1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IMemory" 18 19#include <stdint.h> 20#include <stdio.h> 21#include <stdlib.h> 22#include <fcntl.h> 23#include <unistd.h> 24 25#include <sys/types.h> 26#include <sys/mman.h> 27 28#include <binder/IMemory.h> 29#include <utils/KeyedVector.h> 30#include <utils/threads.h> 31#include <utils/Atomic.h> 32#include <binder/Parcel.h> 33#include <utils/CallStack.h> 34 35#define VERBOSE 0 36 37namespace android { 38// --------------------------------------------------------------------------- 39 40class HeapCache : public IBinder::DeathRecipient 41{ 42public: 43 HeapCache(); 44 virtual ~HeapCache(); 45 46 virtual void binderDied(const wp<IBinder>& who); 47 48 sp<IMemoryHeap> find_heap(const sp<IBinder>& binder); 49 void free_heap(const sp<IBinder>& binder); 50 sp<IMemoryHeap> get_heap(const sp<IBinder>& binder); 51 void dump_heaps(); 52 53private: 54 // For IMemory.cpp 55 struct heap_info_t { 56 sp<IMemoryHeap> heap; 57 int32_t count; 58 }; 59 60 void free_heap(const wp<IBinder>& binder); 61 62 Mutex mHeapCacheLock; 63 KeyedVector< wp<IBinder>, heap_info_t > mHeapCache; 64}; 65 66static sp<HeapCache> gHeapCache = new HeapCache(); 67 68/******************************************************************************/ 69 70enum { 71 HEAP_ID = IBinder::FIRST_CALL_TRANSACTION 72}; 73 74class BpMemoryHeap : public BpInterface<IMemoryHeap> 75{ 76public: 77 BpMemoryHeap(const sp<IBinder>& impl); 78 virtual ~BpMemoryHeap(); 79 80 virtual int getHeapID() const; 81 virtual void* getBase() const; 82 virtual size_t getSize() const; 83 virtual uint32_t getFlags() const; 84 virtual uint32_t getOffset() const; 85 86private: 87 friend class IMemory; 88 friend class HeapCache; 89 90 // for debugging in this module 91 static inline sp<IMemoryHeap> find_heap(const sp<IBinder>& binder) { 92 return gHeapCache->find_heap(binder); 93 } 94 static inline void free_heap(const sp<IBinder>& binder) { 95 gHeapCache->free_heap(binder); 96 } 97 static inline sp<IMemoryHeap> get_heap(const sp<IBinder>& binder) { 98 return gHeapCache->get_heap(binder); 99 } 100 static inline void dump_heaps() { 101 gHeapCache->dump_heaps(); 102 } 103 104 void assertMapped() const; 105 void assertReallyMapped() const; 106 107 mutable volatile int32_t mHeapId; 108 mutable void* mBase; 109 mutable size_t mSize; 110 mutable uint32_t mFlags; 111 mutable uint32_t mOffset; 112 mutable bool mRealHeap; 113 mutable Mutex mLock; 114}; 115 116// ---------------------------------------------------------------------------- 117 118enum { 119 GET_MEMORY = IBinder::FIRST_CALL_TRANSACTION 120}; 121 122class BpMemory : public BpInterface<IMemory> 123{ 124public: 125 BpMemory(const sp<IBinder>& impl); 126 virtual ~BpMemory(); 127 virtual sp<IMemoryHeap> getMemory(ssize_t* offset=0, size_t* size=0) const; 128 129private: 130 mutable sp<IMemoryHeap> mHeap; 131 mutable ssize_t mOffset; 132 mutable size_t mSize; 133}; 134 135/******************************************************************************/ 136 137void* IMemory::fastPointer(const sp<IBinder>& binder, ssize_t offset) const 138{ 139 sp<IMemoryHeap> realHeap = BpMemoryHeap::get_heap(binder); 140 void* const base = realHeap->base(); 141 if (base == MAP_FAILED) 142 return 0; 143 return static_cast<char*>(base) + offset; 144} 145 146void* IMemory::pointer() const { 147 ssize_t offset; 148 sp<IMemoryHeap> heap = getMemory(&offset); 149 void* const base = heap!=0 ? heap->base() : MAP_FAILED; 150 if (base == MAP_FAILED) 151 return 0; 152 return static_cast<char*>(base) + offset; 153} 154 155size_t IMemory::size() const { 156 size_t size; 157 getMemory(NULL, &size); 158 return size; 159} 160 161ssize_t IMemory::offset() const { 162 ssize_t offset; 163 getMemory(&offset); 164 return offset; 165} 166 167/******************************************************************************/ 168 169BpMemory::BpMemory(const sp<IBinder>& impl) 170 : BpInterface<IMemory>(impl), mOffset(0), mSize(0) 171{ 172} 173 174BpMemory::~BpMemory() 175{ 176} 177 178sp<IMemoryHeap> BpMemory::getMemory(ssize_t* offset, size_t* size) const 179{ 180 if (mHeap == 0) { 181 Parcel data, reply; 182 data.writeInterfaceToken(IMemory::getInterfaceDescriptor()); 183 if (remote()->transact(GET_MEMORY, data, &reply) == NO_ERROR) { 184 sp<IBinder> heap = reply.readStrongBinder(); 185 ssize_t o = reply.readInt32(); 186 size_t s = reply.readInt32(); 187 if (heap != 0) { 188 mHeap = interface_cast<IMemoryHeap>(heap); 189 if (mHeap != 0) { 190 mOffset = o; 191 mSize = s; 192 } 193 } 194 } 195 } 196 if (offset) *offset = mOffset; 197 if (size) *size = mSize; 198 return mHeap; 199} 200 201// --------------------------------------------------------------------------- 202 203IMPLEMENT_META_INTERFACE(Memory, "android.utils.IMemory"); 204 205BnMemory::BnMemory() { 206} 207 208BnMemory::~BnMemory() { 209} 210 211status_t BnMemory::onTransact( 212 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) 213{ 214 switch(code) { 215 case GET_MEMORY: { 216 CHECK_INTERFACE(IMemory, data, reply); 217 ssize_t offset; 218 size_t size; 219 reply->writeStrongBinder( getMemory(&offset, &size)->asBinder() ); 220 reply->writeInt32(offset); 221 reply->writeInt32(size); 222 return NO_ERROR; 223 } break; 224 default: 225 return BBinder::onTransact(code, data, reply, flags); 226 } 227} 228 229 230/******************************************************************************/ 231 232BpMemoryHeap::BpMemoryHeap(const sp<IBinder>& impl) 233 : BpInterface<IMemoryHeap>(impl), 234 mHeapId(-1), mBase(MAP_FAILED), mSize(0), mFlags(0), mOffset(0), mRealHeap(false) 235{ 236} 237 238BpMemoryHeap::~BpMemoryHeap() { 239 if (mHeapId != -1) { 240 close(mHeapId); 241 if (mRealHeap) { 242 // by construction we're the last one 243 if (mBase != MAP_FAILED) { 244 sp<IBinder> binder = const_cast<BpMemoryHeap*>(this)->asBinder(); 245 246 if (VERBOSE) { 247 LOGD("UNMAPPING binder=%p, heap=%p, size=%d, fd=%d", 248 binder.get(), this, mSize, mHeapId); 249 CallStack stack; 250 stack.update(); 251 stack.dump("callstack"); 252 } 253 254 munmap(mBase, mSize); 255 } 256 } else { 257 // remove from list only if it was mapped before 258 sp<IBinder> binder = const_cast<BpMemoryHeap*>(this)->asBinder(); 259 free_heap(binder); 260 } 261 } 262} 263 264void BpMemoryHeap::assertMapped() const 265{ 266 if (mHeapId == -1) { 267 sp<IBinder> binder(const_cast<BpMemoryHeap*>(this)->asBinder()); 268 sp<BpMemoryHeap> heap(static_cast<BpMemoryHeap*>(find_heap(binder).get())); 269 heap->assertReallyMapped(); 270 if (heap->mBase != MAP_FAILED) { 271 Mutex::Autolock _l(mLock); 272 if (mHeapId == -1) { 273 mBase = heap->mBase; 274 mSize = heap->mSize; 275 mOffset = heap->mOffset; 276 android_atomic_write( dup( heap->mHeapId ), &mHeapId ); 277 } 278 } else { 279 // something went wrong 280 free_heap(binder); 281 } 282 } 283} 284 285void BpMemoryHeap::assertReallyMapped() const 286{ 287 if (mHeapId == -1) { 288 289 // remote call without mLock held, worse case scenario, we end up 290 // calling transact() from multiple threads, but that's not a problem, 291 // only mmap below must be in the critical section. 292 293 Parcel data, reply; 294 data.writeInterfaceToken(IMemoryHeap::getInterfaceDescriptor()); 295 status_t err = remote()->transact(HEAP_ID, data, &reply); 296 int parcel_fd = reply.readFileDescriptor(); 297 ssize_t size = reply.readInt32(); 298 uint32_t flags = reply.readInt32(); 299 uint32_t offset = reply.readInt32(); 300 301 LOGE_IF(err, "binder=%p transaction failed fd=%d, size=%ld, err=%d (%s)", 302 asBinder().get(), parcel_fd, size, err, strerror(-err)); 303 304 int fd = dup( parcel_fd ); 305 LOGE_IF(fd==-1, "cannot dup fd=%d, size=%ld, err=%d (%s)", 306 parcel_fd, size, err, strerror(errno)); 307 308 int access = PROT_READ; 309 if (!(flags & READ_ONLY)) { 310 access |= PROT_WRITE; 311 } 312 313 Mutex::Autolock _l(mLock); 314 if (mHeapId == -1) { 315 mRealHeap = true; 316 mBase = mmap(0, size, access, MAP_SHARED, fd, offset); 317 if (mBase == MAP_FAILED) { 318 LOGE("cannot map BpMemoryHeap (binder=%p), size=%ld, fd=%d (%s)", 319 asBinder().get(), size, fd, strerror(errno)); 320 close(fd); 321 } else { 322 mSize = size; 323 mFlags = flags; 324 mOffset = offset; 325 android_atomic_write(fd, &mHeapId); 326 } 327 } 328 } 329} 330 331int BpMemoryHeap::getHeapID() const { 332 assertMapped(); 333 return mHeapId; 334} 335 336void* BpMemoryHeap::getBase() const { 337 assertMapped(); 338 return mBase; 339} 340 341size_t BpMemoryHeap::getSize() const { 342 assertMapped(); 343 return mSize; 344} 345 346uint32_t BpMemoryHeap::getFlags() const { 347 assertMapped(); 348 return mFlags; 349} 350 351uint32_t BpMemoryHeap::getOffset() const { 352 assertMapped(); 353 return mOffset; 354} 355 356// --------------------------------------------------------------------------- 357 358IMPLEMENT_META_INTERFACE(MemoryHeap, "android.utils.IMemoryHeap"); 359 360BnMemoryHeap::BnMemoryHeap() { 361} 362 363BnMemoryHeap::~BnMemoryHeap() { 364} 365 366status_t BnMemoryHeap::onTransact( 367 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) 368{ 369 switch(code) { 370 case HEAP_ID: { 371 CHECK_INTERFACE(IMemoryHeap, data, reply); 372 reply->writeFileDescriptor(getHeapID()); 373 reply->writeInt32(getSize()); 374 reply->writeInt32(getFlags()); 375 reply->writeInt32(getOffset()); 376 return NO_ERROR; 377 } break; 378 default: 379 return BBinder::onTransact(code, data, reply, flags); 380 } 381} 382 383/*****************************************************************************/ 384 385HeapCache::HeapCache() 386 : DeathRecipient() 387{ 388} 389 390HeapCache::~HeapCache() 391{ 392} 393 394void HeapCache::binderDied(const wp<IBinder>& binder) 395{ 396 //LOGD("binderDied binder=%p", binder.unsafe_get()); 397 free_heap(binder); 398} 399 400sp<IMemoryHeap> HeapCache::find_heap(const sp<IBinder>& binder) 401{ 402 Mutex::Autolock _l(mHeapCacheLock); 403 ssize_t i = mHeapCache.indexOfKey(binder); 404 if (i>=0) { 405 heap_info_t& info = mHeapCache.editValueAt(i); 406 LOGD_IF(VERBOSE, 407 "found binder=%p, heap=%p, size=%d, fd=%d, count=%d", 408 binder.get(), info.heap.get(), 409 static_cast<BpMemoryHeap*>(info.heap.get())->mSize, 410 static_cast<BpMemoryHeap*>(info.heap.get())->mHeapId, 411 info.count); 412 android_atomic_inc(&info.count); 413 return info.heap; 414 } else { 415 heap_info_t info; 416 info.heap = interface_cast<IMemoryHeap>(binder); 417 info.count = 1; 418 //LOGD("adding binder=%p, heap=%p, count=%d", 419 // binder.get(), info.heap.get(), info.count); 420 mHeapCache.add(binder, info); 421 return info.heap; 422 } 423} 424 425void HeapCache::free_heap(const sp<IBinder>& binder) { 426 free_heap( wp<IBinder>(binder) ); 427} 428 429void HeapCache::free_heap(const wp<IBinder>& binder) 430{ 431 sp<IMemoryHeap> rel; 432 { 433 Mutex::Autolock _l(mHeapCacheLock); 434 ssize_t i = mHeapCache.indexOfKey(binder); 435 if (i>=0) { 436 heap_info_t& info(mHeapCache.editValueAt(i)); 437 int32_t c = android_atomic_dec(&info.count); 438 if (c == 1) { 439 LOGD_IF(VERBOSE, 440 "removing binder=%p, heap=%p, size=%d, fd=%d, count=%d", 441 binder.unsafe_get(), info.heap.get(), 442 static_cast<BpMemoryHeap*>(info.heap.get())->mSize, 443 static_cast<BpMemoryHeap*>(info.heap.get())->mHeapId, 444 info.count); 445 rel = mHeapCache.valueAt(i).heap; 446 mHeapCache.removeItemsAt(i); 447 } 448 } else { 449 LOGE("free_heap binder=%p not found!!!", binder.unsafe_get()); 450 } 451 } 452} 453 454sp<IMemoryHeap> HeapCache::get_heap(const sp<IBinder>& binder) 455{ 456 sp<IMemoryHeap> realHeap; 457 Mutex::Autolock _l(mHeapCacheLock); 458 ssize_t i = mHeapCache.indexOfKey(binder); 459 if (i>=0) realHeap = mHeapCache.valueAt(i).heap; 460 else realHeap = interface_cast<IMemoryHeap>(binder); 461 return realHeap; 462} 463 464void HeapCache::dump_heaps() 465{ 466 Mutex::Autolock _l(mHeapCacheLock); 467 int c = mHeapCache.size(); 468 for (int i=0 ; i<c ; i++) { 469 const heap_info_t& info = mHeapCache.valueAt(i); 470 BpMemoryHeap const* h(static_cast<BpMemoryHeap const *>(info.heap.get())); 471 LOGD("hey=%p, heap=%p, count=%d, (fd=%d, base=%p, size=%d)", 472 mHeapCache.keyAt(i).unsafe_get(), 473 info.heap.get(), info.count, 474 h->mHeapId, h->mBase, h->mSize); 475 } 476} 477 478 479// --------------------------------------------------------------------------- 480}; // namespace android 481