From: Martijn Coenen <maco@android.com>
Date: Thu, 31 Aug 2017 08:04:28 +0000 (+0200)
Subject: ANDROID: binder: don't enqueue death notifications to thread todo.
X-Git-Tag: v4.14-rc1~146^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bb74562a7f8398231be20a5c9d36225301a9be31;p=platform%2Fkernel%2Flinux-rpi.git

ANDROID: binder: don't enqueue death notifications to thread todo.

This allows userspace to request death notifications without
having to worry about getting an immediate callback on the same
thread; one scenario where this would be problematic is if the
death recipient handler grabs a lock that was already taken
earlier (eg as part of a nested transaction).

Signed-off-by: Martijn Coenen <maco@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index afe6ac3..b0f0395 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3499,22 +3499,12 @@ static int binder_thread_write(struct binder_proc *proc,
 				ref->death = death;
 				if (ref->node->proc == NULL) {
 					ref->death->work.type = BINDER_WORK_DEAD_BINDER;
-					if (thread->looper &
-					    (BINDER_LOOPER_STATE_REGISTERED |
-					     BINDER_LOOPER_STATE_ENTERED))
-						binder_enqueue_work(
-							proc,
-							&ref->death->work,
-							&thread->todo);
-					else {
-						binder_inner_proc_lock(proc);
-						binder_enqueue_work_ilocked(
-							&ref->death->work,
-							&proc->todo);
-						binder_wakeup_proc_ilocked(
-							proc);
-						binder_inner_proc_unlock(proc);
-					}
+
+					binder_inner_proc_lock(proc);
+					binder_enqueue_work_ilocked(
+						&ref->death->work, &proc->todo);
+					binder_wakeup_proc_ilocked(proc);
+					binder_inner_proc_unlock(proc);
 				}
 			} else {
 				if (ref->death == NULL) {