~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1399,7 +1399,8 @@
1399	1399	*/
1400	1400	static void binder_free_ref(struct binder_ref *ref)
1401	1401	{
1402		- trace_android_vh_binder_del_ref(ref->proc ? ref->proc->tsk : 0, ref->data.desc);
	1402	+ trace_android_vh_binder_del_ref(ref->proc ? ref->proc->tsk : NULL,
	1403	+ ref->data.desc);
1403	1404	if (ref->node)
1404	1405	binder_free_node(ref->node);
1405	1406	kfree(ref->death);
..	..	@@ -2033,24 +2034,23 @@
2033	2034	static void binder_transaction_buffer_release(struct binder_proc *proc,
2034	2035	struct binder_thread *thread,
2035	2036	struct binder_buffer *buffer,
2036		- binder_size_t failed_at,
	2037	+ binder_size_t off_end_offset,
2037	2038	bool is_failure)
2038	2039	{
2039	2040	int debug_id = buffer->debug_id;
2040		- binder_size_t off_start_offset, buffer_offset, off_end_offset;
	2041	+ binder_size_t off_start_offset, buffer_offset;
2041	2042
2042	2043	binder_debug(BINDER_DEBUG_TRANSACTION,
2043	2044	"%d buffer release %d, size %zd-%zd, failed at %llx\n",
2044	2045	proc->pid, buffer->debug_id,
2045	2046	buffer->data_size, buffer->offsets_size,
2046		- (unsigned long long)failed_at);
	2047	+ (unsigned long long)off_end_offset);
2047	2048
2048	2049	if (buffer->target_node)
2049	2050	binder_dec_node(buffer->target_node, 1, 0);
2050	2051
2051	2052	off_start_offset = ALIGN(buffer->data_size, sizeof(void *));
2052		- off_end_offset = is_failure && failed_at ? failed_at :
2053		- off_start_offset + buffer->offsets_size;
	2053	+
2054	2054	for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
2055	2055	buffer_offset += sizeof(binder_size_t)) {
2056	2056	struct binder_object_header *hdr;
..	..	@@ -2208,6 +2208,21 @@
2208	2208	break;
2209	2209	}
2210	2210	}
	2211	+}
	2212	+
	2213	+/* Clean up all the objects in the buffer */
	2214	+static inline void binder_release_entire_buffer(struct binder_proc *proc,
	2215	+ struct binder_thread *thread,
	2216	+ struct binder_buffer *buffer,
	2217	+ bool is_failure)
	2218	+{
	2219	+ binder_size_t off_end_offset;
	2220	+
	2221	+ off_end_offset = ALIGN(buffer->data_size, sizeof(void *));
	2222	+ off_end_offset += buffer->offsets_size;
	2223	+
	2224	+ binder_transaction_buffer_release(proc, thread, buffer,
	2225	+ off_end_offset, is_failure);
2211	2226	}
2212	2227
2213	2228	static int binder_translate_binder(struct flat_binder_object *fp,
..	..	@@ -2871,7 +2886,8 @@
2871	2886	thread = binder_select_thread_ilocked(proc);
2872	2887
2873	2888	trace_android_vh_binder_proc_transaction(current, proc->tsk,
2874		- thread ? thread->task : 0, node->debug_id, t->code, pending_async);
	2889	+ thread ? thread->task : NULL, node->debug_id, t->code,
	2890	+ pending_async);
2875	2891
2876	2892	if (thread) {
2877	2893	binder_transaction_priority(thread->task, t, node_prio,
..	..	@@ -2914,7 +2930,7 @@
2914	2930	t_outdated->buffer = NULL;
2915	2931	buffer->transaction = NULL;
2916	2932	trace_binder_transaction_update_buffer_release(buffer);
2917		- binder_transaction_buffer_release(proc, NULL, buffer, 0, 0);
	2933	+ binder_release_entire_buffer(proc, NULL, buffer, false);
2918	2934	binder_alloc_free_buf(&proc->alloc, buffer);
2919	2935	kfree(t_outdated);
2920	2936	binder_stats_deleted(BINDER_STAT_TRANSACTION);
..	..	@@ -3828,7 +3844,7 @@
3828	3844	binder_node_inner_unlock(buf_node);
3829	3845	}
3830	3846	trace_binder_transaction_buffer_release(buffer);
3831		- binder_transaction_buffer_release(proc, thread, buffer, 0, is_failure);
	3847	+ binder_release_entire_buffer(proc, thread, buffer, is_failure);
3832	3848	binder_alloc_free_buf(&proc->alloc, buffer);
3833	3849	}
3834	3850
..	..	@@ -6663,6 +6679,7 @@
6663	6679
6664	6680	err_alloc_device_names_failed:
6665	6681	debugfs_remove_recursive(binder_debugfs_dir_entry_root);
	6682	+ binder_alloc_shrinker_exit();
6666	6683
6667	6684	return ret;
6668	6685	}