don't abuse task_struct.group_leader

[PATCH 2/7] android/binder: use same_thread_group(proc->tsk, current) in binder_mmap()

Posted by Oleg Nesterov 1 week, 4 days ago

With or without this change the checked condition can be falsely true
if proc->tsk execs, but this is fine: binder_alloc_mmap_handler() checks
vma->vm_mm == alloc->mm.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
 drivers/android/binder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index a00f6678f04d..980bb13228fc 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -6013,7 +6013,7 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
 {
 	struct binder_proc *proc = filp->private_data;
 
-	if (proc->tsk != current->group_leader)
+	if (!same_thread_group(proc->tsk, current))
 		return -EINVAL;
 
 	binder_debug(BINDER_DEBUG_OPEN_CLOSE,
-- 
2.52.0

Re: [PATCH 2/7] android/binder: use same_thread_group(proc->tsk, current) in binder_mmap()

Posted by Alice Ryhl 1 day ago

On Sun, Dec 7, 2025 at 1:40 PM Oleg Nesterov <oleg@redhat.com> wrote:
>
> With or without this change the checked condition can be falsely true
> if proc->tsk execs, but this is fine: binder_alloc_mmap_handler() checks
> vma->vm_mm == alloc->mm.
>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>

Reviewed-by: Alice Ryhl <aliceryhl@google.com>

[PATCH 1/7] android/binder: don't abuse current->group_leader
[PATCH 2/7] android/binder: use same_thread_group(proc->tsk, current) in binder_mmap()
[PATCH 3/7] drm/amdgpu: don't abuse current->group_leader
[PATCH 4/7] drm/amd: kill the outdated "Only the pthreads threading model is supported" checks
[PATCH 5/7] drm/pan*: don't abuse current->group_leader
[PATCH 6/7] RDMA/umem: don't abuse current->group_leader
[PATCH 7/7] netclassid: use thread_group_leader(p) in update_classid_task()