From 1ff4cf16653f18b2f384cae4219fd35388d4b193 Mon Sep 17 00:00:00 2001 From: Todd Kjos Date: Wed, 5 Jul 2017 13:46:01 -0700 Subject: [PATCH] Revert "android: binder: Sanity check at binder ioctl" This reverts commit d69a1ecd8d93677c0436957dcdd408be6b2a2f25. The patch introduced a race in the binder driver. An attempt to fix the race was submitted in "[PATCH v2] android: binder: fix dangling pointer comparison", however the conclusion in the discussion for that patch was that the original patch should be reverted. The reversion is being done as part of the fine-grained locking patchset since the patch would need to be refactored when proc->vmm_vm_mm is removed from struct binder_proc and added in the binder allocator. Signed-off-by: Todd Kjos Cc: stable # 4.6+ Signed-off-by: Greg Kroah-Hartman --- drivers/android/binder.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index aae4d8d4be361..157bd3e49ff4a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3247,10 +3247,6 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) /*pr_info("binder_ioctl: %d:%d %x %lx\n", proc->pid, current->pid, cmd, arg);*/ - if (unlikely(current->mm != proc->vma_vm_mm)) { - pr_err("current mm mismatch proc mm\n"); - return -EINVAL; - } trace_binder_ioctl(cmd, arg); ret = wait_event_interruptible(binder_user_error_wait, binder_stop_on_user_error < 2); @@ -3466,7 +3462,6 @@ static int binder_open(struct inode *nodp, struct file *filp) return -ENOMEM; get_task_struct(current); proc->tsk = current; - proc->vma_vm_mm = current->mm; INIT_LIST_HEAD(&proc->todo); init_waitqueue_head(&proc->wait); proc->default_priority = task_nice(current); -- 2.39.5