Hi Todd, On 11 September 2017 at 21:10, Todd Kjos <tkjos@xxxxxxxxxx> wrote: > (resend in plain-text mode -- sorry about that) > > Amit, > > Are you sure this patch is the culprit? That is pretty surprising > since this change can only be hit in a uncommon case (the target node > is valid when we start creating the transaction, but dead when we > check right before sending it) so it is unlikely to be hit during a > normal boot. It also fixes a corruption -- so if you were actually > hitting the case, it would likely have caused issues before and not > now. Take a look at it and see if you think it is really possible. > > I just booted hikey to Android with this patch 10 times in a row with > no issues (used hikey-linaro 4.9 kernel which has this patch). Sorry for not being clear enough in the bug report. android-4.9 is fine, I see this issue on linux mainline tree with this patch. I can reproduce it on John's minimal Android tree for hikey hosted here https://git.linaro.org/people/john.stultz/android-dev.git/log/?h=dev/hikey-mainline-WIP and hikey-llct (android-4.9 patchset rebased to mainline) tree hosted here https://android-git.linaro.org/kernel/linaro-android.git/log/?h=test/hikey-llct. I have already reverted this patch in hikey-llct so you have to revert that revert to reproduce this issue on hikey-llct tree. Regards, Amit Pundir > > -Todd > >> On Mon, Sep 11, 2017 at 5:18 AM, Amit Pundir <amit.pundir@xxxxxxxxxx> wrote: >>> >>> On 5 September 2017 at 22:51, Todd Kjos <tkjos@xxxxxxxxxxx> wrote: >>> > From: Xu YiPing <xuyiping@xxxxxxxxxxxxx> >>> > >>> > commit 7a4408c6bd3e ("binder: make sure accesses to proc/thread are >>> > safe") made a change to enqueue tcomplete to thread->todo before >>> > enqueuing the transaction. However, in err_dead_proc_or_thread case, >>> > the tcomplete is directly freed, without dequeued. It may cause the >>> > thread->todo list to be corrupted. >>> > >>> > So, dequeue it before freeing. >>> >>> I see Android boot loops with this patch on hikey tracking >>> linux/master branch. 1st boot is fine but hikey runs into an >>> unexpected short boot loops on 2nd and successive boots. >>> >>> It takes about 3-4 iterations to finally come to sane state and boot >>> to UI. I don't see this behaviour if I revert this patch. >>> >>> Regards, >>> Amit Pundir >>> >>> > >>> > Signed-off-by: Xu YiPing <xuyiping@xxxxxxxxxxxxx> >>> > Signed-off-by: Todd Kjos <tkjos@xxxxxxxxxx> >>> > --- >>> > drivers/android/binder.c | 1 + >>> > 1 file changed, 1 insertion(+) >>> > >>> > diff --git a/drivers/android/binder.c b/drivers/android/binder.c >>> > index d055b3f2a207..96cc28afa383 100644 >>> > --- a/drivers/android/binder.c >>> > +++ b/drivers/android/binder.c >>> > @@ -3083,6 +3083,7 @@ static void binder_transaction(struct binder_proc >>> > *proc, >>> > err_dead_proc_or_thread: >>> > return_error = BR_DEAD_REPLY; >>> > return_error_line = __LINE__; >>> > + binder_dequeue_work(proc, tcomplete); >>> > err_translate_failed: >>> > err_bad_object_type: >>> > err_bad_offset: >>> > -- >>> > 2.14.1.581.gf28d330327-goog >>> > >> >> _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
