binder.c revision bcf38880c65297da58194eb0c0ce8d6e2bab7d94
1/* Copyright 2008 The Android Open Source Project 2 */ 3 4#include <stdio.h> 5#include <stdlib.h> 6#include <errno.h> 7#include <unistd.h> 8#include <fcntl.h> 9#include <sys/mman.h> 10 11#include "binder.h" 12 13#define MAX_BIO_SIZE (1 << 30) 14 15#define TRACE 0 16 17#define LOG_TAG "Binder" 18#include <cutils/log.h> 19 20void bio_init_from_txn(struct binder_io *io, struct binder_transaction_data *txn); 21 22#if TRACE 23void hexdump(void *_data, unsigned len) 24{ 25 unsigned char *data = _data; 26 unsigned count; 27 28 for (count = 0; count < len; count++) { 29 if ((count & 15) == 0) 30 fprintf(stderr,"%04x:", count); 31 fprintf(stderr," %02x %c", *data, 32 (*data < 32) || (*data > 126) ? '.' : *data); 33 data++; 34 if ((count & 15) == 15) 35 fprintf(stderr,"\n"); 36 } 37 if ((count & 15) != 0) 38 fprintf(stderr,"\n"); 39} 40 41void binder_dump_txn(struct binder_transaction_data *txn) 42{ 43 struct flat_binder_object *obj; 44 unsigned *offs = txn->data.ptr.offsets; 45 unsigned count = txn->offsets_size / 4; 46 47 fprintf(stderr," target %p cookie %p code %08x flags %08x\n", 48 txn->target.ptr, txn->cookie, txn->code, txn->flags); 49 fprintf(stderr," pid %8d uid %8d data %zu offs %zu\n", 50 txn->sender_pid, txn->sender_euid, txn->data_size, txn->offsets_size); 51 hexdump(txn->data.ptr.buffer, txn->data_size); 52 while (count--) { 53 obj = (struct flat_binder_object *) (((char*) txn->data.ptr.buffer) + *offs++); 54 fprintf(stderr," - type %08x flags %08x ptr %p cookie %p\n", 55 obj->type, obj->flags, obj->binder, obj->cookie); 56 } 57} 58 59#define NAME(n) case n: return #n 60const char *cmd_name(uint32_t cmd) 61{ 62 switch(cmd) { 63 NAME(BR_NOOP); 64 NAME(BR_TRANSACTION_COMPLETE); 65 NAME(BR_INCREFS); 66 NAME(BR_ACQUIRE); 67 NAME(BR_RELEASE); 68 NAME(BR_DECREFS); 69 NAME(BR_TRANSACTION); 70 NAME(BR_REPLY); 71 NAME(BR_FAILED_REPLY); 72 NAME(BR_DEAD_REPLY); 73 NAME(BR_DEAD_BINDER); 74 default: return "???"; 75 } 76} 77#else 78#define hexdump(a,b) do{} while (0) 79#define binder_dump_txn(txn) do{} while (0) 80#endif 81 82#define BIO_F_SHARED 0x01 /* needs to be buffer freed */ 83#define BIO_F_OVERFLOW 0x02 /* ran out of space */ 84#define BIO_F_IOERROR 0x04 85#define BIO_F_MALLOCED 0x08 /* needs to be free()'d */ 86 87struct binder_state 88{ 89 int fd; 90 void *mapped; 91 unsigned mapsize; 92}; 93 94struct binder_state *binder_open(unsigned mapsize) 95{ 96 struct binder_state *bs; 97 98 bs = malloc(sizeof(*bs)); 99 if (!bs) { 100 errno = ENOMEM; 101 return 0; 102 } 103 104 bs->fd = open("/dev/binder", O_RDWR); 105 if (bs->fd < 0) { 106 fprintf(stderr,"binder: cannot open device (%s)\n", 107 strerror(errno)); 108 goto fail_open; 109 } 110 111 bs->mapsize = mapsize; 112 bs->mapped = mmap(NULL, mapsize, PROT_READ, MAP_PRIVATE, bs->fd, 0); 113 if (bs->mapped == MAP_FAILED) { 114 fprintf(stderr,"binder: cannot map device (%s)\n", 115 strerror(errno)); 116 goto fail_map; 117 } 118 119 /* TODO: check version */ 120 121 return bs; 122 123fail_map: 124 close(bs->fd); 125fail_open: 126 free(bs); 127 return 0; 128} 129 130void binder_close(struct binder_state *bs) 131{ 132 munmap(bs->mapped, bs->mapsize); 133 close(bs->fd); 134 free(bs); 135} 136 137int binder_become_context_manager(struct binder_state *bs) 138{ 139 return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0); 140} 141 142int binder_write(struct binder_state *bs, void *data, unsigned len) 143{ 144 struct binder_write_read bwr; 145 int res; 146 bwr.write_size = len; 147 bwr.write_consumed = 0; 148 bwr.write_buffer = (unsigned) data; 149 bwr.read_size = 0; 150 bwr.read_consumed = 0; 151 bwr.read_buffer = 0; 152 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); 153 if (res < 0) { 154 fprintf(stderr,"binder_write: ioctl failed (%s)\n", 155 strerror(errno)); 156 } 157 return res; 158} 159 160void binder_send_reply(struct binder_state *bs, 161 struct binder_io *reply, 162 void *buffer_to_free, 163 int status) 164{ 165 struct { 166 uint32_t cmd_free; 167 void *buffer; 168 uint32_t cmd_reply; 169 struct binder_transaction_data txn; 170 } __attribute__((packed)) data; 171 172 data.cmd_free = BC_FREE_BUFFER; 173 data.buffer = buffer_to_free; 174 data.cmd_reply = BC_REPLY; 175 data.txn.target.ptr = 0; 176 data.txn.cookie = 0; 177 data.txn.code = 0; 178 if (status) { 179 data.txn.flags = TF_STATUS_CODE; 180 data.txn.data_size = sizeof(int); 181 data.txn.offsets_size = 0; 182 data.txn.data.ptr.buffer = &status; 183 data.txn.data.ptr.offsets = 0; 184 } else { 185 data.txn.flags = 0; 186 data.txn.data_size = reply->data - reply->data0; 187 data.txn.offsets_size = ((char*) reply->offs) - ((char*) reply->offs0); 188 data.txn.data.ptr.buffer = reply->data0; 189 data.txn.data.ptr.offsets = reply->offs0; 190 } 191 binder_write(bs, &data, sizeof(data)); 192} 193 194int binder_parse(struct binder_state *bs, struct binder_io *bio, 195 uint32_t *ptr, uint32_t size, binder_handler func) 196{ 197 int r = 1; 198 uint32_t *end = ptr + (size / 4); 199 200 while (ptr < end) { 201 uint32_t cmd = *ptr++; 202#if TRACE 203 fprintf(stderr,"%s:\n", cmd_name(cmd)); 204#endif 205 switch(cmd) { 206 case BR_NOOP: 207 break; 208 case BR_TRANSACTION_COMPLETE: 209 break; 210 case BR_INCREFS: 211 case BR_ACQUIRE: 212 case BR_RELEASE: 213 case BR_DECREFS: 214#if TRACE 215 fprintf(stderr," %08x %08x\n", ptr[0], ptr[1]); 216#endif 217 ptr += 2; 218 break; 219 case BR_TRANSACTION: { 220 struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr; 221 if ((end - ptr) * sizeof(uint32_t) < sizeof(*txn)) { 222 ALOGE("parse: txn too small!\n"); 223 return -1; 224 } 225 binder_dump_txn(txn); 226 if (func) { 227 unsigned rdata[256/4]; 228 struct binder_io msg; 229 struct binder_io reply; 230 int res; 231 232 bio_init(&reply, rdata, sizeof(rdata), 4); 233 bio_init_from_txn(&msg, txn); 234 res = func(bs, txn, &msg, &reply); 235 binder_send_reply(bs, &reply, txn->data.ptr.buffer, res); 236 } 237 ptr += sizeof(*txn) / sizeof(uint32_t); 238 break; 239 } 240 case BR_REPLY: { 241 struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr; 242 if ((end - ptr) * sizeof(uint32_t) < sizeof(*txn)) { 243 ALOGE("parse: reply too small!\n"); 244 return -1; 245 } 246 binder_dump_txn(txn); 247 if (bio) { 248 bio_init_from_txn(bio, txn); 249 bio = 0; 250 } else { 251 /* todo FREE BUFFER */ 252 } 253 ptr += (sizeof(*txn) / sizeof(uint32_t)); 254 r = 0; 255 break; 256 } 257 case BR_DEAD_BINDER: { 258 struct binder_death *death = (void*) *ptr++; 259 death->func(bs, death->ptr); 260 break; 261 } 262 case BR_FAILED_REPLY: 263 r = -1; 264 break; 265 case BR_DEAD_REPLY: 266 r = -1; 267 break; 268 default: 269 ALOGE("parse: OOPS %d\n", cmd); 270 return -1; 271 } 272 } 273 274 return r; 275} 276 277void binder_acquire(struct binder_state *bs, void *ptr) 278{ 279 uint32_t cmd[2]; 280 cmd[0] = BC_ACQUIRE; 281 cmd[1] = (uint32_t) ptr; 282 binder_write(bs, cmd, sizeof(cmd)); 283} 284 285void binder_release(struct binder_state *bs, void *ptr) 286{ 287 uint32_t cmd[2]; 288 cmd[0] = BC_RELEASE; 289 cmd[1] = (uint32_t) ptr; 290 binder_write(bs, cmd, sizeof(cmd)); 291} 292 293void binder_link_to_death(struct binder_state *bs, void *ptr, struct binder_death *death) 294{ 295 uint32_t cmd[3]; 296 cmd[0] = BC_REQUEST_DEATH_NOTIFICATION; 297 cmd[1] = (uint32_t) ptr; 298 cmd[2] = (uint32_t) death; 299 binder_write(bs, cmd, sizeof(cmd)); 300} 301 302 303int binder_call(struct binder_state *bs, 304 struct binder_io *msg, struct binder_io *reply, 305 void *target, uint32_t code) 306{ 307 int res; 308 struct binder_write_read bwr; 309 struct { 310 uint32_t cmd; 311 struct binder_transaction_data txn; 312 } writebuf; 313 unsigned readbuf[32]; 314 315 if (msg->flags & BIO_F_OVERFLOW) { 316 fprintf(stderr,"binder: txn buffer overflow\n"); 317 goto fail; 318 } 319 320 writebuf.cmd = BC_TRANSACTION; 321 writebuf.txn.target.handle = target; 322 writebuf.txn.code = code; 323 writebuf.txn.flags = 0; 324 writebuf.txn.data_size = msg->data - msg->data0; 325 writebuf.txn.offsets_size = ((char*) msg->offs) - ((char*) msg->offs0); 326 writebuf.txn.data.ptr.buffer = msg->data0; 327 writebuf.txn.data.ptr.offsets = msg->offs0; 328 329 bwr.write_size = sizeof(writebuf); 330 bwr.write_consumed = 0; 331 bwr.write_buffer = (unsigned) &writebuf; 332 333 hexdump(msg->data0, msg->data - msg->data0); 334 for (;;) { 335 bwr.read_size = sizeof(readbuf); 336 bwr.read_consumed = 0; 337 bwr.read_buffer = (unsigned) readbuf; 338 339 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); 340 341 if (res < 0) { 342 fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno)); 343 goto fail; 344 } 345 346 res = binder_parse(bs, reply, readbuf, bwr.read_consumed, 0); 347 if (res == 0) return 0; 348 if (res < 0) goto fail; 349 } 350 351fail: 352 memset(reply, 0, sizeof(*reply)); 353 reply->flags |= BIO_F_IOERROR; 354 return -1; 355} 356 357void binder_loop(struct binder_state *bs, binder_handler func) 358{ 359 int res; 360 struct binder_write_read bwr; 361 unsigned readbuf[32]; 362 363 bwr.write_size = 0; 364 bwr.write_consumed = 0; 365 bwr.write_buffer = 0; 366 367 readbuf[0] = BC_ENTER_LOOPER; 368 binder_write(bs, readbuf, sizeof(unsigned)); 369 370 for (;;) { 371 bwr.read_size = sizeof(readbuf); 372 bwr.read_consumed = 0; 373 bwr.read_buffer = (unsigned) readbuf; 374 375 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); 376 377 if (res < 0) { 378 ALOGE("binder_loop: ioctl failed (%s)\n", strerror(errno)); 379 break; 380 } 381 382 res = binder_parse(bs, 0, readbuf, bwr.read_consumed, func); 383 if (res == 0) { 384 ALOGE("binder_loop: unexpected reply?!\n"); 385 break; 386 } 387 if (res < 0) { 388 ALOGE("binder_loop: io error %d %s\n", res, strerror(errno)); 389 break; 390 } 391 } 392} 393 394void bio_init_from_txn(struct binder_io *bio, struct binder_transaction_data *txn) 395{ 396 bio->data = bio->data0 = txn->data.ptr.buffer; 397 bio->offs = bio->offs0 = txn->data.ptr.offsets; 398 bio->data_avail = txn->data_size; 399 bio->offs_avail = txn->offsets_size / 4; 400 bio->flags = BIO_F_SHARED; 401} 402 403void bio_init(struct binder_io *bio, void *data, 404 uint32_t maxdata, uint32_t maxoffs) 405{ 406 uint32_t n = maxoffs * sizeof(uint32_t); 407 408 if (n > maxdata) { 409 bio->flags = BIO_F_OVERFLOW; 410 bio->data_avail = 0; 411 bio->offs_avail = 0; 412 return; 413 } 414 415 bio->data = bio->data0 = (char *) data + n; 416 bio->offs = bio->offs0 = data; 417 bio->data_avail = maxdata - n; 418 bio->offs_avail = maxoffs; 419 bio->flags = 0; 420} 421 422static void *bio_alloc(struct binder_io *bio, uint32_t size) 423{ 424 size = (size + 3) & (~3); 425 if (size > bio->data_avail) { 426 bio->flags |= BIO_F_OVERFLOW; 427 return 0; 428 } else { 429 void *ptr = bio->data; 430 bio->data += size; 431 bio->data_avail -= size; 432 return ptr; 433 } 434} 435 436void binder_done(struct binder_state *bs, 437 struct binder_io *msg, 438 struct binder_io *reply) 439{ 440 if (reply->flags & BIO_F_SHARED) { 441 uint32_t cmd[2]; 442 cmd[0] = BC_FREE_BUFFER; 443 cmd[1] = (uint32_t) reply->data0; 444 binder_write(bs, cmd, sizeof(cmd)); 445 reply->flags = 0; 446 } 447} 448 449static struct flat_binder_object *bio_alloc_obj(struct binder_io *bio) 450{ 451 struct flat_binder_object *obj; 452 453 obj = bio_alloc(bio, sizeof(*obj)); 454 455 if (obj && bio->offs_avail) { 456 bio->offs_avail--; 457 *bio->offs++ = ((char*) obj) - ((char*) bio->data0); 458 return obj; 459 } 460 461 bio->flags |= BIO_F_OVERFLOW; 462 return 0; 463} 464 465void bio_put_uint32(struct binder_io *bio, uint32_t n) 466{ 467 uint32_t *ptr = bio_alloc(bio, sizeof(n)); 468 if (ptr) 469 *ptr = n; 470} 471 472void bio_put_obj(struct binder_io *bio, void *ptr) 473{ 474 struct flat_binder_object *obj; 475 476 obj = bio_alloc_obj(bio); 477 if (!obj) 478 return; 479 480 obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 481 obj->type = BINDER_TYPE_BINDER; 482 obj->binder = ptr; 483 obj->cookie = 0; 484} 485 486void bio_put_ref(struct binder_io *bio, void *ptr) 487{ 488 struct flat_binder_object *obj; 489 490 if (ptr) 491 obj = bio_alloc_obj(bio); 492 else 493 obj = bio_alloc(bio, sizeof(*obj)); 494 495 if (!obj) 496 return; 497 498 obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 499 obj->type = BINDER_TYPE_HANDLE; 500 obj->handle = ptr; 501 obj->cookie = 0; 502} 503 504void bio_put_string16(struct binder_io *bio, const uint16_t *str) 505{ 506 uint32_t len; 507 uint16_t *ptr; 508 509 if (!str) { 510 bio_put_uint32(bio, 0xffffffff); 511 return; 512 } 513 514 len = 0; 515 while (str[len]) len++; 516 517 if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) { 518 bio_put_uint32(bio, 0xffffffff); 519 return; 520 } 521 522 bio_put_uint32(bio, len); 523 len = (len + 1) * sizeof(uint16_t); 524 ptr = bio_alloc(bio, len); 525 if (ptr) 526 memcpy(ptr, str, len); 527} 528 529void bio_put_string16_x(struct binder_io *bio, const char *_str) 530{ 531 unsigned char *str = (unsigned char*) _str; 532 uint32_t len; 533 uint16_t *ptr; 534 535 if (!str) { 536 bio_put_uint32(bio, 0xffffffff); 537 return; 538 } 539 540 len = strlen(_str); 541 542 if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) { 543 bio_put_uint32(bio, 0xffffffff); 544 return; 545 } 546 547 bio_put_uint32(bio, len); 548 ptr = bio_alloc(bio, (len + 1) * sizeof(uint16_t)); 549 if (!ptr) 550 return; 551 552 while (*str) 553 *ptr++ = *str++; 554 *ptr++ = 0; 555} 556 557static void *bio_get(struct binder_io *bio, uint32_t size) 558{ 559 size = (size + 3) & (~3); 560 561 if (bio->data_avail < size){ 562 bio->data_avail = 0; 563 bio->flags |= BIO_F_OVERFLOW; 564 return 0; 565 } else { 566 void *ptr = bio->data; 567 bio->data += size; 568 bio->data_avail -= size; 569 return ptr; 570 } 571} 572 573uint32_t bio_get_uint32(struct binder_io *bio) 574{ 575 uint32_t *ptr = bio_get(bio, sizeof(*ptr)); 576 return ptr ? *ptr : 0; 577} 578 579uint16_t *bio_get_string16(struct binder_io *bio, unsigned *sz) 580{ 581 unsigned len; 582 len = bio_get_uint32(bio); 583 if (sz) 584 *sz = len; 585 return bio_get(bio, (len + 1) * sizeof(uint16_t)); 586} 587 588static struct flat_binder_object *_bio_get_obj(struct binder_io *bio) 589{ 590 unsigned n; 591 unsigned off = bio->data - bio->data0; 592 593 /* TODO: be smarter about this? */ 594 for (n = 0; n < bio->offs_avail; n++) { 595 if (bio->offs[n] == off) 596 return bio_get(bio, sizeof(struct flat_binder_object)); 597 } 598 599 bio->data_avail = 0; 600 bio->flags |= BIO_F_OVERFLOW; 601 return 0; 602} 603 604void *bio_get_ref(struct binder_io *bio) 605{ 606 struct flat_binder_object *obj; 607 608 obj = _bio_get_obj(bio); 609 if (!obj) 610 return 0; 611 612 if (obj->type == BINDER_TYPE_HANDLE) 613 return obj->handle; 614 615 return 0; 616} 617