binder: Fix overly strict assertion in binder_pop_transaction

Since binder_thread objects can be cleaned up on one thread while being used on another, it is possible that the "from" specified in the transaction_stack could be NULL when we pop the transaction. This is safe. Modify the BUG_ON to allow it. Bug: 33250092 32225111 Change-Id: Id0f6c46cbada846b6a50833c3cc8f76afb7d40ea Signed-off-by: Todd Kjos <tkjos@google.com>
2016-11-14 09:56:15 -08:00
parent 9cce95e7c6
commit e3ede3cdf6
1 changed files with 6 additions and 1 deletions
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -1108,7 +1108,12 @@ static void binder_pop_transaction(struct binder_thread *target_thread,
 	if (target_thread) {
 		binder_proc_lock(target_thread->proc, __LINE__);
 		BUG_ON(target_thread->transaction_stack != t);
-		BUG_ON(target_thread->transaction_stack->from != target_thread);
+		/*
+		 * It is possible that the target_thread has died so
+		 * transaction_stack->from could already be NULL
+		 */
+		BUG_ON(target_thread->transaction_stack->from != NULL &&
+		       target_thread->transaction_stack->from != target_thread);
 		target_thread->transaction_stack =
 			target_thread->transaction_stack->from_parent;
 		t->from = NULL;