GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-27 09:02:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

binder: protect against two threads freeing buffer

Browse source 
Adds protection against malicious user code freeing
the same buffer at the same time which could cause
a crash. Cannot happen under normal use.

Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Todd Kjos 2017-06-29 12:01:51 -07:00 committed by Greg Kroah-Hartman
parent e4cffcf4bf
commit 53d311cfa1
3 changed files with 23 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
drivers/android/binder.c
View file

@ -2024,8 +2024,8 @@ static int binder_thread_write(struct binder_proc *proc,
return -EFAULT;
ptr += sizeof(binder_uintptr_t);
buffer = binder_alloc_buffer_lookup(&proc->alloc,
data_ptr);
buffer = binder_alloc_prepare_to_free(&proc->alloc,
data_ptr);
if (buffer == NULL) {
binder_user_error("%d:%d BC_FREE_BUFFER u%016llx no match\n",
proc->pid, thread->pid, (u64)data_ptr);