Revert "binder: fix handling of misaligned binder object"

This reverts commit 6bf7d3c5. The commit message is for a different patch. Reverting and then adding the same patch back with the correct commit message. Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Cc: stable <stable@vger.kernel.org> # 4.19 Signed-off-by: Todd Kjos <tkjos@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Revert "binder: fix handling of misaligned binder object"
This reverts commit 6bf7d3c5. The commit message is for a different patch. Reverting and then adding the same patch back with the correct commit message. Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Cc: stable <stable@vger.kernel.org> # 4.19 Signed-off-by: Todd Kjos <tkjos@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
137c838f · Todd Kjos · Greg Kroah-Hartman · 385dab29 · 137c838f
Commit 137c838f authored Jun 05, 2019 by Todd Kjos Committed by Greg Kroah-Hartman Jun 09, 2019
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 8 deletions

drivers/android/binder_alloc.c drivers/android/binder_alloc.c +10 -8

No files found.
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -958,13 +958,14 @@ enum lru_status binder_alloc_free_page(struct list_head *item,
 	index = page - alloc->pages;
 	page_addr = (uintptr_t)alloc->buffer + index * PAGE_SIZE;
+	vma = binder_alloc_get_vma(alloc);
-	mm = alloc->vma_vm_mm;
+	if (vma) {
-	if (!mmget_not_zero(mm))
+		if (!mmget_not_zero(alloc->vma_vm_mm))
 			goto err_mmget;
+		mm = alloc->vma_vm_mm;
 		if (!down_write_trylock(&mm->mmap_sem))
 			goto err_down_write_mmap_sem_failed;
-	vma = binder_alloc_get_vma(alloc);
+	}
 	list_lru_isolate(lru, item);
 	spin_unlock(lock);
@@ -977,9 +978,10 @@ enum lru_status binder_alloc_free_page(struct list_head *item,
 			       PAGE_SIZE);
 		trace_binder_unmap_user_end(alloc, index);
-	}
 		up_write(&mm->mmap_sem);
 		mmput(mm);
+	}
 	trace_binder_unmap_kernel_start(alloc, index);