[PATCH v2] rust_binder: add ownership assertion to Node::add_death

[Georgios Androutsopoulos]

The `// SAFETY:` comment in NodeDeath::set_cleared assumes that a
NodeDeath is never inserted into the death list of any Node other than
its owner. However, this invariant is not enforced by the safe function
Node::add_death, which inserts NodeDeath into the death list without
checking that death.node == self, leaving a risk for future code that
may miss this implicit invariant and cause undefined behavior.

Add an assertion to make this precondition explicit and catch potential
violations early.

Link: https://github.com/Rust-for-Linux/linux/issues/1237

Signed-off-by: Georgios Androutsopoulos <georgeandrout13@xxxxxxxxx>
---
Changes in v2:
- Replace assert!() with pr_warn() + debug_assert() following
  feedback from Onur Özkan and Miguel Ojeda.

Link to v1: https://lore.kernel.org/rust-for-linux/20260610035544.3333022-1-georgeandrout13@xxxxxxxxx/
---
 drivers/android/binder/node.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/android/binder/node.rs b/drivers/android/binder/node.rs
index 69f757ff7461..425076405e1e 100644
--- a/drivers/android/binder/node.rs
+++ b/drivers/android/binder/node.rs
@@ -333,6 +333,11 @@ pub(crate) fn add_death(
         death: ListArc<DTRWrap<NodeDeath>, 1>,
         guard: &mut Guard<'_, ProcessInner, SpinLockBackend>,
     ) {
+        let is_valid = core::ptr::eq(self, &**death.node);
+        if !is_valid {
+            pr_warn!("attempt to add NodeDeath to the wrong death list\n");
+        }
+        debug_assert!(is_valid);
         self.inner.access_mut(guard).death_list.push_back(death);
     }
 

base-commit: 287afdc7671a03081f48f3407bc59862c202bd4b
-- 
2.47.3