From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 624F0231835 for ; Thu, 18 Jun 2026 12:12:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781784768; cv=none; b=XGmFrkTBK89PgcixyrSMo9RqVPs93ulm7lW30z7N6ge/7VqcuHFuw8rWAg/4dEpUtMHYPlihIUaWB1ncyGPVwA0MDFHEC+vIbMbXjBZYordWY6EW3qhbG1+tkD4VxyL0l/LEFcmsErpcYUmoFbPv1uDrBNJgkUUuBJJpHKZCiFY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781784768; c=relaxed/simple; bh=VPh66OoWpZ5Rgj1VncD5ykvvf5wyvhYaQugzh0jKVrY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SqtvSjQOTqRDfzwSeV/kUMxDh+Ofl4KLWw4ECeFqQ3kNXfAscS3hON5hD0iHUzrG4oMXT/fMomuWkDMP6/itIN+SbxUTdfMERpXiJujt1cH3clHz4gup2s9tLRVL2xfQRtwkf5OHktC+OibB7LglihUXv0xevd8dcgBtcchASpk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IezO2lyg; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IezO2lyg" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2c6b3f71648so11259385ad.2 for ; Thu, 18 Jun 2026 05:12:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781784767; x=1782389567; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z6Csyz0bu0sZ5TbyCujzNrhNywsgaepDXWQhK1Z3N+0=; b=IezO2lygsud5R4JrG7SpXNgWQIEQ9/stBVdnHLQEH8yW5FJqL8y7Td3NpltxKVfHyy lmtET3vGkNbluZhqCT+UoiUgk19ikAL2UR3dnfp/F3S66WxHgXQP0iqLc8GO1jXyGZl4 OGsWCPMdimr3at7x6L3tUFTF1rKo9bMdmDAMeVzb9TW2bMd+iJPY1et+liUZfx+PHRbP E2KMss1V8v+amL7z6aEwLTfduEudyit6tVC7D735z8gMNZOXA60Y8m9G60n+vbJYQHmA XhZYWtX2sA1iWeCD7a2GP7RQYViLv4SNmWOEQ7ZtL48aI2SdJNpsY+C+gpCOVRAH44qp O7fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781784767; x=1782389567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=z6Csyz0bu0sZ5TbyCujzNrhNywsgaepDXWQhK1Z3N+0=; b=UWJC4kRp8v49zdoeJVwV4RjZJsGCuvgR86u0nePfwn1B2pAMzpNIgS96+40gB34Tni 33/G2Q/5yjwyzOKXnB7x5My6q3Lf63jd9TZBqlQPpP6+qAhweJVFtD2YnIR4R0xWQFML g0JwFhnurarawPVz2ZyKsKhH350h7O+M+hpnvag8P0L9BCuj2Z+6k4br0OqvKZTrnIvW /IWe5+1GTecqhNbRXGppuyiZLZlhrJ0/i273ZXdgo9ybxcc/qtIkwSA8paIx5e3mn6FS hxAGnccjA0WKrqvC6dAwvSAKQtLKSdSc6+5M5fLCIZfiTh06lChJsaG7PDo3oDoqI/Qy rGjg== X-Forwarded-Encrypted: i=1; AFNElJ8His7OscEzxI9/SwIV+LvX7f47U8mwInbd6Ph9/wwqm0FO+ZcRsuUGPCs7vAbOwXpkESXR+4VDu3L5REg=@vger.kernel.org X-Gm-Message-State: AOJu0Yy5azQzqvZ3e+FTjqnK50kWrTqHgBnhy2MhsYNEd1NZhVw+kNDx f1kfXaiZLoEgn7VPxWmFgZJ4fldQ8/PXcg9Lme6VcHnEkRQzjbxnXzl1 X-Gm-Gg: AfdE7ck1wy3rNuv4jxmGD/NQkqxmM1TNzIpWR8pijlgtgOUaL1qUoUHGj4WZ98sWRRt xmR9SSWUv8lHXCyuePkJVtVGjNMyantoakhUUfl0o91IqKCB4ApVch1gHW5CgKLIVxTgkMCXttb GcllfTlrXy1J5U+TPyipHRPq33g6soTgty1XhAZDzd5TDlr9pTHNBf0giF9JNzS1jdGPVkQ04co 6GAf8O7/7wiV/yR4dsW0llyvUcyBk7/KchC4jTi3eH3JJnr/L0LwYEgm0GiW7+PsnNpxb20Jp/l eOe18k0vPOmMfUb4uN5QaEGjp9C+bBfxYcQcGD8xlmhXUzYOiuM15Bhjg3lQ/F54FKm/DM6lLR7 CChcAhw6mYNVs08AT8X3dN+YLLVSYpEcAuVS46prQsaYnPwf9K+uqQW3Sedb1oRIWBT0+F3G2H3 HKgieDmxZTZr0R02GpsFdUE+EkLee1OEbM8Q== X-Received: by 2002:a17:903:2b0f:b0:2ba:4ad9:70f6 with SMTP id d9443c01a7336-2c6bc2511a7mr93487925ad.31.1781784766711; Thu, 18 Jun 2026 05:12:46 -0700 (PDT) Received: from LAPTOP-TMVMP5FD.localdomain ([106.222.251.180]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2c433558449sm205858645ad.78.2026.06.18.05.12.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2026 05:12:46 -0700 (PDT) From: Keshav Verma To: Alice Ryhl Cc: Carlos Llamas , Greg Kroah-Hartman , =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= , Todd Kjos , Christian Brauner , Miguel Ojeda , Boqun Feng , Gary Guo , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Keshav Verma Subject: [PATCH v2] rust_binder: check context manager before creating node Date: Thu, 18 Jun 2026 17:42:02 +0530 Message-Id: <20260618121202.6258-1-iganschel@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260617222030.15189-1-iganschel@gmail.com> References: <20260617222030.15189-1-iganschel@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Rust Binder currently creates the Binder node before checking whether a context manager is already registered. If a context manager already exists, set_manager_node() returns -EBUSY after node state has already been created. Add a check before creating the node to match the C Binder ordering for the common already registered case. Keep the final checks in set_manager_node() so races with another caller are still handled after node creation. Signed-off-by: Keshav Verma --- Changes in v2: - Fix commit message line wrapping. - Drop pr_warn!() from the pre-check since userspace can trigger it. drivers/android/binder/context.rs | 19 +++++++++++++++++++ drivers/android/binder/process.rs | 1 + 2 files changed, 20 insertions(+) diff --git a/drivers/android/binder/context.rs b/drivers/android/binder/context.rs index ddddb66b3557..f7ae84074f96 100644 --- a/drivers/android/binder/context.rs +++ b/drivers/android/binder/context.rs @@ -4,6 +4,7 @@ use kernel::{ alloc::kvec::KVVec, + cred::Credential, error::code::*, prelude::*, security, @@ -107,6 +108,24 @@ pub(crate) fn deregister_process(self: &Arc, proc: &Arc) { } } + pub(crate) fn check_manager(&self, cred: &Credential) -> Result { + let manager = self.manager.lock(); + if manager.node.is_some() { + return Err(EBUSY); + } + security::binder_set_context_mgr(cred)?; + + // If the context manager has been set before, ensure that we use the same euid. + let caller_uid = Kuid::current_euid(); + if let Some(ref uid) = manager.uid { + if *uid != caller_uid { + return Err(EPERM); + } + } + + Ok(()) + } + pub(crate) fn set_manager_node(&self, node_ref: NodeRef) -> Result { let mut manager = self.manager.lock(); if manager.node.is_some() { diff --git a/drivers/android/binder/process.rs b/drivers/android/binder/process.rs index 96b8440ceac6..d09facebddf6 100644 --- a/drivers/android/binder/process.rs +++ b/drivers/android/binder/process.rs @@ -741,6 +741,7 @@ fn set_as_manager( } else { (0, 0, 0) }; + self.ctx.check_manager(&self.cred)?; let node_ref = self.get_node(ptr, cookie, flags as _, true, thread)?; let node = node_ref.node.clone(); self.ctx.set_manager_node(node_ref)?; -- 2.39.5