| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 19:13:41 +0000
From: Carlos Llamas <cmllamas@...gle.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Arve Hjønnevåg" <arve@...roid.com>, Todd Kjos <tkjos@...roid.com>, Martijn Coenen <maco@...roid.com>,
Joel Fernandes <joel@...lfernandes.org>, Christian Brauner <brauner@...nel.org>,
Carlos Llamas <cmllamas@...gle.com>, Suren Baghdasaryan <surenb@...gle.com>,
Alice Ryhl <aliceryhl@...gle.com>
Cc: linux-kernel@...r.kernel.org, kernel-team@...roid.com
Subject: [PATCH 1/4] binder: introduce BINDER_SET_PROC_FLAGS ioctl
This new ioctl enables userspace to control the individual behavior of
the 'struct binder_proc' instance via flags. The driver validates and
returns the supported subset. Some existing ioctls are migrated to use
these flags in subsequent commits.
Suggested-by: Arve Hjønnevåg <arve@...roid.com>
Signed-off-by: Carlos Llamas <cmllamas@...gle.com>
---
drivers/android/binder.c | 25 +++++++++++++++++++++++++
drivers/android/binder_internal.h | 4 +++-
include/uapi/linux/android/binder.h | 6 ++++++
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index bad28cf42010..e0d193bfb237 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -5334,6 +5334,26 @@ static int binder_ioctl_get_extended_error(struct binder_thread *thread,
return 0;
}
+static int binder_ioctl_set_proc_flags(struct binder_proc *proc,
+ u32 __user *user)
+{
+ u32 flags;
+
+ if (get_user(flags, user))
+ return -EFAULT;
+
+ binder_inner_proc_lock(proc);
+ flags &= PF_SUPPORTED_FLAGS_MASK;
+ proc->flags = flags;
+ binder_inner_proc_unlock(proc);
+
+ /* confirm supported flags with user */
+ if (put_user(flags, user))
+ return -EFAULT;
+
+ return 0;
+}
+
static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
int ret;
@@ -5542,6 +5562,11 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
if (ret < 0)
goto err;
break;
+ case BINDER_SET_PROC_FLAGS:
+ ret = binder_ioctl_set_proc_flags(proc, ubuf);
+ if (ret < 0)
+ goto err;
+ break;
default:
ret = -EINVAL;
goto err;
diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h
index 7270d4d22207..a22e64cddbae 100644
--- a/drivers/android/binder_internal.h
+++ b/drivers/android/binder_internal.h
@@ -346,6 +346,8 @@ struct binder_ref {
* @cred struct cred associated with the `struct file`
* in binder_open()
* (invariant after initialized)
+ * @flags: enum proc_flags set via BINDER_SET_PROC_FLAGS.
+ * (protected by @inner_lock)
* @deferred_work_node: element for binder_deferred_list
* (protected by binder_deferred_lock)
* @deferred_work: bitmap of deferred work to perform
@@ -409,6 +411,7 @@ struct binder_proc {
int pid;
struct task_struct *tsk;
const struct cred *cred;
+ u32 flags;
struct hlist_node deferred_work_node;
int deferred_work;
int outstanding_txns;
@@ -417,7 +420,6 @@ struct binder_proc {
bool sync_recv;
bool async_recv;
wait_queue_head_t freeze_wait;
-
struct list_head todo;
struct binder_stats stats;
struct list_head delivered_death;
diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h
index d44a8118b2ed..281a8e2e734e 100644
--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -251,6 +251,11 @@ struct binder_extended_error {
__s32 param;
};
+/* Used with BINDER_SET_PROC_FLAGS ioctl */
+enum proc_flags {
+ PF_SUPPORTED_FLAGS_MASK,
+};
+
enum {
BINDER_WRITE_READ = _IOWR('b', 1, struct binder_write_read),
BINDER_SET_IDLE_TIMEOUT = _IOW('b', 3, __s64),
@@ -266,6 +271,7 @@ enum {
BINDER_GET_FROZEN_INFO = _IOWR('b', 15, struct binder_frozen_status_info),
BINDER_ENABLE_ONEWAY_SPAM_DETECTION = _IOW('b', 16, __u32),
BINDER_GET_EXTENDED_ERROR = _IOWR('b', 17, struct binder_extended_error),
+ BINDER_SET_PROC_FLAGS = _IOWR('b', 18, __u32),
};
/*
--
2.44.0.683.g7961c838ac-goog
Powered by blists - more mailing lists