From: Alice Ryhl <aliceryhl@google.com>
To: Keshav Verma <iganschel@gmail.com>
Cc: "Carlos Llamas" <cmllamas@google.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
stable@kernel.org
Subject: Re: [PATCH v2] rust_binder: reject context manager self-transaction
Date: Tue, 23 Jun 2026 11:37:11 +0000 [thread overview]
Message-ID: <ajpv5xkakp06ArMj@google.com> (raw)
In-Reply-To: <20260622145801.344-1-iganschel@gmail.com>
On Mon, Jun 22, 2026 at 08:28:01PM +0530, Keshav Verma wrote:
> Rust binder resolved handle 0 to the context manager node, but it does not
> reject the case where the caller owns the same node.
>
> The C binder driver rejects transactions from the context-manager process
> to handle 0 after resolving the target node. Match that behavior in Rust
> Binder by rejecting handle 0 transactions when the resolved context-manager
> node is owned by the calling process.
>
> This applies to both synchronous and oneway transactions because both paths
> resolve the target through Process::get_transaction_node().
>
> Cc: stable@kernel.org
> Fixes: eafedbc7c050 ("rust_binder: add Rust Binder driver")
> Signed-off-by: Keshav Verma <iganschel@gmail.com>
> ---
> Changes in v2:
> - Compare the underlying OS process task instead of Rust Binder `Process` object.
I would prefer to compare the Binder Process object. Rejecting
transactions between different fds owned by the same process doesn't
really have any benefit and makes fuzz testing much harder.
Alice
prev parent reply other threads:[~2026-06-23 11:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-21 21:01 [PATCH] rust_binder: reject context manager self-transaction Keshav Verma
2026-06-22 14:58 ` [PATCH v2] " Keshav Verma
2026-06-23 11:37 ` Alice Ryhl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajpv5xkakp06ArMj@google.com \
--to=aliceryhl@google.com \
--cc=arve@android.com \
--cc=boqun@kernel.org \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=iganschel@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=stable@kernel.org \
--cc=tkjos@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.