android: binder: fixup crash introduced by moving buffer hdr

Fix crash introduced by 74310e06be4d74dcf67cd108366710dee5c576d5 (android: binder: Move buffer out of area shared with user space) when close is called after open without mmap in between. Reported-by: kernel test robot <fengguang.wu@intel.com> Fixes: 74310e06be4d ("android: binder: Move buffer out of area shared with user space") Signed-off-by: Sherry Yang <sherryy@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Sherry Yang <sherryy@android.com> 2017-08-31 13:26:06 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-09-01 02:53:32 -0400
commit: 957ccc2bc8f9ebfe8b19112cdc6c2bb20fd7bcf8 (patch)
tree: 29ee546d99a4b6b1f722c0ad89c6c18d80cf95b5 /drivers/android/binder_alloc.c
parent: a97db8818c7e8bb4f2d786ca73b2b761eacf482c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 78c42c0d62b9..2624a502fcde 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
        }
        buffer->data = alloc->buffer;
-        INIT_LIST_HEAD(&alloc->buffers);
        list_add(&buffer->entry, &alloc->buffers);
        buffer->free = 1;
        binder_insert_free_buffer(alloc, buffer);
@@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc)
        alloc->tsk = current->group_leader;
        alloc->pid = current->group_leader->pid;
        mutex_init(&alloc->mutex);
+        INIT_LIST_HEAD(&alloc->buffers);
 }
 void binder_alloc_shrinker_init(void)
author	Sherry Yang <sherryy@android.com>	2017-08-31 13:26:06 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-09-01 02:53:32 -0400
commit	957ccc2bc8f9ebfe8b19112cdc6c2bb20fd7bcf8 (patch)
tree	29ee546d99a4b6b1f722c0ad89c6c18d80cf95b5 /drivers/android/binder_alloc.c
parent	a97db8818c7e8bb4f2d786ca73b2b761eacf482c (diff)