Skip to content
This repository was archived by the owner on Nov 8, 2023. It is now read-only.

Commit b892621

Browse files
author
Carlos Llamas
committed
FROMGIT: binder: allow freeze notification for dead nodes
Alice points out that binder_request_freeze_notification() should not return EINVAL when the relevant node is dead [1]. The node can die at any point even if the user input is valid. Instead, allow the request to be allocated but skip the initial notification for dead nodes. This avoids propagating unnecessary errors back to userspace. Fixes: d579b04 ("binder: frozen notification") Cc: [email protected] Suggested-by: Alice Ryhl <[email protected]> Link: https://lore.kernel.org/all/CAH5fLghapZJ4PbbkC8V5A6Zay-_sgTzwVpwqk6RWWUNKKyJC_Q@mail.gmail.com/ [1] Signed-off-by: Carlos Llamas <[email protected]> Acked-by: Todd Kjos <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Bug: 366003708 (cherry picked from commit ca63c66 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: I03af1eedfeb194f5a775388cbb4e7487e4a5dfc0 Signed-off-by: Carlos Llamas <[email protected]>
1 parent ddc0270 commit b892621

File tree

1 file changed

+13
-15
lines changed

1 file changed

+13
-15
lines changed

drivers/android/binder.c

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4076,7 +4076,6 @@ binder_request_freeze_notification(struct binder_proc *proc,
40764076
{
40774077
struct binder_ref_freeze *freeze;
40784078
struct binder_ref *ref;
4079-
bool is_frozen;
40804079

40814080
freeze = kzalloc(sizeof(*freeze), GFP_KERNEL);
40824081
if (!freeze)
@@ -4092,31 +4091,30 @@ binder_request_freeze_notification(struct binder_proc *proc,
40924091
}
40934092

40944093
binder_node_lock(ref->node);
4095-
4096-
if (ref->freeze || !ref->node->proc) {
4097-
binder_user_error("%d:%d invalid BC_REQUEST_FREEZE_NOTIFICATION %s\n",
4098-
proc->pid, thread->pid,
4099-
ref->freeze ? "already set" : "dead node");
4094+
if (ref->freeze) {
4095+
binder_user_error("%d:%d BC_REQUEST_FREEZE_NOTIFICATION already set\n",
4096+
proc->pid, thread->pid);
41004097
binder_node_unlock(ref->node);
41014098
binder_proc_unlock(proc);
41024099
kfree(freeze);
41034100
return -EINVAL;
41044101
}
4105-
binder_inner_proc_lock(ref->node->proc);
4106-
is_frozen = ref->node->proc->is_frozen;
4107-
binder_inner_proc_unlock(ref->node->proc);
41084102

41094103
INIT_LIST_HEAD(&freeze->work.entry);
41104104
freeze->cookie = handle_cookie->cookie;
41114105
freeze->work.type = BINDER_WORK_FROZEN_BINDER;
4112-
freeze->is_frozen = is_frozen;
4113-
41144106
ref->freeze = freeze;
41154107

4116-
binder_inner_proc_lock(proc);
4117-
binder_enqueue_work_ilocked(&ref->freeze->work, &proc->todo);
4118-
binder_wakeup_proc_ilocked(proc);
4119-
binder_inner_proc_unlock(proc);
4108+
if (ref->node->proc) {
4109+
binder_inner_proc_lock(ref->node->proc);
4110+
freeze->is_frozen = ref->node->proc->is_frozen;
4111+
binder_inner_proc_unlock(ref->node->proc);
4112+
4113+
binder_inner_proc_lock(proc);
4114+
binder_enqueue_work_ilocked(&freeze->work, &proc->todo);
4115+
binder_wakeup_proc_ilocked(proc);
4116+
binder_inner_proc_unlock(proc);
4117+
}
41204118

41214119
binder_node_unlock(ref->node);
41224120
binder_proc_unlock(proc);

0 commit comments

Comments
 (0)