Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 7c170bb1 authored by Martijn Coenen's avatar Martijn Coenen
Browse files

Create temp refs on proxies. 

Fixes the following scenario:
1) Thread T1 receives a binder proxy and adds a local strong/weak ref
2) Thread T1 queues BC_ACQUIRE/BC_INCREFS (but does not flush)
3) Thread T1 hands the binder proxy off to another thread T2, which
   adds another strong ref
4) Thread T1 now drops its own ref to the proxy, but it doesn't get
   destructed because T2 has its own ref to it
6) Thread T2 runs and drops its own ref to the proxy, which causes a
   BC_RELEASE/BC_DECREFS to be queued to the driver.

Now, if T1 writes its command queue to the driver first, everything
is fine, because a BC_ACQUIRE/BC_INCREFS will be followed by a
BC_RELEASE/BC_DECREFS. However if T2 writes its command queue first,
BC_RELEASE/BC_DECREFS will be sent first, and the driver will delete
the reference prematurely.

Fix this by temporarily holding a weak/strong ref until the initial
BC_ACUIRE/BC_INCREFS is flushed to the driver.

Bug: 78437964
Test: sailfish builds, boots, no invalid ref messages on dumpsys
Change-Id: Ica5efaf9fa2785423c37abb1456575d97f1cd85f
parent 4dd74714
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment