On Mon, Jul 9, 2018 at 3:10 AM, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > While at it, let's add cond_resched() to binder_thread_write(), > binder_transaction() and binder_release_work() loops because they might > take long time. This should be a separate patch, and I would love to see some benchmark data around this change (there's a few in Android userspace - let me know if you need help setting them up). Did you actually observe these particular functions running for a long time without the scheduler running? Thanks, Martijn > > [1] https://syzkaller.appspot.com/bug?id=0e75779a6f0faac461510c6330514e8f0e893038 > [2] https://syzkaller.appspot.com/bug?id=aa11d2d767f3750ef9a40d156a149e9cfa735b73 > > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Reported-by: syzbot+e38306788a2e7102a3b6@xxxxxxxxxxxxxxxxxxxxxxxxx > Reported-by: syzbot+4417a2fa149da3802a74@xxxxxxxxxxxxxxxxxxxxxxxxx > --- > drivers/android/binder.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/android/binder.c b/drivers/android/binder.c > index 95283f3..c136fce 100644 > --- a/drivers/android/binder.c > +++ b/drivers/android/binder.c > @@ -161,7 +161,7 @@ static int binder_set_stop_on_user_error(const char *val, > #define binder_debug(mask, x...) \ > do { \ > if (binder_debug_mask & mask) \ > - pr_info(x); \ > + pr_info_ratelimited(x); \ > } while (0) > > #define binder_user_error(x...) \ > @@ -3016,7 +3016,7 @@ static void binder_transaction(struct binder_proc *proc, > sg_bufp = (u8 *)(PTR_ALIGN(off_end, sizeof(void *))); > sg_buf_end = sg_bufp + extra_buffers_size; > off_min = 0; > - for (; offp < off_end; offp++) { > + for (; offp < off_end; cond_resched(), offp++) { > struct binder_object_header *hdr; > size_t object_size = binder_validate_object(t->buffer, *offp); > > @@ -3307,6 +3307,7 @@ static int binder_thread_write(struct binder_proc *proc, > > if (get_user(cmd, (uint32_t __user *)ptr)) > return -EFAULT; > + cond_resched(); > ptr += sizeof(uint32_t); > trace_binder_command(cmd); > if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.bc)) { > @@ -4193,6 +4194,7 @@ static void binder_release_work(struct binder_proc *proc, > struct binder_work *w; > > while (1) { > + cond_resched(); > w = binder_dequeue_work_head(proc, list); > if (!w) > return; > -- > 1.8.3.1 > _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
