Re: [PATCH 0/3] binder: Prevent untranslated sender data from being copied to target

From: Todd Kjos
Date: Wed Nov 24 2021 - 10:54:32 EST


On Wed, Nov 24, 2021 at 12:08 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, Nov 23, 2021 at 11:17:34AM -0800, Todd Kjos wrote:
> > Binder copies transactions directly from the sender buffer
> > to the target buffer and then fixes up BINDER_TYPE_PTR and
> > BINDER_TYPE_FDA objects. This means there is a brief time
> > when sender pointers and fds are visible to the target
> > process.
> >
> > This series reworks the the sender to target copy to
> > avoid leaking any untranslated sender data from being
> > visible in the target.
> >
> > Todd Kjos (3):
> > binder: defer copies of pre-patched txn data
> > binder: read pre-translated fds from sender buffer
> > binder: avoid potential data leakage when copying txn
> >
> > drivers/android/binder.c | 442 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
> > 1 file changed, 387 insertions(+), 55 deletions(-)
>
> Are these changes needed now in 5.16-final and also in stable kernels?
>
> Or can they wait until 5.17-rc1?

They can wait until 5.17-rc1.

>
> thanks,
>
> greg k-h