From 999976097d70e80452dee159710847f007e147f2 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Fri, 22 Jul 2022 01:19:38 +0000 Subject: [PATCH] ANDROID: binder: fix pending prio state for early exit When calling binder_do_set_priority() with the same policy and priority values as the current task, we exit early since there is nothing to do. However, the BINDER_PRIO_PENDING state might be set and in this case we fail to update it. A subsequent call to binder_transaction_priority() will then read an incorrect state and save the wrong priority. Fix this by setting thread->prio_state to BINDER_PRIO_SET on our way out. Bug: 199309216 Fixes: cac827f2619b ("ANDROID: binder: fix race in priority restore") Signed-off-by: Carlos Llamas Change-Id: I21e906cf4b2ebee908af41fe101ecd458ae1991c (cherry picked from commit 72193be6d4bd9ad29dacd998c14dff97f7a6c6c9) --- drivers/android/binder.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 336a13ff60a9..6fee6d574986 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -657,8 +657,13 @@ static void binder_do_set_priority(struct binder_thread *thread, bool has_cap_nice; unsigned int policy = desired->sched_policy; - if (task->policy == policy && task->normal_prio == desired->prio) + if (task->policy == policy && task->normal_prio == desired->prio) { + spin_lock(&thread->prio_lock); + if (thread->prio_state == BINDER_PRIO_PENDING) + thread->prio_state = BINDER_PRIO_SET; + spin_unlock(&thread->prio_lock); return; + } has_cap_nice = has_capability_noaudit(task, CAP_SYS_NICE);