git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Todd Kjos <tkjos@google.com>
	Tue, 30 Nov 2021 18:51:50 +0000 (10:51 -0800)
committer	Paolo Pisati <paolo.pisati@canonical.com>
	Fri, 28 Jan 2022 10:02:12 +0000 (11:02 +0100)
commit	2f8fb81eaa3b535b3d23e0fd35ce7b6178f881cc
tree	60c1e78bc27c061f560946dcfebd0226c31f8774	tree
parent	c24dbaf6e907fa0093ce5c02adce58358465b99b	commit \| diff

binder: avoid potential data leakage when copying txn

BugLink: https://bugs.launchpad.net/bugs/1959376
[ Upstream commit 6d98eb95b450a75adb4516a1d33652dc78d2b20c ]

Transactions are copied from the sender to the target
first and objects like BINDER_TYPE_PTR and BINDER_TYPE_FDA
are then fixed up. This means there is a short period where
the sender's version of these objects are visible to the
target prior to the fixups.

Instead of copying all of the data first, copy data only
after any needed fixups have been applied.

Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Reviewed-by: Martijn Coenen <maco@android.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20211130185152.437403-3-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>