git.baikalelectronics.ru Git - kernel.git/commit

author	Todd Kjos <tkjos@google.com>
	Wed, 30 Nov 2022 03:58:00 +0000 (03:58 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 8 Dec 2022 10:23:01 +0000 (11:23 +0100)
commit	8ec2961a0966cfa3aef79561ca861d879f1001aa
tree	a319067a242143e7d9ead3eb53dcfae67fd4849b	tree \| snapshot
parent	cd330f4fbaf5d2a073199daf78bdee15a6a61d1f	commit \| diff

binder: avoid potential data leakage when copying txn

commit b07c84a482bd6e966a445661a7df54090ec7922b upstream.

Transactions are copied from the sender to the target
first and objects like BINDER_TYPE_PTR and BINDER_TYPE_FDA
are then fixed up. This means there is a short period where
the sender's version of these objects are visible to the
target prior to the fixups.

Instead of copying all of the data first, copy data only
after any needed fixups have been applied.

Fixes: fbc65853e41e ("Staging: android: add binder driver")
Reviewed-by: Martijn Coenen <maco@android.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20211130185152.437403-3-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[cmllamas: fix trivial merge conflict]
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>