These are all fixes for the frozen notification patch [1], which as of today hasn't landed in mainline yet. As such, this patchset is rebased on top of the char-misc-next branch. [1] https://lore.kernel.org/all/20240709070047.4055369-2-yutingtseng@xxxxxxxxxx/ Cc: stable@xxxxxxxxxxxxxxx Cc: Yu-Ting Tseng <yutingtseng@xxxxxxxxxx> Cc: Alice Ryhl <aliceryhl@xxxxxxxxxx> Cc: Todd Kjos <tkjos@xxxxxxxxxx> Cc: Martijn Coenen <maco@xxxxxxxxxx> Cc: Arve Hjønnevåg <arve@xxxxxxxxxxx> Cc: Viktor Martensson <vmartensson@xxxxxxxxxx> v1: https://lore.kernel.org/all/20240924184401.76043-1-cmllamas@xxxxxxxxxx/ v2: * debug output for BINDER_WORK_CLEAR_FREEZE_NOTIFICATION (Alice) * allow notifications for dead nodes instead of EINVAL (Alice) * add fix for memleak of proc->delivered_freeze * add proc->delivered_freeze to debug output * collect tags Carlos Llamas (8): binder: fix node UAF in binder_add_freeze_work() binder: fix OOB in binder_add_freeze_work() binder: fix freeze UAF in binder_release_work() binder: fix BINDER_WORK_FROZEN_BINDER debug logs binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs binder: allow freeze notification for dead nodes binder: fix memleak of proc->delivered_freeze binder: add delivered_freeze to debugfs output drivers/android/binder.c | 64 ++++++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 15 deletions(-) -- 2.46.1.824.gd892dcdcdd-goog
