Commit a15dac8b authored by Carlos Llamas's avatar Carlos Llamas Committed by Greg Kroah-Hartman
Browse files

binder: additional transaction error logs 



Log readable and specific error messages whenever a transaction failure
happens. This will ensure better context is given to regular users about
these unique error cases, without having to decode a cryptic log.

Acked-by: default avatarTodd Kjos <tkjos@google.com>
Acked-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: default avatarCarlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20220429235644.697372-6-cmllamas@google.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 06a3494e

drivers/android/binder.c

+44 −4
Original line number Diff line number Diff line
@@ -147,6 +147,9 @@ static __printf(2, 3) void binder_debug(int mask, const char *format, ...) 
	}

}



#define binder_txn_error(x...) \

	binder_debug(BINDER_DEBUG_FAILED_TRANSACTION, x)



static __printf(1, 2) void binder_user_error(const char *format, ...)

{

	struct va_format vaf;
@@ -2834,6 +2837,8 @@ static void binder_transaction(struct binder_proc *proc, 
		if (target_thread == NULL) {

			/* annotation for sparse */

			__release(&target_thread->proc->inner_lock);

			binder_txn_error("%d:%d reply target not found\n",

				thread->pid, proc->pid);

			return_error = BR_DEAD_REPLY;

			return_error_line = __LINE__;

			goto err_dead_binder;
@@ -2899,6 +2904,8 @@ static void binder_transaction(struct binder_proc *proc, 
			}

		}

		if (!target_node) {

			binder_txn_error("%d:%d cannot find target node\n",

				thread->pid, proc->pid);

			/*

			 * return_error is set above

			 */
@@ -2908,6 +2915,8 @@ static void binder_transaction(struct binder_proc *proc, 
		}

		e->to_node = target_node->debug_id;

		if (WARN_ON(proc == target_proc)) {

			binder_txn_error("%d:%d self transactions not allowed\n",

				thread->pid, proc->pid);

			return_error = BR_FAILED_REPLY;

			return_error_param = -EINVAL;

			return_error_line = __LINE__;
@@ -2915,6 +2924,8 @@ static void binder_transaction(struct binder_proc *proc, 
		}

		if (security_binder_transaction(proc->cred,

						target_proc->cred) < 0) {

			binder_txn_error("%d:%d transaction credentials failed\n",

				thread->pid, proc->pid);

			return_error = BR_FAILED_REPLY;

			return_error_param = -EPERM;

			return_error_line = __LINE__;
@@ -2986,6 +2997,8 @@ static void binder_transaction(struct binder_proc *proc, 
	/* TODO: reuse incoming transaction for reply */

	t = kzalloc(sizeof(*t), GFP_KERNEL);

	if (t == NULL) {

		binder_txn_error("%d:%d cannot allocate transaction\n",

			thread->pid, proc->pid);

		return_error = BR_FAILED_REPLY;

		return_error_param = -ENOMEM;

		return_error_line = __LINE__;
@@ -2997,6 +3010,8 @@ static void binder_transaction(struct binder_proc *proc, 


	tcomplete = kzalloc(sizeof(*tcomplete), GFP_KERNEL);

	if (tcomplete == NULL) {

		binder_txn_error("%d:%d cannot allocate work for transaction\n",

			thread->pid, proc->pid);

		return_error = BR_FAILED_REPLY;

		return_error_param = -ENOMEM;

		return_error_line = __LINE__;
@@ -3043,6 +3058,8 @@ static void binder_transaction(struct binder_proc *proc, 
		security_cred_getsecid(proc->cred, &secid);

		ret = security_secid_to_secctx(secid, &secctx, &secctx_sz);

		if (ret) {

			binder_txn_error("%d:%d failed to get security context\n",

				thread->pid, proc->pid);

			return_error = BR_FAILED_REPLY;

			return_error_param = ret;

			return_error_line = __LINE__;
@@ -3051,7 +3068,8 @@ static void binder_transaction(struct binder_proc *proc, 
		added_size = ALIGN(secctx_sz, sizeof(u64));

		extra_buffers_size += added_size;

		if (extra_buffers_size < added_size) {

			/* integer overflow of extra_buffers_size */

			binder_txn_error("%d:%d integer overflow of extra_buffers_size\n",

				thread->pid, proc->pid);

			return_error = BR_FAILED_REPLY;

			return_error_param = -EINVAL;

			return_error_line = __LINE__;
@@ -3065,9 +3083,15 @@ static void binder_transaction(struct binder_proc *proc, 
		tr->offsets_size, extra_buffers_size,

		!reply && (t->flags & TF_ONE_WAY), current->tgid);

	if (IS_ERR(t->buffer)) {

		/*

		 * -ESRCH indicates VMA cleared. The target is dying.

		 */

		char *s;



		ret = PTR_ERR(t->buffer);

		s = (ret == -ESRCH) ? ": vma cleared, target dead or dying"

			: (ret == -ENOSPC) ? ": no space left"

			: (ret == -ENOMEM) ? ": memory allocation failed"

			: "";

		binder_txn_error("cannot allocate buffer%s", s);



		return_error_param = PTR_ERR(t->buffer);

		return_error = return_error_param == -ESRCH ?

			BR_DEAD_REPLY : BR_FAILED_REPLY;
@@ -3150,6 +3174,8 @@ static void binder_transaction(struct binder_proc *proc, 
						  t->buffer,

						  buffer_offset,

						  sizeof(object_offset))) {

			binder_txn_error("%d:%d copy offset from buffer failed\n",

				thread->pid, proc->pid);

			return_error = BR_FAILED_REPLY;

			return_error_param = -EINVAL;

			return_error_line = __LINE__;
@@ -3208,6 +3234,8 @@ static void binder_transaction(struct binder_proc *proc, 
							t->buffer,

							object_offset,

							fp, sizeof(*fp))) {

				binder_txn_error("%d:%d translate binder failed\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret;

				return_error_line = __LINE__;
@@ -3225,6 +3253,8 @@ static void binder_transaction(struct binder_proc *proc, 
							t->buffer,

							object_offset,

							fp, sizeof(*fp))) {

				binder_txn_error("%d:%d translate handle failed\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret;

				return_error_line = __LINE__;
@@ -3245,6 +3275,8 @@ static void binder_transaction(struct binder_proc *proc, 
							t->buffer,

							object_offset,

							fp, sizeof(*fp))) {

				binder_txn_error("%d:%d translate fd failed\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret;

				return_error_line = __LINE__;
@@ -3314,6 +3346,8 @@ static void binder_transaction(struct binder_proc *proc, 
								  object_offset,

								  fda, sizeof(*fda));

			if (ret) {

				binder_txn_error("%d:%d translate fd array failed\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret > 0 ? -EINVAL : ret;

				return_error_line = __LINE__;
@@ -3341,6 +3375,8 @@ static void binder_transaction(struct binder_proc *proc, 
				(const void __user *)(uintptr_t)bp->buffer,

				bp->length);

			if (ret) {

				binder_txn_error("%d:%d deferred copy failed\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret;

				return_error_line = __LINE__;
@@ -3364,6 +3400,8 @@ static void binder_transaction(struct binder_proc *proc, 
							t->buffer,

							object_offset,

							bp, sizeof(*bp))) {

				binder_txn_error("%d:%d failed to fixup parent\n",

					thread->pid, proc->pid);

				return_error = BR_FAILED_REPLY;

				return_error_param = ret;

				return_error_line = __LINE__;
@@ -3471,6 +3509,8 @@ static void binder_transaction(struct binder_proc *proc, 
	return;



err_dead_proc_or_thread:

	binder_txn_error("%d:%d dead process or thread\n",

		thread->pid, proc->pid);

	return_error_line = __LINE__;

	binder_dequeue_work(proc, tcomplete);

err_translate_failed: