Re: [PATCH 0/3] binder: Prevent untranslated sender data from being copied to target
From: Greg KH
Date: Wed Nov 24 2021 - 03:08:34 EST
On Tue, Nov 23, 2021 at 11:17:34AM -0800, Todd Kjos wrote:
> Binder copies transactions directly from the sender buffer
> to the target buffer and then fixes up BINDER_TYPE_PTR and
> BINDER_TYPE_FDA objects. This means there is a brief time
> when sender pointers and fds are visible to the target
> process.
>
> This series reworks the the sender to target copy to
> avoid leaking any untranslated sender data from being
> visible in the target.
>
> Todd Kjos (3):
> binder: defer copies of pre-patched txn data
> binder: read pre-translated fds from sender buffer
> binder: avoid potential data leakage when copying txn
>
> drivers/android/binder.c | 442 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
> 1 file changed, 387 insertions(+), 55 deletions(-)
Are these changes needed now in 5.16-final and also in stable kernels?
Or can they wait until 5.17-rc1?
thanks,
greg k-h