subject:"\[PATCH\] android\: binder\: Fix a possible data race in binder_alloc_mmap

Re: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

2018-05-08 Thread Martijn Coenen

On Tue, May 8, 2018 at 2:06 AM, Jia-Ju Bai  wrote:
> The write operations to "alloc->buffer" are protected by
> the lock on line 679 and 730, but the read operation to
> this data on line 712 is not protected by the lock.
> Thus, there may exist a data race for "alloc->buffer".

It's read by the same thread that just wrote it, there is no data race.

The locks at line 679 and 730 protect against multiple threads calling
mmap() at the same time.

>
> To fix this data race, the read operation to "alloc->buffer"
> should be also protected by the lock.
>
> Signed-off-by: Jia-Ju Bai 
> ---
>  drivers/android/binder_alloc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
> index 5a426c877dfb..596acc3a84e4 100644
> --- a/drivers/android/binder_alloc.c
> +++ b/drivers/android/binder_alloc.c
> @@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
> goto err_alloc_buf_struct_failed;
> }
>
> +   mutex_lock(_alloc_mmap_lock);
> buffer->data = alloc->buffer;
> +   mutex_unlock(_alloc_mmap_lock);
> list_add(>entry, >buffers);
> buffer->free = 1;
> binder_insert_free_buffer(alloc, buffer);
> --
> 2.17.0
>

Re: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

2018-05-08 Thread Martijn Coenen

On Tue, May 8, 2018 at 2:06 AM, Jia-Ju Bai  wrote:
> The write operations to "alloc->buffer" are protected by
> the lock on line 679 and 730, but the read operation to
> this data on line 712 is not protected by the lock.
> Thus, there may exist a data race for "alloc->buffer".

It's read by the same thread that just wrote it, there is no data race.

The locks at line 679 and 730 protect against multiple threads calling
mmap() at the same time.

>
> To fix this data race, the read operation to "alloc->buffer"
> should be also protected by the lock.
>
> Signed-off-by: Jia-Ju Bai 
> ---
>  drivers/android/binder_alloc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
> index 5a426c877dfb..596acc3a84e4 100644
> --- a/drivers/android/binder_alloc.c
> +++ b/drivers/android/binder_alloc.c
> @@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
> goto err_alloc_buf_struct_failed;
> }
>
> +   mutex_lock(_alloc_mmap_lock);
> buffer->data = alloc->buffer;
> +   mutex_unlock(_alloc_mmap_lock);
> list_add(>entry, >buffers);
> buffer->free = 1;
> binder_insert_free_buffer(alloc, buffer);
> --
> 2.17.0
>

[PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

2018-05-08 Thread Jia-Ju Bai

The write operations to "alloc->buffer" are protected by
the lock on line 679 and 730, but the read operation to
this data on line 712 is not protected by the lock.
Thus, there may exist a data race for "alloc->buffer".

To fix this data race, the read operation to "alloc->buffer" 
should be also protected by the lock.

Signed-off-by: Jia-Ju Bai 
---
 drivers/android/binder_alloc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 5a426c877dfb..596acc3a84e4 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
goto err_alloc_buf_struct_failed;
}
 
+   mutex_lock(_alloc_mmap_lock);
buffer->data = alloc->buffer;
+   mutex_unlock(_alloc_mmap_lock);
list_add(>entry, >buffers);
buffer->free = 1;
binder_insert_free_buffer(alloc, buffer);
-- 
2.17.0

[PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

2018-05-08 Thread Jia-Ju Bai

The write operations to "alloc->buffer" are protected by
the lock on line 679 and 730, but the read operation to
this data on line 712 is not protected by the lock.
Thus, there may exist a data race for "alloc->buffer".

To fix this data race, the read operation to "alloc->buffer" 
should be also protected by the lock.

Signed-off-by: Jia-Ju Bai 
---
 drivers/android/binder_alloc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 5a426c877dfb..596acc3a84e4 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
goto err_alloc_buf_struct_failed;
}
 
+   mutex_lock(_alloc_mmap_lock);
buffer->data = alloc->buffer;
+   mutex_unlock(_alloc_mmap_lock);
list_add(>entry, >buffers);
buffer->free = 1;
binder_insert_free_buffer(alloc, buffer);
-- 
2.17.0

Re: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

Re: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

[PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

[PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler

4 matches

Site Navigation

Mail list logo

Footer information