Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 9d45ccc0578570f90d5b2b73ada42c5bfd1c993a^! / . / libs / binder / ProcessState.cpp
commit9d45ccc0578570f90d5b2b73ada42c5bfd1c993a[log] [tgz]
authorColin Cross <ccross@android.com>Tue Jun 20 17:48:33 2017 -0700
committerColin Cross <ccross@android.com>Thu Jul 13 15:11:39 2017 +0000
tree854e480ed599f4b02a905468dbcd29607fe577eb
parentb765fc92bb29986f962fb2f83f948a5906c36be0 [diff] [blame]
Add getBinderKernelReferences

Add a wrapper for the new BINDER_GET_NODE_DEBUG_INFO ioctl for use by
libmemunreachable.

Test: memunreachable_binder_test
Bug: 28275695
Change-Id: Ic112584fa05071bd336974b3a18869077a69389b
Merged-In: Ic112584fa05071bd336974b3a18869077a69389b
(cherry picked from commit b869cc94704d1a3d6226f471984eb33ff1bac7d5)

diff --git a/libs/binder/ProcessState.cpp b/libs/binder/ProcessState.cpp
index add5e74..11dd525 100644
--- a/libs/binder/ProcessState.cpp
+++ b/libs/binder/ProcessState.cpp

@@ -90,6 +90,12 @@
     return gProcess;
 }
 
+sp<ProcessState> ProcessState::selfOrNull()
+{
+    Mutex::Autolock _l(gProcessMutex);
+    return gProcess;
+}
+
 void ProcessState::setContextObject(const sp<IBinder>& object)
 {
     setContextObject(object, String16("default"));
@@ -176,6 +182,46 @@
     return mManagesContexts;
 }
 
+// Get references to userspace objects held by the kernel binder driver
+// Writes up to count elements into buf, and returns the total number
+// of references the kernel has, which may be larger than count.
+// buf may be NULL if count is 0.  The pointers returned by this method
+// should only be used for debugging and not dereferenced, they may
+// already be invalid.
+ssize_t ProcessState::getKernelReferences(size_t buf_count, uintptr_t* buf)
+{
+    // TODO: remove these when they are defined by bionic's binder.h
+    struct binder_node_debug_info {
+        binder_uintptr_t ptr;
+        binder_uintptr_t cookie;
+        __u32 has_strong_ref;
+        __u32 has_weak_ref;
+    };
+#define BINDER_GET_NODE_DEBUG_INFO _IOWR('b', 11, struct binder_node_debug_info)
+
+    binder_node_debug_info info = {};
+
+    uintptr_t* end = buf ? buf + buf_count : NULL;
+    size_t count = 0;
+
+    do {
+        status_t result = ioctl(mDriverFD, BINDER_GET_NODE_DEBUG_INFO, &info);
+        if (result < 0) {
+            return -1;
+        }
+        if (info.ptr != 0) {
+            if (buf && buf < end)
+                *buf++ = info.ptr;
+            count++;
+            if (buf && buf < end)
+                *buf++ = info.cookie;
+            count++;
+        }
+    } while (info.ptr != 0);
+
+    return count;
+}
+
 ProcessState::handle_entry* ProcessState::lookupHandleLocked(int32_t handle)
 {
     const size_t N=mHandleToObject.size();