Gitweb:     http://git.kernel.org/linus/282ca175d4c440ec4d74bc622ee497e5b3530ce5
Commit:     282ca175d4c440ec4d74bc622ee497e5b3530ce5
Parent:     ea5c4cc68e2b5f4ec41d666376d3606d4d5c3426
Author:     Arve Hjønnevåg <arve@android.com>
AuthorDate: Mon Apr 6 15:12:57 2009 -0700
Committer:  Greg Kroah-Hartman <gregkh@suse.de>
CommitDate: Fri Apr 17 11:06:26 2009 -0700

    Staging: binder: Keep a reference to the files_struct while the driver is mmapped
    
    This prevents breaking fget_light if a single threaded application
    allows incoming file descriptors (in replies or on nodes).
    Should also prevent inserting a file in the wrong files_struct if the
    receving process execs in the middle of a transaction (between
    task_get_unused_fd_flags and task_fd_install).
    
    Signed-off-by: Arve Hjønnevåg <arve@android.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 drivers/staging/android/binder.c |   79 ++++++++++++++++++++++++++++++--------
 1 files changed, 63 insertions(+), 16 deletions(-)

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index 64f95ee..09962e8 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -41,6 +41,8 @@ static int binder_last_id;
 static struct proc_dir_entry *binder_proc_dir_entry_root;
 static struct proc_dir_entry *binder_proc_dir_entry_proc;
 static struct hlist_head binder_dead_nodes;
+static HLIST_HEAD(binder_release_files_list);
+static DEFINE_MUTEX(binder_release_files_lock);
 
 static int binder_read_proc_proc(
 	char *page, char **start, off_t off, int count, int *eof, void *data);
@@ -241,6 +243,8 @@ struct binder_proc {
 	int pid;
 	struct vm_area_struct *vma;
 	struct task_struct *tsk;
+	struct files_struct *files;
+	struct hlist_node release_files_node;
 	void *buffer;
 	size_t user_buffer_offset;
 
@@ -309,9 +313,9 @@ struct binder_transaction {
 /*
  * copied from get_unused_fd_flags
  */
-int task_get_unused_fd_flags(struct ...
[ message continues ]