02 Mar, 2016

1 commit

• 3e66848a3   Merge 4.5-rc6 into staging-next ... Browse Code »

  We want the staging fixes in here as well.

  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2016-03-02 08:10:45 +0800  

23 Feb, 2016

1 commit

• bb27d4998   Merge char-misc-next into staging-next ... Browse Code »

  This resolves the merge issues and confusions people were having with
  the goldfish drivers due to changes for them showing up in two different
  trees.

  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2016-02-23 06:46:24 +0800  

21 Feb, 2016

1 commit

• 7a64cd887   drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE ... Browse Code »

  There's one point was missed in the patch commit da49889deb34 ("staging:
  binder: Support concurrent 32 bit and 64 bit processes."). When configure
  BINDER_IPC_32BIT, the size of binder_uintptr_t was 32bits, but size of
  void * is 64bit on 64bit system. Correct it here.

  Signed-off-by: Lisa Du
  Signed-off-by: Nicolas Boichat
  Fixes: da49889deb34 ("staging: binder: Support concurrent 32 bit and 64 bit processes.")
  Cc:
  Acked-by: Olof Johansson
  Signed-off-by: Greg Kroah-Hartman

  Lisa Du

  2016-02-21 07:43:56 +0800  

12 Feb, 2016

2 commits

• 83050a4e2   android: drivers: Avoid debugfs race in binder ... Browse Code »

  If a /d/binder/proc/[pid] entry is kept open after linux has
  torn down the associated process, binder_proc_show can deference
  an invalid binder_proc that has been stashed in the debugfs
  inode. Validate that the binder_proc ptr passed into binder_proc_show
  has not been freed by looking for it within the global process list
  whilst the global lock is held. If the ptr is not valid, print nothing.

  Cc: Colin Cross
  Cc: Arve Hjønnevåg
  Cc: Dmitry Shmidt
  Cc: Rom Lemarchand
  Cc: Serban Constantinescu
  Cc: Greg Kroah-Hartman
  Cc: Android Kernel Team
  Signed-off-by: Dmitry Shmidt
  [jstultz: Minor commit message tweaks]
  Signed-off-by: John Stultz
  Signed-off-by: Greg Kroah-Hartman

  Riley Andrews

  2016-02-12 12:06:46 +0800  
• 212265e5a   android: binder: More offset validation ... Browse Code »

  Make sure offsets don't point to overlapping flat_binder_object
  structs.

  Cc: Colin Cross
  Cc: Arve Hjønnevåg
  Cc: Dmitry Shmidt
  Cc: Rom Lemarchand
  Cc: Serban Constantinescu
  Cc: Greg Kroah-Hartman
  Cc: Android Kernel Team
  Signed-off-by: Dmitry Shmidt
  Signed-off-by: John Stultz
  Signed-off-by: Greg Kroah-Hartman

  Arve Hjønnevåg

  2016-02-12 12:06:46 +0800  

08 Feb, 2016

1 commit

• a906d6931   android: binder: Sanity check at binder ioctl ... Browse Code »

  Sanity check at binder ioctl function,
  Only allow the shared mm_struct to use the same binder-object
  to do binder operate.

  And add proc->vma_vm_mm = current->mm at the open function.
  The libbinder do ioctl before mmap called.

  V2: Fix compile error for error commit
  V3: Change the condition to proc->vma_vm_mm

  Signed-off-by: Chen Feng
  Signed-off-by: Wei Dong
  Signed-off-by: Junmin Zhao
  Reviewed-by: Zhuangluan Su
  Signed-off-by: Greg Kroah-Hartman

  Chen Feng

  2016-02-08 09:34:58 +0800  

11 Sep, 2015

1 commit

• 7cbea8dc0   mm: mark most vm_operations_struct const ... Browse Code »

  With two exceptions (drm/qxl and drm/radeon) all vm_operations_struct
  structs should be constant.

  Signed-off-by: Kirill A. Shutemov
  Reviewed-by: Oleg Nesterov
  Cc: "H. Peter Anvin"
  Cc: Andy Lutomirski
  Cc: Dave Hansen
  Cc: Ingo Molnar
  Cc: Minchan Kim
  Cc: Thomas Gleixner
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Kirill A. Shutemov

  2015-09-11 04:29:01 +0800  

02 Mar, 2015

1 commit

• f4c72c703   android: binder: fix binder mmap failures ... Browse Code »

  binder_update_page_range() initializes only addr and size
  fields in 'struct vm_struct tmp_area;' and passes it to
  map_vm_area().

  Before 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation")
  this was because map_vm_area() didn't use any other fields
  in vm_struct except addr and size.

  Now get_vm_area_size() (used in map_vm_area()) reads vm_struct's
  flags to determine whether vm area has guard hole or not.

  binder_update_page_range() don't initialize flags field, so
  this causes following binder mmap failures:
  -----------[ cut here ]------------
  WARNING: CPU: 0 PID: 1971 at mm/vmalloc.c:130
  vmap_page_range_noflush+0x119/0x144()
  CPU: 0 PID: 1971 Comm: healthd Not tainted 4.0.0-rc1-00399-g7da3fdc-dirty #157
  Hardware name: ARM-Versatile Express
  [] (unwind_backtrace) from [] (show_stack+0x11/0x14)
  [] (show_stack) from [] (dump_stack+0x59/0x7c)
  [] (dump_stack) from [] (warn_slowpath_common+0x55/0x84)
  [] (warn_slowpath_common) from []
  (warn_slowpath_null+0x17/0x1c)
  [] (warn_slowpath_null) from []
  (vmap_page_range_noflush+0x119/0x144)
  [] (vmap_page_range_noflush) from [] (map_vm_area+0x27/0x48)
  [] (map_vm_area) from []
  (binder_update_page_range+0x12f/0x27c)
  [] (binder_update_page_range) from []
  (binder_mmap+0xbf/0x1ac)
  [] (binder_mmap) from [] (mmap_region+0x2eb/0x4d4)
  [] (mmap_region) from [] (do_mmap_pgoff+0x1e7/0x250)
  [] (do_mmap_pgoff) from [] (vm_mmap_pgoff+0x45/0x60)
  [] (vm_mmap_pgoff) from [] (SyS_mmap_pgoff+0x5d/0x80)
  [] (SyS_mmap_pgoff) from [] (ret_fast_syscall+0x1/0x5c)
  ---[ end trace 48c2c4b9a1349e54 ]---
  binder: 1982: binder_alloc_buf failed to map page at f0e00000 in kernel
  binder: binder_mmap: 1982 b6bde000-b6cdc000 alloc small buf failed -12

  Use map_kernel_range_noflush() instead of map_vm_area() as this is better
  API for binder's purposes and it allows to get rid of 'vm_struct tmp_area' at all.

  Fixes: 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation")
  Signed-off-by: Andrey Ryabinin
  Reported-by: Amit Pundir
  Tested-by: Amit Pundir
  Acked-by: David Rientjes
  Tested-by: John Stultz
  Signed-off-by: Greg Kroah-Hartman

  Andrey Ryabinin

  2015-03-02 10:43:51 +0800  

26 Jan, 2015

1 commit

• 79af73079   Add security hooks to binder and implement the hooks for SELinux. ... Browse Code »

  Add security hooks to the binder and implement the hooks for SELinux.
  The security hooks enable security modules such as SELinux to implement
  controls over binder IPC. The security hooks include support for
  controlling what process can become the binder context manager
  (binder_set_context_mgr), controlling the ability of a process
  to invoke a binder transaction/IPC to another process (binder_transaction),
  controlling the ability of a process to transfer a binder reference to
  another process (binder_transfer_binder), and controlling the ability
  of a process to transfer an open file to another process (binder_transfer_file).

  These hooks have been included in the Android kernel trees since Android 4.3.

  (Updated to reflect upstream relocation and changes to the binder driver,
  changes to the LSM audit data structures, coding style cleanups, and
  to add inline documentation for the hooks).

  Signed-off-by: Stephen Smalley
  Acked-by: Nick Kralevich
  Acked-by: Jeffrey Vander Stoep
  Signed-off-by: Greg Kroah-Hartman

  Stephen Smalley

  2015-01-26 01:17:57 +0800  

20 Oct, 2014

2 commits

• 9246a4a98   android: binder: remove binder.h ... Browse Code »

  binder.h isn't needed to just include a uapi file and set a single
  define, so move it into binder.c to save a few lines of code.

  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2014-10-20 10:30:15 +0800  
• 777783e0a   staging: android: binder: move to the "real" part of the kernel ... Browse Code »

  The Android binder code has been "stable" for many years now. No matter
  what comes in the future, we are going to have to support this API, so
  might as well move it to the "real" part of the kernel as there's no
  real work that needs to be done to the existing code.

  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2014-10-20 10:30:15 +0800