Commit 957ccc2b authored by Sherry Yang's avatar Sherry Yang Committed by Greg Kroah-Hartman

android: binder: fixup crash introduced by moving buffer hdr

Fix crash introduced by 74310e06
(android: binder: Move buffer out of area shared with user space)
when close is called after open without mmap in between.
Reported-by: default avatarkernel test robot <fengguang.wu@intel.com>
Fixes: 74310e06 ("android: binder: Move buffer out of area shared with user space")
Signed-off-by: default avatarSherry Yang <sherryy@android.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a97db881
...@@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, ...@@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
} }
buffer->data = alloc->buffer; buffer->data = alloc->buffer;
INIT_LIST_HEAD(&alloc->buffers);
list_add(&buffer->entry, &alloc->buffers); list_add(&buffer->entry, &alloc->buffers);
buffer->free = 1; buffer->free = 1;
binder_insert_free_buffer(alloc, buffer); binder_insert_free_buffer(alloc, buffer);
...@@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc) ...@@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc)
alloc->tsk = current->group_leader; alloc->tsk = current->group_leader;
alloc->pid = current->group_leader->pid; alloc->pid = current->group_leader->pid;
mutex_init(&alloc->mutex); mutex_init(&alloc->mutex);
INIT_LIST_HEAD(&alloc->buffers);
} }
void binder_alloc_shrinker_init(void) void binder_alloc_shrinker_init(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment