On Wed, Apr 14, 2021 at 11:11 AM Lee Jones wrote:
>
> Fixes the following W=1 kernel build warning(s):
>
> drivers/staging/android/ashmem.c:189: warning: Function parameter or member
> 'new_range' not described in 'range_alloc'
>
> Cc: Greg Kroah-Hartman
xceeding the threshold (target process
> dips below 80% of its oneway space, and current process is responsible for
> either more than 50 transactions, or more than 50% of the oneway space).
> And the detection will restart when the async buffer has returned to a
> healthy state.
>
&
+Li Li
On Fri, Apr 9, 2021 at 2:42 AM Hang Lu wrote:
>
> Add BR_FROZEN_REPLY in binder_return_strings to support stat function.
>
> Fixes: ae28c1be1e54 ("binder: BINDER_GET_FROZEN_INFO ioctl")
> Signed-off-by: Hang Lu
Acked-by: Todd Kjos
> ---
> driver
On Tue, Apr 6, 2021 at 9:15 PM Hang Lu wrote:
>
> When async binder buffer got exhausted, some normal oneway transactions
> will also be discarded and may cause system or application failures. By
> that time, the binder debug information we dump may not be relevant to
> the root cause. And this is
On Thu, Apr 1, 2021 at 1:29 AM Hang Lu wrote:
>
> When async binder buffer got exhausted, some normal oneway transaction
> will also be discarded and finally caused system/app stop.
"...be discarded and may cause system or application failures" ?
> By that time,
> the binder debug information we
On Wed, Mar 17, 2021 at 1:17 PM Jann Horn wrote:
>
> On Wed, Mar 17, 2021 at 7:00 PM Christian Brauner
> wrote:
> > On Mon, Mar 15, 2021 at 06:16:27PM -0700, Li Li wrote:
> > > To improve the user experience when switching between recently used
> > > applications, the background applications whic
block the caller until any pending binder transactions toward
> the target process are flushed. Return an error to transactions to
> processes marked as frozen.
>
> Signed-off-by: Marco Ballesio
> Co-developed-by: Todd Kjos
> Signed-off-by: Todd Kjos
> Signed-off-by: Li Li
For th
d-off-by: Marco Ballesio
> Signed-off-by: Li Li
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c| 55 +
> drivers/android/binder_internal.h | 6
> include/uapi/linux/android/binder.h | 7
> 3 files changed, 68 insertions(+)
ed to code using
> this API.
>
> Replace this instance of -ERESTARTSYS with -EINTR, which is propagated
> to user space.
>
> Test: built, booted, interrupted a worker thread within
> binder_wait_for_work
> Signed-off-by: Marco Ballesio
> Signed-off-by: Li Li
Acked-by:
block the caller until any pending binder transactions toward
> the target process are flushed. Return an error to transactions to
> processes marked as frozen.
>
> Signed-off-by: Marco Ballesio
> Co-developed-by: Todd Kjos
> Signed-off-by: Todd Kjos
> Signed-off
+Hridya Valsaraju +Suren Baghdasaryan
On Thu, Dec 17, 2020 at 11:48 PM Huangzhaoyang wrote:
>
> From: Zhaoyang Huang
>
> Add SLAB_RECLAIM_ACCOUNT to ashmem_range cache since it has registered
> shrinker, which make memAvailable more presiced.
>
> Signed-off-by: Zhaoyang H
On Fri, Nov 20, 2020 at 11:14 PM Greg KH wrote:
>
> On Fri, Nov 20, 2020 at 03:37:43PM -0800, Todd Kjos wrote:
> > Add a per-transaction flag to indicate that the buffer
> > must be cleared when the transaction is complete to
> > prevent copies of sensitive data from being
Add a per-transaction flag to indicate that the buffer
must be cleared when the transaction is complete to
prevent copies of sensitive data from being preserved
in memory.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c| 1 +
drivers/android/binder_alloc.c | 48
On Fri, Oct 9, 2020 at 4:24 PM Todd Kjos wrote:
>
> When releasing a thread todo list when tearing down
> a binder_proc, the following race was possible which
> could result in a use-after-free:
>
> 1. Thread 1: enter binder_release_work from binder_thread_rele
g a deref on the node containing the binder_work element
leading to the node being freed.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 35 ++-
1 file changed, 10 insertions(+), 25 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android
Coverity: ("Unused value")
> Signed-off-by: Colin Ian King
Acked-by: Todd Kjos
> ---
> drivers/android/binder_alloc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
> index 91
gt; process is responsible for either more than 50 transactions, or more
> than 50% of the oneway space.
>
> Signed-off-by: Martijn Coenen
Acked-by: Todd Kjos
> ---
> v2: fixed call-site in binder_alloc_selftest
>
> v3: include size of struct binder_buffer in calc
gt; process is responsible for either more than 50 transactions, or more
> than 50% of the oneway space.
>
> Signed-off-by: Martijn Coenen
A few minor comment issues below. When resolved:
Acked-by: Todd Kjos
> ---
> v2: fixed call-site in binder_alloc_selftest
>
> drivers/android
et's
> just remove it.
>
> Fixes: 44d8047f1d87 ("binder: use standard functions to allocate fds")
> Reported-by: syzbot+e113a0b970b7b3f39...@syzkaller.appspotmail.com
> Signed-off-by: Jann Horn
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c | 2 --
> 1 file chan
On Thu, Aug 6, 2020 at 9:09 AM Jann Horn wrote:
>
> On Thu, Aug 6, 2020 at 1:19 PM syzbot
> wrote:
> > syzbot suspects this issue was fixed by commit:
> >
> > commit 4b836a1426cb0f1ef2a6e211d7e553221594f8fc
> > Author: Jann Horn
> > Date: Mon Jul 27 12:04:24 2020 +
> >
> > binder: Prev
gt;
> - The reason why printing the related information to
> kernel information log but not trace buffer is that
> some abnormal transactions may be pending for a long
> time ago, they could not be recorded due to buffer
> limited.
>
> Signed-off-by: Frankie.Cha
nsaction
> may be more close to it.
>
> Signed-off-by: Frankie.Chang
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c | 18 ++
> drivers/android/binder_trace.h | 29 +
> 2 files changed, 47 insertions(+)
>
>
On Tue, Aug 4, 2020 at 6:59 AM Frankie Chang wrote:
>
> From: "Frankie.Chang"
>
> Moving all structs to header file makes module more
> extendable, and makes all these structs to be defined
> in the same file.
>
> Signed-off-by: Frankie.Chang
Acked-by: To
On Sun, Aug 2, 2020 at 8:11 PM Frankie Chang wrote:
>
> On Fri, 2020-07-31 at 11:50 -0700, Todd Kjos wrote:
> > On Mon, Jul 27, 2020 at 8:28 PM Frankie Chang
> > wrote:
> > >
> > > From: "Frankie.Chang"
> > >
> > > Since the o
On Mon, Jul 27, 2020 at 8:28 PM Frankie Chang
wrote:
>
> From: "Frankie.Chang"
>
> Since the original trace_binder_transaction_received cannot
> precisely present the real finished time of transaction, adding a
> trace_binder_txn_latency_free at the point of free transaction
> may be more close t
On Wed, Jun 10, 2020 at 5:34 AM Frankie Chang
wrote:
>
> From: "Frankie.Chang"
>
> Record start/end timestamp for binder transaction.
> When transaction is completed or transaction is free,
> it would be checked if transaction latency over threshold (2 sec),
> if yes, printing related information
On Wed, Jun 10, 2020 at 5:24 AM Frankie Chang
wrote:
>
> From: "Frankie.Chang"
>
> Since the original trace_binder_transaction_received cannot
> precisely present the real finished time of transaction, adding a
> trace_binder_txn_latency_free at the point of free transaction
> may be more close t
t; > with spinlock held. But this patch replaces mmput() with mmput_async() in
> > order not to start __mmput() from shrinker context.
> >
> > [1]
> > https://syzkaller.appspot.com/bug?id=bc9e7303f537c41b2b0cc2dfcea3fc42964c2d45
> >
> > Reported-by: syzbot
>
+Suren Baghdasaryan +Hridya Valsaraju who support the ashmem driver.
On Tue, Jul 14, 2020 at 7:18 AM Michal Hocko wrote:
>
> On Tue 14-07-20 22:08:59, Hillf Danton wrote:
> >
> > On Tue, 14 Jul 2020 10:26:29 +0200 Michal Hocko wrote:
> > > On Tue 14-07-20 13:32:05, Hillf Danton wrote:
> > > >
>
o
> trigger a transaction-to-self bug in the future.
>
> Cc: sta...@vger.kernel.org
> Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
> Signed-off-by: Jann Horn
Nice catch.
Acked-by: Todd Kjos
> ---
> sending again because I forgot to CC LKML the first time.
On Thu, Jul 9, 2020 at 1:18 AM Greg KH wrote:
>
> On Wed, Jul 08, 2020 at 04:12:53PM -0700, Suren Baghdasaryan wrote:
> > Add new maintainers for ashmem driver to handle related issues.
> >
> > Signed-off-by: Suren Baghdasaryan
Acked-by: Todd Kjos
>
> Can I get a
On Mon, Jun 22, 2020 at 1:18 PM Todd Kjos wrote:
>
> On Mon, Jun 22, 2020 at 1:09 PM Christian Brauner
> wrote:
> >
> > On Mon, Jun 22, 2020 at 01:07:15PM -0700, Todd Kjos wrote:
> > > The binder driver makes the assumption proc->context pointer is invariant
>
On Mon, Jun 22, 2020 at 1:09 PM Christian Brauner
wrote:
>
> On Mon, Jun 22, 2020 at 01:07:15PM -0700, Todd Kjos wrote:
> > The binder driver makes the assumption proc->context pointer is invariant
> > after
> > initialization (as documented in the kerneldoc header fo
is to move the kfree of the binder_device to binder_free_proc()
so the binder_device is freed when we know there are no references
remaining on the binder_proc.
Fixes: f0fe2c0f050d ("binder: prevent UAF for binderfs devices II")
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 14 ++
On Thu, May 7, 2020 at 1:11 AM Frankie Chang wrote:
>
> From: "Frankie.Chang"
>
> Record start/end timestamp for binder transaction.
> When transaction is completed or transaction is free,
> it would be checked if transaction latency over threshold (2 sec),
If this is a hard-coded threshold, pro
UL);
> *(char*)data_mapping = 1;
> return 0;
> }
>
> Cc: sta...@vger.kernel.org
> Signed-off-by: Jann Horn
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c | 7 ---
> drivers/android/binder_alloc.c | 6 --
> 2 files changed, 4 insertions
On Wed, Oct 9, 2019 at 3:40 AM Christian Brauner
wrote:
>
> On Tue, Oct 08, 2019 at 02:05:16PM -0400, Joel Fernandes wrote:
> > On Tue, Oct 08, 2019 at 03:01:59PM +0200, Christian Brauner wrote:
[...]
> >
> > One more thought, this can be made dependent on CONFIG_BINDERFS since
> > regular
> >
ying
> the name of the binder device instead of stashing a pointer to it.
>
> Reported-by: Jann Horn
> Fixes: 03e2e07e3814 ("binder: Make transaction_log available in binderfs")
> Link:
> https://lore.kernel.org/r/cag48ez14q0-f8lqsvcnbyr2o6gpw8shxsm4u5jmd9mpstem...@mail.gmai
+Hridya Valsaraju
On Mon, Oct 7, 2019 at 1:50 PM Jann Horn wrote:
>
> Hi!
>
> There is a use-after-free read in print_binder_transaction_log_entry()
> on ANDROID_BINDERFS kernels because
> print_binder_transaction_log_entry() prints the char* e->context_name
> as string, and if the transaction o
uf
> files per-process without doing it in binder_open() but it has worked
> fine for a long time with debugfs.
>
> Also, one minor question below. Otherwise
>
> Acked-by: Christian Brauner
Acked-by: Todd Kjos
>
> > ---
> > drivers/android/binder.c
t; >
> > This change provides an alternate option to access these files when
> > debugfs is not mounted.
> >
> > Signed-off-by: Hridya Valsaraju
>
> Acked-by: Christian Brauner
Acked-by: Todd Kjos
>
> > ---
> > drivers/android
+Hridya Valsaraju
Fix posted:
https://lkml.kernel.org/lkml/20190715191804.112933-1-hri...@google.com/
On Wed, Jun 12, 2019 at 1:14 PM Todd Kjos wrote:
>
> On Wed, Jun 12, 2019 at 12:23 PM Eric Biggers wrote:
> >
> > On Mon, May 20, 2019 at 07:18:06AM -0700, syzbot
e binder device again and uses the new fd to send
> a transaction to the context manager.
>
> Reported-by: syzbot+8b3c354d33c4ac78b...@syzkaller.appspotmail.com
> Signed-off-by: Hridya Valsaraju
Acked-by: Todd Kjos
> ---
> drivers/android/binder.c | 2 +-
> 1 file changed, 1
>
> Of these 3 bugs, 1 was seen in mainline in the last week.
>
> Of these 3 bugs, 1 was bisected to a commit from the following person:
>
> Todd Kjos
>
> If you believe a bug is no longer valid, please close the syzbot report by
> sending a '#syz fix&#x
On Tue, Jun 18, 2019 at 10:37 AM Todd Kjos wrote:
>
> On Tue, Jun 18, 2019 at 5:18 AM Dan Carpenter
> wrote:
> >
> > It's weird that that binder_alloc_copy_from_buffer() is a void function.
> > It would be easier to do the error handling at that point, instead
ggested-by: Dan Carpenter
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 153 -
drivers/android/binder_alloc.c | 44 +-
drivers/android/binder_alloc.h | 22 ++---
3 files changed, 126 insertions(+), 93 deletions(-)
diff --git a/drivers/androi
On Thu, Jun 13, 2019 at 2:56 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d1fdb6d8 Linux 5.2-rc4
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15e5ce1ea0
> kernel config: https://syzkaller.appspot.com/x/.conf
...@syzkaller.appspotmail.com
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index bc26b5511f0a9..8bf039fdeb918 100644
--- a/drivers/android/binder.c
+++ b/drivers
On Tue, Jun 18, 2019 at 5:18 AM Dan Carpenter wrote:
>
> It's weird that that binder_alloc_copy_from_buffer() is a void function.
> It would be easier to do the error handling at that point, instead of in
> the callers. It feels like we keep hitting similar bugs to this.
The idea is that if it i
On Wed, Jun 12, 2019 at 10:41 PM Greg KH wrote:
>
> On Wed, Jun 12, 2019 at 01:29:27PM -0700, Todd Kjos wrote:
> > There is a race between the binder driver cleaning
> > up a completed transaction via binder_free_transaction()
> > and a user calling binder_ioctl(BC_FREE_
a UAF.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 748ac489ef7eb..bc26b5511f0a9 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/bin
On Wed, Jun 12, 2019 at 12:23 PM Eric Biggers wrote:
>
> On Mon, May 20, 2019 at 07:18:06AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:72cf0b07 Merge tag 'sound-fix-5.2-rc1' of git://git.kernel..
> > git tree: upstream
> > console out
r see in a "normal" binder environment).
On Sat, May 18, 2019 at 12:25 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 8:34 PM Todd Kjos wrote:
> > > On Fri, May 17, 2019 at 5:51 PM Dmitry Vyukov wrote:
> > > > > > >
> > > > > &g
On Fri, May 17, 2019 at 8:55 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 5:51 PM Dmitry Vyukov wrote:
> > > > >
> > > > > From: Dmitry Vyukov
> > > > > Date: Fri, May 17, 2019 at 3:26 AM
> > > > > To: Greg Kroah-
On Fri, May 17, 2019 at 8:33 AM Dmitry Vyukov wrote:
>
> On Fri, May 17, 2019 at 5:26 PM Todd Kjos wrote:
> >
> > Yes (and syzbot seemed to confirm the fix). I didn't realize I needed
> > to manually close the issue. I guess you closed it yesterday.
>
> Thi
From: Dmitry Vyukov
Date: Fri, May 17, 2019 at 3:26 AM
To: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos, Martijn Coenen,
Joel Fernandes, Christian Brauner, open list:ANDROID DRIVERS, LKML
Cc: syzkaller
> Hi,
>
> I have 2 questions re drivers/android/binder.c stress testing.
>
> 1
Joel Fernandes, LKML, Martijn Coenen, syzkaller-bugs,
Todd Kjos , Todd Kjos
> On Fri, Mar 29, 2019 at 10:55 AM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot has tested the proposed patch and the reproducer did not trigger
> > crash:
> >
> >
When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.
Signed-off-by: Todd
h* of the commits
> mentioned above are applied. That's an unlikely situation since they
> both landed during the development of v5.1 but only one of them is
> targeted for stable.
>
> Fixes: 5cec2d2e5839 ("binder: fix race between munmap() and direct reclaim")
> Sign
git/gregkh/char-misc.git
> char-misc-linus
> kernel config: https://syzkaller.appspot.com/x/.config?x=8dcdce25ea72bedf
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
>
From d49c95c944c15732ef57f1c876e24838b2ddf34b Mon Sep 17 00:00:00 2001
From: Todd Kjos
Date: Tue, 19 Mar 2019
On Thu, Mar 28, 2019 at 12:27 PM syzbot
wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:
>
> patch is already applied
>
>
> Tested on:
>
> commit: 0532a1b0 virt: vbox: Implement passing requestor info to t..
> git tree:
> git://git.kernel.org/pub/scm/lin
ups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
From d49c95c944c15732ef57f1c876e24838b2ddf34b Mon Sep
re
Signed-off-by: Todd Kjos
---
Please add to 5.1 (fixes problem introduced in 5.1-rc1)
drivers/android/binder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8685882da64cd..4b9c7ca492e6d 100644
--- a/drivers/androi
On Fri, Mar 1, 2019 at 11:57 PM Greg KH wrote:
>
> On Fri, Mar 01, 2019 at 03:06:06PM -0800, Todd Kjos wrote:
> > An munmap() on a binder device causes binder_vma_close() to be called
> > which clears the alloc->vma pointer.
> >
> > If direct reclaim causes bind
red. This can result in
calling zap_page_range() with an invalid vma which manifests as a
use-after-free in zap_page_range().
The fix is to check alloc->vma after acquiring the mmap_sem (which we
were acquiring anyway) and skip zap_page_range() if it has changed
to NULL.
Signed-off-b
t address space of the process. However, right lock to
> > > release pages is down_read, not down_write because page table lock
> > > already protects the race for parallel freeing.
> > >
> > > Please do not use mmap_sem write-side lock which is well known
> &g
Fixes crash found by syzbot:
kernel BUG at drivers/android/binder_alloc.c:LINE! (2)
Reported-by: syzbot+55de1eb4975dec156...@syzkaller.appspotmail.com
Signed-off-by: Todd Kjos
---
Applies to linux-next
drivers/android/binder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a
Trying again with the correct branch spec...
On Thu, Feb 14, 2019 at 2:34 PM Todd Kjos wrote:
>
> On Thu, Feb 14, 2019 at 3:35 AM syzbot
> wrote:
> >
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit:b3418f8bddf4 Add linux
On Thu, Feb 14, 2019 at 3:35 AM syzbot
wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit:b3418f8bddf4 Add linux-next specific files for 20190214
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=161d2048c0
> kernel c
On Thu, Feb 14, 2019 at 1:25 PM Joel Fernandes wrote:
>
> On Thu, Feb 14, 2019 at 03:53:54PM -0500, Joel Fernandes wrote:
> > On Thu, Feb 14, 2019 at 3:42 PM Todd Kjos wrote:
> > >
> > > On Thu, Feb 14, 2019 at 11:45 AM Joel Fernandes wrote:
> > [snip]
> &
On Thu, Feb 14, 2019 at 11:45 AM Joel Fernandes wrote:
>
> Hi Todd,
>
> One quick question:
>
> On Fri, Feb 08, 2019 at 10:35:14AM -0800, Todd Kjos wrote:
> > The binder driver uses a vm_area to map the per-process
> > binder buffer space. For 32-bit android devic
e: warning: incorrect type in assignment (different address spaces)
sparse:expected void *page_addr
sparse:got void [noderef] *user_data
sparse: error: subtraction of different types can't work
Fixed by adding necessary "__user" tags.
Reported-by: kbuild test robot
+Alistair Strachan
On Mon, Feb 11, 2019 at 9:11 AM Greg KH wrote:
>
> On Mon, Feb 11, 2019 at 10:15:18PM +0530, Souptick Joarder wrote:
> > On Mon, Feb 11, 2019 at 9:27 PM Greg KH wrote:
> > >
> > > On Mon, Feb 11, 2019 at 09:21:19PM +0530, Souptick Joarder wrote:
> > > > On Mon, Feb 11, 2019 at
On Mon, Feb 11, 2019 at 8:57 AM Christoph Hellwig wrote:
>
> On Fri, Feb 08, 2019 at 10:35:13AM -0800, Todd Kjos wrote:
> > Binder buffers have always been mapped into kernel space
> > via map_kernel_range_noflush() to allow the binder driver
> > to modify the buffer bef
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
v3: fix build-break when CONFIG_ANDROID_BINDER_IPC_SELFTEST enabled
drivers/android/binder.c| 118 ++--
drivers/and
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 39 ++
drivers/android/binder_alloc.c | 16 ++
drivers/android
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/an
binder_validate_ptr()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index
multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 29 +++--
drivers
systems, there is a risk of running out of
vmalloc space.
This patch set removes the persistent mapping of the
binder buffers into kernel space. Instead, the binder
driver creates temporary mappings with kmap() or
kmap_atomic() to copy to or from the buffer only when
necessary.
Todd Kjos (7
On Fri, Feb 8, 2019 at 3:26 AM Greg KH wrote:
>
> On Wed, Jan 30, 2019 at 02:46:48PM -0800, Todd Kjos wrote:
> > Binder buffers have always been mapped into kernel space
> > via map_kernel_range_noflush() to allow the binder driver
> > to modify the buffer before
sers specify
> CONFIG_ANDROID_IPC=y, CONFIG_ANDROID_BINDERFS=y and
> ANDROID_BINDER_DEVICES="".
> When CONFIG_ANDROID_BINDERFS=n then this always succeeds so there's no
> regression potential for legacy workloads.
>
> Signed-off-by: Christian Brauner
Acked-by: Todd Kjo
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
v2: removed casts as suggested by Dan Carpenter
drivers/android/binder.c | 118 +++--
drivers/android/binder_alloc.c | 87
drivers/android/b
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
v2: removed casts as suggested by Dan Carpenter
drivers/android/binder.c | 39 ++
drivers/android/binder_alloc.c | 16 ++
drivers/android
systems, there is a risk of running out of
vmalloc space.
This patch set removes the persistent mapping of the
binder buffers into kernel space. Instead, the binder
driver creates temporary mappings with kmap() or
kmap_atomic() to copy to or from the buffer only when
necessary.
Todd Kjos (7
multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 29 +++--
drivers
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
v2: remove casts as suggested by Dan Carpenter
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/an
()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8063b405e4fa
On Tue, Jan 29, 2019 at 12:12 AM Dan Carpenter wrote:
>
> On Mon, Jan 28, 2019 at 04:49:28PM -0800, Todd Kjos wrote:
> > +/**
> > + * binder_alloc_copy_user_to_buffer() - copy src user to tgt user
> > + * @alloc: binder_alloc for this proc
> > + * @buffer
Remove the kernel's vm_area and the code that maps
buffer pages into it.
Signed-off-by: Todd Kjos
---
drivers/android/binder_alloc.c | 40 ++
1 file changed, 2 insertions(+), 38 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/an
()
binder_validate_fixup()
binder_fixup_parent()
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 146 ++-
1 file changed, 97 insertions(+), 49 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 1563b9b60a0a3
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 38 +++---
drivers/android/binder_alloc.c | 16 ++
drivers/android/binder_alloc.h | 23
3 files
objects
from the buffer to a local structure.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 75 +++-
1 file changed, 58 insertions(+), 17 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 74d0c1ff874e2..1563b9b60a0a3
pointers. Refactor code to use offsets instead
of user pointers.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 120 +++--
drivers/android/binder_alloc.c | 89
drivers/android/binder_alloc.h | 6 +-
drivers/android/binder_trace.
multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
Signed-off-by: Todd Kjos
---
drivers/android/binder.c | 29 +++--
drivers/android/binder_alloc.c | 114
() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
Signed-off-by: Todd Kjos
---
drivers/android/Kconfig| 2
1 - 100 of 227 matches
Mail list logo
