android: binder: fixup crash introduced by moving buffer hdr

Fix crash introduced by 74310e0 (android: binder: Move buffer out of area shared with user space) when close is called after open without mmap in between. Reported-by: kernel test robot <fengguang.wu@intel.com> Fixes: 74310e0 ("android: binder: Move buffer out of area shared with user space") Signed-off-by: Sherry Yang <sherryy@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mariux64 · Sep 1, 2017 · 957ccc2 · 957ccc2
1 parent a97db88
commit 957ccc2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
@@ -713,7 +713,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
 	}
 
 	buffer->data = alloc->buffer;
-	INIT_LIST_HEAD(&alloc->buffers);
 	list_add(&buffer->entry, &alloc->buffers);
 	buffer->free = 1;
 	binder_insert_free_buffer(alloc, buffer);
@@ -972,6 +971,7 @@ void binder_alloc_init(struct binder_alloc *alloc)
 	alloc->tsk = current->group_leader;
 	alloc->pid = current->group_leader->pid;
 	mutex_init(&alloc->mutex);
+	INIT_LIST_HEAD(&alloc->buffers);
 }
 
 void binder_alloc_shrinker_init(void)