Re: [PATCH RESEND] binder: handle PID namespace conversion for freeze operation

Next message: Rishikesh Donadkar: "Re: [PATCH v9 16/19] media: ti: j721e-csi2rx: Return the partial frame as error"
Previous message: Changwoo Min: "[PATCH v2 for 6.19 3/4] PM: EM: Change cpus' type from string to u64 array in the EM YNL spec"
In reply to: jongan . kim: "[PATCH RESEND] binder: handle PID namespace conversion for freeze operation"
Next in thread: Greg KH: "Re: [PATCH RESEND] binder: handle PID namespace conversion for freeze operation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Thu Jan 08 2026 - 00:41:06 EST

On Thu, Jan 08, 2026 at 10:10:11AM +0900, jongan.kim@xxxxxxx wrote:
> From: "JongAn Kim" <jongan.kim@xxxxxxx>
>
> Currently, when a freeze is attempted from a non-init PID namespace,
> there is a possibility that the wrong process in the init namespace
> may be frozen due to PID collision across namespaces.

I did not think that binder worked with pid namespaces. I think I've
asked this before and was told it was not supported.

So how are you running into this? What system requires this?

> For example, if a container with PID namespace has a process with
> PID 100 (which maps to PID 5000 in init namespace), attempting to
> freeze PID 100 from the container could incorrectly match a different
> process with PID 100 in the init namespace.
>
> This patch fixes the issue by:
> 1. Converting the caller's PID from their namespace to init namespace
> 2. Matching against binder_proc->pid (which stores init namespace TGID)
> 3. Returning -EINVAL for invalid PIDs and -ESRCH for not-found processes

Are you sure this is the only place pid namespaces come into play in
binder? If this is going to be supported, I think all uses of pids need
to handle namespaces.

or am I confused as to what is broken here?

thanks,

greg k-h