aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/staging/android/binder.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/staging/android/binder.c')
-rw-r--r--drivers/staging/android/binder.c471
1 files changed, 228 insertions, 243 deletions
diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index 5d4610babd8..4a36e9ab8cf 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -15,6 +15,8 @@
15 * 15 *
16 */ 16 */
17 17
18#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19
18#include <asm/cacheflush.h> 20#include <asm/cacheflush.h>
19#include <linux/fdtable.h> 21#include <linux/fdtable.h>
20#include <linux/file.h> 22#include <linux/file.h>
@@ -35,8 +37,9 @@
35#include <linux/slab.h> 37#include <linux/slab.h>
36 38
37#include "binder.h" 39#include "binder.h"
40#include "binder_trace.h"
38 41
39static DEFINE_MUTEX(binder_lock); 42static DEFINE_MUTEX(binder_main_lock);
40static DEFINE_MUTEX(binder_deferred_lock); 43static DEFINE_MUTEX(binder_deferred_lock);
41static DEFINE_MUTEX(binder_mmap_lock); 44static DEFINE_MUTEX(binder_mmap_lock);
42 45
@@ -411,6 +414,19 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd)
411 return retval; 414 return retval;
412} 415}
413 416
417static inline void binder_lock(const char *tag)
418{
419 trace_binder_lock(tag);
420 mutex_lock(&binder_main_lock);
421 trace_binder_locked(tag);
422}
423
424static inline void binder_unlock(const char *tag)
425{
426 trace_binder_unlock(tag);
427 mutex_unlock(&binder_main_lock);
428}
429
414static void binder_set_nice(long nice) 430static void binder_set_nice(long nice)
415{ 431{
416 long min_nice; 432 long min_nice;
@@ -420,12 +436,12 @@ static void binder_set_nice(long nice)
420 } 436 }
421 min_nice = 20 - current->signal->rlim[RLIMIT_NICE].rlim_cur; 437 min_nice = 20 - current->signal->rlim[RLIMIT_NICE].rlim_cur;
422 binder_debug(BINDER_DEBUG_PRIORITY_CAP, 438 binder_debug(BINDER_DEBUG_PRIORITY_CAP,
423 "binder: %d: nice value %ld not allowed use " 439 "%d: nice value %ld not allowed use %ld instead\n",
424 "%ld instead\n", current->pid, nice, min_nice); 440 current->pid, nice, min_nice);
425 set_user_nice(current, min_nice); 441 set_user_nice(current, min_nice);
426 if (min_nice < 20) 442 if (min_nice < 20)
427 return; 443 return;
428 binder_user_error("binder: %d RLIMIT_NICE not set\n", current->pid); 444 binder_user_error("%d RLIMIT_NICE not set\n", current->pid);
429} 445}
430 446
431static size_t binder_buffer_size(struct binder_proc *proc, 447static size_t binder_buffer_size(struct binder_proc *proc,
@@ -452,8 +468,8 @@ static void binder_insert_free_buffer(struct binder_proc *proc,
452 new_buffer_size = binder_buffer_size(proc, new_buffer); 468 new_buffer_size = binder_buffer_size(proc, new_buffer);
453 469
454 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 470 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
455 "binder: %d: add free buffer, size %zd, " 471 "%d: add free buffer, size %zd, at %p\n",
456 "at %p\n", proc->pid, new_buffer_size, new_buffer); 472 proc->pid, new_buffer_size, new_buffer);
457 473
458 while (*p) { 474 while (*p) {
459 parent = *p; 475 parent = *p;
@@ -531,12 +547,14 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
531 struct mm_struct *mm; 547 struct mm_struct *mm;
532 548
533 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 549 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
534 "binder: %d: %s pages %p-%p\n", proc->pid, 550 "%d: %s pages %p-%p\n", proc->pid,
535 allocate ? "allocate" : "free", start, end); 551 allocate ? "allocate" : "free", start, end);
536 552
537 if (end <= start) 553 if (end <= start)
538 return 0; 554 return 0;
539 555
556 trace_binder_update_page_range(proc, allocate, start, end);
557
540 if (vma) 558 if (vma)
541 mm = NULL; 559 mm = NULL;
542 else 560 else
@@ -546,7 +564,7 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
546 down_write(&mm->mmap_sem); 564 down_write(&mm->mmap_sem);
547 vma = proc->vma; 565 vma = proc->vma;
548 if (vma && mm != proc->vma_vm_mm) { 566 if (vma && mm != proc->vma_vm_mm) {
549 pr_err("binder: %d: vma mm and task mm mismatch\n", 567 pr_err("%d: vma mm and task mm mismatch\n",
550 proc->pid); 568 proc->pid);
551 vma = NULL; 569 vma = NULL;
552 } 570 }
@@ -556,8 +574,8 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
556 goto free_range; 574 goto free_range;
557 575
558 if (vma == NULL) { 576 if (vma == NULL) {
559 pr_err("binder: %d: binder_alloc_buf failed to " 577 pr_err("%d: binder_alloc_buf failed to map pages in userspace, no vma\n",
560 "map pages in userspace, no vma\n", proc->pid); 578 proc->pid);
561 goto err_no_vma; 579 goto err_no_vma;
562 } 580 }
563 581
@@ -569,8 +587,8 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
569 BUG_ON(*page); 587 BUG_ON(*page);
570 *page = alloc_page(GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO); 588 *page = alloc_page(GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO);
571 if (*page == NULL) { 589 if (*page == NULL) {
572 pr_err("binder: %d: binder_alloc_buf failed " 590 pr_err("%d: binder_alloc_buf failed for page at %p\n",
573 "for page at %p\n", proc->pid, page_addr); 591 proc->pid, page_addr);
574 goto err_alloc_page_failed; 592 goto err_alloc_page_failed;
575 } 593 }
576 tmp_area.addr = page_addr; 594 tmp_area.addr = page_addr;
@@ -578,8 +596,7 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
578 page_array_ptr = page; 596 page_array_ptr = page;
579 ret = map_vm_area(&tmp_area, PAGE_KERNEL, &page_array_ptr); 597 ret = map_vm_area(&tmp_area, PAGE_KERNEL, &page_array_ptr);
580 if (ret) { 598 if (ret) {
581 pr_err("binder: %d: binder_alloc_buf failed " 599 pr_err("%d: binder_alloc_buf failed to map page at %p in kernel\n",
582 "to map page at %p in kernel\n",
583 proc->pid, page_addr); 600 proc->pid, page_addr);
584 goto err_map_kernel_failed; 601 goto err_map_kernel_failed;
585 } 602 }
@@ -587,8 +604,7 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
587 (uintptr_t)page_addr + proc->user_buffer_offset; 604 (uintptr_t)page_addr + proc->user_buffer_offset;
588 ret = vm_insert_page(vma, user_page_addr, page[0]); 605 ret = vm_insert_page(vma, user_page_addr, page[0]);
589 if (ret) { 606 if (ret) {
590 pr_err("binder: %d: binder_alloc_buf failed " 607 pr_err("%d: binder_alloc_buf failed to map page at %lx in userspace\n",
591 "to map page at %lx in userspace\n",
592 proc->pid, user_page_addr); 608 proc->pid, user_page_addr);
593 goto err_vm_insert_page_failed; 609 goto err_vm_insert_page_failed;
594 } 610 }
@@ -636,7 +652,7 @@ static struct binder_buffer *binder_alloc_buf(struct binder_proc *proc,
636 size_t size; 652 size_t size;
637 653
638 if (proc->vma == NULL) { 654 if (proc->vma == NULL) {
639 pr_err("binder: %d: binder_alloc_buf, no vma\n", 655 pr_err("%d: binder_alloc_buf, no vma\n",
640 proc->pid); 656 proc->pid);
641 return NULL; 657 return NULL;
642 } 658 }
@@ -645,16 +661,16 @@ static struct binder_buffer *binder_alloc_buf(struct binder_proc *proc,
645 ALIGN(offsets_size, sizeof(void *)); 661 ALIGN(offsets_size, sizeof(void *));
646 662
647 if (size < data_size || size < offsets_size) { 663 if (size < data_size || size < offsets_size) {
648 binder_user_error("binder: %d: got transaction with invalid " 664 binder_user_error("%d: got transaction with invalid size %zd-%zd\n",
649 "size %zd-%zd\n", proc->pid, data_size, offsets_size); 665 proc->pid, data_size, offsets_size);
650 return NULL; 666 return NULL;
651 } 667 }
652 668
653 if (is_async && 669 if (is_async &&
654 proc->free_async_space < size + sizeof(struct binder_buffer)) { 670 proc->free_async_space < size + sizeof(struct binder_buffer)) {
655 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 671 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
656 "binder: %d: binder_alloc_buf size %zd" 672 "%d: binder_alloc_buf size %zd failed, no async space left\n",
657 "failed, no async space left\n", proc->pid, size); 673 proc->pid, size);
658 return NULL; 674 return NULL;
659 } 675 }
660 676
@@ -674,8 +690,8 @@ static struct binder_buffer *binder_alloc_buf(struct binder_proc *proc,
674 } 690 }
675 } 691 }
676 if (best_fit == NULL) { 692 if (best_fit == NULL) {
677 pr_err("binder: %d: binder_alloc_buf size %zd failed, " 693 pr_err("%d: binder_alloc_buf size %zd failed, no address space\n",
678 "no address space\n", proc->pid, size); 694 proc->pid, size);
679 return NULL; 695 return NULL;
680 } 696 }
681 if (n == NULL) { 697 if (n == NULL) {
@@ -684,8 +700,8 @@ static struct binder_buffer *binder_alloc_buf(struct binder_proc *proc,
684 } 700 }
685 701
686 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 702 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
687 "binder: %d: binder_alloc_buf size %zd got buff" 703 "%d: binder_alloc_buf size %zd got buffer %p size %zd\n",
688 "er %p size %zd\n", proc->pid, size, buffer, buffer_size); 704 proc->pid, size, buffer, buffer_size);
689 705
690 has_page_addr = 706 has_page_addr =
691 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK); 707 (void *)(((uintptr_t)buffer->data + buffer_size) & PAGE_MASK);
@@ -713,17 +729,16 @@ static struct binder_buffer *binder_alloc_buf(struct binder_proc *proc,
713 binder_insert_free_buffer(proc, new_buffer); 729 binder_insert_free_buffer(proc, new_buffer);
714 } 730 }
715 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 731 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
716 "binder: %d: binder_alloc_buf size %zd got " 732 "%d: binder_alloc_buf size %zd got %p\n",
717 "%p\n", proc->pid, size, buffer); 733 proc->pid, size, buffer);
718 buffer->data_size = data_size; 734 buffer->data_size = data_size;
719 buffer->offsets_size = offsets_size; 735 buffer->offsets_size = offsets_size;
720 buffer->async_transaction = is_async; 736 buffer->async_transaction = is_async;
721 if (is_async) { 737 if (is_async) {
722 proc->free_async_space -= size + sizeof(struct binder_buffer); 738 proc->free_async_space -= size + sizeof(struct binder_buffer);
723 binder_debug(BINDER_DEBUG_BUFFER_ALLOC_ASYNC, 739 binder_debug(BINDER_DEBUG_BUFFER_ALLOC_ASYNC,
724 "binder: %d: binder_alloc_buf size %zd " 740 "%d: binder_alloc_buf size %zd async free %zd\n",
725 "async free %zd\n", proc->pid, size, 741 proc->pid, size, proc->free_async_space);
726 proc->free_async_space);
727 } 742 }
728 743
729 return buffer; 744 return buffer;
@@ -754,8 +769,8 @@ static void binder_delete_free_buffer(struct binder_proc *proc,
754 if (buffer_end_page(prev) == buffer_end_page(buffer)) 769 if (buffer_end_page(prev) == buffer_end_page(buffer))
755 free_page_end = 0; 770 free_page_end = 0;
756 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 771 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
757 "binder: %d: merge free, buffer %p " 772 "%d: merge free, buffer %p share page with %p\n",
758 "share page with %p\n", proc->pid, buffer, prev); 773 proc->pid, buffer, prev);
759 } 774 }
760 775
761 if (!list_is_last(&buffer->entry, &proc->buffers)) { 776 if (!list_is_last(&buffer->entry, &proc->buffers)) {
@@ -767,16 +782,14 @@ static void binder_delete_free_buffer(struct binder_proc *proc,
767 buffer_start_page(buffer)) 782 buffer_start_page(buffer))
768 free_page_start = 0; 783 free_page_start = 0;
769 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 784 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
770 "binder: %d: merge free, buffer" 785 "%d: merge free, buffer %p share page with %p\n",
771 " %p share page with %p\n", proc->pid, 786 proc->pid, buffer, prev);
772 buffer, prev);
773 } 787 }
774 } 788 }
775 list_del(&buffer->entry); 789 list_del(&buffer->entry);
776 if (free_page_start || free_page_end) { 790 if (free_page_start || free_page_end) {
777 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 791 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
778 "binder: %d: merge free, buffer %p do " 792 "%d: merge free, buffer %p do not share page%s%s with with %p or %p\n",
779 "not share page%s%s with with %p or %p\n",
780 proc->pid, buffer, free_page_start ? "" : " end", 793 proc->pid, buffer, free_page_start ? "" : " end",
781 free_page_end ? "" : " start", prev, next); 794 free_page_end ? "" : " start", prev, next);
782 binder_update_page_range(proc, 0, free_page_start ? 795 binder_update_page_range(proc, 0, free_page_start ?
@@ -797,8 +810,8 @@ static void binder_free_buf(struct binder_proc *proc,
797 ALIGN(buffer->offsets_size, sizeof(void *)); 810 ALIGN(buffer->offsets_size, sizeof(void *));
798 811
799 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 812 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
800 "binder: %d: binder_free_buf %p size %zd buffer" 813 "%d: binder_free_buf %p size %zd buffer_size %zd\n",
801 "_size %zd\n", proc->pid, buffer, size, buffer_size); 814 proc->pid, buffer, size, buffer_size);
802 815
803 BUG_ON(buffer->free); 816 BUG_ON(buffer->free);
804 BUG_ON(size > buffer_size); 817 BUG_ON(size > buffer_size);
@@ -810,9 +823,8 @@ static void binder_free_buf(struct binder_proc *proc,
810 proc->free_async_space += size + sizeof(struct binder_buffer); 823 proc->free_async_space += size + sizeof(struct binder_buffer);
811 824
812 binder_debug(BINDER_DEBUG_BUFFER_ALLOC_ASYNC, 825 binder_debug(BINDER_DEBUG_BUFFER_ALLOC_ASYNC,
813 "binder: %d: binder_free_buf size %zd " 826 "%d: binder_free_buf size %zd async free %zd\n",
814 "async free %zd\n", proc->pid, size, 827 proc->pid, size, proc->free_async_space);
815 proc->free_async_space);
816 } 828 }
817 829
818 binder_update_page_range(proc, 0, 830 binder_update_page_range(proc, 0,
@@ -894,7 +906,7 @@ static struct binder_node *binder_new_node(struct binder_proc *proc,
894 INIT_LIST_HEAD(&node->work.entry); 906 INIT_LIST_HEAD(&node->work.entry);
895 INIT_LIST_HEAD(&node->async_todo); 907 INIT_LIST_HEAD(&node->async_todo);
896 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 908 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
897 "binder: %d:%d node %d u%p c%p created\n", 909 "%d:%d node %d u%p c%p created\n",
898 proc->pid, current->pid, node->debug_id, 910 proc->pid, current->pid, node->debug_id,
899 node->ptr, node->cookie); 911 node->ptr, node->cookie);
900 return node; 912 return node;
@@ -909,8 +921,8 @@ static int binder_inc_node(struct binder_node *node, int strong, int internal,
909 node->internal_strong_refs == 0 && 921 node->internal_strong_refs == 0 &&
910 !(node == binder_context_mgr_node && 922 !(node == binder_context_mgr_node &&
911 node->has_strong_ref)) { 923 node->has_strong_ref)) {
912 pr_err("binder: invalid inc strong " 924 pr_err("invalid inc strong node for %d\n",
913 "node for %d\n", node->debug_id); 925 node->debug_id);
914 return -EINVAL; 926 return -EINVAL;
915 } 927 }
916 node->internal_strong_refs++; 928 node->internal_strong_refs++;
@@ -925,8 +937,8 @@ static int binder_inc_node(struct binder_node *node, int strong, int internal,
925 node->local_weak_refs++; 937 node->local_weak_refs++;
926 if (!node->has_weak_ref && list_empty(&node->work.entry)) { 938 if (!node->has_weak_ref && list_empty(&node->work.entry)) {
927 if (target_list == NULL) { 939 if (target_list == NULL) {
928 pr_err("binder: invalid inc weak node " 940 pr_err("invalid inc weak node for %d\n",
929 "for %d\n", node->debug_id); 941 node->debug_id);
930 return -EINVAL; 942 return -EINVAL;
931 } 943 }
932 list_add_tail(&node->work.entry, target_list); 944 list_add_tail(&node->work.entry, target_list);
@@ -962,12 +974,12 @@ static int binder_dec_node(struct binder_node *node, int strong, int internal)
962 if (node->proc) { 974 if (node->proc) {
963 rb_erase(&node->rb_node, &node->proc->nodes); 975 rb_erase(&node->rb_node, &node->proc->nodes);
964 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 976 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
965 "binder: refless node %d deleted\n", 977 "refless node %d deleted\n",
966 node->debug_id); 978 node->debug_id);
967 } else { 979 } else {
968 hlist_del(&node->dead_node); 980 hlist_del(&node->dead_node);
969 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 981 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
970 "binder: dead node %d deleted\n", 982 "dead node %d deleted\n",
971 node->debug_id); 983 node->debug_id);
972 } 984 }
973 kfree(node); 985 kfree(node);
@@ -1053,14 +1065,13 @@ static struct binder_ref *binder_get_ref_for_node(struct binder_proc *proc,
1053 hlist_add_head(&new_ref->node_entry, &node->refs); 1065 hlist_add_head(&new_ref->node_entry, &node->refs);
1054 1066
1055 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 1067 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
1056 "binder: %d new ref %d desc %d for " 1068 "%d new ref %d desc %d for node %d\n",
1057 "node %d\n", proc->pid, new_ref->debug_id, 1069 proc->pid, new_ref->debug_id, new_ref->desc,
1058 new_ref->desc, node->debug_id); 1070 node->debug_id);
1059 } else { 1071 } else {
1060 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 1072 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
1061 "binder: %d new ref %d desc %d for " 1073 "%d new ref %d desc %d for dead node\n",
1062 "dead node\n", proc->pid, new_ref->debug_id, 1074 proc->pid, new_ref->debug_id, new_ref->desc);
1063 new_ref->desc);
1064 } 1075 }
1065 return new_ref; 1076 return new_ref;
1066} 1077}
@@ -1068,9 +1079,9 @@ static struct binder_ref *binder_get_ref_for_node(struct binder_proc *proc,
1068static void binder_delete_ref(struct binder_ref *ref) 1079static void binder_delete_ref(struct binder_ref *ref)
1069{ 1080{
1070 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 1081 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
1071 "binder: %d delete ref %d desc %d for " 1082 "%d delete ref %d desc %d for node %d\n",
1072 "node %d\n", ref->proc->pid, ref->debug_id, 1083 ref->proc->pid, ref->debug_id, ref->desc,
1073 ref->desc, ref->node->debug_id); 1084 ref->node->debug_id);
1074 1085
1075 rb_erase(&ref->rb_node_desc, &ref->proc->refs_by_desc); 1086 rb_erase(&ref->rb_node_desc, &ref->proc->refs_by_desc);
1076 rb_erase(&ref->rb_node_node, &ref->proc->refs_by_node); 1087 rb_erase(&ref->rb_node_node, &ref->proc->refs_by_node);
@@ -1080,9 +1091,8 @@ static void binder_delete_ref(struct binder_ref *ref)
1080 binder_dec_node(ref->node, 0, 1); 1091 binder_dec_node(ref->node, 0, 1);
1081 if (ref->death) { 1092 if (ref->death) {
1082 binder_debug(BINDER_DEBUG_DEAD_BINDER, 1093 binder_debug(BINDER_DEBUG_DEAD_BINDER,
1083 "binder: %d delete ref %d desc %d " 1094 "%d delete ref %d desc %d has death notification\n",
1084 "has death notification\n", ref->proc->pid, 1095 ref->proc->pid, ref->debug_id, ref->desc);
1085 ref->debug_id, ref->desc);
1086 list_del(&ref->death->work.entry); 1096 list_del(&ref->death->work.entry);
1087 kfree(ref->death); 1097 kfree(ref->death);
1088 binder_stats_deleted(BINDER_STAT_DEATH); 1098 binder_stats_deleted(BINDER_STAT_DEATH);
@@ -1118,8 +1128,7 @@ static int binder_dec_ref(struct binder_ref *ref, int strong)
1118{ 1128{
1119 if (strong) { 1129 if (strong) {
1120 if (ref->strong == 0) { 1130 if (ref->strong == 0) {
1121 binder_user_error("binder: %d invalid dec strong, " 1131 binder_user_error("%d invalid dec strong, ref %d desc %d s %d w %d\n",
1122 "ref %d desc %d s %d w %d\n",
1123 ref->proc->pid, ref->debug_id, 1132 ref->proc->pid, ref->debug_id,
1124 ref->desc, ref->strong, ref->weak); 1133 ref->desc, ref->strong, ref->weak);
1125 return -EINVAL; 1134 return -EINVAL;
@@ -1133,8 +1142,7 @@ static int binder_dec_ref(struct binder_ref *ref, int strong)
1133 } 1142 }
1134 } else { 1143 } else {
1135 if (ref->weak == 0) { 1144 if (ref->weak == 0) {
1136 binder_user_error("binder: %d invalid dec weak, " 1145 binder_user_error("%d invalid dec weak, ref %d desc %d s %d w %d\n",
1137 "ref %d desc %d s %d w %d\n",
1138 ref->proc->pid, ref->debug_id, 1146 ref->proc->pid, ref->debug_id,
1139 ref->desc, ref->strong, ref->weak); 1147 ref->desc, ref->strong, ref->weak);
1140 return -EINVAL; 1148 return -EINVAL;
@@ -1179,8 +1187,7 @@ static void binder_send_failed_reply(struct binder_transaction *t,
1179 } 1187 }
1180 if (target_thread->return_error == BR_OK) { 1188 if (target_thread->return_error == BR_OK) {
1181 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION, 1189 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,
1182 "binder: send failed reply for " 1190 "send failed reply for transaction %d to %d:%d\n",
1183 "transaction %d to %d:%d\n",
1184 t->debug_id, target_thread->proc->pid, 1191 t->debug_id, target_thread->proc->pid,
1185 target_thread->pid); 1192 target_thread->pid);
1186 1193
@@ -1188,9 +1195,8 @@ static void binder_send_failed_reply(struct binder_transaction *t,
1188 target_thread->return_error = error_code; 1195 target_thread->return_error = error_code;
1189 wake_up_interruptible(&target_thread->wait); 1196 wake_up_interruptible(&target_thread->wait);
1190 } else { 1197 } else {
1191 pr_err("binder: reply failed, target " 1198 pr_err("reply failed, target thread, %d:%d, has error code %d already\n",
1192 "thread, %d:%d, has error code %d " 1199 target_thread->proc->pid,
1193 "already\n", target_thread->proc->pid,
1194 target_thread->pid, 1200 target_thread->pid,
1195 target_thread->return_error); 1201 target_thread->return_error);
1196 } 1202 }
@@ -1199,21 +1205,19 @@ static void binder_send_failed_reply(struct binder_transaction *t,
1199 struct binder_transaction *next = t->from_parent; 1205 struct binder_transaction *next = t->from_parent;
1200 1206
1201 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION, 1207 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,
1202 "binder: send failed reply " 1208 "send failed reply for transaction %d, target dead\n",
1203 "for transaction %d, target dead\n",
1204 t->debug_id); 1209 t->debug_id);
1205 1210
1206 binder_pop_transaction(target_thread, t); 1211 binder_pop_transaction(target_thread, t);
1207 if (next == NULL) { 1212 if (next == NULL) {
1208 binder_debug(BINDER_DEBUG_DEAD_BINDER, 1213 binder_debug(BINDER_DEBUG_DEAD_BINDER,
1209 "binder: reply failed," 1214 "reply failed, no target thread at root\n");
1210 " no target thread at root\n");
1211 return; 1215 return;
1212 } 1216 }
1213 t = next; 1217 t = next;
1214 binder_debug(BINDER_DEBUG_DEAD_BINDER, 1218 binder_debug(BINDER_DEBUG_DEAD_BINDER,
1215 "binder: reply failed, no target " 1219 "reply failed, no target thread -- retry %d\n",
1216 "thread -- retry %d\n", t->debug_id); 1220 t->debug_id);
1217 } 1221 }
1218 } 1222 }
1219} 1223}
@@ -1226,7 +1230,7 @@ static void binder_transaction_buffer_release(struct binder_proc *proc,
1226 int debug_id = buffer->debug_id; 1230 int debug_id = buffer->debug_id;
1227 1231
1228 binder_debug(BINDER_DEBUG_TRANSACTION, 1232 binder_debug(BINDER_DEBUG_TRANSACTION,
1229 "binder: %d buffer release %d, size %zd-%zd, failed at %p\n", 1233 "%d buffer release %d, size %zd-%zd, failed at %p\n",
1230 proc->pid, buffer->debug_id, 1234 proc->pid, buffer->debug_id,
1231 buffer->data_size, buffer->offsets_size, failed_at); 1235 buffer->data_size, buffer->offsets_size, failed_at);
1232 1236
@@ -1243,9 +1247,8 @@ static void binder_transaction_buffer_release(struct binder_proc *proc,
1243 if (*offp > buffer->data_size - sizeof(*fp) || 1247 if (*offp > buffer->data_size - sizeof(*fp) ||
1244 buffer->data_size < sizeof(*fp) || 1248 buffer->data_size < sizeof(*fp) ||
1245 !IS_ALIGNED(*offp, sizeof(void *))) { 1249 !IS_ALIGNED(*offp, sizeof(void *))) {
1246 pr_err("binder: transaction release %d bad" 1250 pr_err("transaction release %d bad offset %zd, size %zd\n",
1247 "offset %zd, size %zd\n", debug_id, 1251 debug_id, *offp, buffer->data_size);
1248 *offp, buffer->data_size);
1249 continue; 1252 continue;
1250 } 1253 }
1251 fp = (struct flat_binder_object *)(buffer->data + *offp); 1254 fp = (struct flat_binder_object *)(buffer->data + *offp);
@@ -1254,8 +1257,8 @@ static void binder_transaction_buffer_release(struct binder_proc *proc,
1254 case BINDER_TYPE_WEAK_BINDER: { 1257 case BINDER_TYPE_WEAK_BINDER: {
1255 struct binder_node *node = binder_get_node(proc, fp->binder); 1258 struct binder_node *node = binder_get_node(proc, fp->binder);
1256 if (node == NULL) { 1259 if (node == NULL) {
1257 pr_err("binder: transaction release %d" 1260 pr_err("transaction release %d bad node %p\n",
1258 " bad node %p\n", debug_id, fp->binder); 1261 debug_id, fp->binder);
1259 break; 1262 break;
1260 } 1263 }
1261 binder_debug(BINDER_DEBUG_TRANSACTION, 1264 binder_debug(BINDER_DEBUG_TRANSACTION,
@@ -1267,9 +1270,8 @@ static void binder_transaction_buffer_release(struct binder_proc *proc,
1267 case BINDER_TYPE_WEAK_HANDLE: { 1270 case BINDER_TYPE_WEAK_HANDLE: {
1268 struct binder_ref *ref = binder_get_ref(proc, fp->handle); 1271 struct binder_ref *ref = binder_get_ref(proc, fp->handle);
1269 if (ref == NULL) { 1272 if (ref == NULL) {
1270 pr_err("binder: transaction release %d" 1273 pr_err("transaction release %d bad handle %ld\n",
1271 " bad handle %ld\n", debug_id, 1274 debug_id, fp->handle);
1272 fp->handle);
1273 break; 1275 break;
1274 } 1276 }
1275 binder_debug(BINDER_DEBUG_TRANSACTION, 1277 binder_debug(BINDER_DEBUG_TRANSACTION,
@@ -1286,8 +1288,8 @@ static void binder_transaction_buffer_release(struct binder_proc *proc,
1286 break; 1288 break;
1287 1289
1288 default: 1290 default:
1289 pr_err("binder: transaction release %d bad " 1291 pr_err("transaction release %d bad object type %lx\n",
1290 "object type %lx\n", debug_id, fp->type); 1292 debug_id, fp->type);
1291 break; 1293 break;
1292 } 1294 }
1293 } 1295 }
@@ -1320,17 +1322,14 @@ static void binder_transaction(struct binder_proc *proc,
1320 if (reply) { 1322 if (reply) {
1321 in_reply_to = thread->transaction_stack; 1323 in_reply_to = thread->transaction_stack;
1322 if (in_reply_to == NULL) { 1324 if (in_reply_to == NULL) {
1323 binder_user_error("binder: %d:%d got reply transaction " 1325 binder_user_error("%d:%d got reply transaction with no transaction stack\n",
1324 "with no transaction stack\n",
1325 proc->pid, thread->pid); 1326 proc->pid, thread->pid);
1326 return_error = BR_FAILED_REPLY; 1327 return_error = BR_FAILED_REPLY;
1327 goto err_empty_call_stack; 1328 goto err_empty_call_stack;
1328 } 1329 }
1329 binder_set_nice(in_reply_to->saved_priority); 1330 binder_set_nice(in_reply_to->saved_priority);
1330 if (in_reply_to->to_thread != thread) { 1331 if (in_reply_to->to_thread != thread) {
1331 binder_user_error("binder: %d:%d got reply transaction " 1332 binder_user_error("%d:%d got reply transaction with bad transaction stack, transaction %d has target %d:%d\n",
1332 "with bad transaction stack,"
1333 " transaction %d has target %d:%d\n",
1334 proc->pid, thread->pid, in_reply_to->debug_id, 1333 proc->pid, thread->pid, in_reply_to->debug_id,
1335 in_reply_to->to_proc ? 1334 in_reply_to->to_proc ?
1336 in_reply_to->to_proc->pid : 0, 1335 in_reply_to->to_proc->pid : 0,
@@ -1347,9 +1346,7 @@ static void binder_transaction(struct binder_proc *proc,
1347 goto err_dead_binder; 1346 goto err_dead_binder;
1348 } 1347 }
1349 if (target_thread->transaction_stack != in_reply_to) { 1348 if (target_thread->transaction_stack != in_reply_to) {
1350 binder_user_error("binder: %d:%d got reply transaction " 1349 binder_user_error("%d:%d got reply transaction with bad target transaction stack %d, expected %d\n",
1351 "with bad target transaction stack %d, "
1352 "expected %d\n",
1353 proc->pid, thread->pid, 1350 proc->pid, thread->pid,
1354 target_thread->transaction_stack ? 1351 target_thread->transaction_stack ?
1355 target_thread->transaction_stack->debug_id : 0, 1352 target_thread->transaction_stack->debug_id : 0,
@@ -1365,8 +1362,7 @@ static void binder_transaction(struct binder_proc *proc,
1365 struct binder_ref *ref; 1362 struct binder_ref *ref;
1366 ref = binder_get_ref(proc, tr->target.handle); 1363 ref = binder_get_ref(proc, tr->target.handle);
1367 if (ref == NULL) { 1364 if (ref == NULL) {
1368 binder_user_error("binder: %d:%d got " 1365 binder_user_error("%d:%d got transaction to invalid handle\n",
1369 "transaction to invalid handle\n",
1370 proc->pid, thread->pid); 1366 proc->pid, thread->pid);
1371 return_error = BR_FAILED_REPLY; 1367 return_error = BR_FAILED_REPLY;
1372 goto err_invalid_target_handle; 1368 goto err_invalid_target_handle;
@@ -1389,9 +1385,7 @@ static void binder_transaction(struct binder_proc *proc,
1389 struct binder_transaction *tmp; 1385 struct binder_transaction *tmp;
1390 tmp = thread->transaction_stack; 1386 tmp = thread->transaction_stack;
1391 if (tmp->to_thread != thread) { 1387 if (tmp->to_thread != thread) {
1392 binder_user_error("binder: %d:%d got new " 1388 binder_user_error("%d:%d got new transaction with bad transaction stack, transaction %d has target %d:%d\n",
1393 "transaction with bad transaction stack"
1394 ", transaction %d has target %d:%d\n",
1395 proc->pid, thread->pid, tmp->debug_id, 1389 proc->pid, thread->pid, tmp->debug_id,
1396 tmp->to_proc ? tmp->to_proc->pid : 0, 1390 tmp->to_proc ? tmp->to_proc->pid : 0,
1397 tmp->to_thread ? 1391 tmp->to_thread ?
@@ -1436,16 +1430,14 @@ static void binder_transaction(struct binder_proc *proc,
1436 1430
1437 if (reply) 1431 if (reply)
1438 binder_debug(BINDER_DEBUG_TRANSACTION, 1432 binder_debug(BINDER_DEBUG_TRANSACTION,
1439 "binder: %d:%d BC_REPLY %d -> %d:%d, " 1433 "%d:%d BC_REPLY %d -> %d:%d, data %p-%p size %zd-%zd\n",
1440 "data %p-%p size %zd-%zd\n",
1441 proc->pid, thread->pid, t->debug_id, 1434 proc->pid, thread->pid, t->debug_id,
1442 target_proc->pid, target_thread->pid, 1435 target_proc->pid, target_thread->pid,
1443 tr->data.ptr.buffer, tr->data.ptr.offsets, 1436 tr->data.ptr.buffer, tr->data.ptr.offsets,
1444 tr->data_size, tr->offsets_size); 1437 tr->data_size, tr->offsets_size);
1445 else 1438 else
1446 binder_debug(BINDER_DEBUG_TRANSACTION, 1439 binder_debug(BINDER_DEBUG_TRANSACTION,
1447 "binder: %d:%d BC_TRANSACTION %d -> " 1440 "%d:%d BC_TRANSACTION %d -> %d - node %d, data %p-%p size %zd-%zd\n",
1448 "%d - node %d, data %p-%p size %zd-%zd\n",
1449 proc->pid, thread->pid, t->debug_id, 1441 proc->pid, thread->pid, t->debug_id,
1450 target_proc->pid, target_node->debug_id, 1442 target_proc->pid, target_node->debug_id,
1451 tr->data.ptr.buffer, tr->data.ptr.offsets, 1443 tr->data.ptr.buffer, tr->data.ptr.offsets,
@@ -1461,6 +1453,9 @@ static void binder_transaction(struct binder_proc *proc,
1461 t->code = tr->code; 1453 t->code = tr->code;
1462 t->flags = tr->flags; 1454 t->flags = tr->flags;
1463 t->priority = task_nice(current); 1455 t->priority = task_nice(current);
1456
1457 trace_binder_transaction(reply, t, target_node);
1458
1464 t->buffer = binder_alloc_buf(target_proc, tr->data_size, 1459 t->buffer = binder_alloc_buf(target_proc, tr->data_size,
1465 tr->offsets_size, !reply && (t->flags & TF_ONE_WAY)); 1460 tr->offsets_size, !reply && (t->flags & TF_ONE_WAY));
1466 if (t->buffer == NULL) { 1461 if (t->buffer == NULL) {
@@ -1471,27 +1466,27 @@ static void binder_transaction(struct binder_proc *proc,
1471 t->buffer->debug_id = t->debug_id; 1466 t->buffer->debug_id = t->debug_id;
1472 t->buffer->transaction = t; 1467 t->buffer->transaction = t;
1473 t->buffer->target_node = target_node; 1468 t->buffer->target_node = target_node;
1469 trace_binder_transaction_alloc_buf(t->buffer);
1474 if (target_node) 1470 if (target_node)
1475 binder_inc_node(target_node, 1, 0, NULL); 1471 binder_inc_node(target_node, 1, 0, NULL);
1476 1472
1477 offp = (size_t *)(t->buffer->data + ALIGN(tr->data_size, sizeof(void *))); 1473 offp = (size_t *)(t->buffer->data + ALIGN(tr->data_size, sizeof(void *)));
1478 1474
1479 if (copy_from_user(t->buffer->data, tr->data.ptr.buffer, tr->data_size)) { 1475 if (copy_from_user(t->buffer->data, tr->data.ptr.buffer, tr->data_size)) {
1480 binder_user_error("binder: %d:%d got transaction with invalid " 1476 binder_user_error("%d:%d got transaction with invalid data ptr\n",
1481 "data ptr\n", proc->pid, thread->pid); 1477 proc->pid, thread->pid);
1482 return_error = BR_FAILED_REPLY; 1478 return_error = BR_FAILED_REPLY;
1483 goto err_copy_data_failed; 1479 goto err_copy_data_failed;
1484 } 1480 }
1485 if (copy_from_user(offp, tr->data.ptr.offsets, tr->offsets_size)) { 1481 if (copy_from_user(offp, tr->data.ptr.offsets, tr->offsets_size)) {
1486 binder_user_error("binder: %d:%d got transaction with invalid " 1482 binder_user_error("%d:%d got transaction with invalid offsets ptr\n",
1487 "offsets ptr\n", proc->pid, thread->pid); 1483 proc->pid, thread->pid);
1488 return_error = BR_FAILED_REPLY; 1484 return_error = BR_FAILED_REPLY;
1489 goto err_copy_data_failed; 1485 goto err_copy_data_failed;
1490 } 1486 }
1491 if (!IS_ALIGNED(tr->offsets_size, sizeof(size_t))) { 1487 if (!IS_ALIGNED(tr->offsets_size, sizeof(size_t))) {
1492 binder_user_error("binder: %d:%d got transaction with " 1488 binder_user_error("%d:%d got transaction with invalid offsets size, %zd\n",
1493 "invalid offsets size, %zd\n", 1489 proc->pid, thread->pid, tr->offsets_size);
1494 proc->pid, thread->pid, tr->offsets_size);
1495 return_error = BR_FAILED_REPLY; 1490 return_error = BR_FAILED_REPLY;
1496 goto err_bad_offset; 1491 goto err_bad_offset;
1497 } 1492 }
@@ -1501,9 +1496,8 @@ static void binder_transaction(struct binder_proc *proc,
1501 if (*offp > t->buffer->data_size - sizeof(*fp) || 1496 if (*offp > t->buffer->data_size - sizeof(*fp) ||
1502 t->buffer->data_size < sizeof(*fp) || 1497 t->buffer->data_size < sizeof(*fp) ||
1503 !IS_ALIGNED(*offp, sizeof(void *))) { 1498 !IS_ALIGNED(*offp, sizeof(void *))) {
1504 binder_user_error("binder: %d:%d got transaction with " 1499 binder_user_error("%d:%d got transaction with invalid offset, %zd\n",
1505 "invalid offset, %zd\n", 1500 proc->pid, thread->pid, *offp);
1506 proc->pid, thread->pid, *offp);
1507 return_error = BR_FAILED_REPLY; 1501 return_error = BR_FAILED_REPLY;
1508 goto err_bad_offset; 1502 goto err_bad_offset;
1509 } 1503 }
@@ -1523,8 +1517,7 @@ static void binder_transaction(struct binder_proc *proc,
1523 node->accept_fds = !!(fp->flags & FLAT_BINDER_FLAG_ACCEPTS_FDS); 1517 node->accept_fds = !!(fp->flags & FLAT_BINDER_FLAG_ACCEPTS_FDS);
1524 } 1518 }
1525 if (fp->cookie != node->cookie) { 1519 if (fp->cookie != node->cookie) {
1526 binder_user_error("binder: %d:%d sending u%p " 1520 binder_user_error("%d:%d sending u%p node %d, cookie mismatch %p != %p\n",
1527 "node %d, cookie mismatch %p != %p\n",
1528 proc->pid, thread->pid, 1521 proc->pid, thread->pid,
1529 fp->binder, node->debug_id, 1522 fp->binder, node->debug_id,
1530 fp->cookie, node->cookie); 1523 fp->cookie, node->cookie);
@@ -1543,6 +1536,7 @@ static void binder_transaction(struct binder_proc *proc,
1543 binder_inc_ref(ref, fp->type == BINDER_TYPE_HANDLE, 1536 binder_inc_ref(ref, fp->type == BINDER_TYPE_HANDLE,
1544 &thread->todo); 1537 &thread->todo);
1545 1538
1539 trace_binder_transaction_node_to_ref(t, node, ref);
1546 binder_debug(BINDER_DEBUG_TRANSACTION, 1540 binder_debug(BINDER_DEBUG_TRANSACTION,
1547 " node %d u%p -> ref %d desc %d\n", 1541 " node %d u%p -> ref %d desc %d\n",
1548 node->debug_id, node->ptr, ref->debug_id, 1542 node->debug_id, node->ptr, ref->debug_id,
@@ -1552,10 +1546,9 @@ static void binder_transaction(struct binder_proc *proc,
1552 case BINDER_TYPE_WEAK_HANDLE: { 1546 case BINDER_TYPE_WEAK_HANDLE: {
1553 struct binder_ref *ref = binder_get_ref(proc, fp->handle); 1547 struct binder_ref *ref = binder_get_ref(proc, fp->handle);
1554 if (ref == NULL) { 1548 if (ref == NULL) {
1555 binder_user_error("binder: %d:%d got " 1549 binder_user_error("%d:%d got transaction with invalid handle, %ld\n",
1556 "transaction with invalid " 1550 proc->pid,
1557 "handle, %ld\n", proc->pid, 1551 thread->pid, fp->handle);
1558 thread->pid, fp->handle);
1559 return_error = BR_FAILED_REPLY; 1552 return_error = BR_FAILED_REPLY;
1560 goto err_binder_get_ref_failed; 1553 goto err_binder_get_ref_failed;
1561 } 1554 }
@@ -1567,6 +1560,7 @@ static void binder_transaction(struct binder_proc *proc,
1567 fp->binder = ref->node->ptr; 1560 fp->binder = ref->node->ptr;
1568 fp->cookie = ref->node->cookie; 1561 fp->cookie = ref->node->cookie;
1569 binder_inc_node(ref->node, fp->type == BINDER_TYPE_BINDER, 0, NULL); 1562 binder_inc_node(ref->node, fp->type == BINDER_TYPE_BINDER, 0, NULL);
1563 trace_binder_transaction_ref_to_node(t, ref);
1570 binder_debug(BINDER_DEBUG_TRANSACTION, 1564 binder_debug(BINDER_DEBUG_TRANSACTION,
1571 " ref %d desc %d -> node %d u%p\n", 1565 " ref %d desc %d -> node %d u%p\n",
1572 ref->debug_id, ref->desc, ref->node->debug_id, 1566 ref->debug_id, ref->desc, ref->node->debug_id,
@@ -1580,6 +1574,8 @@ static void binder_transaction(struct binder_proc *proc,
1580 } 1574 }
1581 fp->handle = new_ref->desc; 1575 fp->handle = new_ref->desc;
1582 binder_inc_ref(new_ref, fp->type == BINDER_TYPE_HANDLE, NULL); 1576 binder_inc_ref(new_ref, fp->type == BINDER_TYPE_HANDLE, NULL);
1577 trace_binder_transaction_ref_to_ref(t, ref,
1578 new_ref);
1583 binder_debug(BINDER_DEBUG_TRANSACTION, 1579 binder_debug(BINDER_DEBUG_TRANSACTION,
1584 " ref %d desc %d -> ref %d desc %d (node %d)\n", 1580 " ref %d desc %d -> ref %d desc %d (node %d)\n",
1585 ref->debug_id, ref->desc, new_ref->debug_id, 1581 ref->debug_id, ref->desc, new_ref->debug_id,
@@ -1593,13 +1589,13 @@ static void binder_transaction(struct binder_proc *proc,
1593 1589
1594 if (reply) { 1590 if (reply) {
1595 if (!(in_reply_to->flags & TF_ACCEPT_FDS)) { 1591 if (!(in_reply_to->flags & TF_ACCEPT_FDS)) {
1596 binder_user_error("binder: %d:%d got reply with fd, %ld, but target does not allow fds\n", 1592 binder_user_error("%d:%d got reply with fd, %ld, but target does not allow fds\n",
1597 proc->pid, thread->pid, fp->handle); 1593 proc->pid, thread->pid, fp->handle);
1598 return_error = BR_FAILED_REPLY; 1594 return_error = BR_FAILED_REPLY;
1599 goto err_fd_not_allowed; 1595 goto err_fd_not_allowed;
1600 } 1596 }
1601 } else if (!target_node->accept_fds) { 1597 } else if (!target_node->accept_fds) {
1602 binder_user_error("binder: %d:%d got transaction with fd, %ld, but target does not allow fds\n", 1598 binder_user_error("%d:%d got transaction with fd, %ld, but target does not allow fds\n",
1603 proc->pid, thread->pid, fp->handle); 1599 proc->pid, thread->pid, fp->handle);
1604 return_error = BR_FAILED_REPLY; 1600 return_error = BR_FAILED_REPLY;
1605 goto err_fd_not_allowed; 1601 goto err_fd_not_allowed;
@@ -1607,7 +1603,7 @@ static void binder_transaction(struct binder_proc *proc,
1607 1603
1608 file = fget(fp->handle); 1604 file = fget(fp->handle);
1609 if (file == NULL) { 1605 if (file == NULL) {
1610 binder_user_error("binder: %d:%d got transaction with invalid fd, %ld\n", 1606 binder_user_error("%d:%d got transaction with invalid fd, %ld\n",
1611 proc->pid, thread->pid, fp->handle); 1607 proc->pid, thread->pid, fp->handle);
1612 return_error = BR_FAILED_REPLY; 1608 return_error = BR_FAILED_REPLY;
1613 goto err_fget_failed; 1609 goto err_fget_failed;
@@ -1619,6 +1615,7 @@ static void binder_transaction(struct binder_proc *proc,
1619 goto err_get_unused_fd_failed; 1615 goto err_get_unused_fd_failed;
1620 } 1616 }
1621 task_fd_install(target_proc, target_fd, file); 1617 task_fd_install(target_proc, target_fd, file);
1618 trace_binder_transaction_fd(t, fp->handle, target_fd);
1622 binder_debug(BINDER_DEBUG_TRANSACTION, 1619 binder_debug(BINDER_DEBUG_TRANSACTION,
1623 " fd %ld -> %d\n", fp->handle, target_fd); 1620 " fd %ld -> %d\n", fp->handle, target_fd);
1624 /* TODO: fput? */ 1621 /* TODO: fput? */
@@ -1626,8 +1623,7 @@ static void binder_transaction(struct binder_proc *proc,
1626 } break; 1623 } break;
1627 1624
1628 default: 1625 default:
1629 binder_user_error("binder: %d:%d got transactio" 1626 binder_user_error("%d:%d got transaction with invalid object type, %lx\n",
1630 "n with invalid object type, %lx\n",
1631 proc->pid, thread->pid, fp->type); 1627 proc->pid, thread->pid, fp->type);
1632 return_error = BR_FAILED_REPLY; 1628 return_error = BR_FAILED_REPLY;
1633 goto err_bad_object_type; 1629 goto err_bad_object_type;
@@ -1667,6 +1663,7 @@ err_binder_new_node_failed:
1667err_bad_object_type: 1663err_bad_object_type:
1668err_bad_offset: 1664err_bad_offset:
1669err_copy_data_failed: 1665err_copy_data_failed:
1666 trace_binder_transaction_failed_buffer_release(t->buffer);
1670 binder_transaction_buffer_release(target_proc, t->buffer, offp); 1667 binder_transaction_buffer_release(target_proc, t->buffer, offp);
1671 t->buffer->transaction = NULL; 1668 t->buffer->transaction = NULL;
1672 binder_free_buf(target_proc, t->buffer); 1669 binder_free_buf(target_proc, t->buffer);
@@ -1683,7 +1680,7 @@ err_dead_binder:
1683err_invalid_target_handle: 1680err_invalid_target_handle:
1684err_no_context_mgr_node: 1681err_no_context_mgr_node:
1685 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION, 1682 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,
1686 "binder: %d:%d transaction failed %d, size %zd-%zd\n", 1683 "%d:%d transaction failed %d, size %zd-%zd\n",
1687 proc->pid, thread->pid, return_error, 1684 proc->pid, thread->pid, return_error,
1688 tr->data_size, tr->offsets_size); 1685 tr->data_size, tr->offsets_size);
1689 1686
@@ -1712,6 +1709,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1712 if (get_user(cmd, (uint32_t __user *)ptr)) 1709 if (get_user(cmd, (uint32_t __user *)ptr))
1713 return -EFAULT; 1710 return -EFAULT;
1714 ptr += sizeof(uint32_t); 1711 ptr += sizeof(uint32_t);
1712 trace_binder_command(cmd);
1715 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.bc)) { 1713 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.bc)) {
1716 binder_stats.bc[_IOC_NR(cmd)]++; 1714 binder_stats.bc[_IOC_NR(cmd)]++;
1717 proc->stats.bc[_IOC_NR(cmd)]++; 1715 proc->stats.bc[_IOC_NR(cmd)]++;
@@ -1734,18 +1732,14 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1734 ref = binder_get_ref_for_node(proc, 1732 ref = binder_get_ref_for_node(proc,
1735 binder_context_mgr_node); 1733 binder_context_mgr_node);
1736 if (ref->desc != target) { 1734 if (ref->desc != target) {
1737 binder_user_error("binder: %d:" 1735 binder_user_error("%d:%d tried to acquire reference to desc 0, got %d instead\n",
1738 "%d tried to acquire "
1739 "reference to desc 0, "
1740 "got %d instead\n",
1741 proc->pid, thread->pid, 1736 proc->pid, thread->pid,
1742 ref->desc); 1737 ref->desc);
1743 } 1738 }
1744 } else 1739 } else
1745 ref = binder_get_ref(proc, target); 1740 ref = binder_get_ref(proc, target);
1746 if (ref == NULL) { 1741 if (ref == NULL) {
1747 binder_user_error("binder: %d:%d refcou" 1742 binder_user_error("%d:%d refcount change on invalid ref %d\n",
1748 "nt change on invalid ref %d\n",
1749 proc->pid, thread->pid, target); 1743 proc->pid, thread->pid, target);
1750 break; 1744 break;
1751 } 1745 }
@@ -1769,7 +1763,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1769 break; 1763 break;
1770 } 1764 }
1771 binder_debug(BINDER_DEBUG_USER_REFS, 1765 binder_debug(BINDER_DEBUG_USER_REFS,
1772 "binder: %d:%d %s ref %d desc %d s %d w %d for node %d\n", 1766 "%d:%d %s ref %d desc %d s %d w %d for node %d\n",
1773 proc->pid, thread->pid, debug_string, ref->debug_id, 1767 proc->pid, thread->pid, debug_string, ref->debug_id,
1774 ref->desc, ref->strong, ref->weak, ref->node->debug_id); 1768 ref->desc, ref->strong, ref->weak, ref->node->debug_id);
1775 break; 1769 break;
@@ -1788,8 +1782,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1788 ptr += sizeof(void *); 1782 ptr += sizeof(void *);
1789 node = binder_get_node(proc, node_ptr); 1783 node = binder_get_node(proc, node_ptr);
1790 if (node == NULL) { 1784 if (node == NULL) {
1791 binder_user_error("binder: %d:%d " 1785 binder_user_error("%d:%d %s u%p no match\n",
1792 "%s u%p no match\n",
1793 proc->pid, thread->pid, 1786 proc->pid, thread->pid,
1794 cmd == BC_INCREFS_DONE ? 1787 cmd == BC_INCREFS_DONE ?
1795 "BC_INCREFS_DONE" : 1788 "BC_INCREFS_DONE" :
@@ -1798,8 +1791,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1798 break; 1791 break;
1799 } 1792 }
1800 if (cookie != node->cookie) { 1793 if (cookie != node->cookie) {
1801 binder_user_error("binder: %d:%d %s u%p node %d" 1794 binder_user_error("%d:%d %s u%p node %d cookie mismatch %p != %p\n",
1802 " cookie mismatch %p != %p\n",
1803 proc->pid, thread->pid, 1795 proc->pid, thread->pid,
1804 cmd == BC_INCREFS_DONE ? 1796 cmd == BC_INCREFS_DONE ?
1805 "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE", 1797 "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE",
@@ -1809,9 +1801,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1809 } 1801 }
1810 if (cmd == BC_ACQUIRE_DONE) { 1802 if (cmd == BC_ACQUIRE_DONE) {
1811 if (node->pending_strong_ref == 0) { 1803 if (node->pending_strong_ref == 0) {
1812 binder_user_error("binder: %d:%d " 1804 binder_user_error("%d:%d BC_ACQUIRE_DONE node %d has no pending acquire request\n",
1813 "BC_ACQUIRE_DONE node %d has "
1814 "no pending acquire request\n",
1815 proc->pid, thread->pid, 1805 proc->pid, thread->pid,
1816 node->debug_id); 1806 node->debug_id);
1817 break; 1807 break;
@@ -1819,9 +1809,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1819 node->pending_strong_ref = 0; 1809 node->pending_strong_ref = 0;
1820 } else { 1810 } else {
1821 if (node->pending_weak_ref == 0) { 1811 if (node->pending_weak_ref == 0) {
1822 binder_user_error("binder: %d:%d " 1812 binder_user_error("%d:%d BC_INCREFS_DONE node %d has no pending increfs request\n",
1823 "BC_INCREFS_DONE node %d has "
1824 "no pending increfs request\n",
1825 proc->pid, thread->pid, 1813 proc->pid, thread->pid,
1826 node->debug_id); 1814 node->debug_id);
1827 break; 1815 break;
@@ -1830,17 +1818,17 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1830 } 1818 }
1831 binder_dec_node(node, cmd == BC_ACQUIRE_DONE, 0); 1819 binder_dec_node(node, cmd == BC_ACQUIRE_DONE, 0);
1832 binder_debug(BINDER_DEBUG_USER_REFS, 1820 binder_debug(BINDER_DEBUG_USER_REFS,
1833 "binder: %d:%d %s node %d ls %d lw %d\n", 1821 "%d:%d %s node %d ls %d lw %d\n",
1834 proc->pid, thread->pid, 1822 proc->pid, thread->pid,
1835 cmd == BC_INCREFS_DONE ? "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE", 1823 cmd == BC_INCREFS_DONE ? "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE",
1836 node->debug_id, node->local_strong_refs, node->local_weak_refs); 1824 node->debug_id, node->local_strong_refs, node->local_weak_refs);
1837 break; 1825 break;
1838 } 1826 }
1839 case BC_ATTEMPT_ACQUIRE: 1827 case BC_ATTEMPT_ACQUIRE:
1840 pr_err("binder: BC_ATTEMPT_ACQUIRE not supported\n"); 1828 pr_err("BC_ATTEMPT_ACQUIRE not supported\n");
1841 return -EINVAL; 1829 return -EINVAL;
1842 case BC_ACQUIRE_RESULT: 1830 case BC_ACQUIRE_RESULT:
1843 pr_err("binder: BC_ACQUIRE_RESULT not supported\n"); 1831 pr_err("BC_ACQUIRE_RESULT not supported\n");
1844 return -EINVAL; 1832 return -EINVAL;
1845 1833
1846 case BC_FREE_BUFFER: { 1834 case BC_FREE_BUFFER: {
@@ -1853,20 +1841,17 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1853 1841
1854 buffer = binder_buffer_lookup(proc, data_ptr); 1842 buffer = binder_buffer_lookup(proc, data_ptr);
1855 if (buffer == NULL) { 1843 if (buffer == NULL) {
1856 binder_user_error("binder: %d:%d " 1844 binder_user_error("%d:%d BC_FREE_BUFFER u%p no match\n",
1857 "BC_FREE_BUFFER u%p no match\n",
1858 proc->pid, thread->pid, data_ptr); 1845 proc->pid, thread->pid, data_ptr);
1859 break; 1846 break;
1860 } 1847 }
1861 if (!buffer->allow_user_free) { 1848 if (!buffer->allow_user_free) {
1862 binder_user_error("binder: %d:%d " 1849 binder_user_error("%d:%d BC_FREE_BUFFER u%p matched unreturned buffer\n",
1863 "BC_FREE_BUFFER u%p matched "
1864 "unreturned buffer\n",
1865 proc->pid, thread->pid, data_ptr); 1850 proc->pid, thread->pid, data_ptr);
1866 break; 1851 break;
1867 } 1852 }
1868 binder_debug(BINDER_DEBUG_FREE_BUFFER, 1853 binder_debug(BINDER_DEBUG_FREE_BUFFER,
1869 "binder: %d:%d BC_FREE_BUFFER u%p found buffer %d for %s transaction\n", 1854 "%d:%d BC_FREE_BUFFER u%p found buffer %d for %s transaction\n",
1870 proc->pid, thread->pid, data_ptr, buffer->debug_id, 1855 proc->pid, thread->pid, data_ptr, buffer->debug_id,
1871 buffer->transaction ? "active" : "finished"); 1856 buffer->transaction ? "active" : "finished");
1872 1857
@@ -1881,6 +1866,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1881 else 1866 else
1882 list_move_tail(buffer->target_node->async_todo.next, &thread->todo); 1867 list_move_tail(buffer->target_node->async_todo.next, &thread->todo);
1883 } 1868 }
1869 trace_binder_transaction_buffer_release(buffer);
1884 binder_transaction_buffer_release(proc, buffer, NULL); 1870 binder_transaction_buffer_release(proc, buffer, NULL);
1885 binder_free_buf(proc, buffer); 1871 binder_free_buf(proc, buffer);
1886 break; 1872 break;
@@ -1899,19 +1885,15 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1899 1885
1900 case BC_REGISTER_LOOPER: 1886 case BC_REGISTER_LOOPER:
1901 binder_debug(BINDER_DEBUG_THREADS, 1887 binder_debug(BINDER_DEBUG_THREADS,
1902 "binder: %d:%d BC_REGISTER_LOOPER\n", 1888 "%d:%d BC_REGISTER_LOOPER\n",
1903 proc->pid, thread->pid); 1889 proc->pid, thread->pid);
1904 if (thread->looper & BINDER_LOOPER_STATE_ENTERED) { 1890 if (thread->looper & BINDER_LOOPER_STATE_ENTERED) {
1905 thread->looper |= BINDER_LOOPER_STATE_INVALID; 1891 thread->looper |= BINDER_LOOPER_STATE_INVALID;
1906 binder_user_error("binder: %d:%d ERROR:" 1892 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER\n",
1907 " BC_REGISTER_LOOPER called "
1908 "after BC_ENTER_LOOPER\n",
1909 proc->pid, thread->pid); 1893 proc->pid, thread->pid);
1910 } else if (proc->requested_threads == 0) { 1894 } else if (proc->requested_threads == 0) {
1911 thread->looper |= BINDER_LOOPER_STATE_INVALID; 1895 thread->looper |= BINDER_LOOPER_STATE_INVALID;
1912 binder_user_error("binder: %d:%d ERROR:" 1896 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called without request\n",
1913 " BC_REGISTER_LOOPER called "
1914 "without request\n",
1915 proc->pid, thread->pid); 1897 proc->pid, thread->pid);
1916 } else { 1898 } else {
1917 proc->requested_threads--; 1899 proc->requested_threads--;
@@ -1921,20 +1903,18 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1921 break; 1903 break;
1922 case BC_ENTER_LOOPER: 1904 case BC_ENTER_LOOPER:
1923 binder_debug(BINDER_DEBUG_THREADS, 1905 binder_debug(BINDER_DEBUG_THREADS,
1924 "binder: %d:%d BC_ENTER_LOOPER\n", 1906 "%d:%d BC_ENTER_LOOPER\n",
1925 proc->pid, thread->pid); 1907 proc->pid, thread->pid);
1926 if (thread->looper & BINDER_LOOPER_STATE_REGISTERED) { 1908 if (thread->looper & BINDER_LOOPER_STATE_REGISTERED) {
1927 thread->looper |= BINDER_LOOPER_STATE_INVALID; 1909 thread->looper |= BINDER_LOOPER_STATE_INVALID;
1928 binder_user_error("binder: %d:%d ERROR:" 1910 binder_user_error("%d:%d ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER\n",
1929 " BC_ENTER_LOOPER called after "
1930 "BC_REGISTER_LOOPER\n",
1931 proc->pid, thread->pid); 1911 proc->pid, thread->pid);
1932 } 1912 }
1933 thread->looper |= BINDER_LOOPER_STATE_ENTERED; 1913 thread->looper |= BINDER_LOOPER_STATE_ENTERED;
1934 break; 1914 break;
1935 case BC_EXIT_LOOPER: 1915 case BC_EXIT_LOOPER:
1936 binder_debug(BINDER_DEBUG_THREADS, 1916 binder_debug(BINDER_DEBUG_THREADS,
1937 "binder: %d:%d BC_EXIT_LOOPER\n", 1917 "%d:%d BC_EXIT_LOOPER\n",
1938 proc->pid, thread->pid); 1918 proc->pid, thread->pid);
1939 thread->looper |= BINDER_LOOPER_STATE_EXITED; 1919 thread->looper |= BINDER_LOOPER_STATE_EXITED;
1940 break; 1920 break;
@@ -1954,8 +1934,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1954 ptr += sizeof(void *); 1934 ptr += sizeof(void *);
1955 ref = binder_get_ref(proc, target); 1935 ref = binder_get_ref(proc, target);
1956 if (ref == NULL) { 1936 if (ref == NULL) {
1957 binder_user_error("binder: %d:%d %s " 1937 binder_user_error("%d:%d %s invalid ref %d\n",
1958 "invalid ref %d\n",
1959 proc->pid, thread->pid, 1938 proc->pid, thread->pid,
1960 cmd == BC_REQUEST_DEATH_NOTIFICATION ? 1939 cmd == BC_REQUEST_DEATH_NOTIFICATION ?
1961 "BC_REQUEST_DEATH_NOTIFICATION" : 1940 "BC_REQUEST_DEATH_NOTIFICATION" :
@@ -1965,7 +1944,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1965 } 1944 }
1966 1945
1967 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION, 1946 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION,
1968 "binder: %d:%d %s %p ref %d desc %d s %d w %d for node %d\n", 1947 "%d:%d %s %p ref %d desc %d s %d w %d for node %d\n",
1969 proc->pid, thread->pid, 1948 proc->pid, thread->pid,
1970 cmd == BC_REQUEST_DEATH_NOTIFICATION ? 1949 cmd == BC_REQUEST_DEATH_NOTIFICATION ?
1971 "BC_REQUEST_DEATH_NOTIFICATION" : 1950 "BC_REQUEST_DEATH_NOTIFICATION" :
@@ -1975,10 +1954,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1975 1954
1976 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) { 1955 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) {
1977 if (ref->death) { 1956 if (ref->death) {
1978 binder_user_error("binder: %d:%" 1957 binder_user_error("%d:%d BC_REQUEST_DEATH_NOTIFICATION death notification already set\n",
1979 "d BC_REQUEST_DEATH_NOTI"
1980 "FICATION death notific"
1981 "ation already set\n",
1982 proc->pid, thread->pid); 1958 proc->pid, thread->pid);
1983 break; 1959 break;
1984 } 1960 }
@@ -1986,8 +1962,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
1986 if (death == NULL) { 1962 if (death == NULL) {
1987 thread->return_error = BR_ERROR; 1963 thread->return_error = BR_ERROR;
1988 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION, 1964 binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,
1989 "binder: %d:%d " 1965 "%d:%d BC_REQUEST_DEATH_NOTIFICATION failed\n",
1990 "BC_REQUEST_DEATH_NOTIFICATION failed\n",
1991 proc->pid, thread->pid); 1966 proc->pid, thread->pid);
1992 break; 1967 break;
1993 } 1968 }
@@ -2006,20 +1981,13 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
2006 } 1981 }
2007 } else { 1982 } else {
2008 if (ref->death == NULL) { 1983 if (ref->death == NULL) {
2009 binder_user_error("binder: %d:%" 1984 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification not active\n",
2010 "d BC_CLEAR_DEATH_NOTIFI"
2011 "CATION death notificat"
2012 "ion not active\n",
2013 proc->pid, thread->pid); 1985 proc->pid, thread->pid);
2014 break; 1986 break;
2015 } 1987 }
2016 death = ref->death; 1988 death = ref->death;
2017 if (death->cookie != cookie) { 1989 if (death->cookie != cookie) {
2018 binder_user_error("binder: %d:%" 1990 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch %p != %p\n",
2019 "d BC_CLEAR_DEATH_NOTIFI"
2020 "CATION death notificat"
2021 "ion cookie mismatch "
2022 "%p != %p\n",
2023 proc->pid, thread->pid, 1991 proc->pid, thread->pid,
2024 death->cookie, cookie); 1992 death->cookie, cookie);
2025 break; 1993 break;
@@ -2055,11 +2023,10 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
2055 } 2023 }
2056 } 2024 }
2057 binder_debug(BINDER_DEBUG_DEAD_BINDER, 2025 binder_debug(BINDER_DEBUG_DEAD_BINDER,
2058 "binder: %d:%d BC_DEAD_BINDER_DONE %p found %p\n", 2026 "%d:%d BC_DEAD_BINDER_DONE %p found %p\n",
2059 proc->pid, thread->pid, cookie, death); 2027 proc->pid, thread->pid, cookie, death);
2060 if (death == NULL) { 2028 if (death == NULL) {
2061 binder_user_error("binder: %d:%d BC_DEAD" 2029 binder_user_error("%d:%d BC_DEAD_BINDER_DONE %p not found\n",
2062 "_BINDER_DONE %p not found\n",
2063 proc->pid, thread->pid, cookie); 2030 proc->pid, thread->pid, cookie);
2064 break; 2031 break;
2065 } 2032 }
@@ -2077,7 +2044,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
2077 } break; 2044 } break;
2078 2045
2079 default: 2046 default:
2080 pr_err("binder: %d:%d unknown command %d\n", 2047 pr_err("%d:%d unknown command %d\n",
2081 proc->pid, thread->pid, cmd); 2048 proc->pid, thread->pid, cmd);
2082 return -EINVAL; 2049 return -EINVAL;
2083 } 2050 }
@@ -2089,6 +2056,7 @@ int binder_thread_write(struct binder_proc *proc, struct binder_thread *thread,
2089void binder_stat_br(struct binder_proc *proc, struct binder_thread *thread, 2056void binder_stat_br(struct binder_proc *proc, struct binder_thread *thread,
2090 uint32_t cmd) 2057 uint32_t cmd)
2091{ 2058{
2059 trace_binder_return(cmd);
2092 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.br)) { 2060 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.br)) {
2093 binder_stats.br[_IOC_NR(cmd)]++; 2061 binder_stats.br[_IOC_NR(cmd)]++;
2094 proc->stats.br[_IOC_NR(cmd)]++; 2062 proc->stats.br[_IOC_NR(cmd)]++;
@@ -2135,6 +2103,7 @@ retry:
2135 if (put_user(thread->return_error2, (uint32_t __user *)ptr)) 2103 if (put_user(thread->return_error2, (uint32_t __user *)ptr))
2136 return -EFAULT; 2104 return -EFAULT;
2137 ptr += sizeof(uint32_t); 2105 ptr += sizeof(uint32_t);
2106 binder_stat_br(proc, thread, thread->return_error2);
2138 if (ptr == end) 2107 if (ptr == end)
2139 goto done; 2108 goto done;
2140 thread->return_error2 = BR_OK; 2109 thread->return_error2 = BR_OK;
@@ -2142,6 +2111,7 @@ retry:
2142 if (put_user(thread->return_error, (uint32_t __user *)ptr)) 2111 if (put_user(thread->return_error, (uint32_t __user *)ptr))
2143 return -EFAULT; 2112 return -EFAULT;
2144 ptr += sizeof(uint32_t); 2113 ptr += sizeof(uint32_t);
2114 binder_stat_br(proc, thread, thread->return_error);
2145 thread->return_error = BR_OK; 2115 thread->return_error = BR_OK;
2146 goto done; 2116 goto done;
2147 } 2117 }
@@ -2150,13 +2120,16 @@ retry:
2150 thread->looper |= BINDER_LOOPER_STATE_WAITING; 2120 thread->looper |= BINDER_LOOPER_STATE_WAITING;
2151 if (wait_for_proc_work) 2121 if (wait_for_proc_work)
2152 proc->ready_threads++; 2122 proc->ready_threads++;
2153 mutex_unlock(&binder_lock); 2123
2124 binder_unlock(__func__);
2125
2126 trace_binder_wait_for_work(wait_for_proc_work,
2127 !!thread->transaction_stack,
2128 !list_empty(&thread->todo));
2154 if (wait_for_proc_work) { 2129 if (wait_for_proc_work) {
2155 if (!(thread->looper & (BINDER_LOOPER_STATE_REGISTERED | 2130 if (!(thread->looper & (BINDER_LOOPER_STATE_REGISTERED |
2156 BINDER_LOOPER_STATE_ENTERED))) { 2131 BINDER_LOOPER_STATE_ENTERED))) {
2157 binder_user_error("binder: %d:%d ERROR: Thread waiting " 2132 binder_user_error("%d:%d ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state %x)\n",
2158 "for process work before calling BC_REGISTER_"
2159 "LOOPER or BC_ENTER_LOOPER (state %x)\n",
2160 proc->pid, thread->pid, thread->looper); 2133 proc->pid, thread->pid, thread->looper);
2161 wait_event_interruptible(binder_user_error_wait, 2134 wait_event_interruptible(binder_user_error_wait,
2162 binder_stop_on_user_error < 2); 2135 binder_stop_on_user_error < 2);
@@ -2174,7 +2147,9 @@ retry:
2174 } else 2147 } else
2175 ret = wait_event_interruptible(thread->wait, binder_has_thread_work(thread)); 2148 ret = wait_event_interruptible(thread->wait, binder_has_thread_work(thread));
2176 } 2149 }
2177 mutex_lock(&binder_lock); 2150
2151 binder_lock(__func__);
2152
2178 if (wait_for_proc_work) 2153 if (wait_for_proc_work)
2179 proc->ready_threads--; 2154 proc->ready_threads--;
2180 thread->looper &= ~BINDER_LOOPER_STATE_WAITING; 2155 thread->looper &= ~BINDER_LOOPER_STATE_WAITING;
@@ -2213,7 +2188,7 @@ retry:
2213 2188
2214 binder_stat_br(proc, thread, cmd); 2189 binder_stat_br(proc, thread, cmd);
2215 binder_debug(BINDER_DEBUG_TRANSACTION_COMPLETE, 2190 binder_debug(BINDER_DEBUG_TRANSACTION_COMPLETE,
2216 "binder: %d:%d BR_TRANSACTION_COMPLETE\n", 2191 "%d:%d BR_TRANSACTION_COMPLETE\n",
2217 proc->pid, thread->pid); 2192 proc->pid, thread->pid);
2218 2193
2219 list_del(&w->entry); 2194 list_del(&w->entry);
@@ -2260,13 +2235,13 @@ retry:
2260 2235
2261 binder_stat_br(proc, thread, cmd); 2236 binder_stat_br(proc, thread, cmd);
2262 binder_debug(BINDER_DEBUG_USER_REFS, 2237 binder_debug(BINDER_DEBUG_USER_REFS,
2263 "binder: %d:%d %s %d u%p c%p\n", 2238 "%d:%d %s %d u%p c%p\n",
2264 proc->pid, thread->pid, cmd_name, node->debug_id, node->ptr, node->cookie); 2239 proc->pid, thread->pid, cmd_name, node->debug_id, node->ptr, node->cookie);
2265 } else { 2240 } else {
2266 list_del_init(&w->entry); 2241 list_del_init(&w->entry);
2267 if (!weak && !strong) { 2242 if (!weak && !strong) {
2268 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 2243 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
2269 "binder: %d:%d node %d u%p c%p deleted\n", 2244 "%d:%d node %d u%p c%p deleted\n",
2270 proc->pid, thread->pid, node->debug_id, 2245 proc->pid, thread->pid, node->debug_id,
2271 node->ptr, node->cookie); 2246 node->ptr, node->cookie);
2272 rb_erase(&node->rb_node, &proc->nodes); 2247 rb_erase(&node->rb_node, &proc->nodes);
@@ -2274,7 +2249,7 @@ retry:
2274 binder_stats_deleted(BINDER_STAT_NODE); 2249 binder_stats_deleted(BINDER_STAT_NODE);
2275 } else { 2250 } else {
2276 binder_debug(BINDER_DEBUG_INTERNAL_REFS, 2251 binder_debug(BINDER_DEBUG_INTERNAL_REFS,
2277 "binder: %d:%d node %d u%p c%p state unchanged\n", 2252 "%d:%d node %d u%p c%p state unchanged\n",
2278 proc->pid, thread->pid, node->debug_id, node->ptr, 2253 proc->pid, thread->pid, node->debug_id, node->ptr,
2279 node->cookie); 2254 node->cookie);
2280 } 2255 }
@@ -2297,8 +2272,9 @@ retry:
2297 if (put_user(death->cookie, (void * __user *)ptr)) 2272 if (put_user(death->cookie, (void * __user *)ptr))
2298 return -EFAULT; 2273 return -EFAULT;
2299 ptr += sizeof(void *); 2274 ptr += sizeof(void *);
2275 binder_stat_br(proc, thread, cmd);
2300 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION, 2276 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION,
2301 "binder: %d:%d %s %p\n", 2277 "%d:%d %s %p\n",
2302 proc->pid, thread->pid, 2278 proc->pid, thread->pid,
2303 cmd == BR_DEAD_BINDER ? 2279 cmd == BR_DEAD_BINDER ?
2304 "BR_DEAD_BINDER" : 2280 "BR_DEAD_BINDER" :
@@ -2364,10 +2340,10 @@ retry:
2364 return -EFAULT; 2340 return -EFAULT;
2365 ptr += sizeof(tr); 2341 ptr += sizeof(tr);
2366 2342
2343 trace_binder_transaction_received(t);
2367 binder_stat_br(proc, thread, cmd); 2344 binder_stat_br(proc, thread, cmd);
2368 binder_debug(BINDER_DEBUG_TRANSACTION, 2345 binder_debug(BINDER_DEBUG_TRANSACTION,
2369 "binder: %d:%d %s %d %d:%d, cmd %d" 2346 "%d:%d %s %d %d:%d, cmd %d size %zd-%zd ptr %p-%p\n",
2370 "size %zd-%zd ptr %p-%p\n",
2371 proc->pid, thread->pid, 2347 proc->pid, thread->pid,
2372 (cmd == BR_TRANSACTION) ? "BR_TRANSACTION" : 2348 (cmd == BR_TRANSACTION) ? "BR_TRANSACTION" :
2373 "BR_REPLY", 2349 "BR_REPLY",
@@ -2400,10 +2376,11 @@ done:
2400 /*spawn a new thread if we leave this out */) { 2376 /*spawn a new thread if we leave this out */) {
2401 proc->requested_threads++; 2377 proc->requested_threads++;
2402 binder_debug(BINDER_DEBUG_THREADS, 2378 binder_debug(BINDER_DEBUG_THREADS,
2403 "binder: %d:%d BR_SPAWN_LOOPER\n", 2379 "%d:%d BR_SPAWN_LOOPER\n",
2404 proc->pid, thread->pid); 2380 proc->pid, thread->pid);
2405 if (put_user(BR_SPAWN_LOOPER, (uint32_t __user *)buffer)) 2381 if (put_user(BR_SPAWN_LOOPER, (uint32_t __user *)buffer))
2406 return -EFAULT; 2382 return -EFAULT;
2383 binder_stat_br(proc, thread, BR_SPAWN_LOOPER);
2407 } 2384 }
2408 return 0; 2385 return 0;
2409} 2386}
@@ -2424,7 +2401,7 @@ static void binder_release_work(struct list_head *list)
2424 binder_send_failed_reply(t, BR_DEAD_REPLY); 2401 binder_send_failed_reply(t, BR_DEAD_REPLY);
2425 } else { 2402 } else {
2426 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION, 2403 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION,
2427 "binder: undelivered transaction %d\n", 2404 "undelivered transaction %d\n",
2428 t->debug_id); 2405 t->debug_id);
2429 t->buffer->transaction = NULL; 2406 t->buffer->transaction = NULL;
2430 kfree(t); 2407 kfree(t);
@@ -2433,7 +2410,7 @@ static void binder_release_work(struct list_head *list)
2433 } break; 2410 } break;
2434 case BINDER_WORK_TRANSACTION_COMPLETE: { 2411 case BINDER_WORK_TRANSACTION_COMPLETE: {
2435 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION, 2412 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION,
2436 "binder: undelivered TRANSACTION_COMPLETE\n"); 2413 "undelivered TRANSACTION_COMPLETE\n");
2437 kfree(w); 2414 kfree(w);
2438 binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); 2415 binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
2439 } break; 2416 } break;
@@ -2443,13 +2420,13 @@ static void binder_release_work(struct list_head *list)
2443 2420
2444 death = container_of(w, struct binder_ref_death, work); 2421 death = container_of(w, struct binder_ref_death, work);
2445 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION, 2422 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION,
2446 "binder: undelivered death notification, %p\n", 2423 "undelivered death notification, %p\n",
2447 death->cookie); 2424 death->cookie);
2448 kfree(death); 2425 kfree(death);
2449 binder_stats_deleted(BINDER_STAT_DEATH); 2426 binder_stats_deleted(BINDER_STAT_DEATH);
2450 } break; 2427 } break;
2451 default: 2428 default:
2452 pr_err("binder: unexpected work type, %d, not freed\n", 2429 pr_err("unexpected work type, %d, not freed\n",
2453 w->type); 2430 w->type);
2454 break; 2431 break;
2455 } 2432 }
@@ -2506,8 +2483,8 @@ static int binder_free_thread(struct binder_proc *proc,
2506 while (t) { 2483 while (t) {
2507 active_transactions++; 2484 active_transactions++;
2508 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION, 2485 binder_debug(BINDER_DEBUG_DEAD_TRANSACTION,
2509 "binder: release %d:%d transaction %d " 2486 "release %d:%d transaction %d %s, still active\n",
2510 "%s, still active\n", proc->pid, thread->pid, 2487 proc->pid, thread->pid,
2511 t->debug_id, 2488 t->debug_id,
2512 (t->to_thread == thread) ? "in" : "out"); 2489 (t->to_thread == thread) ? "in" : "out");
2513 2490
@@ -2540,12 +2517,14 @@ static unsigned int binder_poll(struct file *filp,
2540 struct binder_thread *thread = NULL; 2517 struct binder_thread *thread = NULL;
2541 int wait_for_proc_work; 2518 int wait_for_proc_work;
2542 2519
2543 mutex_lock(&binder_lock); 2520 binder_lock(__func__);
2521
2544 thread = binder_get_thread(proc); 2522 thread = binder_get_thread(proc);
2545 2523
2546 wait_for_proc_work = thread->transaction_stack == NULL && 2524 wait_for_proc_work = thread->transaction_stack == NULL &&
2547 list_empty(&thread->todo) && thread->return_error == BR_OK; 2525 list_empty(&thread->todo) && thread->return_error == BR_OK;
2548 mutex_unlock(&binder_lock); 2526
2527 binder_unlock(__func__);
2549 2528
2550 if (wait_for_proc_work) { 2529 if (wait_for_proc_work) {
2551 if (binder_has_proc_work(proc, thread)) 2530 if (binder_has_proc_work(proc, thread))
@@ -2573,11 +2552,13 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2573 2552
2574 /*pr_info("binder_ioctl: %d:%d %x %lx\n", proc->pid, current->pid, cmd, arg);*/ 2553 /*pr_info("binder_ioctl: %d:%d %x %lx\n", proc->pid, current->pid, cmd, arg);*/
2575 2554
2555 trace_binder_ioctl(cmd, arg);
2556
2576 ret = wait_event_interruptible(binder_user_error_wait, binder_stop_on_user_error < 2); 2557 ret = wait_event_interruptible(binder_user_error_wait, binder_stop_on_user_error < 2);
2577 if (ret) 2558 if (ret)
2578 return ret; 2559 goto err_unlocked;
2579 2560
2580 mutex_lock(&binder_lock); 2561 binder_lock(__func__);
2581 thread = binder_get_thread(proc); 2562 thread = binder_get_thread(proc);
2582 if (thread == NULL) { 2563 if (thread == NULL) {
2583 ret = -ENOMEM; 2564 ret = -ENOMEM;
@@ -2596,12 +2577,13 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2596 goto err; 2577 goto err;
2597 } 2578 }
2598 binder_debug(BINDER_DEBUG_READ_WRITE, 2579 binder_debug(BINDER_DEBUG_READ_WRITE,
2599 "binder: %d:%d write %ld at %08lx, read %ld at %08lx\n", 2580 "%d:%d write %ld at %08lx, read %ld at %08lx\n",
2600 proc->pid, thread->pid, bwr.write_size, bwr.write_buffer, 2581 proc->pid, thread->pid, bwr.write_size,
2601 bwr.read_size, bwr.read_buffer); 2582 bwr.write_buffer, bwr.read_size, bwr.read_buffer);
2602 2583
2603 if (bwr.write_size > 0) { 2584 if (bwr.write_size > 0) {
2604 ret = binder_thread_write(proc, thread, (void __user *)bwr.write_buffer, bwr.write_size, &bwr.write_consumed); 2585 ret = binder_thread_write(proc, thread, (void __user *)bwr.write_buffer, bwr.write_size, &bwr.write_consumed);
2586 trace_binder_write_done(ret);
2605 if (ret < 0) { 2587 if (ret < 0) {
2606 bwr.read_consumed = 0; 2588 bwr.read_consumed = 0;
2607 if (copy_to_user(ubuf, &bwr, sizeof(bwr))) 2589 if (copy_to_user(ubuf, &bwr, sizeof(bwr)))
@@ -2611,6 +2593,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2611 } 2593 }
2612 if (bwr.read_size > 0) { 2594 if (bwr.read_size > 0) {
2613 ret = binder_thread_read(proc, thread, (void __user *)bwr.read_buffer, bwr.read_size, &bwr.read_consumed, filp->f_flags & O_NONBLOCK); 2595 ret = binder_thread_read(proc, thread, (void __user *)bwr.read_buffer, bwr.read_size, &bwr.read_consumed, filp->f_flags & O_NONBLOCK);
2596 trace_binder_read_done(ret);
2614 if (!list_empty(&proc->todo)) 2597 if (!list_empty(&proc->todo))
2615 wake_up_interruptible(&proc->wait); 2598 wake_up_interruptible(&proc->wait);
2616 if (ret < 0) { 2599 if (ret < 0) {
@@ -2620,7 +2603,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2620 } 2603 }
2621 } 2604 }
2622 binder_debug(BINDER_DEBUG_READ_WRITE, 2605 binder_debug(BINDER_DEBUG_READ_WRITE,
2623 "binder: %d:%d wrote %ld of %ld, read return %ld of %ld\n", 2606 "%d:%d wrote %ld of %ld, read return %ld of %ld\n",
2624 proc->pid, thread->pid, bwr.write_consumed, bwr.write_size, 2607 proc->pid, thread->pid, bwr.write_consumed, bwr.write_size,
2625 bwr.read_consumed, bwr.read_size); 2608 bwr.read_consumed, bwr.read_size);
2626 if (copy_to_user(ubuf, &bwr, sizeof(bwr))) { 2609 if (copy_to_user(ubuf, &bwr, sizeof(bwr))) {
@@ -2637,14 +2620,13 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2637 break; 2620 break;
2638 case BINDER_SET_CONTEXT_MGR: 2621 case BINDER_SET_CONTEXT_MGR:
2639 if (binder_context_mgr_node != NULL) { 2622 if (binder_context_mgr_node != NULL) {
2640 pr_err("binder: BINDER_SET_CONTEXT_MGR already set\n"); 2623 pr_err("BINDER_SET_CONTEXT_MGR already set\n");
2641 ret = -EBUSY; 2624 ret = -EBUSY;
2642 goto err; 2625 goto err;
2643 } 2626 }
2644 if (uid_valid(binder_context_mgr_uid)) { 2627 if (uid_valid(binder_context_mgr_uid)) {
2645 if (!uid_eq(binder_context_mgr_uid, current->cred->euid)) { 2628 if (!uid_eq(binder_context_mgr_uid, current->cred->euid)) {
2646 pr_err("binder: BINDER_SET_" 2629 pr_err("BINDER_SET_CONTEXT_MGR bad uid %d != %d\n",
2647 "CONTEXT_MGR bad uid %d != %d\n",
2648 from_kuid(&init_user_ns, current->cred->euid), 2630 from_kuid(&init_user_ns, current->cred->euid),
2649 from_kuid(&init_user_ns, binder_context_mgr_uid)); 2631 from_kuid(&init_user_ns, binder_context_mgr_uid));
2650 ret = -EPERM; 2632 ret = -EPERM;
@@ -2663,7 +2645,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2663 binder_context_mgr_node->has_weak_ref = 1; 2645 binder_context_mgr_node->has_weak_ref = 1;
2664 break; 2646 break;
2665 case BINDER_THREAD_EXIT: 2647 case BINDER_THREAD_EXIT:
2666 binder_debug(BINDER_DEBUG_THREADS, "binder: %d:%d exit\n", 2648 binder_debug(BINDER_DEBUG_THREADS, "%d:%d exit\n",
2667 proc->pid, thread->pid); 2649 proc->pid, thread->pid);
2668 binder_free_thread(proc, thread); 2650 binder_free_thread(proc, thread);
2669 thread = NULL; 2651 thread = NULL;
@@ -2686,10 +2668,12 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2686err: 2668err:
2687 if (thread) 2669 if (thread)
2688 thread->looper &= ~BINDER_LOOPER_STATE_NEED_RETURN; 2670 thread->looper &= ~BINDER_LOOPER_STATE_NEED_RETURN;
2689 mutex_unlock(&binder_lock); 2671 binder_unlock(__func__);
2690 wait_event_interruptible(binder_user_error_wait, binder_stop_on_user_error < 2); 2672 wait_event_interruptible(binder_user_error_wait, binder_stop_on_user_error < 2);
2691 if (ret && ret != -ERESTARTSYS) 2673 if (ret && ret != -ERESTARTSYS)
2692 pr_info("binder: %d:%d ioctl %x %lx returned %d\n", proc->pid, current->pid, cmd, arg, ret); 2674 pr_info("%d:%d ioctl %x %lx returned %d\n", proc->pid, current->pid, cmd, arg, ret);
2675err_unlocked:
2676 trace_binder_ioctl_done(ret);
2693 return ret; 2677 return ret;
2694} 2678}
2695 2679
@@ -2697,7 +2681,7 @@ static void binder_vma_open(struct vm_area_struct *vma)
2697{ 2681{
2698 struct binder_proc *proc = vma->vm_private_data; 2682 struct binder_proc *proc = vma->vm_private_data;
2699 binder_debug(BINDER_DEBUG_OPEN_CLOSE, 2683 binder_debug(BINDER_DEBUG_OPEN_CLOSE,
2700 "binder: %d open vm area %lx-%lx (%ld K) vma %lx pagep %lx\n", 2684 "%d open vm area %lx-%lx (%ld K) vma %lx pagep %lx\n",
2701 proc->pid, vma->vm_start, vma->vm_end, 2685 proc->pid, vma->vm_start, vma->vm_end,
2702 (vma->vm_end - vma->vm_start) / SZ_1K, vma->vm_flags, 2686 (vma->vm_end - vma->vm_start) / SZ_1K, vma->vm_flags,
2703 (unsigned long)pgprot_val(vma->vm_page_prot)); 2687 (unsigned long)pgprot_val(vma->vm_page_prot));
@@ -2707,7 +2691,7 @@ static void binder_vma_close(struct vm_area_struct *vma)
2707{ 2691{
2708 struct binder_proc *proc = vma->vm_private_data; 2692 struct binder_proc *proc = vma->vm_private_data;
2709 binder_debug(BINDER_DEBUG_OPEN_CLOSE, 2693 binder_debug(BINDER_DEBUG_OPEN_CLOSE,
2710 "binder: %d close vm area %lx-%lx (%ld K) vma %lx pagep %lx\n", 2694 "%d close vm area %lx-%lx (%ld K) vma %lx pagep %lx\n",
2711 proc->pid, vma->vm_start, vma->vm_end, 2695 proc->pid, vma->vm_start, vma->vm_end,
2712 (vma->vm_end - vma->vm_start) / SZ_1K, vma->vm_flags, 2696 (vma->vm_end - vma->vm_start) / SZ_1K, vma->vm_flags,
2713 (unsigned long)pgprot_val(vma->vm_page_prot)); 2697 (unsigned long)pgprot_val(vma->vm_page_prot));
@@ -2835,13 +2819,16 @@ static int binder_open(struct inode *nodp, struct file *filp)
2835 INIT_LIST_HEAD(&proc->todo); 2819 INIT_LIST_HEAD(&proc->todo);
2836 init_waitqueue_head(&proc->wait); 2820 init_waitqueue_head(&proc->wait);
2837 proc->default_priority = task_nice(current); 2821 proc->default_priority = task_nice(current);
2838 mutex_lock(&binder_lock); 2822
2823 binder_lock(__func__);
2824
2839 binder_stats_created(BINDER_STAT_PROC); 2825 binder_stats_created(BINDER_STAT_PROC);
2840 hlist_add_head(&proc->proc_node, &binder_procs); 2826 hlist_add_head(&proc->proc_node, &binder_procs);
2841 proc->pid = current->group_leader->pid; 2827 proc->pid = current->group_leader->pid;
2842 INIT_LIST_HEAD(&proc->delivered_death); 2828 INIT_LIST_HEAD(&proc->delivered_death);
2843 filp->private_data = proc; 2829 filp->private_data = proc;
2844 mutex_unlock(&binder_lock); 2830
2831 binder_unlock(__func__);
2845 2832
2846 if (binder_debugfs_dir_entry_proc) { 2833 if (binder_debugfs_dir_entry_proc) {
2847 char strbuf[11]; 2834 char strbuf[11];
@@ -2949,9 +2936,8 @@ static void binder_deferred_release(struct binder_proc *proc)
2949 } 2936 }
2950 } 2937 }
2951 binder_debug(BINDER_DEBUG_DEAD_BINDER, 2938 binder_debug(BINDER_DEBUG_DEAD_BINDER,
2952 "binder: node %d now dead, " 2939 "node %d now dead, refs %d, death %d\n",
2953 "refs %d, death %d\n", node->debug_id, 2940 node->debug_id, incoming_refs, death);
2954 incoming_refs, death);
2955 } 2941 }
2956 } 2942 }
2957 outgoing_refs = 0; 2943 outgoing_refs = 0;
@@ -2972,8 +2958,7 @@ static void binder_deferred_release(struct binder_proc *proc)
2972 if (t) { 2958 if (t) {
2973 t->buffer = NULL; 2959 t->buffer = NULL;
2974 buffer->transaction = NULL; 2960 buffer->transaction = NULL;
2975 pr_err("binder: release proc %d, " 2961 pr_err("release proc %d, transaction %d, not freed\n",
2976 "transaction %d, not freed\n",
2977 proc->pid, t->debug_id); 2962 proc->pid, t->debug_id);
2978 /*BUG();*/ 2963 /*BUG();*/
2979 } 2964 }
@@ -2990,8 +2975,7 @@ static void binder_deferred_release(struct binder_proc *proc)
2990 if (proc->pages[i]) { 2975 if (proc->pages[i]) {
2991 void *page_addr = proc->buffer + i * PAGE_SIZE; 2976 void *page_addr = proc->buffer + i * PAGE_SIZE;
2992 binder_debug(BINDER_DEBUG_BUFFER_ALLOC, 2977 binder_debug(BINDER_DEBUG_BUFFER_ALLOC,
2993 "binder_release: %d: " 2978 "binder_release: %d: page %d at %p not freed\n",
2994 "page %d at %p not freed\n",
2995 proc->pid, i, 2979 proc->pid, i,
2996 page_addr); 2980 page_addr);
2997 unmap_kernel_range((unsigned long)page_addr, 2981 unmap_kernel_range((unsigned long)page_addr,
@@ -3007,9 +2991,7 @@ static void binder_deferred_release(struct binder_proc *proc)
3007 put_task_struct(proc->tsk); 2991 put_task_struct(proc->tsk);
3008 2992
3009 binder_debug(BINDER_DEBUG_OPEN_CLOSE, 2993 binder_debug(BINDER_DEBUG_OPEN_CLOSE,
3010 "binder_release: %d threads %d, nodes %d (ref %d), " 2994 "binder_release: %d threads %d, nodes %d (ref %d), refs %d, active transactions %d, buffers %d, pages %d\n",
3011 "refs %d, active transactions %d, buffers %d, "
3012 "pages %d\n",
3013 proc->pid, threads, nodes, incoming_refs, outgoing_refs, 2995 proc->pid, threads, nodes, incoming_refs, outgoing_refs,
3014 active_transactions, buffers, page_count); 2996 active_transactions, buffers, page_count);
3015 2997
@@ -3023,7 +3005,7 @@ static void binder_deferred_func(struct work_struct *work)
3023 3005
3024 int defer; 3006 int defer;
3025 do { 3007 do {
3026 mutex_lock(&binder_lock); 3008 binder_lock(__func__);
3027 mutex_lock(&binder_deferred_lock); 3009 mutex_lock(&binder_deferred_lock);
3028 if (!hlist_empty(&binder_deferred_list)) { 3010 if (!hlist_empty(&binder_deferred_list)) {
3029 proc = hlist_entry(binder_deferred_list.first, 3011 proc = hlist_entry(binder_deferred_list.first,
@@ -3050,7 +3032,7 @@ static void binder_deferred_func(struct work_struct *work)
3050 if (defer & BINDER_DEFERRED_RELEASE) 3032 if (defer & BINDER_DEFERRED_RELEASE)
3051 binder_deferred_release(proc); /* frees proc */ 3033 binder_deferred_release(proc); /* frees proc */
3052 3034
3053 mutex_unlock(&binder_lock); 3035 binder_unlock(__func__);
3054 if (files) 3036 if (files)
3055 put_files_struct(files); 3037 put_files_struct(files);
3056 } while (proc); 3038 } while (proc);
@@ -3391,7 +3373,7 @@ static int binder_state_show(struct seq_file *m, void *unused)
3391 int do_lock = !binder_debug_no_lock; 3373 int do_lock = !binder_debug_no_lock;
3392 3374
3393 if (do_lock) 3375 if (do_lock)
3394 mutex_lock(&binder_lock); 3376 binder_lock(__func__);
3395 3377
3396 seq_puts(m, "binder state:\n"); 3378 seq_puts(m, "binder state:\n");
3397 3379
@@ -3403,7 +3385,7 @@ static int binder_state_show(struct seq_file *m, void *unused)
3403 hlist_for_each_entry(proc, pos, &binder_procs, proc_node) 3385 hlist_for_each_entry(proc, pos, &binder_procs, proc_node)
3404 print_binder_proc(m, proc, 1); 3386 print_binder_proc(m, proc, 1);
3405 if (do_lock) 3387 if (do_lock)
3406 mutex_unlock(&binder_lock); 3388 binder_unlock(__func__);
3407 return 0; 3389 return 0;
3408} 3390}
3409 3391
@@ -3414,7 +3396,7 @@ static int binder_stats_show(struct seq_file *m, void *unused)
3414 int do_lock = !binder_debug_no_lock; 3396 int do_lock = !binder_debug_no_lock;
3415 3397
3416 if (do_lock) 3398 if (do_lock)
3417 mutex_lock(&binder_lock); 3399 binder_lock(__func__);
3418 3400
3419 seq_puts(m, "binder stats:\n"); 3401 seq_puts(m, "binder stats:\n");
3420 3402
@@ -3423,7 +3405,7 @@ static int binder_stats_show(struct seq_file *m, void *unused)
3423 hlist_for_each_entry(proc, pos, &binder_procs, proc_node) 3405 hlist_for_each_entry(proc, pos, &binder_procs, proc_node)
3424 print_binder_proc_stats(m, proc); 3406 print_binder_proc_stats(m, proc);
3425 if (do_lock) 3407 if (do_lock)
3426 mutex_unlock(&binder_lock); 3408 binder_unlock(__func__);
3427 return 0; 3409 return 0;
3428} 3410}
3429 3411
@@ -3434,13 +3416,13 @@ static int binder_transactions_show(struct seq_file *m, void *unused)
3434 int do_lock = !binder_debug_no_lock; 3416 int do_lock = !binder_debug_no_lock;
3435 3417
3436 if (do_lock) 3418 if (do_lock)
3437 mutex_lock(&binder_lock); 3419 binder_lock(__func__);
3438 3420
3439 seq_puts(m, "binder transactions:\n"); 3421 seq_puts(m, "binder transactions:\n");
3440 hlist_for_each_entry(proc, pos, &binder_procs, proc_node) 3422 hlist_for_each_entry(proc, pos, &binder_procs, proc_node)
3441 print_binder_proc(m, proc, 0); 3423 print_binder_proc(m, proc, 0);
3442 if (do_lock) 3424 if (do_lock)
3443 mutex_unlock(&binder_lock); 3425 binder_unlock(__func__);
3444 return 0; 3426 return 0;
3445} 3427}
3446 3428
@@ -3450,11 +3432,11 @@ static int binder_proc_show(struct seq_file *m, void *unused)
3450 int do_lock = !binder_debug_no_lock; 3432 int do_lock = !binder_debug_no_lock;
3451 3433
3452 if (do_lock) 3434 if (do_lock)
3453 mutex_lock(&binder_lock); 3435 binder_lock(__func__);
3454 seq_puts(m, "binder proc state:\n"); 3436 seq_puts(m, "binder proc state:\n");
3455 print_binder_proc(m, proc, 1); 3437 print_binder_proc(m, proc, 1);
3456 if (do_lock) 3438 if (do_lock)
3457 mutex_unlock(&binder_lock); 3439 binder_unlock(__func__);
3458 return 0; 3440 return 0;
3459} 3441}
3460 3442
@@ -3549,4 +3531,7 @@ static int __init binder_init(void)
3549 3531
3550device_initcall(binder_init); 3532device_initcall(binder_init);
3551 3533
3534#define CREATE_TRACE_POINTS
3535#include "binder_trace.h"
3536
3552MODULE_LICENSE("GPL v2"); 3537MODULE_LICENSE("GPL v2");
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-21 04:01:05 -0400