Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3bdbe4c1 authored by Martijn Coenen's avatar Martijn Coenen
Browse files

ANDROID: binder: don't enqueue death notifications to thread todo. 



This allows userspace to request death notifications without
having to worry about getting an immediate callback on the same
thread; one scenario where this would be problematic is if the
death recipient handler grabs a lock that was already taken
earlier (eg as part of a nested transaction).

Bug: 23525545
Test: binderLibTest.DeathNotificationThread passes
Change-Id: I955e16306fe3110dacb9a391ffff1bf869249495
Signed-off-by: default avatarMartijn Coenen <maco@android.com>
parent 4781093e

drivers/android/binder.c

+6 −16
Original line number Diff line number Diff line
@@ -3669,23 +3669,13 @@ static int binder_thread_write(struct binder_proc *proc, 
				ref->death = death;

				if (ref->node->proc == NULL) {

					ref->death->work.type = BINDER_WORK_DEAD_BINDER;

					if (thread->looper &

					    (BINDER_LOOPER_STATE_REGISTERED |

					     BINDER_LOOPER_STATE_ENTERED))

						binder_enqueue_work(

							proc,

							&ref->death->work,

							&thread->todo);

					else {



					binder_inner_proc_lock(proc);

					binder_enqueue_work_ilocked(

							&ref->death->work,

							&proc->todo);

						binder_wakeup_proc_ilocked(

							proc);

						&ref->death->work, &proc->todo);

					binder_wakeup_proc_ilocked(proc);

					binder_inner_proc_unlock(proc);

				}

				}

			} else {

				if (ref->death == NULL) {

					binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification not active\n",