Re: [PATCH 0/3] binder: Prevent untranslated sender data from being copied to target

From: Greg KH
Date: Wed Nov 24 2021 - 03:08:34 EST

Next message: Zhaoyang Huang: "Re: [RFC PATCH] mm: introduce alloc hook to apply PTE_CONT"
Previous message: Johannes Berg: "Re: [PATCH 01/17] bitfield: Add non-constant field_{prep,get}() helpers"
Next in thread: Todd Kjos: "Re: [PATCH 0/3] binder: Prevent untranslated sender data from being copied to target"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 23, 2021 at 11:17:34AM -0800, Todd Kjos wrote:
> Binder copies transactions directly from the sender buffer
> to the target buffer and then fixes up BINDER_TYPE_PTR and
> BINDER_TYPE_FDA objects. This means there is a brief time
> when sender pointers and fds are visible to the target
> process.
>
> This series reworks the the sender to target copy to
> avoid leaking any untranslated sender data from being
> visible in the target.
>
> Todd Kjos (3):
> binder: defer copies of pre-patched txn data
> binder: read pre-translated fds from sender buffer
> binder: avoid potential data leakage when copying txn
>
> drivers/android/binder.c | 442 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
> 1 file changed, 387 insertions(+), 55 deletions(-)

Are these changes needed now in 5.16-final and also in stable kernels?

Or can they wait until 5.17-rc1?

thanks,

greg k-h

Next message: Zhaoyang Huang: "Re: [RFC PATCH] mm: introduce alloc hook to apply PTE_CONT"
Previous message: Johannes Berg: "Re: [PATCH 01/17] bitfield: Add non-constant field_{prep,get}() helpers"
Next in thread: Todd Kjos: "Re: [PATCH 0/3] binder: Prevent untranslated sender data from being copied to target"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]