From 4ddfc911e39a01f95ad9765d3b9e6f43e14eeff4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= Date: Mon, 6 Apr 2009 15:12:55 -0700 Subject: [PATCH] Staging: binder: mmap fixes. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Only allow a binder file pointer to be mmapped once. The buffer management code cannot deal with more then one area. Also remove leftover mutex_unlock if mmap fails. Signed-off-by: Arve Hjønnevåg Signed-off-by: Greg Kroah-Hartman --- drivers/staging/android/binder.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 39871da7ef9..761f5d6a9cf 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -2694,6 +2694,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) } vma->vm_flags = (vma->vm_flags | VM_DONTCOPY) & ~VM_MAYWRITE; + if (proc->buffer) { + ret = -EBUSY; + failure_string = "already mapped"; + goto err_already_mapped; + } + area = get_vm_area(vma->vm_end - vma->vm_start, VM_IOREMAP); if (area == NULL) { ret = -ENOMEM; @@ -2741,10 +2747,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) err_alloc_small_buf_failed: kfree(proc->pages); + proc->pages = NULL; err_alloc_pages_failed: vfree(proc->buffer); + proc->buffer = NULL; err_get_vm_area_failed: - mutex_unlock(&binder_lock); +err_already_mapped: err_bad_arg: printk(KERN_ERR "binder_mmap: %d %lx-%lx %s failed %d\n", proc->pid, vma->vm_start, vma->vm_end, failure_string, ret); return ret; -- 2.20.1