svcmgr: don't send reply to one-way txn.
svcmgr currently assumes that all incoming transactions are synchronous
and expecting a reply. Change the BR_TRANSACTION handling code to not
send a reply to one-way transactions.
Bug: 27111612
Change-Id: If2e56d3eb53b41d059dbe7d5d10e764343c0262c
diff --git a/cmds/servicemanager/binder.c b/cmds/servicemanager/binder.c
index 9e99085..01218c9 100644
--- a/cmds/servicemanager/binder.c
+++ b/cmds/servicemanager/binder.c
@@ -167,20 +167,27 @@
return res;
}
-void binder_send_reply(struct binder_state *bs,
- struct binder_io *reply,
- binder_uintptr_t buffer_to_free,
- int status)
+void binder_free_buffer(struct binder_state *bs,
+ binder_uintptr_t buffer_to_free)
{
struct {
uint32_t cmd_free;
binder_uintptr_t buffer;
+ } __attribute__((packed)) data;
+ data.cmd_free = BC_FREE_BUFFER;
+ data.buffer = buffer_to_free;
+ binder_write(bs, &data, sizeof(data));
+}
+
+void binder_send_reply(struct binder_state *bs,
+ struct binder_io *reply,
+ int status)
+{
+ struct {
uint32_t cmd_reply;
struct binder_transaction_data txn;
} __attribute__((packed)) data;
- data.cmd_free = BC_FREE_BUFFER;
- data.buffer = buffer_to_free;
data.cmd_reply = BC_REPLY;
data.txn.target.ptr = 0;
data.txn.cookie = 0;
@@ -243,7 +250,9 @@
bio_init(&reply, rdata, sizeof(rdata), 4);
bio_init_from_txn(&msg, txn);
res = func(bs, txn, &msg, &reply);
- binder_send_reply(bs, &reply, txn->data.ptr.buffer, res);
+ binder_free_buffer(bs, txn->data.ptr.buffer);
+ if ((txn->flags & TF_ONE_WAY) == 0)
+ binder_send_reply(bs, &reply, res);
}
ptr += sizeof(*txn);
break;