Commit Graph

29 Commits

Author SHA1 Message Date
Brad Fitzpatrick
5273603e98 Don't propagate StrictMode over one-way Binder calls.
This was causing stack stitching problems where a one-way call with
violations followed by a two-way call without violations was getting
the previous one-way call's violation stack stitched on to the second
caller's stack.

The solution is a little more indirect than I would've liked
(preserving the binder's onTransact flags until enforceInterface) but
was seemingly necessary to work without changing the AIDL compiler.
It should also be sufficiently cheap, since no new calls to
thread-local IPCThreadState lookups were required.  The additional
work is just same-thread getter/setters on the existing
IPCThreadState.

Change-Id: I4b6db1d445c56e868e6d0d7be3ba6849f4ef23ae
2010-08-31 13:16:49 -07:00
Brad Fitzpatrick
70081a1511 Replace several IPCThreadState::get() lookups with one.
Also, make StrictMode's ThreadLocal final.

Change-Id: I08d400ed254fa67bb7a3dae1227f205a54c00df0
2010-07-27 12:28:57 -07:00
Brad Fitzpatrick
d36f4a5f13 StrictMode: gather and return violating stacks in Binder replies
Now, when Thread A has a strict mode policy in effect and does a
Binder call to Thread B (most likely in another process), the strict
mode policy is passed along, but with the GATHER penalty bit set which
overrides other policies and instead gathers all offending stack
traces to a threadlocal which are then written back in the Parcel's
reply header.

Change-Id: I7d4497032a0609b37b1a2a15855f5c929ba0584d
2010-07-15 13:18:05 -07:00
Brad Fitzpatrick
a877cd85b5 More StrictMode work, keeping Binder & BlockGuard's thread-locals in-sync.
Change-Id: Ia67cabcc17a73a0f15907ffea683d06bc41b90e5
2010-07-15 13:18:05 -07:00
Brad Fitzpatrick
837a0d0fb2 Add Parcel::readExceptionCode() and Parcel::writeNoException()
Add native Parcel methods analogous to the Java versions.

Currently, these don't do much, but upcoming StrictMode work changes
the RPC calling conventions in some cases, so it's important that
everybody uses these consistently, rather than having a lot of code
trying to parse RPC responses out of Parcels themselves.

As a summary, the current convention that Java Binder services use is
to prepend the reply Parcel with an int32 signaling the exception
status:

     0: no exception
     -1: Security exception
     -2: Bad Parcelable
     -3: ...
     -4: ...
     -5: ...

... followed by Parceled String if the exception code is non-zero.

With an upcoming change, it'll be the case that a response Parcel can,
non-exceptionally return rich data in the header, and also return data
to the caller.  The important thing to note in this new case is that
the first int32 in the reply parcel *will not be zero*, so anybody
manually checking for it with reply.readInt32() will get false
negative failures.

Short summary: If you're calling into a Java service and manually
checking the exception status with reply.readInt32(), change it to
reply.readExceptionCode().

Change-Id: I23f9a0e53a8cfbbd9759242cfde16723641afe04
2010-07-13 15:45:18 -07:00
Brad Fitzpatrick
702ea9d42f Start of work on passing around StrictMode policy over Binder calls.
This is (intendend to be) a no-op change.

At this stage, Binder RPCs just have an additional uint32 passed around
in the header, right before the interface name.  But nothing is actually
done with them yet.  That value should right now always be 0.

This now boots and seems to work.

Change-Id: I135b7c84f07575e6b9717fef2424d301a450df7b
2010-06-21 12:56:35 -07:00
Dan Egnor
386a332b4f Make static versions of libutils and libbinder.
Fix some small static-initialization-order issues (and a static-
initializers-missing issue) that result from doing so.  The static
libraries don't actually get used for anything real at the moment --
they're used for perf tests of bug 2660235.

Bug: 2660235
Change-Id: Iee2f38f79cc93b395e8d0a5a144ed92461f5ada0
2010-05-06 01:03:31 -07:00
Mathias Agopian
3c772b706d fix [2599939] "cannot play video" after open/close a video player a dozen of times
get rid off the MAP_ONCE flag is MemoryHeapBase (as well as it's functionality),
this feature should not be used anymore.

the software renderer was incorrectly using the default ctor which set MAP_ONCE,
causing the leak. the software renderer itself is incorrectly used while coming
back from sleep.

Change-Id: I123621f8d140550b864f352bbcd8a5729db12b57
2010-04-19 19:09:03 -07:00
Christopher Tate
440fd870b2 Ensure that binder incalls to the system process keep the fg cgroup
On binder incalls, the handler thread is given the caller's priority by the
driver, but not the caller's cgroup.  We have explicit code that sets the
handler's cgroup to match the caller's, *except* that the system process
explicitly disables this behavior.  This led to a siuation in which we were
running binder incalls to the system process at nice=10 but cgroup=fg.

That's fine as far as it goes, except that if a GC happened in the handler
thread, it would be promoted to foreground priority and cgroup both, to avoid
having the GC take forever.  Then, when GC finished, the original priority
is reset, and the cgroup set *based on that priority*.  This would push the
handler thread into nice=10 cgroup=bg_non_interactive -- which matches the
caller, but is supposed to be impossible in the system process.

The end result of this was that we could be running "lengthy" operations in
the system process in the background.  Unfortunately, some of the operations
that wound up like this would hold important global system locks for up to
twenty seconds as a result, making the entire device unresponsive to input
for that period.

This CL fixes the binder incall setup to ensure that within the system process,
a binder incall is always begun from the normal foreground priority as well
as cgroup.  In practice now the device still becomes laggy/sluggish when the
offending lock-holding time-consuming incall occurs, but since it still runs
as a foreground task it is able to proceed to completion within a short time
rather than taking 20 seconds.

Fixes bug #2403717

Change-Id: Id046aeabd0e80c48eef94accc37842835eab308d
2010-03-18 18:13:57 -07:00
Mathias Agopian
98e71ddaed remove a dependency of GraphicBuffer (libui) on Parcel (libbinder).
Add a Flattenable interface to libutils which can be used to flatten
an object into bytestream + filedescriptor stream.
Parcel is modified to handle Flattenable. And GraphicBuffer implements
Flattenable.

Except for the overlay classes libui is now independent of libbinder.
2010-02-21 23:27:25 -08:00
Mathias Agopian
0dd0d2944a Simplify the MemoryDealer implementation
At some point the implementation became complicated because of
SurfaceFlinger's special needs, since we are now relying on gralloc
we can go back to much simpler MemoryDealer.

Removed HeapInterface and AllocatorInterface, since those don't need
to be paramterized anymore. Merged SimpleMemory and Allocation.
Made SimplisticAllocator non virtual.

Removed MemoryDealer flags (READ_ONLY, PAGE_ALIGNED)

Removed a lot of unneeded code.
2010-01-29 14:51:06 -08:00
Dianne Hackborn
8c6cedc9bc Propagate background scheduling class across processes.
This is a very simply implementation: upon receiving an IPC, if the handling
thread is at a background priority (the driver will have taken care of
propagating this from the calling thread), then stick it in to the background
scheduling group.  Plus an API to turn this off for the process, which is
used by the system process.

This also pulls some of the code for managing scheduling classes out of
the Process JNI wrappers and in to some convenience methods in thread.h.
2009-12-07 19:11:14 -08:00
Rebecca Schultz Zavin
c0c1092183 Modify the binder to request 1M - 2 pages instead of 1M. The backing store
in the kernel requires a guard page, so 1M allocations fragment memory very
badly.  Subtracting a couple of pages so that they fit in a power of
two allows the kernel to make more efficient use of its virtual address space.

Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
2009-11-12 16:31:12 -08:00
Christopher Tate
07d69893e1 Reset binder service threads' cgroup/priority after command completion
To prevent buggy command implementations from poisoning binder threads'
scheduling class & priority for future command execution, we now reset the
cgroup and thread priority to foreground/normal when a binder service thread
finishes executing the designated command.

Change-Id: Ibc0ab2485751453f6dc96fdb4eb877fd02796e3f
2009-11-08 14:29:02 -08:00
Evan Millar
6dfe8f1ffa Revert jparks code from IPCThreadState. 2009-11-06 11:25:23 -08:00
Jason Parks
b5c4135333 When a thread is about to be put back onto the thread pool ensure that it is in the foreground cgroup. 2009-11-04 14:25:26 -08:00
Jason Parks
dcd3958c50 Add a warning when we leave threads in the binder thread pool in the background scheduling group. 2009-11-03 13:10:15 -08:00
Dima Zavin
d7f53e1945 libbinder: MemoryHeapPmem: honor the NO_CACHING flag when creating a client heap
Change-Id: Ia7beb800f5a24beaa4b7f3032b486d4ed1991b23
Signed-off-by: Dima Zavin <dima@android.com>
2009-11-02 16:36:45 -08:00
Iliyan Malchev
0db1a8931b libbinder: add a NO_CACHING flag to MemoryHeapBase
The NO_CACHING flag translates to opening a memory region with O_SYNC.

Signed-off-by: Iliyan Malchev <malchev@google.com>
2009-10-30 18:35:47 -07:00
Benny Wong
d4851d74ac Add offset handling in MemoryHeapBase class 2009-08-20 03:55:20 -07:00
Andreas Huber
84a6d041e2 Support for marshalling pointers / intptr_t in Parcel.
Some refactoring to eliminate code duplication in Parcel implementation.
2009-08-17 15:31:25 -07:00
Mathias Agopian
1d0a95b12a don't crash in Parcel when given a null (and therfore invalid) native_handle_t 2009-07-31 16:18:16 -07:00
Marco Nelissen
d43b194b69 Instead of using -1 for pid and uid in the simulator, and then having
to special-case the simulator case all over the framework, just use
getuid and getpid, and intercept those in the simulator wrapper.
2009-07-17 10:48:09 -07:00
Mathias Agopian
375f56363a new Permission class used to improve permission checks speed (by caching results) 2009-06-15 21:56:51 -07:00
Mathias Agopian
83c0446f27 some work to try to reduce the code size of some native libraries
- make sure that all binder Bn classes define a ctor and dtor in their respective library.
  This avoids duplication of the ctor/dtor in libraries where these objects are instantiated.
  This is also cleaner, should we want these ctor/dtor to do something one day.

- same change as above for some Bp classes and various other non-binder classes

- moved the definition of CHECK_INTERFACE() in IInterface.h instead of having it everywhere.

- improved the CHECK_INTERFACE() macro so it calls a single method in Parcel, instead of inlining its code everywhere

- IBinder::getInterfaceDescriptor() now returns a "const String16&" instead of String16, which saves calls to String16 and ~String16

- implemented a cache for BpBinder::getInterfaceDescriptor(), since this does an IPC. HOWEVER, this method never seems to be called.
  The cache makes BpBinder bigger, so we need to figure out if we need this method at all.
2009-05-26 16:12:20 -07:00
Android (Google) Code Review
4e97f8c62f am d50a458b: Merge change 2351 into donut
Merge commit 'd50a458bb291801ab9fdc119301bc7b84b42a6e3'

* commit 'd50a458bb291801ab9fdc119301bc7b84b42a6e3':
  Fix a major bug in Bundle when unparcelling from AIDL.
2009-05-22 14:53:18 -07:00
Mathias Agopian
a47f02afb1 change 2115 wasn't merged properly into master. this fixes that.
Merge change 2115 into donut

* changes:
  bring the native_handle stuff back from master_gl

Conflicts:

	libs/binder/Parcel.cpp
2009-05-21 16:29:38 -07:00
Mathias Agopian
c5b2c0bf80 move libbinder's header files under includes/binder 2009-05-20 12:55:03 -07:00
Mathias Agopian
208059f67e checkpoint: split libutils into libutils + libbinder 2009-05-20 12:55:02 -07:00