From: greg@kroah.com (Greg KH)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Android Binder Issue
Date: Tue, 17 Mar 2015 21:43:16 +0100 [thread overview]
Message-ID: <20150317204316.GA5844@kroah.com> (raw)
In-Reply-To: <CABEmWXEofckA5xt2GXAWRbBZjaZHSUjux2VNzdmR52sDihVaJg@mail.gmail.com>
On Tue, Mar 17, 2015 at 01:04:40PM -0400, David Legault wrote:
> Hello,
>
> I'm trying to debug an issue I'm encountering on kernel 3.4 in the android
> binder.?
> Basically in the function binder_update_page_range it allocates a page. If I?
> understand correctly the next part, it maps this page_addr to the page in
> kernel?
> space and then maps the user process addr to the same page.
>
> http://lxr.free-electrons.com/source/drivers/staging/android/binder.c?v=3.4#
> L611
>
> If I attempt to use virt_to_head_page(page_addr) after all this is
> accomplished, I
> should get back the page that was just allocated and mapped, but that's not
> what
> I observe on my system as seen in the log below.
>
> [ ? 20.960786] ( ? 25.557586) binder_open: 219:219
> [ ? 20.960827] ( ? 25.557617) binder_ioctl: 219:219 c0046209 be9a7938
> [ ? 20.960841] ( ? 25.557617) binder_ioctl: 219:219 40046205 be9a793c
> [ ? 20.960857] ( ? 25.557647) binder_mmap: 219 b6c02000-b6d00000 (1016 K) vma
> 200071 pagep 79f
> [ ? 20.960907] ( ? 25.557708) binder: 219: allocate pages cb300000-cb301000
> *** binder allocated page here (nil == first_page value)
> [ ? 20.960922] ( ? 25.557708) binder: page_alloc cd958238 ? ?(nil)
> *** dump of the page
> [ ? 20.960931] ( ? 25.557708) page:cd958238 count:1 mapcount:0 mapping: ? (nil)
> index:0x0
> [ ? 20.960939] ( ? 25.557739) page flags: 0x0()
> *** first attempt of virt_to_head_page(page_addr) before kernel mapping + dump
> of returned page
> *** which shows it's uninitialized ?(aaaaaaaa = first_page value)
> [ ? 20.960947] ( ? 25.557739) virt_to_head_page cd392c00
> [ ? 20.960955] ( ? 25.557739) compound_head_by_tail cd392c00 aaaaaaaa
> [ ? 20.960965] ( ? 25.557769) page:cd392c00 count:-1431655766
> mapcount:-1431655765 mapping:aaaaaaaa index:0xaaaaaaaa
> [ ? 20.960973] ( ? 25.557769) page flags: 0xaaaaaaaa(error|uptodate|lru|slab|
> arch_1|private|writeback|tail|mappedtodisk|swapbacked|mlocked)
> [ ? 20.960981] ( ? 25.557769) virt_to_head_page cd9681bc
> [ ? 20.960997] ( ? 25.557800) virt_to_head_page cd967c1c
> *** before kernel + user space mapping calls
> [ ? 20.961551] ( ? 25.558349) binder: addr cb300000 page aaaaaaaa
> *** after kernel + user space mapping calls - dump allocated page again
> [ ? 20.961566] ( ? 25.558349) page:cd958238 count:2 mapcount:1 mapping: ? (nil)
> index:0x0
> [ ? 20.961574] ( ? 25.558380) page flags: 0x200(arch_1)
> *** second attempt of virt_to_head_page(page_addr) expecting
> *** that allocated page above would be mapped to this address
> [ ? 20.961584] ( ? 25.558380) binder: addr cb300000 page aaaaaaaa
> [ ? 20.961595] ( ? 25.558380) binder: 219: add free buffer, size 1040344, at
> cb300000
> [ ? 20.961605] ( ? 25.558410) binder_mmap: 219 b6c02000-b6d00000 maps cb300000
> ?
> Blows up on invalid page access 'aaaaaaaa' a while later.
Never use binder on it's "own" always use the Android binder library
instead, otherwise bad things will happen. Trust me, very bad things...
Also, 3.4 is really old, try a "modern" kernel please :)
good luck,
greg k-h
prev parent reply other threads:[~2015-03-17 20:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-17 17:04 Android Binder Issue David Legault
2015-03-17 20:43 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150317204316.GA5844@kroah.com \
--to=greg@kroah.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).