diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 17:45:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 17:45:30 +0000 |
commit | 01db417e0aee3e51df4f5f3775535fd1fb15e329 (patch) | |
tree | 12d419efb27541c39ef63831e0d899339ecfef4f /drivers/android/binder.c | |
parent | Adding debian version 5.10.209-2. (diff) | |
download | linux-01db417e0aee3e51df4f5f3775535fd1fb15e329.tar.xz linux-01db417e0aee3e51df4f5f3775535fd1fb15e329.zip |
Merging upstream version 5.10.216.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'drivers/android/binder.c')
-rw-r--r-- | drivers/android/binder.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 7db748cfc..bcbaa4d6a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -836,6 +836,16 @@ binder_enqueue_thread_work_ilocked(struct binder_thread *thread, { WARN_ON(!list_empty(&thread->waiting_thread_node)); binder_enqueue_work_ilocked(work, &thread->todo); + + /* (e)poll-based threads require an explicit wakeup signal when + * queuing their own work; they rely on these events to consume + * messages without I/O block. Without it, threads risk waiting + * indefinitely without handling the work. + */ + if (thread->looper & BINDER_LOOPER_STATE_POLL && + thread->pid == current->pid && !thread->process_todo) + wake_up_interruptible_sync(&thread->wait); + thread->process_todo = true; } @@ -2032,8 +2042,10 @@ static size_t binder_get_object(struct binder_proc *proc, size_t object_size = 0; read_size = min_t(size_t, sizeof(*object), buffer->data_size - offset); - if (offset > buffer->data_size || read_size < sizeof(*hdr)) + if (offset > buffer->data_size || read_size < sizeof(*hdr) || + !IS_ALIGNED(offset, sizeof(u32))) return 0; + if (u) { if (copy_from_user(object, u + offset, read_size)) return 0; |