From nobody Thu May 7 20:24:04 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8126C433F5 for ; Thu, 19 May 2022 18:35:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244029AbiESSfG (ORCPT ); Thu, 19 May 2022 14:35:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232411AbiESSfD (ORCPT ); Thu, 19 May 2022 14:35:03 -0400 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 441959C2E7 for ; Thu, 19 May 2022 11:35:01 -0700 (PDT) Received: by mail-pl1-x629.google.com with SMTP id n18so5524394plg.5 for ; Thu, 19 May 2022 11:35:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ecdur9XufFI8zbwKdiWHMKaTI7vESFiy8Yk7GYSE4gA=; b=B1/7zSwjBb98BU9ac9lGCU0WD8dnXaI5ZYZyNGAdBXF49xV04P2gVELF1lejOSxurH sedTlimxeDS+A6salf07xpKJT9MruuJrhJzC+6RlcD1oakDgpDqFtgrd8x2HBprxO00O LfgWWMw6oAP4mhoEfiba360jsW/1Z01Gt6zjE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ecdur9XufFI8zbwKdiWHMKaTI7vESFiy8Yk7GYSE4gA=; b=sveISb+jCpuxmwdP5KLMCogNDupH3W3NSCOscQoSeU5nm3gLCt8Fyh/Sogx/GRmewh 344w+HGxHgTpqT2mtQyHtagKrPuOreICtvgCbUCuyQTTOxt+NcTKkL5p6EVP9nC2Ws0b 3iqeTW6WipzLqMLt9QQTnrtwjarTbD6gav9qq6Nc7+TRMKKNLarOubVrhdWKAu8VDX7m pPfkVDd0cH6Df9kJOxgNyyH706qmsB6dQwVbHHndUNIlPyZIrWehJS5wpf026yf8L7g6 +3k0pWARf56PhHkY+xpcElIVxTRWjFlJrAv0gAInB2vtvL5qOTV7eF6R2h0csCvEi/0A TVcQ== X-Gm-Message-State: AOAM533Lr6vhGzEg31CPGGVqVr0MVLfVNp9mKYlyCYA38/Olo9shKLom u56tAC2AAzO8lxEt4m4i0id59Q== X-Google-Smtp-Source: ABdhPJw73R+sdZ8uQgvfCZ9kdx/358G++rxNAHbBEGIgtpu9K3TrxdIkHh2HaFNXuEwY1KbTwg3IXA== X-Received: by 2002:a17:90a:b017:b0:1df:6f31:c273 with SMTP id x23-20020a17090ab01700b001df6f31c273mr6500731pjq.167.1652985300785; Thu, 19 May 2022 11:35:00 -0700 (PDT) Received: from li-cloudtop.c.googlers.com.com (132.111.125.34.bc.googleusercontent.com. [34.125.111.132]) by smtp.gmail.com with ESMTPSA id p10-20020a62b80a000000b0050dc76281b3sm4600525pfe.141.2022.05.19.11.34.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 May 2022 11:35:00 -0700 (PDT) From: Li Li To: dualli@google.com, tkjos@google.com, gregkh@linuxfoundation.org, christian@brauner.io, arve@android.com, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, maco@google.com, hridya@google.com, surenb@google.com Cc: joel@joelfernandes.org, kernel-team@android.com Subject: [PATCH v2] Binder: add TF_UPDATE_TXN to replace outdated txn Date: Thu, 19 May 2022 11:34:54 -0700 Message-Id: <20220519183454.1660573-1-dualli@chromium.org> X-Mailer: git-send-email 2.36.1.124.g0e6072fb45-goog In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Li Li When the target process is busy, incoming oneway transactions are queued in the async_todo list. If the clients continue sending extra oneway transactions while the target process is frozen, this queue can become too large to accommodate new transactions. That's why binder driver introduced ONEWAY_SPAM_DETECTION to detect this situation. It's helpful to debug the async binder buffer exhausting issue, but the issue itself isn't solved directly. In real cases applications are designed to send oneway transactions repeatedly, delivering updated inforamtion to the target process. Typical examples are Wi-Fi signal strength and some real time sensor data. Even if the apps might only care about the lastet information, all outdated oneway transactions are still accumulated there until the frozen process is thawed later. For this kind of situations, there's no existing method to skip those outdated transactions and deliver the latest one only. This patch introduces a new transaction flag TF_UPDATE_TXN. To use it, use apps can set this new flag along with TF_ONE_WAY. When such an oneway transaction is to be queued into the async_todo list of a frozen process, binder driver will check if any previous pending transactions can be superseded by comparing their code, flags and target node. If such an outdated pending transaction is found, the latest transaction will supersede that outdated one. This effectively prevents the async binder buffer running out and saves unnecessary binder read workloads. Signed-off-by: Li Li --- drivers/android/binder.c | 85 ++++++++++++++++++++++++++++- drivers/android/binder_trace.h | 4 ++ include/uapi/linux/android/binder.h | 1 + 3 files changed, 87 insertions(+), 3 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f3b639e89dd8..bb968cf2f9ec 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2594,6 +2594,56 @@ static int binder_fixup_parent(struct list_head *pf_= head, return binder_add_fixup(pf_head, buffer_offset, bp->buffer, 0); } =20 +/** + * binder_can_update_transaction() - Can a txn be superseded by an updated= one? + * @t1: the pending async txn in the frozen process + * @t2: the new async txn to supersede the outdated pending one + * + * Return: true if t2 can supersede t1 + * false if t2 can not supersede t1 + */ +static bool binder_can_update_transaction(struct binder_transaction *t1, + struct binder_transaction *t2) +{ + if ((t1->flags & t2->flags & (TF_ONE_WAY | TF_UPDATE_TXN)) !=3D + (TF_ONE_WAY | TF_UPDATE_TXN) || !t1->to_proc || !t2->to_proc) + return false; + if (t1->to_proc->tsk =3D=3D t2->to_proc->tsk && t1->code =3D=3D t2->code = && + t1->flags =3D=3D t2->flags && t1->buffer->pid =3D=3D t2->buffer->pid = && + t1->buffer->target_node->ptr =3D=3D t2->buffer->target_node->ptr && + t1->buffer->target_node->cookie =3D=3D t2->buffer->target_node->cooki= e) + return true; + return false; +} + +/** + * binder_find_outdated_transaction_ilocked() - Find the outdated transact= ion + * @t: new async transaction + * @target_list: list to find outdated transaction + * + * Return: the outdated transaction if found + * NULL if no outdated transacton can be found + * + * Requires the proc->inner_lock to be held. + */ +static struct binder_transaction * +binder_find_outdated_transaction_ilocked(struct binder_transaction *t, + struct list_head *target_list) +{ + struct binder_work *w; + + list_for_each_entry(w, target_list, entry) { + struct binder_transaction *t_queued; + + if (w->type !=3D BINDER_WORK_TRANSACTION) + continue; + t_queued =3D container_of(w, struct binder_transaction, work); + if (binder_can_update_transaction(t_queued, t)) + return t_queued; + } + return NULL; +} + /** * binder_proc_transaction() - sends a transaction to a process and wakes = it up * @t: transaction to send @@ -2619,6 +2669,7 @@ static int binder_proc_transaction(struct binder_tran= saction *t, struct binder_node *node =3D t->buffer->target_node; bool oneway =3D !!(t->flags & TF_ONE_WAY); bool pending_async =3D false; + struct binder_transaction *t_outdated =3D NULL; =20 BUG_ON(!node); binder_node_lock(node); @@ -2646,12 +2697,24 @@ static int binder_proc_transaction(struct binder_tr= ansaction *t, if (!thread && !pending_async) thread =3D binder_select_thread_ilocked(proc); =20 - if (thread) + if (thread) { binder_enqueue_thread_work_ilocked(thread, &t->work); - else if (!pending_async) + } else if (!pending_async) { binder_enqueue_work_ilocked(&t->work, &proc->todo); - else + } else { + if ((t->flags & TF_UPDATE_TXN) && proc->is_frozen) { + t_outdated =3D binder_find_outdated_transaction_ilocked(t, + &node->async_todo); + if (t_outdated) { + binder_debug(BINDER_DEBUG_TRANSACTION, + "txn %d supersedes %d\n", + t->debug_id, t_outdated->debug_id); + list_del_init(&t_outdated->work.entry); + proc->outstanding_txns--; + } + } binder_enqueue_work_ilocked(&t->work, &node->async_todo); + } =20 if (!pending_async) binder_wakeup_thread_ilocked(proc, thread, !oneway /* sync */); @@ -2660,6 +2723,22 @@ static int binder_proc_transaction(struct binder_tra= nsaction *t, binder_inner_proc_unlock(proc); binder_node_unlock(node); =20 + /* + * To reduce potential contention, free the outdated transaction and + * buffer after releasing the locks. + */ + if (t_outdated) { + struct binder_buffer *buffer =3D t_outdated->buffer; + + t_outdated->buffer =3D NULL; + buffer->transaction =3D NULL; + trace_binder_transaction_update_buffer_release(buffer); + binder_transaction_buffer_release(proc, NULL, buffer, 0, 0); + binder_alloc_free_buf(&proc->alloc, buffer); + kfree(t_outdated); + binder_stats_deleted(BINDER_STAT_TRANSACTION); + } + return 0; } =20 diff --git a/drivers/android/binder_trace.h b/drivers/android/binder_trace.h index 8eeccdc64724..8cc07e6a4273 100644 --- a/drivers/android/binder_trace.h +++ b/drivers/android/binder_trace.h @@ -311,6 +311,10 @@ DEFINE_EVENT(binder_buffer_class, binder_transaction_f= ailed_buffer_release, TP_PROTO(struct binder_buffer *buffer), TP_ARGS(buffer)); =20 +DEFINE_EVENT(binder_buffer_class, binder_transaction_update_buffer_release, + TP_PROTO(struct binder_buffer *buffer), + TP_ARGS(buffer)); + TRACE_EVENT(binder_update_page_range, TP_PROTO(struct binder_alloc *alloc, bool allocate, void __user *start, void __user *end), diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/andro= id/binder.h index 11157fae8a8e..0b291b1d29d1 100644 --- a/include/uapi/linux/android/binder.h +++ b/include/uapi/linux/android/binder.h @@ -271,6 +271,7 @@ enum transaction_flags { TF_STATUS_CODE =3D 0x08, /* contents are a 32-bit status code */ TF_ACCEPT_FDS =3D 0x10, /* allow replies with file descriptors */ TF_CLEAR_BUF =3D 0x20, /* clear buffer on txn complete */ + TF_UPDATE_TXN =3D 0x40, /* update the outdated pending async txn */ }; =20 struct binder_transaction_data { --=20 2.36.1.124.g0e6072fb45-goog