binder: read thread sequence number on every iteration when reaping

Objects are reaped and kfree'd when we know that all threads that were active when the object became a zombie have left the kernel. The loop that checks this was reading the active thread sequence number at the beginning and caching it. However, if in the 1st iteration there are no threads, it will cache ~0ULL and all zombies will be reaped even if new ones arrive and need to be protected. Check the sequence number on each iteration. Bug: 36220321 Change-Id: I694ff29800cf4ab8d37cb3bb1d5508a525dd88da Test: tested manually Signed-off-by: Todd Kjos <tkjos@google.com> Signed-off-by: Siqi Lin <siqilin@google.com>
2017-03-14 17:38:46 -07:00
parent e98c35d65d
commit 7b7c3cb589
1 changed files with 1 additions and 2 deletions
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -4160,7 +4160,6 @@ static bool binder_proc_clear_zombies(struct binder_proc *proc)
 static void binder_clear_zombies(void)
 {
 	struct binder_proc *proc;
-	u64 thread_seq = binder_get_thread_seq();
 	struct binder_seq_node *z;

 	spin_lock(&zombie_procs.lock);
@@ -4171,7 +4170,7 @@ static void binder_clear_zombies(void)

 	while ((z = list_first_entry_or_null(&zombie_procs.active_threads,
 					     typeof(*z), list_node)) != NULL) {
-		if (thread_seq < z->active_seq)
+		if (binder_get_thread_seq() < z->active_seq)
 			break;
 		list_del_init(&z->list_node);