ANDROID: fix binder change in merge of 4.9.188

The 4.9.188 merge was missing the change to the
binder driver associated with the linux-4.9.y
commit 16903f1a5ba7 ("coredump: fix race condition
between mmget_not_zero()/get_task_mm() and core dumping").
It was left out because the android-4.9 binder
driver has been significantly refactored compared
to linux-4.9.y.

This patch applies the missing change from that
patch to the binder driver.

Mot-CRs-fixed: (CR)
CVE-Fixed: CVE-2019-11599
BUG: 131964235

Change-Id: I1402cf3c28f1336da9d942abeb322f71a9b8138b
Signed-off-by: Pachipulusu Bhanu Prakash <bhprakas@motorola.com>
Reviewed-on: https://gerrit.mot.com/1473937
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
(cherry picked from commit 99335914ba19281d60062a035e452e5527cf51a3)

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 16e580006c353697d1c52d019061a14d792b5c1a..55bf52509a3179334fba813d05a98de016523b00 100644 (file)
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -218,6 +218,11 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate,
 
        if (mm) {
                down_read(&mm->mmap_sem);
+               if (!mmget_still_valid(mm)) {
+                       if (allocate == 0)
+                               goto free_range;
+                       goto err_no_vma;
+               }
                vma = alloc->vma;
        }