Hridya Valsaraju e907b13144 binder: prevent transactions to context manager from its own process. ... commit 49ed96943a upstream. Currently, a transaction to context manager from its own process is prevented by checking if its binder_proc struct is the same as that of the sender. However, this would not catch cases where the process opens the binder device again and uses the new fd to send a transaction to the context manager. Reported-by: syzbot+8b3c354d33c4ac78bfad@syzkaller.appspotmail.com Signed-off-by: Hridya Valsaraju <hridya@google.com> Acked-by: Todd Kjos <tkjos@google.com> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20190715191804.112933-1-hridya@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-07-31 07:27:10 +02:00
..
binder_alloc_selftest.c	android: binder: Add global lru shrinker to binder	2017-08-28 16:47:17 +02:00
binder_alloc.c	binder: fix race between munmap() and direct reclaim	2019-06-09 09:17:23 +02:00
binder_alloc.h	binder: fix race that allows malicious free of live buffer	2018-12-05 19:32:11 +01:00
binder_trace.h	android: binder: Show extra_buffers_size in trace	2018-08-02 10:34:12 +02:00
binder.c	binder: prevent transactions to context manager from its own process.	2019-07-31 07:27:10 +02:00
Kconfig	android: binder: Drop dependency on !M68K	2018-07-07 17:44:52 +02:00
Makefile	android: binder: Add allocator selftest	2017-08-28 16:47:17 +02:00