }
865 goto finish;
866
867 default:
868 err = executeCommand(cmd);
869 if (err != NO_ERROR) goto finish;
870 break;
871 }
872 }
873
874finish:
875 if (err != NO_ERROR) {
876 if (acquireResult) *acquireResult = err;
877 if (reply) reply->setError(err);
878 mLastError = err;
879 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]880
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]881 return err;
882}
883
884status_t IPCThreadState::talkWithDriver(bool doReceive)
885{
Steven Morelandd2c941f2021-01-21 22:37:21 +0000[diff] [blame]886 if (mProcess->mDriverFD < 0) {
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]887 return -EBADF;
888 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]889
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]890 binder_write_read bwr;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]891
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]892 // Is the read buffer empty?
893 const bool needRead = mIn.dataPosition() >= mIn.dataSize();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]894
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]895 // We don't want to write anything if we are still reading
896 // from data left in the input buffer and the caller
897 // has requested to read the next data.
898 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]899
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]900 bwr.write_size = outAvail;
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]901 bwr.write_buffer = (uintptr_t)mOut.data();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]902
903 // This is what we'll read.
904 if (doReceive && needRead) {
905 bwr.read_size = mIn.dataCapacity();
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]906 bwr.read_buffer = (uintptr_t)mIn.data();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]907 } else {
908 bwr.read_size = 0;
Ben Cheng455a70a2011-12-01 17:11:32 -0800[diff] [blame]909 bwr.read_buffer = 0;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]910 }
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]911
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]912 IF_LOG_COMMANDS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]913 if (outAvail != 0) {
914 alog << "Sending commands to driver: " << indent;
915 const void* cmds = (const void*)bwr.write_buffer;
916 const void* end = ((const uint8_t*)cmds)+bwr.write_size;
917 alog << HexDump(cmds, bwr.write_size) << endl;
918 while (cmds < end) cmds = printCommand(alog, cmds);
919 alog << dedent;
920 }
921 alog << "Size of receive buffer: " << bwr.read_size
922 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl;
923 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]924
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]925 // Return immediately if there is nothing to do.
926 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR;
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]927
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]928 bwr.write_consumed = 0;
929 bwr.read_consumed = 0;
930 status_t err;
931 do {
932 IF_LOG_COMMANDS() {
933 alog << "About to read/write, write size = " << mOut.dataSize() << endl;
934 }
Elliott Hughese5e70552015-08-12 15:27:47 -0700[diff] [blame]935#if defined(__ANDROID__)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]936 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0)
937 err = NO_ERROR;
938 else
939 err = -errno;
940#else
941 err = INVALID_OPERATION;
942#endif
Steven Morelandd2c941f2021-01-21 22:37:21 +0000[diff] [blame]943 if (mProcess->mDriverFD < 0) {
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]944 err = -EBADF;
945 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]946 IF_LOG_COMMANDS() {
947 alog << "Finished read/write, write size = " << mOut.dataSize() << endl;
948 }
949 } while (err == -EINTR);
Andy McFadden457d51f2011-08-31 07:43:40 -0700[diff] [blame]950
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]951 IF_LOG_COMMANDS() {
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]952 alog << "Our err: " << (void*)(intptr_t)err << ", write consumed: "
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]953 << bwr.write_consumed << " (of " << mOut.dataSize()
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]954 << "), read consumed: " << bwr.read_consumed << endl;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]955 }
956
957 if (err >= NO_ERROR) {
958 if (bwr.write_consumed > 0) {
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]959 if (bwr.write_consumed < mOut.dataSize())
Steven Moreland89ea0492020-04-16 16:22:52 -0700[diff] [blame]960 LOG_ALWAYS_FATAL("Driver did not consume write buffer. "
961 "err: %s consumed: %zu of %zu",
962 statusToString(err).c_str(),
963 (size_t)bwr.write_consumed,
964 mOut.dataSize());
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]965 else {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]966 mOut.setDataSize(0);
Martijn Coenenb8253722018-05-23 15:33:22 +0200[diff] [blame]967 processPostWriteDerefs();
968 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]969 }
970 if (bwr.read_consumed > 0) {
971 mIn.setDataSize(bwr.read_consumed);
972 mIn.setDataPosition(0);
973 }
974 IF_LOG_COMMANDS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]975 alog << "Remaining data size: " << mOut.dataSize() << endl;
976 alog << "Received commands from driver: " << indent;
977 const void* cmds = mIn.data();
978 const void* end = mIn.data() + mIn.dataSize();
979 alog << HexDump(cmds, mIn.dataSize()) << endl;
980 while (cmds < end) cmds = printReturnCommand(alog, cmds);
981 alog << dedent;
982 }
983 return NO_ERROR;
984 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]985
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]986 return err;
987}
988
989status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
990 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer)
991{
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]992 binder_transaction_data_sg tr_sg;
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]993 /* Don't pass uninitialized stack data to a remote process */
994 tr_sg.transaction_data.target.ptr = 0;
995 tr_sg.transaction_data.target.handle = handle;
996 tr_sg.transaction_data.code = code;
997 tr_sg.transaction_data.flags = binderFlags;
998 tr_sg.transaction_data.cookie = 0;
999 tr_sg.transaction_data.sender_pid = 0;
1000 tr_sg.transaction_data.sender_euid = 0;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1001
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1002 const status_t err = data.errorCheck();
1003 if (err == NO_ERROR) {
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1004 tr_sg.transaction_data.data_size = data.ipcDataSize();
1005 tr_sg.transaction_data.data.ptr.buffer = data.ipcData();
1006 tr_sg.transaction_data.offsets_size = data.ipcObjectsCount()*sizeof(binder_size_t);
1007 tr_sg.transaction_data.data.ptr.offsets = data.ipcObjects();
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1008 tr_sg.buffers_size = data.ipcBufferSize();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1009 } else if (statusBuffer) {
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1010 tr_sg.transaction_data.flags |= TF_STATUS_CODE;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1011 *statusBuffer = err;
Christopher Ferris678434f2017-07-27 10:42:20 -0700[diff] [blame]1012 tr_sg.transaction_data.data_size = sizeof(status_t);
1013 tr_sg.transaction_data.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
1014 tr_sg.transaction_data.offsets_size = 0;
1015 tr_sg.transaction_data.data.ptr.offsets = 0;
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1016 tr_sg.buffers_size = 0;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1017 } else {
1018 return (mLastError = err);
1019 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1020
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1021 mOut.writeInt32(cmd);
Martijn Coenenfd51ebb2016-07-05 17:00:39 +0200[diff] [blame]1022 mOut.write(&tr_sg, sizeof(tr_sg));
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1023
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1024 return NO_ERROR;
1025}
1026
Steven Morelandb9518572019-04-02 18:13:21 -0700[diff] [blame]1027sp<BHwBinder> the_context_object;
1028
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1029void IPCThreadState::setTheContextObject(sp<BHwBinder> obj)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1030{
Steven Morelandb9518572019-04-02 18:13:21 -0700[diff] [blame]1031 the_context_object = obj;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1032}
1033
Martijn Coenen420d4bb2017-10-24 11:43:55 +0200[diff] [blame]1034bool IPCThreadState::isLooperThread()
1035{
1036 return mIsLooper;
1037}
1038
Tobias Lindskoga36d5762018-01-05 10:28:31 +0100[diff] [blame]1039bool IPCThreadState::isOnlyBinderThread() {
1040 return (mIsLooper && mProcess->mMaxThreads <= 1) || mIsPollingThread;
1041}
1042
Steven Morelandd7bbfdb2018-05-01 16:30:46 -0700[diff] [blame]1043void IPCThreadState::addPostCommandTask(const std::function<void(void)>& task) {
1044 mPostCommandTasks.push_back(task);
1045}
1046
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1047status_t IPCThreadState::executeCommand(int32_t cmd)
1048{
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1049 BHwBinder* obj;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1050 RefBase::weakref_type* refs;
1051 status_t result = NO_ERROR;
Bernhard Rosenkränzerb184ed02014-11-25 21:55:33 +0100[diff] [blame]1052 switch ((uint32_t)cmd) {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1053 case BR_ERROR:
1054 result = mIn.readInt32();
1055 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1056
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1057 case BR_OK:
1058 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1059
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1060 case BR_ACQUIRE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1061 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1062 obj = (BHwBinder*)mIn.readPointer();
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1063 ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1064 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)",
1065 refs, obj, refs->refBase());
1066 obj->incStrong(mProcess.get());
1067 IF_LOG_REMOTEREFS() {
1068 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj);
1069 obj->printRefs();
1070 }
1071 mOut.writeInt32(BC_ACQUIRE_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1072 mOut.writePointer((uintptr_t)refs);
1073 mOut.writePointer((uintptr_t)obj);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1074 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1075
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1076 case BR_RELEASE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1077 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1078 obj = (BHwBinder*)mIn.readPointer();
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1079 ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1080 "BR_RELEASE: object %p does not match cookie %p (expected %p)",
1081 refs, obj, refs->refBase());
1082 IF_LOG_REMOTEREFS() {
1083 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj);
1084 obj->printRefs();
1085 }
1086 mPendingStrongDerefs.push(obj);
1087 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1088
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1089 case BR_INCREFS:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1090 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1091 obj = (BHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1092 refs->incWeak(mProcess.get());
1093 mOut.writeInt32(BC_INCREFS_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1094 mOut.writePointer((uintptr_t)refs);
1095 mOut.writePointer((uintptr_t)obj);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1096 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1097
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1098 case BR_DECREFS:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1099 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1100 obj = (BHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1101 // NOTE: This assertion is not valid, because the object may no
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1102 // longer exist (thus the (BHwBinder*)cast above resulting in a different
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1103 // memory address).
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1104 //ALOG_ASSERT(refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1105 // "BR_DECREFS: object %p does not match cookie %p (expected %p)",
1106 // refs, obj, refs->refBase());
1107 mPendingWeakDerefs.push(refs);
1108 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1109
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1110 case BR_ATTEMPT_ACQUIRE:
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1111 refs = (RefBase::weakref_type*)mIn.readPointer();
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1112 obj = (BHwBinder*)mIn.readPointer();
1113
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1114 {
1115 const bool success = refs->attemptIncStrong(mProcess.get());
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1116 ALOG_ASSERT(success && refs->refBase() == obj,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1117 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)",
1118 refs, obj, refs->refBase());
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1119
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1120 mOut.writeInt32(BC_ACQUIRE_RESULT);
1121 mOut.writeInt32((int32_t)success);
1122 }
1123 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1124
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1125 case BR_TRANSACTION_SEC_CTX:
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1126 case BR_TRANSACTION:
1127 {
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1128 binder_transaction_data_secctx tr_secctx;
1129 binder_transaction_data& tr = tr_secctx.transaction_data;
1130
1131 if (cmd == BR_TRANSACTION_SEC_CTX) {
1132 result = mIn.read(&tr_secctx, sizeof(tr_secctx));
1133 } else {
1134 result = mIn.read(&tr, sizeof(tr));
1135 tr_secctx.secctx = 0;
1136 }
1137
Steve Blockd0bfabc2012-01-09 18:35:44 +0000[diff] [blame]1138 ALOG_ASSERT(result == NO_ERROR,
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1139 "Not enough command data for brTRANSACTION");
1140 if (result != NO_ERROR) break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1141
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1142 Parcel buffer;
1143 buffer.ipcSetDataReference(
1144 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
1145 tr.data_size,
Arve Hjønnevåga5440702014-01-28 20:12:59 -0800[diff] [blame]1146 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
1147 tr.offsets_size/sizeof(binder_size_t), freeBuffer, this);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1148
Steven Morelande3785d02020-01-31 14:58:48 -0800[diff] [blame]1149 const void* origServingStackPointer = mServingStackPointer;
1150 mServingStackPointer = &origServingStackPointer; // anything on the stack
1151
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1152 const pid_t origPid = mCallingPid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1153 const char* origSid = mCallingSid;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1154 const uid_t origUid = mCallingUid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1155 const int32_t origStrictModePolicy = mStrictModePolicy;
1156 const int32_t origTransactionBinderFlags = mLastTransactionBinderFlags;
1157
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1158 mCallingPid = tr.sender_pid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1159 mCallingSid = reinterpret_cast<const char*>(tr_secctx.secctx);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1160 mCallingUid = tr.sender_euid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1161 mLastTransactionBinderFlags = tr.flags;
1162
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1163 // ALOGI(">>>> TRANSACT from pid %d sid %s uid %d\n", mCallingPid,
1164 // (mCallingSid ? mCallingSid : "<N/A>"), mCallingUid);
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1165
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1166 Parcel reply;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1167 status_t error;
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1168 bool reply_sent = false;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1169 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1170 alog << "BR_TRANSACTION thr " << (void*)pthread_self()
1171 << " / obj " << tr.target.ptr << " / code "
1172 << TypeCode(tr.code) << ": " << indent << buffer
1173 << dedent << endl
1174 << "Data addr = "
1175 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer)
1176 << ", offsets addr="
1177 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl;
1178 }
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1179
Steven Morelanda80270c2020-11-19 21:08:28 +0000[diff] [blame]1180 constexpr size_t kForwardReplyFlags = TF_CLEAR_BUF;
1181
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1182 auto reply_callback = [&] (auto &replyParcel) {
1183 if (reply_sent) {
1184 // Reply was sent earlier, ignore it.
1185 ALOGE("Dropping binder reply, it was sent already.");
1186 return;
1187 }
1188 reply_sent = true;
1189 if ((tr.flags & TF_ONE_WAY) == 0) {
1190 replyParcel.setError(NO_ERROR);
Steven Morelanda80270c2020-11-19 21:08:28 +0000[diff] [blame]1191 sendReply(replyParcel, (tr.flags & kForwardReplyFlags));
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1192 } else {
1193 ALOGE("Not sending reply in one-way transaction");
1194 }
1195 };
1196
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1197 if (tr.target.ptr) {
Dianne Hackborn839f7072016-03-21 10:36:54 -0700[diff] [blame]1198 // We only have a weak reference on the target object, so we must first try to
1199 // safely acquire a strong reference before doing anything else with it.
1200 if (reinterpret_cast<RefBase::weakref_type*>(
1201 tr.target.ptr)->attemptIncStrong(this)) {
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1202 error = reinterpret_cast<BHwBinder*>(tr.cookie)->transact(tr.code, buffer,
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1203 &reply, tr.flags, reply_callback);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1204 reinterpret_cast<BHwBinder*>(tr.cookie)->decStrong(this);
Dianne Hackborn839f7072016-03-21 10:36:54 -0700[diff] [blame]1205 } else {
1206 error = UNKNOWN_TRANSACTION;
1207 }
Brad Fitzpatrick24f8bca2010-08-30 16:01:16 -0700[diff] [blame]1208
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1209 } else {
Steven Morelandb9518572019-04-02 18:13:21 -0700[diff] [blame]1210 error = the_context_object->transact(tr.code, buffer, &reply, tr.flags, reply_callback);
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1211 }
1212
1213 if ((tr.flags & TF_ONE_WAY) == 0) {
1214 if (!reply_sent) {
1215 // Should have been a reply but there wasn't, so there
1216 // must have been an error instead.
1217 reply.setError(error);
Steven Morelanda80270c2020-11-19 21:08:28 +0000[diff] [blame]1218 sendReply(reply, (tr.flags & kForwardReplyFlags));
Martijn Coenen79c2f4d2016-05-20 10:55:59 +0200[diff] [blame]1219 } else {
1220 if (error != NO_ERROR) {
1221 ALOGE("transact() returned error after sending reply.");
1222 } else {
1223 // Ok, reply sent and transact didn't return an error.
1224 }
1225 }
1226 } else {
1227 // One-way transaction, don't care about return value or reply.
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1228 }
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1229
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1230 //ALOGI("<<<< TRANSACT from pid %d restore pid %d sid %s uid %d\n",
1231 // mCallingPid, origPid, (origSid ? origSid : "<N/A>"), origUid);
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1232
Steven Morelande3785d02020-01-31 14:58:48 -0800[diff] [blame]1233 mServingStackPointer = origServingStackPointer;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1234 mCallingPid = origPid;
Steven Morelandc149dca2019-01-09 18:01:02 -0800[diff] [blame]1235 mCallingSid = origSid;
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1236 mCallingUid = origUid;
Dianne Hackbornf99aec62014-09-30 11:30:03 -0700[diff] [blame]1237 mStrictModePolicy = origStrictModePolicy;
1238 mLastTransactionBinderFlags = origTransactionBinderFlags;
Christopher Tate7c4dfec2010-03-18 17:55:03 -0700[diff] [blame]1239
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1240 IF_LOG_TRANSACTIONS() {
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1241 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj "
1242 << tr.target.ptr << ": " << indent << reply << dedent << endl;
1243 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1244
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1245 }
1246 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1247
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1248 case BR_DEAD_BINDER:
1249 {
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]1250 BpHwBinder *proxy = (BpHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1251 proxy->sendObituary();
1252 mOut.writeInt32(BC_DEAD_BINDER_DONE);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1253 mOut.writePointer((uintptr_t)proxy);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1254 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1255
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1256 case BR_CLEAR_DEATH_NOTIFICATION_DONE:
1257 {
Yifan Hong1e118d22017-01-12 14:42:28 -0800[diff] [blame]1258 BpHwBinder *proxy = (BpHwBinder*)mIn.readPointer();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1259 proxy->getWeakRefs()->decWeak(proxy);
1260 } break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1261
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1262 case BR_FINISHED:
1263 result = TIMED_OUT;
1264 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1265
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1266 case BR_NOOP:
1267 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1268
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1269 case BR_SPAWN_LOOPER:
1270 mProcess->spawnPooledThread(false);
1271 break;
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1272
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1273 default:
liangweikang2fbdf842016-10-25 16:37:54 +0800[diff] [blame]1274 ALOGE("*** BAD COMMAND %d received from Binder driver\n", cmd);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1275 result = UNKNOWN_ERROR;
1276 break;
1277 }
1278
1279 if (result != NO_ERROR) {
1280 mLastError = result;
1281 }
Yifan Hongdde40f32017-01-12 14:22:45 -0800[diff] [blame]1282
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1283 return result;
1284}
1285
Steven Morelande3785d02020-01-31 14:58:48 -0800[diff] [blame]1286const void* IPCThreadState::getServingStackPointer() const {
1287 return mServingStackPointer;
Jayant Chowdhary985fc892018-10-01 22:54:05 +0000[diff] [blame]1288}
1289
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1290void IPCThreadState::threadDestructor(void *st)
1291{
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]1292 IPCThreadState* const self = static_cast<IPCThreadState*>(st);
1293 if (self) {
1294 self->flushCommands();
Elliott Hughese5e70552015-08-12 15:27:47 -0700[diff] [blame]1295#if defined(__ANDROID__)
Steven Morelandd2c941f2021-01-21 22:37:21 +0000[diff] [blame]1296 if (self->mProcess->mDriverFD >= 0) {
Johannes Carlsson597a3c72011-02-17 14:06:53 +0100[diff] [blame]1297 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0);
1298 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1299#endif
Todd Poynor0646cb02013-06-25 19:12:18 -0700[diff] [blame]1300 delete self;
1301 }
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1302}
1303
1304
Colin Crossf0487982014-02-05 17:42:44 -0800[diff] [blame]1305void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data,
1306 size_t /*dataSize*/,
1307 const binder_size_t* /*objects*/,
1308 size_t /*objectsSize*/, void* /*cookie*/)
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1309{
Steve Block93cf8542012-01-04 20:05:49 +0000[diff] [blame]1310 //ALOGI("Freeing parcel %p", &parcel);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1311 IF_LOG_COMMANDS() {
1312 alog << "Writing BC_FREE_BUFFER for " << data << endl;
1313 }
Yi Kong55d41072018-07-23 14:55:39 -0700[diff] [blame]1314 ALOG_ASSERT(data != nullptr, "Called with NULL data");
1315 if (parcel != nullptr) parcel->closeFileDescriptors();
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1316 IPCThreadState* state = self();
1317 state->mOut.writeInt32(BC_FREE_BUFFER);
Serban Constantinescu4ca5baf2013-11-05 16:53:55 +0000[diff] [blame]1318 state->mOut.writePointer((uintptr_t)data);
Mathias Agopian7922fa22009-05-18 15:08:03 -0700[diff] [blame]1319}
1320
Steven Moreland7173a4c2019-09-26 15:55:02 -0700[diff] [blame]1321} // namespace hardware
1322} // namespace android