| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 May 2018 17:06:39 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: gregkh@...uxfoundation.org, arve@...roid.com, tkjos@...roid.com,
maco@...roid.com
Cc: devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] android: binder: Fix a possible data race in binder_alloc_mmap_handler
The write operations to "alloc->buffer" are protected by
the lock on line 679 and 730, but the read operation to
this data on line 712 is not protected by the lock.
Thus, there may exist a data race for "alloc->buffer".
To fix this data race, the read operation to "alloc->buffer"
should be also protected by the lock.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/android/binder_alloc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 5a426c877dfb..596acc3a84e4 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -709,7 +709,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
goto err_alloc_buf_struct_failed;
}
+ mutex_lock(&binder_alloc_mmap_lock);
buffer->data = alloc->buffer;
+ mutex_unlock(&binder_alloc_mmap_lock);
list_add(&buffer->entry, &alloc->buffers);
buffer->free = 1;
binder_insert_free_buffer(alloc, buffer);
--
2.17.0
Powered by blists - more mailing lists