SlideShare a Scribd company logo

Android binder introduction

Derek Fang
Derek Fang

Android Binder Architecture Introduction and Debugging Analysis.

Technology
1 of 19
Android Binder Architecture Introduction and Debugging Analysis Derek Fang fang.comet@gmail.com
Binder transaction log // sys/kernel/debug/binder/transactions proc 7472 //android.process.media pending async transaction 8896717: ffff8800104e7800 from 0:0 to 7472:0 code 25 flags 11 pri - 20 r0 node 4631132 size 124:8 data ffffc900078056bc pending async transaction 8896728: ffff8800104e7f80 from 0:0 to 7472:0 code 25 flags 11 pri - 20 r0 node 4631132 size 124:8 data ffffc90007805790 … proc 664 //system_server thread 664: l 10 outgoing transaction 8898624: ffff8800381c7c80 from 664:664 to 7472:0 code 1 flags 10 pri -2 r1 node 4631408 size 248:4 data ffffc9000780668c thread 676: l 11 outgoing transaction 8896300: ffff88000ab71780 from 664:676 to 7472:0 code 2b flags 10 pri - 20 r1 node 4631132 size 780:4 data ffffc90007804f28 …
Binder transaction log // sys/kernel/debug/binder/stats ------ BINDER STATS (/sys/kernel/debug/binder/stats) ------ binder stats: proc 1353 threads: 456 // 已join binder pool 的threads 個數 requested threads: 0+3/15 ready threads 5 free async space 520192 nodes: 993 refs: 478 s 478 w 478 buffers: 226 // 已分配的 buffers pending transactions: 0 BC_TRANSACTION: 187672 BC_REPLY: 54812 … BR_SPAWN_LOOPER: 3 BR_CLEAR_DEATH_NOTIFICATION_DONE: 87 BR_FAILED_REPLY: 10910 …
binder_proc Process在binder driver對應的struct •struct rb_root threads; •struct rb_root nodes; •struct rb_node refs_by_node •struct list_head todo; binder_thread Thread在binder driver對應的struct •strust binder_proc *proc; •struct rb_node rb_node; •int pid; •struct list_head todo; binder_node 用來描述binder實 體對象,對應每 一個service組件的 struct •struct rb_node rb_node; •struct binder_proc *proc; •struct hlist_head refs; •unsigned has_asnc_transac tion; •struct list_head async_todo; binder_ref 用來描述binder引 用對象,對應每 一個client組件的 struct •struct rb_node rb_node_node; •struct binder_proc *proc; •struct binder_node *node; Binder driver related structs
binder_transaction •在kernel space裡描 述一個傳輸task的基 本struct •struct binder_work work; •struct binder_thread *from; •struct binder_proc *to_proc; •struct binder_thread *to_thread; •unsigned need_reply; •struct binder_buffer *buffer; binder_buffer •Kernel buffer,用 來傳遞process之 間的data,每一 個使用binder的 process都有專屬 的binder_buffer •struct binder_transactio n *transaction; •struct binder_node *node; •size_t data_size; •size_t offsets_size; binder_transaction_data •在user space裡描述一個傳輸task 的基本struct • pid_t sender_pid; •size_t data_size; •size_t offsets_size; •union{ struct{ const void *buffer; const void *offsets; }ptr; … }data; Binder driver related structs (cont.)
Binder codeflow (async transaction) BpBinder::transact() IPCThreadState::self()->transact(…) waitForResponse(…) talkWithDriver() ioctl(mProcess->mDriveFD, BINDER_WRITE_READ, &bwr) ioctl_open(…) binder_transaction(…) binder_thread_write(…) binder_thread_read(…) User space Kernel space copy_from_user(&bwr, ubuf, sizeof(bwr))
binder relation between client and server (async transaction) binder_ref BBinder binder_node Process A Process B binder_proc B BpBinder binder_proc A Thread A1 binder_thread A1 rb_node User space Kernel space
binder relation between client and server (async transaction) BBinder binder_node Process A Process B binder_proc B BpBinder Thread A1 binder_transaction t1 binder_transaction_d ata tr1 binder_thread A1 binder_thread *from (2) copy_form_user(…) binder_proc *to_proc rb_node binder_work User space Kernel space todo list (1) last slide (3) (4)
binder_workbinder_work Binder async todo list binder_proc list_head todo binder_transaction (async) list_head binder_transaction (async) list_head binder_node unsigned has_async_transaction list_head async_todo
Binder transaction dump flow  // anr log 20141008_023114.txt  proc 7472 //android.process.media  pending async transaction 8896728: ffff8800104e7f80 from 0:0 to 7472:0 code 25 flags 11 pri -20 r0 node 4631132 size 124:8 data ffffc90007805790  … 在binder driver裡找 binder_procs紀錄的 每一個binder_proc dump出該 binder_proc裡proc todo list裡串接的每 個binder_transaction dump出該 binder_transaction對 應的binder_node dump出該 binder_transaction連 接的binder_buffer • 每一個async binder transaction都是由同一個target binder_node所記錄,而 binder driver會根據target proc是否已有binder thread專門處理async binder transaction,有的話則將transaction串接到該thread的todo list;反之則串 接到target proc的todo list,等待binder driver指定binder thread執行 • Binder debug info path: /sys/kernel/debug/binder/
binder_workbinder_work Binder transaction linked list binder_proc list_head todo binder_transaction list_head binder_transaction list_head binder_workbinder_work binder_thread list_head todo binder_transaction list_head binder_transaction list_head *proc
Proc2 Binder driver sync transaction example T binder_transaction_stack NULL from_parent TODO T th1 TODO complete binder_thread_read()binder_thread_write() thread 1 thread 2 add list tail add list tail th1 stack th1->SP T_D copy to user Proc2 TODO T Wakeup a sleep thread of Proc2 th1 TODO complete proc 14054 thread 14073: l 10 transaction complete pending transaction 39997494: ffffffc09a69ec00 from 0:0 to 14054:14073 code 0 flags 0 pri 0 r0 size 48:8 d ata ffffff8004700050
Binder driver sync transaction example (cont.) binder_thread_write()binder_thread_read() thread 1 thread 2 T th1 stack th2 stack pop T_reply th1 TODO T_reply th2 TODO complete Proc2 TODO T T NULL to_parent push th2 stack th2->SP add list tail add list tail Wait for thread2’s reply Create a reply transaction
Binder driver sync transaction example (cont.) binder_thread_read() thread 1 thread 2 th2 TODO complete th1 TODO T_reply T_D copy to user T_replyth1 TODO
Binder driver transaction stack : 3 threads T1 NULL from_parent thread 1 thread 3 th1 stack th1->SP thread 2 T1 T2 T2 NULL to_parent th2->SP th2 stack th3 stack th3->SP // EX: 15685(gms ui), 1475(SS), 311(SF) proc 1475 thread 3235: l 11 outgoing transaction 849159: e3e87100 from 1475:3235 to 311:3944 code 1 flags 10 pri -6 r1 node 811656 size 188:0 data f9700028 incoming transaction 849155: e97d8a00 from 15685:15685 to 1475:3235 code 6 flags 10 pri -6 r1 node 811602 size 104:4 data f2d000b4 buffer 16570: f2d00028 size 16:4 delivered buffer 4065: f2d00064 size 0:0 delivered from_parent NULL to_parent T1 transaction T2 transaction 1 2
Binder driver transaction stack : 2 threads T1 NULL from_parent thread 1 th1 stack thread 2 T1 T2th2->SP th2 stack to_parent NULL to_parent T2 from_parent th1->SP T1 transaction T2 transaction 1 2
Binder系統中3種threads  Binder main thread  此thread創建過程中會調用startThreadPool() -> spawnPooledThread(true // boolean isMain), 命名規則為 “Binder:<PID>_1”, binder main thread不會退出  Binder normal threads  由binder driver判斷是否有空閒的binder thread來決定是否調用-> spawnPooledThread(false), 命名規則為 “Binder:<PID>_X”, 空閒不用時, 此 thread可以退出  調用ProcessState::self()->setThreadPoolMaxThreadCount(int Y); 限制可spawn 的thread個數, Ex: X = (2~Y+1)  Default Y=15, Android N之後新增JNI method可從Java層設定  Binder other threads  指並沒有調用上述的spawnPooledThread(),而是直接調用 IPC.joinThreadPool(),將當前thread直接加入binder thread pool,沒有命名 規則。EX: mediaserver、audioserver、servicemanager的main thread都是 binder thread,但system_server的main thread並非binder thread。
User buffer 1. 從ptr取資料放到binder_transaction_data 2. 執行binder_transaction()時, cmd != BC_REPLY 3. tr有target.handle值 -> 取得ref (有handle值一定存在相對應的ref) -> 取得對應的node 和 proc 4. For ONEWAY的binder_transaction, target_thread為NULL, 會將此 binder_transaction加入target_proc的todo list 5. 設定binder_transaction的內部參數, 設定binder_transaction的buffer buffer ptr consumed size
User buffer (cont.) 5. copy_from_user(): loop讀取buffer裡所有的資料(data, node, ref), 並執 行相對應的動作(建立node, ref , …etc) 6. 假如target_node已經在處理async transaction, 新加入的async transaction會被放到該target_node的async todo list; 否則放到proc的 todo list, 並喚醒在proc裡(thread pool)空閒的thread去執行 7. 在from thread的todo list 加入一個 BINDER_WORK_TRANSACTION_COMPLETE type的binder work, 表示完 成這一次的binder transaction  當該binder transaction不需reply或屬於TF_ONE_WAY, 則該 binder_transaction裡的(binder_thread *)from會指向null, binder.c +1484 buffer ptr consumed size

Recommended

Overview of Android binder IPC implementation
Overview of Android binder IPC implementationOverview of Android binder IPC implementation
Overview of Android binder IPC implementationChethan Pchethan
 
Android Binder: Deep Dive
Android Binder: Deep DiveAndroid Binder: Deep Dive
Android Binder: Deep DiveZafar Shahid, PhD
 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for LinuxYu-Hsin Hung
 
Binder: Android IPC
Binder: Android IPCBinder: Android IPC
Binder: Android IPCShaul Rosenzwieg
 
Android Internals
Android InternalsAndroid Internals
Android InternalsOpersys inc.
 
Understanding binder in android
Understanding binder in androidUnderstanding binder in android
Understanding binder in androidHaifeng Li
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android InternalsNational Cheng Kung University
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System ArchitectureNational Cheng Kung University
 

Recommended

Overview of Android binder IPC implementation
Overview of Android binder IPC implementationOverview of Android binder IPC implementation
Overview of Android binder IPC implementationChethan Pchethan
 
Android Binder: Deep Dive
Android Binder: Deep DiveAndroid Binder: Deep Dive
Android Binder: Deep DiveZafar Shahid, PhD
 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for LinuxYu-Hsin Hung
 
Binder: Android IPC
Binder: Android IPCBinder: Android IPC
Binder: Android IPCShaul Rosenzwieg
 
Android Internals
Android InternalsAndroid Internals
Android InternalsOpersys inc.
 
Understanding binder in android
Understanding binder in androidUnderstanding binder in android
Understanding binder in androidHaifeng Li
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android InternalsNational Cheng Kung University
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System ArchitectureNational Cheng Kung University
 
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveAndroid graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC MechanismNational Cheng Kung University
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Android ipm 20110409
Android ipm 20110409Android ipm 20110409
Android ipm 20110409Tetsuyuki Kobayashi
 
Embedded Android : System Development - Part IV (Android System Services)
Embedded Android : System Development - Part IV (Android System Services)Embedded Android : System Development - Part IV (Android System Services)
Embedded Android : System Development - Part IV (Android System Services)Emertxe Information Technologies Pvt Ltd
 
Design and Concepts of Android Graphics
Design and Concepts of Android GraphicsDesign and Concepts of Android Graphics
Design and Concepts of Android GraphicsNational Cheng Kung University
 
Aidl service
Aidl serviceAidl service
Aidl serviceAnjan Debnath
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Emertxe Information Technologies Pvt Ltd
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Android Internals
Android InternalsAndroid Internals
Android InternalsOpersys inc.
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part IEmertxe Information Technologies Pvt Ltd
 
Inter-process communication of Android
Inter-process communication of AndroidInter-process communication of Android
Inter-process communication of AndroidTetsuyuki Kobayashi
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsLinaro
 
Embedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmbedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmertxe Information Technologies Pvt Ltd
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded DevicesEmertxe Information Technologies Pvt Ltd
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh KhetanRajesh Khetan
 
Android media framework overview
Android media framework overviewAndroid media framework overview
Android media framework overviewJerrin George
 
From logs to metrics
From logs to metricsFrom logs to metrics
From logs to metricsLeonardo Di Donato
 
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Hsien-Hsin Sean Lee, Ph.D.
 

More Related Content

What's hot

Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveAndroid graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Inter-process communication of Android
Inter-process communication of AndroidInter-process communication of Android
Inter-process communication of AndroidTetsuyuki Kobayashi
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsLinaro
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh KhetanRajesh Khetan
 
Android media framework overview
Android media framework overviewAndroid media framework overview
Android media framework overviewJerrin George
 

What's hot (20)

Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveAndroid graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC Mechanism
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Android ipm 20110409
Android ipm 20110409Android ipm 20110409
Android ipm 20110409
 
Embedded Android : System Development - Part IV (Android System Services)
Embedded Android : System Development - Part IV (Android System Services)Embedded Android : System Development - Part IV (Android System Services)
Embedded Android : System Development - Part IV (Android System Services)
 
Design and Concepts of Android Graphics
Design and Concepts of Android GraphicsDesign and Concepts of Android Graphics
Design and Concepts of Android Graphics
 
Aidl service
Aidl serviceAidl service
Aidl service
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernel
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
 
Android Internals
Android InternalsAndroid Internals
Android Internals
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
Inter-process communication of Android
Inter-process communication of AndroidInter-process communication of Android
Inter-process communication of Android
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Embedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmbedded Android : System Development - Part IV
Embedded Android : System Development - Part IV
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture Overview
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh Khetan
 
Android media framework overview
Android media framework overviewAndroid media framework overview
Android media framework overview
 

Similar to Android binder introduction

Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Hsien-Hsin Sean Lee, Ph.D.
 
Oracle Basics and Architecture
Oracle Basics and ArchitectureOracle Basics and Architecture
Oracle Basics and ArchitectureSidney Chen
 
ez-clang C++ REPL for bare-metal embedded devices
ez-clang C++ REPL for bare-metal embedded devicesez-clang C++ REPL for bare-metal embedded devices
ez-clang C++ REPL for bare-metal embedded devicesStefan Gränitz
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFBrendan Gregg
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Global counters (ssh log)
Global counters (ssh log)Global counters (ssh log)
Global counters (ssh log)David Derrej
 
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...MIPI Alliance
 
A Brief Introduction of TiDB (Percona Live)
A Brief Introduction of TiDB (Percona Live)A Brief Introduction of TiDB (Percona Live)
A Brief Introduction of TiDB (Percona Live)PingCAP
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
 
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfpdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfPabloLobo18
 
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
OSSNA 2017 Performance Analysis Superpowers with Linux BPFOSSNA 2017 Performance Analysis Superpowers with Linux BPF
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
 
Z390 Designare REV1.0.pdf
Z390 Designare REV1.0.pdfZ390 Designare REV1.0.pdf
Z390 Designare REV1.0.pdfQuangSngBi
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 

Similar to Android binder introduction (20)

From logs to metrics
From logs to metricsFrom logs to metrics
From logs to metrics
 
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
 
Oracle Basics and Architecture
Oracle Basics and ArchitectureOracle Basics and Architecture
Oracle Basics and Architecture
 
ez-clang C++ REPL for bare-metal embedded devices
ez-clang C++ REPL for bare-metal embedded devicesez-clang C++ REPL for bare-metal embedded devices
ez-clang C++ REPL for bare-metal embedded devices
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
 
Global counters (ssh log)
Global counters (ssh log)Global counters (ssh log)
Global counters (ssh log)
 
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...
MIPI DevCon 2020 | Snapshot of MIPI RFFE v3.0 from a System-Architecture Per...
 
A Brief Introduction of TiDB (Percona Live)
A Brief Introduction of TiDB (Percona Live)A Brief Introduction of TiDB (Percona Live)
A Brief Introduction of TiDB (Percona Live)
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPF
 
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfpdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
 
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
OSSNA 2017 Performance Analysis Superpowers with Linux BPFOSSNA 2017 Performance Analysis Superpowers with Linux BPF
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
 
Z390 Designare REV1.0.pdf
Z390 Designare REV1.0.pdfZ390 Designare REV1.0.pdf
Z390 Designare REV1.0.pdf
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Android binder introduction

  • 1. Android Binder Architecture Introduction and Debugging Analysis Derek Fang fang.comet@gmail.com
  • 2. Binder transaction log // sys/kernel/debug/binder/transactions proc 7472 //android.process.media pending async transaction 8896717: ffff8800104e7800 from 0:0 to 7472:0 code 25 flags 11 pri - 20 r0 node 4631132 size 124:8 data ffffc900078056bc pending async transaction 8896728: ffff8800104e7f80 from 0:0 to 7472:0 code 25 flags 11 pri - 20 r0 node 4631132 size 124:8 data ffffc90007805790 … proc 664 //system_server thread 664: l 10 outgoing transaction 8898624: ffff8800381c7c80 from 664:664 to 7472:0 code 1 flags 10 pri -2 r1 node 4631408 size 248:4 data ffffc9000780668c thread 676: l 11 outgoing transaction 8896300: ffff88000ab71780 from 664:676 to 7472:0 code 2b flags 10 pri - 20 r1 node 4631132 size 780:4 data ffffc90007804f28 …
  • 3. Binder transaction log // sys/kernel/debug/binder/stats ------ BINDER STATS (/sys/kernel/debug/binder/stats) ------ binder stats: proc 1353 threads: 456 // 已join binder pool 的threads 個數 requested threads: 0+3/15 ready threads 5 free async space 520192 nodes: 993 refs: 478 s 478 w 478 buffers: 226 // 已分配的 buffers pending transactions: 0 BC_TRANSACTION: 187672 BC_REPLY: 54812 … BR_SPAWN_LOOPER: 3 BR_CLEAR_DEATH_NOTIFICATION_DONE: 87 BR_FAILED_REPLY: 10910 …
  • 4. binder_proc Process在binder driver對應的struct •struct rb_root threads; •struct rb_root nodes; •struct rb_node refs_by_node •struct list_head todo; binder_thread Thread在binder driver對應的struct •strust binder_proc *proc; •struct rb_node rb_node; •int pid; •struct list_head todo; binder_node 用來描述binder實 體對象,對應每 一個service組件的 struct •struct rb_node rb_node; •struct binder_proc *proc; •struct hlist_head refs; •unsigned has_asnc_transac tion; •struct list_head async_todo; binder_ref 用來描述binder引 用對象,對應每 一個client組件的 struct •struct rb_node rb_node_node; •struct binder_proc *proc; •struct binder_node *node; Binder driver related structs
  • 5. binder_transaction •在kernel space裡描 述一個傳輸task的基 本struct •struct binder_work work; •struct binder_thread *from; •struct binder_proc *to_proc; •struct binder_thread *to_thread; •unsigned need_reply; •struct binder_buffer *buffer; binder_buffer •Kernel buffer,用 來傳遞process之 間的data,每一 個使用binder的 process都有專屬 的binder_buffer •struct binder_transactio n *transaction; •struct binder_node *node; •size_t data_size; •size_t offsets_size; binder_transaction_data •在user space裡描述一個傳輸task 的基本struct • pid_t sender_pid; •size_t data_size; •size_t offsets_size; •union{ struct{ const void *buffer; const void *offsets; }ptr; … }data; Binder driver related structs (cont.)
  • 6. Binder codeflow (async transaction) BpBinder::transact() IPCThreadState::self()->transact(…) waitForResponse(…) talkWithDriver() ioctl(mProcess->mDriveFD, BINDER_WRITE_READ, &bwr) ioctl_open(…) binder_transaction(…) binder_thread_write(…) binder_thread_read(…) User space Kernel space copy_from_user(&bwr, ubuf, sizeof(bwr))
  • 7. binder relation between client and server (async transaction) binder_ref BBinder binder_node Process A Process B binder_proc B BpBinder binder_proc A Thread A1 binder_thread A1 rb_node User space Kernel space
  • 8. binder relation between client and server (async transaction) BBinder binder_node Process A Process B binder_proc B BpBinder Thread A1 binder_transaction t1 binder_transaction_d ata tr1 binder_thread A1 binder_thread *from (2) copy_form_user(…) binder_proc *to_proc rb_node binder_work User space Kernel space todo list (1) last slide (3) (4)
  • 9. binder_workbinder_work Binder async todo list binder_proc list_head todo binder_transaction (async) list_head binder_transaction (async) list_head binder_node unsigned has_async_transaction list_head async_todo
  • 10. Binder transaction dump flow  // anr log 20141008_023114.txt  proc 7472 //android.process.media  pending async transaction 8896728: ffff8800104e7f80 from 0:0 to 7472:0 code 25 flags 11 pri -20 r0 node 4631132 size 124:8 data ffffc90007805790  … 在binder driver裡找 binder_procs紀錄的 每一個binder_proc dump出該 binder_proc裡proc todo list裡串接的每 個binder_transaction dump出該 binder_transaction對 應的binder_node dump出該 binder_transaction連 接的binder_buffer • 每一個async binder transaction都是由同一個target binder_node所記錄,而 binder driver會根據target proc是否已有binder thread專門處理async binder transaction,有的話則將transaction串接到該thread的todo list;反之則串 接到target proc的todo list,等待binder driver指定binder thread執行 • Binder debug info path: /sys/kernel/debug/binder/
  • 11. binder_workbinder_work Binder transaction linked list binder_proc list_head todo binder_transaction list_head binder_transaction list_head binder_workbinder_work binder_thread list_head todo binder_transaction list_head binder_transaction list_head *proc
  • 12. Proc2 Binder driver sync transaction example T binder_transaction_stack NULL from_parent TODO T th1 TODO complete binder_thread_read()binder_thread_write() thread 1 thread 2 add list tail add list tail th1 stack th1->SP T_D copy to user Proc2 TODO T Wakeup a sleep thread of Proc2 th1 TODO complete proc 14054 thread 14073: l 10 transaction complete pending transaction 39997494: ffffffc09a69ec00 from 0:0 to 14054:14073 code 0 flags 0 pri 0 r0 size 48:8 d ata ffffff8004700050
  • 13. Binder driver sync transaction example (cont.) binder_thread_write()binder_thread_read() thread 1 thread 2 T th1 stack th2 stack pop T_reply th1 TODO T_reply th2 TODO complete Proc2 TODO T T NULL to_parent push th2 stack th2->SP add list tail add list tail Wait for thread2’s reply Create a reply transaction
  • 14. Binder driver sync transaction example (cont.) binder_thread_read() thread 1 thread 2 th2 TODO complete th1 TODO T_reply T_D copy to user T_replyth1 TODO
  • 15. Binder driver transaction stack : 3 threads T1 NULL from_parent thread 1 thread 3 th1 stack th1->SP thread 2 T1 T2 T2 NULL to_parent th2->SP th2 stack th3 stack th3->SP // EX: 15685(gms ui), 1475(SS), 311(SF) proc 1475 thread 3235: l 11 outgoing transaction 849159: e3e87100 from 1475:3235 to 311:3944 code 1 flags 10 pri -6 r1 node 811656 size 188:0 data f9700028 incoming transaction 849155: e97d8a00 from 15685:15685 to 1475:3235 code 6 flags 10 pri -6 r1 node 811602 size 104:4 data f2d000b4 buffer 16570: f2d00028 size 16:4 delivered buffer 4065: f2d00064 size 0:0 delivered from_parent NULL to_parent T1 transaction T2 transaction 1 2
  • 16. Binder driver transaction stack : 2 threads T1 NULL from_parent thread 1 th1 stack thread 2 T1 T2th2->SP th2 stack to_parent NULL to_parent T2 from_parent th1->SP T1 transaction T2 transaction 1 2
  • 17. Binder系統中3種threads  Binder main thread  此thread創建過程中會調用startThreadPool() -> spawnPooledThread(true // boolean isMain), 命名規則為 “Binder:<PID>_1”, binder main thread不會退出  Binder normal threads  由binder driver判斷是否有空閒的binder thread來決定是否調用-> spawnPooledThread(false), 命名規則為 “Binder:<PID>_X”, 空閒不用時, 此 thread可以退出  調用ProcessState::self()->setThreadPoolMaxThreadCount(int Y); 限制可spawn 的thread個數, Ex: X = (2~Y+1)  Default Y=15, Android N之後新增JNI method可從Java層設定  Binder other threads  指並沒有調用上述的spawnPooledThread(),而是直接調用 IPC.joinThreadPool(),將當前thread直接加入binder thread pool,沒有命名 規則。EX: mediaserver、audioserver、servicemanager的main thread都是 binder thread,但system_server的main thread並非binder thread。
  • 18. User buffer 1. 從ptr取資料放到binder_transaction_data 2. 執行binder_transaction()時, cmd != BC_REPLY 3. tr有target.handle值 -> 取得ref (有handle值一定存在相對應的ref) -> 取得對應的node 和 proc 4. For ONEWAY的binder_transaction, target_thread為NULL, 會將此 binder_transaction加入target_proc的todo list 5. 設定binder_transaction的內部參數, 設定binder_transaction的buffer buffer ptr consumed size
  • 19. User buffer (cont.) 5. copy_from_user(): loop讀取buffer裡所有的資料(data, node, ref), 並執 行相對應的動作(建立node, ref , …etc) 6. 假如target_node已經在處理async transaction, 新加入的async transaction會被放到該target_node的async todo list; 否則放到proc的 todo list, 並喚醒在proc裡(thread pool)空閒的thread去執行 7. 在from thread的todo list 加入一個 BINDER_WORK_TRANSACTION_COMPLETE type的binder work, 表示完 成這一次的binder transaction  當該binder transaction不需reply或屬於TF_ONE_WAY, 則該 binder_transaction裡的(binder_thread *)from會指向null, binder.c +1484 buffer ptr consumed size