From: Arve Hjønnevåg Date: Mon, 6 Apr 2009 22:12:55 +0000 (-0700) Subject: Staging: binder: mmap fixes. X-Git-Tag: firefly_0821_release~14422^2~27 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4ddfc911e39a01f95ad9765d3b9e6f43e14eeff4;p=firefly-linux-kernel-4.4.55.git Staging: binder: mmap fixes. Only allow a binder file pointer to be mmapped once. The buffer management code cannot deal with more then one area. Also remove leftover mutex_unlock if mmap fails. Signed-off-by: Arve Hjønnevåg Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 39871da7ef91..761f5d6a9cf2 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -2694,6 +2694,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) } vma->vm_flags = (vma->vm_flags | VM_DONTCOPY) & ~VM_MAYWRITE; + if (proc->buffer) { + ret = -EBUSY; + failure_string = "already mapped"; + goto err_already_mapped; + } + area = get_vm_area(vma->vm_end - vma->vm_start, VM_IOREMAP); if (area == NULL) { ret = -ENOMEM; @@ -2741,10 +2747,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) err_alloc_small_buf_failed: kfree(proc->pages); + proc->pages = NULL; err_alloc_pages_failed: vfree(proc->buffer); + proc->buffer = NULL; err_get_vm_area_failed: - mutex_unlock(&binder_lock); +err_already_mapped: err_bad_arg: printk(KERN_ERR "binder_mmap: %d %lx-%lx %s failed %d\n", proc->pid, vma->vm_start, vma->vm_end, failure_string, ret); return ret;