From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40EC7349CC4
	for <linux-kernel@vger.kernel.org>; Thu, 25 Jun 2026 00:38:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1782347898; cv=none; b=n8ZBLxQTS00xhA9BmpNYWNYt/REbEEFRhh0LDv6sj0ylKbpTURWnOos1HK4l1cGmQxNhhm4/dZqyIVxXi+/j6yDIWBXojGcfKg0OqrFiJap47cPyroMZ/jmERUxDHqfyUGEeUArfL6TMdDGau1qC9Fh+PhrgHq5RI+uIATSjGMI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1782347898; c=relaxed/simple;
	bh=rF/flD3pqclK0Zu17tb9hSmCxB7pV8J19y9rGUrF5uU=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=qCykc7CSesXNAurBKu3Ruv2Nra31HrgMXy77hFv8WtpgxDyoXKRhy99abT8PH0NfUDnjNyeWZXaUlfUhsXtTfKzwqAMxzKB57IO44fGNSTW9qU9SsHJeXz8ILuBvdtRwzEhDHhae1mK24o+amr0P9G9woObv6cE8nhqTcbx0rbU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NOu0xVKz; arc=none smtp.client-ip=209.85.214.176
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NOu0xVKz"
Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2c6a4eccab1so11875ad.1
        for <linux-kernel@vger.kernel.org>; Wed, 24 Jun 2026 17:38:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1782347891; x=1782952691; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:content-type:mime-version
         :references:message-id:subject:cc:to:from:date:from:to:cc:subject
         :date:message-id:reply-to:content-type;
        bh=kEUQ61U7bIUVYQGpc/J450ahEwyXnD6oLbaYe8LS3TA=;
        b=NOu0xVKzHGDmTq4cptAuWygSxMPrccXX5m+ID+ztgHFf9kVxzFtLIqrxodpf8quUIP
         CeaWf+EDH9KRysy9r9mBsJTBTTA5ZNakXKVpl0OJhXkve/yO8cx1G5A+VaJE3QUMlK/p
         1+vvRm0j2dZG/A4QV/XKZGdyjR9/Cft5IA4Ch+M6RQAmfSzf9OtPYwCwufwLvMbIey8I
         EvX1SbIfa4HztsXENUs4J89NH/ID459kKrPA4+pTho8521z035IvbyrtpcpT0rT/bF38
         X/bwfSU6Cqn+wXvrNCuYLWVVVOhTWYabRn7p45CFOx92vpPYf6L5gUPVlbIBShoijqDt
         Gzvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1782347891; x=1782952691;
        h=in-reply-to:content-disposition:content-type:mime-version
         :references:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to
         :content-type;
        bh=kEUQ61U7bIUVYQGpc/J450ahEwyXnD6oLbaYe8LS3TA=;
        b=qjcC+yjc0pPwG3Nfs5/vwHzoe+RTfcQ+M/X0Qm7Aa3pgmXEyTsCfqpRAmC/1TAiVYj
         2/hF2yXAjG5wmJnn7yy6KzcMryddE1LA8wuyRJSXQ5BhCgdgilpguVrmGosLr4uLrfL8
         Ovwd2CO/IVx6EVDW4G8zkRFE1RPcdzFq5ZJptioXA5gJI0Gb3y5oht4/IznYmEq0EHKd
         ZEFvb0HlWbvrcEBy+bPVwARC3pk0b8YYJFo55Lxe32NHzi6zgTK5PLz4spde8ZuA3bDg
         fOHnhxX3w/MD2DIBcEgwlY/D/g/FPYlfHlyhGXKxchkS1iYsO7NvEGfNxYKn/GpDhPcw
         v1tg==
X-Forwarded-Encrypted: i=1; AHgh+Rqrws0SF5Z2A9R6raw1TJyLE4PZRW0Khyz7ugOLRVfaGKp1ORe0M/6I27DTUJXOTQpRlHXjUyQDnZaSA0U=@vger.kernel.org
X-Gm-Message-State: AOJu0YxumNH8K6YfySbXdwjgq8g/vhe+DU4+AMMa3h7kTcStO96xLy74
	MA6heMi7LNAmosCTGLfk1ZtbH+modFLDljNTq7BwLOrFrEy0+o8wqZ8tzSViIIa0OQ==
X-Gm-Gg: AfdE7cm/fdLzfYUtrshHV0zcRQI7vXhi3rENPaSyMt5gqu2LqqnyL2dvUz+U2JYacID
	ZJWRMgek/m9s94HRN9qPyapWpOHpSL9aKS1yLWZoACZ4ZcQKSK9akal79wQtp3Y9zahBlKAi1zv
	xhSYKok/lAPp4FLwOpdxHGx8WUbBjA4hC9b5I49lHEOAHdGIol+BA3V2EzVuWcZzF9+NbzM0XQb
	qDdfwn7GjdKPOt23bN7Y7LafDEuxQUP215CsTvZMOoDQW/TUR02uxaAsbJM2aumdfjcVeqNUaGZ
	h0RhMV3f9lkfS93dRhM7Ex8rT823SA9w6/VEUxwCVjFbSUttJov+u6oXkNaJCk7XgmwDUyDkN3g
	x1Xqce2/a5wZZQXb7vLEDBoZMBKXml/FndG3+pTXEIx0lIJOoRGMz4SJkSQIdnbSSpEyipvIzso
	c8iI6RSnGKpitZa6ddo5C+1uQmvQcZDIcp9fda5vCeJVcrq+5OZNEid+BHWY1OhzIyPon8wpg21
	0EtgC3IW8/kZJiYQdcwAS4imdMpHnINhLY=
X-Received: by 2002:a17:902:ebc2:b0:2c7:eba3:a827 with SMTP id d9443c01a7336-2c7f77940c9mr1136075ad.30.1782347890674;
        Wed, 24 Jun 2026 17:38:10 -0700 (PDT)
Received: from google.com (112.174.16.34.bc.googleusercontent.com. [34.16.174.112])
        by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c92bcb9c14asm563221a12.24.2026.06.24.17.38.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Jun 2026 17:38:09 -0700 (PDT)
Date: Thu, 25 Jun 2026 00:38:05 +0000
From: Carlos Llamas <cmllamas@google.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: Keshav Verma <iganschel@gmail.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Arve =?iso-8859-1?B?SGr4bm5lduVn?= <arve@android.com>,
	Todd Kjos <tkjos@android.com>,
	Christian Brauner <brauner@kernel.org>,
	Miguel Ojeda <ojeda@kernel.org>, Boqun Feng <boqun@kernel.org>,
	Gary Guo <gary@garyguo.net>, linux-kernel@vger.kernel.org,
	rust-for-linux@vger.kernel.org, stable@kernel.org
Subject: Re: [PATCH v2] rust_binder: reject context manager self-transaction
Message-ID: <ajx4bYtQRvBZp4M0@google.com>
References: <20260621210134.441-1-iganschel@gmail.com>
 <20260622145801.344-1-iganschel@gmail.com>
 <ajpv5xkakp06ArMj@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ajpv5xkakp06ArMj@google.com>

On Tue, Jun 23, 2026 at 11:37:11AM +0000, Alice Ryhl wrote:
> On Mon, Jun 22, 2026 at 08:28:01PM +0530, Keshav Verma wrote:
> > Rust binder resolved handle 0 to the context manager node, but it does not
> > reject the case where the caller owns the same node.
> > 
> > The C binder driver rejects transactions from the context-manager process
> > to handle 0 after resolving the target node. Match that behavior in Rust
> > Binder by rejecting handle 0 transactions when the resolved context-manager
> > node is owned by the calling process.
> > 
> > This applies to both synchronous and oneway transactions because both paths
> > resolve the target through Process::get_transaction_node().
> > 
> > Cc: stable@kernel.org
> > Fixes: eafedbc7c050 ("rust_binder: add Rust Binder driver")
> > Signed-off-by: Keshav Verma <iganschel@gmail.com>
> > ---
> > Changes in v2:
> > - Compare the underlying OS process task instead of Rust Binder `Process` object.
> 
> I would prefer to compare the Binder Process object. Rejecting
> transactions between different fds owned by the same process doesn't
> really have any benefit and makes fuzz testing much harder.
> 
> Alice

Hey Alice,

The restrictions were added in the C version in order to patch
vulnerabilities associated with this "self-transaction" behavior.
See: http://git.kernel.org/torvalds/c/4b836a1426cb

I haven't really looked much into this, but do we even need this for the
Rust version? Is this even fixing anything at all?

--
Carlos Llamas