IPCThreadState.cpp revision db1597a98958b78dc0d8eced19ae1406382b70d6
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <cutils/sched_policy.h> 24#include <utils/Debug.h> 25#include <utils/Log.h> 26#include <utils/TextOutput.h> 27#include <utils/threads.h> 28 29#include <private/binder/binder_module.h> 30#include <private/binder/Static.h> 31 32#include <sys/ioctl.h> 33#include <signal.h> 34#include <errno.h> 35#include <stdio.h> 36#include <unistd.h> 37 38#ifdef HAVE_PTHREADS 39#include <pthread.h> 40#include <sched.h> 41#include <sys/resource.h> 42#endif 43#ifdef HAVE_WIN32_THREADS 44#include <windows.h> 45#endif 46 47 48#if LOG_NDEBUG 49 50#define IF_LOG_TRANSACTIONS() if (false) 51#define IF_LOG_COMMANDS() if (false) 52#define LOG_REMOTEREFS(...) 53#define IF_LOG_REMOTEREFS() if (false) 54#define LOG_THREADPOOL(...) 55#define LOG_ONEWAY(...) 56 57#else 58 59#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact") 60#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc") 61#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 62#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs") 63#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 64#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__) 65 66#endif 67 68// --------------------------------------------------------------------------- 69 70namespace android { 71 72static const char* getReturnString(size_t idx); 73static const char* getCommandString(size_t idx); 74static const void* printReturnCommand(TextOutput& out, const void* _cmd); 75static const void* printCommand(TextOutput& out, const void* _cmd); 76 77// This will result in a missing symbol failure if the IF_LOG_COMMANDS() 78// conditionals don't get stripped... but that is probably what we want. 79#if !LOG_NDEBUG 80static const char *kReturnStrings[] = { 81 "BR_ERROR", 82 "BR_OK", 83 "BR_TRANSACTION", 84 "BR_REPLY", 85 "BR_ACQUIRE_RESULT", 86 "BR_DEAD_REPLY", 87 "BR_TRANSACTION_COMPLETE", 88 "BR_INCREFS", 89 "BR_ACQUIRE", 90 "BR_RELEASE", 91 "BR_DECREFS", 92 "BR_ATTEMPT_ACQUIRE", 93 "BR_NOOP", 94 "BR_SPAWN_LOOPER", 95 "BR_FINISHED", 96 "BR_DEAD_BINDER", 97 "BR_CLEAR_DEATH_NOTIFICATION_DONE", 98 "BR_FAILED_REPLY" 99}; 100 101static const char *kCommandStrings[] = { 102 "BC_TRANSACTION", 103 "BC_REPLY", 104 "BC_ACQUIRE_RESULT", 105 "BC_FREE_BUFFER", 106 "BC_INCREFS", 107 "BC_ACQUIRE", 108 "BC_RELEASE", 109 "BC_DECREFS", 110 "BC_INCREFS_DONE", 111 "BC_ACQUIRE_DONE", 112 "BC_ATTEMPT_ACQUIRE", 113 "BC_REGISTER_LOOPER", 114 "BC_ENTER_LOOPER", 115 "BC_EXIT_LOOPER", 116 "BC_REQUEST_DEATH_NOTIFICATION", 117 "BC_CLEAR_DEATH_NOTIFICATION", 118 "BC_DEAD_BINDER_DONE" 119}; 120 121static const char* getReturnString(size_t idx) 122{ 123 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 124 return kReturnStrings[idx]; 125 else 126 return "unknown"; 127} 128 129static const char* getCommandString(size_t idx) 130{ 131 if (idx < sizeof(kCommandStrings) / sizeof(kCommandStrings[0])) 132 return kCommandStrings[idx]; 133 else 134 return "unknown"; 135} 136 137static const void* printBinderTransactionData(TextOutput& out, const void* data) 138{ 139 const binder_transaction_data* btd = 140 (const binder_transaction_data*)data; 141 if (btd->target.handle < 1024) { 142 /* want to print descriptors in decimal; guess based on value */ 143 out << "target.desc=" << btd->target.handle; 144 } else { 145 out << "target.ptr=" << btd->target.ptr; 146 } 147 out << " (cookie " << btd->cookie << ")" << endl 148 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)btd->flags << endl 149 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 150 << " bytes)" << endl 151 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 152 << " bytes)"; 153 return btd+1; 154} 155 156static const void* printReturnCommand(TextOutput& out, const void* _cmd) 157{ 158 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 159 const int32_t* cmd = (const int32_t*)_cmd; 160 int32_t code = *cmd++; 161 size_t cmdIndex = code & 0xff; 162 if (code == (int32_t) BR_ERROR) { 163 out << "BR_ERROR: " << (void*)(*cmd++) << endl; 164 return cmd; 165 } else if (cmdIndex >= N) { 166 out << "Unknown reply: " << code << endl; 167 return cmd; 168 } 169 out << kReturnStrings[cmdIndex]; 170 171 switch (code) { 172 case BR_TRANSACTION: 173 case BR_REPLY: { 174 out << ": " << indent; 175 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 176 out << dedent; 177 } break; 178 179 case BR_ACQUIRE_RESULT: { 180 const int32_t res = *cmd++; 181 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 182 } break; 183 184 case BR_INCREFS: 185 case BR_ACQUIRE: 186 case BR_RELEASE: 187 case BR_DECREFS: { 188 const int32_t b = *cmd++; 189 const int32_t c = *cmd++; 190 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 191 } break; 192 193 case BR_ATTEMPT_ACQUIRE: { 194 const int32_t p = *cmd++; 195 const int32_t b = *cmd++; 196 const int32_t c = *cmd++; 197 out << ": target=" << (void*)b << " (cookie " << (void*)c 198 << "), pri=" << p; 199 } break; 200 201 case BR_DEAD_BINDER: 202 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 203 const int32_t c = *cmd++; 204 out << ": death cookie " << (void*)c; 205 } break; 206 207 default: 208 // no details to show for: BR_OK, BR_DEAD_REPLY, 209 // BR_TRANSACTION_COMPLETE, BR_FINISHED 210 break; 211 } 212 213 out << endl; 214 return cmd; 215} 216 217static const void* printCommand(TextOutput& out, const void* _cmd) 218{ 219 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 220 const int32_t* cmd = (const int32_t*)_cmd; 221 int32_t code = *cmd++; 222 size_t cmdIndex = code & 0xff; 223 224 if (cmdIndex >= N) { 225 out << "Unknown command: " << code << endl; 226 return cmd; 227 } 228 out << kCommandStrings[cmdIndex]; 229 230 switch (code) { 231 case BC_TRANSACTION: 232 case BC_REPLY: { 233 out << ": " << indent; 234 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 235 out << dedent; 236 } break; 237 238 case BC_ACQUIRE_RESULT: { 239 const int32_t res = *cmd++; 240 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 241 } break; 242 243 case BC_FREE_BUFFER: { 244 const int32_t buf = *cmd++; 245 out << ": buffer=" << (void*)buf; 246 } break; 247 248 case BC_INCREFS: 249 case BC_ACQUIRE: 250 case BC_RELEASE: 251 case BC_DECREFS: { 252 const int32_t d = *cmd++; 253 out << ": desc=" << d; 254 } break; 255 256 case BC_INCREFS_DONE: 257 case BC_ACQUIRE_DONE: { 258 const int32_t b = *cmd++; 259 const int32_t c = *cmd++; 260 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 261 } break; 262 263 case BC_ATTEMPT_ACQUIRE: { 264 const int32_t p = *cmd++; 265 const int32_t d = *cmd++; 266 out << ": desc=" << d << ", pri=" << p; 267 } break; 268 269 case BC_REQUEST_DEATH_NOTIFICATION: 270 case BC_CLEAR_DEATH_NOTIFICATION: { 271 const int32_t h = *cmd++; 272 const int32_t c = *cmd++; 273 out << ": handle=" << h << " (death cookie " << (void*)c << ")"; 274 } break; 275 276 case BC_DEAD_BINDER_DONE: { 277 const int32_t c = *cmd++; 278 out << ": death cookie " << (void*)c; 279 } break; 280 281 default: 282 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER, 283 // BC_EXIT_LOOPER 284 break; 285 } 286 287 out << endl; 288 return cmd; 289} 290#endif 291 292static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 293static bool gHaveTLS = false; 294static pthread_key_t gTLS = 0; 295static bool gShutdown = false; 296static bool gDisableBackgroundScheduling = false; 297 298IPCThreadState* IPCThreadState::self() 299{ 300 if (gHaveTLS) { 301restart: 302 const pthread_key_t k = gTLS; 303 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 304 if (st) return st; 305 return new IPCThreadState; 306 } 307 308 if (gShutdown) return NULL; 309 310 pthread_mutex_lock(&gTLSMutex); 311 if (!gHaveTLS) { 312 if (pthread_key_create(&gTLS, threadDestructor) != 0) { 313 pthread_mutex_unlock(&gTLSMutex); 314 return NULL; 315 } 316 gHaveTLS = true; 317 } 318 pthread_mutex_unlock(&gTLSMutex); 319 goto restart; 320} 321 322IPCThreadState* IPCThreadState::selfOrNull() 323{ 324 if (gHaveTLS) { 325 const pthread_key_t k = gTLS; 326 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 327 return st; 328 } 329 return NULL; 330} 331 332void IPCThreadState::shutdown() 333{ 334 gShutdown = true; 335 336 if (gHaveTLS) { 337 // XXX Need to wait for all thread pool threads to exit! 338 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 339 if (st) { 340 delete st; 341 pthread_setspecific(gTLS, NULL); 342 } 343 gHaveTLS = false; 344 } 345} 346 347void IPCThreadState::disableBackgroundScheduling(bool disable) 348{ 349 gDisableBackgroundScheduling = disable; 350} 351 352sp<ProcessState> IPCThreadState::process() 353{ 354 return mProcess; 355} 356 357status_t IPCThreadState::clearLastError() 358{ 359 const status_t err = mLastError; 360 mLastError = NO_ERROR; 361 return err; 362} 363 364int IPCThreadState::getCallingPid() 365{ 366 return mCallingPid; 367} 368 369int IPCThreadState::getCallingUid() 370{ 371 return mCallingUid; 372} 373 374int IPCThreadState::getOrigCallingUid() 375{ 376 return mOrigCallingUid; 377} 378 379int64_t IPCThreadState::clearCallingIdentity() 380{ 381 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 382 clearCaller(); 383 return token; 384} 385 386void IPCThreadState::setStrictModePolicy(int32_t policy) 387{ 388 mStrictModePolicy = policy; 389} 390 391int32_t IPCThreadState::getStrictModePolicy() const 392{ 393 return mStrictModePolicy; 394} 395 396void IPCThreadState::setLastTransactionBinderFlags(int32_t flags) 397{ 398 mLastTransactionBinderFlags = flags; 399} 400 401int32_t IPCThreadState::getLastTransactionBinderFlags() const 402{ 403 return mLastTransactionBinderFlags; 404} 405 406void IPCThreadState::restoreCallingIdentity(int64_t token) 407{ 408 mCallingUid = (int)(token>>32); 409 mCallingPid = (int)token; 410} 411 412void IPCThreadState::clearCaller() 413{ 414 mCallingPid = getpid(); 415 mCallingUid = getuid(); 416} 417 418void IPCThreadState::flushCommands() 419{ 420 if (mProcess->mDriverFD <= 0) 421 return; 422 talkWithDriver(false); 423} 424 425void IPCThreadState::joinThreadPool(bool isMain) 426{ 427 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 428 429 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 430 431 // This thread may have been spawned by a thread that was in the background 432 // scheduling group, so first we will make sure it is in the foreground 433 // one to avoid performing an initial transaction in the background. 434 set_sched_policy(mMyThreadId, SP_FOREGROUND); 435 436 status_t result; 437 do { 438 int32_t cmd; 439 440 // When we've cleared the incoming command queue, process any pending derefs 441 if (mIn.dataPosition() >= mIn.dataSize()) { 442 size_t numPending = mPendingWeakDerefs.size(); 443 if (numPending > 0) { 444 for (size_t i = 0; i < numPending; i++) { 445 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 446 refs->decWeak(mProcess.get()); 447 } 448 mPendingWeakDerefs.clear(); 449 } 450 451 numPending = mPendingStrongDerefs.size(); 452 if (numPending > 0) { 453 for (size_t i = 0; i < numPending; i++) { 454 BBinder* obj = mPendingStrongDerefs[i]; 455 obj->decStrong(mProcess.get()); 456 } 457 mPendingStrongDerefs.clear(); 458 } 459 } 460 461 // now get the next command to be processed, waiting if necessary 462 result = talkWithDriver(); 463 if (result >= NO_ERROR) { 464 size_t IN = mIn.dataAvail(); 465 if (IN < sizeof(int32_t)) continue; 466 cmd = mIn.readInt32(); 467 IF_LOG_COMMANDS() { 468 alog << "Processing top-level Command: " 469 << getReturnString(cmd) << endl; 470 } 471 472 473 result = executeCommand(cmd); 474 } 475 476 // After executing the command, ensure that the thread is returned to the 477 // foreground cgroup before rejoining the pool. The driver takes care of 478 // restoring the priority, but doesn't do anything with cgroups so we 479 // need to take care of that here in userspace. Note that we do make 480 // sure to go in the foreground after executing a transaction, but 481 // there are other callbacks into user code that could have changed 482 // our group so we want to make absolutely sure it is put back. 483 set_sched_policy(mMyThreadId, SP_FOREGROUND); 484 485 // Let this thread exit the thread pool if it is no longer 486 // needed and it is not the main process thread. 487 if(result == TIMED_OUT && !isMain) { 488 break; 489 } 490 } while (result != -ECONNREFUSED && result != -EBADF); 491 492 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%p\n", 493 (void*)pthread_self(), getpid(), (void*)result); 494 495 mOut.writeInt32(BC_EXIT_LOOPER); 496 talkWithDriver(false); 497} 498 499void IPCThreadState::stopProcess(bool immediate) 500{ 501 //ALOGI("**** STOPPING PROCESS"); 502 flushCommands(); 503 int fd = mProcess->mDriverFD; 504 mProcess->mDriverFD = -1; 505 close(fd); 506 //kill(getpid(), SIGKILL); 507} 508 509status_t IPCThreadState::transact(int32_t handle, 510 uint32_t code, const Parcel& data, 511 Parcel* reply, uint32_t flags) 512{ 513 status_t err = data.errorCheck(); 514 515 flags |= TF_ACCEPT_FDS; 516 517 IF_LOG_TRANSACTIONS() { 518 TextOutput::Bundle _b(alog); 519 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 520 << handle << " / code " << TypeCode(code) << ": " 521 << indent << data << dedent << endl; 522 } 523 524 if (err == NO_ERROR) { 525 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 526 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 527 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 528 } 529 530 if (err != NO_ERROR) { 531 if (reply) reply->setError(err); 532 return (mLastError = err); 533 } 534 535 if ((flags & TF_ONE_WAY) == 0) { 536 #if 0 537 if (code == 4) { // relayout 538 ALOGI(">>>>>> CALLING transaction 4"); 539 } else { 540 ALOGI(">>>>>> CALLING transaction %d", code); 541 } 542 #endif 543 if (reply) { 544 err = waitForResponse(reply); 545 } else { 546 Parcel fakeReply; 547 err = waitForResponse(&fakeReply); 548 } 549 #if 0 550 if (code == 4) { // relayout 551 ALOGI("<<<<<< RETURNING transaction 4"); 552 } else { 553 ALOGI("<<<<<< RETURNING transaction %d", code); 554 } 555 #endif 556 557 IF_LOG_TRANSACTIONS() { 558 TextOutput::Bundle _b(alog); 559 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 560 << handle << ": "; 561 if (reply) alog << indent << *reply << dedent << endl; 562 else alog << "(none requested)" << endl; 563 } 564 } else { 565 err = waitForResponse(NULL, NULL); 566 } 567 568 return err; 569} 570 571void IPCThreadState::incStrongHandle(int32_t handle) 572{ 573 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 574 mOut.writeInt32(BC_ACQUIRE); 575 mOut.writeInt32(handle); 576} 577 578void IPCThreadState::decStrongHandle(int32_t handle) 579{ 580 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 581 mOut.writeInt32(BC_RELEASE); 582 mOut.writeInt32(handle); 583} 584 585void IPCThreadState::incWeakHandle(int32_t handle) 586{ 587 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 588 mOut.writeInt32(BC_INCREFS); 589 mOut.writeInt32(handle); 590} 591 592void IPCThreadState::decWeakHandle(int32_t handle) 593{ 594 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 595 mOut.writeInt32(BC_DECREFS); 596 mOut.writeInt32(handle); 597} 598 599status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 600{ 601 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle); 602 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 603 mOut.writeInt32(0); // xxx was thread priority 604 mOut.writeInt32(handle); 605 status_t result = UNKNOWN_ERROR; 606 607 waitForResponse(NULL, &result); 608 609#if LOG_REFCOUNTS 610 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 611 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 612#endif 613 614 return result; 615} 616 617void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 618{ 619#if LOG_REFCOUNTS 620 printf("IPCThreadState::expungeHandle(%ld)\n", handle); 621#endif 622 self()->mProcess->expungeHandle(handle, binder); 623} 624 625status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 626{ 627 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 628 mOut.writeInt32((int32_t)handle); 629 mOut.writeInt32((int32_t)proxy); 630 return NO_ERROR; 631} 632 633status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 634{ 635 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 636 mOut.writeInt32((int32_t)handle); 637 mOut.writeInt32((int32_t)proxy); 638 return NO_ERROR; 639} 640 641IPCThreadState::IPCThreadState() 642 : mProcess(ProcessState::self()), 643 mMyThreadId(androidGetTid()), 644 mStrictModePolicy(0), 645 mLastTransactionBinderFlags(0) 646{ 647 pthread_setspecific(gTLS, this); 648 clearCaller(); 649 mOrigCallingUid = mCallingUid; 650 mIn.setDataCapacity(256); 651 mOut.setDataCapacity(256); 652} 653 654IPCThreadState::~IPCThreadState() 655{ 656} 657 658status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 659{ 660 status_t err; 661 status_t statusBuffer; 662 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 663 if (err < NO_ERROR) return err; 664 665 return waitForResponse(NULL, NULL); 666} 667 668status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 669{ 670 int32_t cmd; 671 int32_t err; 672 673 while (1) { 674 if ((err=talkWithDriver()) < NO_ERROR) break; 675 err = mIn.errorCheck(); 676 if (err < NO_ERROR) break; 677 if (mIn.dataAvail() == 0) continue; 678 679 cmd = mIn.readInt32(); 680 681 IF_LOG_COMMANDS() { 682 alog << "Processing waitForResponse Command: " 683 << getReturnString(cmd) << endl; 684 } 685 686 switch (cmd) { 687 case BR_TRANSACTION_COMPLETE: 688 if (!reply && !acquireResult) goto finish; 689 break; 690 691 case BR_DEAD_REPLY: 692 err = DEAD_OBJECT; 693 goto finish; 694 695 case BR_FAILED_REPLY: 696 err = FAILED_TRANSACTION; 697 goto finish; 698 699 case BR_ACQUIRE_RESULT: 700 { 701 ALOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 702 const int32_t result = mIn.readInt32(); 703 if (!acquireResult) continue; 704 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 705 } 706 goto finish; 707 708 case BR_REPLY: 709 { 710 binder_transaction_data tr; 711 err = mIn.read(&tr, sizeof(tr)); 712 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 713 if (err != NO_ERROR) goto finish; 714 715 if (reply) { 716 if ((tr.flags & TF_STATUS_CODE) == 0) { 717 reply->ipcSetDataReference( 718 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 719 tr.data_size, 720 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 721 tr.offsets_size/sizeof(size_t), 722 freeBuffer, this); 723 } else { 724 err = *static_cast<const status_t*>(tr.data.ptr.buffer); 725 freeBuffer(NULL, 726 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 727 tr.data_size, 728 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 729 tr.offsets_size/sizeof(size_t), this); 730 } 731 } else { 732 freeBuffer(NULL, 733 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 734 tr.data_size, 735 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 736 tr.offsets_size/sizeof(size_t), this); 737 continue; 738 } 739 } 740 goto finish; 741 742 default: 743 err = executeCommand(cmd); 744 if (err != NO_ERROR) goto finish; 745 break; 746 } 747 } 748 749finish: 750 if (err != NO_ERROR) { 751 if (acquireResult) *acquireResult = err; 752 if (reply) reply->setError(err); 753 mLastError = err; 754 } 755 756 return err; 757} 758 759status_t IPCThreadState::talkWithDriver(bool doReceive) 760{ 761 if (mProcess->mDriverFD <= 0) { 762 return -EBADF; 763 } 764 765 binder_write_read bwr; 766 767 // Is the read buffer empty? 768 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 769 770 // We don't want to write anything if we are still reading 771 // from data left in the input buffer and the caller 772 // has requested to read the next data. 773 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 774 775 bwr.write_size = outAvail; 776 bwr.write_buffer = (long unsigned int)mOut.data(); 777 778 // This is what we'll read. 779 if (doReceive && needRead) { 780 bwr.read_size = mIn.dataCapacity(); 781 bwr.read_buffer = (long unsigned int)mIn.data(); 782 } else { 783 bwr.read_size = 0; 784 bwr.read_buffer = 0; 785 } 786 787 IF_LOG_COMMANDS() { 788 TextOutput::Bundle _b(alog); 789 if (outAvail != 0) { 790 alog << "Sending commands to driver: " << indent; 791 const void* cmds = (const void*)bwr.write_buffer; 792 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 793 alog << HexDump(cmds, bwr.write_size) << endl; 794 while (cmds < end) cmds = printCommand(alog, cmds); 795 alog << dedent; 796 } 797 alog << "Size of receive buffer: " << bwr.read_size 798 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 799 } 800 801 // Return immediately if there is nothing to do. 802 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 803 804 bwr.write_consumed = 0; 805 bwr.read_consumed = 0; 806 status_t err; 807 do { 808 IF_LOG_COMMANDS() { 809 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 810 } 811#if defined(HAVE_ANDROID_OS) 812 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 813 err = NO_ERROR; 814 else 815 err = -errno; 816#else 817 err = INVALID_OPERATION; 818#endif 819 if (mProcess->mDriverFD <= 0) { 820 err = -EBADF; 821 } 822 IF_LOG_COMMANDS() { 823 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 824 } 825 } while (err == -EINTR); 826 827 IF_LOG_COMMANDS() { 828 alog << "Our err: " << (void*)err << ", write consumed: " 829 << bwr.write_consumed << " (of " << mOut.dataSize() 830 << "), read consumed: " << bwr.read_consumed << endl; 831 } 832 833 if (err >= NO_ERROR) { 834 if (bwr.write_consumed > 0) { 835 if (bwr.write_consumed < (ssize_t)mOut.dataSize()) 836 mOut.remove(0, bwr.write_consumed); 837 else 838 mOut.setDataSize(0); 839 } 840 if (bwr.read_consumed > 0) { 841 mIn.setDataSize(bwr.read_consumed); 842 mIn.setDataPosition(0); 843 } 844 IF_LOG_COMMANDS() { 845 TextOutput::Bundle _b(alog); 846 alog << "Remaining data size: " << mOut.dataSize() << endl; 847 alog << "Received commands from driver: " << indent; 848 const void* cmds = mIn.data(); 849 const void* end = mIn.data() + mIn.dataSize(); 850 alog << HexDump(cmds, mIn.dataSize()) << endl; 851 while (cmds < end) cmds = printReturnCommand(alog, cmds); 852 alog << dedent; 853 } 854 return NO_ERROR; 855 } 856 857 return err; 858} 859 860status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 861 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 862{ 863 binder_transaction_data tr; 864 865 tr.target.handle = handle; 866 tr.code = code; 867 tr.flags = binderFlags; 868 tr.cookie = 0; 869 tr.sender_pid = 0; 870 tr.sender_euid = 0; 871 872 const status_t err = data.errorCheck(); 873 if (err == NO_ERROR) { 874 tr.data_size = data.ipcDataSize(); 875 tr.data.ptr.buffer = data.ipcData(); 876 tr.offsets_size = data.ipcObjectsCount()*sizeof(size_t); 877 tr.data.ptr.offsets = data.ipcObjects(); 878 } else if (statusBuffer) { 879 tr.flags |= TF_STATUS_CODE; 880 *statusBuffer = err; 881 tr.data_size = sizeof(status_t); 882 tr.data.ptr.buffer = statusBuffer; 883 tr.offsets_size = 0; 884 tr.data.ptr.offsets = NULL; 885 } else { 886 return (mLastError = err); 887 } 888 889 mOut.writeInt32(cmd); 890 mOut.write(&tr, sizeof(tr)); 891 892 return NO_ERROR; 893} 894 895sp<BBinder> the_context_object; 896 897void setTheContextObject(sp<BBinder> obj) 898{ 899 the_context_object = obj; 900} 901 902status_t IPCThreadState::executeCommand(int32_t cmd) 903{ 904 BBinder* obj; 905 RefBase::weakref_type* refs; 906 status_t result = NO_ERROR; 907 908 switch (cmd) { 909 case BR_ERROR: 910 result = mIn.readInt32(); 911 break; 912 913 case BR_OK: 914 break; 915 916 case BR_ACQUIRE: 917 refs = (RefBase::weakref_type*)mIn.readInt32(); 918 obj = (BBinder*)mIn.readInt32(); 919 ALOG_ASSERT(refs->refBase() == obj, 920 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 921 refs, obj, refs->refBase()); 922 obj->incStrong(mProcess.get()); 923 IF_LOG_REMOTEREFS() { 924 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 925 obj->printRefs(); 926 } 927 mOut.writeInt32(BC_ACQUIRE_DONE); 928 mOut.writeInt32((int32_t)refs); 929 mOut.writeInt32((int32_t)obj); 930 break; 931 932 case BR_RELEASE: 933 refs = (RefBase::weakref_type*)mIn.readInt32(); 934 obj = (BBinder*)mIn.readInt32(); 935 ALOG_ASSERT(refs->refBase() == obj, 936 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 937 refs, obj, refs->refBase()); 938 IF_LOG_REMOTEREFS() { 939 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 940 obj->printRefs(); 941 } 942 mPendingStrongDerefs.push(obj); 943 break; 944 945 case BR_INCREFS: 946 refs = (RefBase::weakref_type*)mIn.readInt32(); 947 obj = (BBinder*)mIn.readInt32(); 948 refs->incWeak(mProcess.get()); 949 mOut.writeInt32(BC_INCREFS_DONE); 950 mOut.writeInt32((int32_t)refs); 951 mOut.writeInt32((int32_t)obj); 952 break; 953 954 case BR_DECREFS: 955 refs = (RefBase::weakref_type*)mIn.readInt32(); 956 obj = (BBinder*)mIn.readInt32(); 957 // NOTE: This assertion is not valid, because the object may no 958 // longer exist (thus the (BBinder*)cast above resulting in a different 959 // memory address). 960 //ALOG_ASSERT(refs->refBase() == obj, 961 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 962 // refs, obj, refs->refBase()); 963 mPendingWeakDerefs.push(refs); 964 break; 965 966 case BR_ATTEMPT_ACQUIRE: 967 refs = (RefBase::weakref_type*)mIn.readInt32(); 968 obj = (BBinder*)mIn.readInt32(); 969 970 { 971 const bool success = refs->attemptIncStrong(mProcess.get()); 972 ALOG_ASSERT(success && refs->refBase() == obj, 973 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 974 refs, obj, refs->refBase()); 975 976 mOut.writeInt32(BC_ACQUIRE_RESULT); 977 mOut.writeInt32((int32_t)success); 978 } 979 break; 980 981 case BR_TRANSACTION: 982 { 983 binder_transaction_data tr; 984 result = mIn.read(&tr, sizeof(tr)); 985 ALOG_ASSERT(result == NO_ERROR, 986 "Not enough command data for brTRANSACTION"); 987 if (result != NO_ERROR) break; 988 989 Parcel buffer; 990 buffer.ipcSetDataReference( 991 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 992 tr.data_size, 993 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 994 tr.offsets_size/sizeof(size_t), freeBuffer, this); 995 996 const pid_t origPid = mCallingPid; 997 const uid_t origUid = mCallingUid; 998 999 mCallingPid = tr.sender_pid; 1000 mCallingUid = tr.sender_euid; 1001 mOrigCallingUid = tr.sender_euid; 1002 1003 int curPrio = getpriority(PRIO_PROCESS, mMyThreadId); 1004 if (gDisableBackgroundScheduling) { 1005 if (curPrio > ANDROID_PRIORITY_NORMAL) { 1006 // We have inherited a reduced priority from the caller, but do not 1007 // want to run in that state in this process. The driver set our 1008 // priority already (though not our scheduling class), so bounce 1009 // it back to the default before invoking the transaction. 1010 setpriority(PRIO_PROCESS, mMyThreadId, ANDROID_PRIORITY_NORMAL); 1011 } 1012 } else { 1013 if (curPrio >= ANDROID_PRIORITY_BACKGROUND) { 1014 // We want to use the inherited priority from the caller. 1015 // Ensure this thread is in the background scheduling class, 1016 // since the driver won't modify scheduling classes for us. 1017 // The scheduling group is reset to default by the caller 1018 // once this method returns after the transaction is complete. 1019 set_sched_policy(mMyThreadId, SP_BACKGROUND); 1020 } 1021 } 1022 1023 //ALOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 1024 1025 Parcel reply; 1026 IF_LOG_TRANSACTIONS() { 1027 TextOutput::Bundle _b(alog); 1028 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 1029 << " / obj " << tr.target.ptr << " / code " 1030 << TypeCode(tr.code) << ": " << indent << buffer 1031 << dedent << endl 1032 << "Data addr = " 1033 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 1034 << ", offsets addr=" 1035 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 1036 } 1037 if (tr.target.ptr) { 1038 sp<BBinder> b((BBinder*)tr.cookie); 1039 const status_t error = b->transact(tr.code, buffer, &reply, tr.flags); 1040 if (error < NO_ERROR) reply.setError(error); 1041 1042 } else { 1043 const status_t error = the_context_object->transact(tr.code, buffer, &reply, tr.flags); 1044 if (error < NO_ERROR) reply.setError(error); 1045 } 1046 1047 //ALOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 1048 // mCallingPid, origPid, origUid); 1049 1050 if ((tr.flags & TF_ONE_WAY) == 0) { 1051 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 1052 sendReply(reply, 0); 1053 } else { 1054 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 1055 } 1056 1057 mCallingPid = origPid; 1058 mCallingUid = origUid; 1059 mOrigCallingUid = origUid; 1060 1061 IF_LOG_TRANSACTIONS() { 1062 TextOutput::Bundle _b(alog); 1063 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 1064 << tr.target.ptr << ": " << indent << reply << dedent << endl; 1065 } 1066 1067 } 1068 break; 1069 1070 case BR_DEAD_BINDER: 1071 { 1072 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 1073 proxy->sendObituary(); 1074 mOut.writeInt32(BC_DEAD_BINDER_DONE); 1075 mOut.writeInt32((int32_t)proxy); 1076 } break; 1077 1078 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 1079 { 1080 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 1081 proxy->getWeakRefs()->decWeak(proxy); 1082 } break; 1083 1084 case BR_FINISHED: 1085 result = TIMED_OUT; 1086 break; 1087 1088 case BR_NOOP: 1089 break; 1090 1091 case BR_SPAWN_LOOPER: 1092 mProcess->spawnPooledThread(false); 1093 break; 1094 1095 default: 1096 printf("*** BAD COMMAND %d received from Binder driver\n", cmd); 1097 result = UNKNOWN_ERROR; 1098 break; 1099 } 1100 1101 if (result != NO_ERROR) { 1102 mLastError = result; 1103 } 1104 1105 return result; 1106} 1107 1108void IPCThreadState::threadDestructor(void *st) 1109{ 1110 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1111 if (self) { 1112 self->flushCommands(); 1113#if defined(HAVE_ANDROID_OS) 1114 if (self->mProcess->mDriverFD > 0) { 1115 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1116 } 1117#endif 1118 delete self; 1119 } 1120} 1121 1122 1123void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, size_t dataSize, 1124 const size_t* objects, size_t objectsSize, 1125 void* cookie) 1126{ 1127 //ALOGI("Freeing parcel %p", &parcel); 1128 IF_LOG_COMMANDS() { 1129 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1130 } 1131 ALOG_ASSERT(data != NULL, "Called with NULL data"); 1132 if (parcel != NULL) parcel->closeFileDescriptors(); 1133 IPCThreadState* state = self(); 1134 state->mOut.writeInt32(BC_FREE_BUFFER); 1135 state->mOut.writeInt32((int32_t)data); 1136} 1137 1138}; // namespace android 1139