linux/drivers/staging/android
Arve Hjønnevåg 2a90957f2c Staging: android: binder: Fix use-after-free bug
binder_update_page_range could read freed memory if the vma of the
selected process was freed right before the check that the vma
belongs to the mm struct it just locked.

If the vm_mm pointer in that freed vma struct had also been rewritten
with a value that matched the locked mm struct, then the code would
proceed and possibly modify the freed vma.

Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-03-09 13:14:08 -08:00
..
switch staging: android: switch: minor code formatting cleanups 2011-12-16 13:41:37 -08:00
alarm-dev.c staging: android-alarm: HACK: wakelock workaround 2012-02-10 10:06:19 -08:00
alarm.c staging: android-alarm: Fixup minor pr_alarm warnings 2012-02-10 10:08:01 -08:00
android_alarm.h staging: android-alarm: Support old drivers via preprocessor aliasing 2012-02-10 10:08:01 -08:00
ashmem.c drivers/staging/android/ashmem.c: Cleanups 2012-02-08 16:47:51 -08:00
ashmem.h ashmem: Anonymous shared memory subsystem 2011-12-21 13:38:28 -08:00
binder.c Staging: android: binder: Fix use-after-free bug 2012-03-09 13:14:08 -08:00
binder.h Staging: android: fixed a space warning in binder.h 2011-12-22 13:33:57 -08:00
Kconfig staging: android: persistent_ram: refactor ecc support 2012-03-08 09:36:08 -08:00
logger.c staging: logger: hold mutex while removing reader 2012-02-24 12:03:14 -08:00
logger.h android: logger: Add new system log for framework/system log messages 2011-11-30 20:40:06 +09:00
lowmemorykiller.c Staging: android: lowmemorykiller.c 2012-03-07 13:21:23 -08:00
Makefile staging: android: ram_console: split out persistent ram 2012-03-08 09:36:08 -08:00
persistent_ram.c staging: android: persistent_ram: add notrace to persistent_ram_write 2012-03-08 09:36:08 -08:00
persistent_ram.h staging: android: persistent_ram: handle reserving and mapping memory 2012-03-08 09:36:08 -08:00
ram_console.c staging: ram_console: Fix section mismatches 2012-03-09 13:14:08 -08:00
ram_console.h staging: android: ram_console: pass in a boot info string 2011-11-30 21:23:37 +09:00
timed_gpio.c drivers/staging/android/timed_gpio.c: Stlye fixes 2012-02-08 16:47:52 -08:00
timed_gpio.h Staging: android: timed_gpio: Removed spaces before tabs 2012-02-29 15:52:52 -08:00
timed_output.c Staging: android: timed_gpio: Properly discard invalid timeout values. 2011-11-30 20:51:36 +09:00
timed_output.h Revert "Staging: android: delete android drivers" 2011-11-30 20:18:14 +09:00
TODO drivers:staging:android Typos: fix some comments that have typos in them. 2012-02-08 16:47:50 -08:00