eturn to userspace or the file object may never be
> dereferenced -- which can lead to hung processes.
>
> Force the binder thread back to userspace if an fd is closed during
> BC_FREE_BUFFER handling.
>
> Signed-off-by: Todd Kjos
Reviewed-by: Martijn Coen
Thanks!
On Tue, Sep 29, 2020 at 3:30 AM Liu Shixin wrote:
>
> Simplify the return expression.
>
> Signed-off-by: Liu Shixin
Acked-by: Martijn Coenen
> ---
> v3: Add the change description.
> v2: Get rid of the "ret" and "failure string" variab
Thanks!
On Mon, Oct 26, 2020 at 11:52 AM Zhang Qilong wrote:
>
> Depending on the context, the error return value
> here (extra_buffers_size < added_size) should be
> negative.
>
> Signed-off-by: Zhang Qilong
Acked-by: Martijn Coenen
> ---
> drivers/android/binder
: ec74136ded79 ("binder: create node flag to request sender's
security context")
Signed-off-by: Martijn Coenen
Cc: sta...@vger.kernel.org # 5.1+
---
drivers/android/binder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android
On Mon, Sep 18, 2017 at 9:49 PM, Arnd Bergmann wrote:
> The current Kconfig comment says that v7 of the ABI is also
> incompatible with Android 4.5 and later user space. Can someone
> confirm that?
That is not actually true - v7 does work with all versions of Android
(up to and including Oreo). I
On Wed, Sep 20, 2017 at 11:58 AM, Arnd Bergmann wrote:
> - On stable mainline kernels (unlike android-common), the v8
> interface has never been available as a build option, and making
> it user-selectable will required additional patches to make it
> actually build on 32-bit ARM. This is fi
On Wed, Sep 20, 2017 at 3:37 PM, Arnd Bergmann wrote:
> I'm not really worried about shipping Android products, for those
> there is no big problem using the compile-time option as they build
> everything together.
Ack.
> The case that gets interesting is a any kind of user that wants to
> run a
On Fri, Sep 22, 2017 at 11:12 AM, Arnd Bergmann wrote:
> How would waiting help?
Once P drops support for v7, all P userspaces (including containerized
ones) need to be v8. After a while, the number of non-Android
userspaces < P with v7 would become practically zero. But it's really
hard to draw
On Fri, Sep 1, 2017 at 9:24 AM, Greg KH wrote:
>
> I've now applied patches 1, 2, 7, 9, 11, and 12 from this series to my
> tree, so feel free to rebase on it for the next round of these patches.
Thanks Greg. You should also be able to apply patch 10 from this
series ("ANDROID: binder: call poll_
Because we're not guaranteed that subsequent calls
to poll() will have a poll_table_struct parameter
with _qproc set. When _qproc is not set, poll_wait()
is a noop, and we won't be woken up correctly.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 11 +--
1 file
On Mon, Oct 9, 2017 at 2:37 PM, Greg KH wrote:
> Does this need to get into 4.14-final, or is 4.15-rc1 ok? I'm a bit
> lost as to which patches I applied to what tree...
This fixes a race that is somewhat hard to hit, I've only ever seen it
with test code that creates the right conditions. But w
ers and are
merged in Android's common kernel trees.
Martijn Coenen (6):
ANDROID: binder: add support for RT prio inheritance.
ANDROID: binder: add min sched_policy to node.
ANDROID: binder: improve priority inheritance.
ANDROID: binder: add RT inheritance flag to node.
ANDROID: binder:
tting T1 change the priority
of T2 *before* waking it up.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 217 ---
1 file changed, 188 insertions(+), 29 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
ind
By raising the priority of a thread selected for
a transaction *before* we wake it up.
Delay restoring the priority when doing a reply
until after we wake-up the process receiving
the reply.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 74
]
for the SCHED_NORMAL/SCHED_BATCH policies.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 28 +
include/uapi/linux/android/binder.h | 41 -
2 files changed, 60 insertions(+), 9 deletions(-)
diff --git a/drivers
Allows a binder node to specify whether it wants to
inherit real-time scheduling policy from a caller. This
inheritance may not always be desirable, for example in
cases where the binder call runs untrusted and therefore
potentially unbounded code.
Signed-off-by: Martijn Coenen
---
drivers
apply CAP_SYS_NICE or RLIMIT_RT_PRIO,
for now it seems reasonable to not check permissions
on the restore path.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 30 ++
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/drivers/android/binder.c b/dr
This allows to easily trace and visualize priority inheritance
in the binder driver.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 4
drivers/android/binder_trace.h | 24
2 files changed, 28 insertions(+)
diff --git a/drivers/android/binder.c
If a call to put_user() fails, we failed to
properly free a transaction and send a failed
reply (if necessary).
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 40 +++-
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/drivers
Show the high watermark of the index into the alloc->pages
array, to facilitate sizing the buffer on a per-process
basis.
Signed-off-by: Martijn Coenen
---
drivers/android/binder_alloc.c | 4
drivers/android/binder_alloc.h | 2 ++
2 files changed, 6 insertions(+)
diff --git a/driv
On Mon, Nov 13, 2017 at 10:49 AM, Greg KH wrote:
> Is this relevant for 4.14 and any older kernels as well?
The problem was introduced with fine-grained locking, which is 4.14 and up only.
Thanks,
Martijn
___
devel mailing list
de...@linuxdriverproject
On Mon, Nov 13, 2017 at 10:49 AM, Greg KH wrote:
> Who can use this? A userspace tool? Or something else?
The output is part of Android bugreports, it's not parsed
automatically but the information is very useful even to manually look
at. Since Treble, we have more processes using binder, and s
40411
BM_sendVec_binderize/1024 43119 ns 17357 ns 40432
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 151 +--
1 file changed, 107 insertions(+), 44 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder
Thanks Peter for looking at this, more inline.
On Wed, Nov 15, 2017 at 2:01 PM, Peter Zijlstra wrote:
>> + * 1) binder supports a "minimum node priority", meaning that all
>> transactions
>> + *into a node must run at this priority at a minimum. This means that
>> the
>> + *desired prio
On Wed, Nov 15, 2017 at 2:03 PM, Peter Zijlstra wrote:
> On Thu, Oct 26, 2017 at 04:07:47PM +0200, Martijn Coenen wrote:
>> By raising the priority of a thread selected for
>> a transaction *before* we wake it up.
>>
>> Delay restoring the priority when doing a reply
&g
On Wed, Nov 15, 2017 at 2:02 PM, Peter Zijlstra wrote:
>> Internally, we use the priority map that the kernel
>> uses, e.g. [0..99] for real-time policies and [100..139]
>> for the SCHED_NORMAL/SCHED_BATCH policies.
>
> I will break that without consideration if I have to. That really isn't
> some
On Wed, Nov 15, 2017 at 2:05 PM, Peter Zijlstra wrote:
> On Thu, Oct 26, 2017 at 04:07:48PM +0200, Martijn Coenen wrote:
>> Allows a binder node to specify whether it wants to
>> inherit real-time scheduling policy from a caller. This
>> inheritance may not always be desi
On Thu, Nov 16, 2017 at 12:27 PM, Peter Zijlstra wrote:
>> On Wed, Nov 15, 2017 at 2:01 PM, Peter Zijlstra wrote:
>> >> + * 1) binder supports a "minimum node priority", meaning that all
>> >> transactions
>> >> + *into a node must run at this priority at a minimum. This means
>> >> that th
On Thu, Nov 16, 2017 at 4:10 PM, Peter Zijlstra wrote:
> Well, I go by the one described in all the real-time computing texts;
> also found on Wikipedia FWIW:
>
> https://en.wikipedia.org/wiki/Priority_inheritance
Guess I was taking inheritance too literally :-)
>
>> This behavior is also rela
Signed-off-by: Martijn Coenen
---
MAINTAINERS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index aa71ab52fd76..da8264fc09d4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -859,7 +859,8 @@ F: kernel/configs/android*
ANDROID DRIVERS
M: Greg
Add Todd Kjos and myself, remove Riley (who no
longer works at Google).
Signed-off-by: Martijn Coenen
---
Changes in v2: adds commit message.
MAINTAINERS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index aa71ab52fd76..da8264fc09d4 100644
On Mon, Jul 9, 2018 at 3:10 AM, Tetsuo Handa
wrote:
> While at it, let's add cond_resched() to binder_thread_write(),
> binder_transaction() and binder_release_work() loops because they might
> take long time.
This should be a separate patch, and I would love to see some
benchmark data around thi
On Mon, Jul 9, 2018 at 3:27 PM, Dmitry Vyukov wrote:
> I know almost nothing about binder. How these debug messages are
> enabled? I don't see anything like CONFIG_BINDER_VERBOSE_DEBUG in the
> config:
> https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-kasan.config
> Also
On Tue, Jul 10, 2018 at 2:09 PM, Tetsuo Handa
wrote:
> I don't have benchmark data (I'm not an Android user). But an example log at
> https://syzkaller.appspot.com/text?tag=CrashLog&x=12f316fc40 got
> about 13214 messages in 124 seconds (over 100 messages per a second).
I meant data for the c
threads that are waiting for proc work can directly
> receive work from another thread, and no work is allowed to be queued
> on such a thread without waking up the thread. This patch also enforces
> that a thread is not waiting for proc work when a work is directly
> enqueued to its to
Thanks Minchan!
On Thu, Aug 23, 2018 at 7:29 AM, Minchan Kim wrote:
> Signed-off-by: Todd Kjos
> Signed-off-by: Minchan Kim
Reviewed-by: Martijn Coenen
> ---
> drivers/android/binder_alloc.c | 43 +++---
> 1 file changed, 35 insertions(+), 8 deleti
information can then be passed on to the process holding the
node, which can in turn decide whether it wants to shut down to
reduce resource usage.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 50 +
include/uapi/linux/android/binder.h | 8
On Wed, Sep 5, 2018 at 11:09 AM, Dan Carpenter wrote:
> What's the reserved for? On 64 bit systems there is a 4 byte struct
> hole between weak_count and reserved.
There's many more pieces of information that we hold for a node. While
we don't have a use for most of that now, we may want some of
> Any progress on this problem?
A patch was recently submitted to address this:
https://lkml.org/lkml/2018/8/7/802
>
>>
>>> Without disabling by default or latelimit printk(), the system shall become
>>> unusable.
>>>
>>> $ grep binder: log | wc -l
>>> 13214
>>> $ head log
>>> [ 1167.389978] bi
information can then be passed on to the process holding the
node, which can in turn decide whether it wants to shut down to
reduce resource usage.
Signed-off-by: Martijn Coenen
---
v2: made sure reserved fields are aligned, and enforce caller zeroes
all fields except handle, as suggested by Dan
On Wed, Mar 28, 2018 at 1:34 PM, Martijn Coenen wrote:
> On Wed, Mar 28, 2018 at 1:28 PM, Greg KH wrote:
>> What is different from "v2" you sent before this? No change information
>> from v1?
Greg, is this in your queue, or should I just send a v3 to clean this
up?
On Thu, Apr 19, 2018 at 11:35 PM, Eric Biggers wrote:
> Martijn, this is going to be fixed by
> https://patchwork.kernel.org/patch/10312345/
> ("ANDROID: binder: prevent transactions into own process"), right?
> The syzbot bug ID in that patch is for a bug that is already closed,
> so if it's not
On Mon, Apr 23, 2018 at 11:28 AM, Dmitry Vyukov wrote:
> https://syzkaller.appspot.com/bug?extid=09e05aba06723a94d43d
> and that happened in binder. But then syzkaller found a reproducer for
> it, but it turned out to be in rdma subsystem. It's generally not
> possible to properly distinguish diff
On Mon, Apr 23, 2018 at 11:49 AM, Dmitry Vyukov wrote:
> Since it's already in Greg's queue, it's not worth bothering. We can
> fix up things here with these "#syz fix" tags in emails, which
> associate fixes with bugs.
I meant, when I sent the original patch a month or so ago, could
syzbot have
On Mon, Apr 23, 2018 at 12:17 PM, Dmitry Vyukov wrote:
> syzbot does not extract this info from patch emails.
Ok so IIUC, Reported-By tags will only be considered when they are
actually part of commits in one of the tested trees - makes sense. So
does sending "#syz fix: xyz" cause syzbot to look
On Wed, May 2, 2018 at 7:30 AM, wrote:
> But there is potential risks in the future, future functional extensions
> need to consider nesting issues, maybe extending more methods where we
> push to thread->todo. I think that using queueing return error transaction
> to the head of thread todo list
On Thu, May 3, 2018 at 5:21 PM, Luis R. Rodriguez wrote:
> Android folks, poke below. otherwise we'll have no option but to seriously
> consider Mimi's patch to prevent these calls when IMA appraisal is enforced:
Sorry, figuring out who's the right person to answer this, will get
back to you ASAP
On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez wrote:
> Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
>
> It would be good for us to hear from Android folks if their current use of
> request_firmware_into_buf() is designed in practice to *never* use the direct
> fi
tains 32-bit support for devices that are
upgrading. This will be removed as well in 2-3 years,
at which point we can remove the code from the UAPI
as well.
[0]: https://android-review.googlesource.com/c/platform/build/+/595193
Signed-off-by: Martijn Coenen
---
drivers/android/Kconfig | 13 ---
On Tue, May 8, 2018 at 2:06 AM, Jia-Ju Bai wrote:
> The write operations to "alloc->buffer" are protected by
> the lock on line 679 and 730, but the read operation to
> this data on line 712 is not protected by the lock.
> Thus, there may exist a data race for "alloc->buffer".
It's read by the sa
On Sat, May 5, 2018 at 2:10 PM, kbuild test robot wrote:
>drivers/android/binder.o: In function `binder_thread_write':
>>> binder.c:(.text+0x6a16): undefined reference to `__get_user_bad'
Looks like m68k doesn't support 64-bit get_user(). I could just have
binder depend on !CONFIG_M68K, but t
On Fri, May 11, 2018 at 10:08 AM, Greg KH wrote:
> I think using !CONFIG_M68K is a good start. We can blacklist any other
> arch that doesn't support this, and that list should be small as I doubt
> any new ones will be added without this support.
Thanks, I will send a v2.
>
> thanks,
>
> greg
From: Martijn Coenen
New devices launching with Android P need to use the 64-bit
binder interface, even on 32-bit SoCs [0].
This change removes the Kconfig option to select the 32-bit
binder interface. We don't think this will affect existing
userspace for the following reasons:
1) The l
On Mon, May 14, 2018 at 4:00 PM, Geert Uytterhoeven
wrote:
> Patch sent.
Thanks for the quick turn-around!
>
> BTW, sh also doesn't seem to have 64-bit get_user().
> There may be others.
I checked quickly, nios2 is the only other arch that explicitly
doesn't support it and would result in a bui
hmem as
well. Since its size is fixed after creation, preventing anyone from
mapping a larger size seems reasonable to me.
Reviewed-by: Martijn Coenen
>
> thanks!
>
> - Joel
>
___
devel mailing list
de...@linuxdriverproject.org
http:
On Mon, Jun 18, 2018 at 5:09 PM, Arnd Bergmann wrote:
> The timespec structure suffers from the y2038 overflow and should not
> be used. This changes handle_vsoc_cond_wait() to use ktime_t directly.
>
> Signed-off-by: Arnd Bergmann
Reviewed-by: Martijn Coenen
Thanks!
> ---
>
These will be required going forward.
Signed-off-by: Martijn Coenen
---
drivers/android/Kconfig| 2 +-
kernel/configs/android-base.config | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
index 832e885349b1
Commit c4ea41ba195d ("binder: use group leader instead of open thread")'
was incomplete and didn't update a check in binder_mmap(), causing all
mmap() calls into the binder driver to fail.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 2 +-
1 file change
for some reason was incomplete;
"fix proc->tsk check" addresses this particular problem.
Martijn Coenen (3):
ANDROID: binder: add padding to binder_fd_array_object.
ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES.
ANDROID: binder: fix proc->tsk check.
drivers/android
this.
Signed-off-by: Martijn Coenen
---
include/uapi/linux/android/binder.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/linux/android/binder.h
b/include/uapi/linux/android/binder.h
index 51f891fb1b18..7668b5791c91 100644
--- a/include/uapi/linux/android/binder.h
+++ b
On Sat, Jul 29, 2017 at 1:22 AM, Greg KH wrote:
> Ok, do some of these need to go to Linus now for 4.13-final and to the
> stable trees to match up with the 3 that are already proposed for the
> stable trees? If so, which ones?
"fix proc->tsk check" is a fix for "c4ea41ba195d ("binder: use group
Removes the process waitqueue, so that threads
can only wait on the thread waitqueue. Whenever
there is process work to do, pick a thread and
wake it up.
This also fixes an issue with using epoll(),
since we no longer have to block on different
waitqueues.
Signed-off-by: Martijn Coenen
common kernel trees.
Colin Cross (1):
Add BINDER_GET_NODE_DEBUG_INFO ioctl
Martijn Coenen (12):
ANDROID: binder: remove proc waitqueue
ANDROID: binder: push new transactions to waiting threads.
ANDROID: binder: add support for RT prio inheritance.
ANDROID: binder: add min sched_polic
Cross
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 43 +
include/uapi/linux/android/binder.h | 14
2 files changed, 57 insertions(+)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e6778c696942
Allows a binder node to specify whether it wants to
inherit real-time scheduling policy from a caller.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 22 +-
include/uapi/linux/android/binder.h | 8
2 files changed, 25 insertions(+), 5
apply CAP_SYS_NICE or RLIMIT_RT_PRIO,
for now it seems reasonable to not check permissions
on the restore path.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 27 ---
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/drivers/android/binder.c b/dr
).
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 22 ++
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e8a70a7c789c..12ab16bb676c 100644
--- a/drivers/android/binder.c
+++ b/drivers/android
By raising the priority of a thread selected for
a transaction *before* we wake it up.
Delay restoring the priority when doing a reply
until after we wake-up the process receiving
the reply.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 74
]
for the SCHED_NORMAL/SCHED_BATCH policies.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 26 ++-
include/uapi/linux/android/binder.h | 41 -
2 files changed, 61 insertions(+), 6 deletions(-)
diff --git a/drivers
Because is_spin_locked() always returns false on UP
systems.
Use assert_spin_locked() instead, and remove the
WARN_ON() instances, since those were easy to verify.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 26 ++
1 file changed, 10 insertions(+), 16
Because we're not guaranteed that subsequent calls
to poll() will have a poll_table_struct parameter
with _qproc set. When _qproc is not set, poll_wait()
is a noop, and we won't be woken up correctly.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 11 +--
1 file
dling the incoming
trasnaction requires taking the same lock,
userspace will deadlock.
By queueing the async transaction to the proc
workqueue, we make sure it's only picked up when
a thread is ready for proc work.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 8 +---
1 fil
Adds support for SCHED_BATCH/SCHED_FIFO/SCHED_RR
priority inheritance.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 164 ++-
1 file changed, 135 insertions(+), 29 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android
This allows to easily trace and visualize priority inheritance
in the binder driver.
Change-Id: I8449ae4b002e55c5e9517a47f3581e05eef051d8
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 4
drivers/android/binder_trace.h | 24
2 files changed, 28
hread, submit the work
to the proc waitqueue instead as we did previously.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 181 +--
1 file changed, 127 insertions(+), 54 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/an
Hi Thomas,
On Fri, Aug 25, 2017 at 5:08 PM, Thomas Gleixner wrote:
> Sorry, but this has not much to do with real priority inheritance.
Can you clarify what "real priority inheritance" is, or are you more
concerned about this particular implementation of it?
>
> It's a poor mans pseudo PI imple
for binder priority inheritance' have
already been reviewed by Android engineers and are merged in Android's
common kernel trees.
---
Colin Cross (1):
ANDROID: binder: Add BINDER_GET_NODE_DEBUG_INFO ioctl
Martijn Coenen (12):
ANDROID: binder: remove proc waitqueue
ANDROID: binder: pu
longer have to block on different
waitqueues.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 255 +--
1 file changed, 181 insertions(+), 74 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index ba9e613b42d6
tting T1 change the priority
of T2 *before* waking it up.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 217 ---
1 file changed, 188 insertions(+), 29 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
ind
Because is_spin_locked() always returns false on UP
systems.
Use assert_spin_locked() instead, and remove the
WARN_ON() instances, since those were easy to verify.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 26 ++
1 file changed, 10 insertions(+), 16
Allows a binder node to specify whether it wants to
inherit real-time scheduling policy from a caller. This
inheritance may not always be desirable, for example in
cases where the binder call runs untrusted and therefore
potentially unbounded code.
Signed-off-by: Martijn Coenen
---
drivers
]
for the SCHED_NORMAL/SCHED_BATCH policies.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 28 +
include/uapi/linux/android/binder.h | 41 -
2 files changed, 60 insertions(+), 9 deletions(-)
diff --git a/drivers
Cross
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c| 43 +
include/uapi/linux/android/binder.h | 14
2 files changed, 57 insertions(+)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 5edde38a77b3
apply CAP_SYS_NICE or RLIMIT_RT_PRIO,
for now it seems reasonable to not check permissions
on the restore path.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 30 ++
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/drivers/android/binder.c b/dr
By raising the priority of a thread selected for
a transaction *before* we wake it up.
Delay restoring the priority when doing a reply
until after we wake-up the process receiving
the reply.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 74
hread, submit the work
to the proc waitqueue instead as we did previously.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 181 +--
1 file changed, 127 insertions(+), 54 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/an
dling the incoming
trasnaction requires taking the same lock,
userspace will deadlock.
By queueing the async transaction to the proc
workqueue, we make sure it's only picked up when
a thread is ready for proc work.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 8 +---
1 fil
Because we're not guaranteed that subsequent calls
to poll() will have a poll_table_struct parameter
with _qproc set. When _qproc is not set, poll_wait()
is a noop, and we won't be woken up correctly.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 11 +--
1 file
).
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 22 ++
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 68780b8e856c..2d23f8699d40 100644
--- a/drivers/android/binder.c
+++ b/drivers/android
This allows to easily trace and visualize priority inheritance
in the binder driver.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 4
drivers/android/binder_trace.h | 24
2 files changed, 28 insertions(+)
diff --git a/drivers/android/binder.c
On Thu, Aug 31, 2017 at 10:18 AM, Peter Zijlstra wrote:
> You fail to support SCHED_DEADLINE, that's not optional.
The reason I didn't include it is that we don't use SCHED_DEADLINE in
Android userspace. Can we add support for this in a follow-up patch,
or do you consider it necessary for accepti
On Thu, Aug 31, 2017 at 1:32 PM, Peter Zijlstra wrote:
> AFAIK people are actively working on fixing that.
SCHED_DEADLINE was definitely looked at in the past. We certainly
don't use it on our own devices in Android Oreo, and I am not aware of
any current plans to use it. But the Android org is b
It was no longer being used.
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 778caed570c6..06067636 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
oll cleanup
code tries to access the waitlist, which results in
a use-after-free.
Prevent this by using POLLFREE when the thread exits.
Signed-off-by: Martijn Coenen
Reported-by: syzbot
---
drivers/android/binder.c | 12
1 file changed, 12 insertions(+)
diff --git a/drivers/android/binde
On Fri, Jan 5, 2018 at 1:20 PM, Greg KH wrote:
> Should this be a 4.15-final thing, as well as backported to any range of
> older kernels?
This was found by syzkaller and wouldn't be hit in normal code paths,
so I think it's not critical for 4.15. This code was introduced in
4.14, so it should be
On Mon, Feb 12, 2018 at 7:31 PM, Al Viro wrote:
> Any chance of bisecting it?
Perhaps my fix introduced another (related) problem, I'm looking into it.
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/l
To prevent races with ep_remove_waitqueue() removing the
waitqueue at the same time.
Reported-by: syzbot+a2a3c4909716e2714...@syzkaller.appspotmail.com
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/drivers/android
Greg,
This is for 4.14 LTS and 4.16.
Thanks,
Martijn
On Fri, Feb 16, 2018 at 9:47 AM, Martijn Coenen wrote:
> To prevent races with ep_remove_waitqueue() removing the
> waitqueue at the same time.
>
> Reported-by: syzbot+a2a3c4909716e2714...@syzkaller.appspotmail.com
> Signed-
On Tue, Mar 6, 2018 at 9:30 AM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on upstream commit
> 094b58e1040a44f991d7ab628035e69c4d6b79c9 (Mon Mar 5 19:57:06 2018 +)
> Merge tag 'linux-kselftest-4.16-rc5' of
> git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
I
a06723a94d...@syzkaller.appspotmail.com
Signed-off-by: Martijn Coenen
---
drivers/android/binder.c | 8
1 file changed, 8 insertions(+)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e7e4560e4c6e..57d4ba926ed0 100644
--- a/drivers/android/binder.c
+++ b/drivers/androi
1 - 100 of 113 matches
Mail list logo
