linux-xiaomi-chiron

Linux mainline fork with MSM8998 patches | https://mainline.space | Currently supported devices: OnePlus 5/5T, Xiaomi Mi 6, F(x)tec Pro¹ (2019 QX1000 model) & Sony Xperia XZ Premium (UNTESTED!)

Find a file

Minchan Kim da1b9564e8 android: binder: fix the race mmap and alloc_new_buf_locked There is RaceFuzzer report like below because we have no lock to close below the race between binder_mmap and binder_alloc_new_buf_locked. To close the race, let's use memory barrier so that if someone see alloc->vma is not NULL, alloc->vma_vm_mm should be never NULL. (I didn't add stable mark intentionallybecause standard android userspace libraries that interact with binder (libbinder & libhwbinder) prevent the mmap/ioctl race. - from Todd) " Thread interleaving: CPU0 (binder_alloc_mmap_handler) CPU1 (binder_alloc_new_buf_locked) ===== ===== // drivers/android/binder_alloc.c // #L718 (v4.18-rc3) alloc->vma = vma; // drivers/android/binder_alloc.c // #L346 (v4.18-rc3) if (alloc->vma == NULL) { ... // alloc->vma is not NULL at this point return ERR_PTR(-ESRCH); } ... // #L438 binder_update_page_range(alloc, 0, (void *)PAGE_ALIGN((uintptr_t)buffer->data), end_page_addr); // In binder_update_page_range() #L218 // But still alloc->vma_vm_mm is NULL here if (need_mm && mmget_not_zero(alloc->vma_vm_mm)) alloc->vma_vm_mm = vma->vm_mm; Crash Log: ================================================================== BUG: KASAN: null-ptr-deref in __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] BUG: KASAN: null-ptr-deref in atomic_add_unless include/linux/atomic.h:533 [inline] BUG: KASAN: null-ptr-deref in mmget_not_zero include/linux/sched/mm.h:75 [inline] BUG: KASAN: null-ptr-deref in binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 Write of size 4 at addr 0000000000000058 by task syz-executor0/11184 CPU: 1 PID: 11184 Comm: syz-executor0 Not tainted 4.18.0-rc3 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22c lib/dump_stack.c:113 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x163/0x380 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x140/0x1a0 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] atomic_add_unless include/linux/atomic.h:533 [inline] mmget_not_zero include/linux/sched/mm.h:75 [inline] binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 binder_alloc_new_buf_locked drivers/android/binder_alloc.c:443 [inline] binder_alloc_new_buf+0x467/0xc30 drivers/android/binder_alloc.c:513 binder_transaction+0x125b/0x4fb0 drivers/android/binder.c:2957 binder_thread_write+0xc08/0x2770 drivers/android/binder.c:3528 binder_ioctl_write_read.isra.39+0x24f/0x8e0 drivers/android/binder.c:4456 binder_ioctl+0xa86/0xf34 drivers/android/binder.c:4596 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x154/0xd40 fs/ioctl.c:686 ksys_ioctl+0x94/0xb0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:706 do_syscall_64+0x167/0x4b0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe " Signed-off-by: Todd Kjos <tkjos@google.com> Signed-off-by: Minchan Kim <minchan@kernel.org> Reviewed-by: Martijn Coenen <maco@android.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-09-12 09:18:29 +02:00
arch	Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-09-09 07:05:15 -07:00
block	block: bfq: swap puts in bfqg_and_blkg_put	2018-09-06 11:32:58 -06:00
certs	export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()	2018-08-22 23:21:44 +09:00
crypto	DMAengine updates for v4.19-rc1	2018-08-18 15:55:59 -07:00
Documentation	Fix things so the choice of whether or not to trust RDRAND to	2018-09-09 05:54:05 -07:00
drivers	android: binder: fix the race mmap and alloc_new_buf_locked	2018-09-12 09:18:29 +02:00
firmware	kbuild: remove all dummy assignments to obj-	2017-11-18 11:46:06 +09:00
fs	afs: Fix cell specification to permit an empty address list	2018-09-07 16:39:44 -07:00
include	Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-09-09 06:55:27 -07:00
init	Kbuild updates for v4.19 (2nd)	2018-08-25 13:40:38 -07:00
ipc	ipc/shm: properly return EIDRM in shm_lock()	2018-09-04 16:45:02 -07:00
kernel	Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-09-09 06:55:27 -07:00
lib	lib/Kconfig.debug: fix three typos in help text	2018-09-04 16:45:02 -07:00
LICENSES	LICENSES: Add Linux-OpenIB license text	2018-04-27 16:41:53 -06:00
mm	for-linus-20180906	2018-09-06 14:01:15 -07:00
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-09-04 12:45:11 -07:00
samples	samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM	2018-08-16 21:55:32 +02:00
scripts	Kbuild fixes for v4.19	2018-09-09 05:42:11 -07:00
security	- Fix for bad debug check when converting secids to secctx	2018-09-06 09:42:14 -07:00
sound	ALSA: hda: Fix several mismatch for register mask and value	2018-09-03 23:47:40 +02:00
tools	KVM fixes for 4.19-rc3	2018-09-08 15:52:45 -07:00
usr	initramfs: move gen_initramfs_list.sh from scripts/ to usr/	2018-08-22 23:21:44 +09:00
virt	KVM: Remove obsolete kvm_unmap_hva notifier backend	2018-09-07 15:06:02 +02:00
.clang-format	clang-format: Set IndentWrappedFunctionNames false	2018-08-01 18:38:51 +02:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.get_maintainer.ignore	Add hch to .get_maintainer.ignore	2015-08-21 14:30:10 -07:00
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	Kbuild updates for v4.17 (2nd)	2018-04-15 17:21:30 -07:00
.mailmap	libnvdimm-for-4.19_misc	2018-08-25 18:13:10 -07:00
COPYING	COPYING: use the new text with points to the license files	2018-03-23 12:41:45 -06:00
CREDITS	9p: remove Ron Minnich from MAINTAINERS	2018-08-17 16:20:26 -07:00
Kbuild	Kbuild updates for v4.15	2017-11-17 17:45:29 -08:00
Kconfig	kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt	2018-08-02 08:06:55 +09:00
MAINTAINERS	i2c: xiic: Record xilinx i2c with Zynq fragment	2018-09-07 13:04:45 +02:00
Makefile	Linux 4.19-rc3	2018-09-09 17:26:43 -07:00
README	Docs: Added a pointer to the formatted docs to README	2018-03-21 09:02:53 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.