Age | Commit message (Collapse) | Author |
|
binder_deferred_release was not unmapping the page from the buffer
before freeing it, causing memory corruption. This only happened
when page(s) had not been freed by binder_update_page_range, which
properly unmaps the pages.
This only happens on architectures with VIPT aliasing.
To reproduce, create a program which opens, mmaps, munmaps, then closes
the binder very quickly. This should leave a page allocated when the
binder is released. When binder_deferrred_release is called on the
close, the page will remain mapped to the address in the linear
proc->buffer. Later, we may map the same physical page to a different
virtual address that has different coloring, and this may cause
aliasing to occur.
PAGE_POISONING will greatly increase your chances of noticing any
problems.
Change-Id: I6941bf212881b8bf846bdfda43d3609c7ae4892e
Signed-off-by: Christopher Lais <chris+android@zenthought.org>
|
|
Some drivers flush the global workqueue when closed. This would deadlock if
the last reference to the file was released from the binder.
Change-Id: Ifdabc0b383fecb20836d1bbb9786c632402a14e1
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
|
|
|
Change-Id: Ia0f9c8cec68054c6600a799ef864ebf1185c93ab
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
|
Change-Id: I6e9c064ba024329099cb833b2ae9ab43c2ad8c6d
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
|
This reverts commit b0a0ccfad85b3657fe999805df65f5cfe634ab8a.
|
|
These drivers are no longer being developed and the original authors
seem to have abandonded them and hence, do not want them in the mainline
kernel tree.
So sad :(
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
This was done using a semantic patch (http://coccinelle.lip6.fr/) that
checks that the declaration is not inside a function definition, that the
defined variable is not exported using EXPORTED_SYMBOL, etc, and that the
defined variable does not occur in any other file. If these conditions
hold, static is added before the declaration.
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Clean up 3 or so checkpatch errors from one of my prior patches.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
This file has a lot of long line problems due to the massive indent issues
that exist. This just cleans up some of the really really long ones.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
An initial cleanup of all the binder_stat statements. The binder
command and return stats still need some assistance tho.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Replaced a manual hlist_head declaration with a macro based one.
Also reorganized the globals to be grouped better.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Declare the binder_deferred_state enum, and use the new enum
for one of the binder_defer_work function arguments. This
should keep the argument within the confines of the enum
instead of the whole int range.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
I removed the binder_transaction_buffer_release predefine, and put
the actual function in place of it.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
I moved the continual,
if (binder_debug_mask & mask)
printk()
into a single macro so it's all in one place. It could be refined further
from there.
Signed-off-by: Daniel Walker <dwalker@fifo99.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
This cleans up the majority of the checkpatch warnings in the android
binder driver. All that is left now is a bunch of too-long-line stuff.
Cc: San Mehat <san@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
If a transaction that contains a file descriptor fails on a later object,
the new file descriptor needs to be closed. If this is a binder file
descriptor we would deadlock in flush. If there were no other references to
the file at this point release would also be called.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
stack.
If a thread is part of a transaction stack, it is only allowed to make
another call if it was the target of the top transaction on the stack.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
mmapped
This prevents breaking fget_light if a single threaded application
allows incoming file descriptors (in replies or on nodes).
Should also prevent inserting a file in the wrong files_struct if the
receving process execs in the middle of a transaction (between
task_get_unused_fd_flags and task_fd_install).
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Check that datasize is not smaller than one flat_binder_object.
Check that offsets are aligned.
Check that offsets_size is aligned.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Only allow a binder file pointer to be mmapped once. The buffer management
code cannot deal with more then one area.
Also remove leftover mutex_unlock if mmap fails.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
driver is opened twice in one process.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Many platforms do not support mappings without VM_EXEC.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Fix printk format warnings in android binder:
drivers/staging/android/binder.c:2652: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
drivers/staging/android/binder.c:2659: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
drivers/staging/android/binder.c:2680: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Compile tested.
task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
This fixes the build errors and warnings in the binder driver. It can't
be a module, due to a lack of some of the symbols being exported.
Also added a MODULE_LICENSE(), as it was missing.
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Cc: Robert Love <rlove@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
Task credentials were moved and must be accessed through task_struct.cred
Signed-off-by: J.R. Mauro <jrm8005@gmail.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Cc: Robert Love <rlove@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
for size_t in printk
Use the proper format specifiers for printing size_t values.
Signed-off-by: J.R. Mauro <jrm8005@gmail.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Cc: Robert Love <rlove@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
It builds, but not as a module, and with lots of warnings.
I also had to fix up a few syntax errors to get it to build
properly, I'm doubting that anyone has built it in a while :(
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Brian Swetland <swetland@google.com>
Cc: Robert Love <rlove@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|