[PATCH v1 1/1] binder: fix freeze race

Dan Carpenter dan.carpenter at oracle.com
Fri Sep 10 06:02:51 UTC 2021


On Thu, Sep 09, 2021 at 04:21:41PM -0700, Li Li wrote:
> @@ -4648,6 +4647,22 @@ static int binder_ioctl_get_node_debug_info(struct binder_proc *proc,
>  	return 0;
>  }
>  
> +static int binder_txns_pending(struct binder_proc *proc)
> +{
> +	struct rb_node *n;
> +	struct binder_thread *thread;
> +
> +	if (proc->outstanding_txns > 0)
> +		return 1;

Make this function bool.

> +
> +	for (n = rb_first(&proc->threads); n; n = rb_next(n)) {
> +		thread = rb_entry(n, struct binder_thread, rb_node);
> +		if (thread->transaction_stack)
> +			return 1;
> +	}
> +	return 0;
> +}
> +
>  static int binder_ioctl_freeze(struct binder_freeze_info *info,
>  			       struct binder_proc *target_proc)
>  {
> @@ -4682,6 +4697,14 @@ static int binder_ioctl_freeze(struct binder_freeze_info *info,
>  	if (!ret && target_proc->outstanding_txns)
>  		ret = -EAGAIN;

These two lines can be deleted now because binder_txns_pending() checks
->outstanding_txns.

>  
> +	/* Also check pending transactions that wait for reply */
> +	if (ret >= 0) {
> +		binder_inner_proc_lock(target_proc);
> +		if (binder_txns_pending(target_proc))
> +			ret = -EAGAIN;
> +		binder_inner_proc_unlock(target_proc);
> +	}
> +
>  	if (ret < 0) {
>  		binder_inner_proc_lock(target_proc);
>  		target_proc->is_frozen = false;

regards,
dan carpenter



More information about the devel mailing list