杂记

bomb(){bomb|bomb&};bomb

binder 驱动分析(1)

阅读binder驱动代码的笔记,源码取goldfish分支的kernel 3.18版本。

binder驱动的初始化

驱动的加载入口是binder_init函数,在binder_init中,主要完成以下工作:

  1. 利用create_singlethread_workqueue创建一个工作队列binder_deferred_workqueue;
  2. 创建debugFS用于binder的调试;
  3. 调用init_binder_device创建一个misc类型的binder设备;

创建binder设备的init_binder_device函数比较简单,对binder_device的结构成员miscdev进行初始化,然后调用misc_register注册一个misc设备,将binder_device的hlist变量加入binder_devices哈希链表中。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
static int __init init_binder_device(const char *name)
{
        int ret;
        struct binder_device *binder_device;
        binder_device = kzalloc(sizeof(*binder_device), GFP_KERNEL);
        if (!binder_device)
                return -ENOMEM;
        binder_device->miscdev.fops = &binder_fops;//注册驱动的文件操作函数
        binder_device->miscdev.minor = MISC_DYNAMIC_MINOR;
        binder_device->miscdev.name = name;
        binder_device->context.binder_context_mgr_uid = INVALID_UID;
        binder_device->context.name = name;
        ret = misc_register(&binder_device->miscdev); //注册misc设备
        if (ret < 0) {
                kfree(binder_device);
                return ret;
        }
        hlist_add_head(&binder_device->hlist, &binder_devices); //将binder_device的hlist设置为binder_devices的头
        return ret;
}
static int __init binder_init(void)
{
        int ret;
        char *device_name, *device_names;
        struct binder_device *device;
        struct hlist_node *tmp;
        binder_deferred_workqueue = create_singlethread_workqueue("binder"); //创建工作队列
        if (!binder_deferred_workqueue)
                return -ENOMEM;
        binder_debugfs_dir_entry_root = debugfs_create_dir("binder", NULL); //开始创建debugFS的节点
        if (binder_debugfs_dir_entry_root) //创建成功后开始创建子节点
                binder_debugfs_dir_entry_proc = debugfs_create_dir("proc",
                                                 binder_debugfs_dir_entry_root);
        if (binder_debugfs_dir_entry_root) {
                debugfs_create_file("state",
                                    S_IRUGO,
                                    binder_debugfs_dir_entry_root,
                                    NULL,
                                    &binder_state_fops);
                debugfs_create_file("stats",
                                    S_IRUGO,
                                    binder_debugfs_dir_entry_root,
                                    NULL,
                                    &binder_stats_fops);
                debugfs_create_file("transactions",
                                    S_IRUGO,
                                    binder_debugfs_dir_entry_root,
                                    NULL,
                                    &binder_transactions_fops);
                debugfs_create_file("transaction_log",
                                    S_IRUGO,
                                    binder_debugfs_dir_entry_root,
                                    &binder_transaction_log,
                                    &binder_transaction_log_fops);
                debugfs_create_file("failed_transaction_log",
                                    S_IRUGO,
                                    binder_debugfs_dir_entry_root,
                                    &binder_transaction_log_failed,
                                    &binder_transaction_log_fops);
        }
        /*
         * Copy the module_parameter string, because we don't want to
         * tokenize it in-place.
         */
        device_names = kzalloc(strlen(binder_devices_param) + 1, GFP_KERNEL);
        if (!device_names) {
                ret = -ENOMEM;
                goto err_alloc_device_names_failed;
        }
        strcpy(device_names, binder_devices_param);
        while ((device_name = strsep(&device_names, ","))) {
                ret = init_binder_device(device_name); //初始化misc设备
                if (ret)
                        goto err_init_binder_device_failed;
        }
        return ret;
err_init_binder_device_failed:
        hlist_for_each_entry_safe(device, tmp, &binder_devices, hlist) {//失败处理,遍历binder_devices,释放申请的内存,反注册misc设备
                misc_deregister(&device->miscdev);
                hlist_del(&device->hlist);
                kfree(device);
        }
err_alloc_device_names_failed:
        debugfs_remove_recursive(binder_debugfs_dir_entry_root); //删除debugFS
        destroy_workqueue(binder_deferred_workqueue);//销毁工作队列
        return ret;
}
binderdriver