git.ipfire.org Git - thirdparty/linux.git/commit

author	Alice Ryhl <aliceryhl@google.com>
	Tue, 24 Mar 2026 20:02:38 +0000 (20:02 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 1 Apr 2026 10:18:21 +0000 (12:18 +0200)
commit	fc74559e2dd4405492102ada28afa60d012a662f
tree	8925fe6735af06bb9010aae71792ce38e61cb258	tree \| snapshot
parent	ed72cfffc491c88996addd387586234dd8141ee4	commit \| diff

rust_binder: check current before closing fds

This list gets populated once the transaction is delivered to the target
process, at which point it's not touched again except in BC_FREE_BUFFER
and process exit, so if the list has been populated then this code
should not run in the context of the wrong userspace process.

However, why tempt fate? The function itself can run in the context of
both the sender and receiver, and if someone can engineer a scenario
where it runs in the sender and this list is non-empty (or future Rust
Binder changes make such a scenario possible), then that'd be a problem
because we'd be closing random unrelated fds in the wrong process.

Note that on process exit, the == comparison may actually fail because
it's called from a kthread. The fd closing code is a no-op on kthreads,
so there is no actual behavior different though.

Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Link: https://patch.msgid.link/20260324-close-fd-check-current-v3-4-b94274bedac7@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>