the euid is associated with the security context that
of the task that opened binder.
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Signed-off-by: Todd Kjos
Suggested-by: Stephen Smalley
Suggested-by: Jann Horn
Cc: sta...@vger.kernel.org # 4.4+
---
v3: added this patch
in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Fixes: 79af73079d75 ("Add security hooks to binder and implement the
hooks for SELinux.")
Suggested-by: Jann Horn
Signed-off-by: Todd Kjo
Stephen Smalley identified
two more related issues so the corresponding patches were added to
the series.
Todd Kjos (3):
binder: use cred instead of task for selinux checks
binder: use cred instead of task for getsecid
binder: use euid from cred instea
: add binder driver")
Signed-off-by: Todd Kjos
Stephen Smalley
Cc: sta...@vger.kernel.org # 4.4+
---
v3: added this patch to series
drivers/android/binder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 98
t;Add security hooks to binder and implement the
hooks for SELinux.")
Signed-off-by: Todd Kjos
Cc: sta...@vger.kernel.org # 5.14+ (need backport for earlier stables)
---
v2: updated comments as suggested by Paul Moore
drivers/android/binder.c | 14 +
drivers/android/binder_
On Fri, Oct 1, 2021 at 7:38 AM Paul Moore wrote:
>
> On Thu, Sep 30, 2021 at 10:45 PM Todd Kjos wrote:
> >
> > Save the struct cred associated with a binder process
> > at initial open to avoid potential race conditions
> > when converting to a security ID.
>
to know if that sync binder transaction happened exactly when
> there's a race - a new information for rollback decision.
>
> Fixes: 432ff1e91694 ("binder: BINDER_FREEZE ioctl")
> Test: stress test with apps being frozen and initiating binder calls at
> the same tim
On Thu, Sep 9, 2021 at 4:21 PM Li Li wrote:
>
> From: Li Li
>
> Currently cgroup freezer is used to freeze the application threads, and
> BINDER_FREEZE is used to freeze binder interface. There's already a
> mechanism for BINDER_FREEZE to wait for any existing transactions to
> drain out before
On Fri, Sep 3, 2021 at 1:06 AM Dan Carpenter wrote:
>
> On Thu, Sep 02, 2021 at 08:35:35AM -0700, Todd Kjos wrote:
> > On Tue, Aug 31, 2021 at 12:24 AM Martijn Coenen wrote:
> > >
> > > On Mon, Aug 30, 2021 at 9:51 PM 'Todd Kjos' via kernel-team
> &
On Wed, Mar 17, 2021 at 1:17 PM Jann Horn wrote:
>
> On Wed, Mar 17, 2021 at 7:00 PM Christian Brauner
> wrote:
> > On Mon, Mar 15, 2021 at 06:16:27PM -0700, Li Li wrote:
> > > To improve the user experience when switching between recently used
> > > applications, the background applications
For BINDER_TYPE_PTR and BINDER_TYPE_FDA transactions, the
num_valid local was calculated incorrectly causing the
range check in binder_validate_ptr() to miss out-of-bounds
offsets.
Fixes: bde4a19fc04f ("binder: use userspace pointer as base of buffer space")
Signed-off-by: Todd Kjos
--
On Wed, Oct 9, 2019 at 3:40 AM Christian Brauner
wrote:
>
> On Tue, Oct 08, 2019 at 02:05:16PM -0400, Joel Fernandes wrote:
> > On Tue, Oct 08, 2019 at 03:01:59PM +0200, Christian Brauner wrote:
[...]
> >
> > One more thought, this can be made dependent on CONFIG_BINDERFS since
> > regular
> >
+Hridya Valsaraju
On Mon, Oct 7, 2019 at 1:50 PM Jann Horn wrote:
>
> Hi!
>
> There is a use-after-free read in print_binder_transaction_log_entry()
> on ANDROID_BINDERFS kernels because
> print_binder_transaction_log_entry() prints the char* e->context_name
> as string, and if the transaction
+Hridya Valsaraju
Fix posted:
https://lkml.kernel.org/lkml/20190715191804.112933-1-hri...@google.com/
On Wed, Jun 12, 2019 at 1:14 PM Todd Kjos wrote:
>
> On Wed, Jun 12, 2019 at 12:23 PM Eric Biggers wrote:
> >
> > On Mon, May 20, 2019 at 07:18:06AM -0700, syzbot
Suggested-by: Dan Carpenter
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 153 -
drivers/android/binder_alloc.c | 44 +-
drivers/android/binder_alloc.h | 22 ++---
3 files changed, 126 insertions(+), 93 deletions(-)
diff --git a/drivers/androi
...@syzkaller.appspotmail.com
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index bc26b5511f0a9..8bf039fdeb918 100644
--- a/drivers/android/binder.c
+++ b/drivers
On Thu, Jun 13, 2019 at 2:56 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d1fdb6d8 Linux 5.2-rc4
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15e5ce1ea0
> kernel config:
.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 748ac489ef7eb..bc26b5511f0a9 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
in a "normal" binder environment).
On Sat, May 18, 2019 at 12:25 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 8:34 PM Todd Kjos wrote:
> > > On Fri, May 17, 2019 at 5:51 PM Dmitry Vyukov wrote:
> > > > > > >
> > > > > > > Fr
On Fri, May 17, 2019 at 8:55 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 5:51 PM Dmitry Vyukov wrote:
> > > > >
> > > > > From: Dmitry Vyukov
> > > > > Date: Fri, May 17, 2019 at 3:26 AM
> > > > > To: Greg Kroah-
On Fri, May 17, 2019 at 8:33 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 5:26 PM Todd Kjos wrote:
> >
> > Yes (and syzbot seemed to confirm the fix). I didn't realize I needed
> > to manually close the issue. I guess you closed it yesterday.
>
> This is
From: Dmitry Vyukov
Date: Fri, May 17, 2019 at 3:26 AM
To: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos, Martijn Coenen,
Joel Fernandes, Christian Brauner, open list:ANDROID DRIVERS, LKML
Cc: syzkaller
> Hi,
>
> I have 2 questions re drivers/android/binder.c stress testing.
>
> 1
Fernandes, LKML, Martijn Coenen, syzkaller-bugs,
Todd Kjos , Todd Kjos
> On Fri, Mar 29, 2019 at 10:55 AM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot has tested the proposed patch and the reproducer did not trigger
> > crash:
> >
> > Repo
When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.
Signed-off-by: Todd Kjos
-misc.git
> char-misc-linus
> kernel config: https://syzkaller.appspot.com/x/.config?x=8dcdce25ea72bedf
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
>
From d49c95c944c15732ef57f1c876e24838b2ddf34b Mon Sep 17 00:00:00 2001
From: Todd Kjos
Date: Tue, 19 Mar 2019 09:53:01 -0700
om.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
From d49c95c944c15732ef57f1c876e24838b2ddf34b Mon Sep 17 00
I can send you a patch tomorrow (I won't be able to test it though).
On Wed, Mar 20, 2019 at 4:23 PM Paul Moore wrote:
>
> On Wed, Mar 20, 2019 at 3:50 PM Todd Kjos wrote:
> >
> > Paul,
> >
> > Looking at main() in test_binder.c...
> >
re
Signed-off-by: Todd Kjos
---
Please add to 5.1 (fixes problem introduced in 5.1-rc1)
drivers/android/binder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8685882da64cd..4b9c7ca492e6d 100644
--- a/drivers/androi
On Wed, Mar 20, 2019 at 3:25 PM Paul Moore wrote:
>
> On Wed, Mar 20, 2019 at 11:54 AM Todd Kjos wrote:
> > So, then it sounds like the test is not running properly ...
>
> Yes, the test is almost surely broken to some extent, although the
> kernel hitting the BUG_ON()
ils in an unexpected way.
-Todd
On Wed, Mar 20, 2019 at 8:54 AM Todd Kjos wrote:
>
> On Tue, Mar 19, 2019 at 8:04 PM Paul Moore wrote:
> >
> > On Tue, Mar 19, 2019 at 9:08 PM Todd Kjos wrote:
> > > Paul,
> > >
> > > Looking at a snippet of the test output:
&
On Tue, Mar 19, 2019 at 8:04 PM Paul Moore wrote:
>
> On Tue, Mar 19, 2019 at 9:08 PM Todd Kjos wrote:
> > Paul,
> >
> > Looking at a snippet of the test output:
> >
> > Service Provider read_consumed: 8
> > Service Provider command
);
On Mon, Mar 18, 2019 at 4:02 PM Paul Moore wrote:
>
> On Mon, Mar 18, 2019 at 6:51 PM Todd Kjos wrote:
> > On Mon, Mar 18, 2019 at 2:31 PM Paul Moore wrote:
> > > Hello all.
> > >
> > > When running the selinux-testsuite (link be
acquired. This can result in
calling zap_page_range() with an invalid vma which manifests as a
use-after-free in zap_page_range().
The fix is to check alloc->vma after acquiring the mmap_sem (which we
were acquiring anyway) and skip zap_page_range() if it has changed
to NULL.
Signed-off-b
Fixes crash found by syzbot:
kernel BUG at drivers/android/binder_alloc.c:LINE! (2)
Reported-by: syzbot+55de1eb4975dec156...@syzkaller.appspotmail.com
Signed-off-by: Todd Kjos
---
Applies to linux-next
drivers/android/binder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On Thu, Feb 14, 2019 at 3:35 AM syzbot
wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit:b3418f8bddf4 Add linux-next specific files for 20190214
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=161d2048c0
> kernel
e: warning: incorrect type in assignment (different address spaces)
sparse:expected void *page_addr
sparse:got void [noderef] *user_data
sparse: error: subtraction of different types can't work
Fixed by adding necessary "__user" tags.
Reported-by: kbuild test robot
Sign
binder_validate_ptr()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
v3: fix build-break when CONFIG_ANDROID_BINDER_IPC_SELFTEST enabled
drivers/android/binder.c| 118 ++--
drivers/and
systems, there is a risk of running out of
vmalloc space.
This patch set removes the persistent mapping of the
binder buffers into kernel space. Instead, the binder
driver creates temporary mappings with kmap() or
kmap_atomic() to copy to or from the buffer only when
necessary.
Todd Kjos (7
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 39 ++
drivers/android/binder_alloc.c | 16 ++
drivers/android
() for multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 29 +++--
drivers
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/android
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers
On Fri, Feb 8, 2019 at 3:26 AM Greg KH wrote:
>
> On Wed, Jan 30, 2019 at 02:46:48PM -0800, Todd Kjos wrote:
> > Binder buffers have always been mapped into kernel space
> > via map_kernel_range_noflush() to allow the binder driver
> > to modify the buffer bef
()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8063b405e4fa
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/android
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
v2: removed casts as suggested by Dan Carpenter
drivers/android/binder.c | 39 ++
drivers/android/binder_alloc.c | 16 ++
drivers/android
systems, there is a risk of running out of
vmalloc space.
This patch set removes the persistent mapping of the
binder buffers into kernel space. Instead, the binder
driver creates temporary mappings with kmap() or
kmap_atomic() to copy to or from the buffer only when
necessary.
Todd Kjos (7
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
v2: removed casts as suggested by Dan Carpenter
drivers/android/binder.c | 118 +++--
drivers/android/binder_alloc.c | 87
drivers/android/b
() for multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 29 +++--
drivers
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers
On Tue, Jan 29, 2019 at 12:12 AM Dan Carpenter wrote:
>
> On Mon, Jan 28, 2019 at 04:49:28PM -0800, Todd Kjos wrote:
> > +/**
> > + * binder_alloc_copy_user_to_buffer() - copy src user to tgt user
> > + * @alloc: binder_alloc for this proc
> > + * @buffer
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/android
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 38 +++---
drivers/android/binder_alloc.c | 16 ++
drivers/android/binder_alloc.h | 23
3 files
()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 1563b9b60a0a3
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
drivers/android/Kconfig| 2
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 74d0c1ff874e2..1563b9b60a0a3
systems, there is a risk of running out of
vmalloc space.
This patch set removes the persistent mapping of the
binder buffers into kernel space. Instead, the binder
driver creates temporary mappings with kmap() or
kmap_atomic() to copy to or from the buffer only when
necessary.
Todd Kjos (7
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 120 +++--
drivers/android/binder_alloc.c | 89
drivers/android/binder_alloc.h | 6 +-
drivers/android/binder_trace.
() for multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 29 +++--
drivers/android/binder_alloc.c | 114
> R13: 55b629ebed70 R14: 0004 R15: 55b629ebec60
>
> So check for the empty string since strsep() will otherwise return the
> emtpy string which will cause kobject_add_internal() to panic when trying
> to add a kobject with an emtpy name.
>
> Fix
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos
inder devices are removed (on accident or on purpose)
> they can always be recreated without risking that all minor numbers have
> already been used up.
>
> Cc: Todd Kjos
> Cc: Greg Kroah-Hartman
> Signed-off-by: Christian Brauner
> ---
> v1:
> - patch introduced
> v0:
&g
. The fput() is deferred instead of using ksys_close().
Fixes: 44d8047f1d87a ("binder: use standard functions to allocate fds")
Suggested-by: Al Viro
Signed-off-by: Todd Kjos
---
v2:
- simplified code
v3:
- implemented Al Viro's suggestion to pass struct file instead of fd
- added
a ("binder: use standard functions to allocate fds")
Suggested-by: Al Viro
Signed-off-by: Todd Kjos
---
v2:
- simplified code
If possible, please add to 4.20-final
drivers/android/binder.c | 60 ++--
1 file changed, 58 insertions(+), 2 deletions(-)
a ("binder: use standard functions to allocate fds")
Suggested-by: Al Viro
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 91 +++-
1 file changed, 81 insertions(+), 10 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/an
On Thu, Dec 6, 2018 at 11:08 PM Greg Kroah-Hartman
wrote:
...
> But I thought I applied this back on November 26:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-testing=324fa64cf4189094bc4df744a9e7214a1b81d845
>
> You should have gotten an
On Thu, Dec 6, 2018 at 6:51 AM Greg KH wrote:
>
> On Wed, Dec 05, 2018 at 03:19:24PM -0800, Todd Kjos wrote:
> > Add __acquire()/__release() annnotations to fix warnings
> > in sparse context checking
> >
> > There is one case where the warning was due to a
Fix the incomplete kerneldoc header for struct binder_buffer.
Signed-off-by: Todd Kjos
---
v2: no code change. Removed needless "Change-Id:"
There is no dependancy on patch 1/3
drivers/android/binder_alloc.h | 20 ++--
1 file changed, 10 insertions(+), 10 deletion
Add __acquire()/__release() annnotations to fix warnings
in sparse context checking
There is one case where the warning was due to a lack of
a "default:" case in a switch statement where a lock was
being released in each of the cases, so the default
case was added.
Signed-off-by:
When dumping out binder transactions via a debug node,
the output is too verbose if a process has many nodes.
Change the output for transaction dumps to only display
nodes with pending async transactions.
Signed-off-by: Todd Kjos
---
v2: no change, just resubmitted as #3 of 3 patches instead
te fds")
Suggested-by: Jann Horn
Signed-off-by: Todd Kjos
Acked-by: Martijn Coenen
---
v2: added "Fixes:" tag
Should be added to 4.20-final if possible
drivers/android/binder.c | 8
1 file changed, 8 insertions(+)
diff --git a/drivers/android/binder.c b/drivers/and
of
task A's /dev/binder to 0 and frees it
11.task A continues processing of the ioctl and accesses some
property of e.g. the binder_proc => KASAN-detectable UAF
Fixed by using get_file() / fput() in binder_ioctl().
Suggested-by: Jann Horn
Signed-off-by: Todd Kjos
Acked-by: M
Fix the incomplete kerneldoc header for struct binder_buffer.
Change-Id: If3ca10cf6d90f605a0c078e4cdce28f02a475877
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.h | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/android
When dumping out binder transactions via a debug node,
the output is too verbose if a process has many nodes.
Change the output for transaction dumps to only display
nodes with pending async transactions.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 3 +++
1 file changed, 3
Add __acquire()/__release() annnotations to fix warnings
in sparse context checking
There is one case where the warning was due to a lack of
a "default:" case in a switch statement where a lock was
being released in each of the cases, so the default
case was added.
Signed-off-by:
On Fri, Nov 30, 2018 at 5:26 PM Yangtao Li wrote:
>
> We already have the DEFINE_SHOW_ATTRIBUTE.There is no need to define
> such a macro,so remove BINDER_DEBUG_ENTRY.
>
> Signed-off-by: Yangtao Li
Acked-by: Todd Kjos
> ---
> drivers/
On Thu, Nov 15, 2018 at 2:54 PM gre...@linuxfoundation.org
wrote:
...
>
> A number of us have talked about this in the plumbers Android track, and
> a different proposal for how to solve this has been made that should be
> much more resiliant. So I will drop this patch from my queue and wait
>
On Tue, Nov 13, 2018 at 12:12 AM chouryzhou(周威) wrote:
>
> > I have not received an answer to my questions in the last version of this
> > patch
> > set. Also it would be good if I could be Cc'ed by default. I can't hunt
> > down all
> > patches.
> > I do not know of any kernel entity,
+christ...@brauner.io +Martijn Coenen
Christian,
Does this patch work for your container use-cases? If not, please
comment on this thread. Let's discuss at LPC this week.
-Todd
On Mon, Nov 12, 2018 at 1:38 AM chouryzhou(周威) wrote:
>
> Currently android's binder is not isolated by ipc
On Fri, Nov 9, 2018 at 9:43 PM chouryzhou(周威) wrote:
>
> > >
> > > If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it
> > > will be a static
> > > reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by
> > > me) with
> > > no namespace-ization. You will get
On Fri, Nov 9, 2018 at 8:43 PM chouryzhou(周威) wrote:
>
> If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it will
> be a static
> reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by me)
> with
> no namespace-ization. You will get the same one in all
On Fri, Nov 9, 2018 at 7:09 PM chouryzhou(周威) wrote:
>
> >
> > I still don't understand the dependencies on SYSVIPC or POSIX_MQUEUE.
> > It seems like this mechanism would work even if both are disabled --
> > as long as IPC_NS is enabled. Seems cleaner to change init/Kconfig and
> > allow IPC_NS
On Fri, Nov 9, 2018 at 10:27 AM Davidlohr Bueso wrote:
>
> On Thu, 08 Nov 2018, chouryzhou(??) wrote:
>
> >+#ifdef CONFIG_ANDROID_BINDER_IPC
> >+ /* next fields are for binder */
> >+ struct mutex binder_procs_lock;
> >+ struct hlist_head binder_procs;
> >+ struct
On Thu, Nov 8, 2018 at 5:02 AM chouryzhou(周威) wrote:
>
> We are working for running android in container, but we found that binder is
> not isolated by ipc namespace. Since binder is a form of IPC and therefore
> should
> be tied to ipc namespace. With this patch, we can run more than one
On Fri, Nov 9, 2018 at 4:32 AM Greg KH wrote:
>
> On Tue, Nov 06, 2018 at 03:55:32PM -0800, Todd Kjos wrote:
> > Malicious code can attempt to free buffers using the
> > BC_FREE_BUFFER ioctl to binder. There are protections
> > against a user freeing a buffer while
Add __acquire()/__release() annnotations to fix warnings
in sparse context checking
There is one case where the warning was due to a lack of
a "default:" case in a switch statement where a lock was
being released in each of the cases, so the default
case was added.
Signed-off-by:
was that when the struct
buffer was recycled, allow_user_free was stale
and set to 1 allowing a free to go through.
Signed-off-by: Todd Kjos
Acked-by: Arve Hjønnevåg
---
drivers/android/binder.c | 21 -
drivers/android/binder_alloc.c | 16 ++--
drivers/android
+christ...@brauner.io
On Sun, Oct 28, 2018 at 7:29 PM chouryzhou(周威) wrote:
...
>
> > It's not obvious from this patch where this dependency comes
> > from...why is SYSVIPC required? I'd like to not have to require IPC_NS
> > either for devices.
>
> Yes, the patch is not highly dependent on
On Fri, Oct 26, 2018 at 2:20 AM chouryzhou(周威) wrote:
>
> Hi
> We are working for running android in container, but we found that binder is
> not isolated by ipc namespace. Since binder is a form of IPC and therefore
> should
> be tied to ipc namespace. With this patch, we can run more than
On Fri, Sep 7, 2018 at 6:38 AM Martijn Coenen wrote:
>
> This allows the context manager to retrieve information about nodes
> that it holds a reference to, such as the current number of
> references to those nodes.
>
> Such information can for example be used to determine whether the
>
On Wed, Aug 29, 2018 at 12:00 AM Christoph Hellwig wrote:
>
> > config ANDROID_BINDER_IPC
> > bool "Android Binder IPC Driver"
> > - depends on MMU
> > + depends on MMU && !CPU_CACHE_VIVT
>
> Thats is a purely arm specific symbol which should not be
> used in common code.
allocate new
fds in the target (probably due to out of file descriptors),
the transaction is discarded with a log message. In the old
implementation this would have been detected in the sender
context and failed prior to sending.
Signed-off-by: Todd Kjos
---
v2: use "%zu" printk format
Sorry, forgot to bump the version. Ignore this one.
On Tue, Aug 28, 2018 at 1:43 PM Todd Kjos wrote:
>
> Binder uses internal fs interfaces to allocate and install fds:
>
> __alloc_fd
> __fd_install
> __close_fd
> get_files_struct
> put_files_struct
>
> These we
allocate new
fds in the target (probably due to out of file descriptors),
the transaction is discarded with a log message. In the old
implementation this would have been detected in the sender
context and failed prior to sending.
Signed-off-by: Todd Kjos
---
v2: use "%zu" printk format
allocate new
fds in the target (probably due to out of file descriptors),
the transaction is discarded with a log message. In the old
implementation this would have been detected in the sender
context and failed prior to sending.
Signed-off-by: Todd Kjos
---
v2: use "%zu" printk format
1 - 100 of 164 matches
Mail list logo