Re: [PATCH] rust_binder: avoid calling pending_oneway_finished() on TF_UPDATE_TXN

Next message: Kalesh Singh: "Re: [PATCH v2] mm: limit filemap_fault readahead to VMA boundaries"
Previous message: Dave Jiang: "Re: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Carlos Llamas

Date: Mon Apr 27 2026 - 12:38:51 EST

On Tue, Apr 14, 2026 at 12:02:34PM +0000, Alice Ryhl wrote:
> When an outdated transaction is removed from `oneway_todo` due to
> `TF_UPDATE_TXN`, its `Allocation` is dropped. The current implementation
> of `Allocation::drop` calls `pending_oneway_finished()`, assuming the
> transaction was executed. This leads to premature execution of the next
> queued one-way transaction.
>
> Fix this by taking the `oneway_node` from the `Allocation` of the
> outdated transaction before it is dropped. This prevents
> `Allocation::drop` from signaling completion.
>
> We do not call `take_oneway_node()` from `Transaction::cancel` because
> it's actually correct to call `pending_oneway_finished()` on cancel if
> the transaction did not come from `oneway_todo`. This ensures that if
> `BINDER_THREAD_EXIT` is invoked and cancels a oneway transaction, then
> the next transaction is taken from `oneway_todo`.
>
> This bug does not lead to any issues in the kernel, but may lead to
> Binder delivering transactions to userspace earlier than userspace
> expected to receive them.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: eafedbc7c050 ("rust_binder: add Rust Binder driver")
> Assisted-by: Antigravity:gemini
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> ---

Acked-by: Carlos Llamas <cmllamas@xxxxxxxxxx>