www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Carlos Llamas <cmllamas@google.com>
	Tue, 10 Dec 2024 14:31:01 +0000 (14:31 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 24 Dec 2024 08:35:23 +0000 (09:35 +0100)
commit	072010abc3ad98bc20198dbe60ef13233a0a357c
tree	767cacda44b98f3044b3eaf850aeb18ed64a6108	tree
parent	f909f0308267dc49fbf122f60e1ec7ddcd1b92c7	commit \| diff

binder: replace alloc->vma with alloc->mapped

It is unsafe to use alloc->vma outside of the mmap_sem. Instead, add a
new boolean alloc->mapped to save the vma state (mapped or unmmaped) and
use this as a replacement for alloc->vma to validate several paths.

Using the alloc->vma caused several performance and security issues in
the past. Now that it has been replaced with either vm_lookup() or the
alloc->mapped state, we can finally remove it.

Cc: Minchan Kim <minchan@kernel.org>
Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20241210143114.661252-6-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/android/binder_alloc.c		diff \| blob \| history
drivers/android/binder_alloc.h		diff \| blob \| history
drivers/android/binder_alloc_selftest.c		diff \| blob \| history