From 0bbb6450b1ba362c1c2e7d8d752b39ec9844629b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian@brauner.io>
Date: Wed, 16 Jan 2019 23:13:25 +0100
Subject: [PATCH 1/4] binder: turn into module

The Android binder driver needs to become a module for the sake of shipping
Anbox. To do this we need to export the following functions since binder is
currently still using them:

- security_binder_set_context_mgr()
- security_binder_transaction()
- security_binder_transfer_binder()
- security_binder_transfer_file()
- can_nice()
- __close_fd_get_file()
- mmput_async()
- task_work_add()
- map_kernel_range_noflush()
- get_vm_area()
- zap_page_range_single()
- put_ipc_ns()
- get_ipc_ns_exported()
- show_init_ipc_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
[ saf: fix additional reference to init_ipc_ns from 5.0-rc6 ]
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[ arighi: fix EXPORT_SYMBOL vs EXPORT_SYMBOL_GPL change from 6.0-rc5 ]
[ arighi: zap_page_range() has been dropped, export zap_page_range_single() in 6.3 ]
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Alexandre Frade <kernel@xanmod.org>
---
 drivers/android/Kconfig           |  6 +++---
 drivers/android/binder.c          | 17 ++++++++++++++---
 drivers/android/binder_alloc.h    |  3 ++-
 drivers/android/binder_internal.h |  5 +++--
 drivers/android/binderfs.c        |  6 +++---
 fs/file.c                         |  1 +
 include/linux/ipc_namespace.h     |  3 +++
 ipc/namespace.c                   | 17 +++++++++++++++++
 kernel/sched/syscalls.c           |  1 +
 kernel/task_work.c                |  1 +
 mm/memory.c                       |  1 +
 mm/vmalloc.c                      |  1 +
 security/security.c               |  4 ++++
 14 files changed, 61 insertions(+), 15 deletions(-)

--- a/drivers/android/Kconfig
+++ b/drivers/android/Kconfig
@@ -14,8 +14,8 @@ config ANDROID_BINDER_IPC
 	  between said processes.
 
 config ANDROID_BINDERFS
-	bool "Android Binderfs filesystem"
-	depends on ANDROID_BINDER_IPC
+	tristate "Android Binderfs filesystem"
+	depends on (ANDROID_BINDER_IPC=y) || (ANDROID_BINDER_IPC=m && m)
 	default n
 	help
 	  Binderfs is a pseudo-filesystem for the Android Binder IPC driver
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -6713,9 +6713,20 @@ err_alloc_device_names_failed:
 	return ret;
 }
 
-device_initcall(binder_init);
+module_init(binder_init);
+/*
+ * binder will have no exit function since binderfs instances can be mounted
+ * multiple times and also in user namespaces finding and destroying them all
+ * is not feasible without introducing insane locking. Just ignoring existing
+ * instances on module unload also wouldn't work since we would loose track of
+ * what major numer was dynamically allocated and also what minor numbers are
+ * already given out. So this would get us into all kinds of issues with device
+ * number reuse. So simply don't allow unloading unless we are forced to do so.
+ */
+
+MODULE_AUTHOR("Google, Inc.");
+MODULE_DESCRIPTION("Driver for Android binder device");
+MODULE_LICENSE("GPL v2");
 
 #define CREATE_TRACE_POINTS
 #include "binder_trace.h"
-
-MODULE_LICENSE("GPL v2");
--- a/drivers/android/binder_alloc.h
+++ b/drivers/android/binder_alloc.h
@@ -6,6 +6,7 @@
 #ifndef _LINUX_BINDER_ALLOC_H
 #define _LINUX_BINDER_ALLOC_H
 
+#include <linux/kconfig.h>
 #include <linux/rbtree.h>
 #include <linux/list.h>
 #include <linux/mm.h>
@@ -111,7 +112,7 @@ struct binder_alloc {
 	bool oneway_spam_detected;
 };
 
-#ifdef CONFIG_ANDROID_BINDER_IPC_SELFTEST
+#if IS_ENABLED(CONFIG_ANDROID_BINDER_IPC_SELFTEST)
 void binder_selftest_alloc(struct binder_alloc *alloc);
 #else
 static inline void binder_selftest_alloc(struct binder_alloc *alloc) {}
--- a/drivers/android/binder_internal.h
+++ b/drivers/android/binder_internal.h
@@ -5,6 +5,7 @@
 
 #include <linux/export.h>
 #include <linux/fs.h>
+#include <linux/kconfig.h>
 #include <linux/list.h>
 #include <linux/miscdevice.h>
 #include <linux/mutex.h>
@@ -78,7 +79,7 @@ extern const struct file_operations bind
 
 extern char *binder_devices_param;
 
-#ifdef CONFIG_ANDROID_BINDERFS
+#if IS_ENABLED(CONFIG_ANDROID_BINDERFS)
 extern bool is_binderfs_device(const struct inode *inode);
 extern struct dentry *binderfs_create_file(struct dentry *dir, const char *name,
 					   const struct file_operations *fops,
@@ -99,7 +100,7 @@ static inline struct dentry *binderfs_cr
 static inline void binderfs_remove_file(struct dentry *dentry) {}
 #endif
 
-#ifdef CONFIG_ANDROID_BINDERFS
+#if IS_ENABLED(CONFIG_ANDROID_BINDERFS)
 extern int __init init_binderfs(void);
 #else
 static inline int __init init_binderfs(void)
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -120,7 +120,7 @@ static int binderfs_binder_device_create
 	struct super_block *sb = ref_inode->i_sb;
 	struct binderfs_info *info = sb->s_fs_info;
 #if defined(CONFIG_IPC_NS)
-	bool use_reserve = (info->ipc_ns == &init_ipc_ns);
+	bool use_reserve = (info->ipc_ns == show_init_ipc_ns());
 #else
 	bool use_reserve = true;
 #endif
@@ -397,7 +397,7 @@ static int binderfs_binder_ctl_create(st
 	struct dentry *root = sb->s_root;
 	struct binderfs_info *info = sb->s_fs_info;
 #if defined(CONFIG_IPC_NS)
-	bool use_reserve = (info->ipc_ns == &init_ipc_ns);
+	bool use_reserve = (info->ipc_ns == show_init_ipc_ns());
 #else
 	bool use_reserve = true;
 #endif
@@ -683,7 +683,7 @@ static int binderfs_fill_super(struct su
 		return -ENOMEM;
 	info = sb->s_fs_info;
 
-	info->ipc_ns = get_ipc_ns(current->nsproxy->ipc_ns);
+	info->ipc_ns = get_ipc_ns_exported(current->nsproxy->ipc_ns);
 
 	info->root_gid = make_kgid(sb->s_user_ns, 0);
 	if (!gid_valid(info->root_gid))
--- a/include/linux/ipc_namespace.h
+++ b/include/linux/ipc_namespace.h
@@ -128,6 +128,9 @@ extern int mq_init_ns(struct ipc_namespa
 static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }
 #endif
 
+extern struct ipc_namespace *get_ipc_ns_exported(struct ipc_namespace *ns);
+extern struct ipc_namespace *show_init_ipc_ns(void);
+
 #if defined(CONFIG_IPC_NS)
 extern struct ipc_namespace *copy_ipcs(unsigned long flags,
 	struct user_namespace *user_ns, struct ipc_namespace *ns);
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -207,6 +207,22 @@ void put_ipc_ns(struct ipc_namespace *ns
 }
 EXPORT_SYMBOL_GPL(put_ipc_ns);
 
+struct ipc_namespace *get_ipc_ns_exported(struct ipc_namespace *ns)
+{
+	return get_ipc_ns(ns);
+}
+EXPORT_SYMBOL(get_ipc_ns_exported);
+
+struct ipc_namespace *show_init_ipc_ns(void)
+{
+#if defined(CONFIG_IPC_NS)
+	return &init_ipc_ns;
+#else
+	return NULL;
+#endif
+}
+EXPORT_SYMBOL(show_init_ipc_ns);
+
 static inline struct ipc_namespace *to_ipc_ns(struct ns_common *ns)
 {
 	return container_of(ns, struct ipc_namespace, ns);
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3166,6 +3166,7 @@ struct vm_struct *get_vm_area(unsigned l
 				  NUMA_NO_NODE, GFP_KERNEL,
 				  __builtin_return_address(0));
 }
+EXPORT_SYMBOL(get_vm_area);
 
 struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
 				const void *caller)