• Todd Kjos's avatar
    binder: make sure accesses to proc/thread are safe · 7a4408c6
    Todd Kjos authored
    binder_thread and binder_proc may be accessed by other
    threads when processing transaction. Therefore they
    must be prevented from being freed while a transaction
    is in progress that references them.
    
    This is done by introducing a temporary reference
    counter for threads and procs that indicates that the
    object is in use and must not be freed. binder_thread_dec_tmpref()
    and binder_proc_dec_tmpref() are used to decrement
    the temporary reference.
    
    It is safe to free a binder_thread if there
    is no reference and it has been released
    (indicated by thread->is_dead).
    
    It is safe to free a binder_proc if it has no
    remaining threads and no reference.
    
    A spinlock is added to the binder_transaction
    to safely access and set references for t->from
    and for debug code to safely access t->to_thread
    and t->to_proc.
    Signed-off-by: default avatarTodd Kjos <tkjos@google.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    7a4408c6
binder.c 114 KB