Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0cf24a7d authored by Arve Hjønnevåg's avatar Arve Hjønnevåg Committed by Greg Kroah-Hartman
Browse files

Staging: binder: Prevent the wrong thread from adding a transaction to the stack. 



If a thread is part of a transaction stack, it is only allowed to make
another call if it was the target of the top transaction on the stack.

Signed-off-by: default avatarArve Hjønnevåg <arve@android.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 7af7467e

drivers/staging/android/binder.c

+11 −0
Original line number Diff line number Diff line
@@ -1343,6 +1343,17 @@ binder_transaction(struct binder_proc *proc, struct binder_thread *thread, 
		if (!(tr->flags & TF_ONE_WAY) && thread->transaction_stack) {

			struct binder_transaction *tmp;

			tmp = thread->transaction_stack;

			if (tmp->to_thread != thread) {

				binder_user_error("binder: %d:%d got new "

					"transaction with bad transaction stack"

					", transaction %d has target %d:%d\n",

					proc->pid, thread->pid, tmp->debug_id,

					tmp->to_proc ? tmp->to_proc->pid : 0,

					tmp->to_thread ?

					tmp->to_thread->pid : 0);

				return_error = BR_FAILED_REPLY;

				goto err_bad_call_stack;

			}

			while (tmp) {

				if (tmp->from && tmp->from->proc == target_proc)

					target_thread = tmp->from;