ANDROID: binder: Add BINDER_GET_NODE_DEBUG_INFO ioctl

The BINDER_GET_NODE_DEBUG_INFO ioctl will return debug info on
a node.  Each successive call reusing the previous return value
will return the next node.  The data will be used by
libmemunreachable to mark the pointers with kernel references
as reachable.

Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Martijn Coenen <maco@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8f2031c52ea425672c475f89fdca4c35d9a8088a..eb8bd8d7c4c94ae6be8543d5f8c2ec3ccc7924ec 100644 (file)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -4389,6 +4389,31 @@ out:
        return ret;
 }
 
+static int binder_ioctl_get_node_debug_info(struct binder_proc *proc,
+                               struct binder_node_debug_info *info)
+{
+       struct rb_node *n;
+       binder_uintptr_t ptr = info->ptr;
+
+       memset(info, 0, sizeof(*info));
+
+       binder_inner_proc_lock(proc);
+       for (n = rb_first(&proc->nodes); n != NULL; n = rb_next(n)) {
+               struct binder_node *node = rb_entry(n, struct binder_node,
+                                                   rb_node);
+               if (node->ptr > ptr) {
+                       info->ptr = node->ptr;
+                       info->cookie = node->cookie;
+                       info->has_strong_ref = node->has_strong_ref;
+                       info->has_weak_ref = node->has_weak_ref;
+                       break;
+               }
+       }
+       binder_inner_proc_unlock(proc);
+
+       return 0;
+}
+
 static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 {
        int ret;
@@ -4458,6 +4483,24 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                }
                break;
        }
+       case BINDER_GET_NODE_DEBUG_INFO: {
+               struct binder_node_debug_info info;
+
+               if (copy_from_user(&info, ubuf, sizeof(info))) {
+                       ret = -EFAULT;
+                       goto err;
+               }
+
+               ret = binder_ioctl_get_node_debug_info(proc, &info);
+               if (ret < 0)
+                       goto err;
+
+               if (copy_to_user(ubuf, &info, sizeof(info))) {
+                       ret = -EFAULT;
+                       goto err;
+               }
+               break;
+       }
        default:
                ret = -EINVAL;
                goto err;

diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h
index 7668b5791c91ad0eb9fe05ff6ba5a7a2e19be66a..84a9a0944e13501e3db7de994a2124e92d88f492 100644 (file)
--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -186,6 +186,19 @@ struct binder_version {
 #define BINDER_CURRENT_PROTOCOL_VERSION 8
 #endif
 
+/*
+ * Use with BINDER_GET_NODE_DEBUG_INFO, driver reads ptr, writes to all fields.
+ * Set ptr to NULL for the first call to get the info for the first node, and
+ * then repeat the call passing the previously returned value to get the next
+ * nodes.  ptr will be 0 when there are no more nodes.
+ */
+struct binder_node_debug_info {
+       binder_uintptr_t ptr;
+       binder_uintptr_t cookie;
+       __u32            has_strong_ref;
+       __u32            has_weak_ref;
+};
+
 #define BINDER_WRITE_READ              _IOWR('b', 1, struct binder_write_read)
 #define BINDER_SET_IDLE_TIMEOUT                _IOW('b', 3, __s64)
 #define BINDER_SET_MAX_THREADS         _IOW('b', 5, __u32)
@@ -193,6 +206,7 @@ struct binder_version {
 #define BINDER_SET_CONTEXT_MGR         _IOW('b', 7, __s32)
 #define BINDER_THREAD_EXIT             _IOW('b', 8, __s32)
 #define BINDER_VERSION                 _IOWR('b', 9, struct binder_version)
+#define BINDER_GET_NODE_DEBUG_INFO     _IOWR('b', 11, struct binder_node_debug_info)
 
 /*
  * NOTE: Two special error codes you should check for when calling