superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/android
History
Matthew Maurer f6d8fea9e3 rust_binder: Avoid holding lock when dropping delivered_death 
In 6c37bebd8c, we switched to looping over the list and dropping each
individual node, ostensibly without the lock held in the loop body.

If the kernel were using Rust Edition 2024, the comment would be
accurate, and the lock would not be held across the drop. However, the
kernel is currently using 2021, so tail expression lifetime extension
results in the lock being held across the drop. Explicitly binding the
expression result to a variable makes the lockguard no longer part of a
tail expression, causing the lock to be dropped before entering the loop
body.

This was detected via `CONFIG_PROVE_LOCKING` identifying an invalid wait
context at the drop site.

Reported-by: David Stevens <stevensd@google.com>
Signed-off-by: Matthew Maurer <mmaurer@google.com>
Cc: stable <stable@kernel.org>
Fixes: 6c37bebd8c ("rust_binder: avoid mem::take on delivered_deaths")
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Acked-by: Carlos Llamas <cmllamas@google.com>
Link: https://patch.msgid.link/20260403-lockhold-v1-1-c332b56cd8ae@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2026-05-22 11:55:48 +02:00
..
binder rust_binder: Avoid holding lock when dropping delivered_death 2026-05-22 11:55:48 +02:00
tests binder: mark binder_alloc_exhaustive_test as slow 2025-11-26 13:24:19 +01:00
Kconfig rust_binder: add Rust Binder driver 2025-09-19 09:40:46 +02:00
Makefile rust_binder: add Rust Binder driver 2025-09-19 09:40:46 +02:00
binder.c binder: use current_euid() for transaction sender identity 2026-02-26 21:35:18 -08:00
binder_alloc.c mm: rename zap_page_range_single() to zap_vma_range() 2026-04-05 13:53:15 -07:00
binder_alloc.h binder: Convert binder_alloc selftests to KUnit 2025-07-16 14:11:59 +02:00
binder_internal.h binder: add t->is_async and t->is_reply 2025-08-19 12:53:01 +02:00
binder_netlink.c tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
binder_netlink.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
binder_trace.h binder: add tracepoint for netlink reports 2025-08-19 12:53:02 +02:00
binderfs.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
dbitmap.h binder: fix double-free in dbitmap 2025-09-18 17:20:00 +02:00