Re: [PATCH] binder: fix UAF in binder_thread_release()

Next message: Carlos Llamas: "[PATCH v2 1/2] binder: fix UAF in binder_thread_release()"
Previous message: sashiko-bot: "Re: [PATCH 6/8] riscv: Enable resctrl filesystem for Ssqosid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Carlos Llamas

Date: Fri Jun 19 2026 - 14:46:39 EST

On Wed, Jun 10, 2026 at 06:50:17AM +0000, Alice Ryhl wrote:
> Although I don't think this fixes all issues here, as we discussed more
> in private, this does fix the specific UAF referenced in this patch, so:
>
> Reviewed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>

Thanks. I've managed to reproduce the UAF that you pointed out. It was a
bit tricky but I have a fix for it now. C binder just keeps proving we
should switch over to Rust ASAP.

It doesn't seem like Greg has picked up this patch yet, so I'll resend
this as v2 along with a separate fix for the UAF you reported.

Cheers,
Carlos Llamas