Re: [PATCH resend] binder: Prevent context manager from incrementing ref 0

On Fri, Jul 10, 2020 at 8:54 AM Greg Kroah-Hartman wrote: > On Fri, Jul 10, 2020 at 12:39:48AM +0200, Jann Horn wrote: > > Binder is designed such that a binder_proc never has references to > > itself. If this rule is violated, memory corruption can occur when a > > process sends a transaction to

Re: [PATCH resend] binder: Prevent context manager from incrementing ref 0

On Fri, Jul 10, 2020 at 12:39:48AM +0200, Jann Horn wrote: > Binder is designed such that a binder_proc never has references to > itself. If this rule is violated, memory corruption can occur when a > process sends a transaction to itself; see e.g. >

Re: [PATCH resend] binder: Prevent context manager from incrementing ref 0

On Thu, Jul 9, 2020 at 3:40 PM Jann Horn wrote: > > Binder is designed such that a binder_proc never has references to > itself. If this rule is violated, memory corruption can occur when a > process sends a transaction to itself; see e.g. >

[PATCH resend] binder: Prevent context manager from incrementing ref 0

Binder is designed such that a binder_proc never has references to itself. If this rule is violated, memory corruption can occur when a process sends a transaction to itself; see e.g. . There is a remaining edgecase through which such a