github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
f278b215d4
linux/drivers/android
History
Todd Kjos 5a4ed990f2 FROMGIT: binder: make sure fd closes complete 
During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object
cleanup may close 1 or more fds. The close operations are
completed using the task work mechanism -- which means the thread
needs to return to userspace or the file object may never be
dereferenced -- which can lead to hung processes.

Force the binder thread back to userspace if an fd is closed during
BC_FREE_BUFFER handling.

Fixes: 80cd795630 ("binder: fix use-after-free due to ksys_close() during fdget()")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Martijn Coenen <maco@android.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20210830195146.587206-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 111997867
(cherry picked from commit 5fdb55c1ac
 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
Change-Id: Idffa9b54edfc289d95b24f7ae2aa11ae494c7158
2021-09-14 23:07:56 +00:00
..
binder_alloc_selftest.c binder: print warnings when detecting oneway spamming. 2020-09-03 18:24:41 +02:00
binder_alloc.c UPSTREAM: binder: tell userspace to dump current backtrace when detected oneway spamming 2021-05-07 07:13:22 -07:00
binder_alloc.h UPSTREAM: binder: tell userspace to dump current backtrace when detected oneway spamming 2021-05-07 07:13:22 -07:00
binder_internal.h FROMGIT: binder: fix freeze race 2021-09-14 07:22:07 +00:00
binder_trace.h Linux 5.2-rc4 2019-06-09 09:18:13 +02:00
binder.c FROMGIT: binder: make sure fd closes complete 2021-09-14 23:07:56 +00:00
binderfs.c binderfs: make symbol 'binderfs_fs_parameters' static 2020-09-03 18:24:39 +02:00
debug_symbols.c ANDROID: android: Add symbols to debug_symbols driver 2021-07-14 20:52:01 -07:00
Kconfig ANDROID: android: Create debug_symbols driver 2021-01-27 15:23:18 -08:00
Makefile ANDROID: android: Create debug_symbols driver 2021-01-27 15:23:18 -08:00
vendor_hooks.c ANDROID: vendor_hooks: Add hook in try_to_unmap_one() 2021-09-06 17:00:04 +08:00