Commit Graph

52 Commits

Author SHA1 Message Date
Dianne Hackborn
a59b827869 Fix issue #27252896: Security Vulnerability -- weak binder
Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object.  We need to try to
safely promote to a strong reference first.

Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(cherry picked from commit c11146106f94e07016e8e26e4f8628f9a0c73199)
2016-03-25 17:47:54 -07:00
Wale Ogunwale
a3206e690b Fixed build error with clang/llvm.
Change-Id: Ideacdc974ebad542df724464ccba9fcfb2b7ea91
2015-04-21 14:00:27 -07:00
Wale Ogunwale
376b822728 Added IPCThreadState::blockUntilThreadAvailable() method.
Will be used by the system_server watchdog to monitor the
availability of binder threads in the process to handle
incoming IPC requests.

Bug: 19297165
Change-Id: I39175f3869ad14da5620fddb47f454e6e4ee2b25
2015-04-14 13:17:25 -07:00
Yabin Cui
8fb2d25ff3 Kill HAVE_PTHREADS.
Bug: 19083585
Change-Id: I355491de945590f43c82bdcb7968b01b4bff6e06
2015-01-26 22:36:36 -08:00
Dan Stoza
9c634fd2d1 binder: Return pid_t/uid_t instead of int
Makes IPCThreadState::getCalling{Pid,Uid} return a more
appropriate type.

Change-Id: I97f8a83c1c0722bc1afbf8a6df1a288f8f1f0d2c
2014-12-01 11:07:14 -08:00
Bernhard Rosenkränzer
74debb0b8f Fix build with clang in C++11 mode
Now that we're in C++11 mode by default, clang complains about switch
statements with case values not matching the type -- since some
binder_driver_return_protocol values are > 0x7fffffff, we need to make
the switch statements operate on uint32_t rather than int32_t.

BUG: 18466763
Change-Id: Iedbfd5c7a3d3d9f087d2eab4ff21343ad7a2a448
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
2014-11-25 14:06:04 -08:00
Andreas Gampe
0b53b5c0b3 Binder: Remove unused functions & variables
For build-system CFLAGS clean-up, remove unused functions and
variables.

Change-Id: I88abc2bc99e6b91c7aa56470ff9671bf8bf29f8d
2014-11-24 11:39:11 -08:00
Chih-Hung Hsieh
ac5cd96fe2 am dbab409c: Merge "Avoid two warnings from clang."
* commit 'dbab409c49ca5dd6686912d0b3eeb19ef1c37a3e':
  Avoid two warnings from clang.
2014-11-04 01:24:07 +00:00
Chih-Hung Hsieh
8e5337de2c Avoid two warnings from clang.
Clang compiler warns about undefined static functions like getReturnString
before all references are removed inside IF_LOG_COMMANDS.
To remove such warnings, we can leave those static functions defined
and the compiler will remove them at the end when they are not used.

Add a cast to long before converting from int to void*,
to avoid type cast warnings on 64 bit targets.

BUG: 17043248
Change-Id: Ica31101522279d2c8eacc90e2939767002fb827b
2014-10-31 18:38:00 +00:00
Dianne Hackborn
e4499526ee am 5ee2c9d2: Work on issue #17656716: Unhandled exception in Window Manager
* commit '5ee2c9d20c0fbecf6b4a482eb8d8bfdf85d0d424':
  Work on issue #17656716: Unhandled exception in Window Manager
2014-09-30 20:23:02 +00:00
Dianne Hackborn
5ee2c9d20c Work on issue #17656716: Unhandled exception in Window Manager
Try to clean up the code paths coming in and out of binder IPCs to
plug any places where we could disrupt the gather flag of a thread,
causing it to keep gathering stack crawls (which is the thing that
is causing our strict mode data to become so large).

We now take care of saving and restoring this state in the core
IPC code path, not at the Java layer.

Change-Id: I73d564778da127bdce00f304225930e7f2318293
2014-09-30 11:30:03 -07:00
Elliott Hughes
fa6ad07c4e Use gettid directly in binder.
Bug: 17048545
Change-Id: I1df378135961e085a52f6cc5694ad74cd73aac19
2014-08-18 10:38:38 -07:00
Mark Salyzyn
317ff37cf7 binder: rm utils/Debug.h
Change-Id: I16931919a26c16a0d701771c93fa7fe1c6f60ef8
2014-05-29 13:10:03 -07:00
Arve Hjønnevåg
07fd0f195d Binder: Fix some valgrind errors.
When using 64 bit binder pointers, only initializing the 32 bit
handle, in a stack allocated struct, will pass uninitialized stack
data to the kernel and other processes.

Change-Id: I3432d9d36bb251d8ddb0a863661aeb80aabb3d92
2014-02-18 21:14:41 -08:00
Arve Hjønnevåg
87b30d0447 Binder: Don't cast directly from a pointer to binder_uintptr_t
When using the 64 bit binder interface from a 32 bit process the
pointer may get sign extended and cause the kernel to fail to read
from it.

Change-Id: I90fcf53880e2aa92e230a9723f9b3f7696170e32
2014-02-18 21:14:39 -08:00
Arve Hjønnevåg
11cfdccfd3 Binder: Disable attemptIncStrongHandle
The driver does not support BC_ATTEMPT_ACQUIRE and will return an error.
IPCThreadState does not handle driver errors, and will resend the failed
command blocking all other commands.

Change-Id: I643986037341821b27b62dc82df933844f4842b8
2014-02-14 20:18:13 -08:00
Colin Cross
6f4f3ab36c binder: fix all warnings
Fix warnings related to casting pointers to ints, using %d or %ld to
print size_t/ssize_t, and unused parameters.

Change-Id: I7a13ba83d402952989c1f795cd9e880a95b98d9e
2014-02-05 17:51:10 -08:00
Arve Hjønnevåg
84e625ac1e Binder: Use 64 bit pointers in 32 processes if selected by the target
Uses new kernel header where void * has been replaced by binder_uintptr_t

Change-Id: Icfc67c2a279269f700343bd9246fd7cb94efe2c1
2014-01-31 15:51:06 -08:00
Serban Constantinescu
f683e0163a Binder: Make binder portable
Changes include
- Binder attempts to cast pointers to a int datatype
  which is not sufficient on a 64-bit platform.

- This patch introduces new read/write functions into
  Parcel that allow pointers to be written using the
  uintptr_t datatype for compile-time data type size
  selection.

-  Change access specifier for the methods above.

-  Binder uses the 64bit android_atomic_release_cas64
   (aka cmpxchg)

Change-Id: I595280541e0ba1d19c94b2ca2127bf9d96efabf1
Signed-off-by: Matthew Leach <matthew.leach@arm.com>
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:49:40 +00:00
Jeff Brown
ada11c5e67 Make getCallingUid/Pid const.
Change-Id: I1853b21eaa45d85274189dfd72f73fec48d0d6b7
2013-07-15 15:08:39 -07:00
Todd Poynor
8d96cab8bf binder: add polling / single-threaded operation
This is currently safe to do only for processes that disallow any binder
threads to be created: setThreadPoolMaxThreadCount(0).

Change-Id: I8a27f3cf26f4d51edb7f222af487ac256cbcab65
2013-07-04 00:19:09 +00:00
Jeff Tinker
fc1f308ca1 am de836890: am ef07386e: Prevent IPCThreadState::joinThreadPool from spinning on unexpected error
* commit 'de836890abc7b5381e285833052375cbb85730cb':
  Prevent IPCThreadState::joinThreadPool from spinning on unexpected error
2013-06-11 20:11:43 -07:00
Jeff Tinker
ef07386e2f Prevent IPCThreadState::joinThreadPool from spinning on unexpected error
Adds logging to help determine what is happening to the /dev/binder
fd and dump the process state when it happens.

bug: 8912673
Change-Id: I2aa0c66fc499e91e0bf9ee4ae20404bec35adc82
2013-06-11 18:03:01 -07:00
Mathias Agopian
002e1e58df libutils clean-up
Change-Id: I6ff4cfc736751de2912c697f954e45e275f2d386
2013-05-07 18:28:11 -07:00
Dave Burke
0bed1f541d Revert "ugly, temporary, workaroung for a problem where a binder thread spins forever"
This reverts commit 0845d0245e

Change-Id: I395037cb9427cd11f7de6bb78fbdfa917fc6263a
2012-10-06 23:20:00 -07:00
Mathias Agopian
0845d0245e ugly, temporary, workaroung for a problem where a binder thread spins forever
Bug: 7289992
Change-Id: I0c3d482a1af57e5f444be2ba7f2751ac3e954af2
2012-10-05 17:28:04 -07:00
Dianne Hackborn
8210185fe3 No longer need "original calling uid".
Change-Id: Ifc4a89dd088609a5a8553f6ac6553174e09e8222
2012-08-31 15:40:58 -07:00
Johannes Carlsson
db1597a989 Fix shutdown sequence to avoid SIGSEGV when running am command
When the app_process is shutting down the main thread will close the
binder fd while pool threads are executing an ioctl (in
IPCThreadState::stopProcess called by AppRuntime::onStarted in
app_main.c).

The binder driver will then return all pending calls in ioctl
without any error and with a command. One of the threads gets a
BR_SPAWN_LOOPER which will create a new thread (the other thread
gets a BR_NOOP). This new thread then calls
vm->AttachCurrentThread. Usually this results in a log entry with
"AndroidRuntime: NOTE: attach of thread 'Binder Thread #3' failed",
but sometimes it also causes a SIGSEGV. This depends on the timing
between the new thread an the main thread that calls DestroyJavaVM
(in AndroidRuntime::start).

If IPCThreadState.cpp is compiled with "#define LOG_NDEBUG 0" the
pool thread will loop and hit the
ALOG_ASSERT(mProcess->mDriverFD >= 0) in
IPCThreadState::talkWithDriver.

Crashes like this has been seen when running the am command and
other commands that use the app_process.

This fix makes sure that any command that is received when the driver
fd is closed are ignored and IPCThreadState::talkWithDriver instead
returns an error which will cause the pool thread to exit and detach
itself from the vm. A check to avoid calling ioctl to a fd with -1
was also added in IPCThreadState::threadDestructor.

Another solution might be to change the binder driver so that it
returns an error when the fd is closed (or atleast not a
BR_SPAWN_LOOPER command). It might also be possible to call exit(0)
which is done when System.exit(0) is called from java.

Change-Id: I3d1f0ff64896c44be2a5994b3a90f7a06d27f429
2012-06-25 13:58:47 -07:00
Glenn Kasten
a26e1cfbbc Scheduling group cleanup
Remove C++ APIs androidSetThreadSchedulingGroup and
androidGetThreadSchedulingGroup, and the ANDROID_TGROUP_* constants.

Former callers of these should now use the C APIs set_sched_policy and
get_sched_policy, and the SP_* constants.

Note: debug.sys.noschedgroups is not supported by the C APIs,
this needs to be discussed.

Change-Id: I32bbfc539ef4090faf9ef0320380e8cca9eae07c
2012-04-19 11:32:59 -07:00
Glenn Kasten
4bcb57502c Remove obsolete references to sched_policy.h
As part of scheduling policy cleanup, remove or isolate
all references to the scheduling policy APIs.

Change-Id: Ia1ea2fe711a399039f25217309e061267744b856
2012-03-05 18:12:45 -08:00
Amith Yamasani
4e975bb488 Multi-user - 1st major checkin
Switching activity stacks
Cache ContentProvider per user
Long-press power to switch users (on phone)

Added ServiceMap for separating services by user
Launch PendingIntents on the correct user's uid
Fix task switching from Recents list
AppWidgetService is mostly working.

Commands added to pm and am to allow creating and switching profiles.

Change-Id: I15810e8cfbe50a04bd3323a7ef5a8ff4230870ed
2012-02-03 12:01:47 -08:00
Steve Block
6726347e89 Rename LOG_ASSERT to ALOG_ASSERT DO NOT MERGE
See https://android-git.corp.google.com/g/157519

Bug: 5449033
Change-Id: I8ceb2dba1b031a0fd68d15d146960d9ced62bbf3
2012-01-09 21:36:22 +00:00
Steve Block
a19954ab37 Rename (IF_)LOGI(_IF) to (IF_)ALOGI(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/156801

Bug: 5449033
Change-Id: Ib08fe86d23db91ee153e9f91a99a35c42b9208ea
2012-01-04 20:05:49 +00:00
Ben Cheng
a63ee4c2fd am f1a4c48b: am e21dabf6: Merge "Initialize bwr.read_buffer in IPCThreadState::talkWithDriver." into ics-mr1
* commit 'f1a4c48b886d53e2afceb0620215e3792af79fd5':
  Initialize bwr.read_buffer in IPCThreadState::talkWithDriver.
2011-12-01 22:08:20 -08:00
Ben Cheng
d640f89205 Initialize bwr.read_buffer in IPCThreadState::talkWithDriver.
I/valgrind( 1309): ==1310== Syscall param
ioctl(BINDER_WRITE_READ).read_buffer points to uninitialised byte(s)
I/valgrind( 1309): ==1310==    at 0x480E670: __ioctl (__ioctl.S:10)
I/valgrind( 1309): ==1310==  Address 0xbda651b4 is on thread 1's stack

Change-Id: I02893df7b5786b6b2dbd9659f5706d7171295ab2
2011-12-01 17:11:32 -08:00
Steve Block
9f760150f6 Rename (IF_)LOG() to (IF_)ALOG() DO NOT MERGE
See https://android-git.corp.google.com/g/#/c/141576

Bug: 5449033
Change-Id: I42575e7c29cf1c0f465c357a5c97ab118df6f473
2011-10-25 16:28:24 +01:00
Andy McFadden
aefc9cda45 Resurrect verbose binder logging
Updated the command name lists, and masked off the additional bits in
the command word when doing the name lookup.

Made descriptor values easier to grep for and consistent with kernel
output (i.e. decimal rather than hex).  Attempt to show transaction
descriptors as such (they're in a union with a pointer).

Also, the writeLines() function in Static was using a no-op
logging call to write an iovec.  It looks like all callers are using
N=1, so I just added a log for the first string.

Bug 5155269

Change-Id: I417b8d77da3eb6ee1d2069ba94047210f75738bc
2011-09-07 16:45:03 -07:00
Evgeniy Stepanov
d547432f98 Make sure binder ioctl structs don't contain uninitialized values.
Change-Id: I8a678f91262417bb120e65e32c244ce1512b46c2
2011-04-21 14:37:15 +04:00
Brad Fitzpatrick
1b60843547 Framework-side support for Dalvik "isSensitiveThread" hook.
Used in lock contention stats.

Bug: 3226270
Change-Id: Ie6f58d130a29079a59bdefad40b80304d9bc3623
2010-12-14 09:28:16 -08:00
Dianne Hackborn
67f78c4fe8 Some debugging support.
- New feature to "am monitor" to have it automatically launch
  gdbserv for you when a crash/ANR happens, and tell you how to
  run the client.

- Update dumpstate to match new location of binder debug logs

- Various commented out logs that are being used to track down
  issues.

Change-Id: Ia5dd0cd2df983a1fc6be697642a4590aa02a26a5
2010-09-24 13:11:55 -07:00
Brad Fitzpatrick
5273603e98 Don't propagate StrictMode over one-way Binder calls.
This was causing stack stitching problems where a one-way call with
violations followed by a two-way call without violations was getting
the previous one-way call's violation stack stitched on to the second
caller's stack.

The solution is a little more indirect than I would've liked
(preserving the binder's onTransact flags until enforceInterface) but
was seemingly necessary to work without changing the AIDL compiler.
It should also be sufficiently cheap, since no new calls to
thread-local IPCThreadState lookups were required.  The additional
work is just same-thread getter/setters on the existing
IPCThreadState.

Change-Id: I4b6db1d445c56e868e6d0d7be3ba6849f4ef23ae
2010-08-31 13:16:49 -07:00
Brad Fitzpatrick
a877cd85b5 More StrictMode work, keeping Binder & BlockGuard's thread-locals in-sync.
Change-Id: Ia67cabcc17a73a0f15907ffea683d06bc41b90e5
2010-07-15 13:18:05 -07:00
Brad Fitzpatrick
702ea9d42f Start of work on passing around StrictMode policy over Binder calls.
This is (intendend to be) a no-op change.

At this stage, Binder RPCs just have an additional uint32 passed around
in the header, right before the interface name.  But nothing is actually
done with them yet.  That value should right now always be 0.

This now boots and seems to work.

Change-Id: I135b7c84f07575e6b9717fef2424d301a450df7b
2010-06-21 12:56:35 -07:00
Christopher Tate
440fd870b2 Ensure that binder incalls to the system process keep the fg cgroup
On binder incalls, the handler thread is given the caller's priority by the
driver, but not the caller's cgroup.  We have explicit code that sets the
handler's cgroup to match the caller's, *except* that the system process
explicitly disables this behavior.  This led to a siuation in which we were
running binder incalls to the system process at nice=10 but cgroup=fg.

That's fine as far as it goes, except that if a GC happened in the handler
thread, it would be promoted to foreground priority and cgroup both, to avoid
having the GC take forever.  Then, when GC finished, the original priority
is reset, and the cgroup set *based on that priority*.  This would push the
handler thread into nice=10 cgroup=bg_non_interactive -- which matches the
caller, but is supposed to be impossible in the system process.

The end result of this was that we could be running "lengthy" operations in
the system process in the background.  Unfortunately, some of the operations
that wound up like this would hold important global system locks for up to
twenty seconds as a result, making the entire device unresponsive to input
for that period.

This CL fixes the binder incall setup to ensure that within the system process,
a binder incall is always begun from the normal foreground priority as well
as cgroup.  In practice now the device still becomes laggy/sluggish when the
offending lock-holding time-consuming incall occurs, but since it still runs
as a foreground task it is able to proceed to completion within a short time
rather than taking 20 seconds.

Fixes bug #2403717

Change-Id: Id046aeabd0e80c48eef94accc37842835eab308d
2010-03-18 18:13:57 -07:00
Dianne Hackborn
8c6cedc9bc Propagate background scheduling class across processes.
This is a very simply implementation: upon receiving an IPC, if the handling
thread is at a background priority (the driver will have taken care of
propagating this from the calling thread), then stick it in to the background
scheduling group.  Plus an API to turn this off for the process, which is
used by the system process.

This also pulls some of the code for managing scheduling classes out of
the Process JNI wrappers and in to some convenience methods in thread.h.
2009-12-07 19:11:14 -08:00
Christopher Tate
07d69893e1 Reset binder service threads' cgroup/priority after command completion
To prevent buggy command implementations from poisoning binder threads'
scheduling class & priority for future command execution, we now reset the
cgroup and thread priority to foreground/normal when a binder service thread
finishes executing the designated command.

Change-Id: Ibc0ab2485751453f6dc96fdb4eb877fd02796e3f
2009-11-08 14:29:02 -08:00
Evan Millar
6dfe8f1ffa Revert jparks code from IPCThreadState. 2009-11-06 11:25:23 -08:00
Jason Parks
b5c4135333 When a thread is about to be put back onto the thread pool ensure that it is in the foreground cgroup. 2009-11-04 14:25:26 -08:00
Jason Parks
dcd3958c50 Add a warning when we leave threads in the binder thread pool in the background scheduling group. 2009-11-03 13:10:15 -08:00
Marco Nelissen
d43b194b69 Instead of using -1 for pid and uid in the simulator, and then having
to special-case the simulator case all over the framework, just use
getuid and getpid, and intercept those in the simulator wrapper.
2009-07-17 10:48:09 -07:00