libbinder: RPC cap transaction size at 100KB
Why?
- Android code uses -fno-exceptions and generally doesn't check for OOM
conditions (unlike the Linux kernel itself!). Even if we check for
allocation success, a successful allocation here may mean even a 1
byte allocation on another thread or by the server will cause a
failure.
- kernel binder can have by default 1MB of concurrent transactions
at a time. A transaction of size 100KB is already exceedingly
dangerous to the runtime, since in a big process, this could cause
other processes to reach the limit.
In the future, we could increase this cap (lowering is potentially
difficult) or make it customizable.
Bug: 167966510
Test: binderRpcTest, binderRpcBenchmark, binder_rpc_fuzzer
Change-Id: Ia215f1a00412654ce08e6bced14d4da4a0a46987
2 files changed