linux-stable.git - Linux kernel stable tree

diff options

author	Todd Kjos <tkjos@google.com>	2021-08-30 12:51:46 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-09-14 09:02:13 +0200
commit	5fdb55c1ac9585eb23bb2541d5819224429e103d (patch)
tree	1ce65a704c88f44dabcc6e58538d0d4fa3902efc /drivers/rpmsg
parent	b564171ade70570b7f335fa8ed17adb28409e3ac (diff)
download	linux-stable-5fdb55c1ac9585eb23bb2541d5819224429e103d.tar.gz linux-stable-5fdb55c1ac9585eb23bb2541d5819224429e103d.tar.bz2 linux-stable-5fdb55c1ac9585eb23bb2541d5819224429e103d.zip

binder: make sure fd closes complete

During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling. Fixes: 80cd795630d6 ("binder: fix use-after-free due to ksys_close() during fdget()") Cc: stable <stable@vger.kernel.org> Reviewed-by: Martijn Coenen <maco@android.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20210830195146.587206-1-tkjos@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/rpmsg')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: