From cc0bec85bcb6def587bfb6845031613fac9fb086 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Mon, 24 Jul 2017 14:26:01 +0200 Subject: [PATCH] ANDROID: binder: correctly initialize ref to zombie node. When we create a new reference to a zombie node (which is allowed as long as there are other refs to the node), we don't correctly initialize the node_is_zombie field of the ref, which can lead to death recipients never being fired. Bug: 63988502 Test: new binderLibTest Change-Id: I06287947d7a2f59c25362850b389c20c8a3b6929 Signed-off-by: Martijn Coenen --- drivers/android/binder.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b4a9c64abdf5..6d8197146d9e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1146,6 +1146,9 @@ static struct binder_ref *binder_get_ref_for_node(struct binder_proc *proc, binder_stats_deleted(BINDER_STAT_REF); return NULL; } + + new_ref->node_is_zombie = node->is_zombie; + INIT_HLIST_NODE(&new_ref->node_entry); hlist_add_head(&new_ref->node_entry, &node->refs);