binder call fail caused by no address space

background

近期项目反馈开机log里有binder报错如下,开机后,就正常了。

[  264.315743@1] binder: 5591: binder_alloc_buf size 87696 failed, no address space
[  264.325729@1] binder: 5591: binder_alloc_buf size 87696 failed, no address space
[  264.337669@2] binder: 5591: binder_alloc_buf size 87696 failed, no address space
[  264.339720@3] binder: 5591: binder_alloc_buf size 87696 failed, no address space

no address space表明进程的binder buffer用完了。默认情况下每个进程的binder buffer是1MB,如果binder buffer耗尽,首先要怀疑binder buffer存在泄露。

frameworks/native/libs/binder/ProcessState.cpp

#define BINDER_VM_SIZE ((1 * 1024 * 1024) - sysconf(_SC_PAGE_SIZE) * 2)

但是开机后,就没有这样的log了。而且进程pid 5591的binder debugfs 节点也没有发现异常。所以这个case并不是binder buffer泄露。

root@MagicProjector_A1S:/ # cat d/binder/proc/5591                             
binder proc state:
proc 5591
  thread 5591: l 00
  thread 5619: l 12
  thread 5620: l 11
  thread 5675: l 00
  thread 5679: l 00
  thread 5684: l 00
  thread 6699: l 00
  thread 6702: l 00
  thread 6703: l 00
  thread 6707: l 00
  thread 6709: l 00
  thread 6710: l 00
  thread 6711: l 00
  thread 6712: l 00
  node 20090: u00000000ab058e38 c00000000ab058400 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 9884: u00000000ab06aa18 c00000000ab06a9f8 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 9903: u00000000ab06bc80 c00000000ab06bc60 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 10124: u00000000ab074850 c00000000ab07a0f0 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 20184: u00000000ab09a898 c00000000ab0ba730 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 20461: u00000000ab09b9a0 c00000000ab071b48 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 20753: u00000000ab0db840 c00000000ab0db820 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  node 22531: u00000000ab112368 c00000000ab106b70 hs 1 hw 1 ls 0 lw 0 is 1 iw 1 proc 4097
  ref 9879: desc 0 node 1 s 1 w 1 d           (null)
  ref 9882: desc 1 node 632 s 1 w 1 d           (null)
  ref 9887: desc 2 node 622 s 1 w 1 d           (null)
  ref 9888: desc 3 node 750 s 1 w 1 d           (null)
  ref 9889: desc 4 node 797 s 1 w 1 d           (null)
  ref 9897: desc 5 node 206 s 1 w 1 d           (null)
  ref 9910: desc 6 node 1037 s 1 w 1 d           (null)
  ref 9939: desc 7 node 993 s 1 w 1 d           (null)
  ref 10048: desc 8 node 1734 s 1 w 1 d           (null)
  ref 20096: desc 9 node 20095 s 1 w 1 d           (null)
  ref 10176: desc 10 node 1972 s 1 w 1 d ffffffc016dec9c0
  ref 10221: desc 11 node 1796 s 1 w 1 d           (null)
  ref 10223: desc 12 node 10222 s 1 w 1 d           (null)
  ref 10236: desc 13 node 700 s 1 w 0 d           (null)
  ref 20697: desc 14 node 200 s 1 w 1 d           (null)
  ref 20742: desc 15 node 951 s 1 w 1 d           (null)
  ref 20745: desc 16 node 5169 s 1 w 1 d ffffffc018c6b840
  ref 20931: desc 17 node 180 s 1 w 1 d ffffffc0198acbc0
  ref 20938: desc 18 node 1025 s 1 w 1 d           (null)
  ref 22529: desc 19 node 732 s 1 w 1 d           (null)
  ref 22534: desc 20 node 4956 s 1 w 1 d           (null)
  buffer 10235: ffffff8013f00050 size 24:8 delivered
  buffer 21121: ffffff8013f00708 size 216:0 delivered
  buffer 21268: ffffff8013f00830 size 8036:0 delivered
  buffer 21894: ffffff8013f027e8 size 216:0 delivered
  buffer 23215: ffffff8013f02910 size 7880:0 delivered
  buffer 23358: ffffff8013f04828 size 7880:0 delivered
  buffer 24206: 
### Binder Call机制原理 在Android操作系统中,`binder_call` 是实现进程间通信(IPC)的核心部分之一。当应用程序发起跨进程调用时,实际上是在执行一次 `binder_transaction` 函数来发送请求给目标服务端口,并等待其响应。 #### 交易数据结构体定义 为了支持这种高效的 IPC 调用模式,在内核空间里设计了一个名为 `struct binder_transaction_data` 的 C 结构体用于封装传递的数据包[^1]: ```c struct binder_transaction_data { /* The first two are only used for bcTRANSACTION and brREPLY */ __u32 handle; /* target or reply-to object handle */ unsigned flags; #define TF_ONE_WAY 0x01 /* this is a one-way call: async, no return value */ pid_t sender_pid; uid_t sender_euid; size_t data_size; /* number of bytes of data */ size_t offsets_size; /* number of entries in offsets buffer */ /* Signatures omitted for brevity */ }; ``` 此结构包含了事务的目标句柄、标志位以及实际传输的有效载荷大小等重要参数。通过这种方式可以确保每次交互都携带足够的上下文信息以便接收方能够正确处理收到的消息。 #### 数据交换过程概述 具体来说,客户端会先创建一个包含所需操作指令及其参数的对象实例;接着利用上述提到的 `binder_transaction()` API 将这些信息打包成标准化格式并提交至驱动层进行下一步路由转发。一旦到达目的地之后,则由服务器负责解析传入的内容完成相应的业务逻辑运算最后再按照同样的流程返回结果给原始发件者形成完整的双向对话链路[^2]。 #### 内存映射技术的应用 值得注意的是,Binder还巧妙运用到了内存映射(`mmap`) 技术以提高性能表现。借助于该特性可以在不改变原有编程模型的基础上让不同地址空间之间快速共享大块连续区域内的资源而无需频繁复制移动字节流从而减少不必要的开销提升整体效率[^3]。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值