inder devices are removed (on accident or on purpose)
> they can always be recreated without risking that all minor numbers have
> already been used up.
>
> Cc: Todd Kjos
> Cc: Greg Kroah-Hartman
> Signed-off-by: Christian Brauner
> ---
> v1:
> - patch introduced
> v0:
&g
On Thu, Jan 3, 2019 at 12:34 PM Christian Brauner wrote:
>
> On Thu, Jan 03, 2019 at 12:25:24PM -0800, Todd Kjos wrote:
> > On Sun, Dec 23, 2018 at 6:36 AM Christian Brauner
> > wrote:
> > >
> > > The binderfs instance in the initial ipc namespace will alw
On Thu, Jan 3, 2019 at 2:08 PM Christian Brauner wrote:
>
> On Thu, Jan 03, 2019 at 01:47:13PM -0800, Todd Kjos wrote:
> > On Thu, Jan 3, 2019 at 12:34 PM Christian Brauner
> > wrote:
> > >
> > > On Thu, Jan 03, 2019 at 12:25:24PM -0800, Todd Kjos wrote:
>
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos
On Fri, Nov 30, 2018 at 5:26 PM Yangtao Li wrote:
>
> We already have the DEFINE_SHOW_ATTRIBUTE.There is no need to define
> such a macro,so remove BINDER_DEBUG_ENTRY.
>
> Signed-off-by: Yangtao Li
Acked-by: Todd Kjos
> ---
> drivers/
Fix the incomplete kerneldoc header for struct binder_buffer.
Change-Id: If3ca10cf6d90f605a0c078e4cdce28f02a475877
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.h | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/android
Add __acquire()/__release() annnotations to fix warnings
in sparse context checking
There is one case where the warning was due to a lack of
a "default:" case in a switch statement where a lock was
being released in each of the cases, so the default
case was added.
Signed-off-by:
When dumping out binder transactions via a debug node,
the output is too verbose if a process has many nodes.
Change the output for transaction dumps to only display
nodes with pending async transactions.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 3 +++
1 file changed, 3
of
task A's /dev/binder to 0 and frees it
11.task A continues processing of the ioctl and accesses some
property of e.g. the binder_proc => KASAN-detectable UAF
Fixed by using get_file() / fput() in binder_ioctl().
Suggested-by: Jann Horn
Signed-off-by: Todd Kjos
Acked-by: M
On Fri, Dec 21, 2018 at 8:33 AM Greg KH wrote:
>
> On Fri, Dec 21, 2018 at 04:59:19PM +0100, Christian Brauner wrote:
> > On Fri, Dec 21, 2018 at 04:37:58PM +0100, Greg KH wrote:
> > > On Fri, Dec 21, 2018 at 03:12:42PM +0100, Christian Brauner wrote:
> > > > On Fri, Dec 21, 2018 at 02:55:09PM
On Thu, Dec 6, 2018 at 11:08 PM Greg Kroah-Hartman
wrote:
...
> But I thought I applied this back on November 26:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-testing=324fa64cf4189094bc4df744a9e7214a1b81d845
>
> You should have gotten an
On Thu, Nov 15, 2018 at 2:54 PM gre...@linuxfoundation.org
wrote:
...
>
> A number of us have talked about this in the plumbers Android track, and
> a different proposal for how to solve this has been made that should be
> much more resiliant. So I will drop this patch from my queue and wait
>
On Fri, Nov 9, 2018 at 4:32 AM Greg KH wrote:
>
> On Tue, Nov 06, 2018 at 03:55:32PM -0800, Todd Kjos wrote:
> > Malicious code can attempt to free buffers using the
> > BC_FREE_BUFFER ioctl to binder. There are protections
> > against a user freeing a buffer while
On Thu, Nov 8, 2018 at 5:02 AM chouryzhou(周威) wrote:
>
> We are working for running android in container, but we found that binder is
> not isolated by ipc namespace. Since binder is a form of IPC and therefore
> should
> be tied to ipc namespace. With this patch, we can run more than one
On Fri, Nov 9, 2018 at 10:27 AM Davidlohr Bueso wrote:
>
> On Thu, 08 Nov 2018, chouryzhou(??) wrote:
>
> >+#ifdef CONFIG_ANDROID_BINDER_IPC
> >+ /* next fields are for binder */
> >+ struct mutex binder_procs_lock;
> >+ struct hlist_head binder_procs;
> >+ struct
On Fri, Nov 9, 2018 at 8:43 PM chouryzhou(周威) wrote:
>
> If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it will
> be a static
> reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by me)
> with
> no namespace-ization. You will get the same one in all
On Fri, Nov 9, 2018 at 7:09 PM chouryzhou(周威) wrote:
>
> >
> > I still don't understand the dependencies on SYSVIPC or POSIX_MQUEUE.
> > It seems like this mechanism would work even if both are disabled --
> > as long as IPC_NS is enabled. Seems cleaner to change init/Kconfig and
> > allow IPC_NS
On Fri, Nov 9, 2018 at 9:43 PM chouryzhou(周威) wrote:
>
> > >
> > > If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it
> > > will be a static
> > > reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by
> > > me) with
> > > no namespace-ization. You will get
was that when the struct
buffer was recycled, allow_user_free was stale
and set to 1 allowing a free to go through.
Signed-off-by: Todd Kjos
Acked-by: Arve Hjønnevåg
---
drivers/android/binder.c | 21 -
drivers/android/binder_alloc.c | 16 ++--
drivers/android
Add __acquire()/__release() annnotations to fix warnings
in sparse context checking
There is one case where the warning was due to a lack of
a "default:" case in a switch statement where a lock was
being released in each of the cases, so the default
case was added.
Signed-off-by:
ndation.org
> Signed-off-by: Joel Fernandes (Google)
> ---
> MAINTAINERS | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 544cac829cf4..d639c4d04438 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -894,6 +894,7 @@ M: Gr
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 194 +++
1 file changed, 146 insertions(+), 48 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 16288e7..c36e420 100644
--- a/drivers/android/binder.c
+++ b/drivers
This was introduced in the 2015 Nexus devices and should have been
submitted to the kernel then since we keep forward porting it to each
new device.
On Thu, Sep 8, 2016 at 9:12 AM, Todd Kjos wrote:
> In Android systems, the display pipeline relies on low
> latency binder transa
From: Todd Kjos
In Android systems, the display pipeline relies on low
latency binder transactions and is therefore sensitive to
delays caused by contention for the global binder lock.
Jank is significantly reduced by disabling preemption
while the global binder lock is held.
This patch
On Fri, Sep 9, 2016 at 8:44 AM, Greg KH wrote:
> On Fri, Sep 09, 2016 at 08:17:44AM -0700, Todd Kjos wrote:
>> From: Todd Kjos
>>
>> In Android systems, the display pipeline relies on low
>> latency binder transactions and is therefore sensitive to
>> delays ca
Thanks Peter. We'll give that patch a try as part of our refactoring.
Looking at finer-grained locking and we'll try going back to rt_mutex
plus this patch.
On Wed, Sep 14, 2016 at 9:55 AM, Peter Zijlstra wrote:
> On Wed, Sep 14, 2016 at 06:13:40PM +0200, Peter Zijlstra wrote:
>> On Wed, Sep 14,
2016 at 09:16:59AM -0700, Christoph Hellwig wrote:
>> > > On Thu, Sep 08, 2016 at 09:12:50AM -0700, Todd Kjos wrote:
>> > > > In Android systems, the display pipeline relies on low
>> > > > latency binder transactions and is therefore sensitive to
>> >
On Thu, Apr 1, 2021 at 1:29 AM Hang Lu wrote:
>
> When async binder buffer got exhausted, some normal oneway transaction
> will also be discarded and finally caused system/app stop.
"...be discarded and may cause system or application failures" ?
> By that time,
> the binder debug information
the caller until any pending binder transactions toward
> the target process are flushed. Return an error to transactions to
> processes marked as frozen.
>
> Signed-off-by: Marco Ballesio
> Co-developed-by: Todd Kjos
> Signed-off-by: Todd Kjos
> Signed-off-by:
ided to code using
> this API.
>
> Replace this instance of -ERESTARTSYS with -EINTR, which is propagated
> to user space.
>
> Test: built, booted, interrupted a worker thread within
> binder_wait_for_work
> Signed-off-by: Marco Ballesio
> Signed-off-by: Li Li
Acked-by: Todd
d-off-by: Marco Ballesio
> Signed-off-by: Li Li
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c| 55 +
> drivers/android/binder_internal.h | 6
> include/uapi/linux/android/binder.h | 7
> 3 files changed, 68 insertions(+)
the caller until any pending binder transactions toward
> the target process are flushed. Return an error to transactions to
> processes marked as frozen.
>
> Signed-off-by: Marco Ballesio
> Co-developed-by: Todd Kjos
> Signed-off-by: Todd Kjos
> Signed-off-by: Li Li
For the ser
On Wed, Mar 17, 2021 at 1:17 PM Jann Horn wrote:
>
> On Wed, Mar 17, 2021 at 7:00 PM Christian Brauner
> wrote:
> > On Mon, Mar 15, 2021 at 06:16:27PM -0700, Li Li wrote:
> > > To improve the user experience when switching between recently used
> > > applications, the background applications
On Tue, Apr 6, 2021 at 9:15 PM Hang Lu wrote:
>
> When async binder buffer got exhausted, some normal oneway transactions
> will also be discarded and may cause system or application failures. By
> that time, the binder debug information we dump may not be relevant to
> the root cause. And this
On Wed, Apr 14, 2021 at 11:11 AM Lee Jones wrote:
>
> Fixes the following W=1 kernel build warning(s):
>
> drivers/staging/android/ashmem.c:189: warning: Function parameter or member
> 'new_range' not described in 'range_alloc'
>
> Cc: Greg Kroah-Hartman
> Cc: "Arv
+Li Li
On Fri, Apr 9, 2021 at 2:42 AM Hang Lu wrote:
>
> Add BR_FROZEN_REPLY in binder_return_strings to support stat function.
>
> Fixes: ae28c1be1e54 ("binder: BINDER_GET_FROZEN_INFO ioctl")
> Signed-off-by: Hang Lu
Acked-by: Todd Kjos
> ---
> driver
xceeding the threshold (target process
> dips below 80% of its oneway space, and current process is responsible for
> either more than 50 transactions, or more than 50% of the oneway space).
> And the detection will restart when the async buffer has returned to a
> healthy state.
>
&
301 - 338 of 338 matches
Mail list logo