Merge changes from topic "libbinder-rpc-perf-poll"
* changes:
libbinder: RPC handle builtup refcounts
libbinder: RPC avoid poll
libbinder: RPC simpl transactAddressInternal
diff --git a/libs/binder/BpBinder.cpp b/libs/binder/BpBinder.cpp
index 92df874..06542f0 100644
--- a/libs/binder/BpBinder.cpp
+++ b/libs/binder/BpBinder.cpp
@@ -48,10 +48,6 @@
// Another arbitrary value a binder count needs to drop below before another callback will be called
uint32_t BpBinder::sBinderProxyCountLowWatermark = 2000;
-// Once the limit has been exceeded, keep calling the limit callback for every this many new proxies
-// created over the limit.
-constexpr uint32_t REPEAT_LIMIT_CALLBACK_INTERVAL = 1000;
-
enum {
LIMIT_REACHED_MASK = 0x80000000, // A flag denoting that the limit has been reached
COUNTING_VALUE_MASK = 0x7FFFFFFF, // A mask of the remaining bits for the count value
@@ -129,7 +125,7 @@
uint32_t lastLimitCallbackAt = sLastLimitCallbackMap[trackedUid];
if (trackedValue > lastLimitCallbackAt &&
- (trackedValue - lastLimitCallbackAt > REPEAT_LIMIT_CALLBACK_INTERVAL)) {
+ (trackedValue - lastLimitCallbackAt > sBinderProxyCountHighWatermark)) {
ALOGE("Still too many binder proxy objects sent to uid %d from uid %d (%d proxies "
"held)",
getuid(), trackedUid, trackedValue);
diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp
index cf95fda..ba2920e 100644
--- a/libs/binder/RpcServer.cpp
+++ b/libs/binder/RpcServer.cpp
@@ -205,8 +205,11 @@
}
mShutdownTrigger->trigger();
+
for (auto& [id, session] : mSessions) {
(void)id;
+ // server lock is a more general lock
+ std::lock_guard<std::mutex> _lSession(session->mMutex);
session->mShutdownTrigger->trigger();
}
diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index a3079fe..86cc91c 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp
@@ -451,12 +451,16 @@
const sp<IBinder>& binder, uint32_t code, const Parcel& data,
const sp<RpcSession>& session, Parcel* reply, uint32_t flags) {
if (!data.isForRpc()) {
- ALOGE("Refusing to send RPC with parcel not crafted for RPC");
+ ALOGE("Refusing to send RPC with parcel not crafted for RPC call on binder %p code "
+ "%" PRIu32,
+ binder.get(), code);
return BAD_TYPE;
}
if (data.objectsCount() != 0) {
- ALOGE("Parcel at %p has attached objects but is being used in an RPC call", &data);
+ ALOGE("Parcel at %p has attached objects but is being used in an RPC call on binder %p "
+ "code %" PRIu32,
+ &data, binder.get(), code);
return BAD_TYPE;
}
diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp
index 71c0e86..680f0ed 100644
--- a/libs/binder/tests/Android.bp
+++ b/libs/binder/tests/Android.bp
@@ -134,6 +134,37 @@
},
}
+cc_library_static {
+ name: "libbinder_tls_test_utils",
+ host_supported: true,
+ target: {
+ darwin: {
+ enabled: false,
+ },
+ },
+ defaults: [
+ "binder_test_defaults",
+ "libbinder_tls_shared_deps",
+ ],
+ shared_libs: [
+ "libbinder",
+ "libbase",
+ "liblog",
+ ],
+ static_libs: [
+ "libbinder_tls_static",
+ ],
+ srcs: [
+ "RpcTlsTestUtils.cpp",
+ ],
+ export_include_dirs: [
+ "include_tls_test_utils",
+ ],
+ visibility: [
+ ":__subpackages__",
+ ],
+}
+
cc_test {
name: "binderRpcTest",
host_supported: true,
@@ -153,8 +184,6 @@
srcs: [
"binderRpcTest.cpp",
- "RpcAuthTesting.cpp",
- "RpcCertificateVerifierSimple.cpp",
],
shared_libs: [
"libbinder",
@@ -166,6 +195,7 @@
],
static_libs: [
"libbinder_tls_static",
+ "libbinder_tls_test_utils",
"binderRpcTestIface-cpp",
"binderRpcTestIface-ndk",
],
@@ -189,7 +219,6 @@
"libbinder_tls_shared_deps",
],
srcs: [
- "RpcAuthTesting.cpp",
"RpcTlsUtilsTest.cpp",
],
shared_libs: [
@@ -199,6 +228,7 @@
"liblog",
],
static_libs: [
+ "libbinder_tls_test_utils",
"libbinder_tls_static",
],
test_suites: ["general-tests", "device-tests"],
@@ -219,7 +249,6 @@
srcs: [
"binderRpcBenchmark.cpp",
"IBinderRpcBenchmark.aidl",
- "RpcAuthTesting.cpp",
],
shared_libs: [
"libbase",
@@ -228,6 +257,7 @@
"libutils",
],
static_libs: [
+ "libbinder_tls_test_utils",
"libbinder_tls_static",
],
}
diff --git a/libs/binder/tests/RpcAuthTesting.h b/libs/binder/tests/RpcAuthTesting.h
deleted file mode 100644
index c3c2df4..0000000
--- a/libs/binder/tests/RpcAuthTesting.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <binder/RpcAuth.h>
-
-namespace android {
-
-constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days
-bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert();
-bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds);
-
-// An implementation of RpcAuth that generates a key pair and a self-signed
-// certificate every time configure() is called.
-class RpcAuthSelfSigned : public RpcAuth {
-public:
- RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {}
- status_t configure(SSL_CTX* ctx) override;
-
-private:
- const uint32_t mValidSeconds;
-};
-
-class RpcAuthPreSigned : public RpcAuth {
-public:
- RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert)
- : mPkey(std::move(pkey)), mCert(std::move(cert)) {}
- status_t configure(SSL_CTX* ctx) override;
-
-private:
- bssl::UniquePtr<EVP_PKEY> mPkey;
- bssl::UniquePtr<X509> mCert;
-};
-
-} // namespace android
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.cpp b/libs/binder/tests/RpcCertificateVerifierSimple.cpp
deleted file mode 100644
index 1f74adc..0000000
--- a/libs/binder/tests/RpcCertificateVerifierSimple.cpp
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define LOG_TAG "RpcCertificateVerifierSimple"
-#include <log/log.h>
-
-#include <binder/RpcTlsUtils.h>
-
-#include "RpcCertificateVerifierSimple.h"
-
-namespace android {
-
-status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) {
- const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client";
- bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue
- LOG_ALWAYS_FATAL_IF(peerCert == nullptr,
- "%s: libssl should not ask to verify non-existing cert", logPrefix);
-
- std::lock_guard<std::mutex> lock(mMutex);
- for (const auto& trustedCert : mTrustedPeerCertificates) {
- if (0 == X509_cmp(trustedCert.get(), peerCert.get())) {
- return OK;
- }
- }
- *outAlert = SSL_AD_CERTIFICATE_UNKNOWN;
- return PERMISSION_DENIED;
-}
-
-status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format,
- const std::vector<uint8_t>& cert) {
- bssl::UniquePtr<X509> x509 = deserializeCertificate(cert, format);
- if (x509 == nullptr) {
- ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str());
- return BAD_VALUE;
- }
- std::lock_guard<std::mutex> lock(mMutex);
- mTrustedPeerCertificates.push_back(std::move(x509));
- return OK;
-}
-
-} // namespace android
diff --git a/libs/binder/tests/RpcAuthTesting.cpp b/libs/binder/tests/RpcTlsTestUtils.cpp
similarity index 72%
rename from libs/binder/tests/RpcAuthTesting.cpp
rename to libs/binder/tests/RpcTlsTestUtils.cpp
index c0587a2..6119313 100644
--- a/libs/binder/tests/RpcAuthTesting.cpp
+++ b/libs/binder/tests/RpcTlsTestUtils.cpp
@@ -13,7 +13,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include "RpcAuthTesting.h"
+
+#define LOG_TAG "RpcTlsTestUtils"
+#include <log/log.h>
+
+#include <binder/RpcTlsTestUtils.h>
+
+#include <binder/RpcTlsUtils.h>
+
#include "../Utils.h" // for TEST_AND_RETURN
namespace android {
@@ -80,4 +87,32 @@
return OK;
}
+status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) {
+ const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client";
+ bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue
+ LOG_ALWAYS_FATAL_IF(peerCert == nullptr,
+ "%s: libssl should not ask to verify non-existing cert", logPrefix);
+
+ std::lock_guard<std::mutex> lock(mMutex);
+ for (const auto& trustedCert : mTrustedPeerCertificates) {
+ if (0 == X509_cmp(trustedCert.get(), peerCert.get())) {
+ return OK;
+ }
+ }
+ *outAlert = SSL_AD_CERTIFICATE_UNKNOWN;
+ return PERMISSION_DENIED;
+}
+
+status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format,
+ const std::vector<uint8_t>& cert) {
+ bssl::UniquePtr<X509> x509 = deserializeCertificate(cert, format);
+ if (x509 == nullptr) {
+ ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str());
+ return BAD_VALUE;
+ }
+ std::lock_guard<std::mutex> lock(mMutex);
+ mTrustedPeerCertificates.push_back(std::move(x509));
+ return OK;
+}
+
} // namespace android
diff --git a/libs/binder/tests/RpcTlsUtilsTest.cpp b/libs/binder/tests/RpcTlsUtilsTest.cpp
index 9b3078d..530606c 100644
--- a/libs/binder/tests/RpcTlsUtilsTest.cpp
+++ b/libs/binder/tests/RpcTlsUtilsTest.cpp
@@ -14,11 +14,10 @@
* limitations under the License.
*/
+#include <binder/RpcTlsTestUtils.h>
#include <binder/RpcTlsUtils.h>
#include <gtest/gtest.h>
-#include "RpcAuthTesting.h"
-
namespace android {
std::string toDebugString(EVP_PKEY* pkey) {
diff --git a/libs/binder/tests/binderRpcBenchmark.cpp b/libs/binder/tests/binderRpcBenchmark.cpp
index 0477d50..6bf6e92 100644
--- a/libs/binder/tests/binderRpcBenchmark.cpp
+++ b/libs/binder/tests/binderRpcBenchmark.cpp
@@ -25,6 +25,7 @@
#include <binder/RpcCertificateVerifier.h>
#include <binder/RpcServer.h>
#include <binder/RpcSession.h>
+#include <binder/RpcTlsTestUtils.h>
#include <binder/RpcTlsUtils.h>
#include <binder/RpcTransportRaw.h>
#include <binder/RpcTransportTls.h>
@@ -37,8 +38,6 @@
#include <sys/types.h>
#include <unistd.h>
-#include "RpcAuthTesting.h"
-
using android::BBinder;
using android::defaultServiceManager;
using android::IBinder;
@@ -50,6 +49,7 @@
using android::RpcAuthPreSigned;
using android::RpcCertificateFormat;
using android::RpcCertificateVerifier;
+using android::RpcCertificateVerifierNoOp;
using android::RpcServer;
using android::RpcSession;
using android::RpcTransportCtxFactory;
@@ -90,13 +90,6 @@
Transport::RPC_TLS,
};
-// Certificate validation happens during handshake and does not affect the result of benchmarks.
-// Skip certificate validation to simplify the setup process.
-class RpcCertificateVerifierNoOp : public RpcCertificateVerifier {
-public:
- status_t verify(const SSL*, uint8_t*) override { return OK; }
-};
-
std::unique_ptr<RpcTransportCtxFactory> makeFactoryTls() {
auto pkey = android::makeKeyPairForSelfSignedCert();
CHECK_NE(pkey.get(), nullptr);
@@ -109,6 +102,8 @@
}
static sp<RpcSession> gSession = RpcSession::make();
+// Certificate validation happens during handshake and does not affect the result of benchmarks.
+// Skip certificate validation to simplify the setup process.
static sp<RpcSession> gSessionTls = RpcSession::make(makeFactoryTls());
#ifdef __BIONIC__
static const String16 kKernelBinderInstance = String16(u"binderRpcBenchmark-control");
diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp
index ed477d6..a1058bc 100644
--- a/libs/binder/tests/binderRpcTest.cpp
+++ b/libs/binder/tests/binderRpcTest.cpp
@@ -31,6 +31,7 @@
#include <binder/ProcessState.h>
#include <binder/RpcServer.h>
#include <binder/RpcSession.h>
+#include <binder/RpcTlsTestUtils.h>
#include <binder/RpcTlsUtils.h>
#include <binder/RpcTransport.h>
#include <binder/RpcTransportRaw.h>
@@ -51,8 +52,6 @@
#include "../RpcSocketAddress.h" // for testing preconnected clients
#include "../RpcState.h" // for debugging
#include "../vm_sockets.h" // for VMADDR_*
-#include "RpcAuthTesting.h"
-#include "RpcCertificateVerifierSimple.h"
using namespace std::chrono_literals;
using namespace std::placeholders;
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.h b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h
similarity index 60%
rename from libs/binder/tests/RpcCertificateVerifierSimple.h
rename to libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h
index bdb2426..cbf11bf 100644
--- a/libs/binder/tests/RpcCertificateVerifierSimple.h
+++ b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h
@@ -16,17 +16,44 @@
#pragma once
+#include <memory>
#include <mutex>
-#include <string_view>
-#include <vector>
-#include <openssl/ssl.h>
-
+#include <binder/RpcAuth.h>
#include <binder/RpcCertificateFormat.h>
#include <binder/RpcCertificateVerifier.h>
+#include <binder/RpcTransport.h>
+#include <openssl/ssl.h>
+#include <utils/Errors.h>
namespace android {
+constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days
+bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert();
+bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds);
+
+// An implementation of RpcAuth that generates a key pair and a self-signed
+// certificate every time configure() is called.
+class RpcAuthSelfSigned : public RpcAuth {
+public:
+ RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {}
+ status_t configure(SSL_CTX* ctx) override;
+
+private:
+ const uint32_t mValidSeconds;
+};
+
+class RpcAuthPreSigned : public RpcAuth {
+public:
+ RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert)
+ : mPkey(std::move(pkey)), mCert(std::move(cert)) {}
+ status_t configure(SSL_CTX* ctx) override;
+
+private:
+ bssl::UniquePtr<EVP_PKEY> mPkey;
+ bssl::UniquePtr<X509> mCert;
+};
+
// A simple certificate verifier for testing.
// Keep a list of leaf certificates as trusted. No certificate chain support.
//
@@ -50,4 +77,10 @@
std::vector<bssl::UniquePtr<X509>> mTrustedPeerCertificates;
};
+// A RpcCertificateVerifier that does not verify anything.
+class RpcCertificateVerifierNoOp : public RpcCertificateVerifier {
+public:
+ status_t verify(const SSL*, uint8_t*) override { return OK; }
+};
+
} // namespace android