linux/drivers/android/binder.c, branch v6.15

binder: fix offset calculation in debug log

2025-04-15T13:11:12Z

The vma start address should be substracted from the buffer's user data address and not the other way around. Cc: Tiffany Y. Yang Cc: stable Fixes: 162c79731448 ("binder: avoid user addresses in debug logs") Signed-off-by: Carlos Llamas Reviewed-by: Tiffany Y. Yang Link: https://lore.kernel.org/r/20250325184902.587138-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman

Merge tag 'char-misc-6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

2025-01-28T00:51:51Z

Pull Char/Misc/IIO driver updates from Greg KH: "Here is the "big" set of char/misc/iio and other smaller driver subsystem updates for 6.14-rc1. Loads of different things in here this development cycle, highlights are: - ntsync "driver" to handle Windows locking types enabling Wine to work much better on many workloads (i.e. games). The driver framework was in 6.13, but now it's enabled and fully working properly. Should make many SteamOS users happy. Even comes with tests! - Large IIO driver updates and bugfixes - FPGA driver updates - Coresight driver updates - MHI driver updates - PPS driver updatesa - const bin_attribute reworking for many drivers - binder driver updates - smaller driver updates and fixes All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (311 commits) ntsync: Fix reference leaks in the remaining create ioctls. spmi: hisi-spmi-controller: Drop duplicated OF node assignment in spmi_controller_probe() spmi: Set fwnode for spmi devices ntsync: fix a file reference leak in drivers/misc/ntsync.c scripts/tags.sh: Don't tag usages of DECLARE_BITMAP dt-bindings: interconnect: qcom,msm8998-bwmon: Add SM8750 CPU BWMONs dt-bindings: interconnect: OSM L3: Document sm8650 OSM L3 compatible dt-bindings: interconnect: qcom-bwmon: Document QCS615 bwmon compatibles interconnect: sm8750: Add missing const to static qcom_icc_desc memstick: core: fix kernel-doc notation intel_th: core: fix kernel-doc warnings binder: log transaction code on failure iio: dac: ad3552r-hs: clear reset status flag iio: dac: ad3552r-common: fix ad3541/2r ranges iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() misc: fastrpc: Fix copy buffer page size misc: fastrpc: Fix registered buffer page address misc: fastrpc: Deregister device nodes properly in error scenarios nvmem: core: improve range check for nvmem_cell_write() nvmem: qcom-spmi-sdam: Set size in struct nvmem_config ...

binder: log transaction code on failure

2025-01-13T05:18:47Z

When a transaction fails, log the 'tr->code' to help indentify the problematic userspace call path. This additional information will simplify debugging efforts. Cc: Steven Moreland Signed-off-by: Carlos Llamas Reviewed-by: Alice Ryhl Link: https://lore.kernel.org/r/20250110175051.2656975-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman

binder: fix kernel-doc warning of 'file' member

2025-01-08T12:18:09Z

The 'struct file' member in 'binder_task_work_cb' definition was renamed to 'file' between patch versions but its kernel-doc reference kept the old name 'fd'. Update the naming to fix the W=1 build warning. Cc: Todd Kjos Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202501031535.erbln3A2-lkp@intel.com/ Signed-off-by: Carlos Llamas Acked-by: Todd Kjos Link: https://lore.kernel.org/r/20250106192608.1107362-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman

binderfs: add new binder devices to binder_devices

2025-01-08T12:18:09Z

When binderfs is not enabled, the binder driver parses the kernel config to create all binder devices. All of the new binder devices are stored in the list binder_devices. When binderfs is enabled, the binder driver creates new binder devices dynamically when userspace applications call BINDER_CTL_ADD ioctl. But the devices created in this way are not stored in the same list. This patch fixes that. Signed-off-by: Li Li Acked-by: Carlos Llamas Link: https://lore.kernel.org/r/20241218212935.4162907-2-dualli@chromium.org Signed-off-by: Greg Kroah-Hartman

binder: rename alloc->buffer to vm_start

2024-12-24T08:35:23Z

The alloc->buffer field in struct binder_alloc stores the starting address of the mapped vma, rename this field to alloc->vm_start to better reflect its purpose. It also avoids confusion with the binder buffer concept, e.g. transaction->buffer. No functional changes in this patch. Reviewed-by: Suren Baghdasaryan Signed-off-by: Carlos Llamas Link: https://lore.kernel.org/r/20241210143114.661252-7-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman

binder: initialize lsm_context structure

2024-12-16T04:18:04Z

It is possible to reach the end of binder_transaction() without having set lsmctx. As the variable value is checked there it needs to be initialized. Suggested-by: Kees Bakker [PM: subj tweak to fit convention] Signed-off-by: Casey Schaufler Signed-off-by: Paul Moore

lsm: replace context+len with lsm_context

2024-12-04T19:42:31Z

Replace the (secctx,seclen) pointer pair with a single lsm_context pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() and security_lsmproc_to_secctx() will now return the length value on success instead of 0. Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org Cc: Todd Kjos Signed-off-by: Casey Schaufler [PM: subject tweak, kdoc fix, signedness fix from Dan Carpenter] Signed-off-by: Paul Moore

lsm: ensure the correct LSM context releaser

2024-12-04T15:46:26Z

Add a new lsm_context data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Update security_release_secctx() to use the lsm_context instead of a (char *, len) pair. Change its callers to do likewise. The LSMs supporting this hook have had comments added to remind the developer that there is more work to be done. The BPF security module provides all LSM hooks. While there has yet to be a known instance of a BPF configuration that uses security contexts, the possibility is real. In the existing implementation there is potential for multiple frees in that case. Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org Cc: Todd Kjos Signed-off-by: Casey Schaufler [PM: subject tweak] Signed-off-by: Paul Moore

binder: add delivered_freeze to debugfs output

2024-10-13T15:12:22Z

Add the pending proc->delivered_freeze work to the debugfs output. This information was omitted in the original implementation of the freeze notification and can be valuable for debugging issues. Fixes: d579b04a52a1 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Acked-by: Todd Kjos Reviewed-by: Alice Ryhl Link: https://lore.kernel.org/r/20240926233632.821189-9-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman