lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210910060251.GC7203@kadam>
Date:   Fri, 10 Sep 2021 09:02:51 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Li Li <dualli@...omium.org>
Cc:     dualli@...gle.com, tkjos@...gle.com, gregkh@...uxfoundation.org,
        christian@...uner.io, arve@...roid.com, devel@...verdev.osuosl.org,
        linux-kernel@...r.kernel.org, maco@...gle.com, hridya@...gle.com,
        surenb@...gle.com, joel@...lfernandes.org, kernel-team@...roid.com
Subject: Re: [PATCH v1 1/1] binder: fix freeze race

On Thu, Sep 09, 2021 at 04:21:41PM -0700, Li Li wrote:
> @@ -4648,6 +4647,22 @@ static int binder_ioctl_get_node_debug_info(struct binder_proc *proc,
>  	return 0;
>  }
>  
> +static int binder_txns_pending(struct binder_proc *proc)
> +{
> +	struct rb_node *n;
> +	struct binder_thread *thread;
> +
> +	if (proc->outstanding_txns > 0)
> +		return 1;

Make this function bool.

> +
> +	for (n = rb_first(&proc->threads); n; n = rb_next(n)) {
> +		thread = rb_entry(n, struct binder_thread, rb_node);
> +		if (thread->transaction_stack)
> +			return 1;
> +	}
> +	return 0;
> +}
> +
>  static int binder_ioctl_freeze(struct binder_freeze_info *info,
>  			       struct binder_proc *target_proc)
>  {
> @@ -4682,6 +4697,14 @@ static int binder_ioctl_freeze(struct binder_freeze_info *info,
>  	if (!ret && target_proc->outstanding_txns)
>  		ret = -EAGAIN;

These two lines can be deleted now because binder_txns_pending() checks
->outstanding_txns.

>  
> +	/* Also check pending transactions that wait for reply */
> +	if (ret >= 0) {
> +		binder_inner_proc_lock(target_proc);
> +		if (binder_txns_pending(target_proc))
> +			ret = -EAGAIN;
> +		binder_inner_proc_unlock(target_proc);
> +	}
> +
>  	if (ret < 0) {
>  		binder_inner_proc_lock(target_proc);
>  		target_proc->is_frozen = false;

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ