Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b007cade authored by Todd Kjos's avatar Todd Kjos Committed by LuK1337
Browse files

UPSTREAM: binder: avoid potential data leakage when copying txn 



Transactions are copied from the sender to the target
first and objects like BINDER_TYPE_PTR and BINDER_TYPE_FDA
are then fixed up. This means there is a short period where
the sender's version of these objects are visible to the
target prior to the fixups.

Instead of copying all of the data first, copy data only
after any needed fixups have been applied.

Fixes: 457b9a6f ("Staging: android: add binder driver")
Reviewed-by: default avatarMartijn Coenen <maco@android.com>
Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: default avatarTodd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20211130185152.437403-3-tkjos@google.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 137131904
Bug: 257685302
(cherry picked from commit 6d98eb95b450a75adb4516a1d33652dc78d2b20c)
[cmllamas: fix trivial merge conflict]
Change-Id: I8c14a03a2ee23c5f060c82e1626686f72eff33d9
Signed-off-by: default avatarCarlos Llamas <cmllamas@google.com>
parent d86fa67d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment