IPCThreadState.cpp revision 2b6317436d2035ce98331906aaaca87e6026c9c8
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <binder/TextOutput.h> 24 25#include <cutils/sched_policy.h> 26#include <utils/Log.h> 27#include <utils/SystemClock.h> 28#include <utils/threads.h> 29 30#include <private/binder/binder_module.h> 31#include <private/binder/Static.h> 32 33#include <errno.h> 34#include <inttypes.h> 35#include <pthread.h> 36#include <sched.h> 37#include <signal.h> 38#include <stdio.h> 39#include <sys/ioctl.h> 40#include <sys/resource.h> 41#include <unistd.h> 42 43#if LOG_NDEBUG 44 45#define IF_LOG_TRANSACTIONS() if (false) 46#define IF_LOG_COMMANDS() if (false) 47#define LOG_REMOTEREFS(...) 48#define IF_LOG_REMOTEREFS() if (false) 49 50#define LOG_THREADPOOL(...) 51#define LOG_ONEWAY(...) 52 53#else 54 55#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact") 56#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc") 57#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 58#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs") 59#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 60#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__) 61 62#endif 63 64// --------------------------------------------------------------------------- 65 66namespace android { 67 68// Static const and functions will be optimized out if not used, 69// when LOG_NDEBUG and references in IF_LOG_COMMANDS() are optimized out. 70static const char *kReturnStrings[] = { 71 "BR_ERROR", 72 "BR_OK", 73 "BR_TRANSACTION", 74 "BR_REPLY", 75 "BR_ACQUIRE_RESULT", 76 "BR_DEAD_REPLY", 77 "BR_TRANSACTION_COMPLETE", 78 "BR_INCREFS", 79 "BR_ACQUIRE", 80 "BR_RELEASE", 81 "BR_DECREFS", 82 "BR_ATTEMPT_ACQUIRE", 83 "BR_NOOP", 84 "BR_SPAWN_LOOPER", 85 "BR_FINISHED", 86 "BR_DEAD_BINDER", 87 "BR_CLEAR_DEATH_NOTIFICATION_DONE", 88 "BR_FAILED_REPLY" 89}; 90 91static const char *kCommandStrings[] = { 92 "BC_TRANSACTION", 93 "BC_REPLY", 94 "BC_ACQUIRE_RESULT", 95 "BC_FREE_BUFFER", 96 "BC_INCREFS", 97 "BC_ACQUIRE", 98 "BC_RELEASE", 99 "BC_DECREFS", 100 "BC_INCREFS_DONE", 101 "BC_ACQUIRE_DONE", 102 "BC_ATTEMPT_ACQUIRE", 103 "BC_REGISTER_LOOPER", 104 "BC_ENTER_LOOPER", 105 "BC_EXIT_LOOPER", 106 "BC_REQUEST_DEATH_NOTIFICATION", 107 "BC_CLEAR_DEATH_NOTIFICATION", 108 "BC_DEAD_BINDER_DONE" 109}; 110 111static const char* getReturnString(uint32_t cmd) 112{ 113 size_t idx = cmd & 0xff; 114 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 115 return kReturnStrings[idx]; 116 else 117 return "unknown"; 118} 119 120static const void* printBinderTransactionData(TextOutput& out, const void* data) 121{ 122 const binder_transaction_data* btd = 123 (const binder_transaction_data*)data; 124 if (btd->target.handle < 1024) { 125 /* want to print descriptors in decimal; guess based on value */ 126 out << "target.desc=" << btd->target.handle; 127 } else { 128 out << "target.ptr=" << btd->target.ptr; 129 } 130 out << " (cookie " << btd->cookie << ")" << endl 131 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)(long)btd->flags << endl 132 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 133 << " bytes)" << endl 134 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 135 << " bytes)"; 136 return btd+1; 137} 138 139static const void* printReturnCommand(TextOutput& out, const void* _cmd) 140{ 141 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 142 const int32_t* cmd = (const int32_t*)_cmd; 143 uint32_t code = (uint32_t)*cmd++; 144 size_t cmdIndex = code & 0xff; 145 if (code == BR_ERROR) { 146 out << "BR_ERROR: " << (void*)(long)(*cmd++) << endl; 147 return cmd; 148 } else if (cmdIndex >= N) { 149 out << "Unknown reply: " << code << endl; 150 return cmd; 151 } 152 out << kReturnStrings[cmdIndex]; 153 154 switch (code) { 155 case BR_TRANSACTION: 156 case BR_REPLY: { 157 out << ": " << indent; 158 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 159 out << dedent; 160 } break; 161 162 case BR_ACQUIRE_RESULT: { 163 const int32_t res = *cmd++; 164 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 165 } break; 166 167 case BR_INCREFS: 168 case BR_ACQUIRE: 169 case BR_RELEASE: 170 case BR_DECREFS: { 171 const int32_t b = *cmd++; 172 const int32_t c = *cmd++; 173 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")"; 174 } break; 175 176 case BR_ATTEMPT_ACQUIRE: { 177 const int32_t p = *cmd++; 178 const int32_t b = *cmd++; 179 const int32_t c = *cmd++; 180 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c 181 << "), pri=" << p; 182 } break; 183 184 case BR_DEAD_BINDER: 185 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 186 const int32_t c = *cmd++; 187 out << ": death cookie " << (void*)(long)c; 188 } break; 189 190 default: 191 // no details to show for: BR_OK, BR_DEAD_REPLY, 192 // BR_TRANSACTION_COMPLETE, BR_FINISHED 193 break; 194 } 195 196 out << endl; 197 return cmd; 198} 199 200static const void* printCommand(TextOutput& out, const void* _cmd) 201{ 202 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 203 const int32_t* cmd = (const int32_t*)_cmd; 204 uint32_t code = (uint32_t)*cmd++; 205 size_t cmdIndex = code & 0xff; 206 207 if (cmdIndex >= N) { 208 out << "Unknown command: " << code << endl; 209 return cmd; 210 } 211 out << kCommandStrings[cmdIndex]; 212 213 switch (code) { 214 case BC_TRANSACTION: 215 case BC_REPLY: { 216 out << ": " << indent; 217 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 218 out << dedent; 219 } break; 220 221 case BC_ACQUIRE_RESULT: { 222 const int32_t res = *cmd++; 223 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 224 } break; 225 226 case BC_FREE_BUFFER: { 227 const int32_t buf = *cmd++; 228 out << ": buffer=" << (void*)(long)buf; 229 } break; 230 231 case BC_INCREFS: 232 case BC_ACQUIRE: 233 case BC_RELEASE: 234 case BC_DECREFS: { 235 const int32_t d = *cmd++; 236 out << ": desc=" << d; 237 } break; 238 239 case BC_INCREFS_DONE: 240 case BC_ACQUIRE_DONE: { 241 const int32_t b = *cmd++; 242 const int32_t c = *cmd++; 243 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")"; 244 } break; 245 246 case BC_ATTEMPT_ACQUIRE: { 247 const int32_t p = *cmd++; 248 const int32_t d = *cmd++; 249 out << ": desc=" << d << ", pri=" << p; 250 } break; 251 252 case BC_REQUEST_DEATH_NOTIFICATION: 253 case BC_CLEAR_DEATH_NOTIFICATION: { 254 const int32_t h = *cmd++; 255 const int32_t c = *cmd++; 256 out << ": handle=" << h << " (death cookie " << (void*)(long)c << ")"; 257 } break; 258 259 case BC_DEAD_BINDER_DONE: { 260 const int32_t c = *cmd++; 261 out << ": death cookie " << (void*)(long)c; 262 } break; 263 264 default: 265 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER, 266 // BC_EXIT_LOOPER 267 break; 268 } 269 270 out << endl; 271 return cmd; 272} 273 274static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 275static bool gHaveTLS = false; 276static pthread_key_t gTLS = 0; 277static bool gShutdown = false; 278static bool gDisableBackgroundScheduling = false; 279 280IPCThreadState* IPCThreadState::self() 281{ 282 if (gHaveTLS) { 283restart: 284 const pthread_key_t k = gTLS; 285 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 286 if (st) return st; 287 return new IPCThreadState; 288 } 289 290 if (gShutdown) { 291 ALOGW("Calling IPCThreadState::self() during shutdown is dangerous, expect a crash.\n"); 292 return NULL; 293 } 294 295 pthread_mutex_lock(&gTLSMutex); 296 if (!gHaveTLS) { 297 int key_create_value = pthread_key_create(&gTLS, threadDestructor); 298 if (key_create_value != 0) { 299 pthread_mutex_unlock(&gTLSMutex); 300 ALOGW("IPCThreadState::self() unable to create TLS key, expect a crash: %s\n", 301 strerror(key_create_value)); 302 return NULL; 303 } 304 gHaveTLS = true; 305 } 306 pthread_mutex_unlock(&gTLSMutex); 307 goto restart; 308} 309 310IPCThreadState* IPCThreadState::selfOrNull() 311{ 312 if (gHaveTLS) { 313 const pthread_key_t k = gTLS; 314 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 315 return st; 316 } 317 return NULL; 318} 319 320void IPCThreadState::shutdown() 321{ 322 gShutdown = true; 323 324 if (gHaveTLS) { 325 // XXX Need to wait for all thread pool threads to exit! 326 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 327 if (st) { 328 delete st; 329 pthread_setspecific(gTLS, NULL); 330 } 331 pthread_key_delete(gTLS); 332 gHaveTLS = false; 333 } 334} 335 336void IPCThreadState::disableBackgroundScheduling(bool disable) 337{ 338 gDisableBackgroundScheduling = disable; 339} 340 341bool IPCThreadState::backgroundSchedulingDisabled() 342{ 343 return gDisableBackgroundScheduling; 344} 345 346sp<ProcessState> IPCThreadState::process() 347{ 348 return mProcess; 349} 350 351status_t IPCThreadState::clearLastError() 352{ 353 const status_t err = mLastError; 354 mLastError = NO_ERROR; 355 return err; 356} 357 358pid_t IPCThreadState::getCallingPid() const 359{ 360 return mCallingPid; 361} 362 363uid_t IPCThreadState::getCallingUid() const 364{ 365 return mCallingUid; 366} 367 368int64_t IPCThreadState::clearCallingIdentity() 369{ 370 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 371 clearCaller(); 372 return token; 373} 374 375void IPCThreadState::setStrictModePolicy(int32_t policy) 376{ 377 mStrictModePolicy = policy; 378} 379 380int32_t IPCThreadState::getStrictModePolicy() const 381{ 382 return mStrictModePolicy; 383} 384 385void IPCThreadState::setLastTransactionBinderFlags(int32_t flags) 386{ 387 mLastTransactionBinderFlags = flags; 388} 389 390int32_t IPCThreadState::getLastTransactionBinderFlags() const 391{ 392 return mLastTransactionBinderFlags; 393} 394 395void IPCThreadState::restoreCallingIdentity(int64_t token) 396{ 397 mCallingUid = (int)(token>>32); 398 mCallingPid = (int)token; 399} 400 401void IPCThreadState::clearCaller() 402{ 403 mCallingPid = getpid(); 404 mCallingUid = getuid(); 405} 406 407void IPCThreadState::flushCommands() 408{ 409 if (mProcess->mDriverFD <= 0) 410 return; 411 talkWithDriver(false); 412} 413 414void IPCThreadState::blockUntilThreadAvailable() 415{ 416 pthread_mutex_lock(&mProcess->mThreadCountLock); 417 while (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads) { 418 ALOGW("Waiting for thread to be free. mExecutingThreadsCount=%lu mMaxThreads=%lu\n", 419 static_cast<unsigned long>(mProcess->mExecutingThreadsCount), 420 static_cast<unsigned long>(mProcess->mMaxThreads)); 421 pthread_cond_wait(&mProcess->mThreadCountDecrement, &mProcess->mThreadCountLock); 422 } 423 pthread_mutex_unlock(&mProcess->mThreadCountLock); 424} 425 426status_t IPCThreadState::getAndExecuteCommand() 427{ 428 status_t result; 429 int32_t cmd; 430 431 result = talkWithDriver(); 432 if (result >= NO_ERROR) { 433 size_t IN = mIn.dataAvail(); 434 if (IN < sizeof(int32_t)) return result; 435 cmd = mIn.readInt32(); 436 IF_LOG_COMMANDS() { 437 alog << "Processing top-level Command: " 438 << getReturnString(cmd) << endl; 439 } 440 441 pthread_mutex_lock(&mProcess->mThreadCountLock); 442 mProcess->mExecutingThreadsCount++; 443 if (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads && 444 mProcess->mStarvationStartTimeMs == 0) { 445 mProcess->mStarvationStartTimeMs = uptimeMillis(); 446 } 447 pthread_mutex_unlock(&mProcess->mThreadCountLock); 448 449 result = executeCommand(cmd); 450 451 pthread_mutex_lock(&mProcess->mThreadCountLock); 452 mProcess->mExecutingThreadsCount--; 453 if (mProcess->mExecutingThreadsCount < mProcess->mMaxThreads && 454 mProcess->mStarvationStartTimeMs != 0) { 455 int64_t starvationTimeMs = uptimeMillis() - mProcess->mStarvationStartTimeMs; 456 if (starvationTimeMs > 100) { 457 ALOGE("binder thread pool (%zu threads) starved for %" PRId64 " ms", 458 mProcess->mMaxThreads, starvationTimeMs); 459 } 460 mProcess->mStarvationStartTimeMs = 0; 461 } 462 pthread_cond_broadcast(&mProcess->mThreadCountDecrement); 463 pthread_mutex_unlock(&mProcess->mThreadCountLock); 464 } 465 466 return result; 467} 468 469// When we've cleared the incoming command queue, process any pending derefs 470void IPCThreadState::processPendingDerefs() 471{ 472 if (mIn.dataPosition() >= mIn.dataSize()) { 473 size_t numPending = mPendingWeakDerefs.size(); 474 if (numPending > 0) { 475 for (size_t i = 0; i < numPending; i++) { 476 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 477 refs->decWeak(mProcess.get()); 478 } 479 mPendingWeakDerefs.clear(); 480 } 481 482 numPending = mPendingStrongDerefs.size(); 483 if (numPending > 0) { 484 for (size_t i = 0; i < numPending; i++) { 485 BBinder* obj = mPendingStrongDerefs[i]; 486 obj->decStrong(mProcess.get()); 487 } 488 mPendingStrongDerefs.clear(); 489 } 490 } 491} 492 493void IPCThreadState::joinThreadPool(bool isMain) 494{ 495 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 496 497 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 498 499 status_t result; 500 do { 501 processPendingDerefs(); 502 // now get the next command to be processed, waiting if necessary 503 result = getAndExecuteCommand(); 504 505 if (result < NO_ERROR && result != TIMED_OUT && result != -ECONNREFUSED && result != -EBADF) { 506 ALOGE("getAndExecuteCommand(fd=%d) returned unexpected error %d, aborting", 507 mProcess->mDriverFD, result); 508 abort(); 509 } 510 511 // Let this thread exit the thread pool if it is no longer 512 // needed and it is not the main process thread. 513 if(result == TIMED_OUT && !isMain) { 514 break; 515 } 516 } while (result != -ECONNREFUSED && result != -EBADF); 517 518 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%d\n", 519 (void*)pthread_self(), getpid(), result); 520 521 mOut.writeInt32(BC_EXIT_LOOPER); 522 talkWithDriver(false); 523} 524 525int IPCThreadState::setupPolling(int* fd) 526{ 527 if (mProcess->mDriverFD <= 0) { 528 return -EBADF; 529 } 530 531 mOut.writeInt32(BC_ENTER_LOOPER); 532 *fd = mProcess->mDriverFD; 533 return 0; 534} 535 536status_t IPCThreadState::handlePolledCommands() 537{ 538 status_t result; 539 540 do { 541 result = getAndExecuteCommand(); 542 } while (mIn.dataPosition() < mIn.dataSize()); 543 544 processPendingDerefs(); 545 flushCommands(); 546 return result; 547} 548 549void IPCThreadState::stopProcess(bool /*immediate*/) 550{ 551 //ALOGI("**** STOPPING PROCESS"); 552 flushCommands(); 553 int fd = mProcess->mDriverFD; 554 mProcess->mDriverFD = -1; 555 close(fd); 556 //kill(getpid(), SIGKILL); 557} 558 559status_t IPCThreadState::transact(int32_t handle, 560 uint32_t code, const Parcel& data, 561 Parcel* reply, uint32_t flags) 562{ 563 status_t err = data.errorCheck(); 564 565 flags |= TF_ACCEPT_FDS; 566 567 IF_LOG_TRANSACTIONS() { 568 TextOutput::Bundle _b(alog); 569 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 570 << handle << " / code " << TypeCode(code) << ": " 571 << indent << data << dedent << endl; 572 } 573 574 if (err == NO_ERROR) { 575 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 576 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 577 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 578 } 579 580 if (err != NO_ERROR) { 581 if (reply) reply->setError(err); 582 return (mLastError = err); 583 } 584 585 if ((flags & TF_ONE_WAY) == 0) { 586 #if 0 587 if (code == 4) { // relayout 588 ALOGI(">>>>>> CALLING transaction 4"); 589 } else { 590 ALOGI(">>>>>> CALLING transaction %d", code); 591 } 592 #endif 593 if (reply) { 594 err = waitForResponse(reply); 595 } else { 596 Parcel fakeReply; 597 err = waitForResponse(&fakeReply); 598 } 599 #if 0 600 if (code == 4) { // relayout 601 ALOGI("<<<<<< RETURNING transaction 4"); 602 } else { 603 ALOGI("<<<<<< RETURNING transaction %d", code); 604 } 605 #endif 606 607 IF_LOG_TRANSACTIONS() { 608 TextOutput::Bundle _b(alog); 609 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 610 << handle << ": "; 611 if (reply) alog << indent << *reply << dedent << endl; 612 else alog << "(none requested)" << endl; 613 } 614 } else { 615 err = waitForResponse(NULL, NULL); 616 } 617 618 return err; 619} 620 621void IPCThreadState::incStrongHandle(int32_t handle) 622{ 623 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 624 mOut.writeInt32(BC_ACQUIRE); 625 mOut.writeInt32(handle); 626} 627 628void IPCThreadState::decStrongHandle(int32_t handle) 629{ 630 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 631 mOut.writeInt32(BC_RELEASE); 632 mOut.writeInt32(handle); 633} 634 635void IPCThreadState::incWeakHandle(int32_t handle) 636{ 637 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 638 mOut.writeInt32(BC_INCREFS); 639 mOut.writeInt32(handle); 640} 641 642void IPCThreadState::decWeakHandle(int32_t handle) 643{ 644 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 645 mOut.writeInt32(BC_DECREFS); 646 mOut.writeInt32(handle); 647} 648 649status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 650{ 651#if HAS_BC_ATTEMPT_ACQUIRE 652 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle); 653 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 654 mOut.writeInt32(0); // xxx was thread priority 655 mOut.writeInt32(handle); 656 status_t result = UNKNOWN_ERROR; 657 658 waitForResponse(NULL, &result); 659 660#if LOG_REFCOUNTS 661 ALOGV("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 662 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 663#endif 664 665 return result; 666#else 667 (void)handle; 668 ALOGE("%s(%d): Not supported\n", __func__, handle); 669 return INVALID_OPERATION; 670#endif 671} 672 673void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 674{ 675#if LOG_REFCOUNTS 676 ALOGV("IPCThreadState::expungeHandle(%ld)\n", handle); 677#endif 678 self()->mProcess->expungeHandle(handle, binder); 679} 680 681status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 682{ 683 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 684 mOut.writeInt32((int32_t)handle); 685 mOut.writePointer((uintptr_t)proxy); 686 return NO_ERROR; 687} 688 689status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 690{ 691 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 692 mOut.writeInt32((int32_t)handle); 693 mOut.writePointer((uintptr_t)proxy); 694 return NO_ERROR; 695} 696 697IPCThreadState::IPCThreadState() 698 : mProcess(ProcessState::self()), 699 mStrictModePolicy(0), 700 mLastTransactionBinderFlags(0) 701{ 702 pthread_setspecific(gTLS, this); 703 clearCaller(); 704 mIn.setDataCapacity(256); 705 mOut.setDataCapacity(256); 706} 707 708IPCThreadState::~IPCThreadState() 709{ 710} 711 712status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 713{ 714 status_t err; 715 status_t statusBuffer; 716 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 717 if (err < NO_ERROR) return err; 718 719 return waitForResponse(NULL, NULL); 720} 721 722status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 723{ 724 uint32_t cmd; 725 int32_t err; 726 727 while (1) { 728 if ((err=talkWithDriver()) < NO_ERROR) break; 729 err = mIn.errorCheck(); 730 if (err < NO_ERROR) break; 731 if (mIn.dataAvail() == 0) continue; 732 733 cmd = (uint32_t)mIn.readInt32(); 734 735 IF_LOG_COMMANDS() { 736 alog << "Processing waitForResponse Command: " 737 << getReturnString(cmd) << endl; 738 } 739 740 switch (cmd) { 741 case BR_TRANSACTION_COMPLETE: 742 if (!reply && !acquireResult) goto finish; 743 break; 744 745 case BR_DEAD_REPLY: 746 err = DEAD_OBJECT; 747 goto finish; 748 749 case BR_FAILED_REPLY: 750 err = FAILED_TRANSACTION; 751 goto finish; 752 753 case BR_ACQUIRE_RESULT: 754 { 755 ALOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 756 const int32_t result = mIn.readInt32(); 757 if (!acquireResult) continue; 758 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 759 } 760 goto finish; 761 762 case BR_REPLY: 763 { 764 binder_transaction_data tr; 765 err = mIn.read(&tr, sizeof(tr)); 766 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 767 if (err != NO_ERROR) goto finish; 768 769 if (reply) { 770 if ((tr.flags & TF_STATUS_CODE) == 0) { 771 reply->ipcSetDataReference( 772 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 773 tr.data_size, 774 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 775 tr.offsets_size/sizeof(binder_size_t), 776 freeBuffer, this); 777 } else { 778 err = *reinterpret_cast<const status_t*>(tr.data.ptr.buffer); 779 freeBuffer(NULL, 780 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 781 tr.data_size, 782 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 783 tr.offsets_size/sizeof(binder_size_t), this); 784 } 785 } else { 786 freeBuffer(NULL, 787 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 788 tr.data_size, 789 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 790 tr.offsets_size/sizeof(binder_size_t), this); 791 continue; 792 } 793 } 794 goto finish; 795 796 default: 797 err = executeCommand(cmd); 798 if (err != NO_ERROR) goto finish; 799 break; 800 } 801 } 802 803finish: 804 if (err != NO_ERROR) { 805 if (acquireResult) *acquireResult = err; 806 if (reply) reply->setError(err); 807 mLastError = err; 808 } 809 810 return err; 811} 812 813status_t IPCThreadState::talkWithDriver(bool doReceive) 814{ 815 if (mProcess->mDriverFD <= 0) { 816 return -EBADF; 817 } 818 819 binder_write_read bwr; 820 821 // Is the read buffer empty? 822 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 823 824 // We don't want to write anything if we are still reading 825 // from data left in the input buffer and the caller 826 // has requested to read the next data. 827 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 828 829 bwr.write_size = outAvail; 830 bwr.write_buffer = (uintptr_t)mOut.data(); 831 832 // This is what we'll read. 833 if (doReceive && needRead) { 834 bwr.read_size = mIn.dataCapacity(); 835 bwr.read_buffer = (uintptr_t)mIn.data(); 836 } else { 837 bwr.read_size = 0; 838 bwr.read_buffer = 0; 839 } 840 841 IF_LOG_COMMANDS() { 842 TextOutput::Bundle _b(alog); 843 if (outAvail != 0) { 844 alog << "Sending commands to driver: " << indent; 845 const void* cmds = (const void*)bwr.write_buffer; 846 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 847 alog << HexDump(cmds, bwr.write_size) << endl; 848 while (cmds < end) cmds = printCommand(alog, cmds); 849 alog << dedent; 850 } 851 alog << "Size of receive buffer: " << bwr.read_size 852 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 853 } 854 855 // Return immediately if there is nothing to do. 856 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 857 858 bwr.write_consumed = 0; 859 bwr.read_consumed = 0; 860 status_t err; 861 do { 862 IF_LOG_COMMANDS() { 863 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 864 } 865#if defined(__ANDROID__) 866 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 867 err = NO_ERROR; 868 else 869 err = -errno; 870#else 871 err = INVALID_OPERATION; 872#endif 873 if (mProcess->mDriverFD <= 0) { 874 err = -EBADF; 875 } 876 IF_LOG_COMMANDS() { 877 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 878 } 879 } while (err == -EINTR); 880 881 IF_LOG_COMMANDS() { 882 alog << "Our err: " << (void*)(intptr_t)err << ", write consumed: " 883 << bwr.write_consumed << " (of " << mOut.dataSize() 884 << "), read consumed: " << bwr.read_consumed << endl; 885 } 886 887 if (err >= NO_ERROR) { 888 if (bwr.write_consumed > 0) { 889 if (bwr.write_consumed < mOut.dataSize()) 890 mOut.remove(0, bwr.write_consumed); 891 else 892 mOut.setDataSize(0); 893 } 894 if (bwr.read_consumed > 0) { 895 mIn.setDataSize(bwr.read_consumed); 896 mIn.setDataPosition(0); 897 } 898 IF_LOG_COMMANDS() { 899 TextOutput::Bundle _b(alog); 900 alog << "Remaining data size: " << mOut.dataSize() << endl; 901 alog << "Received commands from driver: " << indent; 902 const void* cmds = mIn.data(); 903 const void* end = mIn.data() + mIn.dataSize(); 904 alog << HexDump(cmds, mIn.dataSize()) << endl; 905 while (cmds < end) cmds = printReturnCommand(alog, cmds); 906 alog << dedent; 907 } 908 return NO_ERROR; 909 } 910 911 return err; 912} 913 914status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 915 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 916{ 917 binder_transaction_data tr; 918 919 tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */ 920 tr.target.handle = handle; 921 tr.code = code; 922 tr.flags = binderFlags; 923 tr.cookie = 0; 924 tr.sender_pid = 0; 925 tr.sender_euid = 0; 926 927 const status_t err = data.errorCheck(); 928 if (err == NO_ERROR) { 929 tr.data_size = data.ipcDataSize(); 930 tr.data.ptr.buffer = data.ipcData(); 931 tr.offsets_size = data.ipcObjectsCount()*sizeof(binder_size_t); 932 tr.data.ptr.offsets = data.ipcObjects(); 933 } else if (statusBuffer) { 934 tr.flags |= TF_STATUS_CODE; 935 *statusBuffer = err; 936 tr.data_size = sizeof(status_t); 937 tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer); 938 tr.offsets_size = 0; 939 tr.data.ptr.offsets = 0; 940 } else { 941 return (mLastError = err); 942 } 943 944 mOut.writeInt32(cmd); 945 mOut.write(&tr, sizeof(tr)); 946 947 return NO_ERROR; 948} 949 950sp<BBinder> the_context_object; 951 952void setTheContextObject(sp<BBinder> obj) 953{ 954 the_context_object = obj; 955} 956 957status_t IPCThreadState::executeCommand(int32_t cmd) 958{ 959 BBinder* obj; 960 RefBase::weakref_type* refs; 961 status_t result = NO_ERROR; 962 963 switch ((uint32_t)cmd) { 964 case BR_ERROR: 965 result = mIn.readInt32(); 966 break; 967 968 case BR_OK: 969 break; 970 971 case BR_ACQUIRE: 972 refs = (RefBase::weakref_type*)mIn.readPointer(); 973 obj = (BBinder*)mIn.readPointer(); 974 ALOG_ASSERT(refs->refBase() == obj, 975 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 976 refs, obj, refs->refBase()); 977 obj->incStrong(mProcess.get()); 978 IF_LOG_REMOTEREFS() { 979 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 980 obj->printRefs(); 981 } 982 mOut.writeInt32(BC_ACQUIRE_DONE); 983 mOut.writePointer((uintptr_t)refs); 984 mOut.writePointer((uintptr_t)obj); 985 break; 986 987 case BR_RELEASE: 988 refs = (RefBase::weakref_type*)mIn.readPointer(); 989 obj = (BBinder*)mIn.readPointer(); 990 ALOG_ASSERT(refs->refBase() == obj, 991 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 992 refs, obj, refs->refBase()); 993 IF_LOG_REMOTEREFS() { 994 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 995 obj->printRefs(); 996 } 997 mPendingStrongDerefs.push(obj); 998 break; 999 1000 case BR_INCREFS: 1001 refs = (RefBase::weakref_type*)mIn.readPointer(); 1002 obj = (BBinder*)mIn.readPointer(); 1003 refs->incWeak(mProcess.get()); 1004 mOut.writeInt32(BC_INCREFS_DONE); 1005 mOut.writePointer((uintptr_t)refs); 1006 mOut.writePointer((uintptr_t)obj); 1007 break; 1008 1009 case BR_DECREFS: 1010 refs = (RefBase::weakref_type*)mIn.readPointer(); 1011 obj = (BBinder*)mIn.readPointer(); 1012 // NOTE: This assertion is not valid, because the object may no 1013 // longer exist (thus the (BBinder*)cast above resulting in a different 1014 // memory address). 1015 //ALOG_ASSERT(refs->refBase() == obj, 1016 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 1017 // refs, obj, refs->refBase()); 1018 mPendingWeakDerefs.push(refs); 1019 break; 1020 1021 case BR_ATTEMPT_ACQUIRE: 1022 refs = (RefBase::weakref_type*)mIn.readPointer(); 1023 obj = (BBinder*)mIn.readPointer(); 1024 1025 { 1026 const bool success = refs->attemptIncStrong(mProcess.get()); 1027 ALOG_ASSERT(success && refs->refBase() == obj, 1028 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 1029 refs, obj, refs->refBase()); 1030 1031 mOut.writeInt32(BC_ACQUIRE_RESULT); 1032 mOut.writeInt32((int32_t)success); 1033 } 1034 break; 1035 1036 case BR_TRANSACTION: 1037 { 1038 binder_transaction_data tr; 1039 result = mIn.read(&tr, sizeof(tr)); 1040 ALOG_ASSERT(result == NO_ERROR, 1041 "Not enough command data for brTRANSACTION"); 1042 if (result != NO_ERROR) break; 1043 1044 Parcel buffer; 1045 buffer.ipcSetDataReference( 1046 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 1047 tr.data_size, 1048 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 1049 tr.offsets_size/sizeof(binder_size_t), freeBuffer, this); 1050 1051 const pid_t origPid = mCallingPid; 1052 const uid_t origUid = mCallingUid; 1053 const int32_t origStrictModePolicy = mStrictModePolicy; 1054 const int32_t origTransactionBinderFlags = mLastTransactionBinderFlags; 1055 1056 mCallingPid = tr.sender_pid; 1057 mCallingUid = tr.sender_euid; 1058 mLastTransactionBinderFlags = tr.flags; 1059 1060 //ALOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 1061 1062 Parcel reply; 1063 status_t error; 1064 IF_LOG_TRANSACTIONS() { 1065 TextOutput::Bundle _b(alog); 1066 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 1067 << " / obj " << tr.target.ptr << " / code " 1068 << TypeCode(tr.code) << ": " << indent << buffer 1069 << dedent << endl 1070 << "Data addr = " 1071 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 1072 << ", offsets addr=" 1073 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 1074 } 1075 if (tr.target.ptr) { 1076 // We only have a weak reference on the target object, so we must first try to 1077 // safely acquire a strong reference before doing anything else with it. 1078 if (reinterpret_cast<RefBase::weakref_type*>( 1079 tr.target.ptr)->attemptIncStrong(this)) { 1080 error = reinterpret_cast<BBinder*>(tr.cookie)->transact(tr.code, buffer, 1081 &reply, tr.flags); 1082 reinterpret_cast<BBinder*>(tr.cookie)->decStrong(this); 1083 } else { 1084 error = UNKNOWN_TRANSACTION; 1085 } 1086 1087 } else { 1088 error = the_context_object->transact(tr.code, buffer, &reply, tr.flags); 1089 } 1090 1091 //ALOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 1092 // mCallingPid, origPid, origUid); 1093 1094 if ((tr.flags & TF_ONE_WAY) == 0) { 1095 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 1096 if (error < NO_ERROR) reply.setError(error); 1097 sendReply(reply, 0); 1098 } else { 1099 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 1100 } 1101 1102 mCallingPid = origPid; 1103 mCallingUid = origUid; 1104 mStrictModePolicy = origStrictModePolicy; 1105 mLastTransactionBinderFlags = origTransactionBinderFlags; 1106 1107 IF_LOG_TRANSACTIONS() { 1108 TextOutput::Bundle _b(alog); 1109 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 1110 << tr.target.ptr << ": " << indent << reply << dedent << endl; 1111 } 1112 1113 } 1114 break; 1115 1116 case BR_DEAD_BINDER: 1117 { 1118 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1119 proxy->sendObituary(); 1120 mOut.writeInt32(BC_DEAD_BINDER_DONE); 1121 mOut.writePointer((uintptr_t)proxy); 1122 } break; 1123 1124 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 1125 { 1126 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1127 proxy->getWeakRefs()->decWeak(proxy); 1128 } break; 1129 1130 case BR_FINISHED: 1131 result = TIMED_OUT; 1132 break; 1133 1134 case BR_NOOP: 1135 break; 1136 1137 case BR_SPAWN_LOOPER: 1138 mProcess->spawnPooledThread(false); 1139 break; 1140 1141 default: 1142 ALOGE("*** BAD COMMAND %d received from Binder driver\n", cmd); 1143 result = UNKNOWN_ERROR; 1144 break; 1145 } 1146 1147 if (result != NO_ERROR) { 1148 mLastError = result; 1149 } 1150 1151 return result; 1152} 1153 1154void IPCThreadState::threadDestructor(void *st) 1155{ 1156 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1157 if (self) { 1158 self->flushCommands(); 1159#if defined(__ANDROID__) 1160 if (self->mProcess->mDriverFD > 0) { 1161 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1162 } 1163#endif 1164 delete self; 1165 } 1166} 1167 1168 1169void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, 1170 size_t /*dataSize*/, 1171 const binder_size_t* /*objects*/, 1172 size_t /*objectsSize*/, void* /*cookie*/) 1173{ 1174 //ALOGI("Freeing parcel %p", &parcel); 1175 IF_LOG_COMMANDS() { 1176 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1177 } 1178 ALOG_ASSERT(data != NULL, "Called with NULL data"); 1179 if (parcel != NULL) parcel->closeFileDescriptors(); 1180 IPCThreadState* state = self(); 1181 state->mOut.writeInt32(BC_FREE_BUFFER); 1182 state->mOut.writePointer((uintptr_t)data); 1183} 1184 1185}; // namespace android 1186