1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <android-base/logging.h>
18 #include <binder/Binder.h>
19 #include <binder/Functional.h>
20 #include <binder/IServiceManager.h>
21 #include <binder/Parcel.h>
22 #include <binder/RpcServer.h>
23 #include <binder/RpcSession.h>
24 #include <cutils/trace.h>
25 #include <gtest/gtest.h>
26 #include <utils/CallStack.h>
27 
28 #include <malloc.h>
29 #include <functional>
30 #include <vector>
31 
32 using namespace android::binder::impl;
33 
34 static android::String8 gEmpty(""); // make sure first allocation from optimization runs
35 
36 struct DestructionAction {
DestructionActionDestructionAction37     DestructionAction(std::function<void()> f) : mF(std::move(f)) {}
~DestructionActionDestructionAction38     ~DestructionAction() { mF(); };
39 private:
40     std::function<void()> mF;
41 };
42 
43 // Group of hooks
44 struct MallocHooks {
45     decltype(__malloc_hook) malloc_hook;
46     decltype(__realloc_hook) realloc_hook;
47 
saveMallocHooks48     static MallocHooks save() {
49         return {
50             .malloc_hook = __malloc_hook,
51             .realloc_hook = __realloc_hook,
52         };
53     }
54 
overwriteMallocHooks55     void overwrite() const {
56         __malloc_hook = malloc_hook;
57         __realloc_hook = realloc_hook;
58     }
59 };
60 
61 static const MallocHooks orig_malloc_hooks = MallocHooks::save();
62 
63 // When malloc is hit, executes lambda.
64 namespace LambdaHooks {
65     using AllocationHook = std::function<void(size_t)>;
66     static std::vector<AllocationHook> lambdas = {};
67 
68     static void* lambda_realloc_hook(void* ptr, size_t bytes, const void* arg);
69     static void* lambda_malloc_hook(size_t bytes, const void* arg);
70 
71     static const MallocHooks lambda_malloc_hooks = {
72         .malloc_hook = lambda_malloc_hook,
73         .realloc_hook = lambda_realloc_hook,
74     };
75 
lambda_malloc_hook(size_t bytes,const void * arg)76     static void* lambda_malloc_hook(size_t bytes, const void* arg) {
77         {
78             orig_malloc_hooks.overwrite();
79             lambdas.at(lambdas.size() - 1)(bytes);
80             lambda_malloc_hooks.overwrite();
81         }
82         return orig_malloc_hooks.malloc_hook(bytes, arg);
83     }
84 
lambda_realloc_hook(void * ptr,size_t bytes,const void * arg)85     static void* lambda_realloc_hook(void* ptr, size_t bytes, const void* arg) {
86         {
87             orig_malloc_hooks.overwrite();
88             lambdas.at(lambdas.size() - 1)(bytes);
89             lambda_malloc_hooks.overwrite();
90         }
91         return orig_malloc_hooks.realloc_hook(ptr, bytes, arg);
92     }
93 
94 }
95 
96 // Action to execute when malloc is hit. Supports nesting. Malloc is not
97 // restricted when the allocation hook is being processed.
98 __attribute__((warn_unused_result))
OnMalloc(LambdaHooks::AllocationHook f)99 DestructionAction OnMalloc(LambdaHooks::AllocationHook f) {
100     MallocHooks before = MallocHooks::save();
101     LambdaHooks::lambdas.emplace_back(std::move(f));
102     LambdaHooks::lambda_malloc_hooks.overwrite();
103     return DestructionAction([before]() {
104         before.overwrite();
105         LambdaHooks::lambdas.pop_back();
106     });
107 }
108 
109 // exported symbol, to force compiler not to optimize away pointers we set here
110 const void* imaginary_use;
111 
TEST(TestTheTest,OnMalloc)112 TEST(TestTheTest, OnMalloc) {
113     size_t mallocs = 0;
114     {
115         const auto on_malloc = OnMalloc([&](size_t bytes) {
116             mallocs++;
117             EXPECT_EQ(bytes, 40u);
118         });
119 
120         imaginary_use = new int[10];
121     }
122     EXPECT_EQ(mallocs, 1u);
123 }
124 
125 
126 __attribute__((warn_unused_result))
ScopeDisallowMalloc()127 DestructionAction ScopeDisallowMalloc() {
128     return OnMalloc([&](size_t bytes) {
129         ADD_FAILURE() << "Unexpected allocation: " << bytes;
130         using android::CallStack;
131         std::cout << CallStack::stackToString("UNEXPECTED ALLOCATION", CallStack::getCurrent(4 /*ignoreDepth*/).get())
132                   << std::endl;
133     });
134 }
135 
136 using android::BBinder;
137 using android::defaultServiceManager;
138 using android::IBinder;
139 using android::IServiceManager;
140 using android::OK;
141 using android::Parcel;
142 using android::RpcServer;
143 using android::RpcSession;
144 using android::sp;
145 using android::status_t;
146 using android::statusToString;
147 using android::String16;
148 
GetRemoteBinder()149 static sp<IBinder> GetRemoteBinder() {
150     // This gets binder representing the service manager
151     // the current IServiceManager API doesn't expose the binder, and
152     // I want to avoid adding usages of the AIDL generated interface it
153     // is using underneath, so to avoid people copying it.
154     sp<IBinder> binder = defaultServiceManager()->checkService(String16("manager"));
155     EXPECT_NE(nullptr, binder);
156     return binder;
157 }
158 
TEST(BinderAllocation,ParcelOnStack)159 TEST(BinderAllocation, ParcelOnStack) {
160     const auto m = ScopeDisallowMalloc();
161     Parcel p;
162     imaginary_use = p.data();
163 }
164 
TEST(BinderAllocation,GetServiceManager)165 TEST(BinderAllocation, GetServiceManager) {
166     defaultServiceManager(); // first call may alloc
167     const auto m = ScopeDisallowMalloc();
168     defaultServiceManager();
169 }
170 
171 // note, ping does not include interface descriptor
TEST(BinderAllocation,PingTransaction)172 TEST(BinderAllocation, PingTransaction) {
173     sp<IBinder> a_binder = GetRemoteBinder();
174     const auto m = ScopeDisallowMalloc();
175     a_binder->pingBinder();
176 }
177 
TEST(BinderAllocation,MakeScopeGuard)178 TEST(BinderAllocation, MakeScopeGuard) {
179     const auto m = ScopeDisallowMalloc();
180     {
181         auto guard1 = make_scope_guard([] {});
182         guard1.release();
183 
184         auto guard2 = make_scope_guard([&guard1, ptr = imaginary_use] {
185             if (ptr == nullptr) guard1.release();
186         });
187     }
188 }
189 
TEST(BinderAllocation,InterfaceDescriptorTransaction)190 TEST(BinderAllocation, InterfaceDescriptorTransaction) {
191     sp<IBinder> a_binder = GetRemoteBinder();
192 
193     size_t mallocs = 0;
194     const auto on_malloc = OnMalloc([&](size_t bytes) {
195         mallocs++;
196         // Happens to be SM package length. We could switch to forking
197         // and registering our own service if it became an issue.
198 #if defined(__LP64__)
199         EXPECT_EQ(bytes, 78u);
200 #else
201         EXPECT_EQ(bytes, 70u);
202 #endif
203     });
204 
205     a_binder->getInterfaceDescriptor();
206     a_binder->getInterfaceDescriptor();
207     a_binder->getInterfaceDescriptor();
208 
209     EXPECT_EQ(mallocs, 1u);
210 }
211 
TEST(BinderAllocation,SmallTransaction)212 TEST(BinderAllocation, SmallTransaction) {
213     String16 empty_descriptor = String16("");
214     sp<IServiceManager> manager = defaultServiceManager();
215 
216     size_t mallocs = 0;
217     const auto on_malloc = OnMalloc([&](size_t bytes) {
218         mallocs++;
219         // Parcel should allocate a small amount by default
220         EXPECT_EQ(bytes, 128u);
221     });
222     manager->checkService(empty_descriptor);
223 
224     EXPECT_EQ(mallocs, 1u);
225 }
226 
TEST(RpcBinderAllocation,SetupRpcServer)227 TEST(RpcBinderAllocation, SetupRpcServer) {
228     std::string tmp = getenv("TMPDIR") ?: "/tmp";
229     std::string addr = tmp + "/binderRpcBenchmark";
230     (void)unlink(addr.c_str());
231     auto server = RpcServer::make();
232     server->setRootObject(sp<BBinder>::make());
233 
234     ASSERT_EQ(OK, server->setupUnixDomainServer(addr.c_str()));
235 
236     std::thread([server]() { server->join(); }).detach();
237 
238     auto session = RpcSession::make();
239     status_t status = session->setupUnixDomainClient(addr.c_str());
240     ASSERT_EQ(status, OK) << "Could not connect: " << addr << ": " << statusToString(status).c_str();
241 
242     auto remoteBinder = session->getRootObject();
243     ASSERT_NE(remoteBinder, nullptr);
244 
245     size_t mallocs = 0, totalBytes = 0;
246     {
247         const auto on_malloc = OnMalloc([&](size_t bytes) {
248             mallocs++;
249             totalBytes += bytes;
250         });
251         ASSERT_EQ(OK, remoteBinder->pingBinder());
252     }
253     EXPECT_EQ(mallocs, 1u);
254     EXPECT_EQ(totalBytes, 40u);
255 }
256 
main(int argc,char ** argv)257 int main(int argc, char** argv) {
258     if (getenv("LIBC_HOOKS_ENABLE") == nullptr) {
259         CHECK(0 == setenv("LIBC_HOOKS_ENABLE", "1", true /*overwrite*/));
260         execv(argv[0], argv);
261         return 1;
262     }
263     ::testing::InitGoogleTest(&argc, argv);
264 
265     // if tracing is enabled, take in one-time cost
266     (void)ATRACE_INIT();
267     (void)ATRACE_GET_ENABLED_TAGS();
268 
269     return RUN_ALL_TESTS();
270 }
271