Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / b86cda40e1eff3f9157e5677f25d5933ea8b1392^! / . / libs / binder / RpcState.cpp
commitb86cda40e1eff3f9157e5677f25d5933ea8b1392[log] [tgz]
authorFrederick Mayle <fmayle@google.com>Thu Jun 09 23:17:45 2022 +0000
committerFrederick Mayle <fmayle@google.com>Thu Jun 09 23:17:45 2022 +0000
treeff024e01566b479f3f47aeaa79632e8891f3f6d6
parent68aa3bc6d6081c983005d0b70e7dd3f22265a0f8 [diff] [blame]
libbinder: Don't alloc for RPC_COMMAND_DEC_STRONG

Test: TH
Change-Id: I89eb9d87cd6d306d13b879649d209c6b6abd2494

diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index f16a9ab..f5de5b1 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp

@@ -964,23 +964,19 @@
                                     const sp<RpcSession>& session, const RpcWireHeader& command) {
     LOG_ALWAYS_FATAL_IF(command.command != RPC_COMMAND_DEC_STRONG, "command: %d", command.command);
 
-    CommandData commandData(command.bodySize);
-    if (!commandData.valid()) {
-        return NO_MEMORY;
-    }
-    iovec iov{commandData.data(), commandData.size()};
-    if (status_t status = rpcRec(connection, session, "dec ref body", &iov, 1); status != OK)
-        return status;
-
     if (command.bodySize != sizeof(RpcDecStrong)) {
         ALOGE("Expecting %zu but got %" PRId32 " bytes for RpcDecStrong. Terminating!",
               sizeof(RpcDecStrong), command.bodySize);
         (void)session->shutdownAndWait(false);
         return BAD_VALUE;
     }
-    RpcDecStrong* body = reinterpret_cast<RpcDecStrong*>(commandData.data());
 
-    uint64_t addr = RpcWireAddress::toRaw(body->address);
+    RpcDecStrong body;
+    iovec iov{&body, sizeof(RpcDecStrong)};
+    if (status_t status = rpcRec(connection, session, "dec ref body", &iov, 1); status != OK)
+        return status;
+
+    uint64_t addr = RpcWireAddress::toRaw(body.address);
     std::unique_lock<std::mutex> _l(mNodeMutex);
     auto it = mNodeForAddress.find(addr);
     if (it == mNodeForAddress.end()) {
@@ -998,19 +994,19 @@
         return BAD_VALUE;
     }
 
-    if (it->second.timesSent < body->amount) {
+    if (it->second.timesSent < body.amount) {
         ALOGE("Record of sending binder %zu times, but requested decStrong for %" PRIu64 " of %u",
-              it->second.timesSent, addr, body->amount);
+              it->second.timesSent, addr, body.amount);
         return OK;
     }
 
     LOG_ALWAYS_FATAL_IF(it->second.sentRef == nullptr, "Inconsistent state, lost ref for %" PRIu64,
                         addr);
 
-    LOG_RPC_DETAIL("Processing dec strong of %" PRIu64 " by %u from %zu", addr, body->amount,
+    LOG_RPC_DETAIL("Processing dec strong of %" PRIu64 " by %u from %zu", addr, body.amount,
                    it->second.timesSent);
 
-    it->second.timesSent -= body->amount;
+    it->second.timesSent -= body.amount;
     sp<IBinder> tempHold = tryEraseNode(it);
     _l.unlock();
     tempHold = nullptr; // destructor may make binder calls on this session