ADHOC
/
replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

system_server BINDER_TYPE_FD sockets using ashmem accessors 

check if device is a character device, before calling
ashmem_get_size_region. We do not check if the st_rdev
matches /dev/ashmem. So this at least eliminates making
this call when associated with a socket.

Bug: 26374183
Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4
This commit is contained in:
Mark Salyzyn 2016-01-27 08:02:48 -08:00 committed by Steve Kondik
parent e481771aa3
commit d70043eaf4
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libs/binder/Parcel.cpp
View File

@ -42,6 +42,9 @@
#include <stdlib.h>
#include <stdint.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#ifndef INT32_MAX
#define INT32_MAX ((int32_t)(2147483647))
@ -123,8 +126,10 @@ void acquire_object(const sp<ProcessState>& proc,
return;
}
case BINDER_TYPE_FD: {
if (obj.cookie != 0) {
if (outAshmemSize != NULL) {
if ((obj.cookie != 0) && (outAshmemSize != NULL)) {
struct stat st;
int ret = fstat(obj.handle, &st);
if (!ret && S_ISCHR(st.st_mode)) {
// If we own an ashmem fd, keep track of how much memory it refers to.
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
@ -175,9 +180,13 @@ static void release_object(const sp<ProcessState>& proc,
case BINDER_TYPE_FD: {
if (obj.cookie != 0) { // owned
if (outAshmemSize != NULL) {
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
*outAshmemSize -= size;
struct stat st;
int ret = fstat(obj.handle, &st);
if (!ret && S_ISCHR(st.st_mode)) {
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
*outAshmemSize -= size;
}
}
}
close(obj.handle);