[PATCH] android: binder: fixup crash introduced by moving buffer hdr

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sherry Yang <sherryy@android.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org
Cc: tkjos@google.com, maco@google.com,
	"Sherry Yang" <sherryy@android.com>,
	"Arve Hjønnevåg" <arve@android.com>,
	"Riley Andrews" <riandrews@android.com>,
	devel@driverdev.osuosl.org (open list:ANDROID DRIVERS)
Subject: [PATCH] android: binder: fixup crash introduced by moving buffer hdr
Date: Thu, 31 Aug 2017 10:26:06 -0700	[thread overview]
Message-ID: <20170831172606.51294-1-sherryy@android.com> (raw)
In-Reply-To: <20170831042812.GA3359@kroah.com>

Fix crash introduced by 74310e06be4d74dcf67cd108366710dee5c576d5
(android: binder: Move buffer out of area shared with user space)
when close is called after open without mmap in between.

Signed-off-by: Sherry Yang <sherryy@android.com>
---
 drivers/android/binder_alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 78c42c0d62b9..2624a502fcde 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
 	}
 
 	buffer->data = alloc->buffer;
-	INIT_LIST_HEAD(&alloc->buffers);
 	list_add(&buffer->entry, &alloc->buffers);
 	buffer->free = 1;
 	binder_insert_free_buffer(alloc, buffer);
@@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc)
 	alloc->tsk = current->group_leader;
 	alloc->pid = current->group_leader->pid;
 	mutex_init(&alloc->mutex);
+	INIT_LIST_HEAD(&alloc->buffers);
 }
 
 void binder_alloc_shrinker_init(void)
-- 
2.14.1.581.gf28d330327-goog

next prev parent reply	other threads:[~2017-08-31 17:26 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-30  0:46 [PATCH 0/6] android: binder: move allocator metadata and add shrinker Sherry Yang
2017-08-30  0:46 ` [PATCH v3 1/6] android: binder: Refactor prev and next buffer into a helper function Sherry Yang
2017-08-30  6:07   ` Greg Kroah-Hartman
2017-08-30 19:46     ` Sherry Yang
2017-08-30 20:08       ` Dan Carpenter
2017-08-31  4:28       ` Greg Kroah-Hartman
2017-08-31 17:26         ` Sherry Yang [this message]
2017-09-01  6:52           ` [PATCH] android: binder: fixup crash introduced by moving buffer hdr Greg KH
2017-08-31 17:30         ` [PATCH v3 1/6] android: binder: Refactor prev and next buffer into a helper function Sherry Yang
2017-08-31 18:47           ` Greg Kroah-Hartman
2017-08-31 18:56             ` [PATCH] android: binder: Add page usage in binder stats Sherry Yang
2017-08-30  0:46 ` [PATCH v3 2/6] android: binder: Add allocator selftest Sherry Yang
2017-08-30  0:46 ` [PATCH v3 3/6] android: binder: Move buffer out of area shared with user space Sherry Yang
2017-08-30  9:29   ` Dan Carpenter
2017-08-30 20:04     ` Arve Hjønnevåg
2017-08-30 20:20       ` Dan Carpenter
2017-08-30 21:03         ` Todd Kjos
2017-08-30  0:47 ` [PATCH v3 4/6] android: binder: Add global lru shrinker to binder Sherry Yang
2017-08-30  0:47 ` [PATCH v3 5/6] android: binder: Add shrinker tracepoints Sherry Yang
2017-08-30  0:47 ` [PATCH v3 6/6] android: binder: Add page usage in binder stats Sherry Yang

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:78c42c0d62b dfblob:2624a502fcd )
 OR (
bs:"[PATCH] android: binder: fixup crash introduced by moving buffer hdr" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170831172606.51294-1-sherryy@android.com \
    --to=sherryy@android.com \
    --cc=arve@android.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maco@google.com \
    --cc=riandrews@android.com \
    --cc=tkjos@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.