This patch modifies the IOCTL macros to use user-exportable data types,
as they are the referred kernel types for the user/kernel interface.
The patch does not change in any way the functionality of the binder driver.
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Acked-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Debug messages sent in binder_deferred_release begin with
"binder_release:" which is a bit misleading as binder_release is not
directly part of the call stack. Use __func__ instead for debug messages
in binder_deferred_release.
Signed-off-by: Mirsal Ennaime <mirsal@mirsal.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove one level of indentation from the binder proc page release code
by using slightly different control semantics.
Signed-off-by: Mirsal Ennaime <mirsal@mirsal.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Use tabs where applicable
* Remove a few "80-columns" checkpatch warnings
* Separate code paths with empty lines for readability
Signed-off-by: Mirsal Ennaime <mirsal@mirsal.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The binder_deferred_release() function has many levels of indentation
which makes it difficult to read. This patch moves the code which deals
with disposing of a binder node to a separate binder_node_release()
function, thus removing one level of indentation and allowing the code to
fit in 80 columns.
Signed-off-by: Mirsal Ennaime <mirsal@mirsal.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The Kconfig entry for the "Anonymous Shared Memory Subsystem" got added
in v3.3. It has an optional dependency on TINY_SHMEM. But TINY_SHMEM had
already been removed in v2.6.29. So this optional dependency can safely
be removed too.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In case of error, the function anon_inode_getfile() returns
ERR_PTR() and never returns NULL. The NULL test in the return
value check should be replaced with IS_ERR().
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Android's shared memory subsystem, Ashmem, does not support calls from a
32bit userspace in a 64 bit kernel. This patch adds support for syscalls
coming from a 32bit userspace in a 64bit kernel.
The patch has been successfully tested on ARMv8 AEM(64bit
platform model) and Versatile Express A9(32bit platform).
v2: Fix missing compat.h include.
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Acked-by: Arve Hjønnevåg <arve@android.com>
Acked-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Modify the kernel logger to record the UID associated with
the log entries. Always allow the same UID which generated a
log message to read the log message.
Allow anyone in the logs group, or anyone with CAP_SYSLOG, to
read all log entries.
In addition, allow the client to upgrade log formats, so they
can get additional information from the kernel.
Cc: Android Kernel Team <kernel-team@android.com>
Cc: Nick Kralevich <nnk@google.com>
Signed-off-by: Nick Kralevich <nnk@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Problem:
There exists a path in ashmem driver that could lead to acquistion
of mm->mmap_sem, ashmem_mutex in reverse order. This could lead
to deadlock in the system.
For Example, assume that mmap is called on a ashmem region
in the context of a thread say T1.
sys_mmap_pgoff (1. acquires mm->mmap_sem)
|
--> mmap_region
|
----> ashmem_mmap (2. acquires asmem_mutex)
Now if there is a context switch after 1 and before 2,
and if another thread T2 (that shares the mm struct) invokes an
ioctl say ASHMEM_GET_NAME, this can lead to the following path
ashmem_ioctl
|
-->get_name (3. acquires ashmem_mutex)
|
---> copy_to_user (4. acquires the mm->mmap_sem)
Note that the copy_to_user could lead to a valid fault if no
physical page is allocated yet for the user address passed.
Now T1 has mmap_sem and is waiting for ashmem_mutex.
and T2 has the ashmem_mutex and is waiting for mmap_sem
Thus leading to deadlock.
Solution:
Do not call copy_to_user or copy_from_user while holding the
ahsmem_mutex. Instead copy this to a local buffer that lives
in the stack while holding this lock. This will maintain data
integrity as well never reverse the lock order.
Testing:
Created a unit test case to reproduce the problem.
Used the same to test this fix on kernel version 3.4.0
Ported the same patch to 3.8
Signed-off-by: Shankar Brahadeeswaran <shankoo77@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
