From: Todd Kjos <tkjos@google.com>
Date: Thu, 23 Jan 2020 05:14:53 +0000 (+0530)
Subject: ANDROID: fix binder change in merge of 4.9.188
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9ec253ce5b09bd62d4254b9a4f630ea3502450b1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

ANDROID: fix binder change in merge of 4.9.188

The 4.9.188 merge was missing the change to the
binder driver associated with the linux-4.9.y
commit 16903f1a5ba7 ("coredump: fix race condition
between mmget_not_zero()/get_task_mm() and core dumping").
It was left out because the android-4.9 binder
driver has been significantly refactored compared
to linux-4.9.y.

This patch applies the missing change from that
patch to the binder driver.

Mot-CRs-fixed: (CR)
CVE-Fixed: CVE-2019-11599
BUG: 131964235

Change-Id: I1402cf3c28f1336da9d942abeb322f71a9b8138b
Signed-off-by: Pachipulusu Bhanu Prakash <bhprakas@motorola.com>
Reviewed-on: https://gerrit.mot.com/1473937
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
---

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 16e580006c35..55bf52509a31 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -218,6 +218,11 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate,
 
 	if (mm) {
 		down_read(&mm->mmap_sem);
+		if (!mmget_still_valid(mm)) {
+			if (allocate == 0)
+				goto free_range;
+			goto err_no_vma;
+		}
 		vma = alloc->vma;
 	}