From: Eric Biggers ebiggers@google.com
[Please apply to 4.4-stable and 4.9-stable.]
When commit 4be5a2810489 ("binder: check for binder_thread allocation failure in binder_poll()") was applied to 4.4-stable and 4.9-stable it was forgotten to release the global binder lock in the new error path. The global binder lock wasn't removed until v4.14, by commit a60b890f607d ("binder: remove global binder lock").
Fix the new error path to release the lock.
Reported-by: Guenter Roeck linux@roeck-us.net Signed-off-by: Eric Biggers ebiggers@google.com --- drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 3b6ac80b2127..49199bd2ab93 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2628,8 +2628,10 @@ static unsigned int binder_poll(struct file *filp, binder_lock(__func__);
thread = binder_get_thread(proc); - if (!thread) + if (!thread) { + binder_unlock(__func__); return POLLERR; + }
wait_for_proc_work = thread->transaction_stack == NULL && list_empty(&thread->todo) && thread->return_error == BR_OK;
Ack. Agree this is needed for pre-4.14.
On Mon, Feb 26, 2018 at 10:56 AM, Eric Biggers ebiggers3@gmail.com wrote:
From: Eric Biggers ebiggers@google.com
[Please apply to 4.4-stable and 4.9-stable.]
When commit 4be5a2810489 ("binder: check for binder_thread allocation failure in binder_poll()") was applied to 4.4-stable and 4.9-stable it was forgotten to release the global binder lock in the new error path. The global binder lock wasn't removed until v4.14, by commit a60b890f607d ("binder: remove global binder lock").
Fix the new error path to release the lock.
Reported-by: Guenter Roeck linux@roeck-us.net Signed-off-by: Eric Biggers ebiggers@google.com
drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 3b6ac80b2127..49199bd2ab93 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2628,8 +2628,10 @@ static unsigned int binder_poll(struct file *filp, binder_lock(__func__);
thread = binder_get_thread(proc);
if (!thread)
if (!thread) {binder_unlock(__func__); return POLLERR;} wait_for_proc_work = thread->transaction_stack == NULL && list_empty(&thread->todo) && thread->return_error == BR_OK;-- 2.16.1.291.g4437f3f132-goog
This is a note to let you know that I've just added the patch titled
binder: add missing binder_unlock()
to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: binder-add-missing-binder_unlock.patch and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From ebiggers3@gmail.com Mon Feb 26 20:36:21 2018
From: Eric Biggers ebiggers3@gmail.com Date: Mon, 26 Feb 2018 10:56:45 -0800 Subject: binder: add missing binder_unlock() To: stable@vger.kernel.org, Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Guenter Roeck linux@roeck-us.net, Todd Kjos tkjos@android.com, Eric Biggers ebiggers@google.com Message-ID: 20180226185645.241652-1-ebiggers3@gmail.com
From: Eric Biggers ebiggers@google.com
When commit 4be5a2810489 ("binder: check for binder_thread allocation failure in binder_poll()") was applied to 4.4-stable and 4.9-stable it was forgotten to release the global binder lock in the new error path. The global binder lock wasn't removed until v4.14, by commit a60b890f607d ("binder: remove global binder lock").
Fix the new error path to release the lock.
Reported-by: Guenter Roeck linux@roeck-us.net Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2622,8 +2622,10 @@ static unsigned int binder_poll(struct f binder_lock(__func__);
thread = binder_get_thread(proc); - if (!thread) + if (!thread) { + binder_unlock(__func__); return POLLERR; + }
wait_for_proc_work = thread->transaction_stack == NULL && list_empty(&thread->todo) && thread->return_error == BR_OK;
Patches currently in stable-queue which might be from ebiggers3@gmail.com are
queue-4.4/binder-add-missing-binder_unlock.patch
On Mon, Feb 26, 2018 at 10:56:45AM -0800, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
[Please apply to 4.4-stable and 4.9-stable.]
When commit 4be5a2810489 ("binder: check for binder_thread allocation failure in binder_poll()") was applied to 4.4-stable and 4.9-stable it was forgotten to release the global binder lock in the new error path. The global binder lock wasn't removed until v4.14, by commit a60b890f607d ("binder: remove global binder lock").
Fix the new error path to release the lock.
Reported-by: Guenter Roeck linux@roeck-us.net Signed-off-by: Eric Biggers ebiggers@google.com
drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 3b6ac80b2127..49199bd2ab93 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2628,8 +2628,10 @@ static unsigned int binder_poll(struct file *filp, binder_lock(__func__); thread = binder_get_thread(proc);
- if (!thread)
- if (!thread) {
binder_unlock(__func__);- }
wait_for_proc_work = thread->transaction_stack == NULL && list_empty(&thread->todo) && thread->return_error == BR_OK; -- 2.16.1.291.g4437f3f132-goog
Thanks for the patch, all now queued up.
greg k-h
This is a note to let you know that I've just added the patch titled
binder: add missing binder_unlock()
to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: binder-add-missing-binder_unlock.patch and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From ebiggers3@gmail.com Mon Feb 26 20:36:21 2018
From: Eric Biggers ebiggers3@gmail.com Date: Mon, 26 Feb 2018 10:56:45 -0800 Subject: binder: add missing binder_unlock() To: stable@vger.kernel.org, Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Guenter Roeck linux@roeck-us.net, Todd Kjos tkjos@android.com, Eric Biggers ebiggers@google.com Message-ID: 20180226185645.241652-1-ebiggers3@gmail.com
From: Eric Biggers ebiggers@google.com
When commit 4be5a2810489 ("binder: check for binder_thread allocation failure in binder_poll()") was applied to 4.4-stable and 4.9-stable it was forgotten to release the global binder lock in the new error path. The global binder lock wasn't removed until v4.14, by commit a60b890f607d ("binder: remove global binder lock").
Fix the new error path to release the lock.
Reported-by: Guenter Roeck linux@roeck-us.net Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2628,8 +2628,10 @@ static unsigned int binder_poll(struct f binder_lock(__func__);
thread = binder_get_thread(proc); - if (!thread) + if (!thread) { + binder_unlock(__func__); return POLLERR; + }
wait_for_proc_work = thread->transaction_stack == NULL && list_empty(&thread->todo) && thread->return_error == BR_OK;
Patches currently in stable-queue which might be from ebiggers3@gmail.com are
queue-4.9/binder-add-missing-binder_unlock.patch
linux-stable-mirror@lists.linaro.org
-
Eric Biggers -
Greg Kroah-Hartman -
gregkh@linuxfoundation.org
-
Todd Kjos