Evolution-X-Devices/kernel_google_wahoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

binder: allow binder_alloc_get_user_buffer_offset when proc dying

Browse Source 
A BUG_ON was triggered when a thread initiating a transaction
to a dying process called binder_alloc_get_user_buffer_offset()
after alloc->vma has been set to NULL. Removed the BUG_ON since
it is possible for the target proc to die while the transaction
is being initiated. Ultimately, the transaction reply will be
a BR_DEAD_REPLY failure.

Bug: 38513317
Test: tested manually
Change-Id: Id116b366777adab4233bce87bd20dc3f543a9625
Signed-off-by: Todd Kjos <tkjos@google.com>
This commit is contained in:
Todd Kjos
2017-05-24 15:03:43 -07:00
committed by Pat Tjin
parent 3c28d4f40e
commit cd293dbeb8
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/android/binder_alloc.h
View File

@@ -100,9 +100,12 @@ binder_alloc_get_user_buffer_offset(struct binder_alloc *alloc)
{
/*
* user_buffer_offset is constant if vma is set and
* undefined if vma is not set
* undefined if vma is not set. It is possible to
* get here with !alloc->vma if the target process
* is dying while a transaction is being initiated.
* Returning the old value is ok in this case and
* the transaction will fail.
*/
BUG_ON(!alloc->vma);
return READ_ONCE(alloc->user_buffer_offset);
}