[PATCH] rust_binder: add ownership assertion to Node::add_death
From: Georgios Androutsopoulos
Date: Tue Jun 09 2026 - 23:57:16 EST
The `// SAFETY:` comment in NodeDeath::set_cleared assumes that a
NodeDeath is never inserted into the death list of any Node other than
its owner. However, this invariant is not enforced by the safe function
Node::add_death, which inserts NodeDeath into the death list without
checking that death.node == self, leaving a risk for future code that
may miss this implicit invariant and cause undefined behavior.
Add an assertion to make this precondition explicit and catch potential
violations early.
Link: https://github.com/Rust-for-Linux/linux/issues/1237
Signed-off-by: Georgios Androutsopoulos <georgeandrout13@xxxxxxxxx>
---
drivers/android/binder/node.rs | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/android/binder/node.rs b/drivers/android/binder/node.rs
index 69f757ff7461..20eaaefbd4cc 100644
--- a/drivers/android/binder/node.rs
+++ b/drivers/android/binder/node.rs
@@ -333,6 +333,10 @@ pub(crate) fn add_death(
death: ListArc<DTRWrap<NodeDeath>, 1>,
guard: &mut Guard<'_, ProcessInner, SpinLockBackend>,
) {
+ assert!(
+ core::ptr::eq(self, &**death.node),
+ "attempt to add NodeDeath to the wrong death list"
+ );
self.inner.access_mut(guard).death_list.push_back(death);
}
base-commit: 287afdc7671a03081f48f3407bc59862c202bd4b
--
2.47.3