mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-22 01:10:28 +00:00
2a90957f2c
binder_update_page_range could read freed memory if the vma of the selected process was freed right before the check that the vma belongs to the mm struct it just locked. If the vm_mm pointer in that freed vma struct had also been rewritten with a value that matched the locked mm struct, then the code would proceed and possibly modify the freed vma. Signed-off-by: Arve Hjønnevåg <arve@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| accessibility | ||
| acpi | ||
| amba | ||
| ata | ||
| atm | ||
| auxdisplay | ||
| base | ||
| bcma | ||
| block | ||
| bluetooth | ||
| cdrom | ||
| char | ||
| clk | ||
| clocksource | ||
| connector | ||
| cpufreq | ||
| cpuidle | ||
| crypto | ||
| dca | ||
| devfreq | ||
| dio | ||
| dma | ||
| edac | ||
| eisa | ||
| firewire | ||
| firmware | ||
| gpio | ||
| gpu | ||
| hid | ||
| hv | ||
| hwmon | ||
| hwspinlock | ||
| i2c | ||
| ide | ||
| idle | ||
| ieee802154 | ||
| infiniband | ||
| input | ||
| iommu | ||
| isdn | ||
| leds | ||
| lguest | ||
| macintosh | ||
| mca | ||
| md | ||
| media | ||
| memstick | ||
| message | ||
| mfd | ||
| misc | ||
| mmc | ||
| mtd | ||
| net | ||
| nfc | ||
| nubus | ||
| of | ||
| oprofile | ||
| parisc | ||
| parport | ||
| pci | ||
| pcmcia | ||
| pinctrl | ||
| platform | ||
| pnp | ||
| power | ||
| pps | ||
| ps3 | ||
| ptp | ||
| rapidio | ||
| regulator | ||
| rtc | ||
| s390 | ||
| sbus | ||
| scsi | ||
| sfi | ||
| sh | ||
| sn | ||
| spi | ||
| ssb | ||
| staging | ||
| target | ||
| tc | ||
| thermal | ||
| tty | ||
| uio | ||
| usb | ||
| uwb | ||
| vhost | ||
| video | ||
| virt | ||
| virtio | ||
| vlynq | ||
| w1 | ||
| watchdog | ||
| xen | ||
| zorro | ||
| Kconfig | ||
| Makefile | ||