Received: by 10.192.165.148 with SMTP id m20csp4061049imm; Tue, 8 May 2018 02:08:48 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrf8KSZ4skMRFUrCJhD+C92+O6rlq7XUYGrTMHaLbOOVTfBAOFn9lWCpmGdfs8TU994e3k0 X-Received: by 2002:a63:7058:: with SMTP id a24-v6mr32959229pgn.101.1525770528328; Tue, 08 May 2018 02:08:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525770528; cv=none; d=google.com; s=arc-20160816; b=dM12GP+F8hNi5rw18byQU2gUfy81tyaFZMatPXJ93UQ6qRtPK9j7WnCA7JSW8pjvwP O95J2crI+qP4XRAdaonzPBoYM0Ik+Ydy2w4M2m3Mn7s99FvE2cxchv88oJycUzCNFe0V ky9gmvTIgSdEuuqq69LjYd9WBnFAQfvXYD2neAfspvOyqb4dNqc2PupDFTbvOYhaUDZf 3DLRNfmc/TC5BsYgKyBAtOPtIeofKiUjPhyCRNyGCa8ROpRRJZvOvIJj39Qq2kTBsHKB RZtN101C+I+Taz4asTJKvyxyuzv2/AEMSyK23YRb/Bo5YpA3iL4QlDMi6mNu5Q8bpi0J N7+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=lZCTNsYiE+droQiYeJWtssiD0JCUWQy57jGyZYntK8g=; b=VqX/XZ9t+9kSz4jT41ZyoZFp/MYWwINAalc560bRPiylzNmzWojmHafeqvUMOb67Ap 99+LdR8x41fNGClDt/2xyIpoads44MQiLzsGwmRjot3feWo1LRKWEUkvqQbffIftpYtg 5g7CjyfT8J0zEHZgfRePFUgn9C3rrlVultrs96URn0FPhEqILQGkUCndV0yLgqcCsuQb n+xhnH0UTxr8zFTdz/JFNVNSvpuaZUOkShJXFuEJ0d6rD4jeLjIGO7dwn9wx18EQdyDK LOq2bDHImeLh+bQplWIYVM+nJJWi7PnLGjnkkJnet49jNzDU9SHp8pcEDx+LEuhEscPl BStQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DZxsSsiQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31-v6si23589701plz.364.2018.05.08.02.08.34; Tue, 08 May 2018 02:08:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DZxsSsiQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754889AbeEHJGt (ORCPT + 99 others); Tue, 8 May 2018 05:06:49 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:39975 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754229AbeEHJGs (ORCPT ); Tue, 8 May 2018 05:06:48 -0400 Received: by mail-pf0-f194.google.com with SMTP id f189so23641891pfa.7 for ; Tue, 08 May 2018 02:06:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=lZCTNsYiE+droQiYeJWtssiD0JCUWQy57jGyZYntK8g=; b=DZxsSsiQX0O94A8EeFUH5iwYfmMpHqnI193AJticYOITDsmTDS6Or71JFW1xE7RDzm tK7ZpnzglZ2EtHQdO06w9K1MurTV9C4OBArsFx2xDk6toVQQf5w2sd6jpsxtLQvNHibj vo9smJGKHldLGEWApB12n4WJZrPnvXihekqQ/8bvaTiQbF238lwrXIpx6y1fnanWE0Sn VMIhAKo6npfkZeZJmYWbT4mvzuRxJ0RdZfQdr5cJ9lkDIDEcb3m42JzitbZ4GbS1+RJE Y2tpGd2XxVAPBT6EshD0bbVKjoXTUCsZ3wwqGjMOCETq838UuFjaRbVucEHYjMbR+3vF OR7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lZCTNsYiE+droQiYeJWtssiD0JCUWQy57jGyZYntK8g=; b=qtd46VM9KxM5P1C+ybCtP8RIk8U8y3YMD0QcGWC+uoTcSzN544/2oNr8n9AZQGreiI wwIt6uK54oOjqR5f45134iYl3+zKV7HxMgHbhhJXCyyW6ymemWgagcOUtLMq9iJsz3sT Bh6EhjLZOWYktFmml1j/nhgXixrdqgWZ3W9aHhMljXEJ4PFnjxNo8WP9rBAYmvXx+Psi EbdK944ygYi4nQTOOoUKDBDsc6UQS6knNaQK94xN94dROJbo8zJzGdfb8KcdCBp5HWmy eXFRHj9mZ6K5lRsZUZtE1uASWQG0y3ok8/SW8MIccr8fvKDjmQsBykw0E82Rynr7mezf m3Sg== X-Gm-Message-State: ALQs6tCHQXkC2lVRTCcVqzgGkhXR2NgY3xFsheWuX5AFNMQykXnrtzoB MDkzrej9TQot3OpubW12fZg= X-Received: by 10.98.211.143 with SMTP id z15mr39312582pfk.100.1525770407553; Tue, 08 May 2018 02:06:47 -0700 (PDT) Received: from oslab.tsinghua.edu.cn ([2402:f000:1:4413:9049:25cd:b90:73a0]) by smtp.gmail.com with ESMTPSA id d19sm59848299pfk.59.2018.05.08.02.06.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 May 2018 02:06:47 -0700 (PDT) From: Jia-Ju Bai To: gregkh@linuxfoundation.org, arve@android.com, tkjos@android.com, maco@android.com Cc: devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler Date: Tue, 8 May 2018 17:06:39 +0800 Message-Id: <20180508090639.14275-1-baijiaju1990@gmail.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The write operations to "alloc->buffer" are protected by the lock on line 679 and 730, but the read operation to this data on line 712 is not protected by the lock. Thus, there may exist a data race for "alloc->buffer". To fix this data race, the read operation to "alloc->buffer" should be also protected by the lock. Signed-off-by: Jia-Ju Bai --- drivers/android/binder_alloc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 5a426c877dfb..596acc3a84e4 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, goto err_alloc_buf_struct_failed; } + mutex_lock(&binder_alloc_mmap_lock); buffer->data = alloc->buffer; + mutex_unlock(&binder_alloc_mmap_lock); list_add(&buffer->entry, &alloc->buffers); buffer->free = 1; binder_insert_free_buffer(alloc, buffer); -- 2.17.0