| Age | Commit message (Collapse) | Author |
|---|
|
Although we can pass arbitrary pointers to setup preconnected clients,
the lifetime isn't clear and it's very easy to make UAF bugs.
To prevent UAF, an additional function can be passed to delete param
when param is no longer required, effectively transferring the ownership
of param to RPC session.
Bug: 398890208
Test: atest MicrodroidTests
Change-Id: I1a1c149a56876f56fba81b89cdc90ee372d2d7fe
|
|
'-status' for status=UNKNOWN_ERROR is UB, since that is
min integer. To avoid this, use the better function
which will also avoid this area. Only the cases that
matter are cleaned up.
Fixes: 354371732
Test: build
Change-Id: I0a71cd2c04680221191c7d926a64bda08012951f
|
|
This allows libbinder to set up client connections to binder RPC
services underneath the libbinder service manager APIs.
It requires callbacks to be added to the local process to get connection
information that the client is responsible for obtaining.
Once these callbacks are added to libbinder, any client elswhere in the
process using the service manager APIs will be able to get and use a
binder for the service in the same way they do for kernel binder
services.
Test: atest binderRpcTest vm_accessor_test
Bug: 358427181
Change-Id: Iec27d30a669e0673bd66c99fded1edc335f7dff1
|
|
for the IAccessor flow.
Bug: 338541373
Test: atest vm_accessor_test
Change-Id: I59a2847040857805a1e6c12027271deaf509fd09
|
|
This cl sets up preconnected RPC binder for services launched with
IAccessor as a proxy.
Bug: 338541373
Test: m
Test: atest vm_accessor_test
Change-Id: Ic54732980778bc9ba8fec3395a0e98d336fea440
|
|
Test: mma
Bug: 302723053
Change-Id: I52f14cadb027b3f854946d5315dce3d23aa21b19
|
|
Test: mma
Bug: 302723053
Change-Id: I744bdfe735624ad9f95a7d448919e7bd2e430098
|
|
25c1a3b8543dd1756308424dd65030f90bb7a99f
Test: m
Bug: 302723053
Change-Id: Id9355c10d78d0c55afb49f512b78bb0923fbc4f7
|
|
Test: mma
Bug: 302723053
Change-Id: Iea797d6af825d58543ba899f6e712b27e48d859a
|
|
Test: mma
Bug: 302723053
Change-Id: Ie7c13c324311f600d72bc8ecc4157ad6c46259a0
|
|
Bug: 302723053
Test: mma
Change-Id: Id68a10a491e3db7f27ea2cbf843078544bb0ab85
|
|
Revert submission 2780893
Reason for revert: breaking boot tests
Bug: 308214260
Reverted changes: /q/submissionid:2780893
Change-Id: I7a4ee9a45583a8a1d4a33447de55c63e6ce9d42a
|
|
Bug: 302723053
Test: mma
Change-Id: I27226885b8b5e771d675ba2d83d0a2e14551d13e
|
|
into main
|
|
Bug: 302723053
Test: mma in binder folder
Test: aosp/2616196
Change-Id: I73df8fc453df0edf496960853cb0004f1c3a6a43
|
|
Bug: 302723053
Test: mma
Change-Id: I5c7a71a91b7dc95bfa0cd653eabe554bdd3f7812
|
|
Return an error if you set an invalid protocol
version on an RpcServer.
Previously, this would cause errors later down
the line.
Bug: 278946301
Test: binderRpcTest
Change-Id: Id496f1d39b2a32ce775e585f7690ae59503dc3aa
|
|
|
|
For some reason, I thought we did this - I thought it was
incidental to some other API we used. RPC Binder is an RPC
system, AND ONE WITH SYNCHRONOUS CALLS! It should not hold
these packets.
Bug: 271860373
Test: run inet cases before/after:
binderRpcTest --gtest_filter="*PerSocket/BinderRpc.RepeatBinderNull/inet_socket_tls_clientV0_serverV4026531840_single_threaded_no_kernel*"
before: 0m26.845s
after: 0m12.271s
Change-Id: Ib257b53cd2e4ca19041cdb5fd985be346e3fac5e
|
|
Fixes: 270374393
Test: N/A
Change-Id: I026a8bb44b6e4f2863fb1971a38b8d67db36cfd8
|
|
This API is updated to emphasize that it is placing a limit
on the number of connections that will be started corresponding
to threads in a remote pool. These connections won't actually
correspond to threads in the process that this API is called.
Documentation has also been updated to clarify a few questions
from an internal discussion forum.
Fixes: 270374393
Test: binderRpcTest
Change-Id: Ia0d9f0d0f42f58a2c63bf506476b33985f091a34
|
|
|
|
Bug: N/A
Change-Id: I074cefd859f1967a662bdda71f285a60a4bc3cad
Test: N/A
|
|
Instead, add extern C definition in the RpcSession.cpp directly
Bug: 254459965
Test: m libbinder
Change-Id: I093f0952f12d575b4a517314c5dadef5b7125a62
|
|
RpcSession incoming threads continued to hold an RpcSession
instance after they set the shutdown condition (removing the
associated 1:1 thread connection object from RpcSession's
mConnections object). Since the shutdown condition must
include cleaning up RpcSession, we cannot delay or remove
clearing the associated connections. Instead, a new explicit
shutdown condition is added, which does not restrict the
manipulation of the session object.
Interestingly, this issue was blocking several changes on-and-off
for a few weeks. Though, test hub doesn't show it failing at all. I
couldn't reproduce it locally even with 5 days (24hr/day) and
one of these failing tests running in a tight loop, with builds
running in the background (devinmoore@ reported a local failure
with a build running). I submitted several changes to debug this,
and one of them (that dumped backtraces), should have caught it,
except the race is just too rare.
When we have this situation: a retrospectively benign problem causing
a big failure, the obvious question to ask is, is the test too
brittle? No! If this is the sensitivity at which it finds a bug, we
can hardly imagine an error going unnoticed here. Only if this
situation repeated several times or some of these issues became too
plenty to maintain would I think that we needed to "tone down the
tests".
Finally, how did this get fixed: dump every incStrong backtrace in
RpcSession and investigate all the code that is responsible for
maintaining those sp<>s. Wheeee :)
Bug: 244325464
Test: binderRpcTest
Change-Id: I76ac8f21900d6ce095a1acfb246ca7acf1591e0b
|
|
Add support for running RpcBinder over unnamed Unix domain sockets
created by socketpair(). This is useful e.g. between parent/child
processes.
The implementation uses the initial socket pair only to create more
socket pairs for individual connections. This creates a natural mapping
to syscalls used on sockets bound to an address:
socket() socketpair()
bind() n/a (preconnected)
connect() sendmsg()
listen() recvmsg()
Bug: 250685929
Test: atest binderRpcTest
Change-Id: Id4ff3946ddcfefe3592eb1149c61582f7369aa29
|
|
Introducing new APIs in RpcServer and RpcSession to check
polling state of file descriptor. Removing fixed wait time
in binder_rpc_fuzzer.
Test: m binder_rpc_fuzzer &&
$ANDROID_HOST_OUT/fuzz/x86_64/binder_rpc_fuzzer/binder_rpc_fuzzer
Bug: 218518615
Change-Id: Ied82cd9c16514761a489731488924274a17053a6
|
|
Test: m
Test: m libbinder binderRpcTest
Bug: 218518615
Change-Id: I822bdb751f68c83e1b10c5fd16c9d8439646b771
|
|
|
|
Adding a new struct TransportFd which will contain unique_fd and
polling state of file descriptor. This will be useful in detecting
if all the descriptors are being polled. unique_fd and borrowed_fd
are replaced in these changes.
Test: m
Test: m libbinder binderRpcTest && atest binderRpcTest
Test: trusty/vendor/google/aosp/scripts/build.py --test
"boot-test:com.android.trusty.binder.test" qemu-generic-arm64-test-debug
Bug: 218518615
Change-Id: Id108806b98184582e5d93186b3b1884017c441ea
|
|
Add a new OS-specific function that creates a new
instance of the default RpcTransportCtxFactory.
This is needed because Android and Trusty have
different default transports: RpcTransportRaw and
RpcTransportTipcTrusty, respectively.
Bug: 230135749
Test: presubmit
Change-Id: I4abd443fe9a08c1fa0cc41dfca7ef1cdb69fe0fb
|
|
Clear the mStartedSetup flag in case of error return from
RpcSession::setupClient and its callees so that the setup
can be retried and/or the RpcSession reused.
Bug: 242473043
Test: m
Change-Id: I4fa99ab9eb136756ee7344c73f2b3f57a7412e3f
|
|
Additional outgoing threads in a single-threaded client do not
actually require more threads, so they should be safe to enable.
We check the number of incoming threads per RpcSession instead,
since those create actual OS threads.
Prevents a TOCTTOU issue between calls to setup*Client() and
setMaxIncomingThreads() by adding a new mStartedSetup variable
that is set early during setupClient, and any calls to RpcSession
setters are fatal failures after that point.
Bug: 224644083
Test: atest binderRpcTest*
Change-Id: Id0ce2cda63e781ecfba86180f3c523be9044d408
|
|
This requires an incoming thread to be listening to the connection in
order to be notified.
Test: atest binderRpcTest
Test: atest binderRpcTestSingleThreaded
Bug: 182939380
Change-Id: I3746de6e8cff99bb267867c5dc60a6815b19fb92
|
|
Separate the OS-specific functions setNonBlocking and
getRandomBytes from Utils.cpp into a separate OS-specific
OS.cpp file that other operating systems can override at
build time.
Bug: 224644083
Test: build Trusty
Change-Id: I2703fb81d4370b5f6264556ae57fdddb0573971a
|
|
Trusty does not support threading. This adds a build option
to disable mutexes and other threading code from RpcState,
RpcSession, and RpcServer.
Bug: 224644083
Test: build Trusty
Change-Id: Iaa78caca1ddee45be7c2def2755598decc0d4d15
|
|
Bug: 185909244
Test: TH
Change-Id: Ic4fc1b1edfe9d69984e785553cd1aaca97a07da3
|
|
Fixes a hanging wait in RpcSession by notifying the condition
variable for available connections immediately after adding a
new outgoing connection.
Bug: 224644083
Test: atest binderRpcTest
Change-Id: I27c81127482859342cb789eaac087f55ae5c16d9
|
|
RpcServer previously created new RpcSession instances
using the default transport. There is currently no code
in RpcSession that uses that transport for server sessions,
so this patch initializes the transport to nullptr instead.
Bug: 224644083
Test: atest binderRpcTest
Change-Id: Ie9fa8c9c758821614fb161b360a9935955e7e62b
|
|
This removes an allocation from the binder RPC calls.
Test: atest binderAllocationLimits
Bug: 230625474
Change-Id: I70ebb4e320323149c3c66809f1077cbf332c07ef
|
|
Bug: 224644083
Test: m
Change-Id: Ibfa0535fa09af569f55aa1e6b8d5ff6adb720eb3
|
|
RpcSession uses gettid() to identify the current thread
which is less portable than GetThreadId().
Test: atest binderRpcTest
Bug: 224644083
Change-Id: I0d6020ef41af85c20bb58b89598812f2e790a38b
|
|
Binder RPC code uses the TEMP_FAILURE_RETRY macro which
is defined by the C library on Linux but not on other
operating systems. The utils/Compat.h header defines that
macro if not available. This change includes that header
into RPC code.
Test: m
Bug: 224644083
Change-Id: I2637e5260e258f3b2dfeb99e8ea7187c079550f7
|
|
If you requested N connections, you'd get N connection objects using the
same socket. Also, some error cases would leak sockets.
Test: CLANG_ANALYZER_CHECKS=1 m tidy-frameworks-native-libs-binder
Change-Id: I46528f952fdfc88d4e49b93499dbfbb39117b069
|
|
This log used the old 'client' 'server' terminology which in this
context was disambiguated to 'incoming' and 'outcoming' threads,
and it also now says what to do when threads are exhausted.
Note: as you can see from this log, RpcServer still needs a way
to limit the number of outgoing connections that it will create.
Fixes: 220177986
Test: binderRpcTest
Change-Id: Ib4c6bf654acd4a33d054d134ed578b40a976c314
|
|
Use std::map instead of KeyedVector (deprecated) in order to avoid
unnecessary (and implicit) initialization of the value type. KeyedVector
does it even when only the key is neeed (e.g. indexOfKey). std::map
doesn't have such a problem.
Bug: 222775179
Test: unset WITH_TIDY; CLANG_ANALYZER_CHECKS=1 make -k
tidy-frameworks-native-libs-binder
Change-Id: I548fc96a34bac9c7135e206983150948dbca57d4
|
|
Switch RpcTransportRaw to use sendmsg() and recvmsg() over
iovecs to send data from multiple buffers to avoid having
to copy all data into a single large buffer.
Bug: 202878542
Test: atest binderRpcTest
Change-Id: I8ba7fa815040555503160ae41888a0b0efe9e5d2
|
|
|
|
There's no Android Runtime in recovery anyways.
Test: builds
Change-Id: Iff202493241932ceb92988580150d6338058bc94
|
|
Another forgotten error.
Bug: 167966510
Test: binderRpcTest
Change-Id: I48adcf428c8ce68fdc5b49d7a0314d043e78e76d
|