libbinder: RPC clear behavior
Previously, when RpcState cleared its state in response to an
error, there were two issues that might happen related to proxy
destruction:
- a BpBinder could have lost its last strong ref on another thread
but not have the destruction reflected in RpcSession yet. This
is the issue causing crashes in the callback test (when the call
is oneway, callback is not oneway, and the call is delayed)
- this code could run the BpBinder destructor if mNodeForBinder is
the last wp<> holder of BpBinder (which has object lifetime weak).
This could cause an issue hypothetically if an attached object
(via attachObject) made binder calls in its destructor. In order
to prevent this, 'binder' is held onto, instead of 'node.sentRef'.
Fixes: 237330627
Test: (running for several minutes)
m binderRpcTest && adb sync && adb shell "while /data/nativetest64/binderRpcTest/binderRpcTest --gtest_filter="*Callbacks*"; do logcat -c; done
Change-Id: I21a702217b0749932d77c3acf11e879ee77dd22b
2 files changed