moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: binder: fix pending prio state for early exit

Browse Source 
When calling binder_do_set_priority() with the same policy and priority
values as the current task, we exit early since there is nothing to do.
However, the BINDER_PRIO_PENDING state might be set and in this case we
fail to update it. A subsequent call to binder_transaction_priority()
will then read an incorrect state and save the wrong priority. Fix this
by setting thread->prio_state to BINDER_PRIO_SET on our way out.

Bug: 199309216
Fixes: cac827f2619b ("ANDROID: binder: fix race in priority restore")
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I21e906cf4b2ebee908af41fe101ecd458ae1991c
(cherry picked from commit 72193be6d4bd9ad29dacd998c14dff97f7a6c6c9)
This commit is contained in:
Carlos Llamas
2022-07-22 01:19:38 +00:00
parent 6d2ac8a0a4
commit cc0cf923e8
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/android/binder.c
View File

@@ -657,8 +657,13 @@ static void binder_do_set_priority(struct binder_thread *thread,
bool has_cap_nice; bool has_cap_nice;
unsigned int policy = desired->sched_policy; unsigned int policy = desired->sched_policy;
if (task->policy == policy && task->normal_prio == desired->prio) if (task->policy == policy && task->normal_prio == desired->prio) {
spin_lock(&thread->prio_lock);
if (thread->prio_state == BINDER_PRIO_PENDING)
thread->prio_state = BINDER_PRIO_SET;
spin_unlock(&thread->prio_lock);
return; return;
}
has_cap_nice = has_capability_noaudit(task, CAP_SYS_NICE); has_cap_nice = has_capability_noaudit(task, CAP_SYS_NICE);