[re_kernel] 优化 binder 被冻结时的体验

lzghzr · Jun 23, 2024 · 1681775 · 1681775
1 parent 9e3ace7
commit 1681775
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 14 deletions.
diff --git a/re_kernel/Makefile b/re_kernel/Makefile
@@ -1,4 +1,4 @@
-RK_VERSION := 6.0.5
+RK_VERSION := 6.0.6
 
 ifndef KP_DIR
     KP_DIR = ../KernelPatch

diff --git a/re_kernel/README.md b/re_kernel/README.md
@@ -3,6 +3,8 @@
 配合墓碑模块，当应用收到 `binder` 同步信息时，临时解冻被冻结的应用
 
 ## 更新记录
+### 6.0.6
+优化 binder 被冻结时的体验
 ### 6.0.5
 变更 binder_proc->context 的搜索条件<br />
 变更 task_struct->jobctl 获取方式<br />

diff --git a/re_kernel/re_kernel.c b/re_kernel/re_kernel.c
@@ -117,7 +117,7 @@ int kfunc_def(get_cmdline)(struct task_struct* task, char* buffer, int buflen);
 
 // 最好初始化一个大于 0xffffffff 的值, 否则编译器优化后, 全局变量可能出错
 static uint64_t task_struct_jobctl_offset = UZERO, task_struct_pid_offset = UZERO, task_struct_group_leader_offset = UZERO,
-binder_proc_alloc_offset = UZERO, binder_proc_context_offset = UZERO, binder_proc_inner_lock_offset = UZERO, binder_proc_outer_lock_offset = UZERO, binder_proc_is_frozen = UZERO,
+binder_proc_alloc_offset = UZERO, binder_proc_context_offset = UZERO, binder_proc_inner_lock_offset = UZERO, binder_proc_outer_lock_offset = UZERO, binder_proc_is_frozen_offset = UZERO,
 binder_alloc_pid_offset = UZERO, binder_alloc_buffer_size_offset = UZERO, binder_alloc_free_async_space_offset = UZERO, binder_alloc_vma_offset = UZERO,
 // 实际上会被编译器优化为 bool
 binder_transaction_buffer_release_ver5 = UZERO, binder_transaction_buffer_release_ver4 = UZERO;
@@ -159,8 +159,8 @@ static inline void binder_inner_proc_unlock(struct binder_proc* proc) {
 // binder_is_frozen
 static inline bool binder_is_frozen(struct binder_proc* proc) {
   bool is_frozen = false;
-  if (binder_proc_is_frozen != UZERO) {
-    is_frozen = *(bool*)((uintptr_t)proc + binder_proc_is_frozen);
+  if (binder_proc_is_frozen_offset != UZERO) {
+    is_frozen = *(bool*)((uintptr_t)proc + binder_proc_is_frozen_offset);
   }
   return is_frozen;
 }
@@ -340,9 +340,6 @@ static void binder_overflow_handler(pid_t src_pid, struct task_struct* src, pid_
 static void rekernel_binder_transaction(void* data, bool reply, struct binder_transaction* t, struct binder_node* target_node) {
   if (!t->to_proc)
     return;
-  // binder 冻结时不再传递消息
-  if (binder_is_frozen(t->to_proc))
-    return;
 
   if (reply) {
     binder_reply_handler(task_pid(current), current, t->to_proc->pid, t->to_proc->tsk, false);
@@ -351,6 +348,10 @@ static void rekernel_binder_transaction(void* data, bool reply, struct binder_tr
       binder_trans_handler(t->from->proc->pid, t->from->proc->tsk, t->to_proc->pid, t->to_proc->tsk, false);
     }
   } else { // oneway=1
+    // binder 冻结时增加 TF_UPDATE_TXN
+    if (binder_is_frozen(t->to_proc)) {
+      t->flags |= TF_UPDATE_TXN;
+    }
     // binder_trans_handler(task_pid(current), current, t->to_proc->pid, t->to_proc->tsk, true);
 
     struct binder_alloc* target_alloc = (struct binder_alloc*)((uintptr_t)t->to_proc + binder_proc_alloc_offset);
@@ -410,14 +411,13 @@ static inline void binder_stats_deleted(enum binder_stat_types type) {
 static void binder_proc_transaction_before(hook_fargs3_t* args, void* udata) {
   struct binder_transaction* t = (struct binder_transaction*)args->arg0;
   struct binder_proc* proc = (struct binder_proc*)args->arg1;
-  // binder 冻结时不再清理过时消息
-  if (binder_is_frozen(proc))
-    return;
-
   // 兼容不支持 trace 的内核
   if (trace == UZERO) {
     rekernel_binder_transaction(NULL, false, t, NULL);
   }
+  // binder 冻结时不再清理过时消息
+  if (t->to_proc && binder_is_frozen(t->to_proc))
+    return;
 
   if ((t->flags & TF_ONE_WAY)
     && t->to_proc
@@ -515,7 +515,7 @@ static long calculate_offsets() {
       for (u32 j = 0; j < 0x5; j++) {
         if ((binder_proc_transaction_src[i - j] & MASK_LDRB) == INST_LDRB) {
           uint64_t imm12 = bits32(binder_proc_transaction_src[i - j], 21, 10);
-          binder_proc_is_frozen = sign64_extend((imm12), 16u);
+          binder_proc_is_frozen_offset = sign64_extend((imm12), 16u);
           break;
         }
       }
@@ -721,12 +721,12 @@ re_kernel: binder_proc_alloc_offset=0x%llx\n\
 re_kernel: binder_proc_context_offset=0x%llx\n\
 re_kernel: binder_proc_inner_lock_offset=0x%llx\n\
 re_kernel: binder_proc_outer_lock_offset=0x%llx\n\
-re_kernel: binder_proc_is_frozen=0x%llx\n",
+re_kernel: binder_proc_is_frozen_offset=0x%llx\n",
 binder_proc_alloc_offset,
 binder_proc_context_offset,
 binder_proc_inner_lock_offset,
 binder_proc_outer_lock_offset,
-binder_proc_is_frozen);
+binder_proc_is_frozen_offset);
   printk("\
 re_kernel: binder_transaction_buffer_release_ver5=0x%llx\n\
 re_kernel: binder_transaction_buffer_release_ver4=0x%llx\n",