From: Sherry Yang Date: Thu, 31 Aug 2017 17:26:06 +0000 (-0700) Subject: android: binder: fixup crash introduced by moving buffer hdr X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=957ccc2bc8f9ebfe8b19112cdc6c2bb20fd7bcf8;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git android: binder: fixup crash introduced by moving buffer hdr Fix crash introduced by 74310e06be4d74dcf67cd108366710dee5c576d5 (android: binder: Move buffer out of area shared with user space) when close is called after open without mmap in between. Reported-by: kernel test robot Fixes: 74310e06be4d ("android: binder: Move buffer out of area shared with user space") Signed-off-by: Sherry Yang Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 78c42c0d62b9..2624a502fcde 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, } buffer->data = alloc->buffer; - INIT_LIST_HEAD(&alloc->buffers); list_add(&buffer->entry, &alloc->buffers); buffer->free = 1; binder_insert_free_buffer(alloc, buffer); @@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc) alloc->tsk = current->group_leader; alloc->pid = current->group_leader->pid; mutex_init(&alloc->mutex); + INIT_LIST_HEAD(&alloc->buffers); } void binder_alloc_shrinker_init(void)