Skip to content

Commit

Permalink
system_server BINDER_TYPE_FD sockets using ashmem accessors
Browse files Browse the repository at this point in the history 
check if device is a character device, before calling
ashmem_get_size_region. We do not check if the st_rdev
matches /dev/ashmem. So this at least eliminates making
this call when associated with a socket.

Bug: 26374183
Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4
  • Loading branch information
@Ziyann
Mark Salyzyn authored and Ziyann committed Sep 15, 2016
1 parent cd866c1 commit f547cd6
Showing 1 changed file with 16 additions and 7 deletions.
23 changes: 16 additions & 7 deletions libs/binder/Parcel.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@
#include <stdlib.h>
#include <stdint.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef INT32_MAX
#define INT32_MAX ((int32_t)(2147483647))
Expand Down Expand Up @@ -123,8 +126,10 @@ void acquire_object(const sp<ProcessState>& proc,
return;
}
case BINDER_TYPE_FD: {
if (obj.cookie != 0) {
if (outAshmemSize != NULL) {
if ((obj.cookie != 0) && (outAshmemSize != NULL)) {
struct stat st;
int ret = fstat(obj.handle, &st);
if (!ret && S_ISCHR(st.st_mode)) {
// If we own an ashmem fd, keep track of how much memory it refers to.
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
Expand Down Expand Up @@ -173,11 +178,15 @@ static void release_object(const sp<ProcessState>& proc,
return;
}
case BINDER_TYPE_FD: {
if (outAshmemSize != NULL) {
if (obj.cookie != 0) {
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
*outAshmemSize -= size;
if (obj.cookie != 0) { // owned
if (outAshmemSize != NULL) {
struct stat st;
int ret = fstat(obj.handle, &st);
if (!ret && S_ISCHR(st.st_mode)) {
int size = ashmem_get_size_region(obj.handle);
if (size > 0) {
*outAshmemSize -= size;
}
}

close(obj.handle);
Expand Down

0 comments on commit f547cd6

Please sign in to comment.