1 /* Copyright 2008 The Android Open Source Project
13 #define MAX_BIO_SIZE (1 << 30)
17 #define LOG_TAG "Binder"
18 #include <cutils/log.h>
20 void bio_init_from_txn(struct binder_io *io, struct binder_txn *txn);
23 void hexdump(void *_data, unsigned len)
25 unsigned char *data = _data;
28 for (count = 0; count < len; count++) {
29 if ((count & 15) == 0)
30 fprintf(stderr,"%04x:", count);
31 fprintf(stderr," %02x %c", *data,
32 (*data < 32) || (*data > 126) ? '.' : *data);
34 if ((count & 15) == 15)
37 if ((count & 15) != 0)
41 void binder_dump_txn(struct binder_txn *txn)
43 struct binder_object *obj;
44 unsigned *offs = txn->offs;
45 unsigned count = txn->offs_size / 4;
47 fprintf(stderr," target %p cookie %p code %08x flags %08x\n",
48 txn->target, txn->cookie, txn->code, txn->flags);
49 fprintf(stderr," pid %8d uid %8d data %8d offs %8d\n",
50 txn->sender_pid, txn->sender_euid, txn->data_size, txn->offs_size);
51 hexdump(txn->data, txn->data_size);
53 obj = (void*) (((char*) txn->data) + *offs++);
54 fprintf(stderr," - type %08x flags %08x ptr %p cookie %p\n",
55 obj->type, obj->flags, obj->pointer, obj->cookie);
59 #define NAME(n) case n: return #n
60 const char *cmd_name(uint32_t cmd)
64 NAME(BR_TRANSACTION_COMPLETE);
71 NAME(BR_FAILED_REPLY);
74 default: return "???";
78 #define hexdump(a,b) do{} while (0)
79 #define binder_dump_txn(txn) do{} while (0)
82 #define BIO_F_SHARED 0x01 /* needs to be buffer freed */
83 #define BIO_F_OVERFLOW 0x02 /* ran out of space */
84 #define BIO_F_IOERROR 0x04
85 #define BIO_F_MALLOCED 0x08 /* needs to be free()'d */
94 struct binder_state *binder_open(unsigned mapsize)
96 struct binder_state *bs;
98 bs = malloc(sizeof(*bs));
104 bs->fd = open("/dev/binder", O_RDWR);
106 fprintf(stderr,"binder: cannot open device (%s)\n",
111 bs->mapsize = mapsize;
112 bs->mapped = mmap(NULL, mapsize, PROT_READ, MAP_PRIVATE, bs->fd, 0);
113 if (bs->mapped == MAP_FAILED) {
114 fprintf(stderr,"binder: cannot map device (%s)\n",
119 /* TODO: check version */
130 void binder_close(struct binder_state *bs)
132 munmap(bs->mapped, bs->mapsize);
137 int binder_become_context_manager(struct binder_state *bs)
139 return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0);
142 int binder_write(struct binder_state *bs, void *data, unsigned len)
144 struct binder_write_read bwr;
146 bwr.write_size = len;
147 bwr.write_consumed = 0;
148 bwr.write_buffer = (unsigned) data;
150 bwr.read_consumed = 0;
152 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
154 fprintf(stderr,"binder_write: ioctl failed (%s)\n",
160 void binder_send_reply(struct binder_state *bs,
161 struct binder_io *reply,
162 void *buffer_to_free,
169 struct binder_txn txn;
170 } __attribute__((packed)) data;
172 data.cmd_free = BC_FREE_BUFFER;
173 data.buffer = buffer_to_free;
174 data.cmd_reply = BC_REPLY;
179 data.txn.flags = TF_STATUS_CODE;
180 data.txn.data_size = sizeof(int);
181 data.txn.offs_size = 0;
182 data.txn.data = &status;
186 data.txn.data_size = reply->data - reply->data0;
187 data.txn.offs_size = ((char*) reply->offs) - ((char*) reply->offs0);
188 data.txn.data = reply->data0;
189 data.txn.offs = reply->offs0;
191 binder_write(bs, &data, sizeof(data));
194 int binder_parse(struct binder_state *bs, struct binder_io *bio,
195 uint32_t *ptr, uint32_t size, binder_handler func)
198 uint32_t *end = ptr + (size / 4);
201 uint32_t cmd = *ptr++;
203 fprintf(stderr,"%s:\n", cmd_name(cmd));
208 case BR_TRANSACTION_COMPLETE:
215 fprintf(stderr," %08x %08x\n", ptr[0], ptr[1]);
219 case BR_TRANSACTION: {
220 struct binder_txn *txn = (void *) ptr;
221 if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
222 LOGE("parse: txn too small!\n");
225 binder_dump_txn(txn);
227 unsigned rdata[256/4];
228 struct binder_io msg;
229 struct binder_io reply;
232 bio_init(&reply, rdata, sizeof(rdata), 4);
233 bio_init_from_txn(&msg, txn);
234 res = func(bs, txn, &msg, &reply);
235 binder_send_reply(bs, &reply, txn->data, res);
237 ptr += sizeof(*txn) / sizeof(uint32_t);
241 struct binder_txn *txn = (void*) ptr;
242 if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
243 LOGE("parse: reply too small!\n");
246 binder_dump_txn(txn);
248 bio_init_from_txn(bio, txn);
251 /* todo FREE BUFFER */
253 ptr += (sizeof(*txn) / sizeof(uint32_t));
257 case BR_DEAD_BINDER: {
258 struct binder_death *death = (void*) *ptr++;
259 death->func(bs, death->ptr);
262 case BR_FAILED_REPLY:
269 LOGE("parse: OOPS %d\n", cmd);
277 void binder_acquire(struct binder_state *bs, void *ptr)
281 cmd[1] = (uint32_t) ptr;
282 binder_write(bs, cmd, sizeof(cmd));
285 void binder_release(struct binder_state *bs, void *ptr)
289 cmd[1] = (uint32_t) ptr;
290 binder_write(bs, cmd, sizeof(cmd));
293 void binder_link_to_death(struct binder_state *bs, void *ptr, struct binder_death *death)
296 cmd[0] = BC_REQUEST_DEATH_NOTIFICATION;
297 cmd[1] = (uint32_t) ptr;
298 cmd[2] = (uint32_t) death;
299 binder_write(bs, cmd, sizeof(cmd));
303 int binder_call(struct binder_state *bs,
304 struct binder_io *msg, struct binder_io *reply,
305 void *target, uint32_t code)
308 struct binder_write_read bwr;
311 struct binder_txn txn;
313 unsigned readbuf[32];
315 if (msg->flags & BIO_F_OVERFLOW) {
316 fprintf(stderr,"binder: txn buffer overflow\n");
320 writebuf.cmd = BC_TRANSACTION;
321 writebuf.txn.target = target;
322 writebuf.txn.code = code;
323 writebuf.txn.flags = 0;
324 writebuf.txn.data_size = msg->data - msg->data0;
325 writebuf.txn.offs_size = ((char*) msg->offs) - ((char*) msg->offs0);
326 writebuf.txn.data = msg->data0;
327 writebuf.txn.offs = msg->offs0;
329 bwr.write_size = sizeof(writebuf);
330 bwr.write_consumed = 0;
331 bwr.write_buffer = (unsigned) &writebuf;
333 hexdump(msg->data0, msg->data - msg->data0);
335 bwr.read_size = sizeof(readbuf);
336 bwr.read_consumed = 0;
337 bwr.read_buffer = (unsigned) readbuf;
339 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
342 fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno));
346 res = binder_parse(bs, reply, readbuf, bwr.read_consumed, 0);
347 if (res == 0) return 0;
348 if (res < 0) goto fail;
352 memset(reply, 0, sizeof(*reply));
353 reply->flags |= BIO_F_IOERROR;
357 void binder_loop(struct binder_state *bs, binder_handler func)
360 struct binder_write_read bwr;
361 unsigned readbuf[32];
364 bwr.write_consumed = 0;
365 bwr.write_buffer = 0;
367 readbuf[0] = BC_ENTER_LOOPER;
368 binder_write(bs, readbuf, sizeof(unsigned));
371 bwr.read_size = sizeof(readbuf);
372 bwr.read_consumed = 0;
373 bwr.read_buffer = (unsigned) readbuf;
375 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
378 LOGE("binder_loop: ioctl failed (%s)\n", strerror(errno));
382 res = binder_parse(bs, 0, readbuf, bwr.read_consumed, func);
384 LOGE("binder_loop: unexpected reply?!\n");
388 LOGE("binder_loop: io error %d %s\n", res, strerror(errno));
394 void bio_init_from_txn(struct binder_io *bio, struct binder_txn *txn)
396 bio->data = bio->data0 = txn->data;
397 bio->offs = bio->offs0 = txn->offs;
398 bio->data_avail = txn->data_size;
399 bio->offs_avail = txn->offs_size / 4;
400 bio->flags = BIO_F_SHARED;
403 void bio_init(struct binder_io *bio, void *data,
404 uint32_t maxdata, uint32_t maxoffs)
406 uint32_t n = maxoffs * sizeof(uint32_t);
409 bio->flags = BIO_F_OVERFLOW;
415 bio->data = bio->data0 = data + n;
416 bio->offs = bio->offs0 = data;
417 bio->data_avail = maxdata - n;
418 bio->offs_avail = maxoffs;
422 static void *bio_alloc(struct binder_io *bio, uint32_t size)
424 size = (size + 3) & (~3);
425 if (size > bio->data_avail) {
426 bio->flags |= BIO_F_OVERFLOW;
429 void *ptr = bio->data;
431 bio->data_avail -= size;
436 void binder_done(struct binder_state *bs,
437 struct binder_io *msg,
438 struct binder_io *reply)
440 if (reply->flags & BIO_F_SHARED) {
442 cmd[0] = BC_FREE_BUFFER;
443 cmd[1] = (uint32_t) reply->data0;
444 binder_write(bs, cmd, sizeof(cmd));
449 static struct binder_object *bio_alloc_obj(struct binder_io *bio)
451 struct binder_object *obj;
453 obj = bio_alloc(bio, sizeof(*obj));
455 if (obj && bio->offs_avail) {
457 *bio->offs++ = ((char*) obj) - ((char*) bio->data0);
461 bio->flags |= BIO_F_OVERFLOW;
465 void bio_put_uint32(struct binder_io *bio, uint32_t n)
467 uint32_t *ptr = bio_alloc(bio, sizeof(n));
472 void bio_put_obj(struct binder_io *bio, void *ptr)
474 struct binder_object *obj;
476 obj = bio_alloc_obj(bio);
480 obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
481 obj->type = BINDER_TYPE_BINDER;
486 void bio_put_ref(struct binder_io *bio, void *ptr)
488 struct binder_object *obj;
491 obj = bio_alloc_obj(bio);
493 obj = bio_alloc(bio, sizeof(*obj));
498 obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
499 obj->type = BINDER_TYPE_HANDLE;
504 void bio_put_string16(struct binder_io *bio, const uint16_t *str)
510 bio_put_uint32(bio, 0xffffffff);
515 while (str[len]) len++;
517 if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
518 bio_put_uint32(bio, 0xffffffff);
522 bio_put_uint32(bio, len);
523 len = (len + 1) * sizeof(uint16_t);
524 ptr = bio_alloc(bio, len);
526 memcpy(ptr, str, len);
529 void bio_put_string16_x(struct binder_io *bio, const char *_str)
531 unsigned char *str = (unsigned char*) _str;
536 bio_put_uint32(bio, 0xffffffff);
542 if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
543 bio_put_uint32(bio, 0xffffffff);
547 bio_put_uint32(bio, len);
548 ptr = bio_alloc(bio, (len + 1) * sizeof(uint16_t));
557 static void *bio_get(struct binder_io *bio, uint32_t size)
559 size = (size + 3) & (~3);
561 if (bio->data_avail < size){
563 bio->flags |= BIO_F_OVERFLOW;
566 void *ptr = bio->data;
568 bio->data_avail -= size;
573 uint32_t bio_get_uint32(struct binder_io *bio)
575 uint32_t *ptr = bio_get(bio, sizeof(*ptr));
576 return ptr ? *ptr : 0;
579 uint16_t *bio_get_string16(struct binder_io *bio, unsigned *sz)
582 len = bio_get_uint32(bio);
585 return bio_get(bio, (len + 1) * sizeof(uint16_t));
588 static struct binder_object *_bio_get_obj(struct binder_io *bio)
591 unsigned off = bio->data - bio->data0;
593 /* TODO: be smarter about this? */
594 for (n = 0; n < bio->offs_avail; n++) {
595 if (bio->offs[n] == off)
596 return bio_get(bio, sizeof(struct binder_object));
600 bio->flags |= BIO_F_OVERFLOW;
604 void *bio_get_ref(struct binder_io *bio)
606 struct binder_object *obj;
608 obj = _bio_get_obj(bio);
612 if (obj->type == BINDER_TYPE_HANDLE)