From: Arve Hjønnevåg Date: Mon, 6 Apr 2009 22:12:59 +0000 (-0700) Subject: Staging: binder: Prevent the wrong thread from adding a transaction to the stack. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0cf24a7dc9123ddf63c413b6d4b38017b19db713;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git Staging: binder: Prevent the wrong thread from adding a transaction to the stack. If a thread is part of a transaction stack, it is only allowed to make another call if it was the target of the top transaction on the stack. Signed-off-by: Arve Hjønnevåg Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 91a96292e6b..b0127a3290d 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -1343,6 +1343,17 @@ binder_transaction(struct binder_proc *proc, struct binder_thread *thread, if (!(tr->flags & TF_ONE_WAY) && thread->transaction_stack) { struct binder_transaction *tmp; tmp = thread->transaction_stack; + if (tmp->to_thread != thread) { + binder_user_error("binder: %d:%d got new " + "transaction with bad transaction stack" + ", transaction %d has target %d:%d\n", + proc->pid, thread->pid, tmp->debug_id, + tmp->to_proc ? tmp->to_proc->pid : 0, + tmp->to_thread ? + tmp->to_thread->pid : 0); + return_error = BR_FAILED_REPLY; + goto err_bad_call_stack; + } while (tmp) { if (tmp->from && tmp->from->proc == target_proc) target_thread = tmp->from;