On Fri, Jan 5, 2018 at 1:20 PM, Greg KH wrote:
> Should this be a 4.15-final thing, as well as backported to any range of
> older kernels?
This was found by syzkaller and wouldn't be hit in normal code paths,
so I think it's not critical for 4.15. This code was introduced in
4.14, so it should be
On Fri, Jan 05, 2018 at 11:27:07AM +0100, Martijn Coenen wrote:
> binder_poll() passes the thread->wait waitqueue that
> can be slept on for work. When a thread that uses
> epoll explicitly exits using BINDER_THREAD_EXIT,
> the waitqueue is freed, but it is never removed
> from the corresponding ep
binder_poll() passes the thread->wait waitqueue that
can be slept on for work. When a thread that uses
epoll explicitly exits using BINDER_THREAD_EXIT,
the waitqueue is freed, but it is never removed
from the corresponding epoll data structure. When
the process subsequently exits, the epoll cleanup
