Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 6711b6d8aa2507a88202b9f47a4237a129d68c95^! / . / libs / binder / BpBinder.cpp
commit6711b6d8aa2507a88202b9f47a4237a129d68c95[log] [tgz]
authorMartijn Coenen <maco@google.com>Thu Sep 23 09:44:29 2021 +0200
committerMartijn Coenen <maco@google.com>Thu Sep 23 09:59:19 2021 +0200
tree68946c6f6594e61ca71c45e3943c1d1bbdda9f56
parentbc1cec092fd4426dd5651c4bb6b61cfea575f68e [diff] [blame]
Repeat proxy limit callback only when exceeding high threshold again.

This approach is a bit safer, in the following scenario:

- App A starts spamming system_server
- App A exceeds the high proxy threshold, limit callback is invoked
- system_server kills App A, but GC doesn't run for a while
- App A doesn't spam system_server, but still exceeds 1000 proxies
- App A gets killed again, because the limit callback is done after
only a 1000 new proxies accumulated.

Because the GC of the original 6500 proxies is out of the app's control,
it is more correct to only kill them again once they exceed the high
threshold again.

This does increase the chance we hit the global limit, which is set at
20000 proxies. This is because the high threshold is currently set at
6500 proxies, meaning any app can hold 13000 proxies before we know for
sure a GC will clean at least half of them up. So this change should be
accompanied with a slight increase of the global limit.

Bug: 198340142
Test: N/A
Change-Id: Ifc69b02f77f98eca79afb1ad7a2f1a0f741d4509

diff --git a/libs/binder/BpBinder.cpp b/libs/binder/BpBinder.cpp
index 92df874..06542f0 100644
--- a/libs/binder/BpBinder.cpp
+++ b/libs/binder/BpBinder.cpp

@@ -48,10 +48,6 @@
 // Another arbitrary value a binder count needs to drop below before another callback will be called
 uint32_t BpBinder::sBinderProxyCountLowWatermark = 2000;
 
-// Once the limit has been exceeded, keep calling the limit callback for every this many new proxies
-// created over the limit.
-constexpr uint32_t REPEAT_LIMIT_CALLBACK_INTERVAL = 1000;
-
 enum {
     LIMIT_REACHED_MASK = 0x80000000,        // A flag denoting that the limit has been reached
     COUNTING_VALUE_MASK = 0x7FFFFFFF,       // A mask of the remaining bits for the count value
@@ -129,7 +125,7 @@
             uint32_t lastLimitCallbackAt = sLastLimitCallbackMap[trackedUid];
 
             if (trackedValue > lastLimitCallbackAt &&
-                (trackedValue - lastLimitCallbackAt > REPEAT_LIMIT_CALLBACK_INTERVAL)) {
+                (trackedValue - lastLimitCallbackAt > sBinderProxyCountHighWatermark)) {
                 ALOGE("Still too many binder proxy objects sent to uid %d from uid %d (%d proxies "
                       "held)",
                       getuid(), trackedUid, trackedValue);