Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5176513ybp; Mon, 14 Oct 2019 17:01:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqy8MO40uJlKVMuu8cMPaxEO6edFSHZ7EnUI3EcnSinU2j4Kf1qa1kVC88+zhCyKrApBr0Ki X-Received: by 2002:a17:906:b24c:: with SMTP id ce12mr31218999ejb.327.1571097684414; Mon, 14 Oct 2019 17:01:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571097684; cv=none; d=google.com; s=arc-20160816; b=W7B/P3EWr8WIRHUCxoAZd8WjtdQ8OcnkcjqUwrxVn7LDwxuJzkQ0KFzv+AAxNl6DMp hvPMq6aDVcovt9AJ3Wy5LPLJNN3mRxkzH1rG9fcSDRsVOW5wheWBuUypFnhfgIPnU8zz 3l0s55wBANHp83Va05oB97sFPwnXYqNOpVmKMAgqkDydrbaZh7Bhat6DVYx+qcy0skr1 Z5iovM/QJ9uziCwayHXmSgF5uTozh7cY6xryMm4358az7Eiy41HbK/jA002DC/jQB9Ig hIHmCKZvRJZkhjMbBMhji2mV8Xe3BGxmtgW8uoVEDvnOggzGKB5GesM+yVenTv+GbFdv xLXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=XrWcyp1buzweQbMvYgKZmE2h0wYSbiCvDrJ+ITMmwAc=; b=VINm+0FKVgJ5eiskfVSBQnmi3r8NyMFYWmv+UnzHH0EwmMYj4lxVSaibpudEvOWKMu nTD0uFSTqrrp8lU9lYYbJyaL8MjlUf0iKDMwdHduFjBCZ2TlbEpC51spFT3Nd0K2+kPZ K7vCc5SR48Fd7ywFGdS5W9WVgAsHvdIN5bXPFxJ7j/XeoP/W2Ki6p8E1PuEJw1WjMziW tPPeg+X7dbJyyJU6sMMVi3KJcinwSTwjHd6vvdNjw4qIFX5P8ospdEekGSOLbtQvTUan HqMQ03kl3II7EdSPNLVKzaX68U+jQw01MOGhMd7EGLfC7BavQwUccJWLF7xRw8YGfc7q iFdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IJFXJjCi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s4si11976444eju.265.2019.10.14.17.01.00; Mon, 14 Oct 2019 17:01:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IJFXJjCi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388916AbfJNTf6 (ORCPT + 99 others); Mon, 14 Oct 2019 15:35:58 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:45252 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730288AbfJNTf6 (ORCPT ); Mon, 14 Oct 2019 15:35:58 -0400 Received: by mail-ot1-f66.google.com with SMTP id 41so14787452oti.12 for ; Mon, 14 Oct 2019 12:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XrWcyp1buzweQbMvYgKZmE2h0wYSbiCvDrJ+ITMmwAc=; b=IJFXJjCibwKfNUOiQCp1JlGMkAtgvORwOi6fntAkmdXV7TAwwnpvaaFCjdTORnzFRQ mrmc27Pefqh5bqAq/aqfeXOcM5cy4gaIqkOeD/butl4CuorwZ6n6bQxP5QyGnMkbCw3m R9tGK7fIZyyCYHKBHUA3lqZVHt6kax2el+WpHGHLmkOnW/hNrlSY+6Y5q6G7eLq/7ogl B8xjA3BLnldSklthJd4STJn9cZYlDYwfNkx+NbRQsSOL7/0z3R0WP8e1nW7XOwQXzQ1B 9u95uhgqJp3zCE9up+1EqEkfWNojZ+TclzSFpgIL5ENLTOwD4wxGNQMATLmDsuYVuNhb GiDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XrWcyp1buzweQbMvYgKZmE2h0wYSbiCvDrJ+ITMmwAc=; b=FDgdwkUh4cJq33wmd8sZDInDrBbfeKFrbXe+LYJcqaCtXUIqqk+sahdau7IMHzT1tO bpI7TQsVcUh+IoODzAJ8PAlEtMMD3mb1tvjvH+0o5EgniAudJeVaNpsiy8tjtIDgK5t2 R9U5KrcAn+zTrvNWuctv8wASQv0mqQL1XzNsz451TRQj5JCBC8FjX2u+aznxwYF1kdaQ hnPe5iy6K3gbEByC9Bs3SEandZ2T0O9Rnk7CBiwzE18PqrIno2YV7gAX9KRfZoWZCbus tNgB86yUhbdMWgD29tJLVfw8Kt0lX05dYkJo4vyVY+VfWQDAPpp295ckUh3eRDK60aTn fc8w== X-Gm-Message-State: APjAAAWwKx6Uh1xsYx6kYjQbULfZGUSjWqTYQ6zszYfKo0YkFxIK2bdW KUBMJSmB8iUgPxB62KLEJVUrco8Bcl+NwLWa71hr7A== X-Received: by 2002:a9d:75d0:: with SMTP id c16mr10442901otl.32.1571081757198; Mon, 14 Oct 2019 12:35:57 -0700 (PDT) MIME-Version: 1.0 References: <20190715191804.112933-1-hridya@google.com> In-Reply-To: From: Jann Horn Date: Mon, 14 Oct 2019 21:35:30 +0200 Message-ID: Subject: Re: [PATCH] binder: prevent transactions to context manager from its own process. To: Hridya Valsaraju Cc: Todd Kjos , Greg Kroah-Hartman , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Martijn Coenen , Joel Fernandes , Christian Brauner , "open list:ANDROID DRIVERS" , kernel list , kernel-team , syzbot+8b3c354d33c4ac78bfad@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 14, 2019 at 7:38 PM Hridya Valsaraju wrote: > On Fri, Oct 11, 2019 at 3:11 PM Jann Horn wrote: > > On Fri, Oct 11, 2019 at 11:59 PM Jann Horn wrote: > > > (I think you could also let A receive a handle > > > to itself and then transact with itself, but I haven't tested that.) > > > > Ignore this sentence, that's obviously wrong because same-binder_proc > > nodes will always show up as a binder, not a handle. > > Thank you for the email and steps to reproduce the issue Jann. I need > some time to take a look at the same and I will get back to you once I > understand it and hopefully have a fix. We do want to disallow > same-process transactions. Here is a little bit more of context for > the patch: https://lkml.org/lkml/2018/3/28/173 That patch (commit 7aa135fcf26377f92dc0680a57566b4c7f3e281b) prevented transactions within one *binder_proc*, which makes sense to me; that still allows same-process transactions, so long as they are between different binder_proc instances. What I don't understand is your follow-up in commit 49ed96943a8e0c62cc5a9b0a6cfc88be87d1fcec, where you try to block transactions within the same process (well, kind of, the semantics of the term "process" are quite fuzzy here and don't map onto binder well).