CC: kbuild-all(a)lists.01.org CC: linux-kernel(a)vger.kernel.org TO: Jakub Jelinek CC: "Peter Zijlstra (Intel)" CC: Andrew Morton CC: Linux Memory Management List tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 16fc44d6387e260f4932e9248b985837324705d8 commit: 2f78788b55baa3410b1ec91a576286abe1ad4d6a ilog2: improve ilog2 for constant arguments date: 4 months ago :::::: branch date: 11 hours ago :::::: commit date: 4 months ago config: riscv-randconfig-m031-20210421 (attached as .config) compiler: riscv32-linux-gcc (GCC) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot Reported-by: Dan Carpenter smatch warnings: drivers/android/binder.c:3540 binder_thread_write() warn: overwrite may leak 'death' vim +/death +3540 drivers/android/binder.c 44d8047f1d87ad drivers/android/binder.c Todd Kjos 2018-08-28 3188 fb07ebc3e82a98 drivers/staging/android/binder.c Bojan Prtvar 2013-09-02 3189 static int binder_thread_write(struct binder_proc *proc, fb07ebc3e82a98 drivers/staging/android/binder.c Bojan Prtvar 2013-09-02 3190 struct binder_thread *thread, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3191 binder_uintptr_t binder_buffer, size_t size, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3192 binder_size_t *consumed) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3193 { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3194 uint32_t cmd; 342e5c90b60134 drivers/android/binder.c Martijn Coenen 2017-02-03 3195 struct binder_context *context = proc->context; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3196 void __user *buffer = (void __user *)(uintptr_t)binder_buffer; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3197 void __user *ptr = buffer + *consumed; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3198 void __user *end = buffer + size; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3199 26549d17741035 drivers/android/binder.c Todd Kjos 2017-06-29 3200 while (ptr < end && thread->return_error.cmd == BR_OK) { 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3201 int ret; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3202 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3203 if (get_user(cmd, (uint32_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3204 return -EFAULT; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3205 ptr += sizeof(uint32_t); 975a1ac9a9fe65 drivers/staging/android/binder.c Arve Hjønnevåg 2012-10-16 3206 trace_binder_command(cmd); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3207 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.bc)) { 0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3208 atomic_inc(&binder_stats.bc[_IOC_NR(cmd)]); 0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3209 atomic_inc(&proc->stats.bc[_IOC_NR(cmd)]); 0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3210 atomic_inc(&thread->stats.bc[_IOC_NR(cmd)]); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3211 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3212 switch (cmd) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3213 case BC_INCREFS: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3214 case BC_ACQUIRE: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3215 case BC_RELEASE: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3216 case BC_DECREFS: { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3217 uint32_t target; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3218 const char *debug_string; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3219 bool strong = cmd == BC_ACQUIRE || cmd == BC_RELEASE; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3220 bool increment = cmd == BC_INCREFS || cmd == BC_ACQUIRE; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3221 struct binder_ref_data rdata; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3222 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3223 if (get_user(target, (uint32_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3224 return -EFAULT; c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3225 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3226 ptr += sizeof(uint32_t); 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3227 ret = -1; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3228 if (increment && !target) { c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3229 struct binder_node *ctx_mgr_node; 6c20032c22d982 drivers/android/binder.c Andrew Bridges 2020-10-27 3230 c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3231 mutex_lock(&context->context_mgr_node_lock); c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3232 ctx_mgr_node = context->binder_context_mgr_node; 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3233 if (ctx_mgr_node) { 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3234 if (ctx_mgr_node->proc == proc) { 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3235 binder_user_error("%d:%d context manager tried to acquire desc 0\n", 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3236 proc->pid, thread->pid); 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3237 mutex_unlock(&context->context_mgr_node_lock); 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3238 return -EINVAL; 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3239 } 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3240 ret = binder_inc_ref_for_node( 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3241 proc, ctx_mgr_node, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3242 strong, NULL, &rdata); 4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3243 } c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3244 mutex_unlock(&context->context_mgr_node_lock); c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3245 } 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3246 if (ret) 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3247 ret = binder_update_ref_for_handle( 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3248 proc, target, increment, strong, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3249 &rdata); 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3250 if (!ret && rdata.desc != target) { 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3251 binder_user_error("%d:%d tried to acquire reference to desc %d, got %d instead\n", 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3252 proc->pid, thread->pid, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3253 target, rdata.desc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3254 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3255 switch (cmd) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3256 case BC_INCREFS: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3257 debug_string = "IncRefs"; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3258 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3259 case BC_ACQUIRE: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3260 debug_string = "Acquire"; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3261 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3262 case BC_RELEASE: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3263 debug_string = "Release"; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3264 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3265 case BC_DECREFS: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3266 default: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3267 debug_string = "DecRefs"; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3268 break; 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3269 } 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3270 if (ret) { 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3271 binder_user_error("%d:%d %s %d refcount change on invalid ref %d ret %d\n", 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3272 proc->pid, thread->pid, debug_string, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3273 strong, target, ret); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3274 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3275 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3276 binder_debug(BINDER_DEBUG_USER_REFS, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3277 "%d:%d %s ref %d desc %d s %d w %d\n", 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3278 proc->pid, thread->pid, debug_string, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3279 rdata.debug_id, rdata.desc, rdata.strong, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3280 rdata.weak); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3281 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3282 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3283 case BC_INCREFS_DONE: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3284 case BC_ACQUIRE_DONE: { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3285 binder_uintptr_t node_ptr; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3286 binder_uintptr_t cookie; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3287 struct binder_node *node; 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3288 bool free_node; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3289 da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3290 if (get_user(node_ptr, (binder_uintptr_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3291 return -EFAULT; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3292 ptr += sizeof(binder_uintptr_t); da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3293 if (get_user(cookie, (binder_uintptr_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3294 return -EFAULT; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3295 ptr += sizeof(binder_uintptr_t); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3296 node = binder_get_node(proc, node_ptr); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3297 if (node == NULL) { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3298 binder_user_error("%d:%d %s u%016llx no match\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3299 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3300 cmd == BC_INCREFS_DONE ? 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3301 "BC_INCREFS_DONE" : 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3302 "BC_ACQUIRE_DONE", da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3303 (u64)node_ptr); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3304 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3305 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3306 if (cookie != node->cookie) { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3307 binder_user_error("%d:%d %s u%016llx node %d cookie mismatch %016llx != %016llx\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3308 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3309 cmd == BC_INCREFS_DONE ? 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3310 "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE", da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3311 (u64)node_ptr, node->debug_id, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3312 (u64)cookie, (u64)node->cookie); adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3313 binder_put_node(node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3314 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3315 } 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3316 binder_node_inner_lock(node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3317 if (cmd == BC_ACQUIRE_DONE) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3318 if (node->pending_strong_ref == 0) { 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3319 binder_user_error("%d:%d BC_ACQUIRE_DONE node %d has no pending acquire request\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3320 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3321 node->debug_id); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3322 binder_node_inner_unlock(node); adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3323 binder_put_node(node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3324 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3325 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3326 node->pending_strong_ref = 0; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3327 } else { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3328 if (node->pending_weak_ref == 0) { 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3329 binder_user_error("%d:%d BC_INCREFS_DONE node %d has no pending increfs request\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3330 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3331 node->debug_id); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3332 binder_node_inner_unlock(node); adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3333 binder_put_node(node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3334 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3335 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3336 node->pending_weak_ref = 0; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3337 } 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3338 free_node = binder_dec_node_nilocked(node, 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3339 cmd == BC_ACQUIRE_DONE, 0); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3340 WARN_ON(free_node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3341 binder_debug(BINDER_DEBUG_USER_REFS, adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3342 "%d:%d %s node %d ls %d lw %d tr %d\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3343 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3344 cmd == BC_INCREFS_DONE ? "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE", adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3345 node->debug_id, node->local_strong_refs, adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3346 node->local_weak_refs, node->tmp_refs); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3347 binder_node_inner_unlock(node); adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3348 binder_put_node(node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3349 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3350 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3351 case BC_ATTEMPT_ACQUIRE: 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3352 pr_err("BC_ATTEMPT_ACQUIRE not supported\n"); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3353 return -EINVAL; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3354 case BC_ACQUIRE_RESULT: 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3355 pr_err("BC_ACQUIRE_RESULT not supported\n"); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3356 return -EINVAL; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3357 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3358 case BC_FREE_BUFFER: { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3359 binder_uintptr_t data_ptr; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3360 struct binder_buffer *buffer; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3361 da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3362 if (get_user(data_ptr, (binder_uintptr_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3363 return -EFAULT; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3364 ptr += sizeof(binder_uintptr_t); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3365 53d311cfa19ad3 drivers/android/binder.c Todd Kjos 2017-06-29 3366 buffer = binder_alloc_prepare_to_free(&proc->alloc, 19c987241ca121 drivers/android/binder.c Todd Kjos 2017-06-29 3367 data_ptr); 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3368 if (IS_ERR_OR_NULL(buffer)) { 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3369 if (PTR_ERR(buffer) == -EPERM) { 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3370 binder_user_error( 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3371 "%d:%d BC_FREE_BUFFER u%016llx matched unreturned or currently freeing buffer\n", 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3372 proc->pid, thread->pid, 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3373 (u64)data_ptr); 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3374 } else { 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3375 binder_user_error( 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3376 "%d:%d BC_FREE_BUFFER u%016llx no match\n", 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3377 proc->pid, thread->pid, 7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3378 (u64)data_ptr); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3379 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3380 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3381 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3382 binder_debug(BINDER_DEBUG_FREE_BUFFER, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3383 "%d:%d BC_FREE_BUFFER u%016llx found buffer %d for %s transaction\n", da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3384 proc->pid, thread->pid, (u64)data_ptr, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3385 buffer->debug_id, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3386 buffer->transaction ? "active" : "finished"); 44d8047f1d87ad drivers/android/binder.c Todd Kjos 2018-08-28 3387 binder_free_buf(proc, buffer); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3388 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3389 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3390 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3391 case BC_TRANSACTION_SG: 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3392 case BC_REPLY_SG: { 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3393 struct binder_transaction_data_sg tr; 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3394 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3395 if (copy_from_user(&tr, ptr, sizeof(tr))) 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3396 return -EFAULT; 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3397 ptr += sizeof(tr); 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3398 binder_transaction(proc, thread, &tr.transaction_data, 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3399 cmd == BC_REPLY_SG, tr.buffers_size); 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3400 break; 7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3401 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3402 case BC_TRANSACTION: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3403 case BC_REPLY: { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3404 struct binder_transaction_data tr; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3405 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3406 if (copy_from_user(&tr, ptr, sizeof(tr))) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3407 return -EFAULT; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3408 ptr += sizeof(tr); 4bfac80af3a63f drivers/android/binder.c Martijn Coenen 2017-02-03 3409 binder_transaction(proc, thread, &tr, 4bfac80af3a63f drivers/android/binder.c Martijn Coenen 2017-02-03 3410 cmd == BC_REPLY, 0); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3411 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3412 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3413 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3414 case BC_REGISTER_LOOPER: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3415 binder_debug(BINDER_DEBUG_THREADS, 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3416 "%d:%d BC_REGISTER_LOOPER\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3417 proc->pid, thread->pid); b3e6861283790d drivers/android/binder.c Todd Kjos 2017-06-29 3418 binder_inner_proc_lock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3419 if (thread->looper & BINDER_LOOPER_STATE_ENTERED) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3420 thread->looper |= BINDER_LOOPER_STATE_INVALID; 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3421 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3422 proc->pid, thread->pid); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3423 } else if (proc->requested_threads == 0) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3424 thread->looper |= BINDER_LOOPER_STATE_INVALID; 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3425 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called without request\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3426 proc->pid, thread->pid); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3427 } else { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3428 proc->requested_threads--; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3429 proc->requested_threads_started++; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3430 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3431 thread->looper |= BINDER_LOOPER_STATE_REGISTERED; b3e6861283790d drivers/android/binder.c Todd Kjos 2017-06-29 3432 binder_inner_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3433 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3434 case BC_ENTER_LOOPER: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3435 binder_debug(BINDER_DEBUG_THREADS, 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3436 "%d:%d BC_ENTER_LOOPER\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3437 proc->pid, thread->pid); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3438 if (thread->looper & BINDER_LOOPER_STATE_REGISTERED) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3439 thread->looper |= BINDER_LOOPER_STATE_INVALID; 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3440 binder_user_error("%d:%d ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3441 proc->pid, thread->pid); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3442 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3443 thread->looper |= BINDER_LOOPER_STATE_ENTERED; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3444 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3445 case BC_EXIT_LOOPER: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3446 binder_debug(BINDER_DEBUG_THREADS, 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3447 "%d:%d BC_EXIT_LOOPER\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3448 proc->pid, thread->pid); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3449 thread->looper |= BINDER_LOOPER_STATE_EXITED; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3450 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3451 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3452 case BC_REQUEST_DEATH_NOTIFICATION: 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3453 case BC_CLEAR_DEATH_NOTIFICATION: { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3454 uint32_t target; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3455 binder_uintptr_t cookie; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3456 struct binder_ref *ref; 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3457 struct binder_ref_death *death = NULL; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3458 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3459 if (get_user(target, (uint32_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3460 return -EFAULT; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3461 ptr += sizeof(uint32_t); da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3462 if (get_user(cookie, (binder_uintptr_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3463 return -EFAULT; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3464 ptr += sizeof(binder_uintptr_t); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3465 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) { 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3466 /* 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3467 * Allocate memory for death notification 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3468 * before taking lock 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3469 */ 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3470 death = kzalloc(sizeof(*death), GFP_KERNEL); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3471 if (death == NULL) { 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3472 WARN_ON(thread->return_error.cmd != 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3473 BR_OK); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3474 thread->return_error.cmd = BR_ERROR; 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3475 binder_enqueue_thread_work( 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3476 thread, 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3477 &thread->return_error.work); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3478 binder_debug( 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3479 BINDER_DEBUG_FAILED_TRANSACTION, 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3480 "%d:%d BC_REQUEST_DEATH_NOTIFICATION failed\n", 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3481 proc->pid, thread->pid); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3482 break; 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3483 } 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3484 } 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3485 binder_proc_lock(proc); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3486 ref = binder_get_ref_olocked(proc, target, false); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3487 if (ref == NULL) { 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3488 binder_user_error("%d:%d %s invalid ref %d\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3489 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3490 cmd == BC_REQUEST_DEATH_NOTIFICATION ? 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3491 "BC_REQUEST_DEATH_NOTIFICATION" : 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3492 "BC_CLEAR_DEATH_NOTIFICATION", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3493 target); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3494 binder_proc_unlock(proc); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3495 kfree(death); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3496 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3497 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3498 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3499 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3500 "%d:%d %s %016llx ref %d desc %d s %d w %d for node %d\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3501 proc->pid, thread->pid, 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3502 cmd == BC_REQUEST_DEATH_NOTIFICATION ? 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3503 "BC_REQUEST_DEATH_NOTIFICATION" : 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3504 "BC_CLEAR_DEATH_NOTIFICATION", 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3505 (u64)cookie, ref->data.debug_id, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3506 ref->data.desc, ref->data.strong, 372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3507 ref->data.weak, ref->node->debug_id); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3508 ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3509 binder_node_lock(ref->node); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3510 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3511 if (ref->death) { 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3512 binder_user_error("%d:%d BC_REQUEST_DEATH_NOTIFICATION death notification already set\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3513 proc->pid, thread->pid); ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3514 binder_node_unlock(ref->node); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3515 binder_proc_unlock(proc); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3516 kfree(death); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3517 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3518 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3519 binder_stats_created(BINDER_STAT_DEATH); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3520 INIT_LIST_HEAD(&death->work.entry); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3521 death->cookie = cookie; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3522 ref->death = death; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3523 if (ref->node->proc == NULL) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3524 ref->death->work.type = BINDER_WORK_DEAD_BINDER; bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3525 1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3526 binder_inner_proc_lock(proc); 1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3527 binder_enqueue_work_ilocked( bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3528 &ref->death->work, &proc->todo); bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3529 binder_wakeup_proc_ilocked(proc); 1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3530 binder_inner_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3531 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3532 } else { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3533 if (ref->death == NULL) { 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3534 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification not active\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3535 proc->pid, thread->pid); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3536 binder_node_unlock(ref->node); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3537 binder_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3538 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3539 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 @3540 death = ref->death; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3541 if (death->cookie != cookie) { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3542 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch %016llx != %016llx\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3543 proc->pid, thread->pid, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3544 (u64)death->cookie, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3545 (u64)cookie); 673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3546 binder_node_unlock(ref->node); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3547 binder_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3548 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3549 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3550 ref->death = NULL; 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3551 binder_inner_proc_lock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3552 if (list_empty(&death->work.entry)) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3553 death->work.type = BINDER_WORK_CLEAR_DEATH_NOTIFICATION; 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3554 if (thread->looper & 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3555 (BINDER_LOOPER_STATE_REGISTERED | 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3556 BINDER_LOOPER_STATE_ENTERED)) 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3557 binder_enqueue_thread_work_ilocked( 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3558 thread, 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3559 &death->work); 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3560 else { 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3561 binder_enqueue_work_ilocked( 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3562 &death->work, 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3563 &proc->todo); 1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3564 binder_wakeup_proc_ilocked( 408c68b17aea2f drivers/android/binder.c Martijn Coenen 2017-08-31 3565 proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3566 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3567 } else { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3568 BUG_ON(death->work.type != BINDER_WORK_DEAD_BINDER); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3569 death->work.type = BINDER_WORK_DEAD_BINDER_AND_CLEAR; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3570 } 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3571 binder_inner_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3572 } ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3573 binder_node_unlock(ref->node); 2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3574 binder_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3575 } break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3576 case BC_DEAD_BINDER_DONE: { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3577 struct binder_work *w; da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3578 binder_uintptr_t cookie; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3579 struct binder_ref_death *death = NULL; 10f62861b4a2f2 drivers/staging/android/binder.c Seunghun Lee 2014-05-01 3580 da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3581 if (get_user(cookie, (binder_uintptr_t __user *)ptr)) 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3582 return -EFAULT; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3583 7a64cd887fdb97 drivers/android/binder.c Lisa Du 2016-02-17 3584 ptr += sizeof(cookie); 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3585 binder_inner_proc_lock(proc); 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3586 list_for_each_entry(w, &proc->delivered_death, 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3587 entry) { 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3588 struct binder_ref_death *tmp_death = 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3589 container_of(w, 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3590 struct binder_ref_death, 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3591 work); 10f62861b4a2f2 drivers/staging/android/binder.c Seunghun Lee 2014-05-01 3592 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3593 if (tmp_death->cookie == cookie) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3594 death = tmp_death; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3595 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3596 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3597 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3598 binder_debug(BINDER_DEBUG_DEAD_BINDER, 8ca86f1639ec58 drivers/android/binder.c Todd Kjos 2018-02-07 3599 "%d:%d BC_DEAD_BINDER_DONE %016llx found %pK\n", da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3600 proc->pid, thread->pid, (u64)cookie, da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3601 death); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3602 if (death == NULL) { da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3603 binder_user_error("%d:%d BC_DEAD_BINDER_DONE %016llx not found\n", da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3604 proc->pid, thread->pid, (u64)cookie); 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3605 binder_inner_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3606 break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3607 } 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3608 binder_dequeue_work_ilocked(&death->work); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3609 if (death->work.type == BINDER_WORK_DEAD_BINDER_AND_CLEAR) { 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3610 death->work.type = BINDER_WORK_CLEAR_DEATH_NOTIFICATION; 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3611 if (thread->looper & 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3612 (BINDER_LOOPER_STATE_REGISTERED | 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3613 BINDER_LOOPER_STATE_ENTERED)) 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3614 binder_enqueue_thread_work_ilocked( 148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3615 thread, &death->work); 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3616 else { 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3617 binder_enqueue_work_ilocked( 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3618 &death->work, 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3619 &proc->todo); 408c68b17aea2f drivers/android/binder.c Martijn Coenen 2017-08-31 3620 binder_wakeup_proc_ilocked(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3621 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3622 } 72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3623 binder_inner_proc_unlock(proc); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3624 } break; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3625 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3626 default: 56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3627 pr_err("%d:%d unknown command %d\n", 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3628 proc->pid, thread->pid, cmd); 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3629 return -EINVAL; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3630 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3631 *consumed = ptr - buffer; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3632 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3633 return 0; 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3634 } 355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3635 :::::: The code at line 3540 was first introduced by commit :::::: 355b0502f6efea0ff9492753888772c96972d2a3 Revert "Staging: android: delete android drivers" :::::: TO: Greg Kroah-Hartman :::::: CC: Greg Kroah-Hartman --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org