drivers/android/binder.c:3779: Error: unrecognized keyword/register name `l.addi

From: kernel test robot
Date: Sat Aug 29 2020 - 16:07:09 EST


tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4d41ead6ead97c3730bbd186a601a64828668f01
commit: 4b836a1426cb0f1ef2a6e211d7e553221594f8fc binder: Prevent context manager from incrementing ref 0
date: 4 weeks ago
config: openrisc-randconfig-r016-20200830 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout 4b836a1426cb0f1ef2a6e211d7e553221594f8fc
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=openrisc

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All errors (new ones prefixed by >>):

drivers/android/binder.c: Assembler messages:
drivers/android/binder.c:3774: Error: unrecognized keyword/register name `l.lwz ?ap,4(r25)'
>> drivers/android/binder.c:3779: Error: unrecognized keyword/register name `l.addi ?ap,r0,0'

# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4b836a1426cb0f1ef2a6e211d7e553221594f8fc
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 4b836a1426cb0f1ef2a6e211d7e553221594f8fc
vim +3779 drivers/android/binder.c

44d8047f1d87ad drivers/android/binder.c Todd Kjos 2018-08-28 3600
fb07ebc3e82a98 drivers/staging/android/binder.c Bojan Prtvar 2013-09-02 3601 static int binder_thread_write(struct binder_proc *proc,
fb07ebc3e82a98 drivers/staging/android/binder.c Bojan Prtvar 2013-09-02 3602 struct binder_thread *thread,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3603 binder_uintptr_t binder_buffer, size_t size,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3604 binder_size_t *consumed)
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3605 {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3606 uint32_t cmd;
342e5c90b60134 drivers/android/binder.c Martijn Coenen 2017-02-03 3607 struct binder_context *context = proc->context;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3608 void __user *buffer = (void __user *)(uintptr_t)binder_buffer;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3609 void __user *ptr = buffer + *consumed;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3610 void __user *end = buffer + size;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3611
26549d17741035 drivers/android/binder.c Todd Kjos 2017-06-29 3612 while (ptr < end && thread->return_error.cmd == BR_OK) {
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3613 int ret;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3614
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3615 if (get_user(cmd, (uint32_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3616 return -EFAULT;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3617 ptr += sizeof(uint32_t);
975a1ac9a9fe65 drivers/staging/android/binder.c Arve Hjønnevåg 2012-10-16 3618 trace_binder_command(cmd);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3619 if (_IOC_NR(cmd) < ARRAY_SIZE(binder_stats.bc)) {
0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3620 atomic_inc(&binder_stats.bc[_IOC_NR(cmd)]);
0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3621 atomic_inc(&proc->stats.bc[_IOC_NR(cmd)]);
0953c7976c36ce drivers/android/binder.c Badhri Jagan Sridharan 2017-06-29 3622 atomic_inc(&thread->stats.bc[_IOC_NR(cmd)]);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3623 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3624 switch (cmd) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3625 case BC_INCREFS:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3626 case BC_ACQUIRE:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3627 case BC_RELEASE:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3628 case BC_DECREFS: {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3629 uint32_t target;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3630 const char *debug_string;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3631 bool strong = cmd == BC_ACQUIRE || cmd == BC_RELEASE;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3632 bool increment = cmd == BC_INCREFS || cmd == BC_ACQUIRE;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3633 struct binder_ref_data rdata;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3634
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3635 if (get_user(target, (uint32_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3636 return -EFAULT;
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3637
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3638 ptr += sizeof(uint32_t);
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3639 ret = -1;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3640 if (increment && !target) {
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3641 struct binder_node *ctx_mgr_node;
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3642 mutex_lock(&context->context_mgr_node_lock);
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3643 ctx_mgr_node = context->binder_context_mgr_node;
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3644 if (ctx_mgr_node) {
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3645 if (ctx_mgr_node->proc == proc) {
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3646 binder_user_error("%d:%d context manager tried to acquire desc 0\n",
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3647 proc->pid, thread->pid);
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3648 mutex_unlock(&context->context_mgr_node_lock);
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3649 return -EINVAL;
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3650 }
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3651 ret = binder_inc_ref_for_node(
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3652 proc, ctx_mgr_node,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3653 strong, NULL, &rdata);
4b836a1426cb0f drivers/android/binder.c Jann Horn 2020-07-27 3654 }
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3655 mutex_unlock(&context->context_mgr_node_lock);
c44b1231ff1170 drivers/android/binder.c Todd Kjos 2017-06-29 3656 }
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3657 if (ret)
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3658 ret = binder_update_ref_for_handle(
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3659 proc, target, increment, strong,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3660 &rdata);
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3661 if (!ret && rdata.desc != target) {
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3662 binder_user_error("%d:%d tried to acquire reference to desc %d, got %d instead\n",
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3663 proc->pid, thread->pid,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3664 target, rdata.desc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3665 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3666 switch (cmd) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3667 case BC_INCREFS:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3668 debug_string = "IncRefs";
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3669 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3670 case BC_ACQUIRE:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3671 debug_string = "Acquire";
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3672 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3673 case BC_RELEASE:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3674 debug_string = "Release";
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3675 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3676 case BC_DECREFS:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3677 default:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3678 debug_string = "DecRefs";
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3679 break;
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3680 }
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3681 if (ret) {
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3682 binder_user_error("%d:%d %s %d refcount change on invalid ref %d ret %d\n",
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3683 proc->pid, thread->pid, debug_string,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3684 strong, target, ret);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3685 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3686 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3687 binder_debug(BINDER_DEBUG_USER_REFS,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3688 "%d:%d %s ref %d desc %d s %d w %d\n",
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3689 proc->pid, thread->pid, debug_string,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3690 rdata.debug_id, rdata.desc, rdata.strong,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3691 rdata.weak);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3692 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3693 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3694 case BC_INCREFS_DONE:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3695 case BC_ACQUIRE_DONE: {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3696 binder_uintptr_t node_ptr;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3697 binder_uintptr_t cookie;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3698 struct binder_node *node;
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3699 bool free_node;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3700
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3701 if (get_user(node_ptr, (binder_uintptr_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3702 return -EFAULT;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3703 ptr += sizeof(binder_uintptr_t);
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3704 if (get_user(cookie, (binder_uintptr_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3705 return -EFAULT;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3706 ptr += sizeof(binder_uintptr_t);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3707 node = binder_get_node(proc, node_ptr);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3708 if (node == NULL) {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3709 binder_user_error("%d:%d %s u%016llx no match\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3710 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3711 cmd == BC_INCREFS_DONE ?
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3712 "BC_INCREFS_DONE" :
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3713 "BC_ACQUIRE_DONE",
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3714 (u64)node_ptr);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3715 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3716 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3717 if (cookie != node->cookie) {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3718 binder_user_error("%d:%d %s u%016llx node %d cookie mismatch %016llx != %016llx\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3719 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3720 cmd == BC_INCREFS_DONE ?
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3721 "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE",
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3722 (u64)node_ptr, node->debug_id,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3723 (u64)cookie, (u64)node->cookie);
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3724 binder_put_node(node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3725 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3726 }
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3727 binder_node_inner_lock(node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3728 if (cmd == BC_ACQUIRE_DONE) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3729 if (node->pending_strong_ref == 0) {
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3730 binder_user_error("%d:%d BC_ACQUIRE_DONE node %d has no pending acquire request\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3731 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3732 node->debug_id);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3733 binder_node_inner_unlock(node);
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3734 binder_put_node(node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3735 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3736 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3737 node->pending_strong_ref = 0;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3738 } else {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3739 if (node->pending_weak_ref == 0) {
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3740 binder_user_error("%d:%d BC_INCREFS_DONE node %d has no pending increfs request\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3741 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3742 node->debug_id);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3743 binder_node_inner_unlock(node);
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3744 binder_put_node(node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3745 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3746 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3747 node->pending_weak_ref = 0;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3748 }
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3749 free_node = binder_dec_node_nilocked(node,
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3750 cmd == BC_ACQUIRE_DONE, 0);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3751 WARN_ON(free_node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3752 binder_debug(BINDER_DEBUG_USER_REFS,
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3753 "%d:%d %s node %d ls %d lw %d tr %d\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3754 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3755 cmd == BC_INCREFS_DONE ? "BC_INCREFS_DONE" : "BC_ACQUIRE_DONE",
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3756 node->debug_id, node->local_strong_refs,
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3757 node->local_weak_refs, node->tmp_refs);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3758 binder_node_inner_unlock(node);
adc1884222276d drivers/android/binder.c Todd Kjos 2017-06-29 3759 binder_put_node(node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3760 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3761 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3762 case BC_ATTEMPT_ACQUIRE:
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3763 pr_err("BC_ATTEMPT_ACQUIRE not supported\n");
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3764 return -EINVAL;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3765 case BC_ACQUIRE_RESULT:
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3766 pr_err("BC_ACQUIRE_RESULT not supported\n");
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3767 return -EINVAL;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3768
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3769 case BC_FREE_BUFFER: {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3770 binder_uintptr_t data_ptr;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3771 struct binder_buffer *buffer;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3772
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3773 if (get_user(data_ptr, (binder_uintptr_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 @3774 return -EFAULT;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3775 ptr += sizeof(binder_uintptr_t);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3776
53d311cfa19ad3 drivers/android/binder.c Todd Kjos 2017-06-29 3777 buffer = binder_alloc_prepare_to_free(&proc->alloc,
19c987241ca121 drivers/android/binder.c Todd Kjos 2017-06-29 3778 data_ptr);
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 @3779 if (IS_ERR_OR_NULL(buffer)) {
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3780 if (PTR_ERR(buffer) == -EPERM) {
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3781 binder_user_error(
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3782 "%d:%d BC_FREE_BUFFER u%016llx matched unreturned or currently freeing buffer\n",
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3783 proc->pid, thread->pid,
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3784 (u64)data_ptr);
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3785 } else {
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3786 binder_user_error(
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3787 "%d:%d BC_FREE_BUFFER u%016llx no match\n",
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3788 proc->pid, thread->pid,
7bada55ab50697 drivers/android/binder.c Todd Kjos 2018-11-06 3789 (u64)data_ptr);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3790 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3791 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3792 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3793 binder_debug(BINDER_DEBUG_FREE_BUFFER,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3794 "%d:%d BC_FREE_BUFFER u%016llx found buffer %d for %s transaction\n",
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3795 proc->pid, thread->pid, (u64)data_ptr,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3796 buffer->debug_id,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3797 buffer->transaction ? "active" : "finished");
44d8047f1d87ad drivers/android/binder.c Todd Kjos 2018-08-28 3798 binder_free_buf(proc, buffer);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3799 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3800 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3801
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3802 case BC_TRANSACTION_SG:
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3803 case BC_REPLY_SG: {
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3804 struct binder_transaction_data_sg tr;
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3805
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3806 if (copy_from_user(&tr, ptr, sizeof(tr)))
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3807 return -EFAULT;
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3808 ptr += sizeof(tr);
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3809 binder_transaction(proc, thread, &tr.transaction_data,
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3810 cmd == BC_REPLY_SG, tr.buffers_size);
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3811 break;
7980240b6d63e0 drivers/android/binder.c Martijn Coenen 2017-02-03 3812 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3813 case BC_TRANSACTION:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3814 case BC_REPLY: {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3815 struct binder_transaction_data tr;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3816
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3817 if (copy_from_user(&tr, ptr, sizeof(tr)))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3818 return -EFAULT;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3819 ptr += sizeof(tr);
4bfac80af3a63f drivers/android/binder.c Martijn Coenen 2017-02-03 3820 binder_transaction(proc, thread, &tr,
4bfac80af3a63f drivers/android/binder.c Martijn Coenen 2017-02-03 3821 cmd == BC_REPLY, 0);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3822 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3823 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3824
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3825 case BC_REGISTER_LOOPER:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3826 binder_debug(BINDER_DEBUG_THREADS,
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3827 "%d:%d BC_REGISTER_LOOPER\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3828 proc->pid, thread->pid);
b3e6861283790d drivers/android/binder.c Todd Kjos 2017-06-29 3829 binder_inner_proc_lock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3830 if (thread->looper & BINDER_LOOPER_STATE_ENTERED) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3831 thread->looper |= BINDER_LOOPER_STATE_INVALID;
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3832 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3833 proc->pid, thread->pid);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3834 } else if (proc->requested_threads == 0) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3835 thread->looper |= BINDER_LOOPER_STATE_INVALID;
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3836 binder_user_error("%d:%d ERROR: BC_REGISTER_LOOPER called without request\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3837 proc->pid, thread->pid);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3838 } else {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3839 proc->requested_threads--;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3840 proc->requested_threads_started++;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3841 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3842 thread->looper |= BINDER_LOOPER_STATE_REGISTERED;
b3e6861283790d drivers/android/binder.c Todd Kjos 2017-06-29 3843 binder_inner_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3844 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3845 case BC_ENTER_LOOPER:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3846 binder_debug(BINDER_DEBUG_THREADS,
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3847 "%d:%d BC_ENTER_LOOPER\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3848 proc->pid, thread->pid);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3849 if (thread->looper & BINDER_LOOPER_STATE_REGISTERED) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3850 thread->looper |= BINDER_LOOPER_STATE_INVALID;
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3851 binder_user_error("%d:%d ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3852 proc->pid, thread->pid);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3853 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3854 thread->looper |= BINDER_LOOPER_STATE_ENTERED;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3855 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3856 case BC_EXIT_LOOPER:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3857 binder_debug(BINDER_DEBUG_THREADS,
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3858 "%d:%d BC_EXIT_LOOPER\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3859 proc->pid, thread->pid);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3860 thread->looper |= BINDER_LOOPER_STATE_EXITED;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3861 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3862
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3863 case BC_REQUEST_DEATH_NOTIFICATION:
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3864 case BC_CLEAR_DEATH_NOTIFICATION: {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3865 uint32_t target;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3866 binder_uintptr_t cookie;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3867 struct binder_ref *ref;
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3868 struct binder_ref_death *death = NULL;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3869
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3870 if (get_user(target, (uint32_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3871 return -EFAULT;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3872 ptr += sizeof(uint32_t);
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3873 if (get_user(cookie, (binder_uintptr_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3874 return -EFAULT;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3875 ptr += sizeof(binder_uintptr_t);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3876 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) {
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3877 /*
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3878 * Allocate memory for death notification
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3879 * before taking lock
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3880 */
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3881 death = kzalloc(sizeof(*death), GFP_KERNEL);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3882 if (death == NULL) {
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3883 WARN_ON(thread->return_error.cmd !=
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3884 BR_OK);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3885 thread->return_error.cmd = BR_ERROR;
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3886 binder_enqueue_thread_work(
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3887 thread,
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3888 &thread->return_error.work);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3889 binder_debug(
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3890 BINDER_DEBUG_FAILED_TRANSACTION,
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3891 "%d:%d BC_REQUEST_DEATH_NOTIFICATION failed\n",
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3892 proc->pid, thread->pid);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3893 break;
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3894 }
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3895 }
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3896 binder_proc_lock(proc);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3897 ref = binder_get_ref_olocked(proc, target, false);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3898 if (ref == NULL) {
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3899 binder_user_error("%d:%d %s invalid ref %d\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3900 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3901 cmd == BC_REQUEST_DEATH_NOTIFICATION ?
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3902 "BC_REQUEST_DEATH_NOTIFICATION" :
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3903 "BC_CLEAR_DEATH_NOTIFICATION",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3904 target);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3905 binder_proc_unlock(proc);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3906 kfree(death);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3907 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3908 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3909
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3910 binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3911 "%d:%d %s %016llx ref %d desc %d s %d w %d for node %d\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3912 proc->pid, thread->pid,
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3913 cmd == BC_REQUEST_DEATH_NOTIFICATION ?
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3914 "BC_REQUEST_DEATH_NOTIFICATION" :
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3915 "BC_CLEAR_DEATH_NOTIFICATION",
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3916 (u64)cookie, ref->data.debug_id,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3917 ref->data.desc, ref->data.strong,
372e3147df7016 drivers/android/binder.c Todd Kjos 2017-06-29 3918 ref->data.weak, ref->node->debug_id);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3919
ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3920 binder_node_lock(ref->node);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3921 if (cmd == BC_REQUEST_DEATH_NOTIFICATION) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3922 if (ref->death) {
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3923 binder_user_error("%d:%d BC_REQUEST_DEATH_NOTIFICATION death notification already set\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3924 proc->pid, thread->pid);
ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3925 binder_node_unlock(ref->node);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3926 binder_proc_unlock(proc);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3927 kfree(death);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3928 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3929 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3930 binder_stats_created(BINDER_STAT_DEATH);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3931 INIT_LIST_HEAD(&death->work.entry);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3932 death->cookie = cookie;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3933 ref->death = death;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3934 if (ref->node->proc == NULL) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3935 ref->death->work.type = BINDER_WORK_DEAD_BINDER;
bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3936
1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3937 binder_inner_proc_lock(proc);
1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3938 binder_enqueue_work_ilocked(
bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3939 &ref->death->work, &proc->todo);
bb74562a7f8398 drivers/android/binder.c Martijn Coenen 2017-08-31 3940 binder_wakeup_proc_ilocked(proc);
1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3941 binder_inner_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3942 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3943 } else {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3944 if (ref->death == NULL) {
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 3945 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification not active\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3946 proc->pid, thread->pid);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3947 binder_node_unlock(ref->node);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3948 binder_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3949 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3950 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3951 death = ref->death;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3952 if (death->cookie != cookie) {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3953 binder_user_error("%d:%d BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch %016llx != %016llx\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3954 proc->pid, thread->pid,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3955 (u64)death->cookie,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3956 (u64)cookie);
673068eee8560d drivers/android/binder.c Todd Kjos 2017-06-29 3957 binder_node_unlock(ref->node);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3958 binder_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3959 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3960 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3961 ref->death = NULL;
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3962 binder_inner_proc_lock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3963 if (list_empty(&death->work.entry)) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3964 death->work.type = BINDER_WORK_CLEAR_DEATH_NOTIFICATION;
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3965 if (thread->looper &
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3966 (BINDER_LOOPER_STATE_REGISTERED |
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3967 BINDER_LOOPER_STATE_ENTERED))
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3968 binder_enqueue_thread_work_ilocked(
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3969 thread,
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 3970 &death->work);
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3971 else {
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3972 binder_enqueue_work_ilocked(
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3973 &death->work,
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3974 &proc->todo);
1b77e9dcc3da93 drivers/android/binder.c Martijn Coenen 2017-08-31 3975 binder_wakeup_proc_ilocked(
408c68b17aea2f drivers/android/binder.c Martijn Coenen 2017-08-31 3976 proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3977 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3978 } else {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3979 BUG_ON(death->work.type != BINDER_WORK_DEAD_BINDER);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3980 death->work.type = BINDER_WORK_DEAD_BINDER_AND_CLEAR;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3981 }
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3982 binder_inner_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3983 }
ab51ec6bdf0b7a drivers/android/binder.c Martijn Coenen 2017-06-29 3984 binder_node_unlock(ref->node);
2c1838dc6817dd drivers/android/binder.c Todd Kjos 2017-06-29 3985 binder_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3986 } break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3987 case BC_DEAD_BINDER_DONE: {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3988 struct binder_work *w;
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3989 binder_uintptr_t cookie;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3990 struct binder_ref_death *death = NULL;
10f62861b4a2f2 drivers/staging/android/binder.c Seunghun Lee 2014-05-01 3991
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 3992 if (get_user(cookie, (binder_uintptr_t __user *)ptr))
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3993 return -EFAULT;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 3994
7a64cd887fdb97 drivers/android/binder.c Lisa Du 2016-02-17 3995 ptr += sizeof(cookie);
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3996 binder_inner_proc_lock(proc);
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3997 list_for_each_entry(w, &proc->delivered_death,
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3998 entry) {
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 3999 struct binder_ref_death *tmp_death =
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4000 container_of(w,
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4001 struct binder_ref_death,
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4002 work);
10f62861b4a2f2 drivers/staging/android/binder.c Seunghun Lee 2014-05-01 4003
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4004 if (tmp_death->cookie == cookie) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4005 death = tmp_death;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4006 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4007 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4008 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4009 binder_debug(BINDER_DEBUG_DEAD_BINDER,
8ca86f1639ec58 drivers/android/binder.c Todd Kjos 2018-02-07 4010 "%d:%d BC_DEAD_BINDER_DONE %016llx found %pK\n",
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 4011 proc->pid, thread->pid, (u64)cookie,
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 4012 death);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4013 if (death == NULL) {
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 4014 binder_user_error("%d:%d BC_DEAD_BINDER_DONE %016llx not found\n",
da49889deb34d3 drivers/staging/android/binder.c Arve Hjønnevåg 2014-02-21 4015 proc->pid, thread->pid, (u64)cookie);
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4016 binder_inner_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4017 break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4018 }
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4019 binder_dequeue_work_ilocked(&death->work);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4020 if (death->work.type == BINDER_WORK_DEAD_BINDER_AND_CLEAR) {
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4021 death->work.type = BINDER_WORK_CLEAR_DEATH_NOTIFICATION;
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4022 if (thread->looper &
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4023 (BINDER_LOOPER_STATE_REGISTERED |
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4024 BINDER_LOOPER_STATE_ENTERED))
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 4025 binder_enqueue_thread_work_ilocked(
148ade2c4d4f46 drivers/android/binder.c Martijn Coenen 2017-11-15 4026 thread, &death->work);
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4027 else {
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4028 binder_enqueue_work_ilocked(
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4029 &death->work,
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4030 &proc->todo);
408c68b17aea2f drivers/android/binder.c Martijn Coenen 2017-08-31 4031 binder_wakeup_proc_ilocked(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4032 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4033 }
72196393a5e3d2 drivers/android/binder.c Todd Kjos 2017-06-29 4034 binder_inner_proc_unlock(proc);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4035 } break;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4036
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4037 default:
56b468fc709b2b drivers/staging/android/binder.c Anmol Sarma 2012-10-30 4038 pr_err("%d:%d unknown command %d\n",
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4039 proc->pid, thread->pid, cmd);
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4040 return -EINVAL;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4041 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4042 *consumed = ptr - buffer;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4043 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4044 return 0;
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4045 }
355b0502f6efea drivers/staging/android/binder.c Greg Kroah-Hartman 2011-11-30 4046

:::::: The code at line 3779 was first introduced by commit
:::::: 7bada55ab50697861eee6bb7d60b41e68a961a9c binder: fix race that allows malicious free of live buffer

:::::: TO: Todd Kjos <tkjos@xxxxxxxxxxx>
:::::: CC: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip