libbinder: keep track of multiple connections in RpcServerTrusty
Correctly keep track of each individual RpcConnection made
to RpcServerTrusty and close the correct one on cleanup.
The code previously assumed that each session would only
have one connection, which is not necessarily the case
in practice with multi-threaded Android clients.
Bug: 224644083
Test: Trusty tests
Change-Id: I12d04de803e0c5df5c658cdbaf3dd0d45e10ef20
diff --git a/libs/binder/trusty/RpcServerTrusty.cpp b/libs/binder/trusty/RpcServerTrusty.cpp
index e8b91e7..c789614 100644
--- a/libs/binder/trusty/RpcServerTrusty.cpp
+++ b/libs/binder/trusty/RpcServerTrusty.cpp
@@ -104,8 +104,17 @@
return;
}
- /* Save the session for easy access */
- *ctx_p = session.get();
+ /* Save the session and connection for the other callbacks */
+ auto* channelContext = new (std::nothrow) ChannelContext;
+ if (channelContext == nullptr) {
+ rc = ERR_NO_MEMORY;
+ return;
+ }
+
+ channelContext->session = std::move(session);
+ channelContext->connection = std::move(result.connection);
+
+ *ctx_p = channelContext;
};
base::unique_fd clientFd(chan);
@@ -119,9 +128,14 @@
}
int RpcServerTrusty::handleMessage(const tipc_port* port, handle_t chan, void* ctx) {
- auto* session = reinterpret_cast<RpcSession*>(ctx);
- status_t status = session->state()->drainCommands(session->mConnections.mIncoming[0], session,
- RpcState::CommandType::ANY);
+ auto* channelContext = reinterpret_cast<ChannelContext*>(ctx);
+ LOG_ALWAYS_FATAL_IF(channelContext == nullptr,
+ "bad state: message received on uninitialized channel");
+
+ auto& session = channelContext->session;
+ auto& connection = channelContext->connection;
+ status_t status =
+ session->state()->drainCommands(connection, session, RpcState::CommandType::ANY);
if (status != OK) {
LOG_RPC_DETAIL("Binder connection thread closing w/ status %s",
statusToString(status).c_str());
@@ -133,10 +147,17 @@
void RpcServerTrusty::handleDisconnect(const tipc_port* port, handle_t chan, void* ctx) {}
void RpcServerTrusty::handleChannelCleanup(void* ctx) {
- auto* session = reinterpret_cast<RpcSession*>(ctx);
- auto& connection = session->mConnections.mIncoming.at(0);
+ auto* channelContext = reinterpret_cast<ChannelContext*>(ctx);
+ if (channelContext == nullptr) {
+ return;
+ }
+
+ auto& session = channelContext->session;
+ auto& connection = channelContext->connection;
LOG_ALWAYS_FATAL_IF(!session->removeIncomingConnection(connection),
"bad state: connection object guaranteed to be in list");
+
+ delete channelContext;
}
} // namespace android
diff --git a/libs/binder/trusty/include/binder/RpcServerTrusty.h b/libs/binder/trusty/include/binder/RpcServerTrusty.h
index e8fc9f9..cc31c95 100644
--- a/libs/binder/trusty/include/binder/RpcServerTrusty.h
+++ b/libs/binder/trusty/include/binder/RpcServerTrusty.h
@@ -77,6 +77,12 @@
explicit RpcServerTrusty(std::unique_ptr<RpcTransportCtx> ctx, std::string&& portName,
std::shared_ptr<const PortAcl>&& portAcl, size_t msgMaxSize);
+ // The Rpc-specific context maintained for every open TIPC channel.
+ struct ChannelContext {
+ sp<RpcSession> session;
+ sp<RpcSession::RpcConnection> connection;
+ };
+
static int handleConnect(const tipc_port* port, handle_t chan, const uuid* peer, void** ctx_p);
static int handleMessage(const tipc_port* port, handle_t chan, void* ctx);
static void handleDisconnect(const tipc_port* port, handle_t chan, void* ctx);