IPCThreadState.cpp revision 07fd0f195db6d341cab4e54257f508d802c98832
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <binder/TextOutput.h> 24 25#include <cutils/sched_policy.h> 26#include <utils/Debug.h> 27#include <utils/Log.h> 28#include <utils/threads.h> 29 30#include <private/binder/binder_module.h> 31#include <private/binder/Static.h> 32 33#include <sys/ioctl.h> 34#include <signal.h> 35#include <errno.h> 36#include <stdio.h> 37#include <unistd.h> 38 39#ifdef HAVE_PTHREADS 40#include <pthread.h> 41#include <sched.h> 42#include <sys/resource.h> 43#endif 44#ifdef HAVE_WIN32_THREADS 45#include <windows.h> 46#endif 47 48 49#if LOG_NDEBUG 50 51#define IF_LOG_TRANSACTIONS() if (false) 52#define IF_LOG_COMMANDS() if (false) 53#define LOG_REMOTEREFS(...) 54#define IF_LOG_REMOTEREFS() if (false) 55#define LOG_THREADPOOL(...) 56#define LOG_ONEWAY(...) 57 58#else 59 60#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact") 61#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc") 62#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 63#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs") 64#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 65#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__) 66 67#endif 68 69// --------------------------------------------------------------------------- 70 71namespace android { 72 73static const char* getReturnString(size_t idx); 74static const char* getCommandString(size_t idx); 75static const void* printReturnCommand(TextOutput& out, const void* _cmd); 76static const void* printCommand(TextOutput& out, const void* _cmd); 77 78// This will result in a missing symbol failure if the IF_LOG_COMMANDS() 79// conditionals don't get stripped... but that is probably what we want. 80#if !LOG_NDEBUG 81static const char *kReturnStrings[] = { 82 "BR_ERROR", 83 "BR_OK", 84 "BR_TRANSACTION", 85 "BR_REPLY", 86 "BR_ACQUIRE_RESULT", 87 "BR_DEAD_REPLY", 88 "BR_TRANSACTION_COMPLETE", 89 "BR_INCREFS", 90 "BR_ACQUIRE", 91 "BR_RELEASE", 92 "BR_DECREFS", 93 "BR_ATTEMPT_ACQUIRE", 94 "BR_NOOP", 95 "BR_SPAWN_LOOPER", 96 "BR_FINISHED", 97 "BR_DEAD_BINDER", 98 "BR_CLEAR_DEATH_NOTIFICATION_DONE", 99 "BR_FAILED_REPLY" 100}; 101 102static const char *kCommandStrings[] = { 103 "BC_TRANSACTION", 104 "BC_REPLY", 105 "BC_ACQUIRE_RESULT", 106 "BC_FREE_BUFFER", 107 "BC_INCREFS", 108 "BC_ACQUIRE", 109 "BC_RELEASE", 110 "BC_DECREFS", 111 "BC_INCREFS_DONE", 112 "BC_ACQUIRE_DONE", 113 "BC_ATTEMPT_ACQUIRE", 114 "BC_REGISTER_LOOPER", 115 "BC_ENTER_LOOPER", 116 "BC_EXIT_LOOPER", 117 "BC_REQUEST_DEATH_NOTIFICATION", 118 "BC_CLEAR_DEATH_NOTIFICATION", 119 "BC_DEAD_BINDER_DONE" 120}; 121 122static const char* getReturnString(size_t idx) 123{ 124 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 125 return kReturnStrings[idx]; 126 else 127 return "unknown"; 128} 129 130static const char* getCommandString(size_t idx) 131{ 132 if (idx < sizeof(kCommandStrings) / sizeof(kCommandStrings[0])) 133 return kCommandStrings[idx]; 134 else 135 return "unknown"; 136} 137 138static const void* printBinderTransactionData(TextOutput& out, const void* data) 139{ 140 const binder_transaction_data* btd = 141 (const binder_transaction_data*)data; 142 if (btd->target.handle < 1024) { 143 /* want to print descriptors in decimal; guess based on value */ 144 out << "target.desc=" << btd->target.handle; 145 } else { 146 out << "target.ptr=" << btd->target.ptr; 147 } 148 out << " (cookie " << btd->cookie << ")" << endl 149 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)btd->flags << endl 150 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 151 << " bytes)" << endl 152 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 153 << " bytes)"; 154 return btd+1; 155} 156 157static const void* printReturnCommand(TextOutput& out, const void* _cmd) 158{ 159 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 160 const int32_t* cmd = (const int32_t*)_cmd; 161 int32_t code = *cmd++; 162 size_t cmdIndex = code & 0xff; 163 if (code == (int32_t) BR_ERROR) { 164 out << "BR_ERROR: " << (void*)(*cmd++) << endl; 165 return cmd; 166 } else if (cmdIndex >= N) { 167 out << "Unknown reply: " << code << endl; 168 return cmd; 169 } 170 out << kReturnStrings[cmdIndex]; 171 172 switch (code) { 173 case BR_TRANSACTION: 174 case BR_REPLY: { 175 out << ": " << indent; 176 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 177 out << dedent; 178 } break; 179 180 case BR_ACQUIRE_RESULT: { 181 const int32_t res = *cmd++; 182 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 183 } break; 184 185 case BR_INCREFS: 186 case BR_ACQUIRE: 187 case BR_RELEASE: 188 case BR_DECREFS: { 189 const int32_t b = *cmd++; 190 const int32_t c = *cmd++; 191 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 192 } break; 193 194 case BR_ATTEMPT_ACQUIRE: { 195 const int32_t p = *cmd++; 196 const int32_t b = *cmd++; 197 const int32_t c = *cmd++; 198 out << ": target=" << (void*)b << " (cookie " << (void*)c 199 << "), pri=" << p; 200 } break; 201 202 case BR_DEAD_BINDER: 203 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 204 const int32_t c = *cmd++; 205 out << ": death cookie " << (void*)c; 206 } break; 207 208 default: 209 // no details to show for: BR_OK, BR_DEAD_REPLY, 210 // BR_TRANSACTION_COMPLETE, BR_FINISHED 211 break; 212 } 213 214 out << endl; 215 return cmd; 216} 217 218static const void* printCommand(TextOutput& out, const void* _cmd) 219{ 220 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 221 const int32_t* cmd = (const int32_t*)_cmd; 222 int32_t code = *cmd++; 223 size_t cmdIndex = code & 0xff; 224 225 if (cmdIndex >= N) { 226 out << "Unknown command: " << code << endl; 227 return cmd; 228 } 229 out << kCommandStrings[cmdIndex]; 230 231 switch (code) { 232 case BC_TRANSACTION: 233 case BC_REPLY: { 234 out << ": " << indent; 235 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 236 out << dedent; 237 } break; 238 239 case BC_ACQUIRE_RESULT: { 240 const int32_t res = *cmd++; 241 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 242 } break; 243 244 case BC_FREE_BUFFER: { 245 const int32_t buf = *cmd++; 246 out << ": buffer=" << (void*)buf; 247 } break; 248 249 case BC_INCREFS: 250 case BC_ACQUIRE: 251 case BC_RELEASE: 252 case BC_DECREFS: { 253 const int32_t d = *cmd++; 254 out << ": desc=" << d; 255 } break; 256 257 case BC_INCREFS_DONE: 258 case BC_ACQUIRE_DONE: { 259 const int32_t b = *cmd++; 260 const int32_t c = *cmd++; 261 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 262 } break; 263 264 case BC_ATTEMPT_ACQUIRE: { 265 const int32_t p = *cmd++; 266 const int32_t d = *cmd++; 267 out << ": desc=" << d << ", pri=" << p; 268 } break; 269 270 case BC_REQUEST_DEATH_NOTIFICATION: 271 case BC_CLEAR_DEATH_NOTIFICATION: { 272 const int32_t h = *cmd++; 273 const int32_t c = *cmd++; 274 out << ": handle=" << h << " (death cookie " << (void*)c << ")"; 275 } break; 276 277 case BC_DEAD_BINDER_DONE: { 278 const int32_t c = *cmd++; 279 out << ": death cookie " << (void*)c; 280 } break; 281 282 default: 283 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER, 284 // BC_EXIT_LOOPER 285 break; 286 } 287 288 out << endl; 289 return cmd; 290} 291#endif 292 293static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 294static bool gHaveTLS = false; 295static pthread_key_t gTLS = 0; 296static bool gShutdown = false; 297static bool gDisableBackgroundScheduling = false; 298 299IPCThreadState* IPCThreadState::self() 300{ 301 if (gHaveTLS) { 302restart: 303 const pthread_key_t k = gTLS; 304 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 305 if (st) return st; 306 return new IPCThreadState; 307 } 308 309 if (gShutdown) return NULL; 310 311 pthread_mutex_lock(&gTLSMutex); 312 if (!gHaveTLS) { 313 if (pthread_key_create(&gTLS, threadDestructor) != 0) { 314 pthread_mutex_unlock(&gTLSMutex); 315 return NULL; 316 } 317 gHaveTLS = true; 318 } 319 pthread_mutex_unlock(&gTLSMutex); 320 goto restart; 321} 322 323IPCThreadState* IPCThreadState::selfOrNull() 324{ 325 if (gHaveTLS) { 326 const pthread_key_t k = gTLS; 327 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 328 return st; 329 } 330 return NULL; 331} 332 333void IPCThreadState::shutdown() 334{ 335 gShutdown = true; 336 337 if (gHaveTLS) { 338 // XXX Need to wait for all thread pool threads to exit! 339 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 340 if (st) { 341 delete st; 342 pthread_setspecific(gTLS, NULL); 343 } 344 gHaveTLS = false; 345 } 346} 347 348void IPCThreadState::disableBackgroundScheduling(bool disable) 349{ 350 gDisableBackgroundScheduling = disable; 351} 352 353sp<ProcessState> IPCThreadState::process() 354{ 355 return mProcess; 356} 357 358status_t IPCThreadState::clearLastError() 359{ 360 const status_t err = mLastError; 361 mLastError = NO_ERROR; 362 return err; 363} 364 365int IPCThreadState::getCallingPid() const 366{ 367 return mCallingPid; 368} 369 370int IPCThreadState::getCallingUid() const 371{ 372 return mCallingUid; 373} 374 375int64_t IPCThreadState::clearCallingIdentity() 376{ 377 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 378 clearCaller(); 379 return token; 380} 381 382void IPCThreadState::setStrictModePolicy(int32_t policy) 383{ 384 mStrictModePolicy = policy; 385} 386 387int32_t IPCThreadState::getStrictModePolicy() const 388{ 389 return mStrictModePolicy; 390} 391 392void IPCThreadState::setLastTransactionBinderFlags(int32_t flags) 393{ 394 mLastTransactionBinderFlags = flags; 395} 396 397int32_t IPCThreadState::getLastTransactionBinderFlags() const 398{ 399 return mLastTransactionBinderFlags; 400} 401 402void IPCThreadState::restoreCallingIdentity(int64_t token) 403{ 404 mCallingUid = (int)(token>>32); 405 mCallingPid = (int)token; 406} 407 408void IPCThreadState::clearCaller() 409{ 410 mCallingPid = getpid(); 411 mCallingUid = getuid(); 412} 413 414void IPCThreadState::flushCommands() 415{ 416 if (mProcess->mDriverFD <= 0) 417 return; 418 talkWithDriver(false); 419} 420 421status_t IPCThreadState::getAndExecuteCommand() 422{ 423 status_t result; 424 int32_t cmd; 425 426 result = talkWithDriver(); 427 if (result >= NO_ERROR) { 428 size_t IN = mIn.dataAvail(); 429 if (IN < sizeof(int32_t)) return result; 430 cmd = mIn.readInt32(); 431 IF_LOG_COMMANDS() { 432 alog << "Processing top-level Command: " 433 << getReturnString(cmd) << endl; 434 } 435 436 result = executeCommand(cmd); 437 438 // After executing the command, ensure that the thread is returned to the 439 // foreground cgroup before rejoining the pool. The driver takes care of 440 // restoring the priority, but doesn't do anything with cgroups so we 441 // need to take care of that here in userspace. Note that we do make 442 // sure to go in the foreground after executing a transaction, but 443 // there are other callbacks into user code that could have changed 444 // our group so we want to make absolutely sure it is put back. 445 set_sched_policy(mMyThreadId, SP_FOREGROUND); 446 } 447 448 return result; 449} 450 451// When we've cleared the incoming command queue, process any pending derefs 452void IPCThreadState::processPendingDerefs() 453{ 454 if (mIn.dataPosition() >= mIn.dataSize()) { 455 size_t numPending = mPendingWeakDerefs.size(); 456 if (numPending > 0) { 457 for (size_t i = 0; i < numPending; i++) { 458 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 459 refs->decWeak(mProcess.get()); 460 } 461 mPendingWeakDerefs.clear(); 462 } 463 464 numPending = mPendingStrongDerefs.size(); 465 if (numPending > 0) { 466 for (size_t i = 0; i < numPending; i++) { 467 BBinder* obj = mPendingStrongDerefs[i]; 468 obj->decStrong(mProcess.get()); 469 } 470 mPendingStrongDerefs.clear(); 471 } 472 } 473} 474 475void IPCThreadState::joinThreadPool(bool isMain) 476{ 477 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 478 479 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 480 481 // This thread may have been spawned by a thread that was in the background 482 // scheduling group, so first we will make sure it is in the foreground 483 // one to avoid performing an initial transaction in the background. 484 set_sched_policy(mMyThreadId, SP_FOREGROUND); 485 486 status_t result; 487 do { 488 processPendingDerefs(); 489 // now get the next command to be processed, waiting if necessary 490 result = getAndExecuteCommand(); 491 492 if (result < NO_ERROR && result != TIMED_OUT && result != -ECONNREFUSED && result != -EBADF) { 493 ALOGE("getAndExecuteCommand(fd=%d) returned unexpected error %d, aborting", 494 mProcess->mDriverFD, result); 495 abort(); 496 } 497 498 // Let this thread exit the thread pool if it is no longer 499 // needed and it is not the main process thread. 500 if(result == TIMED_OUT && !isMain) { 501 break; 502 } 503 } while (result != -ECONNREFUSED && result != -EBADF); 504 505 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%p\n", 506 (void*)pthread_self(), getpid(), (void*)result); 507 508 mOut.writeInt32(BC_EXIT_LOOPER); 509 talkWithDriver(false); 510} 511 512int IPCThreadState::setupPolling(int* fd) 513{ 514 if (mProcess->mDriverFD <= 0) { 515 return -EBADF; 516 } 517 518 mOut.writeInt32(BC_ENTER_LOOPER); 519 *fd = mProcess->mDriverFD; 520 return 0; 521} 522 523status_t IPCThreadState::handlePolledCommands() 524{ 525 status_t result; 526 527 do { 528 result = getAndExecuteCommand(); 529 } while (mIn.dataPosition() < mIn.dataSize()); 530 531 processPendingDerefs(); 532 flushCommands(); 533 return result; 534} 535 536void IPCThreadState::stopProcess(bool /*immediate*/) 537{ 538 //ALOGI("**** STOPPING PROCESS"); 539 flushCommands(); 540 int fd = mProcess->mDriverFD; 541 mProcess->mDriverFD = -1; 542 close(fd); 543 //kill(getpid(), SIGKILL); 544} 545 546status_t IPCThreadState::transact(int32_t handle, 547 uint32_t code, const Parcel& data, 548 Parcel* reply, uint32_t flags) 549{ 550 status_t err = data.errorCheck(); 551 552 flags |= TF_ACCEPT_FDS; 553 554 IF_LOG_TRANSACTIONS() { 555 TextOutput::Bundle _b(alog); 556 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 557 << handle << " / code " << TypeCode(code) << ": " 558 << indent << data << dedent << endl; 559 } 560 561 if (err == NO_ERROR) { 562 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 563 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 564 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 565 } 566 567 if (err != NO_ERROR) { 568 if (reply) reply->setError(err); 569 return (mLastError = err); 570 } 571 572 if ((flags & TF_ONE_WAY) == 0) { 573 #if 0 574 if (code == 4) { // relayout 575 ALOGI(">>>>>> CALLING transaction 4"); 576 } else { 577 ALOGI(">>>>>> CALLING transaction %d", code); 578 } 579 #endif 580 if (reply) { 581 err = waitForResponse(reply); 582 } else { 583 Parcel fakeReply; 584 err = waitForResponse(&fakeReply); 585 } 586 #if 0 587 if (code == 4) { // relayout 588 ALOGI("<<<<<< RETURNING transaction 4"); 589 } else { 590 ALOGI("<<<<<< RETURNING transaction %d", code); 591 } 592 #endif 593 594 IF_LOG_TRANSACTIONS() { 595 TextOutput::Bundle _b(alog); 596 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 597 << handle << ": "; 598 if (reply) alog << indent << *reply << dedent << endl; 599 else alog << "(none requested)" << endl; 600 } 601 } else { 602 err = waitForResponse(NULL, NULL); 603 } 604 605 return err; 606} 607 608void IPCThreadState::incStrongHandle(int32_t handle) 609{ 610 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 611 mOut.writeInt32(BC_ACQUIRE); 612 mOut.writeInt32(handle); 613} 614 615void IPCThreadState::decStrongHandle(int32_t handle) 616{ 617 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 618 mOut.writeInt32(BC_RELEASE); 619 mOut.writeInt32(handle); 620} 621 622void IPCThreadState::incWeakHandle(int32_t handle) 623{ 624 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 625 mOut.writeInt32(BC_INCREFS); 626 mOut.writeInt32(handle); 627} 628 629void IPCThreadState::decWeakHandle(int32_t handle) 630{ 631 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 632 mOut.writeInt32(BC_DECREFS); 633 mOut.writeInt32(handle); 634} 635 636status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 637{ 638#if HAS_BC_ATTEMPT_ACQUIRE 639 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle); 640 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 641 mOut.writeInt32(0); // xxx was thread priority 642 mOut.writeInt32(handle); 643 status_t result = UNKNOWN_ERROR; 644 645 waitForResponse(NULL, &result); 646 647#if LOG_REFCOUNTS 648 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 649 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 650#endif 651 652 return result; 653#else 654 (void)handle; 655 ALOGE("%s(%d): Not supported\n", __func__, handle); 656 return INVALID_OPERATION; 657#endif 658} 659 660void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 661{ 662#if LOG_REFCOUNTS 663 printf("IPCThreadState::expungeHandle(%ld)\n", handle); 664#endif 665 self()->mProcess->expungeHandle(handle, binder); 666} 667 668status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 669{ 670 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 671 mOut.writeInt32((int32_t)handle); 672 mOut.writePointer((uintptr_t)proxy); 673 return NO_ERROR; 674} 675 676status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 677{ 678 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 679 mOut.writeInt32((int32_t)handle); 680 mOut.writePointer((uintptr_t)proxy); 681 return NO_ERROR; 682} 683 684IPCThreadState::IPCThreadState() 685 : mProcess(ProcessState::self()), 686 mMyThreadId(androidGetTid()), 687 mStrictModePolicy(0), 688 mLastTransactionBinderFlags(0) 689{ 690 pthread_setspecific(gTLS, this); 691 clearCaller(); 692 mIn.setDataCapacity(256); 693 mOut.setDataCapacity(256); 694} 695 696IPCThreadState::~IPCThreadState() 697{ 698} 699 700status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 701{ 702 status_t err; 703 status_t statusBuffer; 704 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 705 if (err < NO_ERROR) return err; 706 707 return waitForResponse(NULL, NULL); 708} 709 710status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 711{ 712 int32_t cmd; 713 int32_t err; 714 715 while (1) { 716 if ((err=talkWithDriver()) < NO_ERROR) break; 717 err = mIn.errorCheck(); 718 if (err < NO_ERROR) break; 719 if (mIn.dataAvail() == 0) continue; 720 721 cmd = mIn.readInt32(); 722 723 IF_LOG_COMMANDS() { 724 alog << "Processing waitForResponse Command: " 725 << getReturnString(cmd) << endl; 726 } 727 728 switch (cmd) { 729 case BR_TRANSACTION_COMPLETE: 730 if (!reply && !acquireResult) goto finish; 731 break; 732 733 case BR_DEAD_REPLY: 734 err = DEAD_OBJECT; 735 goto finish; 736 737 case BR_FAILED_REPLY: 738 err = FAILED_TRANSACTION; 739 goto finish; 740 741 case BR_ACQUIRE_RESULT: 742 { 743 ALOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 744 const int32_t result = mIn.readInt32(); 745 if (!acquireResult) continue; 746 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 747 } 748 goto finish; 749 750 case BR_REPLY: 751 { 752 binder_transaction_data tr; 753 err = mIn.read(&tr, sizeof(tr)); 754 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 755 if (err != NO_ERROR) goto finish; 756 757 if (reply) { 758 if ((tr.flags & TF_STATUS_CODE) == 0) { 759 reply->ipcSetDataReference( 760 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 761 tr.data_size, 762 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 763 tr.offsets_size/sizeof(binder_size_t), 764 freeBuffer, this); 765 } else { 766 err = *reinterpret_cast<const status_t*>(tr.data.ptr.buffer); 767 freeBuffer(NULL, 768 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 769 tr.data_size, 770 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 771 tr.offsets_size/sizeof(binder_size_t), this); 772 } 773 } else { 774 freeBuffer(NULL, 775 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 776 tr.data_size, 777 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 778 tr.offsets_size/sizeof(binder_size_t), this); 779 continue; 780 } 781 } 782 goto finish; 783 784 default: 785 err = executeCommand(cmd); 786 if (err != NO_ERROR) goto finish; 787 break; 788 } 789 } 790 791finish: 792 if (err != NO_ERROR) { 793 if (acquireResult) *acquireResult = err; 794 if (reply) reply->setError(err); 795 mLastError = err; 796 } 797 798 return err; 799} 800 801status_t IPCThreadState::talkWithDriver(bool doReceive) 802{ 803 if (mProcess->mDriverFD <= 0) { 804 return -EBADF; 805 } 806 807 binder_write_read bwr; 808 809 // Is the read buffer empty? 810 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 811 812 // We don't want to write anything if we are still reading 813 // from data left in the input buffer and the caller 814 // has requested to read the next data. 815 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 816 817 bwr.write_size = outAvail; 818 bwr.write_buffer = (uintptr_t)mOut.data(); 819 820 // This is what we'll read. 821 if (doReceive && needRead) { 822 bwr.read_size = mIn.dataCapacity(); 823 bwr.read_buffer = (uintptr_t)mIn.data(); 824 } else { 825 bwr.read_size = 0; 826 bwr.read_buffer = 0; 827 } 828 829 IF_LOG_COMMANDS() { 830 TextOutput::Bundle _b(alog); 831 if (outAvail != 0) { 832 alog << "Sending commands to driver: " << indent; 833 const void* cmds = (const void*)bwr.write_buffer; 834 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 835 alog << HexDump(cmds, bwr.write_size) << endl; 836 while (cmds < end) cmds = printCommand(alog, cmds); 837 alog << dedent; 838 } 839 alog << "Size of receive buffer: " << bwr.read_size 840 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 841 } 842 843 // Return immediately if there is nothing to do. 844 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 845 846 bwr.write_consumed = 0; 847 bwr.read_consumed = 0; 848 status_t err; 849 do { 850 IF_LOG_COMMANDS() { 851 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 852 } 853#if defined(HAVE_ANDROID_OS) 854 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 855 err = NO_ERROR; 856 else 857 err = -errno; 858#else 859 err = INVALID_OPERATION; 860#endif 861 if (mProcess->mDriverFD <= 0) { 862 err = -EBADF; 863 } 864 IF_LOG_COMMANDS() { 865 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 866 } 867 } while (err == -EINTR); 868 869 IF_LOG_COMMANDS() { 870 alog << "Our err: " << (void*)(intptr_t)err << ", write consumed: " 871 << bwr.write_consumed << " (of " << mOut.dataSize() 872 << "), read consumed: " << bwr.read_consumed << endl; 873 } 874 875 if (err >= NO_ERROR) { 876 if (bwr.write_consumed > 0) { 877 if (bwr.write_consumed < mOut.dataSize()) 878 mOut.remove(0, bwr.write_consumed); 879 else 880 mOut.setDataSize(0); 881 } 882 if (bwr.read_consumed > 0) { 883 mIn.setDataSize(bwr.read_consumed); 884 mIn.setDataPosition(0); 885 } 886 IF_LOG_COMMANDS() { 887 TextOutput::Bundle _b(alog); 888 alog << "Remaining data size: " << mOut.dataSize() << endl; 889 alog << "Received commands from driver: " << indent; 890 const void* cmds = mIn.data(); 891 const void* end = mIn.data() + mIn.dataSize(); 892 alog << HexDump(cmds, mIn.dataSize()) << endl; 893 while (cmds < end) cmds = printReturnCommand(alog, cmds); 894 alog << dedent; 895 } 896 return NO_ERROR; 897 } 898 899 return err; 900} 901 902status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 903 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 904{ 905 binder_transaction_data tr; 906 907 tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */ 908 tr.target.handle = handle; 909 tr.code = code; 910 tr.flags = binderFlags; 911 tr.cookie = 0; 912 tr.sender_pid = 0; 913 tr.sender_euid = 0; 914 915 const status_t err = data.errorCheck(); 916 if (err == NO_ERROR) { 917 tr.data_size = data.ipcDataSize(); 918 tr.data.ptr.buffer = data.ipcData(); 919 tr.offsets_size = data.ipcObjectsCount()*sizeof(binder_size_t); 920 tr.data.ptr.offsets = data.ipcObjects(); 921 } else if (statusBuffer) { 922 tr.flags |= TF_STATUS_CODE; 923 *statusBuffer = err; 924 tr.data_size = sizeof(status_t); 925 tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer); 926 tr.offsets_size = 0; 927 tr.data.ptr.offsets = 0; 928 } else { 929 return (mLastError = err); 930 } 931 932 mOut.writeInt32(cmd); 933 mOut.write(&tr, sizeof(tr)); 934 935 return NO_ERROR; 936} 937 938sp<BBinder> the_context_object; 939 940void setTheContextObject(sp<BBinder> obj) 941{ 942 the_context_object = obj; 943} 944 945status_t IPCThreadState::executeCommand(int32_t cmd) 946{ 947 BBinder* obj; 948 RefBase::weakref_type* refs; 949 status_t result = NO_ERROR; 950 951 switch (cmd) { 952 case BR_ERROR: 953 result = mIn.readInt32(); 954 break; 955 956 case BR_OK: 957 break; 958 959 case BR_ACQUIRE: 960 refs = (RefBase::weakref_type*)mIn.readPointer(); 961 obj = (BBinder*)mIn.readPointer(); 962 ALOG_ASSERT(refs->refBase() == obj, 963 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 964 refs, obj, refs->refBase()); 965 obj->incStrong(mProcess.get()); 966 IF_LOG_REMOTEREFS() { 967 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 968 obj->printRefs(); 969 } 970 mOut.writeInt32(BC_ACQUIRE_DONE); 971 mOut.writePointer((uintptr_t)refs); 972 mOut.writePointer((uintptr_t)obj); 973 break; 974 975 case BR_RELEASE: 976 refs = (RefBase::weakref_type*)mIn.readPointer(); 977 obj = (BBinder*)mIn.readPointer(); 978 ALOG_ASSERT(refs->refBase() == obj, 979 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 980 refs, obj, refs->refBase()); 981 IF_LOG_REMOTEREFS() { 982 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 983 obj->printRefs(); 984 } 985 mPendingStrongDerefs.push(obj); 986 break; 987 988 case BR_INCREFS: 989 refs = (RefBase::weakref_type*)mIn.readPointer(); 990 obj = (BBinder*)mIn.readPointer(); 991 refs->incWeak(mProcess.get()); 992 mOut.writeInt32(BC_INCREFS_DONE); 993 mOut.writePointer((uintptr_t)refs); 994 mOut.writePointer((uintptr_t)obj); 995 break; 996 997 case BR_DECREFS: 998 refs = (RefBase::weakref_type*)mIn.readPointer(); 999 obj = (BBinder*)mIn.readPointer(); 1000 // NOTE: This assertion is not valid, because the object may no 1001 // longer exist (thus the (BBinder*)cast above resulting in a different 1002 // memory address). 1003 //ALOG_ASSERT(refs->refBase() == obj, 1004 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 1005 // refs, obj, refs->refBase()); 1006 mPendingWeakDerefs.push(refs); 1007 break; 1008 1009 case BR_ATTEMPT_ACQUIRE: 1010 refs = (RefBase::weakref_type*)mIn.readPointer(); 1011 obj = (BBinder*)mIn.readPointer(); 1012 1013 { 1014 const bool success = refs->attemptIncStrong(mProcess.get()); 1015 ALOG_ASSERT(success && refs->refBase() == obj, 1016 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 1017 refs, obj, refs->refBase()); 1018 1019 mOut.writeInt32(BC_ACQUIRE_RESULT); 1020 mOut.writeInt32((int32_t)success); 1021 } 1022 break; 1023 1024 case BR_TRANSACTION: 1025 { 1026 binder_transaction_data tr; 1027 result = mIn.read(&tr, sizeof(tr)); 1028 ALOG_ASSERT(result == NO_ERROR, 1029 "Not enough command data for brTRANSACTION"); 1030 if (result != NO_ERROR) break; 1031 1032 Parcel buffer; 1033 buffer.ipcSetDataReference( 1034 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 1035 tr.data_size, 1036 reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets), 1037 tr.offsets_size/sizeof(binder_size_t), freeBuffer, this); 1038 1039 const pid_t origPid = mCallingPid; 1040 const uid_t origUid = mCallingUid; 1041 1042 mCallingPid = tr.sender_pid; 1043 mCallingUid = tr.sender_euid; 1044 1045 int curPrio = getpriority(PRIO_PROCESS, mMyThreadId); 1046 if (gDisableBackgroundScheduling) { 1047 if (curPrio > ANDROID_PRIORITY_NORMAL) { 1048 // We have inherited a reduced priority from the caller, but do not 1049 // want to run in that state in this process. The driver set our 1050 // priority already (though not our scheduling class), so bounce 1051 // it back to the default before invoking the transaction. 1052 setpriority(PRIO_PROCESS, mMyThreadId, ANDROID_PRIORITY_NORMAL); 1053 } 1054 } else { 1055 if (curPrio >= ANDROID_PRIORITY_BACKGROUND) { 1056 // We want to use the inherited priority from the caller. 1057 // Ensure this thread is in the background scheduling class, 1058 // since the driver won't modify scheduling classes for us. 1059 // The scheduling group is reset to default by the caller 1060 // once this method returns after the transaction is complete. 1061 set_sched_policy(mMyThreadId, SP_BACKGROUND); 1062 } 1063 } 1064 1065 //ALOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 1066 1067 Parcel reply; 1068 IF_LOG_TRANSACTIONS() { 1069 TextOutput::Bundle _b(alog); 1070 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 1071 << " / obj " << tr.target.ptr << " / code " 1072 << TypeCode(tr.code) << ": " << indent << buffer 1073 << dedent << endl 1074 << "Data addr = " 1075 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 1076 << ", offsets addr=" 1077 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 1078 } 1079 if (tr.target.ptr) { 1080 sp<BBinder> b((BBinder*)tr.cookie); 1081 const status_t error = b->transact(tr.code, buffer, &reply, tr.flags); 1082 if (error < NO_ERROR) reply.setError(error); 1083 1084 } else { 1085 const status_t error = the_context_object->transact(tr.code, buffer, &reply, tr.flags); 1086 if (error < NO_ERROR) reply.setError(error); 1087 } 1088 1089 //ALOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 1090 // mCallingPid, origPid, origUid); 1091 1092 if ((tr.flags & TF_ONE_WAY) == 0) { 1093 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 1094 sendReply(reply, 0); 1095 } else { 1096 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 1097 } 1098 1099 mCallingPid = origPid; 1100 mCallingUid = origUid; 1101 1102 IF_LOG_TRANSACTIONS() { 1103 TextOutput::Bundle _b(alog); 1104 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 1105 << tr.target.ptr << ": " << indent << reply << dedent << endl; 1106 } 1107 1108 } 1109 break; 1110 1111 case BR_DEAD_BINDER: 1112 { 1113 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1114 proxy->sendObituary(); 1115 mOut.writeInt32(BC_DEAD_BINDER_DONE); 1116 mOut.writePointer((uintptr_t)proxy); 1117 } break; 1118 1119 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 1120 { 1121 BpBinder *proxy = (BpBinder*)mIn.readPointer(); 1122 proxy->getWeakRefs()->decWeak(proxy); 1123 } break; 1124 1125 case BR_FINISHED: 1126 result = TIMED_OUT; 1127 break; 1128 1129 case BR_NOOP: 1130 break; 1131 1132 case BR_SPAWN_LOOPER: 1133 mProcess->spawnPooledThread(false); 1134 break; 1135 1136 default: 1137 printf("*** BAD COMMAND %d received from Binder driver\n", cmd); 1138 result = UNKNOWN_ERROR; 1139 break; 1140 } 1141 1142 if (result != NO_ERROR) { 1143 mLastError = result; 1144 } 1145 1146 return result; 1147} 1148 1149void IPCThreadState::threadDestructor(void *st) 1150{ 1151 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1152 if (self) { 1153 self->flushCommands(); 1154#if defined(HAVE_ANDROID_OS) 1155 if (self->mProcess->mDriverFD > 0) { 1156 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1157 } 1158#endif 1159 delete self; 1160 } 1161} 1162 1163 1164void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, 1165 size_t /*dataSize*/, 1166 const binder_size_t* /*objects*/, 1167 size_t /*objectsSize*/, void* /*cookie*/) 1168{ 1169 //ALOGI("Freeing parcel %p", &parcel); 1170 IF_LOG_COMMANDS() { 1171 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1172 } 1173 ALOG_ASSERT(data != NULL, "Called with NULL data"); 1174 if (parcel != NULL) parcel->closeFileDescriptors(); 1175 IPCThreadState* state = self(); 1176 state->mOut.writeInt32(BC_FREE_BUFFER); 1177 state->mOut.writePointer((uintptr_t)data); 1178} 1179 1180}; // namespace android 1181