shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 20:10:23 +09:00
Code Issues Packages Projects Releases Wiki Activity

Revert "binder: fix UAF of alloc->vma in race with munmap()"

Browse Source 
This reverts commit 1bb8a65190.

It breaks the Android kernel abi, but will be brought in through a
different branch to ensure it ends up in the tree properly.

Bug: 161946584
Change-Id: I68007ae6d5eb0aaebd76817b9f53110eed86b597
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2023-06-15 12:08:56 +00:00
parent e772cc3c8f
commit 4bbb48a4fe
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/android/binder_alloc.c
View File

@@ -213,7 +213,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate,
mm = alloc->vma_vm_mm;
if (mm) {
mmap_write_lock(mm);
mmap_read_lock(mm);
vma = alloc->vma;
}
@@ -271,7 +271,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate,
trace_binder_alloc_page_end(alloc, index);
}
if (mm) {
mmap_write_unlock(mm);
mmap_read_unlock(mm);
mmput(mm);
}
return 0;
@@ -304,7 +304,7 @@ err_page_ptr_cleared:
}
err_no_vma:
if (mm) {
mmap_write_unlock(mm);
mmap_read_unlock(mm);
mmput(mm);
}
return vma ? -ENOMEM : -ESRCH;