Received: by 10.223.164.202 with SMTP id h10csp2455097wrb; Thu, 16 Nov 2017 15:52:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMaLq1LGzw0s+n+/f3v7jtAGPU7pNpjAfQxhsaMjiyaEJ0EPnpyvhCbDR4pbDaP4d6HN5xmH X-Received: by 10.98.247.4 with SMTP id h4mr36216pfi.16.1510876359821; Thu, 16 Nov 2017 15:52:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510876359; cv=none; d=google.com; s=arc-20160816; b=EAbBjJqLlvhyjqZueMAKnn8bsRePAmpJKcQFsV84Z1NT6IBho+is3HFi6/VZ2zlGK3 prIrMOThZ6go0mg/I9GGpEb6hTPH4joeDUD5mctb0lyUxAWY/qBocsza9krgIOJb46gk S2z3D9eGvgP1x2gzogbwVfhefUvqs3+gpQDKBzZildV9/cp5j0mFrqDD6vwAPNozSKbG 6WJTwgfR3vPMar28WQIA+pb92bZU8nVh7gFt5qLstf3nfn/yvtG7GP7C3XLEbU6uF0AA DC+gbT1hqxKgTTGCrfX7E8a4953kwmlTP5JAN5C0gOPPnxyqJ+zw6/IW60xSIKxorZQ6 9XAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=eG0WdAC9hfmS9T32i0hg/aploUZ4XgkrqXQCBFASou0=; b=ewZ5qaIePZIaCkO1YXUmTY0NkIpxey47sROiihEP0VZYA9rbPsuRQ2Ad5eNu1m0u12 fnfwT4Cmr+BTmf2b3pqtKjbO1Ojq+JjC/CNVTZ533qzWa+a00B7kgKKi/QgMB+bdA09W 1Jxpw4er7Y4dSAtItLiE44BoBvvWCV0JVP2NygEZYpn2DHz/yZtMFvolClxR8QxjiboB EdFjp/L12ahgEcXNzyI2WCKSqiELl9On7IZFa4Oii6PtOg5ZN6wkdNihJRnaaMJuPO9B e58xTuc3RuD3P9TlhiGHlXYFKPKzWjM+5Mmj1oka35Iu/6CDKDgl3oEikOfhVAT0M0rj NkPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b=Pu4Wnjbb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=android.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r9si1682799pge.200.2017.11.16.15.52.27; Thu, 16 Nov 2017 15:52:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b=Pu4Wnjbb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=android.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760522AbdKPSDj (ORCPT + 92 others); Thu, 16 Nov 2017 13:03:39 -0500 Received: from mail-qt0-f178.google.com ([209.85.216.178]:44091 "EHLO mail-qt0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965517AbdKPRsP (ORCPT ); Thu, 16 Nov 2017 12:48:15 -0500 Received: by mail-qt0-f178.google.com with SMTP id 8so44832833qtv.1 for ; Thu, 16 Nov 2017 09:48:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=eG0WdAC9hfmS9T32i0hg/aploUZ4XgkrqXQCBFASou0=; b=Pu4WnjbbMl285bnA+7hSAE56L1iNHxahJuWxNy6cCj6Xp3dhVmz1zzQDk4mJrZMH4P aG2bcDIjFYlXcp6vVZiMlpmilA6WS1o84jAsYDHsrKN2KAitTOLyo5Qb+okJaa2vs+Q0 RfnXRTQ6Jy1ukvlvxArzUNx7P+B+opvVQntbD0bdw2nmpbBEZ9zAN5s5172H9cqDyZhn 1JN1oNfiabSWod3bBkA+qd+ZKhMXZRW7vGO4BkaCc2UvnK01zpDVf0c1Budp2LSb3h7h wFys/3vVCeN9IwstdRigiV+BFA8jTeP36cqWE6IeWyubRwnOArAOf/x6GAhQF4keBoUc BVeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=eG0WdAC9hfmS9T32i0hg/aploUZ4XgkrqXQCBFASou0=; b=uHMgglN485xw5UwJnzmdfnSGUsuYRKtN8L67G9mKjHQ8wTSl3Od6hYtNpyS2MNUKYh jD3S54tr6fdrP8qnpcawfkFRLyi37F99pylAlzy95ImFvhq+M2aaOIL0higQA64L4WXU SLD0cvKOXTPTPvG5+zcOy3d23oMKrGWNCICHtNPG77VGCkUBbDa7kW+dMH6eAFTuyjjh nFZvUXZ9aXWDHq8pJl8NEwQtI+6dtORDBeUOhG7gKbosLIT8+raPGgcUoKInbRl3R/ZR sfmsEJ7fml+VMDjQ9Wa9rdPpPGdjCvJG4EHlNTlhH1tYt4pzhHlutJtiNoVMeufmG81W aqWQ== X-Gm-Message-State: AJaThX4TwX1fAsr44vDvtJtQWggO6tg01MuYw6uLhCV9btnrhxd8WWAo klbfYVwwQ0N7ZQI0Y08P9USsBqWBzPvypQyq9/PO3g== X-Received: by 10.200.8.11 with SMTP id u11mr4034906qth.315.1510854494265; Thu, 16 Nov 2017 09:48:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.108.166 with HTTP; Thu, 16 Nov 2017 09:48:13 -0800 (PST) In-Reply-To: <20171115010629.32859-1-tkjos@google.com> References: <20171115010629.32859-1-tkjos@google.com> From: Todd Kjos Date: Thu, 16 Nov 2017 09:48:13 -0800 Message-ID: Subject: Re: [PATCH] binder: fix proc->files use-after-free To: Todd Kjos , Greg KH , "Arve Hj??nnev??g" , devel@driverdev.osuosl.org, LKML , Martijn Coenen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > @@ -875,22 +871,34 @@ static void binder_free_thread(struct binder_thread *thread); > static void binder_free_proc(struct binder_proc *proc); > static void binder_inc_node_tmpref_ilocked(struct binder_node *node); > > +struct files_struct *binder_get_files_struct(struct binder_proc *proc) This should be declared static: static struct files_struct *binder_get_files_struct(struct binder_proc *proc) Greg- should I send a "v2" for this? > +{ > + return get_files_struct(proc->tsk); > +} > + From 1584246545423727391@xxx Thu Nov 16 18:00:41 +0000 2017 X-GM-THRID: 1584096400353009036 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread