IPCThreadState.cpp revision 7f0c6d6e19565e512fc42c2371bc99f4c5e3fe70
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <binder/TextOutput.h> 24 25#include <cutils/sched_policy.h> 26#include <utils/Log.h> 27#include <utils/threads.h> 28 29#include <private/binder/binder_module.h> 30#include <private/binder/Static.h> 31 32#include <errno.h> 33#include <pthread.h> 34#include <sched.h> 35#include <signal.h> 36#include <stdio.h> 37#include <sys/ioctl.h> 38#include <sys/resource.h> 39#include <unistd.h> 40 41#if LOG_NDEBUG 42 43#define IF_LOG_TRANSACTIONS() if (false) 44#define IF_LOG_COMMANDS() if (false) 45#define LOG_REMOTEREFS(...) 46#define IF_LOG_REMOTEREFS() if (false) 47#define LOG_THREADPOOL(...) 48#define LOG_ONEWAY(...) 49 50#else 51 52#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact") 53#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc") 54#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 55#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs") 56#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 57#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__) 58 59#endif 60 61// --------------------------------------------------------------------------- 62 63namespace android { 64 65static const char* getReturnString(size_t idx); 66static const void* printReturnCommand(TextOutput& out, const void* _cmd); 67static const void* printCommand(TextOutput& out, const void* _cmd); 68 69// Static const and functions will be optimized out if not used, 70// when LOG_NDEBUG and references in IF_LOG_COMMANDS() are optimized out. 71static const char *kReturnStrings[] = { 72 "BR_ERROR", 73 "BR_OK", 74 "BR_TRANSACTION", 75 "BR_REPLY", 76 "BR_ACQUIRE_RESULT", 77 "BR_DEAD_REPLY", 78 "BR_TRANSACTION_COMPLETE", 79 "BR_INCREFS", 80 "BR_ACQUIRE", 81 "BR_RELEASE", 82 "BR_DECREFS", 83 "BR_ATTEMPT_ACQUIRE", 84 "BR_NOOP", 85 "BR_SPAWN_LOOPER", 86 "BR_FINISHED", 87 "BR_DEAD_BINDER", 88 "BR_CLEAR_DEATH_NOTIFICATION_DONE", 89 "BR_FAILED_REPLY" 90}; 91 92static const char *kCommandStrings[] = { 93 "BC_TRANSACTION", 94 "BC_REPLY", 95 "BC_ACQUIRE_RESULT", 96 "BC_FREE_BUFFER", 97 "BC_INCREFS", 98 "BC_ACQUIRE", 99 "BC_RELEASE", 100 "BC_DECREFS", 101 "BC_INCREFS_DONE", 102 "BC_ACQUIRE_DONE", 103 "BC_ATTEMPT_ACQUIRE", 104 "BC_REGISTER_LOOPER", 105 "BC_ENTER_LOOPER", 106 "BC_EXIT_LOOPER", 107 "BC_REQUEST_DEATH_NOTIFICATION", 108 "BC_CLEAR_DEATH_NOTIFICATION", 109 "BC_DEAD_BINDER_DONE" 110}; 111 112static const char* getReturnString(size_t idx) 113{ 114 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 115 return kReturnStrings[idx]; 116 else 117 return "unknown"; 118} 119 120static const void* printBinderTransactionData(TextOutput& out, const void* data) 121{ 122 const binder_transaction_data* btd = 123 (const binder_transaction_data*)data; 124 if (btd->target.handle < 1024) { 125 /* want to print descriptors in decimal; guess based on value */ 126 out << "target.desc=" << btd->target.handle; 127 } else { 128 out << "target.ptr=" << btd->target.ptr; 129 } 130 out << " (cookie " << btd->cookie << ")" << endl 131 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)(long)btd->flags << endl 132 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 133 << " bytes)" << endl 134 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 135 << " bytes)"; 136 return btd+1; 137} 138 139static const void* printReturnCommand(TextOutput& out, const void* _cmd) 140{ 141 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 142 const int32_t* cmd = (const int32_t*)_cmd; 143 uint32_t code = (uint32_t)*cmd++; 144 size_t cmdIndex = code & 0xff; 145 if (code == BR_ERROR) { 146 out << "BR_ERROR: " << (void*)(long)(*cmd++) << endl; 147 return cmd; 148 } else if (cmdIndex >= N) { 149 out << "Unknown reply: " << code << endl; 150 return cmd; 151 } 152 out << kReturnStrings[cmdIndex]; 153 154 switch (code) { 155 case BR_TRANSACTION: 156 case BR_REPLY: { 157 out << ": " << indent; 158 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 159 out << dedent; 160 } break; 161 162 case BR_ACQUIRE_RESULT: { 163 const int32_t res = *cmd++; 164 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 165 } break; 166 167 case BR_INCREFS: 168 case BR_ACQUIRE: 169 case BR_RELEASE: 170 case BR_DECREFS: { 171 const int32_t b = *cmd++; 172 const int32_t c = *cmd++; 173 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")"; 174 } break; 175 176 case BR_ATTEMPT_ACQUIRE: { 177 const int32_t p = *cmd++; 178 const int32_t b = *cmd++; 179 const int32_t c = *cmd++; 180 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c 181 << "), pri=" << p; 182 } break; 183 184 case BR_DEAD_BINDER: 185 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 186 const int32_t c = *cmd++; 187 out << ": death cookie " << (void*)(long)c; 188 } break; 189 190 default: 191 // no details to show for: BR_OK, BR_DEAD_REPLY, 192 // BR_TRANSACTION_COMPLETE, BR_FINISHED 193 break; 194 } 195 196 out << endl; 197 return cmd; 198} 199 200static const void* printCommand(TextOutput& out, const void* _cmd) 201{ 202 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 203 const int32_t* cmd = (const int32_t*)_cmd; 204 uint32_t code = (uint32_t)*cmd++; 205 size_t cmdIndex = code & 0xff; 206 207 if (cmdIndex >= N) { 208 out << "Unknown command: " << code << endl; 209 return cmd; 210 } 211 out << kCommandStrings[cmdIndex]; 212 213 switch (code) { 214 case BC_TRANSACTION: 215 case BC_REPLY: { 216 out << ": " << indent; 217 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 218 out << dedent; 219 } break; 220 221 case BC_ACQUIRE_RESULT: { 222 const int32_t res = *cmd++; 223 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 224 } break; 225 226 case BC_FREE_BUFFER: { 227 const int32_t buf = *cmd++; 228 out << ": buffer=" << (void*)(long)buf; 229 } break; 230 231 case BC_INCREFS: 232 case BC_ACQUIRE: 233 case BC_RELEASE: 234 case BC_DECREFS: { 235 const int32_t d = *cmd++; 236 out << ": desc=" << d; 237 } break; 238 239 case BC_INCREFS_DONE: 240 case BC_ACQUIRE_DONE: { 241 const int32_t b = *cmd++; 242 const int32_t c = *cmd++; 243 out << ": target=" << (void*)(long)b << " (cookie " << (void*)(long)c << ")"; 244 } break; 245 246 case BC_ATTEMPT_ACQUIRE: { 247 const int32_t p = *cmd++; 248 const int32_t d = *cmd++; 249 out << ": desc=" << d << ", pri=" << p; 250 } break; 251 252 case BC_REQUEST_DEATH_NOTIFICATION: 253 case BC_CLEAR_DEATH_NOTIFICATION: { 254 const int32_t h = *cmd++; 255 const int32_t c = *cmd++; 256 out << ": handle=" << h << " (death cookie " << (void*)(long)c << ")"; 257 } break; 258 259 case BC_DEAD_BINDER_DONE: { 260 const int32_t c = *cmd++; 261 out << ": death cookie " << (void*)(long)c; 262 } break; 263 264 default: 265 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER, 266 // BC_EXIT_LOOPER 267 break; 268 } 269 270 out << endl; 271 return cmd; 272} 273 274static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 275static bool gHaveTLS = false; 276static pthread_key_t gTLS = 0; 277static bool gShutdown = false; 278static bool gDisableBackgroundScheduling = false; 279 280IPCThreadState* IPCThreadState::self() 281{ 282 if (gHaveTLS) { 283restart: 284 const pthread_key_t k = gTLS; 285 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 286 if (st) return st; 287 return new IPCThreadState; 288 } 289 290 if (gShutdown) { 291 ALOGW("Calling IPCThreadState::self() during shutdown is dangerous, expect a crash.\n"); 292 return NULL; 293 } 294 295 pthread_mutex_lock(&gTLSMutex); 296 if (!gHaveTLS) { 297 int key_create_value = pthread_key_create(&gTLS, threadDestructor); 298 if (key_create_value != 0) { 299 pthread_mutex_unlock(&gTLSMutex); 300 ALOGW("IPCThreadState::self() unable to create TLS key, expect a crash: %s\n", 301 strerror(key_create_value)); 302 return NULL; 303 } 304 gHaveTLS = true; 305 } 306 pthread_mutex_unlock(&gTLSMutex); 307 goto restart; 308} 309 310IPCThreadState* IPCThreadState::selfOrNull() 311{ 312 if (gHaveTLS) { 313 const pthread_key_t k = gTLS; 314 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 315 return st; 316 } 317 return NULL; 318} 319 320void IPCThreadState::shutdown() 321{ 322 gShutdown = true; 323 324 if (gHaveTLS) { 325 // XXX Need to wait for all thread pool threads to exit! 326 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 327 if (st) { 328 delete st; 329 pthread_setspecific(gTLS, NULL); 330 } 331 pthread_key_delete(gTLS); 332 gHaveTLS = false; 333 } 334} 335 336void IPCThreadState::disableBackgroundScheduling(bool disable) 337{ 338 gDisableBackgroundScheduling = disable; 339} 340 341sp<ProcessState> IPCThreadState::process() 342{ 343 return mProcess; 344} 345 346status_t IPCThreadState::clearLastError() 347{ 348 const status_t err = mLastError; 349 mLastError = NO_ERROR; 350 return err; 351} 352 353pid_t IPCThreadState::getCallingPid() const 354{ 355 return mCallingPid; 356} 357 358uid_t IPCThreadState::getCallingUid() const 359{ 360 return mCallingUid; 361} 362 363int64_t IPCThreadState::clearCallingIdentity() 364{ 365 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 366 clearCaller(); 367 return token; 368} 369 370void IPCThreadState::setStrictModePolicy(int32_t policy) 371{ 372 mStrictModePolicy = policy; 373} 374 375int32_t IPCThreadState::getStrictModePolicy() const 376{ 377 return mStrictModePolicy; 378} 379 380void IPCThreadState::setLastTransactionBinderFlags(int32_t flags) 381{ 382 mLastTransactionBinderFlags = flags; 383} 384 385int32_t IPCThreadState::getLastTransactionBinderFlags() const 386{ 387 return mLastTransactionBinderFlags; 388} 389 390void IPCThreadState::restoreCallingIdentity(int64_t token) 391{ 392 mCallingUid = (int)(token>>32); 393 mCallingPid = (int)token; 394} 395 396void IPCThreadState::clearCaller() 397{ 398 mCallingPid = getpid(); 399 mCallingUid = getuid(); 400} 401 402void IPCThreadState::flushCommands() 403{ 404 if (mProcess->mDriverFD <= 0) 405 return; 406 talkWithDriver(false); 407} 408 409void IPCThreadState::blockUntilThreadAvailable() 410{ 411 pthread_mutex_lock(&mProcess->mThreadCountLock); 412 while (mProcess->mExecutingThreadsCount >= mProcess->mMaxThreads) { 413 ALOGW("Waiting for thread to be free. mExecutingThreadsCount=%lu mMaxThreads=%lu\n", 414 static_cast<unsigned long>(mProcess->mExecutingThreadsCount), 415 static_cast<unsigned long>(mProcess->mMaxThreads)); 416 pthread_cond_wait(&mProcess->mThreadCountDecrement, &mProcess->mThreadCountLock); 417 } 418 pthread_mutex_unlock(&mProcess->mThreadCountLock); 419} 420 421status_t IPCThreadState::getAndExecuteCommand() 422{ 423 status_t result; 424 int32_t cmd; 425 426 result = talkWithDriver(); 427 if (result >= NO_ERROR) { 428 size_t IN = mIn.dataAvail(); 429 if (IN < sizeof(int32_t)) return result; 430 cmd = mIn.readInt32(); 431 IF_LOG_COMMANDS() { 432 alog << "Processing top-level Command: " 433 << getReturnString(cmd) << endl; 434 } 435 436 pthread_mutex_lock(&mProcess->mThreadCountLock); 437 mProcess->mExecutingThreadsCount++; 438 pthread_mutex_unlock(&mProcess->mThreadCountLock); 439 440 result = executeCommand(cmd); 441 442 pthread_mutex_lock(&mProcess->mThreadCountLock); 443 mProcess->mExecutingThreadsCount--; 444 pthread_cond_broadcast(&mProcess->mThreadCountDecrement); 445 pthread_mutex_unlock(&mProcess->mThreadCountLock); 446 447 // After executing the command, ensure that the thread is returned to the 448 // foreground cgroup before rejoining the pool. The driver takes care of 449 // restoring the priority, but doesn't do anything with cgroups so we 450 // need to take care of that here in userspace. Note that we do make 451 // sure to go in the foreground after executing a transaction, but 452 // there are other callbacks into user code that could have changed 453 // our group so we want to make absolutely sure it is put back. 454 set_sched_policy(mMyThreadId, SP_FOREGROUND); 455 } 456 457 return result; 458} 459 460// When we've cleared the incoming command queue, process any pending derefs 461void IPCThreadState::processPendingDerefs() 462{ 463 if (mIn.dataPosition() >= mIn.dataSize()) { 464 size_t numPending = mPendingWeakDerefs.size(); 465 if (numPending > 0) { 466 for (size_t i = 0; i < numPending; i++) { 467 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 468 refs->decWeak(mProcess.get()); 469 } 470 mPendingWeakDerefs.clear(); 471 } 472 473 numPending = mPendingStrongDerefs.size(); 474 if (numPending > 0) { 475 for (size_t i = 0; i < numPending; i++) { 476 BBinder* obj = mPendingStrongDerefs[i]; 477 obj->decStrong(mProcess.get()); 478 } 479 mPendingStrongDerefs.clear(); 480 } 481 } 482} 483 484void IPCThreadState::joinThreadPool(bool isMain) 485{ 486 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 487 488 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 489 490 // This thread may have been spawned by a thread that was in the background 491 // scheduling group, so first we will make sure it is in the foreground 492 // one to avoid performing an initial transaction in the background. 493 set_sched_policy(mMyThreadId, SP_FOREGROUND); 494 495 status_t result; 496 do { 497 processPendingDerefs(); 498 // now get the next command to be processed, waiting if necessary 499 result = getAndExecuteCommand(); 500 501 if (result < NO_ERROR && result != TIMED_OUT && result != -ECONNREFUSED && result != -EBADF) { 502 ALOGE("getAndExecuteCommand(fd=%d) returned unexpected error %d, aborting", 503 mProcess->mDriverFD, result); 504 abort(); 505 } 506 507 // Let this thread exit the thread pool if it is no longer 508 // needed and it is not the main process thread. 509 if(result == TIMED_OUT && !isMain) { 510 break; 511 } 512 } while (result != -ECONNREFUSED && result != -EBADF); 513 514 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%p\n", 515 (void*)pthread_self(), getpid(), (void*)result); 516 517 mOut.writeInt32(BC_EXIT_LOOPER); 518 talkWithDriver(false); 519} 520 521int IPCThreadState::setupPolling(int* fd) 522{ 523 if (mProcess->mDriverFD <= 0) { 524 return -EBADF; 525 } 526 527 mOut.writeInt32(BC_ENTER_LOOPER); 528 *fd = mProcess->mDriverFD; 529 return 0; 530} 531 532status_t IPCThreadState::handlePolledCommands() 533{ 534 status_t result; 535 536 do { 537 result = getAndExecuteCommand(); 538 } while (mIn.dataPosition() < mIn.dataSize()); 539 540 processPendingDerefs(); 541 flushCommands(); 542 return result; 543} 544 545void IPCThreadState::stopProcess(bool /*immediate*/) 546{ 547 //ALOGI("**** STOPPING PROCESS"); 548 flushCommands(); 549 int fd = mProcess->mDriverFD; 550 mProcess->mDriverFD = -1; 551 close(fd); 552 //kill(getpid(), SIGKILL); 553} 554 555status_t IPCThreadState::transact(int32_t handle, 556 uint32_t code, const Parcel& data, 557 Parcel* reply, uint32_t flags) 558{ 559 status_t err = data.errorCheck(); 560 561 flags |= TF_ACCEPT_FDS; 562 563 IF_LOG_TRANSACTIONS() { 564 TextOutput::Bundle _b(alog); 565 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 566 << handle << " / code " << TypeCode(code) << ": " 567 << indent << data << dedent << endl; 568 } 569 570 if (err == NO_ERROR) { 571 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 572 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 573 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 574 } 575 576 if (err != NO_ERROR) { 577 if (reply) reply->setError(err); 578 return (mLastError = err); 579 } 580 581 if ((flags & TF_ONE_WAY) == 0) { 582 #if 0 583 if (code == 4) { // relayout 584 ALOGI(">>>>>> CALLING transaction 4"); 585 } else { 586 ALOGI(">>>>>> CALLING transaction %d", code); 587 } 588 #endif 589 if (reply) { 590 err = waitForResponse(reply); 591 } else { 592 Parcel fakeReply; 593 err = waitForResponse(&fakeReply); 594 } 595 #if 0 596 if (code == 4) { // relayout 597 ALOGI("<<<<<< RETURNING transaction 4"); 598 } else { 599 ALOGI("<<<<<< RETURNING transaction %d", code); 600 } 601 #endif 602 603 IF_LOG_TRANSACTIONS() { 604 TextOutput::Bundle _b(alog); 605 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 606 << handle << ": "; 607 if (reply) alog << indent << *reply << dedent << endl; 608 else alog << "(none requested)" << endl; 609 } 610 } else { 611 err = waitForResponse(NULL, NULL); 612 } 613 614 return err; 615} 616 617void IPCThreadState::incStrongHandle(int32_t handle) 618{ 619 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 620 mOut.writeInt32(BC_ACQUIRE); 621 mOut.writeInt32(handle); 622} 623 624void IPCThreadState::decStrongHandle(int32_t handle) 625{ 626 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 627 mOut.writeInt32(BC_RELEASE); 628 mOut.writeInt32(handle); 629} 630 631void IPCThreadState::incWeakHandle(int32_t handle) 632{ 633 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 634 mOut.writeInt32(BC_INCREFS); 635 mOut.writeInt32(handle); 636} 637 638void IPCThreadState::decWeakHandle(int32_t handle) 639{ 640 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 641 mOut.writeInt32(BC_DECREFS); 642 mOut.writeInt32(handle); 643} 644 645status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 646{ 647#if HAS_BC_ATTEMPT_ACQUIRE 648 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle); 649 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 650 mOut.writeInt32(0); // xxx was thread priority 651 mOut.writeInt32(handle); 652 status_t result = UNKNOWN_ERROR; 653 654 waitForResponse(NULL, &result); 655 656#if LOG_REFCOUNTS 657 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 658 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 659#endif 660 661 return result; 662#else 663 (void)handle; 664 ALOGE("%s(%d): Not supported\n", __func__, handle); 665 return INVALID_OPERATION; 666#endif 667} 668 669void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 670{ 671#if LOG_REFCOUNTS 672 printf("IPCThreadState::expungeHandle(%ld)\n", handle); 673#endif 674 self()->mProcess->expungeHandle(handle, binder); 675} 676 677status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 678{ 679 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 680 mOut.writeInt32((int32_t)handle); 681 mOut.writePointer((uintptr_t)proxy); 682 return NO_ERROR; 683} 684 685status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 686{ 687 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 688 mOut.writeInt32((int32_t)handle); 689 mOut.writePointer((uintptr_t)proxy); 690 return NO_ERROR; 691} 692 693IPCThreadState::IPCThreadState() 694 : mProcess(ProcessState::self()), 695 mMyThreadId(gettid()), 696 mStrictModePolicy(0), 697 mLastTransactionBinderFlags(0) 698{ 699 pthread_setspecific(gTLS, this); 700 clearCaller(); 701 mIn.setDataCapacity(256); 702 mOut.setDataCapacity(256); 703} 704 705IPCThreadState::~IPCThreadState() 706{ 707} 708 709status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 710{ 711 status_t err; 712 status_t statusBuffer; 713 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 714 if (err < NO_ERROR) return err; 715 716 return waitForResponse(NULL, NULL); 717} 718 719status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 720{ 721 uint32_t cmd; 722 int32_t err; 723 724 while (1) { 725 if ((err=talkWithDriver()) < NO_ERROR) break; 726 err = mIn.errorCheck(); 727 if (err < NO_ERROR) break; 728 if (mIn.dataAvail() == 0) continue; 729 730 cmd = (uint32_t)mIn.readInt32(); 731 732 IF_LOG_COMMANDS() { 733 alog << "Processing waitForResponse Command: " 734 << getReturnString(cmd) << endl; 735 } 736 737 switch (cmd) { 738 case BR_TRANSACTION_COMPLETE: 739 if (!reply && !acquireResult) goto finish; 740 break; 741 742 case BR_DEAD_REPLY: 743 err = DEAD_OBJECT; 744 goto finish; 745 746 case BR_FAILED_REPLY: 747 err = FAILED_TRANSACTION; 748 goto finish; 749 750 case BR_ACQUIRE_RESULT: 751 { 752 ALOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 753 const int32_t result = mIn.readInt32(); 754 if (!acquireResult) continue; 755 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 756 } 757 goto finish; 758 759 case BR_REPLY: 760 { 761 binder_transaction_data tr; 762 err = mIn.read(&tr, sizeof(tr)); 763 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 764 if (err != NO_ERROR) goto finish; 765 766 if (reply) { 767 if ((tr.flags & TF_STATUS_CODE) == 0) { 768 reply->ipcSetDataReference( 769 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 770 tr.data_size, 771 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 772 tr.offsets_size/sizeof(binder_size_t), 773 freeBuffer, this); 774 } else { 775 err = *reinterpret_cast<const status_t*>(tr.data.ptr.buffer); 776 freeBuffer(NULL, 777 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 778 tr.data_size, 779 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 780 tr.offsets_size/sizeof(binder_size_t), this); 781 } 782 } else { 783 freeBuffer(NULL, 784 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 785 tr.data_size, 786 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 787 tr.offsets_size/sizeof(binder_size_t), this); 788 continue; 789 } 790 } 791 goto finish; 792 793 default: 794 err = executeCommand(cmd); 795 if (err != NO_ERROR) goto finish; 796 break; 797 } 798 } 799 800finish: 801 if (err != NO_ERROR) { 802 if (acquireResult) *acquireResult = err; 803 if (reply) reply->setError(err); 804 mLastError = err; 805 } 806 807 return err; 808} 809 810status_t IPCThreadState::talkWithDriver(bool doReceive) 811{ 812 if (mProcess->mDriverFD <= 0) { 813 return -EBADF; 814 } 815 816 binder_write_read bwr; 817 818 // Is the read buffer empty? 819 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 820 821 // We don't want to write anything if we are still reading 822 // from data left in the input buffer and the caller 823 // has requested to read the next data. 824 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 825 826 bwr.write_size = outAvail; 827 bwr.write_buffer = (uintptr_t)mOut.data(); 828 829 // This is what we'll read. 830 if (doReceive && needRead) { 831 bwr.read_size = mIn.dataCapacity(); 832 bwr.read_buffer = (uintptr_t)mIn.data(); 833 } else { 834 bwr.read_size = 0; 835 bwr.read_buffer = 0; 836 } 837 838 IF_LOG_COMMANDS() { 839 TextOutput::Bundle _b(alog); 840 if (outAvail != 0) { 841 alog << "Sending commands to driver: " << indent; 842 const void* cmds = (const void*)bwr.write_buffer; 843 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 844 alog << HexDump(cmds, bwr.write_size) << endl; 845 while (cmds < end) cmds = printCommand(alog, cmds); 846 alog << dedent; 847 } 848 alog << "Size of receive buffer: " << bwr.read_size 849 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 850 } 851 852 // Return immediately if there is nothing to do. 853 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 854 855 bwr.write_consumed = 0; 856 bwr.read_consumed = 0; 857 status_t err; 858 do { 859 IF_LOG_COMMANDS() { 860 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 861 } 862#if defined(__ANDROID__) 863 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 864 err = NO_ERROR; 865 else 866 err = -errno; 867#else 868 err = INVALID_OPERATION; 869#endif 870 if (mProcess->mDriverFD <= 0) { 871 err = -EBADF; 872 } 873 IF_LOG_COMMANDS() { 874 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 875 } 876 } while (err == -EINTR); 877 878 IF_LOG_COMMANDS() { 879 alog << "Our err: " << (void*)(intptr_t)err << ", write consumed: " 880 << bwr.write_consumed << " (of " << mOut.dataSize() 881 << "), read consumed: " << bwr.read_consumed << endl; 882 } 883 884 if (err >= NO_ERROR) { 885 if (bwr.write_consumed > 0) { 886 if (bwr.write_consumed < mOut.dataSize()) 887 mOut.remove(0, bwr.write_consumed); 888 else 889 mOut.setDataSize(0); 890 } 891 if (bwr.read_consumed > 0) { 892 mIn.setDataSize(bwr.read_consumed); 893 mIn.setDataPosition(0); 894 } 895 IF_LOG_COMMANDS() { 896 TextOutput::Bundle _b(alog); 897 alog << "Remaining data size: " << mOut.dataSize() << endl; 898 alog << "Received commands from driver: " << indent; 899 const void* cmds = mIn.data(); 900 const void* end = mIn.data() + mIn.dataSize(); 901 alog << HexDump(cmds, mIn.dataSize()) << endl; 902 while (cmds < end) cmds = printReturnCommand(alog, cmds); 903 alog << dedent; 904 } 905 return NO_ERROR; 906 } 907 908 return err; 909} 910 911status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 912 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 913{ 914 binder_transaction_data tr; 915 916 tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */ 917 tr.target.handle = handle; 918 tr.code = code; 919 tr.flags = binderFlags; 920 tr.cookie = 0; 921 tr.sender_pid = 0; 922 tr.sender_euid = 0; 923 924 const status_t err = data.errorCheck(); 925 if (err == NO_ERROR) { 926 tr.data_size = data.ipcDataSize(); 927 tr.data.ptr.buffer = data.ipcData(); 928 tr.offsets_size = data.ipcObjectsCount()*sizeof(binder_size_t); 929 tr.data.ptr.offsets = data.ipcObjects(); 930 } else if (statusBuffer) { 931 tr.flags |= TF_STATUS_CODE; 932 *statusBuffer = err; 933 tr.data_size = sizeof(status_t); 934 tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer); 935 tr.offsets_size = 0; 936 tr.data.ptr.offsets = 0; 937 } else { 938 return (mLastError = err); 939 } 940 941 mOut.writeInt32(cmd); 942 mOut.write(&tr, sizeof(tr)); 943 944 return NO_ERROR; 945} 946 947sp<BBinder> the_context_object; 948 949void setTheContextObject(sp<BBinder> obj) 950{ 951 the_context_object = obj; 952} 953 954status_t IPCThreadState::executeCommand(int32_t cmd) 955{ 956 BBinder* obj; 957 RefBase::weakref_type* refs; 958 status_t result = NO_ERROR; 959 960 switch ((uint32_t)cmd) { 961 case BR_ERROR: 962 result = mIn.readInt32(); 963 break; 964 965 case BR_OK: 966 break; 967 968 case BR_ACQUIRE: 969 refs = (RefBase::weakref_type*)mIn.readPointer(); 970 obj = (BBinder*)mIn.readPointer(); 971 ALOG_ASSERT(refs->refBase() == obj, 972 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 973 refs, obj, refs->refBase()); 974 obj->incStrong(mProcess.get()); 975 IF_LOG_REMOTEREFS() { 976 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 977 obj->printRefs(); 978 } 979 mOut.writeInt32(BC_ACQUIRE_DONE); 980 mOut.writePointer((uintptr_t)refs); 981 mOut.writePointer((uintptr_t)obj); 982 break; 983 984 case BR_RELEASE: 985 refs = (RefBase::weakref_type*)mIn.readPointer(); 986 obj = (BBinder*)mIn.readPointer(); 987 ALOG_ASSERT(refs->refBase() == obj, 988 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 989 refs, obj, refs->refBase()); 990 IF_LOG_REMOTEREFS() { 991 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 992 obj->printRefs(); 993 } 994 mPendingStrongDerefs.push(obj); 995 break; 996 997 case BR_INCREFS: 998 refs = (RefBase::weakref_type*)mIn.readPointer(); 999 obj = (BBinder*)mIn.readPointer(); 1000 refs->incWeak(mProcess.get()); 1001 mOut.writeInt32(BC_INCREFS_DONE); 1002 mOut.writePointer((uintptr_t)refs); 1003 mOut.writePointer((uintptr_t)obj); 1004 break; 1005 1006 case BR_DECREFS: 1007 refs = (RefBase::weakref_type*)mIn.readPointer(); 1008 obj = (BBinder*)mIn.readPointer(); 1009 // NOTE: This assertion is not valid, because the object may no 1010 // longer exist (thus the (BBinder*)cast above resulting in a different 1011 // memory address). 1012 //ALOG_ASSERT(refs->refBase() == obj, 1013 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 1014 // refs, obj, refs->refBase()); 1015 mPendingWeakDerefs.push(refs); 1016 break; 1017 1018 case BR_ATTEMPT_ACQUIRE: 1019 refs = (RefBase::weakref_type*)mIn.readPointer(); 1020 obj = (BBinder*)mIn.readPointer(); 1021 1022 { 1023 const bool success = refs->attemptIncStrong(mProcess.get()); 1024 ALOG_ASSERT(success && refs->refBase() == obj, 1025 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 1026 refs, obj, refs->refBase()); 1027 1028 mOut.writeInt32(BC_ACQUIRE_RESULT); 1029 mOut.writeInt32((int32_t)success); 1030 } 1031 break; 1032 1033 case BR_TRANSACTION: 1034 { 1035 binder_transaction_data tr; 1036 result = mIn.read(&tr, sizeof(tr)); 1037 ALOG_ASSERT(result == NO_ERROR, 1038 "Not enough command data for brTRANSACTION"); 1039 if (result != NO_ERROR) break; 1040 1041 Parcel buffer; 1042 buffer.ipcSetDataReference( 1043 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 1044 tr.data_size, 1045 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 1046 tr.offsets_size/sizeof(binder_size_t), freeBuffer, this); 1047 1048 const pid_t origPid = mCallingPid; 1049 const uid_t origUid = mCallingUid; 1050 const int32_t origStrictModePolicy = mStrictModePolicy; 1051 const int32_t origTransactionBinderFlags = mLastTransactionBinderFlags; 1052 1053 mCallingPid = tr.sender_pid; 1054 mCallingUid = tr.sender_euid; 1055 mLastTransactionBinderFlags = tr.flags; 1056 1057 int curPrio = getpriority(PRIO_PROCESS, mMyThreadId); 1058 if (gDisableBackgroundScheduling) { 1059 if (curPrio > ANDROID_PRIORITY_NORMAL) { 1060 // We have inherited a reduced priority from the caller, but do not 1061 // want to run in that state in this process. The driver set our 1062 // priority already (though not our scheduling class), so bounce 1063 // it back to the default before invoking the transaction. 1064 setpriority(PRIO_PROCESS, mMyThreadId, ANDROID_PRIORITY_NORMAL); 1065 } 1066 } else { 1067 if (curPrio >= ANDROID_PRIORITY_BACKGROUND) { 1068 // We want to use the inherited priority from the caller. 1069 // Ensure this thread is in the background scheduling class, 1070 // since the driver won't modify scheduling classes for us. 1071 // The scheduling group is reset to default by the caller 1072 // once this method returns after the transaction is complete. 1073 set_sched_policy(mMyThreadId, SP_BACKGROUND); 1074 } 1075 } 1076 1077 //ALOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 1078 1079 Parcel reply; 1080 status_t error; 1081 IF_LOG_TRANSACTIONS() { 1082 TextOutput::Bundle _b(alog); 1083 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 1084 << " / obj " << tr.target.ptr << " / code " 1085 << TypeCode(tr.code) << ": " << indent << buffer 1086 << dedent << endl 1087 << "Data addr = " 1088 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 1089 << ", offsets addr=" 1090 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 1091 } 1092 if (tr.target.ptr) { 1093 // We only have a weak reference on the target object, so we must first try to 1094 // safely acquire a strong reference before doing anything else with it. 1095 if (reinterpret_cast<RefBase::weakref_type*>( 1096 tr.target.ptr)->attemptIncStrong(this)) { 1097 error = reinterpret_cast<BBinder*>(tr.cookie)->transact(tr.code, buffer, 1098 &reply, tr.flags); 1099 reinterpret_cast<BBinder*>(tr.cookie)->decStrong(this); 1100 } else { 1101 error = UNKNOWN_TRANSACTION; 1102 } 1103 1104 } else { 1105 error = the_context_object->transact(tr.code, buffer, &reply, tr.flags); 1106 } 1107 1108 //ALOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 1109 // mCallingPid, origPid, origUid); 1110 1111 if ((tr.flags & TF_ONE_WAY) == 0) { 1112 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 1113 if (error < NO_ERROR) reply.setError(error); 1114 sendReply(reply, 0); 1115 } else { 1116 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 1117 } 1118 1119 mCallingPid = origPid; 1120 mCallingUid = origUid; 1121 mStrictModePolicy = origStrictModePolicy; 1122 mLastTransactionBinderFlags = origTransactionBinderFlags; 1123 1124 IF_LOG_TRANSACTIONS() { 1125 TextOutput::Bundle _b(alog); 1126 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 1127 << tr.target.ptr << ": " << indent << reply << dedent << endl; 1128 } 1129 1130 } 1131 break; 1132 1133 case BR_DEAD_BINDER: 1134 { 1135 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1136 proxy->sendObituary(); 1137 mOut.writeInt32(BC_DEAD_BINDER_DONE); 1138 mOut.writePointer((uintptr_t)proxy); 1139 } break; 1140 1141 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 1142 { 1143 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1144 proxy->getWeakRefs()->decWeak(proxy); 1145 } break; 1146 1147 case BR_FINISHED: 1148 result = TIMED_OUT; 1149 break; 1150 1151 case BR_NOOP: 1152 break; 1153 1154 case BR_SPAWN_LOOPER: 1155 mProcess->spawnPooledThread(false); 1156 break; 1157 1158 default: 1159 printf("*** BAD COMMAND %d received from Binder driver\n", cmd); 1160 result = UNKNOWN_ERROR; 1161 break; 1162 } 1163 1164 if (result != NO_ERROR) { 1165 mLastError = result; 1166 } 1167 1168 return result; 1169} 1170 1171void IPCThreadState::threadDestructor(void *st) 1172{ 1173 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1174 if (self) { 1175 self->flushCommands(); 1176#if defined(__ANDROID__) 1177 if (self->mProcess->mDriverFD > 0) { 1178 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1179 } 1180#endif 1181 delete self; 1182 } 1183} 1184 1185 1186void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, 1187 size_t /*dataSize*/, 1188 const binder_size_t* /*objects*/, 1189 size_t /*objectsSize*/, void* /*cookie*/) 1190{ 1191 //ALOGI("Freeing parcel %p", &parcel); 1192 IF_LOG_COMMANDS() { 1193 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1194 } 1195 ALOG_ASSERT(data != NULL, "Called with NULL data"); 1196 if (parcel != NULL) parcel->closeFileDescriptors(); 1197 IPCThreadState* state = self(); 1198 state->mOut.writeInt32(BC_FREE_BUFFER); 1199 state->mOut.writePointer((uintptr_t)data); 1200} 1201 1202}; // namespace android 1203