These are all fixes for the frozen notification patch [1], which as of today hasn't landed in mainline yet. As such, this patchset is rebased on top of the char-misc-next branch.
[1] https://lore.kernel.org/all/20240709070047.4055369-2-yutingtseng@google.com/
Cc: stable@vger.kernel.org Cc: Yu-Ting Tseng yutingtseng@google.com Cc: Alice Ryhl aliceryhl@google.com Cc: Todd Kjos tkjos@google.com Cc: Martijn Coenen maco@google.com Cc: Arve Hjønnevåg arve@android.com Cc: Viktor Martensson vmartensson@google.com
v1: https://lore.kernel.org/all/20240924184401.76043-1-cmllamas@google.com/
v2: * debug output for BINDER_WORK_CLEAR_FREEZE_NOTIFICATION (Alice) * allow notifications for dead nodes instead of EINVAL (Alice) * add fix for memleak of proc->delivered_freeze * add proc->delivered_freeze to debug output * collect tags
Carlos Llamas (8): binder: fix node UAF in binder_add_freeze_work() binder: fix OOB in binder_add_freeze_work() binder: fix freeze UAF in binder_release_work() binder: fix BINDER_WORK_FROZEN_BINDER debug logs binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs binder: allow freeze notification for dead nodes binder: fix memleak of proc->delivered_freeze binder: add delivered_freeze to debugfs output
drivers/android/binder.c | 64 ++++++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 15 deletions(-)