Re: [PATCH] driver/android/binderfs: fix race for binderfs' devices list

From: Carlos Llamas
Date: Sat May 17 2025 - 13:24:42 EST

Next message: Konrad Dybcio: "[PATCH v2 0/5] SC8280XP SLPI"
Previous message: Konrad Dybcio: "Re: [PATCH v4 4/5] arm64: dts: ipq5018: Add CMN PLL node"
Next in thread: Yeoreum Yun: "Re: [PATCH] driver/android/binderfs: fix race for binderfs' devices list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 13, 2025 at 06:47:19PM +0100, Yeoreum Yun wrote:
> binderfs' devices list is global list and can be accesed by multi-thread
> while unmount binder device.
> Since there is no proper locking, it can meet datarace problem.
> for example it's one of case reported UAF while binderfs_evict_inode()
> removes binder device:
>
> sudo ./stress-ng --binderfs 8 --binderfs-ops 10000 -t 15 \
> --pathological --timestamp --tz --syslog --perf --no-rand-seed \
> --times --metrics --klog-check --status 5 -x smi -v --interrupts --change-cpu

I just found this by chance (there is a typo on my email). Note this was
already fixed here:
https://lore.kernel.org/all/20250324132427.922495-1-dmantipov@xxxxxxxxx/

Cheers,
Carlos Llamas

Next message: Konrad Dybcio: "[PATCH v2 0/5] SC8280XP SLPI"
Previous message: Konrad Dybcio: "Re: [PATCH v4 4/5] arm64: dts: ipq5018: Add CMN PLL node"
Next in thread: Yeoreum Yun: "Re: [PATCH] driver/android/binderfs: fix race for binderfs' devices list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]