Re: [PATCH v2 2/3] rust_binder: don't delete FreezeListener if there are pending duplicates

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Carlos Llamas <cmllamas@google.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Arve Hjønnevåg" <arve@android.com>,
	"Todd Kjos" <tkjos@android.com>,
	"Martijn Coenen" <maco@android.com>,
	"Joel Fernandes" <joelagnelf@nvidia.com>,
	"Christian Brauner" <brauner@kernel.org>,
	"Suren Baghdasaryan" <surenb@google.com>,
	linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v2 2/3] rust_binder: don't delete FreezeListener if there are pending duplicates
Date: Wed, 8 Oct 2025 16:53:52 +0000	[thread overview]
Message-ID: <aOaXIHS6YapFWytL@google.com> (raw)
In-Reply-To: <20251007-binder-freeze-v2-2-5376bd64fb59@google.com>

On Tue, Oct 07, 2025 at 09:39:52AM +0000, Alice Ryhl wrote:
> When userspace issues commands to a freeze listener, it identifies it
> using a cookie. Normally this cookie uniquely identifies a freeze
> listener, but when userspace clears a listener with the intent of
> deleting it, it's allowed to "regret" clearing it and create a new
> freeze listener for the same node using the same cookie. (IMO this was
> an API mistake, but userspace relies on it.)
> 
> Currently if the active freeze listener gets fully deleted while there
> are still pending duplicates, then the code incorrectly deletes the
> pending duplicates too. To fix this, do not delete the entry if there
> are still pending duplicates.
> 
> Since the current data structure requires a main freeze listener, we
> convert one pending duplicate into the primary listener in this
> scenario.
> 
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
>  drivers/android/binder/freeze.rs | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/android/binder/freeze.rs b/drivers/android/binder/freeze.rs
> index 74bebb8d4d9b24860eed34363ce69b1c6df58028..e304aceca7f31c15444cf67bb13488cd144345e6 100644
> --- a/drivers/android/binder/freeze.rs
> +++ b/drivers/android/binder/freeze.rs
> @@ -106,7 +106,16 @@ fn do_work(
>              return Ok(true);
>          }
>          if freeze.is_clearing {
> -            _removed_listener = freeze_entry.remove_node();
> +            kernel::warn_on!(freeze.num_cleared_duplicates != 0);
> +            if freeze.num_pending_duplicates > 0 {
> +                // The primary freeze listener was deleted, so convert a pending duplicate back
> +                // into the primary one.
> +                freeze.num_pending_duplicates -= 1;
> +                freeze.is_pending = true;
> +                freeze.is_clearing = true;
> +            } else {
> +                _removed_listener = freeze_entry.remove_node();
> +            }
>              drop(node_refs);
>              writer.write_code(BR_CLEAR_FREEZE_NOTIFICATION_DONE)?;
>              writer.write_payload(&self.cookie.0)?;
> 
> -- 
> 2.51.0.618.g983fd99d29-goog
> 

Acked-by: Carlos Llamas <cmllamas@google.com>

next prev parent reply	other threads:[~2025-10-08 16:53 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-07  9:39 [PATCH v2 0/3] Fix three issues with freeze listeners Alice Ryhl
2025-10-07  9:39 ` [PATCH v2 1/3] rust_binder: freeze_notif_done should resend if wrong state Alice Ryhl
2025-10-08 16:32   ` Carlos Llamas
2025-10-08 16:34     ` Alice Ryhl
2025-10-08 16:38       ` Carlos Llamas
2025-10-08 16:41         ` Alice Ryhl
2025-10-08 16:52           ` Carlos Llamas
2025-10-09 11:19             ` Alice Ryhl
2025-10-07  9:39 ` [PATCH v2 2/3] rust_binder: don't delete FreezeListener if there are pending duplicates Alice Ryhl
2025-10-08 16:53   ` Carlos Llamas [this message]
2025-10-07  9:39 ` [PATCH v2 3/3] rust_binder: report freeze notification only when fully frozen Alice Ryhl
2025-10-08 16:54   ` Carlos Llamas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aOaXIHS6YapFWytL@google.com \
    --to=cmllamas@google.com \
    --cc=aliceryhl@google.com \
    --cc=arve@android.com \
    --cc=brauner@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=joelagnelf@nvidia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maco@android.com \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=surenb@google.com \
    --cc=tkjos@android.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox