[PATCH v4] binder: frozen notification

From: Yu-Ting Tseng
Date: Mon Jul 01 2024 - 14:23:29 EST


> I believe the external link would be https://r.android.com/3070045
Fixed

> BR_ERROR and binder_debug
Removed

> Are we ok modifying the ref->freeze->* space here without the
inner_lock?
Good catch. Moved freeze->* access earlier before it's assigned to ref->freeze so that's safe without locking.

> I'm not entirely sure why we attempt to queue this as thread work
Was mimicking how it's done with death notification. Removed.

> We set the work type to CLEAR regardless, might as well factor it out.
Done

> It seems the freeze->* space is protected by the proc->inner_lock right
Yes, freeze->* is protected by the proc inner lock. ref->freeze is protected by the node lock.

> I believe you should zero the 'info' before copy_to_user()
Done.

> So we traverse every single reference of every single node in this proc
looking for references subscribed to freeze, correct?
That's correct.

> What if there a EAGAIN error following this below?
Fixed. Moved binder_add_freeze_work(target_proc, true) near the end of the function where we know whether freezing is successful.

> any reason why is_frozen didn't make it to the bitfields?
Fixed

> No need for a struct
Fixed

> You could still keep the original bool for bitfields too if you want.
Sure. Done.


Yu-Ting Tseng (1):
binder: frozen notification

drivers/android/binder.c | 300 +++++++++++++++++++++++++++-
drivers/android/binder_internal.h | 23 ++-
include/uapi/linux/android/binder.h | 35 ++++
3 files changed, 354 insertions(+), 4 deletions(-)


base-commit: 14d7c92f8df9c0964ae6f8b813c1b3ac38120825
--
2.45.2.803.g4e1b14247a-goog