android/binder: use same_thread_group(proc->tsk, current) in binder_mmap()

oleg-nesterov · akpm00 · commit a170919d1b67 · 2026-02-03T08:21:25.000-08:00
With or without this change the checked condition can be falsely true if proc->tsk execs, but this is fine: binder_alloc_mmap_handler() checks vma->vm_mm == alloc->mm. Link: https://lkml.kernel.org/r/aXY_uPYyUg4rwNOg@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Cc: Boris Brezillon <boris.brezillon@collabora.com> Cc: Christan König <christian.koenig@amd.com> Cc: David S. Miller <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Felix Kuehling <felix.kuehling@amd.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Leon Romanovsky <leon@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Simon Horman <horms@kernel.org> Cc: Steven Price <steven.price@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
@@ -6015,7 +6015,7 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
 {
 	struct binder_proc *proc = filp->private_data;
 
-	if (proc->tsk != current->group_leader)
+	if (!same_thread_group(proc->tsk, current))
 		return -EINVAL;
 
 	binder_debug(BINDER_DEBUG_OPEN_CLOSE,

Original file line number	Diff line number	Diff line change
`@@ -6015,7 +6015,7 @@ static int binder_mmap(struct file filp, struct vm_area_struct vma)`
`6015`	`6015`	`{`
`6016`	`6016`	`struct binder_proc *proc = filp->private_data;`
`6017`	`6017`
`6018`		`- if (proc->tsk != current->group_leader)`
	`6018`	`+ if (!same_thread_group(proc->tsk, current))`
`6019`	`6019`	`return -EINVAL;`
`6020`	`6020`
`6021`	`6021`	`binder_debug(BINDER_DEBUG_OPEN_CLOSE,`