[RFC,0/0] drivers: android: binder crash issue

Victor Chong Sept. 6, 2015, 4 p.m. UTC
From: Puck Chen <puck.chen@hisilicon.com>

We find that the binder aborts when doing some asynchronous
transferring, e.g. when a phone call comes in.

If there are asynchronous requests in binder system, and new
requests coming, the asynchronous requests may insert into the
new requests queue.

In this scene, the asynchronous request will affect the
corresponding order of the new requests.

So we think that the asynchronous requests should be added to proc
struct instead of thread’s todo list.

Please let me know, if some things wrong in my opinion.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
 drivers/android/binder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 6607f3c..db4a0b5 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -1922,7 +1922,7 @@  static int binder_thread_write(struct binder_proc *proc,
 				if (list_empty(&buffer->target_node->async_todo))
 					buffer->target_node->has_async_transaction = 0;
-					list_move_tail(buffer->target_node->async_todo.next, &thread->todo);
+					list_move_tail(buffer->target_node->async_todo.next, &proc->todo);
 			binder_transaction_buffer_release(proc, buffer, NULL);