在前面面的小节中,使用了C语音编写了几个应用程序,使用binder实现了进程之间的通信,我们通过 binder_call最终调用
ioctl(bs->fd, BINDER_WRITE_READ, &bwr)
实现进程之间的通信,其中的bwr参数为结构体:
struct binder_write_read {
binder_size_t write_size; /* bytes to write */
binder_size_t write_consumed; /* bytes consumed by driver */
binder_uintptr_t write_buffer;
binder_size_t read_size; /* bytes to read */
binder_size_t read_consumed; /* bytes consumed by driver */
binder_uintptr_t read_buffer;
};
其中的binder_uintptr_t write_buffer指向我们需要传递的数据本身,他是怎么组成的呢?如下:
struct {
uint32_t cmd;
struct binder_transaction_data txn;
} __attribute__((packed)) writebuf;
其中的cmd用来代表数据类型,然后紧接着就是发送的数据,读数据也是这样。在稍后的实验中,我们对驱动源码添加打印信息,会打印出所有的数据类型,那么为什么不在应用程序,而是在驱动程序呢? 
假如上图中A为client,B为server,M代表打印信息。执行顺序本来是A打印buffM1,然后B打印buffM2,A打印buffM3,B打印buffM4,但是实际上应用层不会如此,AB他会把数据M1,M2与M3,M4先缓存起来,然后在合适的机会打印,也就是说打印顺序可能变成M1,M3,M2,M4这样不利于我们分析,所以我们在对内核进行修改,按顺序打印,方便我们实验的分析。
下面我们开始修改内核程序SDK/kernel/drivers/android/binder.c,使用BINDER_WRITE_READ进行搜索,找到如下代码:
case BINDER_WRITE_READ:
ret = binder_ioctl_write_read(filp, cmd, arg, thread);
if (ret)
goto err;
break;
进入binder_ioctl_write_read函数:
binder_ioctl_write_read()
copy_from_user(&bwr, ubuf, sizeof(bwr)//从用户空间获得一个struct binder_write_read bwr;结构体
binder_thread_write()
binder_thread_read()
我们在binder_thread_write函数中添加打印信息(+代表添加)
#include
#include
/*--------------------增加代码---------------------*/
+ #define NAME(n) case n: return #n
+ const char *binder_cmd_name(uint32_t cmd)
+ {
+ switch(cmd) {
+ NAME(BR_ERROR);
+ NAME(BR_OK);
+ NAME(BR_TRANSACTION);
+ NAME(BR_REPLY);
+ NAME(BR_ACQUIRE_RESULT);
+ NAME(BR_DEAD_REPLY);
+ NAME(BR_TRANSACTION_COMPLETE);
+ NAME(BR_INCREFS);
+ NAME(BR_ACQUIRE);
+ NAME(BR_RELEASE);
+ NAME(BR_DECREFS);
+ NAME(BR_ATTEMPT_ACQUIRE);
+ NAME(BR_NOOP);
+ NAME(BR_SPAWN_LOOPER);
+ NAME(BR_FINISHED);
+ NAME(BR_DEAD_BINDER);
+ NAME(BR_CLEAR_DEATH_NOTIFICATION_DONE);
+ NAME(BR_FAILED_REPLY);
+ NAME(BC_TRANSACTION);
+ NAME(BC_REPLY);
+ NAME(BC_ACQUIRE_RESULT);
+ NAME(BC_FREE_BUFFER);
+ NAME(BC_INCREFS);
+ NAME(BC_ACQUIRE);
+ NAME(BC_RELEASE);
+ NAME(BC_DECREFS);
+ NAME(BC_INCREFS_DONE);
+ NAME(BC_ACQUIRE_DONE);
+ NAME(BC_ATTEMPT_ACQUIRE);
+ NAME(BC_REGISTER_LOOPER);
+ NAME(BC_ENTER_LOOPER);
+ NAME(BC_EXIT_LOOPER);
+ NAME(BC_REQUEST_DEATH_NOTIFICATION);
+ NAME(BC_CLEAR_DEATH_NOTIFICATION);
+ NAME(BC_DEAD_BINDER_DONE);
+ default: return "???";
+ }
+ }
/*-----------------------------------------------*/
#define NAME(n) case n: return #n这个宏的作用,传入一个整数,然后返回一个宏定义的字符串方便我们后面打印的观察,其中宏BR_xxxx_xx中的R代表retrun,表示从驱动程序返回,BC_xxxx_xx中的C代表从应用程序拷贝到驱动程序。他们的B都表示binder驱动程序。
atomic_inc(&proc->stats.bc[_IOC_NR(cmd)]);
atomic_inc(&thread->stats.bc[_IOC_NR(cmd)]);
}
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n",proc->tsk->comm,proc->pid, thread->pid,__func__);
switch (cmd) {
case BC_INCREFS:
case BC_ACQUIRE:
我了大家直观的看到代码的修改,下面是一个补丁文件
--- "binder_\346\234\252\344\277\256\346\224\271\345\216\237\347\211\210\346\234\254.c" 2018-08-03 01:42:08.000000000 -0700
+++ "binder_\346\267\273\345\212\240\346\211\223\345\215\260\344\277\241\346\201\257.c" 2019-03-04 21:48:00.345245765 -0800
@@ -70,6 +70,74 @@
#include
#include
#include
+#include
+
+/*--------------------增加代码---------------------*/
+#define NAME(n) case n: return #n
+const char *binder_cmd_name(uint32_t cmd)
+{
+ switch(cmd) {
+ NAME(BR_ERROR);
+ NAME(BR_OK);
+ NAME(BR_TRANSACTION);
+ NAME(BR_REPLY);
+ NAME(BR_ACQUIRE_RESULT);
+ NAME(BR_DEAD_REPLY);
+ NAME(BR_TRANSACTION_COMPLETE);
+ NAME(BR_INCREFS);
+ NAME(BR_ACQUIRE);
+ NAME(BR_RELEASE);
+ NAME(BR_DECREFS);
+ NAME(BR_ATTEMPT_ACQUIRE);
+ NAME(BR_NOOP);
+ NAME(BR_SPAWN_LOOPER);
+ NAME(BR_FINISHED);
+ NAME(BR_DEAD_BINDER);
+ NAME(BR_CLEAR_DEATH_NOTIFICATION_DONE);
+ NAME(BR_FAILED_REPLY);
+ NAME(BC_TRANSACTION);
+ NAME(BC_REPLY);
+ NAME(BC_ACQUIRE_RESULT);
+ NAME(BC_FREE_BUFFER);
+ NAME(BC_INCREFS);
+ NAME(BC_ACQUIRE);
+ NAME(BC_RELEASE);
+ NAME(BC_DECREFS);
+ NAME(BC_INCREFS_DONE);
+ NAME(BC_ACQUIRE_DONE);
+ NAME(BC_ATTEMPT_ACQUIRE);
+ NAME(BC_REGISTER_LOOPER);
+ NAME(BC_ENTER_LOOPER);
+ NAME(BC_EXIT_LOOPER);
+ NAME(BC_REQUEST_DEATH_NOTIFICATION);
+ NAME(BC_CLEAR_DEATH_NOTIFICATION);
+ NAME(BC_DEAD_BINDER_DONE);
+ default: return "???";
+ }
+}
+
+static void hexdump(void *_data, size_t len)
+{
+ unsigned char *data = _data;
+ size_t count;
+
+ for (count = 0; count cur);
if (cur >= ARRAY_SIZE(log->entry))
- log->full = true;
+ log->full = 1;
e = &log->entry[cur % ARRAY_SIZE(log->entry)];
WRITE_ONCE(e->debug_id_done, 0);
/*
@@ -462,9 +530,8 @@ struct binder_ref {
};
enum binder_deferred_state {
- BINDER_DEFERRED_PUT_FILES = 0x01,
- BINDER_DEFERRED_FLUSH = 0x02,
- BINDER_DEFERRED_RELEASE = 0x04,
+ BINDER_DEFERRED_FLUSH = 0x01,
+ BINDER_DEFERRED_RELEASE = 0x02,
};
/**
@@ -501,9 +568,6 @@ struct binder_priority {
* (invariant after initialized)
* @tsk task_struct for group_leader of process
* (invariant after initialized)
- * @files files_struct for process
- * (protected by @files_lock)
- * @files_lock mutex to protect @files
* @deferred_work_node: element for binder_deferred_list
* (protected by binder_deferred_lock)
* @deferred_work: bitmap of deferred work to perform
@@ -548,8 +612,6 @@ struct binder_proc {
struct list_head waiting_threads;
int pid;
struct task_struct *tsk;
- struct files_struct *files;
- struct mutex files_lock;
struct hlist_node deferred_work_node;
int deferred_work;
bool is_dead;
@@ -897,27 +959,33 @@ static void binder_free_thread(struct bi
static void binder_free_proc(struct binder_proc *proc);
static void binder_inc_node_tmpref_ilocked(struct binder_node *node);
+struct files_struct *binder_get_files_struct(struct binder_proc *proc)
+{
+ return get_files_struct(proc->tsk);
+}
+
static int task_get_unused_fd_flags(struct binder_proc *proc, int flags)
{
+ struct files_struct *files;
unsigned long rlim_cur;
unsigned long irqs;
int ret;
- mutex_lock(&proc->files_lock);
- if (proc->files == NULL) {
- ret = -ESRCH;
- goto err;
- }
+ files = binder_get_files_struct(proc);
+ if (files == NULL)
+ return -ESRCH;
+
if (!lock_task_sighand(proc->tsk, &irqs)) {
ret = -EMFILE;
goto err;
}
+
rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE);
unlock_task_sighand(proc->tsk, &irqs);
- ret = __alloc_fd(proc->files, 0, rlim_cur, flags);
+ ret = __alloc_fd(files, 0, rlim_cur, flags);
err:
- mutex_unlock(&proc->files_lock);
+ put_files_struct(files);
return ret;
}
@@ -927,10 +995,12 @@ err:
static void task_fd_install(
struct binder_proc *proc, unsigned int fd, struct file *file)
{
- mutex_lock(&proc->files_lock);
- if (proc->files)
- __fd_install(proc->files, fd, file);
- mutex_unlock(&proc->files_lock);
+ struct files_struct *files = binder_get_files_struct(proc);
+
+ if (files) {
+ __fd_install(files, fd, file);
+ put_files_struct(files);
+ }
}
/*
@@ -938,22 +1008,21 @@ static void task_fd_install(
*/
static long task_close_fd(struct binder_proc *proc, unsigned int fd)
{
+ struct files_struct *files = binder_get_files_struct(proc);
int retval;
- mutex_lock(&proc->files_lock);
- if (proc->files == NULL) {
- retval = -ESRCH;
- goto err;
- }
- retval = __close_fd(proc->files, fd);
+ if (files == NULL)
+ return -ESRCH;
+
+ retval = __close_fd(files, fd);
/* can't restart close syscall because file table entry was cleared */
if (unlikely(retval == -ERESTARTSYS ||
retval == -ERESTARTNOINTR ||
retval == -ERESTARTNOHAND ||
retval == -ERESTART_RESTARTBLOCK))
retval = -EINTR;
-err:
- mutex_unlock(&proc->files_lock);
+ put_files_struct(files);
+
return retval;
}
@@ -2082,14 +2151,8 @@ static void binder_send_failed_reply(str
&target_thread->todo);
wake_up_interruptible(&target_thread->wait);
} else {
- /*
- * Cannot get here for normal operation, but
- * we can if multiple synchronous transactions
- * are sent without blocking for responses.
- * Just ignore the 2nd error in this case.
- */
- pr_warn("Unexpected reply error: %u\n",
- target_thread->reply_error.cmd);
+ WARN(1, "Unexpected reply error: %u\n",
+ target_thread->reply_error.cmd);
}
binder_inner_proc_unlock(target_thread->proc);
binder_thread_dec_tmpref(target_thread);
@@ -2149,8 +2212,8 @@ static size_t binder_validate_object(str
struct binder_object_header *hdr;
size_t object_size = 0;
- if (buffer->data_size buffer->data_size - sizeof(*hdr) ||
+ if (offset > buffer->data_size - sizeof(*hdr) ||
+ buffer->data_size debug_id;
binder_debug(BINDER_DEBUG_TRANSACTION,
- "%d buffer release %d, size %zd-%zd, failed at %pK\n",
+ "%d buffer release %d, size %zd-%zd, failed at %p\n",
proc->pid, buffer->debug_id,
buffer->data_size, buffer->offsets_size, failed_at);
@@ -2741,7 +2804,7 @@ static bool binder_proc_transaction(stru
target_list = &node->async_todo;
wakeup = false;
} else {
- node->has_async_transaction = true;
+ node->has_async_transaction = 1;
}
}
@@ -2940,14 +3003,6 @@ static void binder_transaction(struct bi
else
return_error = BR_DEAD_REPLY;
mutex_unlock(&context->context_mgr_node_lock);
- if (target_node && target_proc == proc) {
- binder_user_error("%d:%d got transaction to context manager from process owning it\n",
- proc->pid, thread->pid);
- return_error = BR_FAILED_REPLY;
- return_error_param = -EINVAL;
- return_error_line = __LINE__;
- goto err_invalid_target_handle;
- }
}
if (!target_node) {
/*
@@ -3028,7 +3083,24 @@ static void binder_transaction(struct bi
t->debug_id = t_debug_id;
if (reply)
- binder_debug(BINDER_DEBUG_TRANSACTION,
+/*---------------------------------------------替换代码-------------------------------------------------*/
+ printk("%d:%d BC_REPLY %d -> %d:%d, data %016llx-%016llx size %lld-%lld-%lld\n",
+ proc->pid, thread->pid, t->debug_id,
+ target_proc->pid, target_thread->pid,
+ (u64)tr->data.ptr.buffer,
+ (u64)tr->data.ptr.offsets,
+ (u64)tr->data_size, (u64)tr->offsets_size,
+ (u64)extra_buffers_size);
+ else
+ printk("%d:%d BC_TRANSACTION %d -> %d - node %d, data %016llx-%016llx size %lld-%lld-%lld\n",
+ proc->pid, thread->pid, t->debug_id,
+ target_proc->pid, target_node->debug_id,
+ (u64)tr->data.ptr.buffer,
+ (u64)tr->data.ptr.offsets,
+ (u64)tr->data_size, (u64)tr->offsets_size,
+ (u64)extra_buffers_size);
+/*----------------------------------------------结束----------------------------------------------------*/
+/* binder_debug(BINDER_DEBUG_TRANSACTION,
"%d:%d BC_REPLY %d -> %d:%d, data %016llx-%016llx size %lld-%lld-%lld\n",
proc->pid, thread->pid, t->debug_id,
target_proc->pid, target_thread->pid,
@@ -3045,7 +3117,7 @@ static void binder_transaction(struct bi
(u64)tr->data.ptr.offsets,
(u64)tr->data_size, (u64)tr->offsets_size,
(u64)extra_buffers_size);
-
+*/
if (!reply && !(tr->flags & TF_ONE_WAY))
t->from = thread;
else
@@ -3099,6 +3171,13 @@ static void binder_transaction(struct bi
return_error_line = __LINE__;
goto err_copy_data_failed;
}
+/*------------------------------------------增加代码----------------------------------------------*/
+ /*print data:*/
+ printk("%s (%d, %d), %s , print datas :\n", proc->tsk->comm, proc->pid, thread->pid, __func__);
+ hexdump(t->buffer->data,tr->data_size);
+
+/*----------------------------------------------结束----------------------------------------------------*/
+
if (copy_from_user(offp, (const void __user *)(uintptr_t)
tr->data.ptr.offsets, tr->offsets_size)) {
binder_user_error("%d:%d got transaction with invalid offsets ptr\n",
@@ -3424,6 +3503,11 @@ static int binder_thread_write(struct bi
atomic_inc(&proc->stats.bc[_IOC_NR(cmd)]);
atomic_inc(&thread->stats.bc[_IOC_NR(cmd)]);
}
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(cmd));
+/*-------------------------------------------------------------------------------------*/
+
switch (cmd) {
case BC_INCREFS:
case BC_ACQUIRE:
@@ -3603,7 +3687,7 @@ static int binder_thread_write(struct bi
w = binder_dequeue_work_head_ilocked(
&buf_node->async_todo);
if (!w) {
- buf_node->has_async_transaction = false;
+ buf_node->has_async_transaction = 0;
} else {
binder_enqueue_work_ilocked(
w, &proc->todo);
@@ -3826,7 +3910,7 @@ static int binder_thread_write(struct bi
}
}
binder_debug(BINDER_DEBUG_DEAD_BINDER,
- "%d:%d BC_DEAD_BINDER_DONE %016llx found %pK\n",
+ "%d:%d BC_DEAD_BINDER_DONE %016llx found %p\n",
proc->pid, thread->pid, (u64)cookie,
death);
if (death == NULL) {
@@ -3950,6 +4034,11 @@ static int binder_thread_read(struct bin
int wait_for_proc_work;
if (*consumed == 0) {
+
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(BR_NOOP));
+/*-------------------------------------------------------------------------------------*/
if (put_user(BR_NOOP, (uint32_t __user *)ptr))
return -EFAULT;
ptr += sizeof(uint32_t);
@@ -4030,7 +4119,6 @@ retry:
binder_inner_proc_unlock(proc);
if (put_user(e->cmd, (uint32_t __user *)ptr))
return -EFAULT;
- cmd = e->cmd;
e->cmd = BR_OK;
ptr += sizeof(uint32_t);
@@ -4039,6 +4127,10 @@ retry:
case BINDER_WORK_TRANSACTION_COMPLETE: {
binder_inner_proc_unlock(proc);
cmd = BR_TRANSACTION_COMPLETE;
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(cmd));
+/*-------------------------------------------------------------------------------------*/
if (put_user(cmd, (uint32_t __user *)ptr))
return -EFAULT;
ptr += sizeof(uint32_t);
@@ -4167,6 +4259,10 @@ retry:
w, &proc->delivered_death);
binder_inner_proc_unlock(proc);
}
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(cmd));
+/*-------------------------------------------------------------------------------------*/
if (put_user(cmd, (uint32_t __user *)ptr))
return -EFAULT;
ptr += sizeof(uint32_t);
@@ -4222,7 +4318,16 @@ retry:
tr.data.ptr.offsets = tr.data.ptr.buffer +
ALIGN(t->buffer->data_size,
sizeof(void *));
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(cmd));
+
+
+ /*print data:*/
+ printk("%s (%d, %d), %s , print datas :\n", proc->tsk->comm, proc->pid, thread->pid, __func__);
+ hexdump(t->buffer->data,t->buffer->data_size);
+/*-------------------------------------------------------------------------------------*/
if (put_user(cmd, (uint32_t __user *)ptr)) {
if (t_from)
binder_thread_dec_tmpref(t_from);
@@ -4286,6 +4391,10 @@ done:
binder_debug(BINDER_DEBUG_THREADS,
"%d:%d BR_SPAWN_LOOPER\n",
proc->pid, thread->pid);
+/*-------------------------------------增加代码----------------------------------------*/
+ /*print info:proc name,proc id,thread id,cmd name */
+ printk("%s (%d, %d), %s : %s\n", proc->tsk->comm, proc->pid, thread->pid, __func__, binder_cmd_name(BR_SPAWN_LOOPER));
+/*-------------------------------------------------------------------------------------*/
if (put_user(BR_SPAWN_LOOPER, (uint32_t __user *)buffer))
return -EFAULT;
binder_stat_br(proc, thread, BR_SPAWN_LOOPER);
@@ -4799,7 +4908,6 @@ static void binder_vma_close(struct vm_a
(vma->vm_end - vma->vm_start) / SZ_1K, vma->vm_flags,
(unsigned long)pgprot_val(vma->vm_page_prot));
binder_alloc_vma_close(&proc->alloc);
- binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES);
}
static int binder_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
@@ -4836,22 +4944,16 @@ static int binder_mmap(struct file *filp
failure_string = "bad vm_flags";
goto err_bad_arg;
}
- vma->vm_flags |= VM_DONTCOPY | VM_MIXEDMAP;
- vma->vm_flags &= ~VM_MAYWRITE;
-
+ vma->vm_flags = (vma->vm_flags | VM_DONTCOPY) & ~VM_MAYWRITE;
vma->vm_ops = &binder_vm_ops;
vma->vm_private_data = proc;
ret = binder_alloc_mmap_handler(&proc->alloc, vma);
- if (ret)
- return ret;
- mutex_lock(&proc->files_lock);
- proc->files = get_files_struct(current);
- mutex_unlock(&proc->files_lock);
- return 0;
+
+ return ret;
err_bad_arg:
- pr_err("%s: %d %lx-%lx %s failed %d\n", __func__,
+ pr_err("binder_mmap: %d %lx-%lx %s failed %d\n",
proc->pid, vma->vm_start, vma->vm_end, failure_string, ret);
return ret;
}
@@ -4861,7 +4963,7 @@ static int binder_open(struct inode *nod
struct binder_proc *proc;
struct binder_device *binder_dev;
- binder_debug(BINDER_DEBUG_OPEN_CLOSE, "%s: %d:%d\n", __func__,
+ binder_debug(BINDER_DEBUG_OPEN_CLOSE, "binder_open: %d:%d\n",
current->group_leader->pid, current->pid);
proc = kzalloc(sizeof(*proc), GFP_KERNEL);
@@ -4871,7 +4973,6 @@ static int binder_open(struct inode *nod
spin_lock_init(&proc->outer_lock);
get_task_struct(current->group_leader);
proc->tsk = current->group_leader;
- mutex_init(&proc->files_lock);
INIT_LIST_HEAD(&proc->todo);
if (binder_supported_policy(current->policy)) {
proc->default_priority.sched_policy = current->policy;
@@ -4907,7 +5008,7 @@ static int binder_open(struct inode *nod
* anyway print all contexts that a given PID has, so this
* is not a problem.
*/
- proc->debugfs_entry = debugfs_create_file(strbuf, 0444,
+ proc->debugfs_entry = debugfs_create_file(strbuf, S_IRUGO,
binder_debugfs_dir_entry_proc,
(void *)(unsigned long)proc->pid,
&binder_proc_fops);
@@ -5028,8 +5129,6 @@ static void binder_deferred_release(stru
struct rb_node *n;
int threads, nodes, incoming_refs, outgoing_refs, active_transactions;
- BUG_ON(proc->files);
-
mutex_lock(&binder_procs_lock);
hlist_del(&proc->proc_node);
mutex_unlock(&binder_procs_lock);
@@ -5111,8 +5210,6 @@ static void binder_deferred_release(stru
static void binder_deferred_func(struct work_struct *work)
{
struct binder_proc *proc;
- struct files_struct *files;
-
int defer;
do {
@@ -5129,23 +5226,11 @@ static void binder_deferred_func(struct
}
mutex_unlock(&binder_deferred_lock);
- files = NULL;
- if (defer & BINDER_DEFERRED_PUT_FILES) {
- mutex_lock(&proc->files_lock);
- files = proc->files;
- if (files)
- proc->files = NULL;
- mutex_unlock(&proc->files_lock);
- }
-
if (defer & BINDER_DEFERRED_FLUSH)
binder_deferred_flush(proc);
if (defer & BINDER_DEFERRED_RELEASE)
binder_deferred_release(proc); /* frees proc */
-
- if (files)
- put_files_struct(files);
} while (proc);
}
static DECLARE_WORK(binder_deferred_work, binder_deferred_func);
@@ -5174,7 +5259,7 @@ static void print_binder_transaction_ilo
spin_lock(&t->lock);
to_proc = t->to_proc;
seq_printf(m,
- "%s %d: %pK from %d:%d to %d:%d code %x flags %x pri %d:%d r%d",
+ "%s %d: %p from %d:%d to %d:%d code %x flags %x pri %d:%d r%d",
prefix, t->debug_id, t,
t->from ? t->from->proc->pid : 0,
t->from ? t->from->pid : 0,
@@ -5199,7 +5284,7 @@ static void print_binder_transaction_ilo
}
if (buffer->target_node)
seq_printf(m, " node %d", buffer->target_node->debug_id);
- seq_printf(m, " size %zd:%zd data %pK\n",
+ seq_printf(m, " size %zd:%zd data %p\n",
buffer->data_size, buffer->offsets_size,
buffer->data);
}
@@ -5734,13 +5819,11 @@ static int __init init_binder_device(con
static int __init binder_init(void)
{
int ret;
- char *device_name, *device_names, *device_tmp;
+ char *device_name, *device_names;
struct binder_device *device;
struct hlist_node *tmp;
- ret = binder_alloc_shrinker_init();
- if (ret)
- return ret;
+ binder_alloc_shrinker_init();
atomic_set(&binder_transaction_log.cur, ~0U);
atomic_set(&binder_transaction_log_failed.cur, ~0U);
@@ -5755,27 +5838,27 @@ static int __init binder_init(void)
if (binder_debugfs_dir_entry_root) {
debugfs_create_file("state",
- 0444,
+ S_IRUGO,
binder_debugfs_dir_entry_root,
NULL,
&binder_state_fops);
debugfs_create_file("stats",
- 0444,
+ S_IRUGO,
binder_debugfs_dir_entry_root,
NULL,
&binder_stats_fops);
debugfs_create_file("transactions",
- 0444,
+ S_IRUGO,
binder_debugfs_dir_entry_root,
NULL,
&binder_transactions_fops);
debugfs_create_file("transaction_log",
- 0444,
+ S_IRUGO,
binder_debugfs_dir_entry_root,
&binder_transaction_log,
&binder_transaction_log_fops);
debugfs_create_file("failed_transaction_log",
- 0444,
+ S_IRUGO,
binder_debugfs_dir_entry_root,
&binder_transaction_log_failed,
&binder_transaction_log_fops);
@@ -5792,8 +5875,7 @@ static int __init binder_init(void)
}
strcpy(device_names, binder_devices_param);
- device_tmp = device_names;
- while ((device_name = strsep(&device_tmp, ","))) {
+ while ((device_name = strsep(&device_names, ","))) {
ret = init_binder_device(device_name);
if (ret)
goto err_init_binder_device_failed;
@@ -5807,9 +5889,6 @@ err_init_binder_device_failed:
hlist_del(&device->hlist);
kfree(device);
}
-
- kfree(device_names);
-
err_alloc_device_names_failed:
debugfs_remove_recursive(binder_debugfs_dir_entry_root);
打上该补丁文件之后,重新烧写内核,我们下小节来分析其集体通信过程
