diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-01-02 08:46:35 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-01-02 08:46:35 -0500 |
| commit | b6a09416e83ffe4eccfb4ef1b91b3b66483fa810 (patch) | |
| tree | b30f266e85047244dcdb47d5afc134e76aec530d /drivers/android | |
| parent | db809859c8cee415293b830e67178f526d1eb2be (diff) | |
| parent | 30a7acd573899fd8b8ac39236eff6468b195ac7d (diff) | |
Merge 4.15-rc6 into char-misc-next
We want the fixes in here as well.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/android')
| -rw-r--r-- | drivers/android/binder.c | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index a54a0f1f69a9..778caed570c6 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c | |||
| @@ -482,7 +482,8 @@ enum binder_deferred_state { | |||
| 482 | * @tsk task_struct for group_leader of process | 482 | * @tsk task_struct for group_leader of process |
| 483 | * (invariant after initialized) | 483 | * (invariant after initialized) |
| 484 | * @files files_struct for process | 484 | * @files files_struct for process |
| 485 | * (invariant after initialized) | 485 | * (protected by @files_lock) |
| 486 | * @files_lock mutex to protect @files | ||
| 486 | * @deferred_work_node: element for binder_deferred_list | 487 | * @deferred_work_node: element for binder_deferred_list |
| 487 | * (protected by binder_deferred_lock) | 488 | * (protected by binder_deferred_lock) |
| 488 | * @deferred_work: bitmap of deferred work to perform | 489 | * @deferred_work: bitmap of deferred work to perform |
| @@ -530,6 +531,7 @@ struct binder_proc { | |||
| 530 | int pid; | 531 | int pid; |
| 531 | struct task_struct *tsk; | 532 | struct task_struct *tsk; |
| 532 | struct files_struct *files; | 533 | struct files_struct *files; |
| 534 | struct mutex files_lock; | ||
| 533 | struct hlist_node deferred_work_node; | 535 | struct hlist_node deferred_work_node; |
| 534 | int deferred_work; | 536 | int deferred_work; |
| 535 | bool is_dead; | 537 | bool is_dead; |
| @@ -924,20 +926,26 @@ static void binder_inc_node_tmpref_ilocked(struct binder_node *node); | |||
| 924 | 926 | ||
| 925 | static int task_get_unused_fd_flags(struct binder_proc *proc, int flags) | 927 | static int task_get_unused_fd_flags(struct binder_proc *proc, int flags) |
| 926 | { | 928 | { |
| 927 | struct files_struct *files = proc->files; | ||
| 928 | unsigned long rlim_cur; | 929 | unsigned long rlim_cur; |
| 929 | unsigned long irqs; | 930 | unsigned long irqs; |
| 931 | int ret; | ||
| 930 | 932 | ||
| 931 | if (files == NULL) | 933 | mutex_lock(&proc->files_lock); |
| 932 | return -ESRCH; | 934 | if (proc->files == NULL) { |
| 933 | 935 | ret = -ESRCH; | |
| 934 | if (!lock_task_sighand(proc->tsk, &irqs)) | 936 | goto err; |
| 935 | return -EMFILE; | 937 | } |
| 936 | 938 | if (!lock_task_sighand(proc->tsk, &irqs)) { | |
| 939 | ret = -EMFILE; | ||
| 940 | goto err; | ||
| 941 | } | ||
| 937 | rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE); | 942 | rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE); |
| 938 | unlock_task_sighand(proc->tsk, &irqs); | 943 | unlock_task_sighand(proc->tsk, &irqs); |
| 939 | 944 | ||
| 940 | return __alloc_fd(files, 0, rlim_cur, flags); | 945 | ret = __alloc_fd(proc->files, 0, rlim_cur, flags); |
| 946 | err: | ||
| 947 | mutex_unlock(&proc->files_lock); | ||
| 948 | return ret; | ||
| 941 | } | 949 | } |
| 942 | 950 | ||
| 943 | /* | 951 | /* |
| @@ -946,8 +954,10 @@ static int task_get_unused_fd_flags(struct binder_proc *proc, int flags) | |||
| 946 | static void task_fd_install( | 954 | static void task_fd_install( |
| 947 | struct binder_proc *proc, unsigned int fd, struct file *file) | 955 | struct binder_proc *proc, unsigned int fd, struct file *file) |
| 948 | { | 956 | { |
| 957 | mutex_lock(&proc->files_lock); | ||
| 949 | if (proc->files) | 958 | if (proc->files) |
| 950 | __fd_install(proc->files, fd, file); | 959 | __fd_install(proc->files, fd, file); |
| 960 | mutex_unlock(&proc->files_lock); | ||
| 951 | } | 961 | } |
| 952 | 962 | ||
| 953 | /* | 963 | /* |
| @@ -957,9 +967,11 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd) | |||
| 957 | { | 967 | { |
| 958 | int retval; | 968 | int retval; |
| 959 | 969 | ||
| 960 | if (proc->files == NULL) | 970 | mutex_lock(&proc->files_lock); |
| 961 | return -ESRCH; | 971 | if (proc->files == NULL) { |
| 962 | 972 | retval = -ESRCH; | |
| 973 | goto err; | ||
| 974 | } | ||
| 963 | retval = __close_fd(proc->files, fd); | 975 | retval = __close_fd(proc->files, fd); |
| 964 | /* can't restart close syscall because file table entry was cleared */ | 976 | /* can't restart close syscall because file table entry was cleared */ |
| 965 | if (unlikely(retval == -ERESTARTSYS || | 977 | if (unlikely(retval == -ERESTARTSYS || |
| @@ -967,7 +979,8 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd) | |||
| 967 | retval == -ERESTARTNOHAND || | 979 | retval == -ERESTARTNOHAND || |
| 968 | retval == -ERESTART_RESTARTBLOCK)) | 980 | retval == -ERESTART_RESTARTBLOCK)) |
| 969 | retval = -EINTR; | 981 | retval = -EINTR; |
| 970 | 982 | err: | |
| 983 | mutex_unlock(&proc->files_lock); | ||
| 971 | return retval; | 984 | return retval; |
| 972 | } | 985 | } |
| 973 | 986 | ||
| @@ -4690,7 +4703,9 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) | |||
| 4690 | ret = binder_alloc_mmap_handler(&proc->alloc, vma); | 4703 | ret = binder_alloc_mmap_handler(&proc->alloc, vma); |
| 4691 | if (ret) | 4704 | if (ret) |
| 4692 | return ret; | 4705 | return ret; |
| 4706 | mutex_lock(&proc->files_lock); | ||
| 4693 | proc->files = get_files_struct(current); | 4707 | proc->files = get_files_struct(current); |
| 4708 | mutex_unlock(&proc->files_lock); | ||
| 4694 | return 0; | 4709 | return 0; |
| 4695 | 4710 | ||
| 4696 | err_bad_arg: | 4711 | err_bad_arg: |
| @@ -4714,6 +4729,7 @@ static int binder_open(struct inode *nodp, struct file *filp) | |||
| 4714 | spin_lock_init(&proc->outer_lock); | 4729 | spin_lock_init(&proc->outer_lock); |
| 4715 | get_task_struct(current->group_leader); | 4730 | get_task_struct(current->group_leader); |
| 4716 | proc->tsk = current->group_leader; | 4731 | proc->tsk = current->group_leader; |
| 4732 | mutex_init(&proc->files_lock); | ||
| 4717 | INIT_LIST_HEAD(&proc->todo); | 4733 | INIT_LIST_HEAD(&proc->todo); |
| 4718 | proc->default_priority = task_nice(current); | 4734 | proc->default_priority = task_nice(current); |
| 4719 | binder_dev = container_of(filp->private_data, struct binder_device, | 4735 | binder_dev = container_of(filp->private_data, struct binder_device, |
| @@ -4966,9 +4982,11 @@ static void binder_deferred_func(struct work_struct *work) | |||
| 4966 | 4982 | ||
| 4967 | files = NULL; | 4983 | files = NULL; |
| 4968 | if (defer & BINDER_DEFERRED_PUT_FILES) { | 4984 | if (defer & BINDER_DEFERRED_PUT_FILES) { |
| 4985 | mutex_lock(&proc->files_lock); | ||
| 4969 | files = proc->files; | 4986 | files = proc->files; |
| 4970 | if (files) | 4987 | if (files) |
| 4971 | proc->files = NULL; | 4988 | proc->files = NULL; |
| 4989 | mutex_unlock(&proc->files_lock); | ||
| 4972 | } | 4990 | } |
| 4973 | 4991 | ||
| 4974 | if (defer & BINDER_DEFERRED_FLUSH) | 4992 | if (defer & BINDER_DEFERRED_FLUSH) |