lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240701182305.1001156-2-yutingtseng@google.com>
Date: Mon,  1 Jul 2024 11:23:05 -0700
From: Yu-Ting Tseng <yutingtseng@...gle.com>
To: cmllamas@...gle.com, tkjos@...gle.com, gregkh@...uxfoundation.org
Cc: arve@...roid.com, maco@...roid.com, joel@...lfernandes.org, 
	brauner@...nel.org, surenb@...gle.com, aliceryhl@...gle.com, 
	kernel-team@...roid.com, linux-kernel@...r.kernel.org, 
	Yu-Ting Tseng <yutingtseng@...gle.com>
Subject: [PATCH v4] binder: frozen notification

> I believe the external link would be https://r.android.com/3070045
Fixed

> BR_ERROR and binder_debug
Removed

> Are we ok modifying the ref->freeze->* space here without the
inner_lock?
Good catch. Moved freeze->* access earlier before it's assigned to ref->freeze so that's safe without locking.

> I'm not entirely sure why we attempt to queue this as thread work
Was mimicking how it's done with death notification. Removed.

> We set the work type to CLEAR regardless, might as well factor it out.
Done

> It seems the freeze->* space is protected by the proc->inner_lock right
Yes, freeze->* is protected by the proc inner lock. ref->freeze is protected by the node lock.

> I believe you should zero the 'info' before copy_to_user()
Done.

> So we traverse every single reference of every single node in this proc
looking for references subscribed to freeze, correct? 
That's correct.

> What if there a EAGAIN error following this below?
Fixed. Moved binder_add_freeze_work(target_proc, true) near the end of the function where we know whether freezing is successful.

> any reason why is_frozen didn't make it to the bitfields?
Fixed

> No need for a struct
Fixed

> You could still keep the original bool for bitfields too if you want.
Sure. Done.


Yu-Ting Tseng (1):
  binder: frozen notification

 drivers/android/binder.c            | 300 +++++++++++++++++++++++++++-
 drivers/android/binder_internal.h   |  23 ++-
 include/uapi/linux/android/binder.h |  35 ++++
 3 files changed, 354 insertions(+), 4 deletions(-)


base-commit: 14d7c92f8df9c0964ae6f8b813c1b3ac38120825
-- 
2.45.2.803.g4e1b14247a-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ