https://source.android.com/security/bulletin/2020-02-01
CVE-2020-0030
CVE-2019-11599
ANDROID: binder: synchronize_rcu() when using POLLFREE.

commit 5eeb2ca02a2f6084fc57ae5c244a38baab07033a upstream.

To prevent races with ep_remove_waitqueue() removing the
waitqueue at the same time.

Change-Id: I2ac8d0029725ae555b58d72cece7de8d08f564da
Reported-by: syzbot+a2a3c4909716e271487e@syzkaller.appspotmail.com
Signed-off-by: Martijn Coenen <maco@android.com>
Cc: stable <stable@vger.kernel.org> # 4.14+
Signed-off-by: Mattias Nissler <mnissler@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed