Commit 012ab662 authored Jul 22, 2022 by Carlos Llamas Committed by Todd Kjos Aug 03, 2022

ANDROID: binder: fix pending prio state for early exit



When calling binder_do_set_priority() with the same policy and priority
values as the current task, we exit early since there is nothing to do.
However, the BINDER_PRIO_PENDING state might be set and in this case we
fail to update it. A subsequent call to binder_transaction_priority()
will then read an incorrect state and save the wrong priority. Fix this
by setting thread->prio_state to BINDER_PRIO_SET on our way out.

Bug: 199309216
Fixes: cac827f2619b ("ANDROID: binder: fix race in priority restore")
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I21e906cf4b2ebee908af41fe101ecd458ae1991c
(cherry picked from commit 72193be6d4bd9ad29dacd998c14dff97f7a6c6c9)

parent da97a108

drivers/android/binder.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -659,8 +659,13 @@ static void binder_do_set_priority(struct binder_thread *thread,
		bool has_cap_nice;
		unsigned int policy = desired->sched_policy;

		if (task->policy == policy && task->normal_prio == desired->prio)
		if (task->policy == policy && task->normal_prio == desired->prio) {
		spin_lock(&thread->prio_lock);
		if (thread->prio_state == BINDER_PRIO_PENDING)
		thread->prio_state = BINDER_PRIO_SET;
		spin_unlock(&thread->prio_lock);
		return;
		}

		has_cap_nice = has_capability_noaudit(task, CAP_SYS_NICE);