[PATCH v2 0/8] binder: several fixes for frozen notification
From: Carlos Llamas
Date: Thu Sep 26 2024 - 19:36:48 EST
These are all fixes for the frozen notification patch [1], which as of
today hasn't landed in mainline yet. As such, this patchset is rebased
on top of the char-misc-next branch.
[1] https://lore.kernel.org/all/20240709070047.4055369-2-yutingtseng@xxxxxxxxxx/
Cc: stable@xxxxxxxxxxxxxxx
Cc: Yu-Ting Tseng <yutingtseng@xxxxxxxxxx>
Cc: Alice Ryhl <aliceryhl@xxxxxxxxxx>
Cc: Todd Kjos <tkjos@xxxxxxxxxx>
Cc: Martijn Coenen <maco@xxxxxxxxxx>
Cc: Arve Hjønnevåg <arve@xxxxxxxxxxx>
Cc: Viktor Martensson <vmartensson@xxxxxxxxxx>
v1: https://lore.kernel.org/all/20240924184401.76043-1-cmllamas@xxxxxxxxxx/
v2:
* debug output for BINDER_WORK_CLEAR_FREEZE_NOTIFICATION (Alice)
* allow notifications for dead nodes instead of EINVAL (Alice)
* add fix for memleak of proc->delivered_freeze
* add proc->delivered_freeze to debug output
* collect tags
Carlos Llamas (8):
binder: fix node UAF in binder_add_freeze_work()
binder: fix OOB in binder_add_freeze_work()
binder: fix freeze UAF in binder_release_work()
binder: fix BINDER_WORK_FROZEN_BINDER debug logs
binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs
binder: allow freeze notification for dead nodes
binder: fix memleak of proc->delivered_freeze
binder: add delivered_freeze to debugfs output
drivers/android/binder.c | 64 ++++++++++++++++++++++++++++++----------
1 file changed, 49 insertions(+), 15 deletions(-)
--
2.46.1.824.gd892dcdcdd-goog